Privacy Policy of DingTalk
Updated on: September 22, 2023
Effective date: September 22, 2023
[Introduction]
Welcome to use our products and service! We understand how important personal information is to you, and to help you understand how we collect, process, and protect your personal information and what you can do to manage your personal information, we have created this Privacy Policy of DingTalk ("the Policy") and the more concise"Summary of Privacy Policy of DingTalk".Before using our products and services, please be sure to read the Policy carefully, especially the bolded/bold underlined terms and make sure you fully understand and agree to them before you start using them. For any question, comment or advice on the content of the Policy, you may contact us via the contact information mentioned herein.
Your consent to the Privacy Policy indicates that you are aware of the basic features provided by the Application and the necessary personal information required for the operation of the basic features, and have given your authorization to collect and use the information accordingly, but it does not mean that you have individually agreed to the opening of additional features and the processing of non-essential personal information.To enable additional functions, to process non-essential personal information and to process sensitive personal information, we will separately ask for your consent based on your actual use.
The Policy may be available in multiple languages. In the event of any inconsistency or conflict between the terms of the language versions, the simplified Chinese version shall prevail.
The Policy will help you understand the following:
I. Scope of application
II. Information collection and use
III. Partners and the transfer and disclosure of personal information involved in the process of data use
IV. Your rights
V. Storage of information
VI. Update of policy
VII. Protection of minors
VIII. Contact us
Appendix: Definitions
I. Scope of application
The Policy applies to the services we offer on our DingTalk (dingtalk.com, aliwork.com), DingTalk Software, DingTalk Smart Hardware, and new forms of products and services that we provide to you as technology evolves.
The Policy does not apply to products or services provided to you by our affiliates or DingTalk's third-party service providers or other third parties, which are governed by the rules for handling personal information that the service provider has separately stated to you.
II. Information collection and use
Prior to using our product/Services, we need/may need to collect and use the following two types of your personal information:
1. The information which you must authorize us to collect and use for the purpose of implementing the basic functions of our product/services offered to you. If you refuse, you will not be able to use our products or services properly.
2. In order to provide you with additional features of our products or services, you may choose to separately consent or not to consent to the information we collect and use.If you refuse, you will not be able to use the relevant additional functions normally or achieve the effect of the functions we intend to achieve, but it will not affect your use of our basic functions.
We would like to remind you that due to the variety of products and services we provide to you and the differences in the scope of the specific products and services that different users choose to use, the basic or additional functions and their corresponding types and scope of personal information collected and used may vary, so please refer to the specific product or service functions.
We will provide you with the following functional scenarios:
(I) To help you become our user and manage your account
1. Register to become a personal user of DingTalk
(1) Basic user services
In order to register as an individual user of DingTalk to use the basic non-office services of DingTalk without the identity of the Enterprise/Organization, such as IM Chat (Instant Messaging), create groups, conference calls, video meeting, Biz call, DING Messaging, personal DingTalk drive, DingTalk Look and other real-time communication functions, you need to submit your cell phone number, password to register and create a DingTalk account, otherwise, you will not be able to use DingTalk services. If you only want to browse the DingTalk software, features and services displayed on the DingTalk Website, you do not need to register and provide the above information.
(2) Additional User Services
Improvement of information: You can independently improve basic information, such as name, avatar, nickname, gender, birthday, work region and enterprise mailbox. The nickname and avatar you set will be displayed publicly .
Authorized Login: We may provide your account information (avatar and other information prompted on the page) to a third party with your consent, so that you can conveniently register for a third party account through your DingTalk account or log in to third party products or services directly through your DingTalk account. In addition, we may, based on your individual consent to obtain your third-party account information from a third party and bind it to your DingTalk account so that you can log in and use our products or services directly from the third party.
(3 ) Authentication
In order to meet legal, regulatory and supervisory requirements, to ensure that the user's identity is true, to prevent fraud and to safeguard the security of the system and services, when you use specific services or functions, we will collect your relevant information for identity verification, such as:
Retrieve account: when you use "Get back your DingTalk account" feature, we will collect your identifying information, including your real name and ID number to verify your identity to help you retrieve your DingTalk account.
Real person authentication: You can choose to authenticate yourself to enhance account protection, or follow the instructions on the product page when applying for specific roles (e.g., administrator, developer, service provider), using specific services (e.g., DingTalk Wallet, DingTalk Live), and in other scenarios that require verification of your real identity, you can carry our the real person authentication. In order to realize the authentication purpose, you need to provide your real identity information (name, ID number and other document information or facial recognition information, specific to the page prompts prevail) to complete the real person authentication. When authenticating your facial information, we need to obtain your light sensor data to determine whether the light source is sufficient. If there are scenarios in which it is legally necessary to determine your necessary identification information (e.g., protecting the rights and interests of minors in accordance with the law, combating online fraud, and identifying the relevant subjects in administrative law enforcement or judicial proceedings, etc.), you authorize us to obtain the necessary authentication information of the corresponding account of yours for the above purposes. You can do this by going to the bottom of the real person authentication page at "Cancel Real Person Authentication" button at the bottom of the Real Person Authentication page to withdraw the authorization.
2. Register as a personal user of DingTalk Student Account
If you are a parent of a student and are a member of the DingTalk Education homeschool group or family group, you can open a DingTalk Student Account for your child as a DingTalk Student by logging in to your DingTalk account and entering the school and class name of your child, the name of your child and the parent, you can open a DingTalk Student Account for your child to become a personal user of DingTalk Student Account in order to use our live teaching, class review, homework clocking, online learning, growth diary service and other services for students. After opening a student account, students or parents can also independently improve the student nickname, avatar, gender, birthday, and location information of the student account.
3. Register as a DingTalk Enterprise/Organization User
(1) Basic Enterprise/Organization services
In order to register as a DingTalk Enterprise/Organization user, you need to provide your enterprise or organization name to create a DingTalk Enterprise/Organization Account, otherwise you will not be able to use the DingTalk services based on Enterprise/Organization management behavior.
(2) Additional Enterprise/Organization services
Improve information: After registering as a DingTalk Enterprise/Organization user, you can further provide information about the location of the enterprise or organization, industry type, and staff size (subject to page prompts).
Organization authentication: If a Enterprise/Organization user wishes to obtain more rights or services, the administrator can submit specific information and data (including business license, unified social credit code, Enterprise/Organization name, address, legal representative identity information, authentication official letter) to apply for certification and become a DingTalk certified Enterprise/Organization user.
If you are the legal representative of a specific Enterprise/Organization and need to join the DingTalk Enterprise/Organization and act as an administrator, you need to provide us with the business license organization code certificate of the business or organization, legal representative identity information in order for us to add you as a member of the organization and grant you administrator status.
(II) Providing you with online communication and co-location services
1. Instant Messaging
When you use DingTalk for instant messaging, we need to record your chat information, voice call status information (not call content) in order to transmit and interact with the information and synchronize it to all your logged-in devices. When another user sends you a DING message, we will send a message or make a call to your registered cell phone number, login device in order to reach the message. To avoid missing DING call or the office phone of your organization, you can authorize DingTalk to write the aforementioned number into your cell phone address book. If you refuse authorization, it will result in the inability to store the phone number, but will not affect your ability to use the DING Messaging or Enterprise/Organization Bizcall Service.
If you need to send a voice message, make a voice or video call, or send an instantly captured photo or video, you will need to authorize DingTalk permissions to access to your microphone or camera. When making an audio/video call, DingTalk requires access to your distance sensor to automatically rest the screen.
If you need to send photos and files, you need to authorize DingTalk to get the your device album or file storage permissions for your device .
If you need to share your location, DingTalk requires access to your location information in order to send and display it to the other party. We will obtain your accelerometer sensor, gyroscope sensor, and rotation vector sensor to assist in determining your location.
2. Add a friend
You can add friends through face-to-face group building, code scanning, exchanging e-cards, and cell phone contacts.If you want us to recommend contacts in your cell phone address book who have registered for DingTalk so that you can add DingTalk friends, you need to authorize us to access and collect your cell phone address book information. We are committed to obtaining cell phone address book information at the lowest possible frequency. We may recommend people of interest to you based on your friend relationships, organizational relationships, and your interactive behavioral relationships with other users.
3. Online document collaboration
When collaborating on an online document, in order to make the parties involved in collaborative editing aware of the information being edited and changed, DingTalk will display your avatar, nickname and modification traces and allow all parties to view the historical version of the document.
4. Audio/video conferencing and live streaming
When you use DingTalk's audio/video conferencing feature or initiate a live broadcast through DingTalk, you need to authorize us to obtain the camera or microphone permissions of the device, if you refuse to authorize you will not be able to use this feature.
When you use video conferencing or launch a live broadcast, we may collect information about your WiFi signal strength in order to optimize your audio and video quality when your WiFi connection is unstable.
During an audio/video conference, participants can use the "DingTalk Flash " function to record what is said in the conference and convert the voice to text, and the audio/video conference host can record the conference and share it with other participants. In the scenario, DingTalk will record what you are saying.
When you use the Face Beauty feature of Video Conferencing & Live Streaming, we need to process some of your facial feature value information locally to achieve the facial beauty effect.You need to authorize us to use the camera. We only process relevant facial features offline on your local device and do not upload, store in the background or share such information with third parties.
When you use the virtual background feature of Video Conferencing & Live Streaming, we need to recognize your facial image locally in order to distinguish your facial image from the background.You need to authorize us to use the camera. We only process relevant facial image information offline on your local device and do not upload, store in the background or share this information with third parties.
When you participate in a video conference via your F2 device, we offer speaker tracking, which automatically displays a close-up view of the speaker. To do this we need to recognize the position of your voice and facial movements through sound source localization and image recognition technology. You need to authorize us to use the camera and microphone. We only process relevant sound location and facial movement information offline on your local device and do not upload, store in the background or share this information with third parties.
Additionally, we capture your magnetic field sensor, distance sensor, accelerometer, and light sensor during audio/video conferencing for automatic screen rest and screen rotation in landscape and portrait.
5. Calendar
You can add your own schedules, event notifications, accept or send meeting invitations, and subscribe to scheduling information provided by third parties through the DingTalk calendar feature.You can also authorize us to access your device's calendar permissions to display the schedule from the system calendar in the DingTalk calendar. Denial of authorization will result in the inability to view the schedule in the system calendar via DingTalk calendar, but will not affect your ability to use other features of the calendar. When you have an upcoming schedule, we'll send a system notification and the app will launch itself to remind you that your schedule is about to start.
6. Search within the software
You can use DingTalk Search to search for information including chats, contacts, documents, departments, and functions.For your convenience to find the information you are looking for, we will collect your interaction and search records when you use DingTalk, and predict and match the information you may want to search through algorithmic modeling, and in the search box below "Guess ’youwant" you can delete it at any time.
7. Punching for sign-in attendance
Your business or organization can use DingTalk to clock in and out for attendance. If your enterprise or organization chooses face punching, you need to provide your face photo for extracting the feature value in order to realize the face punching function; if your enterprise or organization chooses geographic location punching, DingTalk will collect your GPS location information or WiFi access point information, and obtain your accelerometer sensor, gyroscope sensor, and rotation vector sensor to assist in determining your location; if your business or organization choose Bluetooth punching, DingTalk will collect Bluetooth information of your device. In order to prevent cheating by clocking in and signing out for attendance, DingTalk will get the information of your software installation list in order to confirm whether there is any cheating software or not. If you have turned on the "Extreme Punching" in the Attendance Settings, in order to complete the automatic punching function of Extreme Punching, within a certain time range, every time you open DingTalk from the background or switch the network in the process of using DingTalk, the Extreme Punching function will collect your WiFi information (including SSID) and access your location, so as to compare you locally on the client side whether you arrive at the attendance range.
8. Notification of messages
During the course of your use of the DingTalk service, we may, through call, SMS, push messages, job notifications, pop-up windows, send you one or more types of messages, such as service notifications, verification codes, and so on. We may also recommend commercially available information about services, features or events that may be of interest to you through the foregoing. If you do not want to receive our commercial messages, you can unsubscribe through the unsubscribe method provided in the SMS or contact our customer service directly, through the pop-up page on the "Skip" button on the pop-up page or "Close" button to close the pop-up window, or turn off messages in the "Settings & Privacy - New message notification - System account notification message settings".
In order to ensure that you can receive the push content properly and avoid missing messages, we use self-launch and associated startup of other App function.
9. Exercise pedometer
You can use DingTalk Exercise to count information including steps. In order to use the movement counting function you need to authorize DingTalk to access the health authority and information of your device.
10. Low-code services
You can use the IHAB Low-Code business application building platform, a visual interface for editing and configuring pages, forms, and processes with drag-and-drop, and publishing them with a single click to the PC and mobile.
11. AI-related Services
To improve your coworking productivity, after you get the test/ eligibility, you can use the DingTalk Intelligent Assistant ("DingTalk Magic Wand") and other forms of AI service, which can be based on natural language commands, conversations, documents, images, audio, and other content you enter or select (collectively, "Input" ), and utilizes artificial intelligence models to generate text, images, code, or perform instructions such as generating a to-do list, scheduling appointments, or training a proprietary assistant robot (collectively, "Output").
In order to realize the above functions, we will, either on our own or by commissioning an AI modeling provider to process your input content through artificial intelligence models in order to generate output content for you.In this process, DingTalk and the model provider who accepts DingTalk's commission for data processing will not associate the input and output content with your identity information, or use your input content for model training, algorithm optimization and other purposes.
In the course of using the above mentioned services, you may make a request to the AI service outputs via the "Like" , and "Dislike" etc. for evaluation feedback. I will collect your rating information and input content and use them to improve the quality of interactions and optimize the experience of our services, either on our own or by engaging a model provider to do so when it is de-identified and no specific individual can be re-identified. The above information is non-essential and refusal to evaluate will not affect your use of our services.
(III) Assisting Enterprise/OrganizationEnterprises/Organizations with online offices and entrusted with the processing of Enterprise/Organization-controlled data
1. Data control attributes of a Enterprise/Organization joined by an individual's registered account
If you, as an end user, use your personal cell phone number to register DingTalk account and join the DingTalk Enterprise/Organization, as a member of the Enterprise/Organization to use DingTalk for online mobile office, communication and collaboration, we will record the data submitted or generated by you in the process of using relevant functions of DingTalk according to the configuration, operation and instructions of the administrator of your Enterprise/Organization (hereinafter referred to as "Enterprise/Organization Controlled Data" ), Enterprise/Organization Controlled Data may include:
1) Assigned to you by your Enterprise/Organization including position, department, main industry, office email account, office phone information; and information provided or generated by your use of the time and attendance, approval, check-in, and logging functions enabled by your Enterprise/Organization, including: fingerprint base map, fingerprint features, face recognition base map, facial features, check-in face photo, geographic location information, and information including attendance punching information , approval records, release log information, and schedule information, DingTalk disk file information. If your organization uses DingTalk's own branded hardware products (including DingTalk Fingerprint Recognition Time & Attendance Machine, DingTalk Face Recognition Time & Attendance Machine, and DingTalk Intelligent Front Desk) or three-party intelligent access control products embedded with DingTalk's services, your organization may require you to enter your fingerprint or face photo through DingTalke's client or hardware device. DingTalk will extract and process your fingerprints or facial features so that the above products can realize online fingerprint recognition or face recognition.
2) The order transaction information that you use DingTalk or open any third-party apps, such as the transaction information of DingTalk's own or third-party apps in the DingTalk App Market by you as an administrator.
3) Personal information that your organization independently uploads or requests you to provide after opening and using the DingTalk Enterprise/Organization Services, such as Enterprise Directory, Smart Staffing Services and Digital People Services, including identity information (name, ID card information, household registration), enterprise employment information (department, position, grade), labor contract status information, enterprise and your personal contact information (cell phone, fixed-line phone, e-mail), enterprise and personal contact address (home address, office address), education information (school, major, education), payroll bank card information, emergency contact information, or business card information of external business contacts saved by you.
4) Personal information that your child's school independently uploads or requests you to provide after opening and using DingTalk Education related services (e.g., home-school newsletter record), including your contact information (name, cell phone number, contact address), your child's identity information (name, face photo), class information (grade, class), etc.
5) Documents, multimedia, conversations and other related instant messaging information that you upload, enter, post, transmit and share in the Enterprise/Organization office and collaboration groups that you create using the DingTalk Instant Messaging Groups service, including internal groups used for internal communication and collaboration purposes within the Enterprise/Organization (e.g., all-employee groups, internal groups, cooperation groups, service groups, and confidential groups) and external groups for external collaboration of employees of Enterprise/Organizations (e.g., external project groups, external meeting groups). Specifically, those files, multimedia, conversations and other related instant messaging information that you upload, record, post, transmit and share in the single chat during the workday (" On-the-job Colleague Single Chat") initiated by the DingTalk Instant Messaging service will not be visible after you leave your job.
6) The service log data that your Enterprise/Organization generate through the DingTalk security application services based on the purposes of human resources management, information security management and data security control, including client software or system version, IP address, network access and other device log information, information of your login/logout of DingTalk, workstation application access data, join organizations, and other basic behavior log data, as well as file operation behavior, group operation behavior, group operation behavior, interception screen and other security control behaviors.
7) Your business or organization can use DingTalk Smart Network products (such as the C1 Smart Router, etc.). In order to provide enterprise users with one-click networking, intelligent flow control, intelligent privilege management and other functions, we may collect your information in the background to collect your MAC address in order to realize end-user network traffic control, access blacklist control and other terminal identification and security control programs.
8) Other data containing your personal information submitted by users of the Enterprise/Organization.
9) Data that the end user has expressly authorized to be controlled by the Enterprise/Organization, such as the data generated from common groups with no organizational affiliation and single chats between non-working colleagues, which contain both individual and organizational user service attributes, and are expressly authorized by the end user to be controlled by the Enterprise/Organization.If the foregoing data is not authorized by the end user, DingTalk will not share the data to the Enterprise/Organization users or their administrators .
2. The right to control data for personal use of corporate accounts
All data generated by your login and use of the corporate account assigned to you by the organization belongs to the data controlled by the Enterprise/Organization.You fully understand the office attributes of a corporate account and refrain from independently operating and using a corporate account to upload, enter, post, transmit or share personal or private information, or you shall not deny the Enterprise/Organization's right to control the data of the business account due to such autonomous actions.
You understand and agree that the Enterprise/Organization User is the administrator of the Enterprise Controlled Data and that we process the Enterprise/Organization Controlled Data only in accordance with the instructions of the Enterprise/Organization User administrator. Before uploading the DingTalk Enterprise/Organization communication information, class address book and requesting end users to submit smart personnel information and external business contact information, Enterprise/Organization users should ensure that they only collect end user information necessary to achieve the purpose of enterprise operation and management, and that they have adequately informed end users of the purpose, scope, and use of relevant data collection, and have obtained the authorization of the end user.
As an end user, you understand and agree that users of the Enterprise/Organization have the right to process your personal information based on the necessity for the conclusion and performance of the contract to which you are a party, or the necessity for the implementation of human resources management based on the labor rules and regulations formulated in accordance with the law and the collective contract signed in accordance with the law, including entrusting DingTalk to the administrator in the opening, management, and use of the DingTalk service, to achieve the purpose of the online mobile office, communication and collaboration.
(IV) Provide you with favorites, following and sharing functions
In the process of your use of DingTalk, you can collect interested documents, text, pictures, videos, follow the service window of your interest and Look Account or share information to third parties.In the course of your use of the above features, we may collect service log information including your favorites, followers, and sharing history for the purpose of implementing the above features.
(V) Provide you with DingTalk wallet service
In order to use the DingTalk Wallet service, you need to bind an Alipay account. We will pass your DingTalk account, corresponding Alipay account member name, order payment-related information, order security-related device information and other necessary information required by anti-money laundering laws through Alipay embedded in the client's SDK and other secure methods with Alipay.
In order that we can timely know and confirm the progress and status of your collection of payment so as to provide after-sales and dispute settlement service for you, you agree that we can collect the information in relation to order payment from the transaction object, financial institution or third-party payment company you select.
(VI) Show you personalized content and services
In order to present you with content or services that are better suited to your needs, we collect and use the device information by which you visit or use the DingTalk Website or Client (including device identifiers (IMEI, IDFA, Android ID, MAC, OAID, IMSI, ICCID and other device-related information), application information (application crash information, notification switch status, application installation list, and other application-related information), device parameters and system information (device type, device model, operating system and hardware-related information), and device network environment information (IP, WiFi address, base station information and other network-related information), service log information (browsing records, click-to-view records, search and query records, favorites, concerns, sharing information, publishing information, and IP address, browser type, telecom operator, language used, date and time of access), basic information submitted by you and information about your organization (e.g., department, position). We use algorithmic models to predict your preferences and match content or services that may be of interest to you.
If you want to turn off the personalized content we push to you, you can do so in the "Settings & Privacy – System’s & application’spermissions - Personalized content recommendations".
(VII) Customer service and dispute handling
When you contact our customer service for assistance, in order to protect the security of your account and the system, you will be required to provide personal information necessary to verify your user identity.
For the purpose of contacting you, assisting you in resolving a problem, or documenting the resolution and outcome of a problem, we will keep a record of your communications with us and the content of those communications (including account information, work order information, other information you provide to prove a fact, or contact information you have left behind).
To provide service and improve service quality, we may also use your other information, including that you provide when contacting our customer service staff, and your replies to our questionnaire.
(VIII) Providing you with function of public release of information
You can publicly post information including graphics, videos, live content, links, comments and Q&A content through DingTalk Service Window, DingTalk Video Number, DingTalk Enterprise Square, Announcements, Comments, Typical Customer Cases, Live Streaming and other features.
When you follow a user or public account in DingTalk Look, we will show you the content of that user or public account. When you post, comment, like, retweet or recommend content, we collect the aforementioned information and show it to your friends.
We may, based on your account type and web log information. determine whether you are eligible to post information to the site. At the same time, we will be based on the requirements of laws and regulations, in the DingTalk Video Account, service window and similar functions to display the information release account of the most recent IP location information.
Please note that the information you post publicly may involve your personal information or the personal information of others, or even sensitive personal information, and you should obtain the consent of others before posting content that involves their personal information.
(IX) Providing you with security
In order to protect network security, improve the security of your use of the services provided by us and our affiliates and partners, prevent phishing websites, fraud, network vulnerabilities, computer viruses, network attacks, network intrusion risks, and identify violations of laws and regulations or DingTalk related agreements and rules.We embed the application security SDK developed by our affiliates in our applications for collecting your device information, service log information, and may use or integrate your account information, transaction information, device information, service log information, and information that our affiliates and partners are authorized to share with you or are required by law to share (including MAC address, IMEI, WiFi information (including SSID) and other device identifier that we may collect during background operation of the application for the risk verification) to comprehensively determine your account and transaction risks, authentication, detection and prevention of security events, and take necessary measures to record, audit, analyze and dispose of them in accordance with the law.In the iOS devices, you can choose to turn on the security passcode lock in the Security Center, and we will call the device's Face-id authentication method.
(X) Other additional services provided to you
1. Additional services based on system privileges
We may apply to turn on system privileges to collect and use your personal information in the following additional services. If you do not agree to turn on the relevant privileges, it will not affect your use of DingTalk's basic services, but you will not be able to use these additional services.You can turn these privileges on or off at any time, and turning on any of the privilege means that you authorize us to collect and use your personal information to provide you with services. Closing any of the privilege means that you cancel the authorization, under which circumstance we will not continue to collect and use the personal information based on the privilege, and can not continue to provide the services corresponding to the privilege. Your decision of turning off privileges will not affect previous information collection and use based on your privilige.
2. Cookies and similar technologies
Cookies and other similar technologies are commonly used in the Internet.When you use our services, we may use relevant technologies to send one or more Cookies or an anonymous identifier (hereinafter referred to as "Cookie") to collect, identify and store information about your information when you access and use the Product. We promise that we will not use Cookies for any purpose other than those described in the Privacy Policy. We use Cookies primarily to ensure the safe and efficient operation of our products and services and to enable us to confirm the security status of your account and transaction security status, to detect abnormalities related to crashes and delays, and to help you avoid repeating the steps and processes you have to take to fill out forms and enter search content.
At the same time, we may utilize Cookies to show you information or features that may be of interest to you. Most browsers allow users to clear browser cache, so you can clear data in the browser settings or refuse our Cookie. You may not be able to use services or features that rely on Cookies because of these modifications.
(XI) Other rules for the collection and use of personal information
1. If the information you provide contains any personal information of others, you need to ensure that you have obtained legal authorization before providing such personal information to DingTalk.
2. If we use the information for purposes other than those set forth in the Policy, or if we use the information collected for a specific purpose for another purpose, we will obtain your prior consent.
3. We will use the collected data for machine learning and algorithm model training to better serve you under the premise of secure encryption technology.You can click hereto see a description of the DingTalk Algorithm service.
4. For the purpose of fulfilling the services of the third-party miniapps, DingTalk will help the third-party miniapps to obtain your clipboard information.
III. Partners and the transfer and disclosure of personal information involved in the process of data use
(I) Partners involved in the use of data
1. Basic principles
We will observe the following principles when working with our partners:
(1) The principles of lawfulness, legitimacy and minimum necessity: Data processing should have a basis in legality, have a legitimate purpose and be limited to the minimum necessary to achieve the purpose of the processing.
(2) The principle of maximizing the user's right to information and decision-making: The data processing process fully respects the user's right to know and decide on the processing of their personal information.
(3) Principle of the most enhanced safety and security capability: We will take necessary measures to safeguard the security of the personal information handled, prudently assess the purpose of the use of the data by the cooperating party, conduct a comprehensive assessment of the cooperating party's ability to safeguard security, and require that the cooperating party comply with relevant requirements of the cooperation agreement.
2. Scope of partners
If specific functions and scenarios involve the provision of services by our affiliates and third parties, the scope of partners includes our affiliates and third parties.
3. Commissioned processing
We may commission the processing of your personal information to a partner in order for the partner to provide certain services or perform functions on our behalf. We will only commission the processing of your information for the lawful, legitimate, necessary, specific, and express purposes stated in the Policy, and authorized partners will only have access to the information they need to perform their duties and will be required by agreement not to use this information for any purpose beyond the scope of the commissioning. If an authorized partner uses your information for a purpose not commissioned to it by us, it will obtain your consent separately.
4. Joint processing
In the case of joint processing of personal information, we will sign an agreement with the partner in accordance with the law and agree on the rights and obligations of each party to ensure that the use of personal information complies with relevant provisions of the law and protects the security of the data.
5. Scenarios of cooperation
1) To realize business functions
A. Payment services
In order to use the DingTalk Wallet service, you need to bind an Alipay account.We will pass your DingTalk account, corresponding Alipay account member name, order payment related information, order security related device information and other necessary information required by anti-money laundering laws through the Alipay embedded in the client SDK and other secure methods shared with Alipay.
In order that we can timely know and confirm the progress and status of your collection of payment so as to provide after-sales and dispute settlement service for you, you agree that we can collect the information in relation to order payment from the transaction object, financial institution or third-party payment company you select.
B. Miniapps, SaaS Application services
If you use the miniapps provided by our partners on DingTalk, SaaS apps and other services, the partner (usually the developer of miniapps and SaaS) will use your personal information (such as avatar, nickname, phone number), the specific type of personal information in order for you to open a miniapps and SaaS, and the specific type of personal information is based on the content of the relevant page prompting authorization.
2) Advertising and analytics services
We will commission our partners to process information related to ad placement, coverage and effectiveness while using industry-universal security technologies. We do not commission the processing of your personally identifiable information to our partners.
3) Security and statistical analysis
A. Safeguard the security of use: in order to safeguard the legitimate and legal rights and interests of DingTalk users from unlawful infringement, our partners may use the necessary equipment, account and log information.
B. Analyzing the product situation: in order to analyze the stability of DingTalk's products or services, the partner providing the analysis service may need to use information such as the service situation, device identification information, and the overall installation and use of the application.
C. Academic research: in order to enhance the scientific research capacity in related fields and promote the level of scientific and technological development, we may use de-identified or anonymized data with our partners (such as scientific research institutes, universities and other organizations) under the premise of ensuring data security and legitimate purposes.
4) Other collaboration scenarios
If you have entered into a corresponding authorization agreement or document with a credit agency (such as Baihang Credit and Pudao Credit), a financial institution, or other third-party agency, etc., based on your aforementioned authorization consent and the Policy, we will perform comprehensive statistics, analysis or processing of your personal information and provide the data processing results to the aforementioned agencies.
In addition to the collaboration scenarios described above, we may also commission the processing of information to other partners who support our business, e.g., by being commissioned by us to provide technical infrastructure services.
In order to ensure the stable operation and function realization of our client, our application will be embedded in the authorized partner's SDK or other similar applications. We will conduct strict security testing of application program interfaces (API) and SDKs from which authorized partners obtain information, and agree with authorized partners on strict data protection measures so that they process personal information in accordance with the Policy and other appropriate confidentiality and security measures.
(II) Transfers
If we need to transfer personal information due to a merger, demerger, dissolution, or declaration of bankruptcy, we will inform you of the name and contact information of the receiving party.The receiving party will continue to fulfill the policy and other statutory obligations. If the receiving party changes the original purpose and method of processing, the receiving party shall obtain your consent again.
(III) Public disclosure
We will only publicly disclose your personal information in the following circumstances:
1. We may publicly disclose your personal information if you voluntarily choose to do so or otherwise obtain your individual consent.
2. If we determine that you have violated any laws or regulations or any of DingTalk's agreements and rules, or if we want to protect the safety and security of others, we may disclose your personal information, including relevant violations and the measures that DingTalk has taken against you.
(IV) Cessation of operations
If we cease to operate a product or service, we will promptly cease to continue to collect your personal information and will send you notice of the cessation of operation by way of an individual notice or announcement, and will delete or anonymize the personal information we hold in relation to the product or service that has been shut down.
(V) Exemptions from obtaining your authorized consent under the law
In accordance with laws and regulations, in the following cases, there's no need to obtain your authorized consent when the partner uses or we transfer or disclose your personal information:
1. It is necessary to enter into or perform a contract at your request.
2. We may share your personal information when necessary to fulfill our legal duties or obligations (e.g., we may share your personal information when necessary to resolve disputes, such as litigation, in accordance with laws and regulations, or when required to do so by administrative or judicial authorities in accordance with the law).
3. The collection or use is necessary to respond to public health emergencies or protect the life, health or property safety of the children under emergency circumstances.
4. The personal information is reasonably processed for news reporting, media supervision, and other activities conducted in the public interest.
5. We process personal information that you disclose on your own or other personal information that has been lawfully disclosed (e.g., personal information that has been lawfully disclosed through lawful news reports, governmental disclosure of information, and other channels) within a reasonable range.
6. Other situations that may arise under the laws and regulations.
IV. Your rights
You can use DingTalk App in "Settings & Privacy - Security Center - Data Rights" to make a data rights request to DingTalk, or you can access and manage your information in the following manner, and we will respond to your request in accordance with legal and regulatory requirements.
(I) Accessing, correcting and supplementing
You have the right to access, correct and supplement your information in the following ways:
1. DingTalk Enterprise/Organization users: You can access your organization by logging in to "DingTalk enterprise management background" (oa.dingtalk.com) to query and correct the Enterprise/Organization control information, including address book information, invitation SMS settings, login password, main administrator and sub-administrator. You can also turn on or off the DingTalk basic apps, third-party apps or self-built apps through the "Workbench - Application Management".
2. DingTalk individual users: (1) Login to DingTalk mobile client, click on "Me - Settings & Privacy - My messages" to query and correct your personal information and personal account related information, including: avatar, nickname, phone number, work profile, gender, birthday, region and title information or complete real person authentication; (2) Login to the mobile client, click "Me - Customer Service & Help - Online Service" to seek the online help.
(II) Reproduction
You can reproduce your information in the following ways:
1. You can enter "Me -Settings & Privacy - Personal Information Inquiry and Download" in the DingTalk App;
2. You can reproduce your personal information after inquiring through the paths listed in "(I) Accessing, Correcting and Supplementing".
(III) Deletion
You can delete some of your information or request cancellation of your account to delete all of your information by following the path outlined in "(I) Accessing, Correcting and Supplementing".
In the following circumstances, you may request us to delete your personal information:
1. The circumstances where we deal with personal information in violation of laws and regulations;
2. If we have collected and used your personal information without your explicit consent;
3. If we deal with personal information in violation of the agreement with you;
4. The purposes of processing have been achieved or cannot be achieved, or such information is no longer necessary for achieving the purposes of processing;
5. If we stop providing the product or service, or if the retention period has expired.
If we decide to respond to your request of deletion, we will try to notify the third parties who obtain your personal information from us and require it to delete it in a timely manner (unless otherwise stipulated by laws and regulations, or they have separately obtain your consent).
When you delete your personal information, we may not be able to delete it from our backup system immediately due to laws and regulations or security technology limitations, and we will securely store your personal information and restrict further processing of it until the backup can be erased or anonymized.
(IV) Changing the scope of authorisation
You may withdraw your authorization or change the scope of your authorization for us to collect and process your personal information by:
1. Enterprise/Organization user: You can login "DingTalk enterprise management background" (oa.dingtalk.com) to turn on or off the DingTalk basic apps, third party apps or self-built apps through "Workbench - Application Management".
2. DingTalk individual users:
You can grant or withdraw your consent to authorization by logging in your mobile client at "Me - Settings and Privacy".
For authorizations that you cannot set up directly in the way described above, you can obtain an authorization by contacting customer service to get an explanation. However, for some types of personal information, such as information necessary to realize the basic functions of Dingtalk or information necessary for us to perform our legal obligations, we may not be able to respond to your request to change the scope of your authorization.When you withdraw your authorization, we will no longer process the corresponding personal information, but the withdrawal of authorization will not affect our previous processing of personal information based on your authorization.
(V) Logout of your account
Your may apply for canceling your account by the following manners:
1. DingTalk Enterprise/Organization users: you can login mobile DingTalk App and click "Workbench - Enterprise Management - Other More Settings - Dissolving Business" to follow the interface prompts; or you can login the web-based "DingTalk Enterprise Management Background" to click "Settings - Dissolve Business Process" and follow the interface prompts.
2. DingTalk personal users: You can login to the DingTalk client, click on the "Me - Settings and Privacy - Security Center - Account Settings - Logout DingTalk Account" to carry out a logout.
Please note that DingTalk currently only supports initiating a logout on your cell phone. After you voluntarily logout your account, we will stop providing you with products or services and delete or anonymize your personal information as required by law.
(VI) Automated decision-making in constraint information systems
For some business functions, we may make decisions only based on the non-AI decision-making mechanism which covers information system and algorithm.If these decisions affect your legal rights, you can contact us through customer service .
(VII) Response to your request
For your request to us as described above, you can contact us via customer service or initiate a complaint with our specialized department for the protection of personal information, and we will contact you within 15 days.
To protect the security of your account and personal information, when you make such a request to us, we will first verify your identity (e.g., by adding account verification, requiring you to provide a written request, or other reasonable means) before processing your request.
For your reasonable request, we will not charge any fee in principle; however, for those repeated and unreasonable requests, we will charge fees as appropriate.We may reject your request if it contains information which is not directly related to your identity, contains unreasonably repeated information, needs many technical means (such as develop a new system or fundamentally change current practices), incurs risks to others' legal rights and interests, or is unfeasible.
V. Storage of information
(I) Storage period
We will only retain your personal information within the period required by the purpose hereunder, unless mandatory retention is required by laws and regulations. For example, the E-Commerce Law requires that information on goods and services and transaction information be kept for a period of not less than three years from the date of completion.
We judge the duration of storage of personal information based on the following criteria:
1. To fulfill the purpose of the transactions related to you, and to maintain the corresponding transaction and business records in order to respond to your possible inquiries or complaints;
2. To ensure the safety and quality of the services we provide to you;
3. Whether you agree to a longer retention period;
4. According to relevant needs of the statute of limitations;
5. Whether there is any other special agreement or legal or regulatory provision concerning the duration of the reservation.
After the retention period has elapsed, we will delete or anonymize your personal information as required by applicable law.
(II) Storage locations
In principle, personal information generated or collected by us in China will be stored in China. In order to meet your possible cross-border communication and collaboration needs, our product features allow you to communicate with the DingTalk users across borders. DingTalk is an international version operated by our affiliates, for users outside of China only. This means that when you communicate and collaborate with DingTalk users, your network identity information (avatar, nickname, DingTalk number) will be accessed by your communication and collaboration partners from outside the country. We will assess and make our best efforts to ensure that your personal information is protected to the same extent as it is adequately protected in China, in accordance with the requirements of Chinese law. For example, we will also ensure that the information we transmit across borders is encrypted, that we regularly assess and audit the level of security capabilities of our recipients, and that we enter into data processing agreements.
In addition to the above, if we do need to transfer your personal information outside of China due to other business needs, we will comply with the requirements of laws and regulations and regulatory authorities, and inform you of the name of the overseas recipient, contact information, the purpose of the processing, the processing method, the type of personal information, and the manner and procedures by which you can exercise the relevant rights to the overseas recipient in the relevant service agreement or the authorization agreement of the specific function page, and obtain your separate consent (if applicable). Before providing your personal information overseas, we will take measures such as conducting a security assessment, certifying the protection of your personal information, or entering into a contract with an overseas recipient in accordance with a standard contract established by the national Internet information department, in order to comply with the legal conditions for providing personal information overseas.
(III) Storage security
1. Data protection technical measures
We have taken appropriate security protection measures that comply with industrial standards to protect the personal information you provide and prevent it from any unauthorized access, public disclosure, use, modification, damage or loss. For example, we use encryption technology to increase the security of your personal information, and the data exchanged between your browser and the server is protected by SSL protocol. We offer HTTPS protocol for secure browsing. We use trusted protection mechanisms to prevent malicious attacks on personal information. We deploy access control mechanisms and make every effort to ensure that only authorized personnel have access to personal information.Currently, our critical information systems have passed the Level 3 assessment which includes network security level protection, ISO 27001:2022 Information Security Management System Standard Certification, ISO 27018:2014 Public Cloud Personal Identity Information Protection Management System Certification, ISO 27701 Privacy Information Management System, Office Instant Messaging Software Security Evaluation, and many other security compliance security assessment of office instant messaging software.
2. Organizational measures for data protection management
With data as the core, we have built a data security management system based on data life cycle, improving the security of the entire system in many aspects, such as organization construction, system design, personnel management, and product technology. We have established a department dedicated to the protection of personal information, and we continue to strengthen our employees' awareness of the importance of protecting personal information through training courses and examinations.
3. Personal information security incident response
In the event of a breach of our physical, technical or managerial protection facilities, resulting in unauthorized access, public disclosure, alteration or destruction of information, leading to damage to your legitimate rights and interests, we will promptly activate our emergency response plan in order to minimize the impact on you personally.In case of a personal information security event happens, we will notify you of the following information according to the requirement of laws and regulations: basic conditions and possible impact of the security event, the treatment measures we have taken or will take, advice on how you may take preventive measures or lower risks, and the remedy measures taken for you. We will inform you by SMS, phone call, push notification and other reasonable channels, and if it is difficult to inform you individually, we will take reasonable and effective ways to publish announcements. In the mean time, we will report how the Personal Information security event is processed according to the requirement of regulatory requirement.
4. Account security risk prevention
When using DingTalk to communicate and collaborate, please protect your personal information properly and provide it to others only when necessary to avoid information theft or even telecommunication network fraud.
If you find your own personal information, especially your account or password, has been divulged, please immediately contact our customer service staff so that we can take corresponding measures based on your application.You can also operate " Account Settings", " Freeze and Unfreeze", "Privacy Switch", as well as submitting a fraud complaint report in "Me - Settings & Privacy - Security Center".
VI. Update of policy
In order to bring you a better product and service experience, we continuously strive to improve our products, services and technologies.When services and business processes change, we may update our Privacy Policy to inform you of specific changes. Without your explicit consent, we will not reduce your rights under this Privacy Policy.
For significant changes, we will also provide more prominent notifications (including red dots or a pop-up alert).
Significant changes referred to in the Policy include, but are not limited to:
1. Significant changes in the business model of the product. Such as the purpose of processing personal information, the categories of processed personal information, and the manner of use of personal information;
2. The change of the subject of the privacy policy due to business restructuring, transactions and acquisitions, and the new subject's change of the original treatment purpose and treatment method;
3. Changes of the main objects of personal information sharing, transfer or public disclosure;
4. The rights of users to personal information and the manner in which they are exercised have undergone significant changes;
5. There's a change in the contact information of the person in charge of the protection of personal information and the channel for filing complaints;
6. If the personal information protection impact assessment report indicates that the existence of the product has a significant impact on the rights and interests of individuals.
We will also archive the old versions of the Policy for your reference.
VII. Protection of minors
In the digital office or in learning, communication and collaboration activities we presume that you have the appropriate civil behavioral capacity. If you are a minor, please request your parents or guardians to carefully read the Privacy Policy, and use our services or provide services for us with the consent of your parents or guardians.
If you are a child below 14, before using our services, you and your guardian should carefully read our specially formulatedNotes on the Use of DingTalk Minor Protection Modeand DingTalk children's Personal Information Protection Rules and Instructions for Guardiansto ensure that you obtain your guardian's consent to use our services under his/her guidance.
If you are a parent or other guardian of a child, please be concerned about whether the child is using our products or services with your authorised consent. If you have questions about a child's personal information, please contact our dedicated personal information protection department.
VIII. Contact us
You may contact us by the following ways. We will reply you within 15 days:
1. If you have any questions, comments or suggestions regarding the content of the Policy, you may contact us at "Me - Customer Service & Help - Online Service".
2. You can also send an e-mail to dingtalkteam@alibaba-inc.com to contact our personal information protection department. Our office is located in: Building 5, Future Park Zone, No.959 Gaojiao Road, Wuchang Subdistrict, Yuhang District, Hangzhou. Please note that we may not respond to questions that do not relate to the Policy or your rights with respect to personal information
If you are dissatisfied with our reply, or believe that our processing of personal information has damaged your legal rights and interests, you can also bring a lawsuit before the court in possessing the jurisdiction over the domicile of the defendant.
Appendix: Definitions
1. SDK: It refers to software development kits.
2. DingTalk: It refers to the DingTalk website (domain name: dingtalk.com, aliwork.com) and DingTalk software (including App and PC version of DingTalk).
3. DingTalk Service Providers: It is abbreviated as "We ", referring to the Internet information and software technology service provider of DingTalk Software, that is, Dingding Technology Co., Ltd., DingTalk (China) Information Technology Co., Ltd.
4. DingTalk personal user: It refers to an individual who registers through a cell phone number and authentication code registration DingTalk account or use DingTalk allowed third-party account authorization to log in DingTalk, did not join any DingTalk Enterprise/Organization, no Enterprise/Organization identity or do not use the DingTalk services in the capacity of an Enterprise/Organization users.
5. DingTalk Enterprise/Organization services: It refers to the DingTalk Office applications configured, opened and managed by the administrator on behalf of the DingTalk Enterprise/Organization users for use by the Enterprise/Organization members, such as DingTalk Intelligent Personnel DingTalk Intelligent Office Application, DingTalk Conference Calls, Enterprise Group Chat, and DingTalk Service Window.
6. DingTalk administrator: It is abbreviated as "Administrator", refering to the person who is authorized or designated by the users of DingTalk Enterprise/Organization, has the authority to operate the system of DingTalk Enterprise/Organization user management platform, and opens, manages and uses DingTalk services on behalf of the Enterprise/Organization.
7. DingTalk Enterprise/Organization users: It refers to legal persons or unincorporated organizations who create the DingTalk Enterprise/Organization on DingTalk, invite their members to register DingTalk account (or configure exclusive account for the members) and add such members to the DingTalk Enterprise/Organization, and configure, open, manage and use the DingTalk Office application for members of the organization to carry out online mobile office, communication and collaboration.
8. DingTalk certified Enterprise/Organization users: It refers to the DingTalk Enterprise/Organization users who have passed the DingTalk certification audit.
9. Children: It means the juveniles who are less than 14 years old.
10. Service log information: It includes browsing records, click-to-view records, search and query records, favorites, transactions, after-sales, attention to share information, release information, and IP address, browser type, telecom operator, language, date and time of visit.
11. Personal information: It refers to all kinds of information related to identified or identifiable natural persons that are electronically or otherwise recorded, excluding information that has been anonymized.
12. Sensitive personal information: It refers to the personal information that once leaked or illegally used, may easily lead to the infringement of the personal dignity of a natural person or may endanger his personal safety or property, including information such as biometrics, religious belief, specific identity, medical health status, financial accounts, and the person's whereabouts, as well as the personal information of a minor under 14.
13. Personal Information Processor: It refers to DingTalk individual users or Enterprise/Organization users in the use of DingTalk for online mobile office, communication and collaboration process, the right to decide the purpose of personal information processing, the way of the organization or individual. Specifically, when dealing with the various types of data generated and collected by DingTalk individual users using DingTalk services, DingTalk is a personal information processor; when dealing with Enterprise/Organization control data, DingTalk Enterprise/Organization users are personal information processors, and DingTalk is only commissioned by Enterprise/Organization users to process Enterprise/Organization control data in accordance with administrator's instructions and configurations.
14. Anonymization: It refers to the process of processing personal information to make it impossible to identify specific natural persons and impossible to restore.
15. Enterprise/Organization controlled data: It refers to the information and data submitted or generated by Enterprise/Organization users and their end users in the course of using the DingTalk Services, the specific scope of which is described in the relevant Section (III) of Chapter 2 of the Policy.
16. Enterprise/Organization end-users: It is abbreviated as "End-users" , refering to be invited by the administrator, self-application or by the Enterprise/Organization members invited and agreed by the administrator operation, to join the DingTalk certified Enterprise/Organization to become a member of the organization of the DingTalk individual users.
17. De-identification of personal information: It refers to the handling after which the personal information cannot be used to identify a natural person without any other information.
18. Device information: It includes the device identifier (IMEI, IDFA, Android ID, MAC, MEID, Open UDID, GUID, OAID, IMSI, SSID, BSSID and other device-related information), application information (application crash information, notification switch status, application installation list, and other application-related information), device parameters and system information (device type, device model, hardware serial number, operating system, and hardware-related information), device network environment information (IP address, WiFi information, base station information and other network related information), Bluetooth information, operator information, broadcast component communication information, sensors (gyroscope, gravity sensor, acceleration sensor, environment sensor, optical heart rate sensor), clipboard. It is subject to actual product collection.
19. Enterprise account (formerly "Dedicated account"): It refers to the DingTalk certified Enterprise/Organization users based on human resource management, information security control and other business management purposes, through the DingTalk enterprise account technical services, for end-users to configure the exclusive enterprise account, the enterprise account belongs to the Enterprise/Organization, end-users can log in to the enterprise account to use the DingTalk digital office services, resulting in the data belonging to the Enterprise/Organization to control the data.
20. Affiliate: It refers to those disclosed in the latest annual report of listed company of Alibaba Group Holding Limited.
21. Alipay Inc.: It refers to Alipay.com Co., Ltd.
(Concluded)
