CATEGORY H DATA PROCESSING AND SECURITY AGREEMENT MODULE
Last updated: 2025-11-03 16:14:32
CATEGORY H DATA PROCESSING AND SECURITY AGREEMENT MODULE
Last updated: 2025-11-03 16:14:32
1. Background
This Data Processing and Security Agreement Module (“Module”) applies if you use the following features: Tencent Cloud International Web Application Firewall, Anti-DDoS, Data Security Governance Center/ T-Sec Data Security Center, Vulnerability Scan Service, Customer Identity and Access Management, Penetration Testing Service, Captcha, Tencent Cloud Firewall, Tencent Ecard, Key Management Service, Tencent Container Security Service, Bastion Host, Payment Risk Management and Security Service Platform (collectively, “Features”).
This Module is incorporated into the Data Processing and Security Agreement (“DPSA”). Terms used but not defined in this Module shall have the meaning given to them in the DPSA. In the event of any conflict between the DPSA and this Module, this Module shall apply to the extent of the inconsistency.
2. Personal Data We Process
We may process the following data in connection with the Features:
Data Category | Details |
Configuration Data | Configuration and settings including domain name, defence rule, task, network, captcha, asset, system attributes, application, service and security settings for the Features, data and other resources. |
User Interaction and Application Data | Information in relation to your or end user's interaction with the Features such as operation log, vulnerability scan information (e.g. website, host, API, domains), users' activities, task identification, number of authorized assets, application and certification management settings. |
Service Generated Content | Data generated or derived by Tencent Cloud through your use of the Features such as attack analysis and asset risk monitoring data, traffic, connection analysis, Captcha statistics, encryption key, exposure inventory, types and connectivity of assets, security certificate information, configuration flaws and vulnerability data, remediation data and status. |
End User Device Information | Data about device of end user of your application to the Features such as device model, identifier (e.g. OAID, SAID, IDFV), operating system, connection, browser, system attributes. |
Authentication and Security Credential Information | Information for user and role management for the Features such as user group, name, profile, remarks, login attributes. |
To provide the Features to you, we may also process the above data through integration with our features as follows:
Blackrock Physical Server
Cloud Data Warehouse;
Cloud Object Storage;
Cloud Virtual Machine;
Edge Computing Machine;
Simple Email Service;
Short Message Service;
Tencent Cloud Lighthouse;
TencentDB for MySQL;
TencentDB for MongoDB;
TencentDB for Redis; and
Tencent Kubernetes Engine.
3. Purposes of Processing
We process the data categories in Section 2 for the purposes set out below:
Provide our Features. We use data including Configuration Data, User Interaction and Application Data, Service Generated Content, End User Device Information, and Authentication and Security Credential Information to provide you and your end users with the Features; and
Maintain your configuration settings. We use data including Configuration Data to maintain your configuration settings of the Features and deliver statistics to help you manage the Features.
4. Sub-Processors
As specified in the DPSA.
5. Data Retention
We will retain personal data in Section 2 for as long as it is necessary for the fulfilment of the purpose(s) as described in this Module and as required or authorized by applicable laws, to resolve disputes and to enforce our terms and conditions, other applicable terms of service, and our policies. The actual retention period can vary for different data categories, depending on the context of your interactions with us, your configuration set up and your use of the Features.
For example, we retain most of the Configuration Data for as long as you use the Feature to provide you with the Feature and maintain your configuration settings in general.
For Authentication and Security Credential information, we generally retain data such as user management, access control data and user attributes until you manually delete such data for the purpose of providing you with the Features.
For Service Generated Content such as attack analysis data in relation to our Anti-DDoS Feature, we retain such data up to 1 year to provide the Feature; whereas for Service Generated Content in relation to our Security Service Platform Feature, we retain such data until you request deletion of such data or terminate your account.
Other criteria used to determine the retention periods include:
a longer or shorter retention period is requested or determined by you;
such data is configured to be automatically deleted after 60 days of first being recorded;
such data is configured to be stored for defined period until the storage capacity exceeds 50GB for which such data will be deleted earlier;
such data is configured to be retained until we have provided the final penetration test report to you; or
required or authorised by applicable law.
If you have any question or require additional information relating to the above (including where you require further or more specific information on how long we store data subject personal data), please refer to our Contact Information section in our Privacy Policy.
6. Special Conditions
You must ensure that the Features are only used by end users who are of at least the minimum age at which an individual can consent to the processing of their personal data. This may be different depending on the jurisdiction in which an end user is located.
You represent, warrant and undertake that you shall provide all notices and disclosures to data subjects (including in relation to your use of the Features), have a lawful basis for processing the relevant data subjects’ personal data, and shall obtain and maintain all necessary consents from end users in respect of the processing of their or the data subjects’ personal data (as applicable) in respect of the Features (including for the purposes of providing the Features), in accordance with the applicable laws and so as to enable us to comply with applicable laws. You agree you will indemnify and hold Tencent harmless from and against all claims, liabilities, costs, expenses, loss or damage (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) incurred by Tencent arising directly or indirectly from a breach of this requirement.
You represent, warrant and undertake that you are solely responsible for your use of the Features and its respective functions, and you have and will only use the Features and/or integrate the Features in your product, service or platform (as applicable) in compliance with (i) applicable laws and (ii) app store rules, agreements, terms or guidelines applicable in respect of the collection, storage, processing, transfer, disclosure, and use of any end user data in connection with your product, service or platform that uses and/or integrates the Feature, including (without limitation) the Apple Developer Agreement, Apple Developer Program License Agreement, App Store Review Guidelines, Google Play Developer Distribution Agreement, Developer Program Policy, Developer API Terms of Service, Google Play Best Practices, and Google Play Developer Resources, in each case as amended or replaced from time to time.
You represent, warrant and undertake that to the extent the Features is used in connection with any determination or decision that may have an impact on a person’s fundamental rights and freedoms (each a “Decision”), you will ensure that such Decision is independently auditable and verifiable, including by an appropriately trained and qualified person, and, without limiting the foregoing, that you have obtained all required consents, provided such disclosures, and complied with applicable laws, to ensure the lawful use of the Features for the purposes of facilitating such Decision.
Please note that we will only collect, process, store, or otherwise access the content generated by the end users of this function (hereinafter referred to as "UGC Content") as per your instructions. You declare, warrant, and commit that you (i) bear full responsibility for the use of the Features and UGC Content by the end users (including compliance with any relevant provisions related to UGC Content); (ii) ensure that the end users do not directly or indirectly transmit any UGC Content related to our provision of the Features to Tencent, unless in compliance with any applicable laws; and (iii) always use this function and/or integrate the Features into your products, services, or platform (if applicable) in compliance with any applicable laws.
You acknowledge, understand, and agree that (i) we do not make any representation or warranty or give any undertaking that the Features will be in compliance with any applicable laws or regulations, and (ii) any reliance on or use of the Features is at your sole risk.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback