tencent cloud

SUMMARY

What type of personal information do we collect?

We collect information regarding your use and purchase of our Services and your interactions with Tencent. You also provide information when you make an enquiry on our website or register to use our Services. Examples include your name and contact details. If you are the administrator of the account, you have the ability to provide access rights to other persons by including their email address in the service console. For information that you provide to us to set up your account, and that we collect and generate in managing your Services, we act as the controller. For information that you store using the Services (for example, content that you upload to store on our servers), we act as a processor. See below at The Types of Personal Information we Collect and Process for more information.

How will we use the collected personal information?

We will use the collected information to create and verify your account, enable password change, process payments, and to communicate with you. See below at How we use Your Personal Information for more information.

Who do we share the collected personal information with?

We share your information with our third party service providers, related group companies and as required by law. See below at How we share and store your Personal Information for more information.

Where do we process the collected personal information?

Our servers may be located outside of the country you are located, for example in Mainland China. See below at How we share and store your Personal Information for more information.

How long do we hold on to the collected personal information?

Your information is retained so long as your account exists. After which, the information is deleted within a set time period, depending upon the type of personal information. See below at Data Retention for more information.

How do I exercise my rights over my information?

You may have special rights over your information and how we can use it. These include how you can access the information, erasing the information, restricting how your information can be used, objecting to its use and getting a copy of your information. See below at Your Rights for more information.

Dispute Resolution

If you have any concerns or complaints, please contact us at cloudlegalnotices@tencent.com.See below at Contact & Complaints for more information.

How will we notify you of changes?

If there are any significant changes to this privacy policy, we will provide a notice on our website.See below at Updates & Changes for more information.

Contact Information

Data Controller (EEA, UK and Switzerland): Tencent Cloud Europe B.V.. Address: Atrium building, 8th floor, Strawinskylaan 3127, 1077 ZX Amsterdam, the Netherlands.

Data Controller (Outside EEA, UK and Switzerland): The entity you have contracted with, as set out in the Terms of Service.

Data Protection Officer: Please email cloudlegalnotices@tencent.com.

Jurisdiction-Specific Addenda

Additional provisions with respect to certain jurisdictions are included in the addenda to this privacy policy. If you are ordinarily resident in a jurisdiction listed, then the relevant terms for that jurisdiction apply to you. In the event of a conflict between an addendum and this privacy policy, the provisions of the relevant addendum will prevail with respect to the relevant territory only. Unless otherwise provided in a relevant addendum, the provisions of this privacy policy apply to such territory in addition to the specific provisions of such addendum and are not amended except as specifically stated in such addendum.

Modules

The Modules set out below in the section Modules to this privacy policy shall apply and form part of this privacy policy if you use the specific Feature (as defined in each relevant Module). You acknowledge we will collect, process, use and store your personal information, as described in the applicable Module. See below at Modules for more information.

INTRODUCTION

When you use the Tencent Cloud website and cloud services (including https://tencentcloud.io and https://www.tencentcloud.com) ("Services"), you are agreeing to our rules and policies regarding your personal information and you expressly consent to us collecting, processing, using and storing your personal information, as described in this privacy policy.

If you do not agree with this privacy policy, you must not use the Services.

We hold personal information that you provide to us to set up and manage your account and the Services, and personal information generated in connection with your use of the Services ("Administrative Information"). We are the data controller of Administrative Information. This privacy policy informs you of your choices and our practices regarding your Administrative Information.

We also hold data, including personal information, that you submit, upload, transmit or display using the Services ("Content") and we store this data solely in order to provide the Services. The terms relating to our storage of Content are set out in our Terms of Service and Data Processing and Security Addendum. You are the data controller of Content and questions about data handling processes from your users or third parties regarding Content should in the first instance be addressed to you. At all times, we act as a service provider to you, and process data on your behalf. You can extract your Content at any time.

If you are located in the European Economic Area or Switzerland, the data controller of your personal information for the purposes of the General Data Protection Regulation is Tencent Cloud Europe B.V., a company registered in The Netherlands with its registered address at Atrium building, 8th floor, Strawinskylaan 3127, 1077 ZX Amsterdam, the Netherlands. If you are located outside the European Economic Area or Switzerland, the data controller of your personal information is the entity that you have contracted with, as set out in the Terms of Service. In each case, the relevant entity is referred to in this policy as "Tencent", "we" and "us".

Our data protection officer can be contacted at cloudlegalnotices@tencent.com.

SECTION 1: WHERE WE ARE A DATA CONTROLLER

The Types of Personal Information We Collect and Process

We will collect and use the following information about you:

• Information you give us. You may give us information about you by making an enquiry about our Services, using our Services or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register for our Services (or for business customer, act as the company's business representative to register for Services), such as your name, username, email address, address, IP address, APPID, UIN, Device ID, Tencent Cloud ID, photo ID, credit card information, and telephone number. If you choose to set up your account using one of your existing accounts with Google, we also collect information from that connected account to complete your registration, this includes Google ID, email address, authentication code and avatar (in the form of a log).

• Information we collect about you when use our Services. We automatically collect certain information from you when you use our Services through the Tencent Cloud web portal, including IP address, User Agent and Device ID, and information regarding your use of our Services such as our log of your visits, site access requests, uploads and downloads.

• Information that we obtain from a third party. Tencent Cloud allows administrators of the user account to determine access rights. In doing so, the administrator of your Services (which might be you) can include the email addresses of other persons who are to be given access to the Services under that account. If you are the administrator of the account, you acknowledge and undertake to us that you have the consent of the individual concerned to provide their email address for this purpose.

  We also collect and store your information each time you interact with Tencent, for example, when you communicate with us by email, activate new Services, or complete forms on our website. We also store information about the Services you purchase, such as the activation code, date of purchase, and information relating to any support issue.

Cookies

We use cookies and other similar technologies (e.g. web beacons, Flash cookies, etc.) ("Cookies") to enhance your experience using the Services. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality.

You have the option to permit installation of such Cookies or subsequently disable them. You may accept all Cookies, or instruct the web browser to provide notice at the time of installation of Cookies, or refuse to accept all Cookies by adjusting the relevant function in the web browser of your computer. However, in the event of your refusal to install Cookies, Tencent Cloud may be prevented from providing some of its Services available to you.

For more information about the Cookies we use, please see our Cookies Policy.

Children

Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 14 to register for our Services and/or provide any personal identification information. If you are under 14, please do not sign up to use our Services or provide any information about yourself through the Service.

How We Use Your Personal Information

We will use the information in the following ways and in accordance with the following legal bases:

Personal Information	Purpose of Use	Legal Basis for Processing (only applicable for the EEA and UK)
Location, Name, Email Address, IP Address, User Agent (or website browser), Device ID and Tencent Cloud ID, Address(including city, province and post code), APPID, UIN, Username and other login security credentials; (If you choose to register via Google: Google ID, email address, authentication code and avatar(in the form of a log) (Mandatory)	We use this information to: · create your Tencent Cloud account in accordance with your request and/or verify you have an account; · allow for password resets; · provide you with user support; · record transactions or provide order confirmations; and · enforce our terms, conditions and policies.	We process this information as it’s necessary for us to perform our contract with you to provide the Services.
Mobile Number, Email Address, Address (Mandatory)	We use this information: · to verify your Tencent Cloud account; · for security protection (if you activate account verification, this will be used to send you SMS alerts and two-factor authentication codes when you modify account passwords, email addresses, etc.); · for product notifications; · for order confirmations; and · for service information (e.g. account balance information, and to communicate to you when your account balance is running low).	It is in our legitimate interests to verify your identity and communicate with you about the Services.
Photo ID (e.g., driver’s license or passport) Name and Address (Mandatory)	If you elect to use servers located in the PRC (excluding Hong Kong (China), Macau (China) and Taiwan (China)) for the Services, we use your photo ID (or, where you are a corporate customer, corporate documentation) to ensure that your account is legally verified in accordance with local law.	It is in our legitimate interests to process such data to ensure you are able to activate the service for use in jurisdictions where this is a legal requirement.
Credit card information (card number, name, expiration date, security code, payment ID) (Mandatory)	We use your credit card information to process payments made by you for use of the Services.	We process this information as it’s necessary for us to perform our contract with you to facilitate payment for the Services.
Transaction Records (such as date and time of payment for services) (Mandatory)	We provide access to your Transaction Records to allow you to see your transaction history.	We process this information as it’s necessary for us to perform our contract with you to manage payments in respect of the Services.
Log Data, Metadata, IP Address, User Tickets, User Agent, Date and Time of Access, each URL visit within the Tencent Cloud website whether direct or referred from third party website (Optional)	We use this information for strategy and Service improvement and for analytics.	It is in our legitimate interests to improve our strategy and Services.
Customer Service Ticket/ Chat Content, IP Address, Tencent Cloud ID, incident details and response steps (Mandatory)	We use this information to: · deal with your concerns and complaints about the Service; and · improve and administer our Services and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to keep our Services safe and secure.	It is in our legitimate interests to improve our Services and provide support in connection with the Services supplied to you.
Log and Metadata in relation to incidents (Optional)	We use this information in order to improve our Service and responses.	It is in our legitimate interests to improve our Service and responses.
Enquiry Data (data provided when you submit an enquiry via our website contact form or as part of a sales enquiry), including: your name, email, phone number, UIN, priority of query or ticket, reminder settings,company name, business service, location, and details of your query or any additional information provided by you(Mandatory)	We use this information to respond to your request.	It is in our legitimate interests to process this information as it is needed to respond to your request.
Technical support enquiry data (data provided when you submit a technical support request), including your name, email, phone number, the type of your question, and details of your query (Mandatory)	We use this information to respond to your request.	It is in our legitimate interests to process this information as it is needed to respond to your request.
Promotional Contact Data: Name, Email, Phone Number, Company Name, Business Service, Location and details of your query (Optional)	We use this information to: · promote our products and services to you; and to send you direct marketing communications through us or our third party partners.	We process this information with your consent. You can withdraw this consent at any time.
Marketing Data: Name, Business Email, Phone Number, Company Name, Country/Region and Industry (Mandatory)	We use this information: · to reserve you a place on our online events and webinars · for product notifications; and · for order confirmations.	We process this information with your consent. You can withdraw this consent at any time.
Name, Email Address, Country Code, Phone Number, Company Name, Business Service, Inquiry (Mandatory)	We use this information: · to process your application for the COVID-19 Cloud Resources Support Program; · to respond to requests for our products; · for product notifications; and · for order confirmations.	We process this information pursuant to our contract with you to provide the support.
Name, Email Address, Country Code, Phone Number and Company Name (Mandatory)	We use this information to communicate (whether through us or our third party partners) with you, in order to understand products and services that may interest you, and to explore potential business opportunities with you.	It is in our legitimate interests to process such data to maintain a relationship with you and to better understand your business needs.

We may process and collect other personal information from you from time to time for specific reasons, such as when you try our demo versions on our Services for a specific Feature. For example, when you input or upload data on the demo version of our Instant Messaging feature (such as by sending chat messages and notices, or changing chat names), we will process such data in order to enable you to experience the interface and functions, and delete such data within forty-eight (48) hours. We may also otherwise provide more information on the way we process personal information (including information on any changes to the way we process that personal information that may differ to this privacy policy), such as on our product pages.

How We Share and Store Your Personal Information

We may share your personal information with selected third parties in and outside your country, including:

• Third Parties where we use a third party service to: (a) process payments ; (b) provide customer support (including provision of a support database and ticketing); (c) send SMS service notification; or (d) provide other services, support, features or functionality as part of the Services, including those listed on our Third Parties page.

• Related group companies, including the entities listed on our Third Parties page, with whom we share your personal information to operate our Services.

To the extent data is transferred outside of the EEA or UK for processing (for example, to Mainland China), we rely on the European Commission's model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2001/497/EC (in the case of transfers to a controller) and Decision 2004/915/EC (in the case of transfers to a processor);

• Law enforcement agencies, public authorities or other judicial bodies and organisations. We disclose information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with a legal obligation, process or request;

  • enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof;

  • detect, prevent or otherwise address security, fraud or technical issues; or

  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction); and

• A third party that acquires all or substantially all of us or our business. We will disclose information to a third party in the event that we sell or buy any business or undergo a merger, in which case we will disclose your data to the prospective buyer of such business. We will also disclose information to a third party if we sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.

Third Party Links and Services

Tencent may provide links to other third party websites as a convenience to you (collectively, the "Third Party Websites"). Please exercise care when visiting any Third Party Websites. The Third Party Websites have separate and independent privacy policies, notices and terms of use which govern your use of such websites and their use of any information they collect. We recommend you read these policies carefully. Tencent disclaims all liability for personal information you provide to any Third Party Websites.

The Security of Your Personal Information

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of the information transmitted to our site.

Data Retention

We will retain your personal information as described below (except if otherwise required to be retained by applicable law).

Information	Retention Period
(i) Location, Email Address, Password, IP Address, User Agent (or website browser), Device ID, Tencent Cloud ID, Verification Code, Mobile Number, Name, Address (including city, province and post code), APPID, UIN;(ii) Google login credentials: Google ID, email address, authentication code, avatar (in the form of a log); (iii) Location based on the IP address of login activity for the purposes of your identity verification	(i) Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted; (ii) For Google login credentials: information is retained until the expiry of a 90-day period from its creation; (iii) Only location based on the IP addresses of only the previous three (3) logins are retained.
Credit card information(only limited to Payment ID) (we do not store your other credit card information including card number, name, expiration date and security code, except for the purposes of acquiring a payment ID which is provided by our payment processor upon receiving your other credit card information)	Payment ID is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
Transaction Records	Payment data is held for as long as an account exists. Information is erased within ninety (90) days of the date the account is deleted.
Photo ID (e.g, driver’s license or passport) Name and Address	Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
Log Data, Metadata, IP Address, User Agent, Date and Time of Access, each URL visit within the Tencent Cloud website whether direct or referred from third party website	This data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
Customer Service Ticket / Chat Content, IP Address, Tencent Cloud ID, incident details and response steps	This data is held for so long as an account exists. Information is erased within twenty-four (24) hours of the date the account is deleted.
Log and Metadata in relation to incidents	This data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.
Enquiry Data (data provided when you submit an enquiry via our website contact form or as part of a sales enquiry, including your name, email,phone number, UIN, priority of query or ticket, reminder settings, company name, business service, location,and details of your query or any additional information provided by you)	Enquiry data is held until an enquiry is resolved, and then erased within one hundred and eighty (180) days of such resolution, unless you agree to have this data retained and receive more information in the future.
Technical support enquiry data(data provided when you submit a technical support request), including your name, email, phone number, the type of your question, and details of your query	Technical support enquiry data is held until an enquiry is resolved, and then erased within one hundred and eighty (180) days of such resolution, unless you agree to have this data retained and receive more information in the future.
Promotional Contact Data: Name, Email , Phone Number ,Company Name, Business Service, Location and details of your query	Such data is held until you tell us that you no longer wish to receive promotional information.
Marketing Data: Name, Business Email, Phone Number, Company Name, Country/Region and Industry.	Such data is held until you tell us that you no longer wish to receive promotional information.
Name, Email Address, Country Code, Phone Number, Company Name, Business Service, Inquiry.	This data is held for so long as the COVID-19 Cloud Resources Support Program operates. Information is erased within ninety (90) days of the date the COVID-19 Cloud Resources Support Program ends.
Name, Email Address, Country Code, Phone Number and Company Name	This data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted.

Personal information, which has fulfilled the purpose for which it was collected or used, or has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible manner by using technical methods, and printed information will be destroyed by shredding or incinerating such information. Also, we will delete your personal information within 10 days (i) upon your request to have your personal information deleted; (ii) upon your deletion of your account; and/or (iii) if any personal information is left behind with incomplete account registrations.

In the event that the processing and retention period have terminated, but personal information is required to be retained continuously for other reasons including for the purposes as prescribed under applicable laws, the relevant personal information will be stored and maintained separately from other types of personal information.

Your Rights

This section ("Your Rights") applies to users who are located in the European Economic Area. The sub-section entitled "Access, Correction & Deletion" also applies to users who are located in Japan and Korea and Macau Special Administrative Region..

You have certain rights in relation to the personal information we hold about you. Some of these only apply in certain circumstances as set out in more detail below. We also set out how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances) unless otherwise permitted by the applicable legislation. To exercise any of your rights, please complete the request form here.

Access, Correction & Deletion

You can access, correct and delete some of your data in the account portal at any time here. If you believe there is any other personal information we process about you, or you are unable to correct or delete inaccurate information, you can make a request here. You may also have the right to receive a copy of certain personal information (see Portability below).

Please note, however, that we may retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Portability

You have the right to receive a copy of certain personal information we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such personal information to another party. The relevant personal information is information you provided for the purposes of performing our contract with you (for example, your mobile number, email address, or transaction data). You can export your Content at any time.

If you wish for us to transfer the personal information to a third party you can contact us using the form available here. Note that we can only do so where it is technically feasible.

Restriction of Processing to Storage Only

You have a right to require us to stop processing your personal information that we hold, other than for storage purposes, in certain circumstances. Please note, however, that if we stop processing the personal information, we may use it again if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or for another's protection).

Objection

You have the right to object to our processing of your personal information under certain circumstances (such as where that information is used with your consent, for example for marketing or profiling) by completing the form here.

Communications from Us

If you have opted-in to the receipt of direct marketing from us, we may send you news and offers from time to time, for example; to reserve you a place on our webinars. You can opt-out anytime by contacting us at: cloudlegalnotices@tencent.com.

We may from time to time send you service-related announcements when we consider it necessary to do so (such as when we temporarily suspend Tencent Cloud for maintenance, or security, privacy or administrative-related communications). You may not opt-out of these service-related announcements, which are not promotional in nature.

Contact & Complaints

Questions, comments and requests regarding this policy are welcomed and should be addressed to our Privacy Officer at cloudlegalnotices@tencent.com.

In the event that you wish to make a complaint about how we process your personal information, please contact our Privacy Officer in the first instance at cloudlegalnotices@tencent.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the EU country in which you live or work where you think we have infringed data protection laws.

Updates & Changes

If we make any material changes to this policy, we will post the updated policy here and provide a notice on our website. Please check this page frequently to see any updates or changes to this policy.

JURISDICTION-SPECIFIC ADDENDA

SOUTH KOREA

Last updated: 12 / 07 / 2020

This Addendum to the Tencent Cloud Privacy Policy (the "Addendum") is to address matters that are necessary to process your personal information in compliance with the Personal Information Protection Act (the "PIPA") of Korea. Please refer Tencent Cloud Privacy Policy for more details on the conditions of using the Services.

How We Share and Store Your Personal Information

a. We delegate the processing of your personal information as described below, and the delegatees may process your personal information according to the purpose of the delegation:

Delegatee	Delegated Tasks
Adyen Singapore Pte Ltd.	Payment processing and risk management
Image Frame Investment (HK) Limited	SMS Sending
Tencent Computing (Beijing) Co., Ltd.	Providing back-end support
Third Party Resellers	Client relationship management and marketing communications

Overseas Transfer of Personal Information

We transfer Personal Information to third parties overseas as follows:

Recipient (Contact Information of Information Manager)	Country to which Your Personal Information is to be Transferred	Date and Method of Transfer	Types of Your Personal Information to be Transferred	Purposes of Use by Recipients	Period of Retention Use by Recipient
Adyen Singapore Pte Ltd. dpo@adyen.com	Singapore	Encrypted transmission	Credit card number, name, valid period, CVV, address	Payment processor and risk management	7 years
Frensworkz Software Technology Co., Limited support@frensworkz.com	PRC	Online transmission	First and last name Title Role Position Industry Employer Contact information (company, department, role, email, phone, QQ number, physical mail address, website) Account, account name, account remark name ID data Billing address, billing country, billing street, billing city, billing state/province, billing zip/postal code	Aggregate implementing services	Until completion of system support services by Frensworkz or for 20 months (whichever is earlier)
Image Frame Investment (HK) Limited dataprotection@tencent.com	Hong Kong	Online transmission	Mobile number, SMS content	SMS Sending	Account data is held for so long as an account exists. SMS messages are deleted 13 months after the SMS messages have been sent.
Salesforce.com Singapore Pte. Ltd https://www.salesforce.com/ ap/company/privacy/	United States	Online transmission	Promotional Contact Data Marketing Data First and last name Title Role Position Industry Employer Contact information (company, department, role, email, phone, QQ number, physical mail address, website) Account, account name, account remark name ID data Billing address, billing country, billing street, billing city, billing state/province, billing zip/postal code	Client relationship management and marketing support	Please refer to the retention periods set out in “Data Retention”, subject to termination of the contractual relationship between us and Salesforce, in which case data will be deleted within 300 days from termination.
Tencent Computing (Beijing) Co., Ltd. meeting_info@tencent.com	People’s Republic of China	Online transmission upon account creation and payment	Mandatory： Date of birth, name, mobile phone number, email address, location, address (including city and post code), type of business, password Optional: Photo ID (e.g., driver’s license, passport or business license) name and address	System operation and maintenance	Account data is held for so long as an account exists. Information is erased within thirty (30) days of the date the account is deleted. (For location information based IP addresses used for the purposes of account verification, the location of the IP addresses of only the previous three (3) logins are retained)
Google Inc. https://policies.google.com/privacy	United States	Transmitted if user logs in using Google ID	Log-in credentials	Log-in	In accordance with the Google Identity Platform terms (https://developers.google.com/identity

Data Destruction

Personal information, which has fulfilled the purpose for which it was collected or used, and has reached the period of time during which personal information was to be possessed, will be destroyed in an irreversible way. Personal information stored in electronic files will be deleted safely in an irreversible way by using technical methods, and printed information will be destroyed by shredding or incinerating such information.

Your Rights of Data Subject and Methods to Exercise Such Rights

You may exercise rights related to the protection of personal information by requesting access to your personal information or the correction, deletion or suspension of processing of your personal information, etc. in writing or via email, fax, phone, etc. pursuant to applicable laws such as the PIPA. You may also exercise these rights through your legal guardian or someone who has been authorized by you to exercise such rights. However, in this case, you must submit a power of attorney to us in accordance with the Enforcement Regulations of the PIPA. Upon your request, we will take necessary measures without delay in accordance with applicable laws such as the PIPA. You can also withdraw your consent or demand a suspension of the personal information processing at any time.

Contact

If you have any questions or comments about the Privacy Policy, if you need to report a problem, or if you would like us to update, amend, or request deletion of the information we have about you, please contact our Chief Privacy Officer (or department in charge of personal data protection) at:

Department in Charge of Protection of Personal Information

• Name of Department: Privacy and Data Protection Department

• Person in Charge: Timothy Ma

• E-mail: cloudlegalnotices@tencent.com

Domestic Privacy Representative

Pursuant to Article 39-11 of the PIPA, the information regarding the designated domestic agent is as follows:

• Name: Tencent Korea Yuhan Hoesa

• Address: 152, Taeheran-ro, Gangnam-gu (Gangnam Finance Center, Yeoksam-dong), Seoul, Korea

• Telephone Number: +82-2185-0902

• E-mail: cloudlegalnotices@tencent.com

If you need to report or consult any invasion of private information issue then please contact the below agencies:

• Private Information Invasion Report Center (privacy.kisa.or.kr / dial 118)

• Supreme Prosecutor’s Office’s Cyber Crime Investigations Division (spo.go.kr / dial 1301)

• Korean National Policy Agency’s Cyber Investigation Bureau (ecrm.cyber.go.kr/minwon / dial 182)

California

The terms of this Addendum apply to residents of California under the California Consumer Privacy Act (“CCPA”) and other applicable laws. The CCPA provides California residents with certain legal rights such as access, deletion, disclosure, or “do not sell.” These rights are not absolute and are subject to certain exceptions.

Collection and Disclosure of Personal Information

Over the past 12 months, through your use of the Services, we may have collected and disclosed the following categories of personal information from or about consumers, as defined in the CCPA:

• Identifiers, including name, email address, mobile number, IP address, device identifiers, Tencent Cloud ID, mailing address, government-issued identification, and verification codes transmitted to or from the device. This information is collected directly from the consumer or device.
• Internet or other electronic network activity information, including the User Agent or website browser, log metadata associated with the consumer’s interactions with Tencent Cloud, and Tencent Cloud customer support incident details (as well as response steps associated with customer service tickets). This information is collected directly from the consumer or device.
• Geolocation data, including location data derived from IP address provided directly to us from the device. The Wi-Fi access point data can be used to understand location data at a zip-code level, whereas the GPS information provided by the device can more precisely track the device’s current coordinates. This information is collected directly from the device.
• Commercial information, including payment card information and transaction records (such as information about purchased Services, such as the activation code and date of purchase). This information is collected directly from the consumer or device.

We collect personal information for the following purposes and as described in the applicable Module:

• To operate and administer the Services;
• To communicate with consumers;
• To improve the Services;
• For security and verification purposes, including to prevent and detect fraudulent activity; and
• To address and remediate technical issues and bugs.

For additional information about what each type of personal information is used for, see this chart in the main portion of the Privacy Policy.

We disclose personal information to the following types of entities:

• Our affiliate companies within our corporate group who process personal information in order to operate the Services
• Other companies that provide services on our behalf who are prohibited by contract from retaining, using, or disclosing personal information for any purpose other than for providing the services to us
• Regulators and judicial authorities and law enforcement agencies
• Entities that acquire all or substantially all of our business

In the past 12 months, we have not sold personal information of California residents within the meaning of “sold” in the CCPA.

Rights under the CCPA
If you are a California resident and the CCPA does not recognize an exemption that applies to you or your personal information, you have the right to:

• Request we disclose to you free of charge the following information covering the 12 months preceding your request:
  • the categories of personal information about you that we collected;
  • the categories of sources from which the personal information was collected;
  • the purpose for collecting personal information about you;
  • the categories of third parties to whom we disclosed personal information about you and the categories of personal information that was disclosed (if applicable) and the purpose for disclosing the personal information about you; and
  • the specific pieces of personal information we collected about you;
• Request we delete personal information we collected from you, unless CCPA recognizes an exemption; and
• Be free from unlawful discrimination for exercising your rights including providing a different level or quality of services or deny goods or services to you when you exercise your rights under the CCPA.

We aim to fulfill all verified requests within 45 days pursuant to the CCPA. If necessary, extensions for an additional 45 days will be accompanied by an explanation for the delay.

How to Exercise Your Rights

First, you may wish to log into your account and manage your data from there. If you are a California resident to whom the CCPA applies, you may exercise your rights, if any, to other data by contacting us at cloudlegalnotices@tencent.com.

BRAZIL

This section applies to users located in Brazil:

Consent Revocation

Whenever we use your personal information based on your consent, you may revoke consent that you have previously given for the collection, use and disclosure of your personal information, subject to contractual or legal limitations. To revoke such consent, you may terminate your account or you can contact cloudlegalnotices@tencent.com. This may affect our provision of the Service to you.

Parental and Guardian Consent

If you are under the age of 18, you should not use the Service for any purpose without first obtaining parental/guardian agreement to this Privacy Policy (both for themselves and on your behalf). We do not knowingly collect personal information from any children under the age of 18 without such consent. Please contact our Data Protection Officer if you believe we have any personal information from any children under the age of 18 without such parental/guardian consent – we will promptly investigate (and remove) such personal information.

CANADA

In addition to the information provided in this section of the Privacy Policy, we may store your personal information in and outside of Canada, including in Singapore and Hong Kong.
If you have: (i) any questions or comments about the Privacy Policy; (ii) would like to obtain written information about the Privacy Policy; (iii) if you need to report a problem; or (iv) if you would like us to update, amend, or request deletion of the information we have about you, please contact our Chief Privacy Officer (or department in charge of personal data protection) at cloudlegalnotices@tencent.com.

EGYPT

Please note that this service is only available to users above 18 years. If you are under this age, you are only eligible to use this service if you obtain parental or guardian consent.

If you do not agree to the processing of your personal information in the way this Privacy Policy describes, please do not provide your information when requested and stop using the Services. Your use of the Services shall be deemed an express consent of the rules governing your personal information as described in this Privacy Policy.

By proceeding with the sign up process, you acknowledge that you have read, understood, and consented to this Privacy Policy. If you do not consent to this Privacy Policy, you must not use the service.

You are acknowledging your consent to the processing, storage, and cross-border transfer for your personal data. The cross border transfer may occur to any country in which we have databases or affiliates, including those outside of Egypt (see The Types of Personal Information we Collect and Process for more information).

If you are a new user, you have seven days to inform us of any objection you may have to this Privacy Policy.

As an Egyptian data subject, you have certain rights under the Egyptian Personal Data Protection Law.

France

Your Rights

Instructions for the processing of your personal data after your death.

You have the right to provide us with general or specific instructions for the retention, deletion, and communication of your personal data after your death.

The specific instructions are only valid for the processing activities mentioned therein and the processing of these instructions is subject to your specific consent.

You may amend or revoke your instructions at any time.

You may designate a person responsible for the implementation of your instructions. This person will be informed of your instructions, in the event of your death, and be entitled to request their implementation from us. In the absence of designation or, unless otherwise provided for, in the event of the death of the designated person, their heirs will have the right to be informed of your instructions and to request their implementation from us.

When you wish to make such instructions, please contact us at cloudlegalnotices@tencent.com .

India

Sensitive Personal Information

Your Sensitive Personal Information shall mean passwords, financial information such as bank account or credit card or debit card or other payment instrument details, biometric data, physical or mental health, sex life or sexual orientation, and/ or medical records or history, and similar information, but does not include information available in the public domain, or provided under Indian laws, including the Right to Information Act, 2005.

Sharing Of Your Sensitive Personal Information

Where we permit any third parties to collect and use your Sensitive Personal Information, we shall take reasonable measures to ensure that the third parties do not further disclose the Sensitive Personal Information.

Age Restrictions

Children under the age of 18 are not allowed to execute online contracts with us or sign up for our services. Parental consent is required for children under the age of 18 years to avail our services.

Withdrawal Of Consent

To the extent provided by applicable laws and regulations, you may withdraw any consent you previously provided to us for certain processing activities by contacting us at cloudlegalnotices@tencent.com. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the expected service.

INDONESIA

Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 21 to register for our Services and/or provide any personal identification information. If you are under 21, please do not sign up to use our Services or provide any information about yourself through the Service.

We will retain your personal information as described in the Tencent Cloud Privacy Policy and for a minimum of five years (except if otherwise required to be retained by applicable law).

Japan

Consent

By clicking “accept”, you consent to the cross-border transfer of your information to any country where we have databases or affiliates, including outside of Japan.

Your Rights

You may request us to notify you about the purposes of use of, to disclose, to make any correction to, to discontinue the use or provision of, and/or to delete any and all of your personal information which is stored by us, to the extent provided by the Act on the Protection of Personal Information of Japan. When you wish to make such requests, please contact us at cloudlegalnotices@tencent.com.

MALAYSIA

If you wish to use the Service you will be required to provide your personal data. If you do not wish to supply your personal data you should stop using the Service.

Language of this Privacy Policy

In the event of any discrepancy or inconsistency between the English version and Bahasa Melayu version of this Privacy Policy, the English version shall prevail.

Parental and Guardian Consent

If you are under the age of 18, please do not use the Service.

In the event you are agreeing to this Privacy Policy in order for a minor to access and use the Service, you hereby consent to the provision of personal information of the minor to be processed in accordance with this Privacy Policy and you personally accept and agree to be bound by the terms in this Privacy Policy. Further, you hereby agree to take responsibility for the actions of such minor, and that minor’s compliance with this Privacy Policy.

Rights of Data Subjects

Right of access: You have the right to request access to and obtain a copy of your personal information that we have collected and is being processed by or on behalf of us. We reserve the right to impose a fee for providing access to your personal information in the amounts as permitted under law.

When handling a data access request, we are permitted to request for certain information to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data access request.

Right of correction: You may request for the correction of your personal information. When handling a data correction request, we are permitted to request for certain information to verify the identity of the requester to ensure that he/she is the person legally entitled to make the data correction request.

Right to limit processing of your personal information: You may request to limit the processing of your personal information by using the contact details provided above. However this may affect our provision of the Service to you.

Contact

To protect your personal information and handle complaints relating to your personal information, we have appointed the following department responsible for managing and protecting your personal information.

• Our data protection officer, responsible for the management and safety of your personal information
  • Telephone: +603-22872388
  • Email: cloudlegalnotices@tencent.com.

PHILIPPINES

You must be at least 18 years of age to be able to use the Service.

Changes

We will not implement any material changes to the way we process your personal information, as described in the Privacy Policy, unless we have notified you and have obtained your consent to such material changes.

Your Rights

You are entitled to the following rights, to the extent provided by applicable laws:

• Right to be informed. You have the right to be informed whether personal data pertaining to you shall be, is being, or have been processed, including the existence of automated decision-making and profiling.

• Right to object. You shall have the right to object to the processing of your personal information, including processing for direct marketing, automated processing or profiling. When you object or withhold consent, we shall no longer process your personal data, unless the personal data is needed pursuant to a subpoena; the collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you have bound yourself; or your personal information is being collected and processed as a result of a legal obligation.

• Right to access. You have the right to reasonable access to, upon demand, the following:

  • contents of your personal information that were processed;
  • sources from which your personal information were obtained;
  • names and addresses of recipients of your personal information;
  • manner by which such data were processed;
  • reasons for the disclosure of the personal data to recipients, if any;
  • information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect the data subject;
  • date when the personal information concerning you were last accessed and modified; and
  • the designation, name or identity, and address of the personal information controller.

• Right to rectification. You have the right to dispute the inaccuracy or error in the personal information and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal information has been corrected, we shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof, provided that recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.

• Right to erasure or blocking. You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our filing system.
  This right may be exercised upon your discovery and substantial proof of any of the following:

  • your personal data is incomplete, outdated, false, or unlawfully obtained;
  • your personal data is being used for purpose not authorized by you;
  • your personal data is no longer necessary for the purposes for which they were collected;
  • you withdraw consent or object to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
  • your personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
  • the processing is unlawful;
  • we violated your rights.

Consent

By consenting to this Privacy Policy, you consent to us:

• collecting and processing your personal information as described in the section “How We Use Your Personal Information”;
• sharing your personal information with third parties, companies within our corporate group, and a third party that acquires substantially all or substantially all of us or our business, as described in this Privacy Policy and for the purposes stated herein; and
• transferring or storing your personal information in destinations outside the Philippines when the processing shall need to occur outside the Philippines, as described in the section “How We Store and Share Your Personal Information”.

SAUDI ARABIA

You consent to the disclosure, transfer and export of your personal information outside of Saudi Arabia or any other jurisdiction in which you provided it.

SINGAPORE

We may store your personal information within and outside Singapore.

Please refer to the following paragraph regarding “Access, Correction and Deletion” of your personal information, instead of the general “Access, Correction and Deletion” paragraph in the “Your Rights” section of the main privacy policy:

You can access and correct some of your data in the account portal at any time. If you believe there is any other personal information we process about you, or you are unable to correct inaccurate information, you can make a request by contacting us at cloudlegalnotices@tencent.com. You may also have the right to receive a copy of certain personal information (see Portability below). In accordance with the laws in Singapore you do not have the legal right to delete your data, however we may delete your data on request to us.

Please note, however, that we may retain personal information if there are valid grounds under data protection laws for us to do so (e.g., for the defence of legal claims or freedom of expression) but we will let you know if that is the case.

Thailand

You acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree with this Privacy Policy, you must not use the Service.

You may request us to discontinue, to restrict the use or provision of, and/or to request for data portability of any and all of your personal information which is stored by us, to the extent provided by the Act on the applicable data privacy laws and regulations in Thailand, including the Thai Personal Data Protection Act. When you wish to make such requests, please contact us at cloudlegalnotices@tencent.com.

We will give you notice by email of any changes to this Privacy Policy, and give you an opportunity to reject such changes, failing which the changes will become effective as stated in the notice

Türkiye

Our Data Controller Representative in Türkiye is Özdağıstanli Ekici Avukatlık Ortaklığı for the purpose of compliance with Turkish Law on Personal Data Protection Law (“DPL”) and its secondary regulations can be contacted at tencent@iptech-legal.com. Please include the word “Türkiye” in the subject line of your email

Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 18 to register for our Services and/or provide any personal identification information. We will ask for parental consent for children under age 18 for any processing of their personal data.

With respect to the section “How We Use Your Personal Information”, for the purposes of Türkiye the column “Legal Basis for Processing” shall be deemed to be amended such that the purposes for processing personal information for Türkiye shall be Art. 5/2 c and Art 5/2 f of the Law on Protection of Personal Data w. no 6698.

Your personal data can be transferred and stored into servers located in Türkiye or abroad with your consent.

The paragraph headed “The Security of Your Personal Information” in the Tencent Cloud Privacy Policy is inapplicable with respect to personal data collected in Türkiye.

You have legal rights, which are set forth in Article 11 of the DPL, in relation to the personal information data we hold about you. As a Turkish data subject, you may have right to apply to the data controller and (and to the extent permitted under applicable laws and regulations):

• learn whether or not your personal data has been processed;
• request information about processing if your personal data has been processed;
• learn the purpose of processing of your personal data and whether your data is being processed in line with that purpose
• know the third parties in the country or abroad to whom personal data has been transferred;
• request rectification in the event personal data is incomplete or inaccurate;
• request deletion or destruction of personal data within the framework of the conditions set forth under Article 7 of the Law on Protection of Personal Data Protection (Türkiye);
• object to automatic processing of data and seek certain remedies in accordance with the Personal Data Protection Law (Türkiye).

These rights are not absolute.

UAE

Our Service is not intended for children. Children must not use the Service for any purpose. We will not knowingly allow anyone under 21 to register for our Services and/or provide any personal identification information. A user under 21 will need to obtain the relevant court order to use the Services.

We may voluntarily report a cyber-security incident where it constitutes a crime under UAE law (e.g. under the UAE Cybercrime Law). The incident can be reported to the relevant authorities for the purpose of investigations. Please note also that voluntary reporting of a cyber-security incident can also be made to the UAE Computer Emergency Response Team (“CERT”). CERT is a security awareness organisation that provides a process for logging incidents and advising on known cyber security threats in the UAE.

VIETNAM

By accepting this Privacy Policy, you expressly agree and authorize us to collect, use, store, and process your personal information, including, lawfully disclosing and transferring it to third parties, as described in this Privacy Policy.

We maintain international standards and security practices for data protection. When your personal information is transferred within or outside your jurisdiction of residence, it will be subject to the same or higher levels of security practices and data protection by the recipient entity as adhered to by us.

Where we permit any third parties to collect and use your personal information, we shall take reasonable measures to ensure that the third parties do not further disclose the personal information.

Your personal information, if required to be disclosed to the law enforcement agencies, public authorities or other judicial bodies and organisations, it will disclosed upon receipt of written request from such organizations.

Your Rights

You have the right to access, correct, and erase the personal information we hold about you. You also have the right to withdraw your earlier provided consent to collect, store, process, use and disclose your personal information and to request us to stop providing your personal information to a third party.

MODULES

Last updated: [2020-08-17]
The following Modules shall apply and form part of this privacy policy if you use the specific Feature (as defined in each relevant Module). You acknowledge we will collect, process, use and store your personal information, as described in the applicable Module:
1.Tencent Push Notification Service.
2.Anti-Cheat Expert.
3.Web Application Firewall.
4.Game Multimedia Engine.
5.Anti-DDoS Pro.
6.Face Recognition.
7.StreamLive.
8.StreamPackage.
9.Tencent Cloud Conference.
10.Cloud Native Database TDSQL-C.
11.Tencent Cloud Elastic Microservice.
12.TencentDB for CTSDB.
13.Private DNS.
14.TencentDB for Tendis.
15.Database Management Center.
16.Tencent Cloud Weiling.
17.Event Bridge.
18.TencentCloud Lighthouse.
19.Instant Messaging.
20.Edge Computing Machine.
21.Data Security Center.
22.Tencent Cloud TI Platform.
23.Cloud Data Warehouse.
24.Vulnerability Scan Service.
25.IoT Hub.
26.CODING Code Repositories.
27.CODING Project Management.
28.CODING Test Management.
29.CODING Continuous Integration.
30.CODING Artifact Repositories.
31.CODING Continuous Deployment.
32.Tencent Distributed Message Queue.
33.Risk Control Engine.
34.TencentCloud EdgeOne.
35.eKYC.
36.Tencent Managed Service for Prometheus.
37.Video on Demand.
38.Tencent Cloud Automation Tools.
39.Cloud Streaming Services.
40.HTTPDNS.
41.Text To Speech.
42.Automatic Speech Recognition.
43.Tencent Effect SDK.
44.TencentCloud Managed Service for Grafana.
45.Tencent Real-Time Communication.
46.Real User Monitoring.
47.Customer Identity and Access Management.
48.Penetration Test Service.
49.Cloud Application Rendering.
50.Captcha.
51.OCR.
52.Tencent Machine Translation.
53.Video Moderation System.
54.Audio Moderation System.
55.Image Moderation System.
56.Text Moderation System.
57.Tencent Cloud Mesh.
58.Cloud Data Warehouse for PostgreSQL.
59.Data Lake Compute.

Revision History

Privacy Policy(version1.0)