Last updated: March 31, 2023
Effective date: March 31, 2023
HUAWEI CLOUD WeLink (hereinafter called "WeLink", "We", or "Service") is operated by Huawei Cloud Computing Technologies Co., Ltd. and provides you with services or products. We understand and respect the importance of your privacy. We are committed to taking appropriate security measures to protect your personal information in accordance with relevant laws and established industry security standards. Thank you for using WeLink.
Abstract
You can read the HUAWEI CLOUD WeLink Privacy Statement Abstract to understand the purpose, method, and scope of personal information collection and use by WeLink.
Version Changes
Please carefully read the changes made to this Privacy Statement:
Important Notes
Before you use our products and services and submit your personal information to us, please carefully read this HUAWEI CLOUD WeLink Privacy Statement (hereinafter called "Statement") and related supplementary documents,especially the terms in bold.
This Statement describes how we collect, use, and disclose your personal information, as well as legal bases and security measures implemented by us to process your personal information. It also provides ways and methods to exercise your legal rights. However, this Statement may not cover all scenarios. We will inform you of specific services or functions that collect your personal data through further statements or notifications. You reserve the right to agree to or reject such forms of data collection.
If you are an enterprise or organization, by enabling this Service, reading, understanding, and receiving this Statement, and completing registration, this Statement is legally binding upon you. If you are an end user, by enabling WeLink, reading, understanding, and receiving this Statement, this Statement is legally binding upon you. If you do not accept some or all of the terms herein, the services and functions provided for you may be limited.
This Statement applies to WeLink products, functions, or services, including but not limited to corporate address books, instant messages, message notifications, work calendars, security management, audio and video meeting, live broadcast, smart screen, Clouddrive, knowledge community, attendance clock-in/out, Athena, instant translation, approval, open platform/WeCode, WeForm, in-app search, management console, red envelope, and email client through webpages, software, and intelligent hardware.This Statement does not apply to products or services provided by other third parties through the WeLink official website, software, and APIs,including any applications, applets, and HTML5 pages created by third parties through the APIs of the WeLink open platform.This Statement does not apply to applications provided or integrated by other enterprises,including third-party applications enabled by corporate administrators in the WeLink service market. Before selecting and using a third-party service, you must fully understand its product functions and privacy protection policies and determine whether to enable the service based on your requirements.
Definitions:
Enterprises or organization refers to a legal person or entity (also called "enterprise and organization user" or "your enterprise") that has an enterprise or organization account enabled by an authorized natural person and all management permissions of the account. An enterprise or organization can authorize administrators to create a dedicated workspace. Administrators can invite and authorize end users to join the workspace to create a collaborative office.
Enterprise or organization account refers to the object records the enterprise or organization information in this Service.
End user refers to the individual (also called "authorized user", "individual user", or "you") who is authorized or invited by an enterprise or organization to join the workspace in this Service. If an end user obtains the workspace management permission of an enterprise or organization, the end user is also called the enterprise or organization administrator.
Enterprise or organization administrator refers to an end user (also called "enterprise administrator") authorized by the enterprise or organization to configure and manage their workspace through the management console in this Service. If an enterprise or organization authorizes a natural person to register and enable an account in this Service, the natural person automatically becomes the enterprise or organization administrator. The enterprise or organization administrator can be one or more persons. Different permissions can be assigned to different persons.
Minor and child refer to a person under the age of 18 and a minor under the age of 14, respectively.
Personal information refers to various types of information recorded electronically or otherwise, related to an identified or identifiable natural person, excluding information that has been anonymized.
Sensitive personal information refers to the most confidential information of an information subject or information that, once leaked or illegally used, may easily cause harm to the dignity or personal or property safety of a natural person, including information relating to biometric recognition, religious beliefs, specific identities, healthcare, financial accounts, individual location tracking, as well as personal information of minors under the age of 14.
Anonymization refers to the process after which personal information can no longer be used to identify a specific natural person and cannot be restored. Anonymized information is not personal information.
De-identification refers to the process after which personal information can no longer be used to identify a specific natural person without additional information.
This Statement is intended to help you understand the following:
1 How We Collect and Use Your Personal Information
To quickly understand how we collect and use your personal information, please read the HUAWEI CLOUD WeLink Personal Information Collection document. For details, please see the following description.
1.1 Personal Information
We only collect personal information required for essential operations to provide excellent products and services. The personal information we collect depends on the services and functions you use. You can agree to or reject our request to collect your personal information. Some services and functions will be available only if you provide personal information. As your information processor, we will seek your consent through a specific statement, pop-up window, or other conspicuous means before we collect your sensitive personal information.
The following describes the scenarios in which we collect, process, and use your personal information.
1.1.1 Enterprise or Organization Account Registration
To provide enterprises and organizations with account registration, facilitate the signing of the service agreement, and fulfill obligations, we will collect your corporate contact information during account registration, including your name, mobile number, email address, enterprise or organization name, geographical area (region), and industry.
1.1.2 Complaints and Feedback
If you encounter anything illegal or inappropriate when using our products and services, you can provide feedback through "Report" and "Assistance". To verify an issue's authenticity, we will obtain the user ID, submitted complaints, supporting materials (including images), and phone number.
If you encounter a system breakdown, program fault, incorrect error message, or design issue, you can provide feedback through "Feedback". To troubleshoot and locate faults, we will obtain submitted complaints, supporting materials (including images), phone numbers, event logs, device IDs (such as Android ID, IMEI, IMSI, OAID, ICCID, GAID, MEID, SN, IDFA, and IDFV), device information (such as device name, model, and operating system), MAC address, and IP address.
1.1.3 Product Operations
To check whether your device meets usage requirements and supports software installation and update, we will collect information about your device based on your device model and permissions granted during the installation and use of this Service, including the device ID (such as Android ID, IMEI, IMSI, OAID, ICCID, GAID, MEID, SN, IDFA, and IDFV), device information (such as device name, model, and operating system), and network information (such as network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status).
To provide you with better products and services, optimize services and functions, and improve operations efficiency, we will collect user operation logs, device IDs (such as Android ID, IMEI, IMSI, OAID, ICCID, GAID, MEID, SN, IDFA, and IDFV), device information (such as device name, model, and operating system) and network information (such as network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status)
1.1.4 Device information and log information collected by the system
To fulfill our legal obligations or under other circumstances as specified by laws and regulations, ensure product network security and data security, improve the service security, identify illegal behaviors, and prevent phishing, frauds, network vulnerabilities, computer viruses, network attacks, and network intrusions, execute and improve our loss prevention and anti-fraud programs, we will collect relevant data for security detection, including device information (such as device name, model, and operating system), device ID (such as Android ID, IMEI, IMSI, OAID, ICCID, GAID, MEID, SN, IDFA, and IDFV), network information (such as network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status), user ID, phone number, enterprise or organization name, and business contact (such as name, phone number, and email address). We may collect IP addresses, MAC addresses, IMEIs, and other device identifiers during application running in the background for risk verification.
1.1.5 Open Platform/WeCode
We will collect the service providers' names and business contact phone numbers and provide the information to end users in WeCode.
1.2 End User Data
End users herein refer to the users authorized or invited by an enterprise or organization to access or use this Service.
Enterprises or organizations entrust us to provide collaborative office, digital connection, and communication services. The enterprise or organization entrusts us to handle the information submitted or produced by them and the end user (you) in this Service. Such information is submitted or produced by enterprises, organizations, or end users or produced when you use this Service. The information is called entrusted individual information. We are only the entrusted party, and your enterprise or organization is the processor of such information. We process your personal information according to the instructions of the enterprise or organization (including the operations performed by the enterprise or organization administrator through the management console) and signed agreements.
If you are an enterprise or organization, you promise that, as the personal information processor, you have obtained end users' consent or have control over end users' personal information according to applicable laws. That is, you promise that you have obtained authorization and have the right to authorize us to process end users' personal information mentioned in this Statement. You shall be responsible for the security of personal information and data privacy in accordance with applicable laws governing end users' personal information under your control.
If you are an end user, please confirm that your enterprise or organization obtained your explicit authorization in written or electronic form before collecting and submitting your personal information or legally owns your personal information and that you have been fully informed of the purpose, scope, method, and period of collecting and using your personal information. If you cannot make this confirmation, please stop accessing or using this Service until you confirm with the enterprise or organization. You can also contact us through the information provided in this Statement. We will cooperate with you and handle such issues to the best of our capabilities.
If you are an end user, we receive and process the following personal information entrusted by an enterprise or organization.
1.2.1 Account Login
To provide the account verification function that enables your enterprise or organization to check whether your account belongs to the corresponding enterprise or organization during login, we will collect your account information and authentication information, including your mobile number, email address, user ID, and account password.
We will collect your Huawei ID and mobile number to help you link a Huawei ID so you can quickly log in to your WeLink account.
For security management purposes, your enterprise or organization may connect its authentication system and use the single sign-on (SSO) method. In this case, we will not collect your authentication information but only obtain your account ID and authentication result to link your WeLink account.
1.2.2 Enterprise or Organization Address Book
To provide the contact management function for enterprises or organizations and provide the function of viewing internal and external contacts to end users (employees or members), we will collect and process personal information based on the configuration and requirements of enterprises or organizations, including the name, gender, profile picture, birthday, personal signature, phone number, email address, user ID, employee ID, job title, position/role, department, work address, remarks, or fields defined by the enterprises or organizations.
If you want to import external contacts into the Contacts module provided by WeLink, we will obtain your authorization before accessing your phone address book.
This Service enables communication exchange among enterprises and organizations that have completed real-name authentication. Your enterprise or organization has the right to control the communication list of external enterprises or organizations and internal employees. If this function is enabled, based on your administrator and your instructions, specific fields in your enterprise or organization address book will be disclosed to other enterprises or organizations to query.
1.2.3 Instant Messaging
To provide instant messaging functions for enterprises or organizations and their end users, such as one-on-one and group chat, group voting, group note, and group bulletin, we will process your user ID, device ID (such as Android ID, IMEI, IMSI, OAID, ICCID, GAID, MEID, SN, IDFA and IDFV), device information (such as device name, model, and operating system), network information (such as the network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status), instant messaging content (text, image, voice, audio, video, file, and location), clipboard (The clipboard content is read-only during pasting and the content will be cleared if the app is exited.)
We do not save your call content when you make audio and video calls in WeLink.
When you choose to send local files and images, we will obtain your explicit authorization and consent to access the album or storage media on your mobile device.
When you choose to share or send your location, we will invoke AMap to obtain and display your location. We will only obtain your location information if you proactively share or send your location. Location is sensitive personal information.
When you use the speech-to-text function, the voice content will be uploaded to the server and converted to text in the specified language.
We will send your messages to specific recipients and store the messages on the server for a period (90 days by default or as specified by the enterprise or organization administrator) to ensure that the same information can be read on multiple devices (PCs and mobile devices running iOS or Android).
For you to receive messages from other users in time when you go offline, we have integrated the message-pushing technologies developed by some device manufacturers, such as Huawei, Xiaomi, OPPO, VIVO, Meizu, and Google, who may use your device ID, model, OS version and network information. If you do not want to receive such messages, disable this function through Me > Settings > Notifications or the Notification item on your phone.
1.2.4 Email Client
The mobile application provides an email client for administrators and employees to configure mailboxes. Employees can send and receive emails after configuration. We will process user IDs, email addresses, and configuration data of enterprise or organization email servers but will not collect or save your email content. Your email service provider will process related content.
1.2.5 Work Calendar
You can use the work calendar to add meetings, schedules, reminders, and other arrangements, subscribe to the schedules of teams and colleagues, and send and accept meeting invitations. User IDs, names, information, time, and location in the calendar are collected for this function.
If you want to synchronize the work calendar information from WeLink to the Calendar app on your phone, you need to authorize WeLink to access the Calendar app. If you do not authorize WeLink access to the Calendar app, you cannot synchronize information, but you can use other WeLink calendar functions.
1.2.6 Security Management
To meet security management requirements, your enterprise or organization may enable security fences, data shields, and confidential communication. If these functions are enabled, related data will be collected and processed to provide security assurance capabilities for enterprises or organizations. The data includes the account information (such as the user ID, name, phone number, email address, and department), device ID (such as Android ID, IMEI, IMSI, SN, IDFA, and IDFV), device information (such as the device name, model, and operating system), network information (such as the network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status), user operation logs, login logs, clipboard (the clipboard content is read-only during pasting and the content will be cleared upon exiting the app), and software installation list (read but not saved). We may collect IP addresses, MAC addresses, IMEIs, and other device identifiers during application running in the background for risk verification. By default, the device information collected for the security fence function will be automatically deleted after your account is deregistered.
1.2.7 Audio and Video Meeting
To provide enterprises, organizations, and end users with functions such as scheduling, holding, and managing meetings, we collect and process meeting information, including the user ID, name, phone number, email address, department, employee ID, meeting address, meeting type, time, and notification.
We will require access to your device or external cameras and microphones. We will need to access your video and audio streams to forward these streams at your discretion. Video and audio streams will only be retained on the server if the recording function is enabled.
During desktop sharing, we will capture your screen to obtain the relevant content for sharing based on your selection. However, we will only store this information on the server if the host or a specified participant enables the recording function.
If a host or a specified participant enables the meeting recording function, we will collect the audio and video stream file and save it in Clouddrive or local memory. If the recorder selects local recording, the recordings will be controlled by the recorder and cannot be accessed by others. If the recorder selects cloud recording, the recordings will be encrypted and stored on our server. The host can manage and delete the recordings.
For the messaging function, we will collect the messages (including texts and images) you send to all participants or specified participants in real time. After the meeting ends, the data will be automatically deleted and not stored on the server.
If you enable the live caption function, we will collect audio streams, convert them into subtitles in real time, and display subtitles on the meeting screen. We will only store audio streams or subtitles on the server if the recording function is enabled.
To improve meeting quality and operations, we will collect and process your device ID (such as Android ID, IMEI, IMSI, SN, IDFA, and IDFV), device information (device name, model, and operating system), network information (such as the network type, MAC address, IP address, Wi-Fi parameters, and Wi-Fi status).
1.2.8 Live Broadcast
To provide live broadcast, interactive training, and video on demand (VOD) functions for enterprises, organizations, and end users, we will need to process releaser information (including user IDs, names, and departments), live broadcast information (including the topic, speakers, releasers, start time, end time, and status), as well as audio and video streams.
1.2.9 Clouddrive
To provide cloud storage space and allow enterprises, organizations, and end users to manage files, view, edit, share, and print documents on the cloud, and use WeNote, we will process the following information: user ID, name, department, email address, cloud file, and cloud file metadata (including the name, owner, and permission).
1.2.10 Knowledge Community
To provide enterprises, organizations, and end users with internal subscriptions to the knowledge community, official accounts, Q&A, bulletins, blogs, and articles, we will collect and process account information and uploaded data, including the user ID, name, phone number, employee ID, nickname, profile picture, remarks, department, user-submitted content, comments, and likes.
Enterprises and organizations can push notifications to their employees through official accounts.
End users can post blogs, write comments, and ask and answer questions in the knowledge community.
We provide a redirection link to the third-party website Xiumi on the editing page for you to release articles in the knowledge community. You can use various functions provided by Xiumi to edit your content. However, we will not transmit your personal information to the website during and after the redirection. WeLink is not responsible for the services provided by this third party. The content and description on its website, as well as products and services, are not controlled by our company. Therefore, we are not responsible for the content, products, or links provided on the website. Before using the services provided by Xiumi, please read and understand the personal information that will be collected by the third party and their privacy policy and user agreement. You acknowledge that you assume legal responsibilities for the content you upload, release, or transfer and bear all risks for any use of the content and information. We assume related responsibilities stipulated in laws.
1.2.11 Clocking In/Out
To provide the clock-in/out function for enterprises, organizations, and end users, we will collect and process your account information, device information, and uploaded data, including your user ID, name, department, work address, and device information (such as the device name, model, and operating system).
If your enterprise or organization has enabled the location-based clocking in/out rule, after obtaining your explicit authorization, this function will directly obtain your location information to determine whether you are within the permitted range for clocking in/out.
If your enterprise or organization has enabled the clocking in/out rule based on face recognition, this function will collect your facial image through the camera and compare it with the facial features stored on the server to complete clocking in/out.
To implement the attendance management function for your enterprise or organization, your location or face capture information will be stored on the server for the minimum period specified by your enterprise or organization.
Location information and face capture information are sensitive personal information. We do not collect or use your location and face capture information when you do not use the clock-in/-out function. By default, this function is disabled. Related information will be collected only when you explicitly agree to and proactively use the clock-in/-out function. You can disable it in the settings of your device at any time.
1.2.12 Athena
Athena is a virtual assistant that provides text- and voice-based services. It converts speech into text and answers questions for enterprises, organizations, and end users. If you enable this function, your account information and uploaded data will be collected and processed, including your user ID, input text, and input audio.
1.2.13 Instant Translation
This Service will obtain your account information (user ID) and source text to provide online translation service.
1.2.14 Approval
To provide capabilities such as approval process configuration, approval process initiation, process printing, and approval list export, your account information and uploaded data will be collected and processed, including your user ID, name, employee ID, department, and content you submit.
1.2.15 WeForm
This function provides enterprises, organizations, and end users with form creation, fulfillment, and automatic statistics collection services. If you enable this function, your account information and uploaded data will be processed, including your user ID, name, department, employee ID, and content you submit.
1.2.16 Open Platform/WeCode
This Service provides the WeLink Store, open platform, and WeCode. You or your administrator can enable other WeLink basic applications or third-party applications. Your enterprise or organization can also release self-developed applets. If you do not want to use an application, contact your administrator to stop the application in the management console.
The open platform provides the development, launch, and usage management functions for self-developed and third-party applets for enterprises, organizations, and end users, including the development platform, application center, and developer console. We will collect and process your account information and uploaded data, including your user ID, name, service provider, contact information, and applet information.
The open platform also provides the function of using and managing third-party applications.
For details about the personal information collected by enterprise-built or third-party applications and the purposes for using the personal information, see the privacy statement provided by each application. Before using such applications, please fully understand the related privacy policies and the personal information that the applications collect.
1.2.17 In-App Search
To provide various functions, such as searching for chat history, contacts, documents, departments, functions, and articles, this function will collect and process your account information and uploaded data, including your user ID, name, email address, phone number, department, and keywords. By default, only the latest 20 records will be retained.
1.2.18 Management Console
This function provides a management console that enterprises and organizations can use to manage users, meetings, applications, knowledge, and security. The account information of the enterprise or organization administrators will be collected and processed, including user IDs, names, IP addresses, user operation logs, email addresses, and Huawei Cloud account IDs.
1.2.19 Red Envelop
This function is only available to enterprises or organizations that complete authentication and allow end users to send red envelopes. You need to bind your Alipay account. The payment and transaction services are provided by AliPay (China) Network Technology Co., Ltd. WeLink only collects and processes the user ID, name, and Alipay account.
Some functions, such as instant translation, Athena, recording service, real-time caption, and security management, may charge a fee. You can unsubscribe from these functions, ask your enterprise or organization to do so, or even deregister your account. After you unsubscribe or your enterprise or organization unsubscribes from these functions, or you deregister your account, we will stop collecting your personal information. We will delete your personal information according to the instructions from your or your enterprise or organization unless otherwise required by applicable laws, regulations, and service agreements.
1.3 Device Permissions
To provide you with better services and ensure that WeLink runs securely and stably, we need your authorization to use certain functions of the operating system of your mobile device. If you do not agree to authorize WeLink with the related permissions, you can still use basic service functions provided by WeLink, but you may not be able to enjoy additional services.
You can view the status of each permission in your mobile device settings and enable or disable these permissions at any time. Even with your authorization, we will collect related data only when associated functions or services are required.
For permission application and usage details, see HUAWEI CLOUD WeLink Mobile Terminal Permission Application and Usage Guide.
2 How We Use Cookies
To ensure normal operations of the Service, we may store small data files known as cookies on computers or portable devices. A cookie is a text-only file that network servers store on computers or mobile devices. The content of a cookie can only be retrieved or read by the server that created it. Each cookie is unique to your web browser or mobile application. Cookies usually contain identifiers, site names, numbers, and characters. Websites use cookies to store data about user preferences and other information.
We use cookies to improve user experience, as most websites or Internet service providers do. Specifically, the purposes are as follows:
a. Cookies allow websites to save settings and language preferences on computers or mobile devices. You do not need to reset your preferences whenever you visit a website.
b. Authentication. When you visit the WeLink website, a unique ID is generated to identify you. If the website does not use cookies with the authentication function, it considers every visitor a new visitor each time they visit the website. For example, if such cookies are not used, and you log in to the website and switch to another page, the website will consider you a new visitor.
c. Security. We use cookies to ensure website security.
You can manage or delete cookies based on your preferences. For details, visit AboutCookies.org. You can clear all cookies stored on your computer. Most web browsers can be configured to block cookies. However, if you do so, you may have to change your user settings whenever you visit a website.
3 How We Share, Entrust the Processing of, Transfer, and Disclose Your Personal Information
3.1 Information Sharing
We will not share your personal information with third parties except in the following circumstances:
a. Sharing after your explicit consent. After notifying you of the third party's name, contact information, the processing purpose, processing method, and personal information type and obtaining your explicit consent, we will share information with the third party within the scope of your authorization.
b. Sharing your personal information to fulfill related agreements (including agreements and platform rules) that you signed with us and other legal documents.
c. Sharing under legal circumstances. We will share your personal information in accordance with applicable laws and regulations, legal procedures, litigation/arbitration, mandatory government orders, and regulatory requirements. For example, as required for network real-name authentication in compliance with applicable laws and regulations, we will share your personal information with the third party specified or authorized by the government.
d. Sharing your personal information with a third party within the extent required or permitted by law to protect your privacy, interests, and property, public interest property, and safety.
e. Sharing your personal information to protect national security, public security, and your legitimate rights and interests, and those of others.
f. Sharing your personal information that is disclosed to the public by yourself or accessible from other legal public channels.
g. Sharing with our affiliates. We will only share personal information that is necessary, and such sharing is subject to the purposes stated in this statement. If the affiliates want to change the purposes for which the personal information will be processed, they will ask for your explicit consent. In addition, before providing your information to our affiliates, we will make commercially reasonable efforts to evaluate the legitimacy, justification, and necessity of such sharing. We will also endeavor to ask the affiliates to take necessary security measures to protect your information.
h. Sharing with third-party service providers. If you or your administrator purchases or enables third-party applications (such as applets or SaaS), we will share your personal information (including the profile picture, nickname, and phone number) and basic permissions (such as enterprise or organization permissions and approval interface permissions) with third-party service providers based on instructions from you and your administrator. Such third-party service providers are not subject to this Statement. You can choose whether to access or use third parties' links, content, products, and services. Before submitting personal information to a third party, read the third party's privacy statement carefully.
For more details, see HUAWEI CLOUD WeLink Information Shared with Third Parties.
3.2 Entrusted Processing
We may entrust a partner to process your personal information based on instructions from you or your enterprise or organization so that we can provide you with corresponding services. We will sign agreements with entrusted partners and request them to process your personal information based on our instructions and in compliance with this Statement and any other appropriate confidentiality and security measures. Our partners will not be permitted to use your personal information provided by us for any other purposes. We have the following types of entrusted partners:
a. Entrusted service or technical support providers. With your consent, we may provide your personal information to the following entrusted partners that support WeLink functions:
Partners that provide customer and related services. If you purchase services in WeLink, we may provide your personal information to these partners, who will provide you with customer services, investigation reply, prize delivery, and service recommendations.
Partners that provide live broadcast services. If you or your enterprise or organization enables the live broadcast function in WeLink, we may provide your account ID, name, and comments to these partners based on instructions and requirements from you or your enterprise or organization.
Partners that provide attendance services. If you or your enterprise or organization enables the attendance function in WeLink, we may provide your account ID, name, location, and facial image to these partners based on instructions and requirements from you or your enterprise or organization.
3.3 Information Transfer
We will not transfer your personal information to any company, organization, or individual except in the following circumstances:
a. Transfer with explicit consent: After obtaining your explicit consent, we may transfer your personal information to other parties.
b. Your personal information may be disclosed to the transaction party in case of restructuring, merger, spin-off, dissolution, or bankruptcy.
3.4 Public Disclosure
We will not disclose your personal information unless one of the following circumstances applies:
a. We disclose your personal information after obtaining your explicit consent. If you release applets or SaaS in WeLink, we will disclose your contact information (such as the mobile phone and name) and enterprise or organization name on the release page to users.
b. We may disclose your personal information to protect national security, public security, and the significant legitimate rights and interests of you and others based on applicable laws and regulations. For example, we may disclose your personal data when we believe disclosure is necessary or appropriate to prevent or defend against cyber threats, frauds, physical harm, or financial loss, or when it is in connection with an investigation of suspected or actual illegal activities.
We only disclose your personal information to the extent permitted by applicable laws and regulations and pursuant to this Statement.
3.5 Third-Party SDKs
To facilitate implementing functions and services (such as message pushing and social sharing), authorized third-party software development kits (SDKs) or similar applications will be embedded in WeLink. We will carefully evaluate the purposes of third-party SDKs and perform strict security checks on SDKs or other similar applications. We are not responsible for third parties' data processing beyond the purposes stated in this Statement. If you do not use services provided by third-party SDKs, we will not disclose or send your information to third-party SDKs.
For more details, see HUAWEI CLOUD WeLink Third-Party SDK List.
4 How We Store Your Personal Information
4.1 Data Storage and Retention
We will retain your personal information only as long as necessary for the purposes stated in this Statement unless laws or regulations require an extension of the retention period. The data retention period may vary depending on the scenario and service.
The criteria for determining the retention period are as follows:
a. Time when personal information needs to be retained for business purposes, including providing products and services, maintaining transactions and business records per legal requirements, ensuring the security of the system, products, and services, and handling possible user queries or complaints, or fault locating.
b. Whether the user agrees to a longer retention period.
c. Whether there are specific requirements for data retention in laws and contracts.
According to the Cybersecurity Law of the People's Republic of China, the retention period of network logs related to your use of this Service must be at least six months.
If your enterprise or organization account is deregistered, all related data, end-user accounts, and corresponding personal information under the enterprise or organization account will be deleted automatically after 60 days. The data deletion log is retained for 180 days.
We will retain specific data after collection for business tracing, including product operations data, complaints, and troubleshooting records.
Logs collected for security management will be retained for six months to meet fault location and troubleshooting requirements.
Contact information of third parties and enterprise or organization names collected for users will be automatically deleted if third-party applets stop providing services and are deregistered.
The personal information collected for account login, enterprise or organization address book, email client, work calendar, security management, and the in-app search will be processed based on the instructions of the administrator of your enterprise or organization administrator.
If the administrator deletes your account (or you deregister your account), the account information will be retained for 14 days and then automatically deleted. If the administrator disables your account, the account information will be retained for 14 days after the disabling period (one month by default, which the administrator can set) expires. After 14 days, the account information will be automatically deleted. If an administrator deregistered the account of enterprise or organization, the account information will be deleted 60 days later.
The personal information and chat history collected and processed for instant messaging will be encrypted, retained for 90 days, and deleted after the retention period expires. If your enterprise or organization has special retention period requirements, we can retain data for 180 days, 360 days, or 720 days based on specific requirements.
Data in live broadcasts, Clouddrive, knowledge community, approvals, WeForm, open platform/WeCode, management console, and red envelopes will be deleted as instructed by the administrator or 60 days after the account of enterprise or organization is deregistered.
Clock-in/out data is retained for six months by default. If your enterprise or organization has special retention period requirements, we will retain data based on those requirements.
We do not retain the data generated in Athena and instant translation.
We will maintain your account information as long as it is necessary for us to provide this Service to you. You can also stop a specific service or function, after which we will stop collecting the data related to the service or function. Unless otherwise specified by applicable laws, regulations, or service agreements, we will delete your personal information after the retention period expires. We will provide a retention period for the entrusted information by default. However, if an enterprise or organization has special requirements for the retention period, the retention period and deletion policy will be determined based on their instructions and agreements.
4.2 Data Storage Location
According to laws and regulations, the personal information collected by this Service will be stored in a data center ("server") in the People's Republic of China.
5 How We Protect Your Personal Data
5.1 We Attach Great Importance to the Security of Your Personal Information
5.1.1 Security Measures
We use appropriate physical, management, and technical measures to protect your personal information from unauthorized access, disclosure, use, modification, damage, or loss. For example, we use cryptographic technologies to ensure information confidentiality; we use trusted protection mechanisms to prevent malicious information attacks; we deploy access control mechanisms to ensure that personal information can only be accessed by authorized personnel; we offer security and privacy protection training courses to increase employee awareness about personal information protection.
Although we are committed to protecting your personal information, you are also responsible for safeguarding your information, including but not limited to accounts, passwords, and authentication information. If you find your account or password is being used by others without your permission or notice any abnormal usage, contact us or notify your enterprise or organization administrator promptly. You have the right to request your enterprise or organization to suspend your account if you suspect unauthorized usage.
However, none of these measures is unassailable, and no products and services, websites, data transmissions, computer systems, and network connections are secure.
5.1.2 Event Notification
To prevent possible risks, such as personal data leakage, damage, and loss, we have developed several mechanisms and control measures, clearly defined the rating standards of security incidents and vulnerabilities and corresponding processing procedures, and set up a dedicated Security Advisory and Security Notice page. We have established a dedicated emergency response team to implement security planning, loss reduction, analysis, locating, and remediation and to perform tracking operations with related departments based on security incident handling regulations and requirements.
In the event of a data breach of your personal information that we collect, store, and process, we will inform you or the relevant authorities by publishing an announcement on the HUAWEI CLOUD website or by sending you an email according to the requirements of applicable laws and regulations. If your personal information is leaked for reasons attributable to this Service, we will confirm the consequence and root causes of the data breach and make reasonable efforts to notify you promptly.
6 How to Access and Control Your Personal Information
6.1 Your Right to Your Personal Information
According to applicable laws and regulations, you have the right to access any personal information about you that we hold and request us to update, correct, or remove your data, reject or restrict our use of your personal information, or deregister your account.
6.1.1 Access, Update, and Correct Your Information
a. Enterprise or organization information
If you are an authorized administrator of your enterprise or organization, you have the right to query, correct, and supplement the information about the enterprise or organization. You can view and modify the Chinese name, English name, industry, region, contact name, contact number, and email address of your enterprise or organization on the Settings tab page in the web management console. You can also access, update, correct, and delete employees' personal information in your enterprise or organization on the User Management tab page in the web management system.
b. End user information
You can tap the profile picture in the upper left corner on the WeLink mobile client to set a profile picture, birthday, and signature. Contact the administrator of your enterprise or organization to change the mobile number or email address on the User Management tab page in the management console. If you are not allowed to modify personal information, contact the administrator of your enterprise or organization.
6.1.2 Delete Your Information
You can contact the administrator of your enterprise or organization to delete part or all of your personal information on the User Management tab page in the web management system.
6.1.3 Change or revoke your authorization and consent
In addition to the information required for normal operations, you can change the scope of your authorization and consent.
a. Enterprise or organization
If you are an authorized administrator of your enterprise or organization, you can enable or disable basic, self-developed, and third-party applications. You can also modify the permissions of some applications on the Applications tab page in the web management console.
b. End user
You can tap the profile picture in the upper left corner of the WeLink mobile client to enable or disable functions. In addition, you can change the settings of your smart mobile device to grant or revoke permissions. For example, you can choose Settings > Privacy > Permission manager to modify or revoke the permissions granted to the WeLink app.
After you revoke your consent, we will no longer process your personal information. Your decision to revoke your consent will not affect the processing of your personal information based on your previous consent. Your decision to revoke your consent will not affect the processing of your personal information that is done based on your authorization before the withdrawal.
6.1.4 Deregister Your Account
a. Enterprise or organization
If you are an authorized administrator of your enterprise or organization, you can log in to the web management console, choose Settings > Enterprise Info > Disband the Tenant and deregister the tenant account of the enterprise or organization and all employee accounts under the enterprise or organization account.
b. End user
Contact the administrator of your enterprise or organization to deregister your account on the User Management tab page in the WeLink management console. If you leave your enterprise or organization, we will delete or anonymize your personal information within the period specified by the enterprise or organization administrator.
Please contact us if you need our assistance in exercising the above rights. We will review your request as soon as possible and reply within 15 working days of verifying your user identity.
6.2 Data Accuracy and Integrity
You shall ensure that all personal information submitted to us is correct. We are dedicated to maintaining the accuracy and integrity of your personal data and updating the information in time.
7 How We Handle the Personal Information of Children
You hereby represent and warrant that you are an adult when you start using this Service. If you are a child, your parents or guardian must agree to your use of this Service and agree to the relevant terms of this Service. A child's personal information is sensitive.
If children provide us with their personal information without their parental consent, their parents or guardians can contact us and ask us to stop collecting, using, or disclosing their personal information.
If we accidentally collect children's personal information without verifying prior consent from their parents or guardians, we will attempt to delete the data as soon as possible.
If you are an enterprise or organization user and use this Service for educational purposes, and your end users may be children, ensure that your end users have obtained explicit consent from their parents or guardians before using this Service.
8 How Your Personal Information Is Transferred Internationally
To provide you with services, we collect your personal information and store it in a data center in China according to 4.2 Data Storage Location.
9 Legal Entity
As the WeLink legal entity, Huawei Cloud Computing Technologies Co., Ltd provides you with related services.
10 How This Statement Is Updated
We may update this Statement from time to time based on the changes to our services. If we update this Statement, we will notify you as soon as possible. You are advised to read the latest version of this Statement. If you disagree with the terms in the latest Statement, do not use this Service. If you continue to use this Service, it means that you understand and agree to the latest Statement.
11 Contact Us
We have a department dedicated to personal information protection. If you have any questions, suggestions, or complaints, especially about information subjects' rights and children's personal information, please contact us through the customer service hotline (4000-955-988 or 950808).
You can also submit a request directly to exercise your rights, file related complaints, or report privacy protection issues to us through: WeLink APP -> Me -> Help
We will try our best to respond to and process your requests. If we fail to reply to you in time, we will inform you of the reasons for the delay. We will comply with laws and regulations and strive to reply to your questions within 13 days after verifying your identity and confirming your issues.
If you are not satisfied with our reply, and you think that your legitimate rights and/or interests have been harmed when we handle your personal information, you may file a complaint or lawsuit with data protection authorities or officials with jurisdiction. We will duly comply with effective orders made by data protection authorities or officials with jurisdiction.
IMPORTANT NOTICE: This Statement is provided in both Chinese and English. If there is any difference, the Chinese version shall prevail.