WeCom

Privacy Policy

Last Updated: 5 June , 2020

Thank you for using WeCom! We respect your concerns about privacy and appreciate your trust and confidence in us.

Here is a summary of the information contained in this privacy policy. This summary is to help you navigate the privacy policy and it is not a substitute for reading everything! You can use the hyperlinks below to jump directly to particular sections.

For users located inside the PRC, this privacy policy does not apply to you. Please see the privacy policy located at https://work.weixin.qq.com/nl/privacy.

What information do we need to provide the Services?

If you register an account to use the Service then we will need some information from you to set this up. If you choose to set up your profile using a social media account, such as WeChat, we also collect the following information, including name, profile photo, mobile phone number, gender and WeChat contacts from that social media account outline when you connect. If you choose, you can provide certain other optional information to set up your account and/or enable certain Service features. If you need to get in touch with us then we will also retain some information so that we can get back in touch with you and address any concerns. More Information.

What information do we process as a data controller or data processor?

We are the data controller for personal information processed in WeCom, except with regard to Company-controlled Data (as defined below), i.e. personal data in information or documents submitted or produced by users of the Service. We automatically collect certain data from you when you use one of our interrelated functions, such as WeChat or Tencent Maps (e.g. you will be able to add your WeChat contacts to the Service, view each other’s profiles and send messages in the messaging function, share your location within the messaging function or access Mini Programs available on WeChat to the extent you have an existing WeChat account). More Information.

How will we use your information?

We use your information to provide the many functions and services that comprise the Service. We also use your information for account verification, security purposes, and to support and improve the Service. More Information.

Who do we share your information with?

We do not share your information with any third parties, except where we need to in order to provide the Service (e.g., use local cloud providers or to back up your data; using our affiliates around the world to help us to deliver the Service), or we are instructed to by a court, authority or compelled by law. More Information.

Where do we process your information?

Our servers are located in Singapore. Our support, engineering and other teams are located in our offices around the world (including the People’s Republic of China (for the purpose of this privacy policy, this term excludes Taiwan, Hong Kong and Macau) and the United States) and will have access to your information. More Information.

How long do we keep hold of your information?

We generally retain your information we process as a data controller until we receive a data deletion request from you, after which time your data is deleted (as further described in this privacy policy), unless otherwise required by applicable laws. For Company-controlled Data, this information is kept for the duration set out in the Company User’s data retention policy. More Information.

How can I exercise my rights over my information?

Depending on where you are, you may have certain rights with respect to your information, such as rights of access, to receive a copy of your data, or to delete your data or restrict or object to our processing of your data. To exercise your rights in relation to Company-controlled Data, you can use our deletion, access and download tools or contact the relevant Company User that is the data controller of the Company-controlled Data. To exercise your rights in relation to WeCom-controlled Data, please refer to the information set out below. More Information.

How to get in touch with us

If you have any questions about anything in this policy, or want to exercise any rights you may have, please contact us here.

How will we notify you of changes?

If there are any significant changes to this privacy policy, we will update the privacy policy here. More Information.

Contact Information

Data Controllers:

Users located outside the European Economic Area, Switzerland and the United Kingdom: Tencent International Service Pte. Ltd.

Users located in the European Economic Area, Switzerland and the United Kingdom: Tencent International Service Europe B.V.

Email: WeCom_DP@tencent.com

Please note that for Company-controlled Data (as defined below) we are not the data controller of such information – in such case the data controller is the Company User.

Thailand Representative: Tencent (Thailand) Limited

Turkey Representative: Özdağıstanli Ekici Avukatlık Ortaklığı

Korea Representative: Tencent Korea Yuhan Hoesa

Welcome to WeCom!

This privacy policy explains the when, how and why when it comes to processing of your personal information in connection with WeCom (the “Service”), and sets out your choices and rights in relation to that information. Please read it carefully – it is important for you to understand how we collect and use your information, and how you can control it.

Please note that this privacy policy may describe features and functions of the Service which are not be available in your particular jurisdiction.

If you do not agree to the processing of your personal information in the way this privacy policy describes, please do not provide your information when requested and stop using the Service. By using the Service you are acknowledging our rules regarding your personal information as described in this privacy policy.

Data controller activities

In this Privacy Policy, "we", "our", or "us" refers to:

·       if you are a user located in the European Economic Area, Switzerland or the United Kingdom: Tencent International Service Europe B.V., a Dutch company, located at Gustav Mahlerplein 2, 1082 MA, Amsterdam, the Netherlands; and

·       if you are a user located outside of the European Economic Area, Switzerland, the United Kingdom or the People’s Republic of China (excluding Taiwan, Hong Kong, and Macau): Tencent International Service Pte. Ltd., a Singaporean company located at 10 Anson Road, #21-07 International Plaza, Singapore 079903.

Our representative in Thailand for the purpose of local data protection laws is Tencent (Thailand) Limited. Our representative can be contacted at WeCom_DP@tencent.com.

Our representative in Turkey for the purpose of local data protection laws is Özdağıstanli Ekici Avukatlık Ortaklığı. Our representative can be contacted at WeCom_DP@tencent.com.

Our representative in Korea for the purpose of local data protection laws is Tencent Korea Yuhan Hoesa. Our representative can be contacted at WeCom_DP@tencent.com.

Please reach out to us if you have any questions or concerns regarding the processing of your personal information: you can contact us anytime at WeCom_DP@tencent.com.

Please note that this privacy policy describes how we process the personal information you provide to set up your account and use the Service. We are the data controller for such personal information except with regard to Company-controlled Data (as defined below).

Your respective employer will be the data controller of Company-controlled Data if you use the Service in the course of your employment (as defined below) which includes personal information such as approval records data if this function is used by your employer as part of the Service. If you join another Company User’s virtual workspace they will be the controller of any data submitted or generated as part of that workspace. In each case, we will be the data processor in relation to Company-controlled Data (as defined below).

To the extent your respective Company User processes certain Company-controlled Data of you in connection with the Service, we are the data processor and act on the Company User’s instructions with respect to such Company-controlled Data. We describe this further below. Please also see our Data Processing Agreement located here for further information.

Relevant Definitions

“Client User” means the individual or organization registering, logging in to and using the Service and obtaining the administrative permission to operate a client account, including but not limited to legal persons, government agencies, other organizations, partners or sole proprietors. A Client User is invited by a Company User (as defined below) to join certain functions such as group chats, filling out electronic forms and votes, of the Company User’s workspace (the “Client Function”) and may be able to concurrently use the Service with other Client Users and Individual Users.

“Company User” means the individual or organization registering, logging in to and using the Service and obtaining the administrative permission to operate a company account, including but not limited to legal persons, government agencies, other organizations, partners or sole proprietors. A Company User creates its own work platform, which means a virtual workspace that is created and managed by the Company User and may be available for many people to concurrently use the Service, through the Service, inviting and authorizing an individual user to join in such work platform to become its end user.

“Company-controlled Data” means information that may be submitted, created or generated by the Company User or you during the use of the following functions of the Service and which we process on the Company User’s behalf as a processor:

• Workspace Documents and Files
• Meetings
• Approval Records
• External Contacts
• Live Broadcast
• Client Function
• Backend Management Statistics for Company User

Company Forum “Individual User” means the individual user who is invited by the Company User to join in the company platform and registers to use the Service, hereinafter referred to as "You" or "End User". When the Company User invites you to access its work platform as an End User, you will receive an invitation and may choose whether to join in this Company User or not.

“WeCom-controlled Data” means information that we hold about you as a data controller, such as account registration information (listed below) and information about you generated as part of the Service.  

The Types of Personal Information We Process

This section describes the different types of personal information we collect from you and how we collect and process it. If you would like to know more about specific types of data and how we use that data, please see the section entitled “How we use your personal information“ below.

The following is a high level summary of the types of personal information we process as a controller:

1. Information you provide to us (either directly, through a third party or through a Company User). 

• Account registration information: You give us information about you when you register for the Service and create a user identity (“User ID”) or use your WeChat ID (“WeChat ID”): this means that if you register by mobile phone number, we process your mobile phone number, email address, gender, display name and profile photo, and if you register via WeChat, we process your WeChat account, your display name, profile photo, mobile phone number, gender and WeChat contacts. You also provide us with your country or primary location and language selection during the registration process and details about your company. You may also choose to provide us with a list of WeChat contacts or your external mobile contacts (phone number and / or email) from your device when inviting them to use the Service; and
• Information from third parties: Relevant information shared with or provided to us by any third party with your consent or authorization. For example, when you or your Company User uses products or services of Mini Program operators through WeCom or other services via which you choose to use WeChat Login for third-party apps, (to the extent you have an existing WeChat account on your device) the third-party service provider may use our API or SDK to notify us of what third-party products or services you have used. Certain device information will also be shared with your handset manufacturer by way of third party SDKs for the purposes of facilitating the sending of push notifications. During use, the third-party service provider may collect, use and store your data or information. Before you determine whether to use such services, please acquire a full understanding of the personal information and privacy protection strategies from the third-party service provider or contact your Company User for more information.

This Privacy Policy only applies to any information collected by us, and does not apply to any services offered by or information practices of any third parties. If you choose to use third party services or features that are made available within WeChat (for example, you choose to use a Mini Program), then we will share certain information with that third party to allow you to use that third party service. The information we share with such a third party is described to you at the time you first use that service or feature, and we require that the third party will provide the same or equal protection of user data as stated in this policy. You can control which third parties have access to this information in your account and you can withdraw your agreement to the sharing of that information at any time. Please note however that if you ask us not to share that information with the third party, you may no longer be able to use that service or feature. We are not responsible for any third party use of any Information provided by you to them.

• Customer support information: relevant information that you voluntarily provide to us through our customer service representative or when participating in our services. For example, your company information, details of ticket and error, software version where the problem occurred, the terminal where the problem occurred (iOS, Android, etc.), screenshot of the problem, a questionnaire completed by you when you participate in our online activity may contain your contact information (e.g. name, email address, phone number and other contact information) to facilitate customer service following up on unresolved queries, and other information described in your service requests.
• Identity Verification: if you (Company User or Individual User) choose to add an external contact to your existing organisation, you will need to verify your identity by providing your identity information and your ID card evidencing your name (photos of the front and back and its information and only collected if permitted under applicable local law) as part of the Identity Verification function of the Service and we will manually check such information to verify your name. This function is optional for Individual Users who choose not to add external contacts.

2. Information about you generated as part of the Service

We automatically collect certain data from you when you use the Service, namely:

·       company identity and name of user that is provided to us through our customer service representative or when participating in our Services;

·       device information: according to the device model and permission granted during your installation and use of the Service, we will collect and use your device ID, device model and operating system, WeCom software version number and device accelerator (such as gravity sensor device);

·       GPS location including geographical location data and Wi-Fi access point;

·       log information about your use of the Service (including manner, type and status of the network accessed, network quality data, operation log and service log information such as the website information you view at WeCom and service fault information);

·       service usage information and backend management statistics, such as how often you use the Service, the date and time of log into the Service, service default/error information, overall usage data, and performance data;

·       service log information (such as operational record information generated when you use the Service, including device fault log, software operation information and in case of failure, you can also voluntarily submit log files to the administration server); and

·       if you participate in product communities and forum as part of the Services, your feedback/input into the forums, name, gender, information relating to your mobile phone system (e.g. OS, android, mac, windows) and details about the company.

We automatically collect certain data from you when you use one of our interrelated functions, such as WeChat or Tencent Maps (e.g. where you will be able to add WeChat contacts to WeCom, share your location within the messaging function or access Mini Programs available on WeChat to the extent you have an existing WeChat account). For more information about how we process the data when you use WeChat and Tencent Maps, please refer to the WeChat Privacy Policy.

3. Information we process as a data processor on behalf of a Company User 

Information may be submitted or produced by the Company User or you during the use of the Services by the Company User and you (“Company-controlled Data”) and we process it on the Company User’s behalf as a processor. Before you submit, create or generate any information as an Individual User, please ensure you have received adequate information from the Company User to inform you about what, why and how the data is going to be collected and used, and how long it will be retained:

·       your personal details, including your name, photo, gender (optional), mobile number (optional), email address (optional) and other personal information (job title (optional), department (optional), chat messages, file folder, files, saved collections, to-do list, address book (enterprise), approval records (if you use this function) and email configuration information);

·       your information when using certain functions:

o   Workspace Documents and Files: if you create, edit and share documents using the various workspace tools in the workspace, such as via WeDrive or WeDoc;

o   Meetings: if you choose to add a meeting to your calendar when accepting a meeting invite, your calendar data;

o   Approval Records: if you choose to use this function, the geographical location information and approval records that is produced / submitted by you (no timekeeping data is collected);

o   External Contacts: if you choose to use this function, the mobile contacts (phone number and / or email address) you provide (this is only available to Company Users, e.g. for the purpose of inviting employees to use the Service);

o    Live Broadcast: if you choose to use this function, your name, avatar, conference subject, audio and video data, audio and video quality data such as volume, packet loss rate and other relevant data and chat data;

o   Client Function: if you choose to use this function, your communication logs with your Client Users; and

o   Backend Management Statistics for Company User: data relating to your use of the Service, being the time and date on which you logged in;

o   Company Forum: if you choose to use this function, your communication logs between you and Individual users. The use of the Company Forum function is subject to certain restrictions regarding the acceptable use of the Service set out in the WeCom Acceptable Use Policy; and

·       details about the company (e.g., the company, invoice title, personal message, landline number, email address, position, title level, title, department, fax number, office seat and other information relating to the Company User or assigned by the Company User to you) and any other information submitted or created by the Company User or you or other users of the virtual workspace (e.g., organizational directory).

We will also process your data:

·       when you communicate with other users in the Service, including through the customer moments function (e.g. media that you share) and the chat function (e.g., log information, location information, your company’s information, the object of chat), the content of communications between you and another user or group of users, which would include your display name, email address, phone number, gender, location information (if you choose to share your location), company and object of the chat; and

·       for security purposes we collect (in addition to the categories of data listed above) device information including equipment brand and model and available space on the device.

3. The information you share

There are two types of information you can share through the Meeting function of the Service: (i) shared files (documents that can be viewed and edited before, during or after the meeting); and (ii) audio and video data including screen sharing your current screen to remote users (which is encrypted and can only be viewed in real time). We process this information on your behalf as a processor.

You instruct us to modify and adapt such shared files for technical purposes to operate the Meeting function of the Service. Please note that some of these sharing functions will not be available in every country.

You can also share information with other users who are attending the same meeting through our

chat function.

Please note that this may include your personal information, personal property information and other sensitive information. Please take care when disclosing your personal sensitive information. We do not have control over these types of information after you share these with other parties via our chat function. Therefore, you are solely responsible for the sharing of personal information, personal property information and other sensitive information via this chat function. Please take care when disclosing your personal sensitive information.

4. Client users

If you are invited to join and use certain functions of the Company User’s workspace as a Client User via the Client Function, we will process the same information as we would process on Individual Users set out above. In addition, we will process the following information about Client Users as a data processor via the Client Function:

• your user information (name, profile photo, gender, mobile number, user ID, gender and company);
• your communication logs with Individual Users and Company Users in your group chats;
• information contained in electronic forms filled out by you; and
• votes.

Cookies

We use cookies and other similar technologies (e.g. web beacons, log files, scripts and eTags) (“Cookies”) to enhance your experience using the Service. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality.

Children

Our Service is intended for business use only and is not intended for children. Children must not use the Service for any purpose.

By children, we mean users under the age of 16 years old; or in the case of users located in a country where the minimum age for processing personal data differs, the minimum age specified under law. For certain jurisdictions we have listed the minimum age in the table below.

Users located in this country and who are below the minimum age, are required to obtain parental/guardian consent prior to using the Service.

We do not knowingly collect personal information from children under these ages for any purpose. If you believe that we have personal information of a child under these ages, please contact us at WeCom_DP@tencent.com and we will delete such information.

How We Use Your Personal Information

This section provides more details on the types of personal information we collect from you, and why. For users who live in the European Economic Area, United Kingdom or Thailand (a “Relevant Jurisdiction”), it also identifies the legal basis under which we process your data.

We process certain personal information as a data controller, as set out below. Company-controlled Data is processed by us on the Company User’s and your behalf, as set out below.

1.     Information we process as a data controller

2.     Information we process as a data processor

3.     Information processed in interrelated functions 

If you choose to use the following functions, your personal information will be processed for the purposes and legal bases specified in the privacy policy for that service.

How We Store and Share Your Personal Information                            

The Tencent group operates around the world. Pursuant to our contract with you to provide you with the Service, your personal information will be processed on servers that may not be located where you live. In addition, our support, engineering and other teams are located in our offices around the world (including the People’s Republic of China (for the purpose of this privacy policy, this term excludes Taiwan, Hong Kong and Macau) and the United States) and will have access to your information. No matter where our servers are located, we take appropriate measures to safeguard your rights in accordance with this privacy policy.

Our server for the Service is located in Singapore.

If you choose to use the following functions, your personal information will be stored by the relevant service provider in the locations specified in the privacy policy for that service.

Only where necessary will we share your personal information with third parties. Situations where this occur are:

• Third parties that provide services in support of the Service, including providers of cloud services that process information identified in this policy on their servers for the purpose of providing the Service, for the purpose of processing support ticket ID and support communication, communication service providers who may send SMSs on our behalf, Mini Program operators and other services via which you choose to use WeChat Login for third-party apps, if you elect to follow or use the relevant Mini Program/ WeChat Login for third-parties (to the extent you have an existing WeChat account on your device). All companies providing services for us are prohibited from retaining, using, or disclosing your personal information for any purpose other than providing us with their services.
• Companies within the Tencent corporate group who process your personal information in order to operate the Service and provide interrelated functions such as WeChat or Tencent Maps. All related group companies may only use your personal information in accordance with this privacy policy.

• Regulators, judicial authorities and law enforcement agencies, and other third parties for safety, security, or compliance with the law. There are circumstances in which we are legally required to disclose information about you to authorities, such as to comply with a legal obligation or processes, enforce our terms, address issues relating to security or fraud, or protect our users. These disclosures may be made with or without your consent, and with or without notice, in compliance with the terms of valid legal process such as a subpoena, court order, or search warrant. We are usually prohibited from notifying you of any such disclosures by the terms of the legal process. We may seek your consent to disclose information in response to a governmental entity’s request when that governmental entity has not provided the required subpoena, court order, or search warrant. We may also disclose your information to::
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
• A third party that acquires all or substantially all of us or our business. We may also disclose your information to the third parties if we either: (a) sell, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire or form a joint venture with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or (b) sell or transfer any of our assets, in which case the information we hold about you may be sold as part of those assets and may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer.

The Security of Your Personal Information

We are committed to maintaining the privacy and integrity of your personal information no matter where it is stored. We have information security and access policies that limit access to our systems and technology, and we protect data through the use of technological protection measures such as encryption.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will implement and maintain reasonable measures to protect your personal information, we cannot guarantee the security of the information transmitted to our services; therefore we do not assume any responsibility for any transmission of your information which you do at your own risk.

Data Retention

We do not keep your data for longer than is necessary unless we are required to do so under law. For further details on how long we keep your data, please refer to the time periods set out below.

1.     Information we process as a data controller           

*Please see the section above titled “How We Use Your Personal Information” for a full description of each category of data.

2.     Information we process as a data processor

For Company-controlled Data, where we process information as a processor on behalf of a Company User, this information is kept for the lifetime of a Company User’s use of the Service and 360 days thereafter (i.e. for 360 days after account deletion in accordance with the Company User’s request). Such data may also be manually deleted on our backend upon request by a Company User.
This includes the following: personal information contained in Workspace Documents and Files, Approval Records data, External Contacts data, Live Broadcast data, Backend Management Statistics for Company User data, Company Forum data, Client User data, Meetings data, calendar data, Customer Moments data, data generated with the Client Function, company information provided by you and information provided by the Company User.

For Chat data (one of the categories of Company-controlled Data), this will be deleted immediately upon the deletion of the Company User or Individual User’s account.

If we are required to retain your information beyond the retention periods set out above, for example to comply with applicable laws, we will store it separately from other types of personal information.

3.     Information processed in interrelated functions

If you use the following functions, your personal information will be stored by the relevant service provider for the duration specified in the privacy policy for that service.

Your Rights

Some jurisdictions’ laws grant specific rights to users of the Service, which are set out in this section.

This section entitled “Your Rights” applies to users that are located in Brazil, the European Economic Area, Thailand, the United Kingdom and Switzerland (“Relevant Location”). If you are located in a territory outside a Relevant Location, please refer to the Supplemental Jurisdiction-Specific Terms for an overview of your rights and how these can be exercised.

The sub-sections entitled “Access”, “Correction”, and “Erasure” also apply to users that are located in Russia.

You have certain rights in relation to the personal information we hold about you. Some of these only apply in certain circumstances (as set out in more detail below). Where we act as a data controller for your personal information, to exercise any of your rights, please contact us at WeCom_DP@tencent.com. Where we act as a data processor, you should contact the Company User to exercise any of your rights.

Access

You have the right to access personal information we hold about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us at WeCom_DP@tencent.com.

Portability

You have the right to receive a copy of certain personal information we process about you. This comprises any personal information we process on the basis of our contract with you (e.g., account name), as described above in the section “How We Use Your Personal Information”. You have the right to receive this information in a structured, commonly used and machine-readable format. You also have the right to request that we transfer that personal information to another party, with certain exceptions. We will provide further information to you about this if you make such a request.

If you wish for us to transfer such personal information to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible. Please note that we may not be able to provide you with personal information if providing it would interfere with another’s rights (for example, where providing the personal information we hold about you would reveal information about another person or our trade secrets or intellectual property).

Correction

You have the right to correct any of your personal information we hold that is inaccurate. You can access the personal information we hold about you by logging into your Service account. If you believe we hold any other personal information about you and that information is inaccurate, please contact us at WeCom_DP@tencent.com. 

Erasure

You can delete your account, or remove certain personal information, by logging into your Service account. If there is any other personal information you believe we process that you would like us to erase, please contact us at WeCom_DP@tencent.com.

We may need to retain personal information if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case. Where you have requested that we erase personal information that has been made available publicly on the Service and there are grounds for erasure, we will use reasonable steps to try to tell others that are displaying the personal information or providing links to the personal information to erase it too.

Restriction of Processing to Storage Only

You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or for another’s protection). As above, where we agree to stop processing the personal information, we will try to tell any third party to whom we have disclosed the relevant personal information so that they can stop processing it too.

Objection

You have the right to object to our processing of your personal information. We will consider your request in other circumstances as detailed below by contacting us at WeCom_DP@tencent.com.

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at WeCom_DP@tencent.com. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service.

Announcements

We may from time to time send you announcements when we consider it necessary to do so (for example, when we temporarily suspend access to the Service for maintenance, or security, privacy or administrative-related communications). You may not opt-out of these service-related announcements, which are not promotional in nature.

Contact & Complaints

Questions, comments and requests regarding this policy are welcomed and should be addressed to WeCom_DP@tencent.com.

In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at WeCom_DP@tencent.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection authority in the country in which you live or work where you think we have infringed data protection laws.

Changes

If we make any changes to this privacy policy, we will post the updated policy here. Please check this page frequently to see if there are any updates or changes to this privacy policy.

SUPPLEMENTAL TERMS – JURISDICTION-SPECIFIC

Some jurisdictions’ laws contain additional terms for users of the Service, which are set out in this section.

If you are a user located in one of the jurisdictions below, the terms set out below under the name of your jurisdiction apply to you in addition to the terms set out in our privacy policy above.

Australia

This section applies to users located in Australia:

Overseas Recipients

We take reasonable steps to ensure that third party recipients of your personal information located outside Australia handle your personal information in a manner that is consistent with Australian privacy laws. However, you acknowledge that we do not control, or accept liability for, the acts and omissions of these third party recipients.

Access

You have the right to access personal information we hold about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us at WeCom_DP@tencent.com.

Correction

You have the right to correct any of your personal information we hold that is inaccurate. You can access the personal information we hold about you by logging into your Service account. If you believe we hold any other personal information about you and that information is inaccurate, please contact us at WeCom_DP@tencent.com.

Children

If you are under the age of 18, you undertake that you have the consent of your parent or legal guardian to register an account on and use the Service.

Your rights

If you are dissatisfied with our response to your request for access to, or correction of, your personal information or your privacy complaint in respect of your personal information, you may contact the Office of the Australian Information Commissioner (Telephone +61 1300 363 992 or email enquiries@oaic.gov.au).

Data transfers

While we take reasonable steps to ensure that third party recipients of your personal information comply with privacy laws that are similar to those of your jurisdiction, you acknowledge and agree that we cannot control the actions of third party recipients and so cannot guarantee that they will comply with those privacy laws.

Bangladesh

Agreement

By accepting this privacy policy, you expressly state that you authorize us to collect, use, store, and process your personal data, including, disclosing to third parties, to the extent provided by this privacy policy. By clicking “accept”, you consent to the cross-border transfer of your information to any country where we have databases or affiliates and, in particular, the People’s Republic of China (for the purpose of this privacy policy, this term excludes Taiwan, the Hong Kong SAR and the Macau SAR).

Age Restriction

In order to use the Service, you represent that you are at least 18 years old and, therefore, legally capable of entering into binding contracts.

California

This section applies to California residents covered by the California Consumer Privacy Act of 2018 (“CCPA”).

Collection and Disclosure of Personal Information

Over the past 12 months, we have collected and disclosed the following categories of personal information from or about you or your device. This information is collected directly from you and your device and from social media platforms if you choose to sign up using a social media account.

• Identifiers, such as your name as it appears on your social media profile, device ID, phone number and email address.
• Internet or other electronic network activity information, such as your information regarding your use of the Service, including the account, time and duration of the communications made while using the Service; Device Information; Communication Log; and Service usage data, all as described in the main privacy policy.
• Geolocation data such as your region location when you set up your profile and choose to provide this information for the Service.
• Audio and visual information such as your social media profile picture.
• Other information described in subdivision (e) of Section 1798.80, including information about your gender, or age. This information is collected directly from you in the context of being our consumer.

Purposes

We collect your personal information for the following purposes:

• To provide you with the Service, including maintaining your account, providing customer service, and facilitating the posting of your communications with other users.
• To improve our services, including the functionality of the Service.
• For security and verification purposes, including to prevent and detect fraudulent activity.
• To address and remediate technical issues and bugs.

For additional information about what each type of personal information is used for, see this chart in the main portion of the privacy policy.

We disclose personal information to the following types of entities:

• Other companies within the group who process your personal information in order to operate the Service
• Other companies that provide services on our behalf in support of the Service and who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing their services to us
• Regulators, judicial authorities, and law enforcement agencies, and other third parties for safety, security or compliance with law
• Entities that acquire all or substantially all of our business

In the past 12 months, we have not sold personal information of California residents within the meaning of “sold” in the CCPA.

Rights under the CCPA

If you are a California resident, you have the right to:

• Request we disclose to you free of charge the following information covering the 12 months preceding your request:
• the categories of personal information about you that we collected;
• the categories of sources from which the personal information was collected;
• the purpose for collecting personal information about you;
• the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
• the specific pieces of personal information we collected about you;
• Request we delete personal information we collected from you, unless CCPA recognizes an exception; and
• Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or denying goods or services to you when you exercise your rights under the CCPA.  

We aim to fulfil all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.

How to Exercise Your Rights

First, you may wish to log into your account and manage your data from there. If you are a California resident to whom the CCPA applies, you may exercise your rights, if any, regarding other data by contacting us at WeCom_DP@tencent.com.

Canada

By clicking “accept”, you consent to the cross-border transfer of your information to any country

where we have databases or affiliates and, in particular, the People’s Republic of China (for the

purpose of this Privacy Policy, this term excludes Taiwan, Hong Kong SAR and Macau SAR).

Our designated data protection officer can be contacted at WeCom_DP@tencent.com.

Your Rights

Consent Revocation

You may revoke consent that you have previously given for the collection, use and disclosure of

your personal information, subject to contractual or legal limitations. To revoke such consent, you

may terminate your account within the Service or you can contact WeCom_DP@tencent.com. This may affect our provision of the Service to you.

Access

You have the right to access personal information we hold about you, to be provided with an

account of how we use it, and to whom we disclose it. You can access the personal information

you have made available as part of your account by logging into your account or making a request

in writing to WeCom_DP@tencent.com. We may require further information to verify your identity, which information will only be used for that purpose.

Correction

You have the right to correct any of your personal information we hold that is inaccurate. You can

access the personal information we hold about you by logging into your account. If you believe we

hold any other personal information about you and that information is inaccurate, please contact

us at WeCom_DP@tencent.com.

France

Your Rights

Instructions for the processing of your personal data after your death

You have the right to provide us with general or specific instructions for the retention, deletion,

and communication of your personal data after your death.

The specific instructions are only valid for the processing activities mentioned therein and the

processing of these instructions is subject to your specific consent.

You may amend or revoke your instructions at any time.

You may designate a person responsible for the implementation of your instructions. This person

will be informed of your instructions, in the event of your death, and be entitled to request their

implementation from us. In the absence of designation or, unless otherwise provided for, in the

event of the death of the designated person, the heirs will have the right to be informed of your

instructions and to request their implementation from us.

When you wish to make such instructions, please contact us at WeCom_DP@tencent.com.

Hong Kong SAR

If you choose not to provide your personal information, you may not be able to use the Service properly. For example: If you do not provide your mobile phone number, we will not be able to connect with your WeChat contacts when using the Service.

As a Hong Kong SAR data subject you have legal rights in relation to the personal information we hold about you (to the extent permitted under applicable laws and regulations).

You are entitled to make a subject access request (to receive a copy of the data we process about you). You can also exercise your right to data correction as well as your right to stop to the use of your personal data for direct marketing purposes. A fee may be chargeable by us for complying with a data access request.

India

Sensitive Personal Information

“Sensitive Personal Information” means passwords, financial information (such as bank account or credit card or debit card or other payment instrument details), biometric data, data relating to physical or mental health, sex life or sexual orientation, and/ or medical records or history, and similar information, but does not include information available in the public domain, or provided under Indian laws, including the Right to Information Act, 2005.

Sharing Of Your Sensitive Personal Information

Where we permit any third parties to collect and use your Sensitive Personal Information, we shall (i) ensure that such third parties maintain the same security standards that are adhered to by us for the protection of your Sensitive Personal Information and (ii) take reasonable measures to ensure that the third parties do not further disclose the Sensitive Personal Information.

Age Restrictions

Children under the age of 18 are not allowed to execute online contracts with us or sign up for our services. Parental consent is required for children under the age of 18 years who wish to use our services. Where the users are children, their parents understand and acknowledge that our collection, storage and processing of personal information shared with us shall be used for the lawful purposes set out in this privacy policy and is considered necessary for us to provide the digital services.

Withdrawal Of Consent

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at WeCom_DP@tencent.com. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service.

You do not have the right to retrospectively retract consent or request for deletion of records required for statutory purposes but can withdraw consent to any further processing of your or your children’s personal information.

Your Rights

You have the right to access, correct and update your information. To do so, you may contact us at WeCom_DP@tencent.com.

Additional Security Measures of Your Personal Information

In accordance with applicable data privacy laws and regulations in India, we shall take appropriate, reasonable technical and organisational measures to prevent the loss of, damage to or unauthorised access to or processing of your personal information.

Indonesia

Consent

By accepting and consenting to this privacy policy, you agree that we may collect, use and share your personal information in accordance with this Privacy Policy, as revised from time to time. If you do not agree to this Privacy Policy, you must not access or use our services and we have the right not to provide you with access to our services.

Accuracy of Information

You are responsible for ensuring that any personal information which you provide to us is accurate and up-to-date. In order to confirm the accuracy of the information, we may also verify the information you provided to us, at any time. You hereby represent that you have already secured all necessary consent before providing us with any other person’s personal information (for example, for referral promotions), in which case we will always assume that you have already obtained prior consent, and as such, you will be responsible for any claim whatsoever from any party as a result of the absence of such consent.

Parental and Guardian Consent

If you are under the age of 21, you undertake that you have the consent of your parent or legal guardian to register an account on and use the Service.

Data Subject Rights

You have the right to access, update, correct and request erasure of personal information stored on our Service from time to time in accordance with applicable data privacy laws and regulations in Indonesia.

Data Breach

In the event we fail to maintain the confidentiality of your personal information, we will notify you through the contact information provided by you or via the Service, to the extent required by local laws and regulations, at the latest 14 days from when we acknowledge the confidentiality breach.

Data Retention

Notwithstanding the provision on the erasure of personal information, to the extent required by local law and regulation, we will retain your personal information, for a maximum of 5 years.

Notification to Amendment of this Privacy Policy

In the event we amend this policy, we will notify you regarding the effective date of the changes at the latest 14 (fourteen) days prior to the effective date, through (i) a notice to be posted on the landing page of our website, pop-up notification, or the splash screen of our Service or (ii) the contact information you provided to us. If you fail to explicitly express your objection to the amended policy within the above advance notification period, you will be considered as accepting the changes, therefore you will be considered to have agreed to the new policy. However, you may stop using or accessing our Service at any time, if you cease to agree with the amended policy.

Data Accuracy and Third Party Consent

You are responsible for making sure that any personal details which you provide to us are accurate and current. In order to confirm the accuracy of the information, we may also verify the information provided to us, at any time. You hereby represent that you have secured all necessary consent(s) before providing us with any other person’s personal information (for example, when you are accessing this Service as a Company User or for referral promotions), in which case we will always assume that you have already obtained prior consent, and as such, you will be responsible for any claims whatsoever from any party arising as a result of the absence of such consent(s).

Japan

Consent

By clicking “accept”, you consent to the cross-border transfer of your information to any country where we have databases or affiliates and, in particular, to the People’s Republic of China (for the purpose of this Privacy Policy, this term excludes Taiwan, the Hong Kong SAR and the Macau SAR).

Your Rights

You may request that we notify you about the purposes of use of, the disclosure of, any correction to, the discontinuation of the use of or provision of, and/or to delete any and all of your personal information which is stored by us, to the extent provided for by the Act on the Protection of Personal Information of Japan. If you wish to make such a request, please contact us at WeCom_DP@tencent.com.

Macau SAR

You have the right not to provide your personal information. If you do so, however, we may not be able to provide the Service. As a Macau SAR data subject you have legal rights in relation to the personal data we hold about you (to the extent permitted under applicable laws and regulations). You are entitled to make a subject access request to request a copy of the data we process about you, to make a data correction request, and have the right to oppose the use of your personal data for marketing or any other form of commercial prospecting, or on any grounds of personal nature. A fee may be chargeable by us for complying with a data access request.

Malaysia

Language of this Privacy Policy

In the event of any discrepancy or inconsistency between the English version and Malay version, the English version shall prevail.

Parental and Guardian Consent

If you are under the age of 18, please do not use the Service.

In the event you are agreeing to this privacy policy in order for a minor to access and use the Service, you hereby consent to the provision of personal information of the minor to be processed in accordance with this privacy policy and you personally accept and agree to be bound by the terms in this privacy policy. Further, you hereby agree to take responsibility for the actions of such minor, and that minor’s compliance with this privacy policy.

How We Store and Share Your Personal Information

In relation to users in Malaysia, our servers are located in the People’s Republic of China (for the purpose of this Privacy Policy, this term excludes Taiwan, the Hong Kong SAR and the Macau SAR) and Singapore and you consent to the transfer of your data outside of your country.

Rights of Data Subjects

Right of access: You have the right to request access to and obtain a copy of the personal information that we have collected and is being processed by or on behalf of us. We reserve the right to impose a fee for providing access to your personal information in the amounts permitted by law.

When handling a data access request, we are permitted to request certain information in order to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data access request.

Right of correction: You may request for the correction of your personal information. When handling a data correction request, we are permitted to request certain information in order to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data correction request.

Right to limit processing of your personal information: You may request limiting the processing of your personal information by using the contact details provided above. However this may affect our provision of the Service to you.

Contact

To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

Our data protection officer, responsible for the management and safety of your personal information:

• Telephone: +603-22872388
• Email: WeCom_DP@tencent.com.

Philippines

Minimum Age

You are at least 18 years of age to be able to use the Service.

Changes

We will not implement any material changes to the way we process your personal information, as described in the privacy policy, unless we have notified you and have obtained your consent to such material changes.

Your Rights

You are also entitled to the following rights:

• Right to object. You shall have the right to object to the processing of your personal information. When you object or withhold consent, we shall no longer process your personal data, unless the personal data is needed pursuant to a subpoena; the collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you have bound yourself; or your personal information is being collected and processed as a result of a legal obligation.
• Right to access. You have the right to reasonable access to, upon demand, the following:

• contents of your personal information that were processed;
• sources from which your personal information were obtained;
• names and addresses of recipients of your personal information;
• manner by which such data were processed;
• reasons for the disclosure of the personal data to recipients, if any;
• information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
• date when his or her personal information concerning the data subject were last accessed and modified; and
• the designation, name or identity, and address of the personal information controller.

• Right to rectification. You have the right to dispute the inaccuracy or error in the personal information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information has been corrected, we shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof. Provided, that recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.
• Right to erasure or blocking. You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system.

This right may be exercised upon your discovery and substantial proof of any of the following:

• your personal data is incomplete, outdated, false, or unlawfully obtained;
• your personal data is being used for purpose not authorized by you;
• your personal data is no longer necessary for the purposes for which they were collected;
• you withdraw consent or object to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
• your personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
• the processing is unlawful;
• we violated your rights.

Consent

By checking the appropriate boxes, you consent to us:

·       collecting and processing your personal information consisting of your nickname, social media information, gender, region location, real-time location, friends list, generated open ID; game play statistics, device ID and information, advertising ID, chat data, transaction records and payments on Google Play or iOS App Store; customer support ticket ID and user communications with Support; security-related information, survey information, sharing event report information, push notification-related information, as further described in the Privacy Policy and for the purposes stated therein;

·       sharing your personal information with third parties, companies within the Tencent group, and a third party that acquires substantially all or substantially all of us or our business, as further described in the Privacy Policy and for the purposes stated therein; and

·       transferring or storing your personal information in destinations outside the Philippines when the processing shall need to occur outside the Philippines, such as in servers located in the People’s Republic of China (for the purpose of this Privacy Policy, this term excludes Taiwan, Hong Kong SAR and Macau SAR).

We will also obtain your consent whenever we update or alter information in the privacy policy that is material to your consent above.

Republic of Korea

How We Store and Share Your Personal Information

Provision of personal information to 3rd parties (if applicable)

We provide your personal information to third parties as described below:

Delegation of Processing

For the performance of the services detailed in this privacy policy, we delegate the processing of your personal information to the following professional service providers:

Overseas Transfer of Personal Information

We transfer Personal Information to third parties overseas as follows:

Data Destruction

Personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.

Your Rights

You may exercise rights related to the protection of personal information by requesting access to your personal information or the correction, deletion or suspension of processing of your personal information, etc. pursuant to applicable laws such as the Act on Promotion of Utilization of Information and Communications Network (the “Network Act”) and Personal Information Protection Act (“PIPA”).

You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise the right. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the Personal Information Protection Act.

Upon your request, we will take necessary measures without delay in accordance with applicable laws such as the Network Act and PIPA.

You can also withdraw your consent or demand a suspension of the personal information processing at any time.

Domestic Privacy Representative (if applicable)

Pursuant to the Article 32-5 of Network Act and Article 39-11 of the amended PIPA the information regarding the domestic agent is as follows:

Name: Tencent Korea Yuhan Hoesa

Address: 152 Teheran-ro, Gangnam-gu, Seoul, Republic of Korea

Telephone Number: +82-2-2185-0902 / E-mail: WeCom_DP@tencent.com

Contact

To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

• Data Protection Team, responsible for the management and safety of your personal information
• Contact: WeCom_DP@tencent.com
• Telephone number: +82-2-2185-0902.

Singapore

By clicking “accept”, you consent to:

• the collection, use and disclosure of your WeCom-controlled Data (as defined in the privacy policy), for the purposes set out in the section “How We Use Your Personal Information”, and which we will process as an “organisation” as defined under the Personal Data Protection Act 2012.
• the collection, use and disclosure of your Company-controlled Data (as defined in the privacy policy), for the purposes set out in the section “How We Use Your Personal Information”. Your respective employer will be the “organisation” of Company-controlled Data if you use the Service in the course of your employment. If you join another organisation’s/Company User’s virtual workspace, they will be the “organisation” of any data submitted or generated as part of that workspace. In each case, we will process the Company-controlled Data as a data intermediary, as defined under the Personal Data Protection Act 2012.

Our designated data protection officer for the purposes of compliance with the Personal Data Protection Act 2012 can be contacted at WeCom_DP@tencent.com.

Your Rights in relation to the WeCom-controlled Data

Access

You have the right to access personal information we hold about you, how we use it, and who we share it with. You can access the personal information you have made available as part of your account by logging into your account. If you believe we hold any other personal information about you, please contact us at WeCom_DP@tencent.com.

Correction

You have the right to correct any of your personal information we hold that is inaccurate. You can access the personal information we hold about you by logging into your account. If you believe we hold any other personal information about you and that information is inaccurate, please contact WeCom_DP@tencent.com.

Taiwan

We do not knowingly collect or solicit personal information from anyone under the age of 7 or knowingly allow such persons to register with WeCom. If you are under 7, please do not attempt to use or register for our Service or send any personal information about yourself to us. No one under the age of 7 may provide any personal information to us while using the Service. In the case of users located in Taiwan, persons under the age of 20 are required to obtain parental/guardian consent prior to using the Service.

In terms of the section of "How We Store and Share Your Personal Information", the description under the item of "A third party that acquires all or substantially all of us or our business." is revised as: We may also disclose your information to the third parties if we either: (a) sell, transfer, merge, consolidate or re-organise any part(s) of our business, or merge with, acquire or form a joint venture with, any other business, in which case we may disclose your data to any prospective buyer, new owner, or other third party involved in such change to our business; or (b) sell or transfer any of our assets, in which case the information we hold about you may be sold as part of those assets and may be transferred to any prospective buyer, new owner, or other third party involved in such sale or transfer, after receiving your consent to such transfer.

In terms of the section of "Your rights", you may exercise the following rights as set forth in Article 3 of the Personal Data Protection Act:  (1) access your personal information to check and review it; (2) have a copy of your personal information; (3) supplement or correct your personal information; (4) demand that we cease the collection, processing, or use of your personal information; and (5) demand that we delete your personal information. To the extent permitted by law, there may be limitations on our ability to comply with your request.

Thailand

By clicking “accept”, you acknowledge that you have read, understood, and agree to this privacy policy. If you do not agree with this privacy policy, you must not use the Service.

You may withdraw your consent to the processing of your personal information. You may request us to provide access to, make any correction to, discontinue, restrict the use or provision of, erase any and all of your personal information and/or to provide you or transfer to third party such information which is stored by us in a machine readable format as well as file a complaint to a relevant authority, to the extent provided by applicable data privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. Where you wish to make such requests, please contact us at WeCom_DP@tencent.com.

Russia

If you are using the Game Services in Russia, you consent (for the purposes of the Russian Federal Law No. 152-FZ dated 27 July 2006 “On Personal Data” (as amended) or any replacement regulations) to the processing in accordance with this privacy policy of your information. In particular, if legitimate interests, optimisation of the Service or carrying out of the contract are mentioned herein, you agree that, for the purposes of Russian law, the consent so provided can be considered an additional ground for processing (meaning that the processing is conducted with your consent). This consent also covers the processing of the Cookie Files in accordance with our Cookies policy (to the extent that those qualify as personal data under Russian law). You also consent to the cross-border transfer of your information to any country where we have databases or affiliates and, in particular the People’s Republic of China (for the purpose of this Privacy Policy, this term excludes Taiwan, Hong Kong SAR and Macau SAR). You can contact us at WeCom_DP@tencent.com. Please include the word “Russia” in the subject line of your email.

United Arab Emirates

You consent to the collection, use, disclosure, transfer, export (to the extent permitted by applicable laws) and storage of your personal information.

We may voluntarily report a cyber-security incident where it constitutes a crime under UAE law (e.g. under the UAE Cybercrime Law). The incident can be reported to the relevant authorities for the purpose of investigations. Please note that voluntary reporting of a cyber-security incident can also be made to the UAE Computer Emergency Response Team (“CERT”). CERT is a security awareness organisation that provides a process for logging incidents and advising on known cyber security threats in the UAE.

Vietnam

By accepting this privacy policy, you expressly agree and authorize us to collect, use, store, and process your personal information, including, lawfully disclosing and transferring it to third parties, as described in this privacy policy.

We maintain international standards and security practices for data protection. When your personal information is transferred within or outside your jurisdiction of residence, it will be subject to the same or higher levels of security practices and data protection by the recipient entity as adhered to by us.   

Where we permit any third parties to collect and use your personal information, we shall take reasonable measures to ensure that the third parties do not further disclose the personal information.

Your personal information, if required to be disclosed to the competent law enforcement agencies, public authorities or other judicial bodies and organisations, will be disclosed upon receipt of written request from such organizations.

Where required by the law and regulatory requirements of your jurisdiction from time to time, we may retain all or part of your personal information for a period longer than described above in this privacy policy.

You have the right to access, correct, and erase the personal information we hold about you. You also have the right to withdraw your consent to collect, store, process, use and disclose your personal information and to request us to stop processing or providing your personal information to a third party.