WeChat Work Privacy Protection Guidelines

Release Date: June 27, 2019

Effective Date: June 27, 2019

 

Thank you for using WeChat Work!

To safeguard your rights, WeChat Work Privacy Protection Guidelines (hereinafter referred to as "these Privacy Guidelines") will explain to you how WeChat Work will collect, use and store your personal information and what rights you have. Please read, understand and agree to these Privacy Guidelines and relevant supplementary documents before you use WeChat Work.

These Privacy Guidelines apply to the features and services of WeChat Work, including Instant Messaging, Company-paid Calls, Attendance, Announcement, Approvals, File Disk, External Contacts, Reports, Video Conference and Hardware Services, but do not apply to other products or services provided through the WeChat Work website or client or the products or services provided by any other third party (hereinafter referred to as "Third-party Services"). You should fully understand the product features and privacy protection guidelines of the Third-party Services before you choose to use such Third-party Services.

These Privacy Guidelines will help you understand:

1. What Types of Information We Collect

2. How We Store These Information

3. How We Protect These Information

4. How We Use These Information

5. Sharing and Provision of Information

6. How You Access and Manage Your Personal Information

7. Protection of Minors

8. Changes to These Privacy Guidelines

9. Miscellaneous

10. Contact Us

Relevant Definitions:

WeChat Work: means an office management & communication tool provided by Tencent. WeChat Work products and services include official website of WeChat Work (https://work.weixin.qq.com) and WeChat Work client available in multiple application versions such as Windows, Mac, iOS and Android.

WeChat Work Service Provider: means the legal entity which provides WeChat Work products and relevant services, including Shenzhen Tencent Computer System Co., Ltd., Guangzhou Tencent Technology Co., Ltd. and Tencent Technology (Shenzhen) Co., Ltd., hereinafter referred to as "Tencent" or "We".

Company User: means the individual or organization registering, logging in to and using the WeChat Work products and services and obtaining the admin permission, including but not limited to legal persons, government agencies, other organizations, partners or sole proprietors (hereinafter referred to as "Company User"). A Company User creates its own work platform, which means a virtual workspace that is created and managed by the Company User and may be available for many people to concurrently use WeChat Work services, through WeChat Work, inviting and authorizing an individual user to join in such work platform to become its end user.

Company User Admin: Means an individual designated by the Company User, who has the permission to operate the admin console for company users. The Company User Admin may be one or more persons.

Individual User: means the individual user who is invited by the Company User to join in the company platform and registers to use the WeChat Work, hereinafter referred to as "You" or "End User". When the Company User invites you to access its work platform as an End User, you will receive an invitation and may choose whether to join in this Company User or not.

Personal Information: means various kinds of information recorded electronically or otherwise that may identify a specific natural person or reflect the activities of a specific natural person, individually or in combination with other information.

Sensitive Personal Information: means the personal information that may endanger personal and property security and is likely to cause damages to personal reputation or physical and psychological health, or discriminatory treatment, once disclosed, illegally provided or abused, including ID card number, personal biometric information, communication records and contents, property information, whereabouts, health and physiological information, and trading information.

For more definitions, refer to Tencent Privacy Policy.

1. What Types of Information We Collect

To provide you and the Company User with services, guarantee normal running of the services, improve and optimize our services and safeguard the account security, WeChat Work will collect the information provided by you proactively or upon your authorization when you register or use the services or generated from your use of the services, by the following means:

1.1 Account registration information: when you register and log into WeChat Work for the first time, you are required to provide your mobile number or your WeChat account of which the alias and profile photo will be collected. This information is necessary for you to use WeChat Work. If you do not provide such information, you will be unable to normally use our services. If you register/log into WeChat Work through WeChat authorization, you may also choose whether to provide us with the list of friends in your WeChat account or not, and if you do not provide such information, you may be unable to use the Friend Notification feature of external contacts, but your use of other WeChat Work services will not be affected.

1.2 When you use the WeChat Work services, we will collect the following information to provide you and the Company User with the WeChat Work products and services, maintain normal running of our services, improve and optimize our service experience and safeguard your account security:

1.2.1 Device information: according to the device model and permission granted during your installation and use of the WeChat Work services, we will collect and use the device-related information of the WeChat Work services, including device model, operating system, unique device identifier, device location information (such as login IP address, GPS location, and Wi-Fi access point that is able to provide relevant information), WeChat Work software version number and device accelerator (such as gravity sensor device).

1.2.2 Log information: when you use the WeChat Work services, we will collect the log information about your use of the services, including manner, type and status of the network accessed, network quality data, operation log and service log information such as the website information you view at WeChat Work and service fault information.

1.2.3 The information you provide to us through our customer service representative or when participating in our activities. For example, the questionnaire completed by you when you participate in our online activity may contain your name, phone number, home address and other information.

1.3 To provide office management and communication services, we will collect the information and data submitted or produced during use of WeChat Work by the Company User and the End User of such Company User (hereinafter referred to as "Company-controlled Data"), which may contain:

1.3.1 Your name, photo, gender, mobile number, ID card and other personal information submitted by the Company User or provided by you as required;

1.3.2 The company, invoice title, personal message, landline number, email address, position, title level, title, department, fax number, office seat and other information relating to the Company User or assigned by the Company User to you;

1.3.3 The geographical location information and attendance records when you use the Attendance feature, approval records, document information in the File Disk, use of Company-paid Calls and Exmail account; and

1.3.4 Other data submitted by the Company User, such as organizational directory and approval process.

You understand and agree that the Company User is the controller of the Company-controlled Data, and we will process such Company-controlled Data only according to the instructions of the Company User, including operation conducted by the Company User and the Company User Admin through the admin console, as well as the agreement between us and the Company User. If you have any question or suggestion about the purpose and scope of collecting and the way to use the Company-controlled Data, please contact your Company User or Company User Admin.

1.4 When you use the External Contacts feature, we will collect the mobile contacts you provide proactively to match the external contacts. We will encrypt your contacts in an irreversible manner, and only collect the encrypted information. The aforesaid information is only for matching and will not be stored or used for any other purpose. The aforesaid information is sensitive, and refusal to provide such information will only prevent you from using the aforesaid feature, instead of affecting your normal use of other WeChat Work features.

1.5 When you use the Identity Verification feature, we will collect the identity information and the photos of front and back of the ID card you provide proactively. The aforesaid information is sensitive, and refusal to provide such information will only prevent you from using the Identity Verification and Association feature, instead of affecting your normal use of other WeChat Work features.

1.6 When you need to register yourself as a Company User, you are required to provide the information about the creator, and if you do not provide such information, you will not be able to register yourself as the Company User to use relevant services.

Before the Company User uploads and manages the personal information of its End User such as name, photo and mobile number, please make sure that he/she obtains prior express consent from the End User, only collects the end user information that is necessary for the purpose of operation and feature implementation, and informs the End User about what, why and how the data is going to be collected and used.

1.7 When you use the Attendance Recorder feature, we may collect the face image and the fingerprint characteristic value you provide proactively to carry out identity verification. The aforesaid information is sensitive, and refusal to provide such information will only prevent you from using the Attendance Recorder feature, instead of affecting your normal use of other WeChat Work features.

1.8 Information from third parties

We will collect relevant data shared with or provided to WeChat Work by any third party with your consent or authorization. For example, when you or your Company User uses third-party products or services through the WeChat Work website or client, the third-party service provider may use our API or SDK to notify us of what third-party products or services you have used.

It should be particularly noted that the third-party service provider may provide you or the Company User with products or services through the WeChat Work website or client, and the Company User in which you join may choose whether to develop or use the third-party services, what kinds of third-party services to use and when to terminate or cancel use of the third-party services. During use, the third-party service provider may collect, use and store your data or information. Before you determine whether to use such services, please acquire a full understanding of the personal information and privacy protection strategies from the third-party service provider or contact your Company User for more information.

In particular, when you use WeChat Work on mobile phones of certain brands, such as Xiaomi, Huawei, VIVO and OPPO, we will use Push SDKs to collect the unique identification information of these mobile phones, such as IMEI, and may collect your mobile phone model, system type, system version, device screen size and other parameters for the purpose of pushing our product information. For details, see the privacy policy or relevant statements of the SDK operator.

Please be aware that the products and services we provide to you are updated and developed from time to time, and if a certain product or service is not covered by the foregoing description and needs to collect your information, we will otherwise explain to you the content, scope and purpose of information collection by the means of indication in the page, interaction process and website announcement to ask for your consent.

2. How We Store These Information

2.1 Place of Information Storage

We will store within China the personal information collected and produced within China as provided for in the laws and regulations.

2.2 Period of Information Storage

In general, we will retain your personal information only for so long as is necessary to realize the purpose. With respect to part of the Company-controlled Data of which the Company User may independently set the retention period, such as chat history, files and pictures of WeChat Work, we will retain relevant information as per the setting of the Company User, but not view or use the chat history, files and pictures retained by the Company User.

In case of halt of our products or services, we will notify you of the same by the means of push notification or announcement, delete or anonymize your personal information within the reasonable period, immediately discontinue the activity of collecting your personal information and close the third-party application service interfaces to prevent third-party services from collecting and further using your personal information.

3. How We Protect These Information

3.1 We will endeavor to safeguard the information security of the user to prevent the information from loss, improper use, unauthorized access or disclosure.

3.2 We will safeguard the security of information with various security protection measures within the reasonable security level. For example, we will use encryption techniques (such as SSL/TLS), anonymization and other means to protect your personal information.

3.3 We will establish special management systems, processes and organizations to safeguard the security of the information. For example, we will strictly limit the personnel who can access the information and check their fulfillment of the confidentiality obligation.

3.4 In case of any security incident such as personal information leakage, we will start the emergency plan in accordance with the laws to prevent escalation of such incident, and inform you of the information about such security incident, the possible impact of such incident on you and the remedies we will take by the means of push notification or announcement. We will also report disposal of the security incident about the personal information as required by the laws and regulations and by the regulatory authority.

3.5 Currently, WeChat Work has met the requirements in ISO/IEC 20000, ISO/IEC 27001, ISO/IEC 27018, information security level protection system (Level III) and other international and domestic authoritative certification standards in respect of information security, and has been certified accordingly.

4. How We Use the Information

We will strictly follow the provisions in the laws and regulations and the agreements with the User, and use the information collected for the following purposes pursuant to the provisions in these Privacy Protection Guidelines.

4.1 We will collect relevant information during your use of WeChat Work services for the purpose of creating and providing better services for the WeChat Work users, including Company User and End User. We will use the information collected for:

4.1.1 Providing, maintaining and developing WeChat Work services: we will use the information collected to provide, optimize and improve the WeChat Work services, such as tracking the service interruptions or troubleshooting the problems reported by the WeChat Work users; upon your authorization and consent, we will display or recommend external contacts to you according to your WeChat contacts so that you can expand your WeChat Work contacts; we will provide you or your Company User with various data statistics and analysis features and services, such as Weekly Summary feature and Customer Service Data Statistics according to the WeChat Work log and the service use information.

4.1.2 Safeguarding the security: to safeguard your and all the WeChat Work users' security, we will use relevant information to assist in improving the security and reliability of the WeChat Work services, including detecting, preventing and responding to frauds, abuses, illegal acts, security risks and technical problems that may endanger WeChat Work, our users or the public;

4.1.3 Communicating with you: we will use the information collected, such as email address you provide, admin contact email of the Company User and phone number, to directly communicate with you. For example, if we detect suspicious activities, such as attempting to log in to your WeChat Work account from a location you don't usually use, a notification may be sent to you and we may let you know what changes or improvements will happen to WeChat Work. Or, we will give service return visit on you; and

4.1.4 Complying with relevant requirements in applicable laws and regulations, the ministry rules and the government orders.

Currently, we will not use your personal information for personalized recommendation or advertisement purpose. If we use your personal information beyond the purpose stated during collection and the scope that is directly or reasonably associated, we will notify you of the same by means of indication in the page, interaction process and website announcement and ask for your express consent before we use your personal information.

4.2 We will treat use of the Company-controlled Data in accordance with the laws subject to the decision of the Company User and relevant agreements between us and the Company User. For example, the Company User will be entitled to determine which information of the End User to display and how to display such information in WeChat Work.

4.3 In accordance with relevant laws and regulations as well as the national standards, we may collect and use, without your authorization and consent, your personal information:

(1) That is directly related to the national interests such as national security and defense security as well as significant public interests such as public security, public health and public knowledge;

(2) That is directly related to crime investigation, prosecution, trial and execution of judgment;

(3) For the purpose of maintaining your or any other individual's life, property and other significant legal interests, but it is difficult to obtain your own consent;

(4) That is made available to the social public by you on your own;

(5) From legally and publicly disclosed information, such as legal news reports, published government information and other channels;

(6) That is necessary for your request for execution and performance of the contract;

(7) Which is necessary for maintaining secure and stable running of the products or services provided, such as discovering and disposing troubles in the products or services; and

(8) In other circumstances specified in the laws and regulations.

5. Sharing and Provision of Information

We will not share with or transfer to third parties your personal information, except that:

5.1 Your express consent has been obtained: upon your prior consent, we may share your personal information with third parties;

5.2 For the purpose of external processing, we may share your personal information with our affiliates or other third-party partners including third-party service providers, contractors, agents and application developers and permit them to process such information according to our instructions, privacy policy and other relevant confidentiality and security measures and to use such information to provide you with our services so as to realize the purposes set out in the section "How We Use the Personal Information". If we share your personal information with the aforesaid affiliates or third parties, we will take encryption, anonymization and other means to safeguard the security of your personal information.

5.3 We will not publicly disclose the personal information collected, and when it is compulsory to do so, we will notify you of the purpose of this public disclosure, the type of information to be disclosed and the sensitive information that may be involved, and will ask for your express consent. It should be particularly noted that how to disclose or share the information about the End User in the work platform of the Company User in which the End User joins shall be determined and managed by the Company User.

5.4 With continuous development of our businesses, we may proceed with consolidation, procurement, asset transfer and other transactions, and we will notify you of relevant conditions and continue to or require the new controller to continue to protect your personal information in accordance with the laws and regulations and the standards that are in no event less restrictive than those required in these Privacy Guidelines.

5.5 We may disclose your personal information on the basis of the legal requirements or the law enforcement requirements from the competent authority.

6. How You Access and Manage Your Personal Information

To ensure that you can access, correct or delete your personal information in a more convenient manner during your use of WeChat Work, and meanwhile to safeguard your right to withdraw your consent or quit the company (deactivate the account), we have provided you with the corresponding operation setting in the product design and you can follow the guidelines below for operation.

6.1 Access the Personal Information

6.1.1 Access the profile photo, name, gender, nickname, personal message, company, invoice title, mobile number, landline number, email address, position, title level, title, department, fax number, seat, secretary and other information:

(1) After logging in to WeChat Work, click "Me";

(2) Click Profile Photo column;

(3)  Access Personal Information.

6.1.2Access contacts

(1) After logging in to WeChat Work, click "Contacts";

(2) Check internal contacts and external contacts of the company.

6.2 Set the Privacy Feature

6.2.1 Set whether verification is required to add me as contact

(1) After logging in to WeChat Work, click "Me";

(2) Click "Settings";

(3) Click "Privacy";

(4) Click "Verification Is Required to Add Me as Contact" to make the change.

6.2.2 Set how to allow others to find current company identity:

(1) After logging in to WeChat Work, click "Me";

(2) Click "Settings";

(3) Click "Privacy";

(4) Click "Allow Others to Find Current Company Identity" to make the change.

6.2.3 Set the information to be shown to my external contacts:

(1) After logging in to WeChat Work, click "Me";

(2) Click "Settings";

(3) Click "Privacy";

(4) Choose Whether to Show Mobile Number, Email, Title and Other Information to My External Contacts.

6.2.3 Set how to accept friend request

(1) After logging in to WeChat Work, click "Me";

(2) Click "Settings";

(3) Click "Privacy";

(4) Choose Whether to "Accept the Request Received in WeChat".

6.3 Delete the Personal Information

6.3.1 Delete all one-to-one chat histories:

(1) After logging in to WeChat Work, open the dialog and click the https://rescdn.qqmail.com/node/wework/images/201807021439.ef89d14fcb.pngicon at the top right corner;

(2) Click Clear Chat History.

6.3.2 Delete group chat history:

(1) After logging in to WeChat Work, open the dialog and click the https://rescdn.qqmail.com/node/wework/images/201807021439.ef89d14fcb.pngicon at the top right corner;

(2) Click Clear Chat History.

6.3.3 Delete part of the chat histories:

(1) After logging in to WeChat Work, open the dialog and hold the message to be deleted;

(2) Select "Delete" to delete this message.

6.3.4 Delete the profile photo, name, gender, nickname, personal message, company, invoice title, mobile number, landline number, email address, position, title level, title, department, fax number, seat, secretary and other information;

If no restriction is set by the Company User Admin:

(1) After logging in to WeChat Work, click "Me";

(2) Click Profile Photo column;

(3) Delete the information.

If the Company User Admin sets Members Are not Allowed to Modify, please contact the Company User Admin if you want to make changes anyway.

6.4 Correct the Personal Information

If no restriction is set by the Company User Admin:

(1) After logging in to WeChat Work, click "Me";

(2) Click Profile Photo column;

(3) Change the information.

If the Company User Admin sets Members Are not Allowed to Modify, please contact the corresponding Company User Admin if you want to make changes anyway.

6.5 Withdraw the Consent

Withdraw recommendation of new external contacts

(1) After logging in to WeChat Work, click "Me";

(2) Click Settings;

(3) Click Privacy;

(4) Click "Recommend New External Contacts to Me" to change the setting.

6.6 Quit Company (Deactivate the Account)

6.6.1 Quit company

(1) After logging in to WeChat Work, click "Me";

(2) Click "Settings";

(3) Click "Switch Company";

(4) Click"●●●";

(5) Click "Quit Company".

Note: When you quit your company, we will delete or anonymize the personal information about you in this company within a reasonable period. When you quit your company, you are deemed to deactivate the account, and we will stop providing you with services and delete or anonymize your personal information within a reasonable period.

7. Protection of Minors

We attach great importance to the protection of the personal information of minors. Subject to the provisions in relevant laws and regulations, if you are a minor, you shall obtain the written consent of your parent or statutory guardian before using the WeChat Work services. If you are the guardian of a minor, please contact us through the contact information in Article 10 when you have any question about the personal information of the minor under your guardianship.

8. Changes to These Privacy Guidelines

We may amend these Privacy Guidelines from time to time. In case of changes to the terms hereof, we will display the changed Guidelines to you by the means of announcement on the official website (https://work.weixin.qq.com) or push notification.

In case of significant changes to the terms hereof, we will notify you of such changes by the means of announcement on the official website (https://work.weixin.qq.com), push notification or pop-up window that is more eye-catching.

For the purpose of this article, significant changes include but are not limited to:

(1) Significant changes in our service mode, such as purpose of processing the personal information, type of the personal information processed and approach for use of the personal information;

(2) Significant changes in the ownership structure and organizational directory, such as change in the owner caused by business adjustment, bankruptcy and merger & acquisition;

(3) Changes in the main target with or to whom we share, transfer or publicly disclose the personal information;

(4) Significant changes in your right to engage in processing of the personal information and the approach for exercise thereof;

(5) Changes in the department responsible for security in processing the personal information, the contact information and the complaint channel; and

(6) High risks as shown in the personal information security impact assessment report.

9. Miscellaneous

Tencent Privacy Policy contains the general privacy terms that are generally applicable across Tencent, and the user's rights and information security safeguarding measures set out herein, including How We Use Cookies and Relevant Technologies, apply to the WeChat Work users. In case of any inconsistency or conflict between Tencent Privacy Policy and these Privacy Guidelines, the latter shall prevail.

10. Contact Us

When you have other complaints, suggestions and questions about the personal information of minors, please contact us through http://kf.qq.com/. You may also send your questions to Dataprivacy@tencent.com or mail them to:

Data and Privacy Protection Center (Attention), Legal Department, Tencent Building, Kejizhongyi Avenue, Nanshan District, Shenzhen, Guangdong Province, China

Postal Code: 518057

We will review the issues involved as soon as possible and give you the reply within fifteen days upon verification of your identity.