Privacy Policy for DingTalk
Last Updated: September 9, 2024
INTRODUCTION
This Privacy Policy contains important information as it sets out how DingTalk (Singapore) Private Limited (hereinafter referred to as “DingTalk ”, “we” or “us”) process the Personal Data of visitors and users, including employees/members of customers and other third parties (hereinafter referred to as “you”), of DingTalk products and services, including DingTalk App, DingTalk official homepage (DingTalk.com), DingTalk Open Platform (open.DingTalk.com), DingTalk App Center (appcenter.DingTalk.com), and DingTalk smart device or DingTalk features / services integrated within such smart device (hereinafter collectively referred to as “DingTalk Services”).
This Privacy Policy apply only when you are a “DingTalk User”, which means you register and use the service with a mobile phone number that has an international dialing code OTHER THAN +86 (“non-Mainland China mobile number”) or with an email account. If you register using a mobile phone number with the international dialing code +86 (“Mainland China mobile number”), then you are considered a “DingDing User” and the corresponding services you used will be deemed to be provided by DingDing. If you are considered a DingDing User, these Terms do not apply to you, you may refer to the DingDing Privacy Policy and DingDing Service Agreement for further information.
We attach great importance to the protection of your privacy and Personal Data. This privacy policy explains to you how we collect, use, save, share, transfer, or otherwise process your Personal Data when you, or in the case of business users, any individuals acting on your behalf,use DingTalk Servces.
We may from time-to-time revise or add specific instructions, policies, and terms to this Privacy Policy. Whenever we make any changes to this Privacy Policy that are important for you to know about, we will notify you by posting the amended Policy on our official website or on “Settings and Privacy-About DingTalk-Privacy” page of DingTalk, or other means.
Please note that depending on the country or region where you are from, certain specific terms of the country / region may apply to you and form an integral part of this Privacy Policy.
Please read this Privacy Policy carefully. If you have any questions about this Privacy Policy, please send an email to DT_Privacy@service.dingtalk.com or contact us through our Customer Service.
COLLECTION AND USE OF YOUR PERSONAL DATA
The types of information we collect depend on how you use DingTalk Services. DingTalk Services have optional features which, if used by you, require us to collect optional information to provide such features. You will be notified of such a collection, as appropriate. If you choose not to provide the information needed to use a feature, you will be unable to use the feature.
We collect and use your Personal Data for the following reasons / purposes / features:
· Register DingTalk.
○ Create User Account. You must provide your cell phone number or email address, and verification code, to create a user account of DingTalk Services. If you do not provide us with such information, you will not be able to create an account to use DingTalk Services.
○ Add Profile Information. You may add other optional information to your user account, such as Profile Picture, Nickname, Email Adress, Cell Phone Number, Work Experience, Education Experience, Verification, DingTalk ID, Gender, Birthday, Area.
· Add Contact.
You must provide certain Personal Data to Add Contacts. Depending on the way you choose to Add Contact, you may:
○ Add by providing cell phone number, email address or DingTalk ID of contacts;
○ Add by scanning QR Code, accessing your camera and / or photo gallery;
○ Add by provide contacts information in your on-device contact list.
· Chat.
○ Send Messages in Chats or Groups. You must provide the content of messages sent by you (including text, voice, files, geolocation, etc.) and the user's sending log (including the sending time, the sender, the receiver, etc.)
○ Audio / Video Calls, Conferences, Live Streaming. The information generated or processed by us as part of the Service are as follows: communication log (user nickname in meeting, user ID, meeting start and end time, meeting subject, meeting link), network status data (WiFi network quality). If you choose to use the Cloud Recording feature, we will store the corresponding recording files and the transcripts of the contents by Flash Minutes. The meeting host will be the owner of corresponding files, and she or he can choose to share the recording files with participants or other relevant personnel.
· Calendar.
If you use the Calendar feature, create a schedule, subscribe to schedule information, or sync the calendar on DingTalk Services to your device's local calendar, you need to provide your schedule information to us.
You may also authorize us to access your device's local calendar to display schedules from the local calendar in DingTalk Services. If you do not provide such authorization to us, we would not be able to display schedules from the local calendar in DingTalk Services, but that will not affect your ability to use other features relevant to Calendar.
If you create (or create on behalf of a specific organization/institution/enterprise) a DingTalk organization (the “Organization”) or join an Organization created by others in DingTalk Services, you will become an organization user (the “Organization User”). You understand that, the creator of the Organization, are the data controller (the “Controller”) of Personal Data processed for the Organization, and we, as data processor (the “Processor”), being entrusted by the Controller to process your Personal Data on Controller’s behalf. As for reasons / purposes / features for the Organization, we may only collect and use such Personal Data according to Controller’s designations and instructions:
· Create Organization.
○ Create Organization. To Create Organization, you must provide us with the Organization’s name, region, industry, size of the staff, and occupation of the founding member within the Organization.
○ Invite Member. You must provide certain Personal Data to invite members to the Organization. Depending on the way you choose to invite members, you may need to provide different Personal Data. If you invite members to join by copying links, sharing QR codes or team numbers, you do not need the Personal Data of the invitees. If you add members by entering cell phone number or email address, you need to enter or import the invitee's cell phone number or email address, and the invitee will receive a text message or email sent by us, and the invitee can join the Organization after agreeing.
○ Contact List Management. If you use the Contact List Management feature to set up the structure of the Organization, (e.g., dividing the Organization into departments at different levels, setting up different roles for each department, assigning departments and setting up roles for members joining the Organization), you need to provide us with identity information of relevant employees, specific fields of which may be set up by the administrator of the Organization (typical fields may include employee ID, name, cell phone number, department, occupation, employee number, whether supervisor or not, direct supervisor, User ID, email address, extension number, office location, notes, onboarding date, activation status, Organization, login name, initial password, activation date, role).
○ Organization Verification. If you want to obtain Organization Verification, you need to submit necessary materials to certify the Organization, that includes the Organization's office address, the company's certificate of incorporation, and the applicant's email address.
· Collaboration.
○ Docs. If you use the Docs feature including logs, Word, Excel, whiteboards, brain maps, and other online documentation services, you need to provide us with document contents, as well as logs of editing, modification, deleting and other operations.
○ Wikis. If you use the Wikis feature to summarize similar documents into the same Wikis for easier access and management, you need to provide us with Wikis entries’ contents, as well as logs of editing, modification, deleting and other operations.
○ Teambition. If you use the Teambition feature to create tasks and designate tasks to certain users, you need to provide us with projects, tasks under projects, and logs of editing, modification, deleting and other operations.
○ Mail. If you use the Mail feature to allow Organization to purchase and use email address with company domain name as the suffix and assign email address to the Organization’s employees, you need to provide us with email addresses and contents of incoming and outgoing emails.
○ CorpPedia. If you use the CorpPedia feature to allow Organizations to set up internal terms and explanations, enabling members to see the meaning of the terms by hitting the phrase in Chat and Group, you need to provide us with contents of CorpPedia entries.
○ Drive. If you use the Drive feature to create documents and save files received in Chat and Group, you need to provide us with contents saved to the Drive.
· Human Resource Management.
○ HRM Service. If you use the HRM Service feature to manage employees’ onboarding, transfer, resignment, etc., you need to provide us with Personal Data including employee's name, occupation, contact information, specific fields of which may be set up by the administrator of the Organization.
○ Attendance. If you use the Attendance feature including geographic location attendance, face attendance, etc., you need to provide us with certain Personal Data based on attendance method. If you take attendance by face recognition, you need to provide us with face recognition information. If you take attendance by geolocation, you need to provide us with location data. If you take attendance by WiFi information, you need to provide us with WiFi (approximate city location).
○ Performance. If you use the Performance feature to set performance goals and assess the status of completion, you need to at least provide us with OKR and performance results of relevant employees.
○ Salary. If you use the Salary feature to manage determination, adjustment and payment of salaries, you need to provide us with compensation information of relevant employees.
○ Recruitment. If you use the Recruitment feature to manage the recruit process, you need to provide us with resume information of candidates.
○ Training. If you use the Training feature, you need to at least provide us with course contents, study records and test records.
· Business Process.
○ OA Approval. If you use the OA Approval feature to manage the internal approving process, you need to provide us with contents uploaded during the approving process.
○ YIDA. If you use the YIDA feature to set up personalized approving process for the Organization, you need to provide us with contents uploaded during the approving process.
· Group.
○ General Group. If you use the Group feature to create a General Group, you must provide us with documents, multimedia, conversations, and other relevant messaging information that you upload, enter, post, transmit, and share in the collaboration function of the Group.
A General Group created by you is owned by yourself, you may add any Contact as members of the Group, the status of a Group member in any Organization will not affect her / his status as a Group member.
○ External Group. If you use the Group feature to create an External Group for external collaboration of employees of the Organization with external partners, you understand that the Organization is the controller of the following Personal Data, and we are acting on behalf of the Organization to process the following Personal Data: documents, multimedia, conversations, and other relevant messaging information that you upload, enter, post, transmit and share in collaboration function of the Group.
An External Group created for an Organization is owned by the Organization, owner of the group may add members from both inside and outside the Organization. If a Group member resign from her / his current Organization, she / he will automatically leave the Group.
○ Internal Group. If you use the Group feature to create an Internal Group used for internal communication and collaboration purposes within the Organization, you understand that the Organization is the controller of the following Personal Dataand we are acting on behalf of the Organization to process the following Personal Data: documents, multimedia, conversations, and other relevant messaging information that you upload, enter, post, transmit and share in collaboration function of the Group.
An Internal Group created for an Organization is owned by the Organization, owner of the group may only add members from inside the Organization. If a Group member resign from her / his current Organization, she / he will automatically leave the Group.
· Open Platform.
○ Organization Self-Built Application Service. Organizations may use the data interfaces and development documents provided by us to develop your own applications and use them within the Organization of DingTalk Services. Personal Data collected and used by such self-built applications is determined by the developers according to functions and features of the applications.
○ Third-Party Services from SaaS Application and Mini-program Market. Third-party vendors may also utilize our interfaces, specifications, etc., to develop third-party applications, Organizations may search, integrate and use those third-party services from the SaaS application and Mini-program market. If you use such third-party services, please pay attention to the privacy policy and other statements provided by the specific third parties.
· Other circumstances which benefit the users and us, and do not violate any applicable laws and regulations or other purposes with your consent.
Cookies. The DingTalk Services uses cookies or similar technologies, which will collect information about your use of the service, such as the application used, the site visited, and how to interact with the content provided through the service. Please check the “COOKIES AND SIMILAR TECHNOLOGIES” section for further details.
Permissions of Operation Systems. To ensure the realization of the functions and safe and stable operation of DingTalk Services, we may apply for or use the relevant permissions of the operating system. Your operation system will grant permission before DingTalk applies and uses any of the permissions, and you can manage the relevant permissions according to your actual needs. Per the upgrading of the products, the types and purposes of the application and use of permissions may change, and we will adjust the list according to these changes to ensure that you are promptly informed of the application and use of permissions. Please note that we may also use third-party SDKs, third-party services, etc., for the functionality and security needs of our business and products, and these third parties may also apply for or use related operating system permissions.
It may be that providing certain Personal Data to us is a statutory or contractual requirement, a requirement necessary to enter a contract, or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you of this separately and explain the possible consequences if you fail to provide such Personal Data to us. In all other cases, the provision of the requested Personal Data is optional, but it may affect your ability to use certain services or to participate in certain programs or systems where the information is needed for those purposes.
SHARING, TRANSFERRING AND DISCLOSING INFORMATION
Other than consented by you, we commit that we will not share or sell your Personal Data to any third party. Depending on where you are and which product you asked for, we may share your Personal Data with our affiliates so that we can respond to your request, provide DingTalk Services, or for general purposes. You can obtain the identity and contact details of our affiliates with whom we share your Personal Data by contacting us using the details set out below in the “CONTACT US” section.
We will not share, transfer, or disclose your Personal Data to any non-affiliated third parties, unless:
Legal Reasons
We will share Personal Data if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to meet any applicable law, regulation, legal process/procedure, lawsuit, or enforceable governmental request.
External Processing
To provide you with a better experience through improving the DingTalk Services or otherwise where you have consented, we may share the Personal Data with third-party service providers (in particular, site hosting, backend service provider, analytics service providers), contractors and agents, and use it consistent with this Privacy Policy.
Please note that to ensure the stable operation and functional realization of DingTalk services, we may share your Personal Data with the following third parties:
Names or the Categories of the Third Party | Shared Information | Purpose of Sharing |
Advertising analytics partners | De-identified data that does not directly identify the user, such as encrypted OAID, device model, operating system version number, operating system type, system language, IP address | To provide advertising analysis services |
Mini-program, SaaS applications (applied and used by users / business Organizations) | Subject to what the page displays for authorization (e.g., icon, nickname, phone number) | To provide and access to third-party services |
Third-party SDKs | Depends on specific SDKs | To ensure the stable operation and function realization of DingTalk Services so that users can use more services and functions |
Business Transfers
If DingTalk is involved in a reorganization, merger, acquisition, sales of assets or liquidation, we will continue to ensure the confidentiality of your Personal Data and give affected users notice Personal Data is transferred or become subject to a different Privacy Policy in advance.
Interoperability With DingDing
DingTalk is interoperable with DingDing, such that you are able to communicate with DingDing users. You may also be able to use certain features operated by DingDing, in accordance with the applicable terms. When you interact with a DingDing user (or vice versa), or use or receive notifications or invitations from any feature operated by DingDing (together “Interoperable Interaction”), we will share your information with DingDing to the extent necessary to facilitate the Interoperable Interaction. Your Interoperable Interactions will also be subject to the DingDing Privacy Policy and DingDing Service Agreement.
MANAGING, REVIEWING, OR UPDATING YOUR PERSONAL DATA
When using the DingTalk Services, you can always manage, review, and update your Personal Data via “Settings and Privacy-About DingTalk-Privacy” or connect with us via: DT_Privacy@service.dingtalk.com . In the meantime, you are responsible for the truthfulness, accuracy, legality, validity, and completeness of the information you provide, and update and maintain your Personal Data in a timely manner to ensure the truthfulness, accuracy, and validity of the Personal Data you provide.
EXPORTING, REMOVING, OR DELETING YOUR PERSONAL DATA
You can export a copy of the Personal Data you provided to us if you want to back it up or use it with a service outside of DingTalk Services via “Settings and Privacy-Personal Information Inquiry & Download” or by sending your request to DT_Privacy@service.dingtalk.com. We will help you export your Personal Data based on applicable law and your specific request. You can also remove or delete the Personal Data you provided. If there is any content you cannot remove or delete, please reach us via DT_Privacy@service.dingtalk.com. In some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes or to be protected from accidental or malicious deletion. Please understand there may be delays between when you delete something and when copies are deleted from our active and backup systems.
TERMINATION OF YOUR ACCOUNT
You can terminate your DingTalk account, and the termination approaches are as follows:
Organization User
When your Administrator determines to terminate the service of your Organization with us, we will anonymize or delete any Organization-controlled data related to you and keep your DingTalk account as an Individual User. Otherwise, should you decide to terminate your DingTalk account as an Individual User, we will anonymize or delete your Personal Data pursuant to applicable laws and regulations, or if this is not possible, then we will securely store your Personal Data and isolate it from any further processing until deletion is possible. If you are an Administrator, you can log in to the latest version of the DingTalk App via “Me-Settings-My Organization” then choose the Organization you wish to terminate and select “more-Disband Organization” to terminate the DingTalk account for your Organization.
Individual User
If you are an Individual User, you can log in to the latest version of the DingTalk App via “Me-Settings-Security Center-Account settings–Delete DingTalk Account” to terminate your personal DingTalk account. You can also log in to the DingTalk App via “Customer Service-DingTalk AID” to help you apply for account termination.
Please note that after you have terminated your DingTalk account, we will stop providing you with DingTalk Services, delete your Personal Data according to the requirements of applicable laws, or make it anonymous.
Please carefully consider the impact before you terminate your account.
COOKIES AND SIMILAR TECHNOLOGIES
We use cookies and other technologies to collect information and store your online preferences.
Cookies
A cookie is a very small text document, which often includes an anonymous unique identifier. Cookies are created when your browser loads a particular website. The website sends information to the browser, which then creates a text file. Every time the user goes back to the same website, the browser retrieves and sends this file to the website's server.
Please note that refusing cookies does not mean you will no longer receive online advertising. It does mean that the company or companies from which you opted out will no longer deliver adverts tailored to your web preferences and usage patterns, so you may see a greater number of adverts that are irrelevant to you and your preferences.
Local Storage Technology
We and some third parties may use other local storage technology types associated with DingTalk Services, such as local shared objects (also known as “Flash cookies”) and HTML5 local storage. These techniques are similar to the cookies described above because they are stored in your device and can be used to store certain information about your activities and preferences. However, the devices used by these technologies may differ from standard cookies, so you may not be able to use standard browser tools and settings to control them.
By accessing and using DingTalk Services, you agree to store cookies, other local storage technologies, beacons, and other information on your device. In addition, you also agree that we and these third parties access such cookies, local storage technology, beacons, and information. You may refer to our “Cookie Policy” for further details.
PROTECTING INFORMATION
Security Measures
The security and confidentiality of your Personal Data are very important to us. We have implemented commercially reasonable technical and organizational safeguards in line with industry standards to appropriately protect your Personal Data against accidental, unauthorized, or unlawful access, use, loss, destruction, or damage.
The measures that we utilize are administrative (such as formulate and publish data protection policies, appoint a dedicated data protection team, conduct security and privacy training for employees, and regularly perform data security audits.) and technical (such as SSL encryption, Https protocol, access management, and firewalls), and physical (such as locks and video surveillance).
Please understand no data transmission over the Internet or any wireless network can be guaranteed to be perfectly secure. As a result, while we use appropriate technical and Organizational measures to protect the information we hold for you, we cannot guarantee the security of any information we collect or transmit over the Internet.
For privacy protection reasons, we kindly request you do not disclose certain Personal Data, such as passwords, credit card numbers, or other confidential data during your use of DingTalk Services. Our commitment to safeguarding your privacy is unwavering, but the security of Personal Data also relies on safe user practices.
Data Transfers
Our servers are located in Singapore. As DingTalk is a global platform, your Personal Data may be processed on our servers located outside of the country where you live to bring you DingTalk Services globally and continuously. International data transfer is necessary for us to provide DingTalk Services and fulfill our contractual obligations to you related to DingTalk Services. Regardless of where your Personal Data is processed, we apply the same protections described in this Privacy Policy. We will also keep this Privacy Policy in compliance with significant legal frameworks relating to the transfer of data. If we receive your complaints about data transfers, we will cooperate with appropriate regulatory authorities when we cannot directly resolve them. Some of our recipients of your Personal Data are located in countries that may not – by law – provide the same level of data protection as you are used to in certain countries. If that is the case, we will ensure that adequate safeguards are in place to duly protect your Personal Data, and we guarantee that we are able to and have mechanisms (including standard contractual clause) in place to respect the level of data protection required by applicable data protection laws and that we shall refrain from processing Personal Data in the event of a breach of the concluded safeguarding measures or if we (or our recipients) are no longer able to honor them.
CHILDREN’S POLICY
We do not knowingly collect or solicit Personal Data from minors under 16 or the minimum age required in your country to consent to use DingTalk Services. If you are a minor under the minimum age required in your country, you must obtain prior consent from your parents / legal guardians before using DingTalk Services. If we are aware that a minor has provided us with Personal Data without prior consent, we will delete such information from our servers. If you have reason to believe that a minor has provided Personal Data to us, please contact us via DT_Privacy@service.dingtalk.com .
APPLICATION
This Privacy Policy applies to all DingTalk Services.To better enrich your experience, DingTalk Services may also contain links to other websites or services not operated or controlled by us (including our affiliates), which may include payment services. You can choose whether to access such content or links or whether to use the third party’s products or services.
However, we do not have control over the products or services provided by third parties. We cannot control any of your Personal Data held by third parties. By providing these links, we do not imply that we endorse or have reviewed these third-party services. The Personal Data protection issues in connection with your use of any third-party services are not governed by this Privacy Policy. We strongly advise you to review the privacy policy of every site of the products or services provided by third parties.
If provisions from this Privacy Policy are in conflict with the law, they will be replaced by provisions of the same purport that reflect the original intention of the provision, all this to the extent legally permissible. In that case, the remaining provisions remain unchanged and applicable.
YOUR RIGHTS RELATING TO YOUR PERSONAL DATA
You are entitled to the following rights:
a) right of access to your Personal Data;
b) right to data portability;
c) right to correction if your Personal Data is not complete or accurate (you are responsible for the truthfulness, accuracy, legality, validity, and completeness of the information you provide, and update and maintain your Personal Data in a timely manner to ensure the truthfulness, accuracy, and validity of the information);
d) right to deletion or restriction of your Personal Data, as permitted by law (in some cases, we retain data for limited periods when it needs to be kept for legitimate business or legal purposes or to be protected from accidental or malicious deletion, and there may be delays between when you delete something and when copies are deleted from our active and backup systems);
e) right to object (i.e., objecting to our processing of your Personal Data) (e.g., in case we process your data for direct marketing purposes), as permitted by law;
f) right to withdraw your consent where we had asked for your consent at any time with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdrew it;
g) right to terminate your DingTalk account, where the termination approach depends on the type of your DingTalk account. After termination, we will stop providing you with DingTalk Services, delete your Personal Data according to the requirements of applicable laws, or make it anonymous.
Where we have asked for your consent, you may at any time withdraw your consent with future effect and without affecting the lawfulness of processing of your Personal Data based on the consent you provided before you withdraw it. You may withdraw your consent via “Settings and Privacy”.
The exercise of the abovementioned rights is free of charge and can be carried out by contacting us through “DingTalk Customer Service” or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular, because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.
We will provide you with information about the follow-up to the request without undue delay and, in principle, within one month of receipt of the request. Depending on the complexity of the request and the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable privacy legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Please understand these rights are not absolute, and they may be limited in some situations. For example, if we can demonstrate that we have a legal requirement to process your data, if making the information available to you would reveal Personal Data about another person, or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.
We hope that we can satisfy any queries you may have about the way we process your data. In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority, in particular to the data protection authority in the country of your habitual residence or place of work.
MARKETING
We may send you marketing and promotional materials. If we are legally required to do so, we will seek your prior consent before providing you with promotional materials or information. You may withdraw your consent at any time (this will not affect the processing of your Personal Data undertaken until the withdrawal). If you want to stop receiving promotional materials, etc., you can do so at any time by communicating with us.
DATA RETENTION
We will retain your Personal Data for as long as is necessary to carry out the purposes set out herein. We will also retain your Personal Data deemed necessary to comply with legal obligations, settle disputes, and enforce agreements.
In principle, we do not store your Personal Data any longer than the strictly necessary period for the purposes that we process your Personal Data.
Where applicable, we will delete your Personal Data upon your request. We are entitled at all times to delete your Personal Data without notice. In such cases, we owe no compensation to you as a result of the deletion of your Personal Data.
If you want further information about the retention periods applied to your Personal Data, you may contact us at DT_Privacy@service.dingtalk.com.
PRIVACY POLICY UPDATES
We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update the Privacy Policy, we will take appropriate measures to inform you (such as by system message, publicize the amended Privacy Policy at “Settings and Privacy-About DingTalk-Privacy”, or other means) and may obtain your consent, consistent with the significance of the changes we make and as required by applicable law. You may visit the latest Privacy Policy via “Settings and Privacy-About DingTalk-Privacy”.
CONTACT US
The data controller for your Personal Data will be DingTalk (Singapore) Private Limited.
If you have questions about this privacy notice or wish to contact us for any reason in relation to our Personal Data processing, please contact us via “DingTalk App-Me-Help-Customer Services-DingTalk AID” or at DT_Privacy@service.dingtalk.com .