DingTalk Privacy Policy

 

Latest update: May 20, 2021

Part I

Your trust is of great importance to us. We deeply understand the importance of personal information to you, and will take corresponding security measures in accordance with laws and regulations and strive to protect your personal information to keep it secure and under control. This Privacy Policy (the “Policy”, which term includes any applicable country specific addendums) applies to DingTalk (Singapore) Private Limited (collectively, “DingTalk” “we” “our” or “us”).

We are responsible for the processing of your personal information when you interact with DingTalk products and services, including DingTalk APP, DingTalk Lite APP, DingTalk official homepage (dingtalk.com), DingTalk Open Platform (open.dingtalk.com), DingTalk APP Center (appcenter.dingtalk.com), DingTalk web version (im.dingtalk.com) and DingTalk smart device or DingTalk features/services integrated within such smart device (Collectively the “DingTalk Services”). This Policy describes how we collect, receive, use, store, share, transfer, and process your personal information, as well as your rights in determining what we do with the information that we collect or hold about you.

This Policy does not apply to third party applications or software that integrate with the DingTalk Services (collectively referred to as "Third Party Service"), such as the third party applications available in the DingTalk APP Center, payment, translation, or OCR functions used through the DingTalk Services. Before choosing to use any Third Party Services, please read and fully understand the Third Party Services’ product function, service agreement and privacy policy.

Please note that depending on the country where you are from, there may be certain country specific addendums that may apply to you that form an integral part of this Privacy Policy.

We may update this Policy from time to time in response to changing legal, technical or business developments. When we update the Policy, we will take appropriate measures to inform you (such as by posting an amended Policy via pop-up window) and may obtain your consent, consistent with the significance of the changes we make and as required by applicable law.

 

Part II

This part will help you understand the followings:

I.     How we collect and use your Personal Information

II.    How we use cookie and similar tracking technologies

III.   How we share or disclose your Personal Information

IV.   How we protect your Personal Information

V.    How do you manage your Personal Information

VI.   How we retain your Personal Information

VII.  How we store and transfer Personal Information outside your country

VIII. How we update this Policy

IX.    How to contact us

X.     Addendums

 

I.   How we collect and use your Personal Information

For purpose of this Privacy Notice, “Personal Information” refers to information that relates directly or indirectly to an identified or identifiable individual. The Personal Information we collect about you varies depending on your account type, your roles, as well as your interactions and touchpoints with us.

Upon registration, you may either (a) create and establish organizational structure for your Enterprise/Organization/Team and manage the use of DingTalk Services on behalf of the Enterprise/Organization/Team as a DingTalk Administrator (“Administrator”), (b) join an existing Enterprise/Organization/Team via invitation as an authorized Member (“Authorized Member”), or (c) interact with other DingTalk Users after exchanging contacts as an Individual User (“Individual User”), or (d) you may interact with our Websites as a Visitor (“Visitor”) without registering an account.

(I)  Information You Voluntarily Provide Us

When using DingTalk as an Individual User, we may collect the following information which includes Personal Information from you:

Account and Profile Information. We collect your email or cellphone number and authentication code to create a DingTalk account for you; we may further collect your name, profile picture, nick name, gender, date of birth, the place of your job, and other basic information in order to provide you basic services such as instant messaging, video conference call, VOIP call etc.

Usage data. We will collect the information you submitted or generated when using DingTalk Service, such as messages sent/received, voice call status (NOT call content), so as to realize information transmission and interaction.

Customer service and dispute resolution information. When you contact us or file for a dispute resolution, we may request your Personal Information in order to prevent fraud and verify your identity. We may keep your communication and resolution record with us for contact and problem resolution purposes. We may also use other information we know about you, for example, information you provided to customer service or via questionnaires/surveys, to improve our service quality.

When the following permissions on your device is enabled, we may further collect following types of personal information from you. You can view the status of these permissions in "Settings -General Application permissions" of your device, “Me-Settings – Privacy” or “Me-Settings – General” of the DingTalk App, and you can turn them on or off at any time at your discretion.

Contact DetailsWe may import contacts stored on your device when done with notice and affirmative permission, in order to recommend you to add friend with other DingTalk users in your contact list

Voice Data and Photos. When microphone access is enabled upon notice and affirmative permission, we may collect your voice for voice input, live broadcasting, or video/voice conferencing purposes. When camera access is enabled upon notice and affirmative permission, we may collect your facial photographs for video conferencing, or live broadcasting purposes. When storage access is enabled upon notice and affirmative permission, we may collect facial photographs of you or another individual stored in your photo/video library when you share medias with other Users within DingTalk.

Scheduling InformationWhen calendar access is enabled upon notice and affirmative permission, we may collect your scheduling information recorded on your synchronized local or web calendar, to set up meetings or schedule tasks with other DingTalk users.

Device DataTo ensure the security of your account, you need to authorize us to read the ID code of the device. If rejected, the DingTalk will not operate normally due to security risks.

When you use DingTalk as an Administrator or an Authorized Member, your employer decides the categories and purposes of data to be processed. Pending of the functions your employer use, such data may include the following:

Business Information. When you create and establish organizational structure for your Enterprise/Organization/Team as an Administrator, we will collect your organization’s name, address, and industry type. If your Enterprise/Organization/Team seek to obtain value-added services, you need to provide specific information and materials on behalf of your Enterprise/Organization/Team, including business license, official registration number, office address, name and national ID number of the legal representative, certification official letter, etc.

Account and Profile Information. We may collect your cellphone number, email address and authentication code to create a DingTalk account for you; we may further collect your name, profile picture, nick name, gender, date of birth, job title and other basic information in order to provide you basic services such as instant messaging, video conference call, VOIP call etc.

Usage information. We will collect the information you submitted or generated when using DingTalk Service. For example, if you use DingTalk for IM chat service, we may record your chat information and voice call status information (NOT call content) so as to realize information transmission and interaction

Education and Training. If you choose to open the DingTalk Career services, you need to provide further information about your schools/universities attended, academic grades, degrees obtained, professional certifications, resume etc. Upon your authorization, we will verify your information through a third-party verification service.

Identification Numbers. We will collect your national ID number, combined with facial recognition authentication for verification purposes, if you would like to be a live broadcasting host within a Enterprise/Organization/Team.

Customer service and dispute resolution information. When you contact us or file for a dispute resolution, we may request your personal information in order to prevent fraud and verify your identity. We may keep your communication and resolution record with us for contact and problem resolution purposes. We may also use other information we know about you, for example, information you provided to customer service or via questionnaires/surveys, to improve our service quality.

Comments, Q & A and other public information. You can publish information through the DingTalk colleague circle, DingTalk community, DingTalk Enterprise Square, public attestation, live broadcast and other information publishing channels provided by us, including publishing graphic / video / live content, link, publish evaluation and Q & A content as DingTalk users, and as the administrator of the third-party application service provider in DingTalk APP Center to release information about its goods and / or services. Please note that your publicly published information or content may involve your or others' Personal Information or even personal sensitive information, for example, you choose to upload pictures containing Personal Information when evaluating or making comments. Please consider more carefully whether to share or even publicly share relevant information or content when using DingTalk Services. If the personal information of children is involved in the information you publish publicly, you need to obtain the consent of the corresponding child guardian before publishing.

Organization/Enterprise/Team Control Data

(i) The position, subordinate department, main business, office mailbox account, office telephone and other information assigned to you by your Organization/Enterprise/Team, as well as the fingerprint, face recognition feature, photo , geographical location and other personal information that you are required to provide or produce in order to complete the daily operation and management of the Organization/Enterprise/Team, together with attendance information, approval records, journal information, calendar information, file information stored in the DingTalk Disk, etc.

(ii) Your transaction information when using DingTalk Services to facilitate your order management. For example, we will collect your transaction information including products/services purchased, transaction time, amount etc., if you as an Administrator in the APP Center, to buy third-party applications service. We will not collect financial data such as bank account numbers.

(iii) When Administrator of your Organization/Enterprise/Team enables the DingTalk Unified Contacts function, we may collect human resource information, including your identity information (name, identity card information, etc.), enterprise position information (department, position, grade), and the status letter of labor contract, your business and personal contact information (mobile phone, fixed telephone, mailbox), business and personal contact address (home address, office address), educational background information (school, profession, education), payroll bank card information, emergency contact information and/or external business contact card information, etc.

(iv) When your children’s school uses DingTalk Education for their school activities, the school decides the type of data to be collected and the purposes of such data processing. Such data may include your contact information (name, mobile number, contact address), students' identity information (name, face photo), class information (grade, class) and other or other personal information as instructed by the school from your children.

(v) Other data submitted by Administrator or Authorized Member that contains your Personal Information.

When the following permissions on your device is enabled, we may further collect following types of personal information from you. You can view the status of these permissions in "Settings -General Application permissions" of your device, “Me-Settings – Privacy” or “Me-Settings – General” of the DingTalk App, and you can turn them on or off at any time at your discretion.

Contact Details. We may import contacts stored on your device when done with notice and affirmative permission, in order to recommend you to add friend with other DingTalk users in your contact list, or recommend potential colleagues to join your organization.  We may also write the DingTalk Customer Service contact details and the your DingTalk contact detail designated by your Organization/Enterprise/Team in your local contact list.

Biometric Information. When microphone access is enabled upon notice and affirmative permission, we may collect your voice for voice input, live broadcasting, or video/voice conferencing purposes. When camera access is enabled upon notice and affirmative permission, we may collect your facial photographs and/or facial features for recognition, video conferencing, or live broadcasting purposes. When storage access is enabled upon notice and affirmative permission, we may collect facial photographs of you or another individual stored in your photo/video library when you share medias with other Users within DingTalk.

Scheduling Information. When calendar access is enabled upon notice and affirmative permission, we may collect your scheduling information recorded on your synchronized local or web calendar, to set up meetings or schedule tasks with other DingTalk users.

Phone Status.to ensure the security of your account, you need to authorize us to read the ID code of the device. If rejected, the DingTalk will not operate normally due to security risks.

Location Information. When location permission is enabled upon notice and affirmative permission, we may collect your precise geolocation (lat./long., WiFi access points, or Bluetooth beacons) to record attendance arranged by your Organization/Enterprise/Team.

 

(II)  Information We Collect Automatically

Device information. In order to provide you with our services and for security purposes, we will receive and record information relating to the device used by you (e.g., device model, operating system version, device settings, unique device identifier and other information of software and hardware features) and the location of such device (e.g., IP address, and any Wi-Fi access point, Bluetooth, base station and other sensor information).

Log information. When you use products or services provided by our DingTalk APP, website and/or DingTalk hardware, we will automatically collect operation log information relating to your use of our services and save them as network logs, such as your searches with the APP, your IP addresses, types of browsers, telecommunication service providers, languages, visit dates and times, web pages visited by you, and status of the call by applying Dingtalk conference call and/or Voice message, your Approval log information, attendance log information, payment information, nail transaction log information and other within DingTalk App Center and any other operation log information.

Security Information. In order to improve the security of your use of DingTalk Services, we embed the application security SDK developed by our affiliated companies in the application to collect your Personal Information, service use information, equipment information, service log information, and may use or integrate your member information, transaction information, and information authorized by you or shared by our affiliated companies and partners in compliance with applicable laws to assess the risk of your account and transactions and conduct Identity verification, detection and prevention of security incidents, and take necessary record, audit, analysis and disposal measures according to applicable laws.

 

II.  How we use cookie and similar tracking technologies

When you use DingTalk Services, we and our service providers may collect and store data relevant to your visit to DingTalk service by employing technologies on our sites and services that collect information that helps us improve the quality of our sites and service, as well as the online experience of our visitors and users. This will include verifying your identity through small data files stored on your computer or mobile device, so that we will be able to understand your habits and help you avoid repeated input of account information or help assess the security of your account. These data files may be Cookie, Flash Cookie or other local storage provided by your browser or relevant applications (collectively, “Cookie”).

Please understand that some of our services are only available through use of “Cookie”. If permitted by your browser or additional browser services, you may change your acceptance level to Cookie or reject Cookie of DingTalk, but under certain circumstances, disabling cookies may render you unable to use certain functions of DingTalk which rely on Cookie.

 

III. How we share or disclose your Personal Information

We will not share your Personal Information with companies, organizations or individuals other than DingTalk Service Providers, except in the following circumstances:

Sharing with explicit consent. We will share your Personal Information with other parties with your explicit consent;

Sharing as required by laws. We may share your Personal Information as required by laws, regulations, litigation, dispute resolution, or by administrative or judicial authority in accordance with laws;

Sharing when you actively choose to share. We may share your Personal Information when you direct us to do so by enabling third party services, for example:

(i) Enable payment services. When you enable the Alipay function within DingTalk Service, we will share your personal basic information (User ID, profile picture, nickname, etc.) and identity information (name) in order to link your Alipay Account. The activities of Alipay may be governed by their own privacy policies, not this Policy

(ii) Enable Third Party Applications. If your Administrators opt to add Third Party Applications from DingTalk APP Center to your Enterprise/Organization/Team, we will share your basic Personal Information (user ID, profile picture, nickname, etc.) with such third-party application providers. Similarly, if you, as an Individual User, choose to add any third-party Mini-Programs to your DingTalk Application, we will share your basic Personal Information (user ID, profile picture, nickname, etc.) with such Mini-Program providers who may contact you regarding their products or services.  The activities of Third Party Applications or Mini-Programs may be governed by their own privacy policies, not this Policy.

Sharing to process infringement complaint. When a complaint is made by others against you of infringing upon intellectual property rights or other lawful interests, we need to disclose your information as necessary to the complainer for settlement of complaint to the extent permitted by applicable laws;

Sharing within our Corporate Family. We may share with our Affiliates and/or their designated service providers that work with us to provide services for purposes (such as for account security purposes) described in this Policy.

Sharing with Third Party Vendors. We share your Personal Information with third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us, pursuant to written instructions. In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use Personal Information they receive from us for any other purposes. Representative services that our vendors assist us with include:

(i) Web or application research and development

(ii) Providing customer service

(iii) Sending marketing communication and running campaigns

(iv) Payment processing

Sharing during corporate transaction. If DingTalk is involved in any acquisition, merger, dissolution, insolvency liquidation, sale of all or a portion of its assets, or other fundamental corporate transaction, we reserve the right to sell or transfer your Personal Information as part of the transaction.  If transfer of Personal Information is involved, we will require the new company, organization or individual in possession of your Personal Information to continue to be bound by this Policy, or we will require such company, organization and individual to obtain your authorization and consent again.

Sharing with the public. Under limited circumstances, if you have violated laws and regulations and materially breached the DingTalk Service Agreement, for the purpose of protecting public interest or the vital interest of other DingTalk users, we may disclose your Personal Information as well as measure taken by DingTalk against you as required or permitted by applicable laws and regulations upon obtaining your consent.

 

IV.  How we protect your Personal Information

The security and confidentiality of your personal information is very important to us. We have implemented commercially reasonable technical, and organizational safeguards in line with industry standards to appropriately protect your Personal Information against accidental, unauthorized, or unlawful access, use, loss, destruction or damage.

The measures that we utilize and are administrative – such as regular security and privacy training for employees; technical – such as SSL encryption, HTTPS protocol, access management, firewalls; and physical – such as locks and video surveillance.

We have also obtained various certifications to help demonstrate our dedication to data security, such as ISO27001:2013 information security management system certification,ISO27018:2014 public cloud personal identity information protection management system certification,SOC 2 Type 1 authentication (audit of three principles of security, confidentiality and Privacy) and network security level III protection authentication.

Still, no data transmission over the internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we use appropriate technical and organizational measures to protect the information we hold for you, we cannot guarantee the security of any information we collect about you or you transmit over the internet.

 

V.  How do you manage your Personal Information

We respect your control over your information. You can exercise your rights listed below by following means. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes. We will reply within the timeline as required by applicable laws. If you are not satisfied, you can also send a complaint through DingTalk customer service by online or hotline service.

Right to access, rectification and modification

(i) If you are DingTalk Administrators and Authorized Members, you may:

Open the DingTalk official homepage (dingtalk. com), select "enterprise/organization login" in the upper right corner, select the right enterprise/organization through the DingTalk scanning QR code, and log in to "DingTalk enterprise/organization management platform" (oa. dingtalk. com) by entering the password, then you can query and correct the enterprise/organization control data, including the organization chart information, invitation message settings, modification of login password, appointing more sub-administrator(s) and so on. You can also process to open or close DingTalk Services, Third Party Services or self-built service based on DingTalk through "Platform- Service Management".

(ii) If you are DingTalk Individual User, you may:

Log in to DingTalk APP, through the operation of "Me-Settings-My Profile ", you can query and correct your personal information such as profile picture, nickname, phone number, work status, work file, gender, birthday, region and other information, and complete personal real person authentication (face entry or ID card information).

Log in to the DingTalk APP, select “My Customer Service- DingTalk Aide” (7 * 24 hours) to help you query, correct or supplement your information.

If you are a Visitor, you may contact us by emailing to DingTalkDataProtection@alibaba-inc.com.

Right to delete your information

You can delete part of your information by the way listed in "(I) Right to access, rectification and modification " above.

You can request us to delete your Personal Information in the following circumstances. We may continue to retain some of your information if we have a lawful basis (for example, to comply with applicable legal, tax or accounting requirements).

(i)   If we deal with personal information in violation of laws and regulations;

(ii)  If our handling of personal information violates the agreement with you;

(iii) If you no longer use DingTalk Services, or you close your DingTalk account;

(iv) If we stop providing you with DingTalk Services.

Right to change the scope of your authorization or consent

Some DingTalk Services request specific authorization or consent before activation. You may change the scope of your authorization or consent by following methods:

(i) If you are an Administrator or Authorized Member, you may login the DingTalk official homepage, select "enterprise/organization login" in the upper right corner, select the enterprise/organization through DingTalk scanning QR code, log in to "DingTalk Management Platform" by entering the password, then you can process to open or close DingTalk Services, Third Party Services or self-built service based on DingTalk through "Platform- Service Management".

(ii) If you are an Individual User, you may log in to DingTalk APP by “Me-Settings-Privacy” to process or withdraw your authorization consent, for example, you can withdraw your authorization of "Find me by Phone Number”.

When you withdraw your consent, we will not process the corresponding personal information. However, your decision to withdraw your consent will not affect the personal information processing based on your previous authorization.

Terminate your DingTalk account

When your Administrator determines to terminate your Enterprise/Organization/Team’s service with us, we will anonymize or delete any Enterprise/Organization/Team controlled data related to you and keep your DingTalk account as an Individual User. Otherwise, should you decide to terminate your DingTalk account as an Individual User, We will anonymize or delete your personal information pursuant to applicable laws and regulations, or if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

(i)  If you are an Administrator, you can log in to the latest version of DingTalk APP by the process of “Me-Settings-My Organization”, choose the enterprise/organization/team you wish to terminate, and select “more-Disband Organization” to terminate the DingTalk account for your Enterprise/Organization/Team.

(ii) If you are an Individual User, you can log in to the latest version of DingTalk APP by the process of “Me - Settings - Security Center - Account settings – Delete DingTalk Account” to terminate your personal DingTalk account.

You can also log in the DingTalk APP to select “My Customer Service- DingTalk Aide” (7 * 24 hours) to help you apply for deletion of your account.

After termination, we will stop providing you with DingTalk Services, delete your personal information according to the requirements of applicable laws, or make it anonymous.

In principle, we will not charge you for your reasonable requests, but we will charge you for repeated requests beyond the reasonable limit. We may reject requests for information that is not directly related to your identity, for unprovoked duplication of information, or that require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are impractical.

 

VI. How to retain your Personal Information

We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

 

VII. How we store and transfer Personal Information outside your country

To facilitate our operation, we may transfer, store and process your personal information in jurisdictions other than where you live. Laws in these countries may differ from the laws applicable to your country of residence. When we do so, we will ensure that an adequate level of protection is provided for the information.

Your Personal Information will be stored in Singapore.  Upon your selection, our services and offerings can connect you to the People’s Republic of China. To make that possible, your personal data may be transferred to or accessed by entities in the People’s Republic of China. We comply with applicable laws on the transfer of personal data between countries to help ensure your data is protected.

 

VIII. How we update this Policy

We may update this Policy from time to time in response to changing legal, technical or business developments. When we update the Policy, we will take appropriate measures to inform you (such as by posting an amended Policy via pop-up window)and may obtain your consent, consistent with the significance of the changes we make and as required by applicable law.

 

IX. How to contact us

If you have any questions or concerns about this Policy and/or data processing of DingTalk, you may contact us via DingTalk APP-Me-Help-My Customer Services-DingTalk Aide or to contact DingTalk Data Protection Officer by the email of DingTalkDataProtection@alibaba-inc.com.

 

X. Addendums

Privacy Policy – Addendum for EEA Residents

I. Legal Basis for Processing Personal Data

Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it.

However, we will normally collect Personal Information from you only

(i) where we need the Personal Information to perform a contract with you (for example, to provide you basic DingTalk Products and Services);

(ii) where the processing is in our legitimate interests and not overridden by your rights (for example, machine learning);

(iii) where we have your consent to do so (for example, to communicate with you about our products and services and provide you with marketing information), which may subsequently be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal;

(iv)  where we may have a legal obligation to collect Personal Information from you (for example, to comply with applicable accounting rules and to make mandatory disclosures to law enforcement); or

(v)  where we may otherwise need the Personal Information to protect your vital interests or those of another person (for example, if it is related to criminal offence and the user is in danger, we may provide the data to the police).

If we ask you to provide Personal Information to comply with a legal requirement or to perform a contact with you, we will make this clear and advise you whether providing your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).

If we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), this interest will normally be to operate our platform and communicating with you as necessary to provide our services to you and for our legitimate commercial interest, for instance, when responding to your queries, improving our platform, undertaking marketing, or for the purposes of detecting or preventing illegal activities. We may have other legitimate interests and, if appropriate, we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided below.

II. Safeguards for Data Transfers

In connection with providing DingTalk Services, we will transfer your Personal Information to countries outside of the EEA (including to the Singapore and China). We take appropriate steps to ensure that recipients of your Personal Information are bound to duties of confidentiality and we implement appropriate measures to ensure your personal information will remain protected in accordance with this Policy, such as standard contractual clauses. A copy of those clauses can be obtained by contact us using the contact details provided under section IX. HOW TO CONTACT US.

III. Retention Periods

We retain Personal Information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).

When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible.

IV. Data Protection Rights

If you are a resident of the European Economic Area, you have the following data protection rights:

(i)  If you wish to access, correct, update or request deletion of your Personal Information, you can do so at any time by contacting us using the contact details provided under section IX. HOW TO CONTACT US.

(ii) In addition, you can object to processing of your Personal Information, ask us to restrict processing of your Personal Information or request portability of your Personal Information. Again, you can exercise these rights by contacting us using the contact details provided under section IX. HOW TO CONTACT US.

(iii) You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided under section IX. HOW TO CONTACT US.

(iv) Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.

(v) You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority.

V. Data Controller

Except as otherwise defined in this Policy, the data controller of your Personal Information is DingTalk (Singapore) Private Limited if you are an Individual User or Visitor (if applicable), while the data controller of your Personal Information is your Enterprise/Organization/Team if you are an Authorized Member.

VI. EU representative

We have appointed Alibaba (Netherlands) B.V. as our representative in the EU. Contact person: Michelle Li (michelle.li@alibaba-inc.com).

  

Privacy Policy – Addendum for Japan

This addendum to the Privacy Policy applies to you if your Personal Data is being collected, used, disclosed or processed by us in Japan. The terms set out in this Japan Addendum are in addition to the terms set out in the Ding Talk Privacy Policy and form an integral part of the Ding Talk Privacy Policy. In the event of any conflict or inconsistency between the Ding Talk Privacy Policy and the terms of this Japan Addendum, this Japan Addendum shall govern and prevail.

I. Personal Data

For the purposes of this Japan Addendum, references to “Personal Information ” in the Ding Talk Privacy Policy and this Japan Addendum shall be read to mean “Personal information” as defined in Article 2, Paragraph 1 of the Act on the Protection of Personal Information (Act No. 65 of 2015) (“APPI”).

II. Compliance with Laws

We shall comply with the APPI.

III.  Transfer of Personal Data

Notwithstanding the provisions of Part 2, Chapter Ⅲ, paragraph (IV) of the Ding Talk Privacy Policy, your Personal Information may be shared, transferred or disclosed to the public without your authorization and consent in the following cases:

(i)  based on laws and regulations;

(ii) in which there is a need to protect a human life, body or fortune, and when it is difficult to obtain a principal's consent;

(iii) in which there is a special need to enhance public hygiene or promote fostering healthy children, and when it is difficult to obtain a principal's consent; and

(iv) in which there is a need to cooperate in regard to a central government organization or a local government, or a person entrusted by them performing affairs prescribed by laws and regulations, and when there is a possibility that obtaining a principal's consent would interfere with the performance of the said affairs.

IV.   Disclosure of your Personal Data

If you would like to request the disclosure of your Personal Data (subject to our rights at law), please email to DingTalkDataProtection@alibaba-inc.com.

No request for disclosure shall be accepted in any of the following cases where:

(i)  there is a possibility of harming a relevant individual or third party's life, body, fortune or other rights and interests;

(ii) the disclosure may significantly disturb appropriate implementation of our business operations; or

(iii) the disclosure violates any other laws and regulations.

In such cases, we will send a notification with the reason for non-disclosure.

 

Privacy Policy – Addendum for California

These additional disclosures are required by the California Consumer Privacy Act (“CCPA”).  If you live in California, you are entitled to request access to, deletion, and portability of your information or more information about our information practices.

During the preceding 12 months, DingTalk has collected, used, and/or disclosed the categories of personal data described in Part 2 of this Privacy Policy.  For example, We may collect identifiers (e.g., IP addresses and email addresses), commercial information, and Internet and other electronic activity information.  This may also include inferences we draw from the other information we collect.

We do not sell information, although we do share and allow third parties to collect personal information in the ways described elsewhere in our Privacy Policy.

We provide you certain rights to request access to the information we have collected and deletion of that information. We will not charge you different prices or provide different quality of services unless those differences are related to your information or otherwise permitted by law. Please submit your request by sending us an email to DingTalkDataProtection@alibaba-inc.com. Once we receive your request, we may verify it by requesting information sufficient to confirm your identity, including by asking you to verify information about your use of DingTalk. If you would like to use an agent registered with the California Secretary of State to exercise your rights, we may request evidence that you have provided such agent with power of attorney or that the agent otherwise has valid written authority to submit requests to exercise rights on your behalf. 

 

Privacy Policy – Addendum for Australia

This addendum to the Privacy Policy applies to individuals located in Australia. The terms set out in this Australian Addendum are in addition to the terms set out in the Ding Talk Privacy Policy and form an integral part of the Ding Talk Privacy Policy. In the event of any conflict or inconsistency between the Ding Talk Privacy Policy and the terms of this Australian Addendum, this Australian Addendum shall govern and prevail.

I. Definitions

Personal Information has the meaning set out in the Australian Privacy Act 1988 (Cth) (Privacy Act).

II. Compliance with the Privacy Act

Notwithstanding any other obligations in this Privacy Policy, DingTalk will comply at all with the Privacy Act with respect to all personal information collected from individuals in Australia.

DingTalk (Singapore) Private Limited is collecting your personal information for the purposes of providing you with DingTalk’s services. If you do not provide us with your personal information we may not be able to provide you with these services. We may disclose your information to third parties (e.g. our related companies or third parties who provide goods and services to us). Some of these third parties are located in the China, Singapore, Hong Kong and the US.

III. Definition of Children (Minimum Age to Register with DingTalk)

Children in Australia refer to minors under the age of 15.

IV.  Access

You may seek access to personal information which we hold about you by contacting us as described in this Privacy Policy.  We will provide access to that information in accordance with the Privacy Act, subject to certain exemptions which may apply. 

V. Questions, Comments or Complaints

If you have any questions, comments or complaints about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy (including Australian Addendum) or the Privacy Act, please contact us using the details contained in this Privacy Policy. 

We will take any privacy complaint seriously and any complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.  We request that you cooperate with us during this process and provide us with any relevant information that we may need. We will handle your request following our privacy policy, including this addendum, and applicable local laws.

If you are not satisfied with the outcome of our assessment of your complaint, you may wish to contact the Office of the Australian Information Commissioner.

The end