Privacy Policy of DingTalk
Updated on: February 27, 2025
Effective date: February 27, 2025
[Introduction]
Welcome to use our products and service! We understand how important personal information is to you, and to help you understand how we collect, process, and protect your personal information and what you can do to manage your personal information, we have created this Privacy Policy of DingTalk ("the Policy") and the more concise"Summary of Privacy Policy of DingTalk".Before using our products and services, please be sure to read the Policy carefully, especially the bolded/bold underlined terms and make sure you fully understand and agree to them before you start using them. For any question, comment or advice on the content of the Policy, you may contact us via the contact information mentioned herein.
Your consent to the Privacy Policy indicates that you are aware of the basic features provided by the Application and the necessary personal information required for the operation of the basic features, and have given your authorization to collect and use the information accordingly, but it does not mean that you have individually agreed to the opening of additional features and the processing of non-essential personal information.To enable additional functions, to process non-essential personal information and to process sensitive personal information, we will separately ask for your consent based on your actual use.
The Policy may be available in multiple languages. In the event of any inconsistency or conflict between the terms of the language versions, the simplified Chinese version shall prevail.
The Policy will help you understand the following:
I. Scope of application
II. Information collection and use
III. Partners and the transfer and disclosure of personal information involved in the process of data use
IV. Your rights
V. Storage of information
VI. Update of policy
VII. Protection of minors
VIII. Contact us
Appendix: Definitions
I. Scope of application
The Policy applies to the services we offer on our DingTalk (dingtalk.com, aliwork.com), DingTalk Software, DingTalk Smart Hardware, and new forms of products and services that we provide to you as technology evolves.
The Policy does not apply to products or services provided to you by our affiliates or DingTalk's third-party service providers or other third parties, which are governed by the rules for handling personal information that the service provider has separately stated to you.
II 、 Collection and Usage of Information
You shall authorize us to collect and use such information as may be necessary in order to provide you with the basic functionalities of our products or services. If you refuse, you will not be able to use our products or services normally.
Our specific functional scenarios provided to you include:
(i) Helping You Become a User with Us and Account Management
1 、 Account Management
Our services to you are based on your DingTalk account. In order to register and set up your DingTalk account, you are required to provide your mobile phone number and password. Otherwise, you will not be able to use DingTalk service. You do not need to register and provide such information if you only need to use the description of DingTalk software, features and services displayed on the DingTalk website.
You are free to provide your own basic information, such as name, photo, nickname, gender, birthday, local enterprise email, work experience, education experience, etc. The nickname, photo, gender and region that you have provided will be publicly displayed. This type of information is non-essential personal information, and your failure to provide it will not affect your ability to use DingTalk basic services.
2 、 Authorized Login
With your sole consent, we may provide your account information (photo, nickname and other page reminder information) to third parties which may enable you to easily register a third party account using your DingTalk account or directly log in to third party products or services using your DingTalk account. In addition, with your sole consent, we may obtain information from third parties about your third party account and bind such information with your DingTalk account, so that you can directly log in or use our products or services on such third party accounts. We will use relevant information about you only within the scope of the authorizations separately agreed by you.
3 、 Identity Verification
To comply with legal, regulatory and supervisory requirements, ensure the authenticity of users' identity, prevent fraud and safeguard the security of our system and services, we will collect relevant information about you for identity verification when you use specific services or functions, such as:
Retrieve account number: when you use the "Retrieve DingTalk account" function, we will collect identity information about you, including your real name and identity card number, to verify your identity and assist you in retrieving your DingTalk account number.
Real-name authentication: you may choose to conduct real-name authentication to enhance account protection, or conduct real-name authentication according to the prompts on the product webpage when you apply for specific roles (such as administrator, developer or service provider), use specific services (such as DingTalk Wallet or live streaming of DingTalk) or use other scenarios where your real identity needs to be verified. For the purpose of authentication, you need to provide your real identity information (certificate information such as name and certificate number, or facial recognition information, subject to the specific page prompt) to complete the authentication. In order to authenticate your face, we need to obtain your light sensor data to determine if the lighting is adequate. You authorize us to obtain the necessary authentication information of your corresponding account for the above purpose in circumstances where necessary identity information of you shall be ascertained in accordance with the law (such as protecting the rights and interests of minors, cracking down on internet frauds, recognition of relevant entities in administrative law enforcement or judicial litigations, etc.)You may withdraw your authorization through the button of "Cancel Participant Certification" on the bottom of the participant certification page.
(II) To provide you with instant communication and collaborative office services
1 、 Instant messaging
(1) Messaging service
When you use DingTalk for messaging, we need to record your chat information (such as text message, voice message, picture message, file, etc.) and operation log information for information transmission and interaction, and synchronize to all your logged-in devices.
If you want to send photos or files, you'll need to grant DingTalk access to your device's photo album or file storage.
If you want to send a voice message, send a photo or video you've taken in real time, you'll need to grant DingTalk access to your device's microphone or camera.
If you want to share your location in a chat, DingTalk needs to obtain your location information in order to send and present to other people. We may obtain your acceleration sensor, gyroscope sensor, and rotation vector sensor to assist in determining your location.
When other users send you a DING message, we may send a message to your registered mobile phone number, your logged-in device, or make a phone call, in order to achieve information transmission. To avoid missing a DING call or the office phone number of your business organization, you can grant DingTalk permission to write the aforementioned number into your mobile phone's address book. If you refuse to grant authorization, the phone number cannot be stored, but you will not be prevented from using the aforementioned services.
(2) Audio and Video Communication Service
When you use DingTalk's audio and video communication features (voice calls, video conferencing, live streaming), you'll need to grant us access to your device's camera or microphone. If you refuse to grant such access, you will not be able to use this feature. We may need to record your voice call status information (other than the content of the call) in order to achieve information transmission and interaction.
To optimize your audio and video quality when your Wi-Fi connection is unstable, we may collect your Wi-Fi signal strength information (SSID, RSSI).
When you use the beautifying feature of video conferencing and live streaming, we need to locally process some of your facial feature value information to achieve the beautifying effect of your face. You'll need to grant us access to the camera. We will only process facial feature value information offline on your local device. We will not upload, back store, or share such information with third parties.
When you use the virtual background feature of video conferencing and live streaming, we need to locally recognize your face image in order to distinguish your face image from the background. You'll need to grant us access to the camera. We will only process facial feature value information offline on your local device. We will not upload, back store, or share such information with third parties.
When you or other participants use the Flashdown feature of a video conference, the Flashdown feature records your remarks in the meeting and converts them into text. The meeting leader can record the meeting and share it with other participants. In this scenario, DingTalk will record your remarks. If you are a participant and do not wish to be recorded, we suggest that you inform the leader of your decision and refuse to be recorded. If you turn on the "Intelligent Speaker Discrimination" function in the process of using Flashdown, in order to realize the relative discrimination of the speaker's voice, we will procedurally cluster the voices in audio and video files based on voiceprint to distinguish the speaker's speech anonymously. The voiceprints processed in the process are anonymous throughout, and we will not associate any identity information with them; the related voiceprints are only relatively distinguishable within the range of the human voice in the audio and video file according to the minimum sufficient principle, and are not distinguishable and identifiable beyond the range; after the speaker discrimination of the audio and video file is completed, the related voiceprints will be automatically deleted, and we do not make any retention or backup.
When you participate in a video conference via an F2 device, we provide speaker tracking function and automatically display a close-up screen of the speaker. To do this, we need to identify the location of your voice and facial movements through sound source localization and image recognition technology. You'll need to grant us access to the camera and microphone. We will only process the voice location and facial movement information offline in your local device and will not upload, background store or share the information with third parties.
In addition, we will obtain your magnetic field sensor, distance sensor, acceleration sensor and light sensor during an audio and video conference in order to realize automatic silence screen, portrait screen and rotation screen.
(3) In the process of instant messaging, if you and the other party are not in the same time zone, in order to help the other party know your local time, so as to arrange reasonable communication and avoid unnecessary disturbance, DingTalk needs to use the time zone of your device to show the other party your local time. You can turn off time zone presentation via "Settings & Privacy - Permissions to External Message - Current Time Zone".
2 、 Adding Friends
You can add friends by setting up a group face to face, scanning the QR code, exchanging electronic business cards, and mobile phone address book. If you want us to recommend people in your mobile phone address book who have registered for DingTalk, so that you can add DingTalk friends, you'll need to authorize us to access and collect information in your mobile phone address book. We promise to obtain mobile phone address book information at a minimum frequency. We need to process the names in the address book locally on the client for local presentation. We will not transmit the information back to the server, nor will we store the information. We may recommend people of interest to you based on your friend relationship, organization relationship, and your interaction behavior with other users.
3 、 Collaborative Office
In order to meet your office needs, we provide many tools and services for you, such as online document and note service, online project management service, calendar management service, attendance and clock-in service, low-code application building, etc.
When you can use our online document and note service for online collaborative editing of documents and notes, in order to let all parties involved in the collaborative editing know the edited and changed information, DingTalk will display your avatar, nickname and edit trace, and let all parties view the historical versions of documents and notes.
You can use our project management service for online project management. In order to enable you to create, assign, follow up and manage various tasks, we collect information and data generated in the process of using the service, such as: contents of project tasks, members participating in the project, configuration data such as permissions, and the corresponding log data (the records of viewing, searching, browsing and editing tasks).
DingTalk Calendar allows you to add your own schedules, event notifications, accept or send meeting invitations, and subscribe to schedules provided by third parties. You can also authorize us to obtain the calendar permission of your device, so that DingTalk Calendar can display your schedules in your system calendar. Denying authorization will make it impossible to view your schedules in your system calendar through DingTalk Calendar, but will not affect your ability to use other calendar functions. When you have an upcoming schedule, we will send a system notification, and the application will self-start to remind you that the schedule is about to start.
You or your company or organization can use DingTalk for clock-in and attendance. If your company or organization selects face clock-in, you need to provide a photo of your face for feature extraction. If your company or organization selects geographic location clock-in, DingTalk will collect your GPS location or Wi-Fi access point information, and obtain your acceleration sensor, gyro sensor, and rotation vector sensor to determine your location. If your company or organization selects Bluetooth clock-in, DingTalk will collect the Bluetooth information of your device. To prevent cheating in clock-in and attendance, DingTalk will identify whether you install cheating software and whether you use third-party automation software or mobile phone software to launch the DingTalk App, and send the name of cheating software and the name of the third-party software to launch the DingTalk App back to the server. When you click to clock in, DingTalk will collect MotionEvent (Android system), UITouch, and UIEvent (iOS system) data to determine whether the user is using the machine automation operation to clock in. If you have turned on "Speedy Check-in" in the attendance settings, in order to complete the automatic clock-in function, within a certain range of time, every time you open DingTalk from the background or switch networks while using DingTalk, the Speedy Check-in function will collect your Wi-Fi information (including SSID) and access your location, so that it can be matched locally on the client side whether you arrive at the attendance range.
You can use the appropriate low-code business application platform, edit and configure pages, forms, and processes in a drag-and-drop manner on a visual interface, and publish them to PC and mobile phones with one click.
In particular, when you use the above functions as an enterprise or organization user, all data generated (including creation, submission, upload, publishing, etc.) by using the above functions is enterprise or organization control data, and DingTalk processes the data only according to the entrustment of your enterprise or organization. For the explanation of data ownership, please refer to: "(6) Customer Entrusted DingTalk to Process Enterprise or Organization Control Data".
4 、 Notification of Messages
When you use DingTalk Service, we may send one or more types of messages, such as service notices, verification codes, etc., to you by way of telephone calls, text messages, E-mail, push messages, work notices and pop-up windows. We may also refer commercial messages to you by the aforementioned methods about services, functions or activities that you may be interested in. If you do not wish to receive our commercial messages, you may unsubscribe via the unsubscribe method provided in SMS messages or by contacting our customer service directly, or close the pop-up window by clicking the "Skip" or "Close" button on the pop-up window, or turn off the messages in "Settings & Privacy - New Message Notifications".
In order to ensure that you can receive push contents normally and avoid message omission, we use self launch and associated launch of other App functions.
(III) Information Distribution and Interaction
You may publicly post texts, videos, live broadcast content, links, comments, Q&A and other information through the functions of DingTalk service window, DingTalk video account, DingTalk Enterprise Square, announcement, comments, typical customer cases, live broadcast, etc.
When you follow a user or public account in DingTalk, we may show you the contents of that user or public account. When you post, comment, like, forward or recommend content, we may collect this information and show it to your friends.
We may determine whether you are entitled to the permission of the information publishing function according to the type of your account and network log information. At the same time, we may display the recent IP jurisdiction information of the information publishing account in the DingTalk video account, service window and the like based on the requirements of the laws and regulations.
Please be aware that the information you publicly post may involve your personal information or that of others and even personal sensitive information. You should obtain the consent of others before posting content involving their personal information.
When you use DingTalk, you can bookmark documents, texts, pictures and videos that interest you, follow service windows and numbers that interest you, or share information with third parties. When you use the above functions, we may collect service log information including your bookmarking, following and sharing history for the above functions.
When you use the DingTalk APP, you can access the "Recently Used" page by shaking. In order to implement the shaking function, we need to collect your acceleration sensor information.
We may show you advertisements in the APP. In order to show the advertisement information correctly, we need to collect your gyroscope sensor information for determining the state of the device.
When you use the DingTalk APP, if you actively choose to jump to a third-party APP, we may query the application installation information of the third-party APP for determining whether the APP is installed on the current device.
(IV) Personalized recommendation
To present you with content or services that better meet your needs, we may collect and use your device identifiers (Android ID, Android OAID, HarmonyOS OAID, ICCID, IDFA), application information (application crash information and notification switch state), device parameters and system information (device type, device model, operating system and hardware related information), service log information (browsing records, clicks records, search query records, favorites, likes, shares, posts, and IP address, browser type, telecommunications operator, language used, access dates and times), basic information you submit and information about your organization (such as department and job position), to predict your preferred characteristics through algorithmic models to content or services that you may be interested in.
If you would like to turn off the personalized Contents that we send to you, you may do so in the "Settings & Privacy - System and Application Rights - personalized Contents recommendation" menu.
(V) Customer service and dispute handling
When you contact our customer service for assistance, in order to safeguard the security of your account and system, you are required to provide us with the personal information necessary to verify your user identity.
We keep records of or information related to your communications with us (including your account information, work order information, or any other information you provide to prove relevant facts or contact details you leave) for the purpose of contacting you or assisting you in resolving your problems or recording the resolution and result of your problems.
We may also use other information about you, reasonably required in order to provide the services and improve the quality of the services, including any information you provide when you contact our customer service or responses to questionnaires sent to us when you participate in surveys.
(VI) Providing security assurance for you
We are committed to providing a safe and secure communication environment for you. To prevent and control telecommunication network fraud, safeguard the normal and stable operation of the network, prevent illegal criminal activities on the network, effectively respond to network security incidents, protect your person and property or those of other users or the public from damage, and to more accurately identify violations of laws, regulations or relevant agreements or rules of DingTalk, we collect your Device Identifier (Android ID), Variable Identifier (IDFA, IDFV, Android OAID, HarmonyOS OAID, GAID), Application Information (application crash information, notification switch state, processes in the running App and other App related information), Device Parameter and System Information (device type, device model, operating system and hardware related information), Device Network Information (IP address, Bluetooth information, Device sensor information and other network related information), Operator Information, Broadcast Component Communications Information. We may use the above information of you, DingTalk account information, service log information and other information that our affiliates or partners obtain your authorization or can provide to us in accordance with the law for the purpose of determining account security and transaction security, conducting identity verification, identifying illegality and irregularity, detecting and preventing security incidents, and may take necessary recording, analysis and handling measures in accordance with the law.
(VII) Other additional services provided to you
1 、 Additional Services Based on System Permissions
In the following additional services, we may apply system access rights to collect and use your personal information. If you do not agree to grant such access rights, your use of DingTalk's basic services shall not be affected, but you will not be able to use such additional services. You may toggle these access rights on or off at any time. When you toggle any access rights, you authorize us to collect and use such personal information for providing corresponding services to you. When you toggle any access rights, you cancel your authorization and we will no longer be able to collect and use such personal information under such access rights and provide the services corresponding to such access rights. Closing a access right shall not affect the collection and use of personal information based on your authorization before the right is closed.
2 、 Cookie and similar technical services
Cookie and other similar technologies are technologies commonly used on the Internet. When you use our services, we may use relevant technologies to send one or more cookie or anonymous identifiers (the "cookie") to your equipment to collect, identify and store information about your access and use of the product. We undertake not to use cookies for any purposes other than those set forth in this Privacy Policy. We use cookies primarily to ensure the safe and efficient performance of our products and services. We use cookies to verify the security of your accounts and transactions, to troubleshoot unusual conditions such as crashes or delays and to save you the need to repeatedly complete forms and enter search content.
We may also use cookies to present information or functionality to you that may be of interest to you. Most browsers offer the ability to erase data from the browser's cache. You may then erase data or reject our cookies accordingly. You may not be able to use cookie -based services or functionality as a result of these modifications.
(VIII) Other rules for personal information collection and use
1 、 If information you provide contains personal information of others, you shall ensure that you have obtained legal authorization before providing such personal information to DingTalk.
2 、 If we use the information for purposes other than those described in this Privacy Policy, or if we use information collected for a specific purpose for any other purpose, we will obtain your prior consent.
3 、 Subject to processing the information with secure encryption, we will use the data collected under this Privacy Policy for machine learning and training of algorithmic models to better provide services to you, such as through algorithmic models that predict and match information you might search for, and show this information to you in the "Guess What" search box on DingTalk. You may click hereto view the description of DingTalk's algorithmic service.
III 、 Partners, transfer and publication of personal information involved in the process of data use
(i) Partners involved in the process of data use
1 、 Basic principles
In cooperating with our partners, we will comply with the following principles:
(1) The principle of lawfulness, legitimacy and least necessity. Data processing shall have legal basis and proper purpose and be limited to the minimum scope to achieve the purpose of processing.
(2) The principle of maximizing users' information right and decision right: During the process of data processing, users' information right and decision right towards their personal information shall be fully respected.
(3) The principle of strengthening security competence to the utmost extent. We will take necessary measures to safeguard the security of personal information handled, prudently assess the purposes of data use by such cooperation partners, make comprehensive assessment of the security competence of such cooperation partners, and require such cooperation partners to comply with the relevant requirements of the cooperation agreement.
2 、 Scope of partners
If services provided by our affiliates or third parties are involved in the specific functions and scenarios, the scope of partners shall include our affiliates or third parties.
3 、 Handling upon entrustment
We may entrust the processing of your personal information to the partners in order for the partners to provide certain services or perform functions on our behalf for you. We will only entrust the processing of your information for legal, proper, necessary, specific and express purposes as stated in this Policy. Authorized partners will only have access to the information they need to perform their duties to you and we will require them not to use such information for any purpose beyond the scope of entrustment in writing. If a partner is authorized to use your information for purposes that are not entrusted by us, it will be with your separate consent.
4 、 Joint processing
With respect to joint processing of personal information, we will enter into relevant agreements with our partners specifying their respective rights and obligations in accordance with the laws, so as to ensure the compliance with the laws in connection with the use of such personal information and the protection of data security.
5 、 Cooperation scenario
1) To fulfill business functions
If you use the service such as applet or SaaS application provided by our partners on DingTalk, our partners (usually developers of the applet or SaaS application) will use your personal information (such as avatar, nickname and phone number). The specific type of personal information shall be subject to the content authorized in the prompt on the relevant pages when you activate the applet or SaaS application.
2) Advertising and analytics services
We will use common and secure techniques to retain the processing of information relating to advertising, coverage and availability when we select our partners for the processing of such information. We will not entrust your personally identifiable information to our partners.
3) Safety and statistical analysis
A. Safeguarding safe use: To protect the legitimate rights and interests of DingTalk's users from unlawful infringement, our partners may use necessary devices, account numbers and log information.
B. Analysis of products: To analyze the stability of DingTalk's products and services, our partners may need to use information such as service profile, device identification information, and the overall installation and use of the applications.
C. Academic scientific research: To enhance the capability of scientific research in relevant fields and promote the development of science and technology, we may use de-identified or anonymized data together with our partners (such as scientific research institutions and higher learning institutions), provided that data security and legitimate purposes are ensured.
4) Other cooperation scenarios
If you have signed authorization agreements or documents with credit reporting agencies (such as Baixing Credit Consulting, Pudao Credit Consulting, etc.), financial institutions or other third-party agencies, based on your authorization and this Policy, we may conduct comprehensive statistics, analysis or processing of your personal information and provide the results of data processing to the said agencies.
In addition to the above cooperation scenarios, we may also entrust the processing of personal information to other partners who support our business operations, such as authorized by us to provide technological infrastructure services.
To ensure the stable operation and the realization of our functions at the client end, we may embed SDKs or other similar applications of the authorized partners in our applications. We may perform strict security examination of the application programming interfaces (APIs) and SDKs through which the Authorized Partners obtain personal information, and agree with the Authorized Partners on strict data protection measures to require them to handle personal information in accordance with this Policy and other appropriate confidentiality and security measures.
(II) Transfer
If we need to transfer personal information as a result of merger, division, dissolution or being declared bankrupt, we will tell you the name and contact information of the recipient. The recipient will continue to implement this Policy and other legal obligations. If the recipient changes the original purpose and method of information disclosure, it shall re-obtain your consent.
(III) Public disclosure
We will only publicly disclose your personal information under the following circumstances:
1 、 We may publicly disclose your personal information if you choose to do so or otherwise obtain your separate consent.
2 、 If we determine that you have violated laws, regulations or relevant agreements or rules of DingTalk or to protect others' personal or property security, we may disclose your personal information, including your violation and any actions DingTalk has taken against you.
(IV) Cessation of operation
If we cease operating products or services, we will promptly stop continuing to collect your personal information and send you a notice of cessation of operation in the form of one-by-one notice or announcement. In the meantime, personal information in our possession in relation to the products or services that have been ceased will be deleted or anonymized.
(V) Circumstances under which we are legally exempted from requiring your authorization
In accordance with the laws and regulations, under the following circumstances, the partners are not required to obtain your authorization or consent when we use, transfer or disclose your personal information:
1 、 It is necessary for concluding and performing a contract to which you are a party, or it is necessary for implementing human resources management in accordance with the employment rules and regulations formulated in accordance with the law and a legally concluded collective contract;
2 、 It is necessary for performing statutory duties or obligations;
3 、 It is necessary for responding to public health emergencies, or for protecting the life, health and property safety of a natural person;
4 、 It is necessary for carrying out news report and supervision by public opinion for the public interest; Process personal information within a reasonable scope;
5 、 Process personal information disclosed by you yourself or other legally disclosed personal information within a reasonable scope in accordance with the Law on the Protection of Personal Information; and
6 、 Other circumstances provided by laws and administrative regulations.
(VI) Customer entrusts DingTalk to process data in the control of business organization
1 、 Ownership of the data control right of the personal registered account that joins the business organization
If you, as an end-user, register an account with your personal mobile phone number for DingTalk and join the DingTalk business organization, and use DingTalk to carry out online mobile work, communication and collaboration as a member of the business organization, we may, under the configuration, operation and instructions of the administrator of your business organization, record the data submitted or produced in the process of your use of relevant functions of DingTalk (hereinafter referred to as "business organization control data"). Business organization control data may include:
1) The information assigned to you by your business organization, including position, department, main industry, office e-mail account, and office telephone information; and the information provided or produced by you by using the attendance, examination and approval, check-in, and log functions opened by your business organization, including fingerprint base map, fingerprint features, face recognition base map, facial features, check-in face photo, geographic location information, and attendance and punching information, approval records, release log information, schedule information, and staple disk file information. If your business organization uses DingTalk's own brand hardware products (including DingTalk Fingerprint Attendance Machine, DingTalk Face Recognition Attendance Machine, DingTalk Intelligent Front Desk) or tripartite intelligent access control products embedded with DingTalk services, your business organization may ask you to input your fingerprint or face photo through a DingTalk client or hardware device, and DingTalk will extract and process your fingerprint or face feature values so that the above products can implement online fingerprint recognition or face recognition.
2) The transaction information of orders when you use DingTalk or activate the third party application, such as the transaction information of DingTalk proprietary or third party application service purchased by you, as an administrator, in the DingTalk application market.
3) Personal information including identity information (name, ID card information, registered permanent residence), enterprise service information (department, position, rank), labor contract status, contact means of the enterprise and you (mobile phone, fixed phone, e-mail), contact addresses of the enterprise and the individual (home address, office address), education information (school, major, education background), bank card information for payroll payment, information of emergency contact persons or the name card information of the external business contact persons that you have saved, which shall be uploaded by the enterprise on its own or required you to provide after the enterprise opens and uses the DingTalk enterprise services including enterprise address book, intelligent personnel service and digital human relationship service.
4) Personal information including your contact information (name, mobile phone number and contact address), your children's identity information (name, facial photo), class information (grade and class) etc., which your children's school provides or requires you to provide after DingTalk's school opens and uses DingTalk education related application services (such as Home School Communications).
5) the enterprise organization office work and collaboration groups that you have created by using the DingTalk instant messaging group service, including the internal groups used for the purpose of internal communication and collaboration of enterprise (such as all the staff group, internal group, collaboration group, service group, and confidentiality group) and the external groups used for the purpose of external collaboration of employees of enterprise (such as external project group, external conference group), that are uploaded, recorded, released, transmitted, or shared in the event of uploading, recording, releasing, transmitting, or sharing. In particular, after your business organization has paid for opening the relevant exclusive security services, the documents, multimedia, conversations and other relevant instant messaging information that are uploaded, recorded, released, transmitted and shared by you by using DingTalk IM service and uploaded, recorded, released, transmitted and shared during one-on-one chat with members of the same business organization during your employment ("one-on-one chat with in-service colleagues") will not be visible after you leave office.
6) Service log data generated by your business organization from opening DingTalk security application services for the purpose of human resources management, information security management or data security control, including the equipment log information of client software or system version, IP address, network access and so on; the log data of your basic behaviors such as logging in/out of DingTalk and Workbench application access, and joining the business organization; and the log data of security control behaviors such as file operation behavior, group operation behavior and screen capture behavior.
7) Other data including your personal information submitted by enterprises as organizations of users.
8) Data expressly authorized by end users to be controlled by enterprises, including the data generated from the services with the service attributes for individual users and that for enterprises and organizations, such as general groups not affiliated to any organization, one-on-one chats among non-employed colleagues and other services with the service attributes for individual users and that for enterprises and organizations, and data expressly authorized by end users to be controlled by enterprises and organizations. If the aforementioned data have not been authorized by end users, DingTalk will not share them with business organization users or their administrators.
2 、 Data control ownership of business account used by individuals
All data generated by your login and use of the business account that is assigned to you by the business organization belongs to the data under the control of the business organization. You shall fully understand the office nature of the business account, and avoid self-operation and use of the business account to upload, input, release, transmit or share personal information or privacy. Otherwise, you may not deny the business organization's ownership of data control over your business account due to such self-operation.
You understand and agree that the business organization users are the administrators of the data controlled by the business organization users, and we only process the data controlled by the business organization users in accordance with the instructions of the administrator of the business organization users. Before organizing users to upload organizational communication information, class address book, and requesting end users to submit intelligent personnel information and external business contact information, the enterprise shall guarantee that only the information of end users necessary for corporate operation and management is collected, and that the end users have been fully informed of the purpose, scope, and usage of relevant data collection, and authorized consent of end users has been obtained, before organizing end users to upload organizational communication information and class address book of DingTalk and end users are required to submit intelligent personnel information and external business contact information.
You, as an end user, understand and agree that the business organization users have the right to process your personal information on the basis of the necessary for the execution and performance of the contract to which you are a party, or on the basis of the labor rules and regulations formulated according to laws and the collective contract signed according to laws, including entrusting DingTalk to process your personal information based on reasonable necessity for the purpose and scope of the administrator to open, manage and use the service of DingTalk to realize the online mobile office, communication and coordination.
IV. Your rights
You can use DingTalk App in "Settings & Privacy - Security Center - Data Rights" to make a data rights request to DingTalk, or you can access and manage your information in the following manner, and we will respond to your request in accordance with legal and regulatory requirements.
(I) Accessing, correcting and supplementing
You have the right to access, correct and supplement your information in the following ways:
1. DingTalk Enterprise/Organization users: You can access your organization by logging in to "DingTalk enterprise management background" (oa.dingtalk.com) to query and correct the Enterprise/Organization control information, including address book information, invitation SMS settings, login password, main administrator and sub-administrator. You can also turn on or off the DingTalk basic apps, third-party apps or self-built apps through the "Workbench - Application Management".
2. DingTalk individual users: (1) Login to DingTalk mobile client, click on "Me - Settings & Privacy - My messages" to query and correct your personal information and personal account related information, including: avatar, nickname, phone number, work profile, gender, birthday, region and title information or complete real person authentication; (2) Login to the mobile client, click "Me - Customer Service & Help - Online Service" to seek the online help.
(II) Reproduction
You can reproduce your information in the following ways:
1. You can enter "Me -Settings & Privacy - Personal Information Inquiry and Download" in the DingTalk App;
2. You can reproduce your personal information after inquiring through the paths listed in "(I) Accessing, Correcting and Supplementing".
(III) Deletion
You can delete some of your information or request cancellation of your account to delete all of your information by following the path outlined in "(I) Accessing, Correcting and Supplementing".
In the following circumstances, you may request us to delete your personal information:
1. The circumstances where we deal with personal information in violation of laws and regulations;
2. If we have collected and used your personal information without your explicit consent;
3. If we deal with personal information in violation of the agreement with you;
4. The purposes of processing have been achieved or cannot be achieved, or such information is no longer necessary for achieving the purposes of processing;
5. If we stop providing the product or service, or if the retention period has expired.
If we decide to respond to your request of deletion, we will try to notify the third parties who obtain your personal information from us and require it to delete it in a timely manner (unless otherwise stipulated by laws and regulations, or they have separately obtain your consent).
When you delete your personal information, we may not be able to delete it from our backup system immediately due to laws and regulations or security technology limitations, and we will securely store your personal information and restrict further processing of it until the backup can be erased or anonymized.
(IV) Changing the scope of authorisation
You may withdraw your authorization or change the scope of your authorization for us to collect and process your personal information by:
1. Enterprise/Organization user: You can login "DingTalk enterprise management background" (oa.dingtalk.com) to turn on or off the DingTalk basic apps, third party apps or self-built apps through "Workbench - Application Management".
2. DingTalk individual users:
You can grant or withdraw your consent to authorization by logging in your mobile client at "Me - Settings and Privacy".
For authorizations that you cannot set up directly in the way described above, you can obtain an authorization by contacting customer service to get an explanation. However, for some types of personal information, such as information necessary to realize the basic functions of Dingtalk or information necessary for us to perform our legal obligations, we may not be able to respond to your request to change the scope of your authorization.When you withdraw your authorization, we will no longer process the corresponding personal information, but the withdrawal of authorization will not affect our previous processing of personal information based on your authorization.
(V) Logout of your account
Your may apply for canceling your account by the following manners:
1. DingTalk Enterprise/Organization users: you can login mobile DingTalk App and click "Workbench - Enterprise Management - Other More Settings - Dissolving Business" to follow the interface prompts; or you can login the web-based "DingTalk Enterprise Management Background" to click "Settings - Dissolve Business Process" and follow the interface prompts.
2. DingTalk personal users: You can login to the DingTalk client, click on the "Me - Settings and Privacy - Security Center - Account Settings - Logout DingTalk Account" to carry out a logout.
Please note that DingTalk currently only supports initiating a logout on your cell phone. After you voluntarily logout your account, we will stop providing you with products or services and delete or anonymize your personal information as required by law.
(VI) Automated decision-making in constraint information systems
For some business functions, we may make decisions only based on the non-AI decision-making mechanism which covers information system and algorithm.If these decisions affect your legal rights, you can contact us through customer service .
(VII) Response to your request
For your request to us as described above, you can contact us via customer service or initiate a complaint with our specialized department for the protection of personal information, and we will contact you within 15 days.
To protect the security of your account and personal information, when you make such a request to us, we will first verify your identity (e.g., by adding account verification, requiring you to provide a written request, or other reasonable means) before processing your request.
For your reasonable request, we will not charge any fee in principle; however, for those repeated and unreasonable requests, we will charge fees as appropriate.We may reject your request if it contains information which is not directly related to your identity, contains unreasonably repeated information, needs many technical means (such as develop a new system or fundamentally change current practices), incurs risks to others' legal rights and interests, or is unfeasible.
V. Storage of information
(I) Storage period
We will only retain your personal information within the period required by the purpose hereunder, unless mandatory retention is required by laws and regulations. For example, the E-Commerce Law requires that information on goods and services and transaction information be kept for a period of not less than three years from the date of completion.
We judge the duration of storage of personal information based on the following criteria:
1. To fulfill the purpose of the transactions related to you, and to maintain the corresponding transaction and business records in order to respond to your possible inquiries or complaints;
2. To ensure the safety and quality of the services we provide to you;
3. Whether you agree to a longer retention period;
4. According to relevant needs of the statute of limitations;
5. Whether there is any other special agreement or legal or regulatory provision concerning the duration of the reservation.
After the retention period has elapsed, we will delete or anonymize your personal information as required by applicable law.
(II) Storage locations
In principle, personal information generated or collected by us in China will be stored in China. In order to meet your possible cross-border communication and collaboration needs, our product features allow you to communicate with the DingTalk users across borders. DingTalk is an international version operated by our affiliates, for users outside of China only. This means that when you communicate and collaborate with DingTalk users, your network identity information (avatar, nickname, DingTalk number) will be accessed by your communication and collaboration partners from outside the country. We will assess and make our best efforts to ensure that your personal information is protected to the same extent as it is adequately protected in China, in accordance with the requirements of Chinese law. For example, we will also ensure that the information we transmit across borders is encrypted, that we regularly assess and audit the level of security capabilities of our recipients, and that we enter into data processing agreements.
In addition to the above, if we do need to transfer your personal information outside of China due to other business needs, we will comply with the requirements of laws and regulations and regulatory authorities, and inform you of the name of the overseas recipient, contact information, the purpose of the processing, the processing method, the type of personal information, and the manner and procedures by which you can exercise the relevant rights to the overseas recipient in the relevant service agreement or the authorization agreement of the specific function page, and obtain your separate consent (if applicable). Before providing your personal information overseas, we will take measures such as conducting a security assessment, certifying the protection of your personal information, or entering into a contract with an overseas recipient in accordance with a standard contract established by the national Internet information department, in order to comply with the legal conditions for providing personal information overseas.
(III) Storage security
1. Data protection technical measures
We have taken appropriate security protection measures that comply with industrial standards to protect the personal information you provide and prevent it from any unauthorized access, public disclosure, use, modification, damage or loss. For example, we use encryption technology to increase the security of your personal information, and the data exchanged between your browser and the server is protected by SSL protocol. We offer HTTPS protocol for secure browsing. We use trusted protection mechanisms to prevent malicious attacks on personal information. We deploy access control mechanisms and make every effort to ensure that only authorized personnel have access to personal information.Currently, our critical information systems have passed the Level 3 assessment which includes network security level protection, ISO 27001:2022 Information Security Management System Standard Certification, ISO 27018:2014 Public Cloud Personal Identity Information Protection Management System Certification, ISO 27701 Privacy Information Management System, Office Instant Messaging Software Security Evaluation, and many other security compliance security assessment of office instant messaging software.
2. Organizational measures for data protection management
With data as the core, we have built a data security management system based on data life cycle, improving the security of the entire system in many aspects, such as organization construction, system design, personnel management, and product technology. We have established a department dedicated to the protection of personal information, and we continue to strengthen our employees' awareness of the importance of protecting personal information through training courses and examinations.
3. Personal information security incident response
In the event of a breach of our physical, technical or managerial protection facilities, resulting in unauthorized access, public disclosure, alteration or destruction of information, leading to damage to your legitimate rights and interests, we will promptly activate our emergency response plan in order to minimize the impact on you personally.In case of a personal information security event happens, we will notify you of the following information according to the requirement of laws and regulations: basic conditions and possible impact of the security event, the treatment measures we have taken or will take, advice on how you may take preventive measures or lower risks, and the remedy measures taken for you. We will inform you by SMS, phone call, push notification and other reasonable channels, and if it is difficult to inform you individually, we will take reasonable and effective ways to publish announcements. In the mean time, we will report how the Personal Information security event is processed according to the requirement of regulatory requirement.
4. Account security risk prevention
When using DingTalk to communicate and collaborate, please protect your personal information properly and provide it to others only when necessary to avoid information theft or even telecommunication network fraud.
If you find your own personal information, especially your account or password, has been divulged, please immediately contact our customer service staff so that we can take corresponding measures based on your application.You can also operate " Account Settings", " Freeze and Unfreeze", "Privacy Switch", as well as submitting a fraud complaint report in "Me - Settings & Privacy - Security Center".
VI. Update of policy
In order to bring you a better product and service experience, we continuously strive to improve our products, services and technologies.When services and business processes change, we may update our Privacy Policy to inform you of specific changes. Without your explicit consent, we will not reduce your rights under this Privacy Policy.
For significant changes, we will also provide more prominent notifications (including red dots or a pop-up alert).
Significant changes referred to in the Policy include, but are not limited to:
1. Significant changes in the business model of the product. Such as the purpose of processing personal information, the categories of processed personal information, and the manner of use of personal information;
2. The change of the subject of the privacy policy due to business restructuring, transactions and acquisitions, and the new subject's change of the original treatment purpose and treatment method;
3. Changes of the main objects of personal information sharing, transfer or public disclosure;
4. The rights of users to personal information and the manner in which they are exercised have undergone significant changes;
5. There's a change in the contact information of the person in charge of the protection of personal information and the channel for filing complaints;
6. If the personal information protection impact assessment report indicates that the existence of the product has a significant impact on the rights and interests of individuals.
We will also archive the old versions of the Policy for your reference.
VII. Protection of minors
In the digital office or in learning, communication and collaboration activities we presume that you have the appropriate civil behavioral capacity. If you are a minor, please request your parents or guardians to carefully read the Privacy Policy, and use our services or provide services for us with the consent of your parents or guardians.
If you are a child below 14, before using our services, you and your guardian should carefully read our specially formulatedNotes on the Use of DingTalk Minor Protection Modeand DingTalk children's Personal Information Protection Rules and Instructions for Guardiansto ensure that you obtain your guardian's consent to use our services under his/her guidance.
If you are a parent or other guardian of a child, please be concerned about whether the child is using our products or services with your authorised consent. If you have questions about a child's personal information, please contact our dedicated personal information protection department.
VIII. Contact us
You may contact us by the following ways. We will reply you within 15 days:
1. If you have any questions, comments or suggestions regarding the content of the Policy, you may contact us at "Me - Customer Service & Help - Online Service".
2. You can also send an e-mail to dingtalkteam@alibaba-inc.com to contact our personal information protection department. Our office is located in: Building 5, Future Park Zone, No.959 Gaojiao Road, Wuchang Subdistrict, Yuhang District, Hangzhou. Please note that we may not respond to questions that do not relate to the Policy or your rights with respect to personal information
If you are dissatisfied with our reply, or believe that our processing of personal information has damaged your legal rights and interests, you can also bring a lawsuit before the court in possessing the jurisdiction over the domicile of the defendant.
Appendix: Definitions
1. SDK: It refers to software development kits.
2. DingTalk: It refers to the DingTalk website (domain name: dingtalk.com, aliwork.com) and DingTalk software (including App and PC version of DingTalk).
3. DingTalk Service Providers: It is abbreviated as "We ", referring to the Internet information and software technology service provider of DingTalk Software, that is, Dingding Technology Co., Ltd., DingTalk (China) Information Technology Co., Ltd.
4. DingTalk personal user: It refers to an individual who registers through a cell phone number and authentication code registration DingTalk account or use DingTalk allowed third-party account authorization to log in DingTalk, did not join any DingTalk Enterprise/Organization, no Enterprise/Organization identity or do not use the DingTalk services in the capacity of an Enterprise/Organization users.
5. DingTalk Enterprise/Organization services: It refers to the DingTalk Office applications configured, opened and managed by the administrator on behalf of the DingTalk Enterprise/Organization users for use by the Enterprise/Organization members, such as DingTalk Intelligent Personnel DingTalk Intelligent Office Application, DingTalk Conference Calls, Enterprise Group Chat, and DingTalk Service Window.
6. DingTalk administrator: It is abbreviated as "Administrator", refering to the person who is authorized or designated by the users of DingTalk Enterprise/Organization, has the authority to operate the system of DingTalk Enterprise/Organization user management platform, and opens, manages and uses DingTalk services on behalf of the Enterprise/Organization.
7. DingTalk Enterprise/Organization users: It refers to legal persons or unincorporated organizations who create the DingTalk Enterprise/Organization on DingTalk, invite their members to register DingTalk account (or configure exclusive account for the members) and add such members to the DingTalk Enterprise/Organization, and configure, open, manage and use the DingTalk Office application for members of the organization to carry out online mobile office, communication and collaboration.
8. DingTalk certified Enterprise/Organization users: It refers to the DingTalk Enterprise/Organization users who have passed the DingTalk certification audit.
9. Children: It means the juveniles who are less than 14 years old.
10. Service log information: It includes browsing records, click-to-view records, search and query records, favorites, transactions, after-sales, attention to share information, release information, and IP address, browser type, telecom operator, language, date and time of visit.
11. Personal information: It refers to all kinds of information related to identified or identifiable natural persons that are electronically or otherwise recorded, excluding information that has been anonymized.
12. Personal Information Processor: It refers to DingTalk individual users or Enterprise/Organization users in the use of DingTalk for online mobile office, communication and collaboration process, the right to decide the purpose of personal information processing, the way of the organization or individual. Specifically, when dealing with the various types of data generated and collected by DingTalk individual users using DingTalk services, DingTalk is a personal information processor; when dealing with Enterprise/Organization control data, DingTalk Enterprise/Organization users are personal information processors, and DingTalk is only commissioned by Enterprise/Organization users to process Enterprise/Organization control data in accordance with administrator's instructions and configurations.
13. Anonymization: It refers to the process of processing personal information to make it impossible to identify specific natural persons and impossible to restore.
14. Enterprise/Organization controlled data: It refers to the information and data submitted or generated by Enterprise/Organization users and their end users in the course of using the DingTalk Services, the specific scope of which is described in the relevant Section (III) of Chapter 2 of the Policy.
15. Enterprise/Organization end-users: It is abbreviated as "End-users" , refering to be invited by the administrator, self-application or by the Enterprise/Organization members invited and agreed by the administrator operation, to join the DingTalk certified Enterprise/Organization to become a member of the organization of the DingTalk individual users.
16. De-identification of personal information: It refers to the handling after which the personal information cannot be used to identify a natural person without any other information.
17. Enterprise account (formerly "Dedicated account"): It refers to the DingTalk certified Enterprise/Organization users based on human resource management, information security control and other business management purposes, through the DingTalk enterprise account technical services, for end-users to configure the exclusive enterprise account, the enterprise account belongs to the Enterprise/Organization, end-users can log in to the enterprise account to use the DingTalk digital office services, resulting in the data belonging to the Enterprise/Organization to control the data.
18. Affiliate: It refers to those disclosed in the latest annual report of listed company of Alibaba Group Holding Limited.
(Concluded)
