Publish Date: April 15, 2020
Welcome to Feishu products and services (including but not limited to Feishu, Feishu Docs, Feishu Meeting, Feishu Conference Room and other products and services, collectively referred to as this “Platform”).This Platform is a multi-platform office management communication and collaboration tool providing functions of, among others, instant bi/multi-party involved voice SMS, picture, and text message communication service as well as member management, enterprise contacts, Docs, calendar, voice and video calls, video conferencing and emails, as well as interconnection services with other software. Control of the services or operations of this Platform is provided by Beijing Feishu Technology Co., Ltd. (hereinafter referred to as“we”, “us”, or “Feishu Technology”).This Policy sets out the basis on which any Personal Data from you will be processed, collected, used, and disclosed by us when you access or use this Platform.
(2) In order to provide you with a high-quality and convenient use experience, we will pre-install some of the apps in the Feishu App Store (hereinafter referred to as "Pre-installed Apps") in this platform. You can click to view the Pre-installed Apps on the Feishu workplace for information. If you choose not to use a Pre-installed App, you can delete such Pre-installed App on the workplace; deleting the Pre-installed Apps will not affect your normal use of the other features/applications of this Platform.
(4) If you use this Platform as a member of a corporate User, then your employer is the controller of (Personal Data related with you provided to us), we are the data processor, collecting and using your information only for providing services to your employer. We will process your Personal Data according to your employer’s requirements. Your employer may have its own privacy statement, and this Policy shall not be taken as a placement of your employer’s privacy statement.
These terms constitute a legally binding agreement between you and us. We hereby specially remind you that you should carefully read and fully understand all provisions of this Agreement, in particular, the provisions on exemption from or relief of our liabilities, limitations on your rights, dispute resolution, and governing law etc.. The provisions on limitations or exemption from liabilities may be in font bold or underlined for reminding a user. A user shall prudently read and select to accept or not to accept this Agreement. If you do not agree to these terms, you shall not access or use this Platform. Please read the following contents carefully to understand how we will deal with your Personal Data as well as our practical method.
I. The Personal Data We Collected within This Platform
If you use this Platform as a member of an corporate User, we will collect and process your Personal Data directly through your employer (e.g. when your employer opens your account) and also collect from you directly and process the same (e.g. during your use of this Platform). If you use this Platform as an individual User, we will collect from you directly and process your Personal Data.
(II) Personal Data related to you provided by your employer tous. When your employer opensan account for your use of this Platform, your employer will provide us with certain Personal Data related to you, including your user account name, business e-mail address, business telephone number (if any), workplace information as well asyour supervisor. Your employer may provide us with your additional Personal Data, or update your Personal Data provided to us during your use of this Platform.
You understand and agree that, according to your employer’s representations and warranties, your employer has obtained your prior express authorization before providing your Personal Data to us, your Personal Data collected by your employer are limited to a scope that is necessary for achieving the purpose of this Agreement or any other agreement executeed by and between your employer and us, and your employer has fully informed you of the purpose and scope of collection of your Personal Data and the intended use of your Personal Data collected by your employer. If you can not confirm the contents of the present clause, you shall stop using this service immediately and confirm with your employer the aforementioned matters. We will process your Personal Data as a data processor only as required by your employer and we may assume no legal liability for the collection or use by your employer of your Personal Data.
(III) Information we collect during your use this Platform. When you use this Platform, we will automatically collect your IP address, other tracking technologies, unique identifier of device, model and settings of hardware, operation system and application functions (e.g., MAC address), and details about your use of our services such as browsing records, time zone, area, language setting, server log (including the access date and time), App crashes as well as other system activities; Cookies (as defined below). You may upload, post, submit, or send messages, chats, documents, calendar information, communications or any other content (hereinafter referred to as“User Content”) to or through this Platform. We collect information in regard to the following: documents shared and edited by you on this Platform, calendars created and edited by you on this Platform, your work status, as well as any other User Content you spread on this Platform. Please see belowfor more details.
1. Location data. When you use this Platform, we will process as authorized by you the information about your location, including location information based on your SIM card, IP address or mobile device location settingsor received by use of GPS (if GPS function is initiated by your mobile device). We will use such information to provide you with relevant location-based services, such as provide you with function for arranging conference room when you use calendar service. If you refuse to provide us with your location, we will not provide you with relevant location-based service, but your normal use of Feishu’s other functions and services will not thus be affected.
2. Document service.This Platform’s document function enables you to view and edit a document being viewed simultaneously by numerous persons, add comments to the document and receive “document chats” in real time. When you post the document content and comments, we will collect the information you posted, and display your name, avatar and posted content. Document sharing and editing is linked with Feishu notifications, and can be set according to different user permissions.
3. Calendar service.This Platform’s calendar function enables you to add work status (on a business trip/leave/in a conference) as well as event reminder, subscribe to public agenda or colleague's schedule and send conference invitation. You may choose to accept, reject or hold conference invitation, and such responses will be labeled in the calendar. If you are the controller of a calendar, you can set your calendar privacy as private, public or public within a specific scope. You can subscribe to the calendar(s) of other users but provided that they have consented to the access by you to their calendar(s).
Recommend and represent for you any document that you might be interested in. We probably analysis the content of your documents and your usage habits by using AI technology automatically, to recommend any information you will be interested in and explore better service mode.
Although the majority of web browsers automatically accept Cookies, whether or not to accept specifically is up to you. You have the choice to accept or disable Cookies via consent. You understand and agree that we may store absolutely necessary Cookies which are required for the operation of this Platform, including the Cookies enable you to log into the safe area of this Platform. Cookies stored by us will expire upon your termination of the website session or after 15 days. Storage of the aforementioned absolutely necessary Cookies is an absolutely necessary condition for provision of core services by this Platform. If you do not consent to relevant authorization, you will be unable to use any service of this Platform.
II. How We Use Your Personal Data
We will use your information for the following purposes:
We use the information so that you can be registered with an account as a user of this Platform and login to this Platform through the account for using the instant messaging services supporting bi/multi-party participation and sending voice messages, images, and texts etc., and using other services, including without limitation, the organization member management, enterprise contacts, quick jumps, urgentreminder, DOCS, calendar, voice calls, video calls as well as other software communication services.
You are not required to register an account or provide the aforementioned information if you only need to browse or search the products, functions, and services introduction of Feishu Technolgoy displayed at the official website of this Platform.
Login to your email address and your mobile phone number.
You use this Platform as a member of a corporate User for realizing such enterprise functions as internal display and internal communications etc. required or selected by your employer; unless otherwise agreed in this Agreement, such information shall be controlled by your employer and provided to us.
Where you communicate as a member of a corporate User with a person who is not a member of your enterprise, we will present your name and avatar as well as the name and email address of your enterprise to the other party in order to help the parties identify the other party and increase communiation efficiency.
Name, avatar, enterprise mobile phone number, enterprise email address, department organizational structure.
We use the information to provide you with basic services of this Platform based on relevant technical information and ensure technical requirements for normal operation of this Platform are met according to the specific authorization granted by you in the process of your installation and use of the software.
Model and settings of hardware, unique identifier of device, operation system and application functions (e.g., MAC address), IP address,browsing records, time zone, locale, language setting, and server log.
We use the information to provide you with better and more personalized services, such as more personalized services with consistent experience at different service terminals or devices, input recommendation, client service reception, or information push more suitable for you, understanding of product adaptability, and identification of abnormal account conditions.
Your preference and other operation and usebehaviour information, and location information.
Feishu Technology collects relevant information or discloses relevant information to statutory subjects such as competent authorities etc. for abiding by legal obligations specified by relevant laws, regulations, or rules or the mandatory requirements of governments, judicial organs, or other competent statutory subjects
Personal Data stipulated by laws, regulations, and rules.
We will take reasonable and feasible measures to avoid collection of the Personal Data unrelated to the scope of purposes stated herein. To use your Personal Data beyond the scope of purposes stated herein and the directly or reasonably related scope, we will notify you and obtain your express consent in advance.
If we stop operating the services of this Platform, we will stop collecting your Personal Data, notify you in the form of announcement [ ] day(s) in advance, and delete or anonymize your Personal Data possessed by us according to applicable laws.
III. How We Share, Transfer, and Publicly Disclose Your Personal Data
(I) Sharing and Transfer of Personal Data
1. We will not share with or transfer to any third party your Personal Data, unless we have obtained your prior authorization or consent, or the Personal Data to be shared or transferred are de-identified data and such third party is unable to re-identify the subject of such data.
2. We will follow the following principles when sharing your Personal Data:
Authorized Consent Principle: We will not share your Personal Data without your consent unless such Personal Data shared is de-identified and the third party acquiring such Personal Data is unable to re-identify its natural person subject. If the third party uses the Personal Data for a purpose beyond the scope of the original authorized consent, they need to re-obtain your consent.
Legitimacy and Minimum Necessity Principle: The shared Personal Data must have a legitimate purpose and must be limited to that necessary to achieve the purpose.
Security Prudence Principle: We will carefully assess the purpose of the third parties’ use of the shared Personal Data, conduct a comprehensive assessment of the security capabilities of these partners and require them to follow the cooperation legal agreements. We will carry out strict security monitoring of the software tool development package (SDK) and application program interface (API) of the partners for obtaining information to protect data security.
3. Shared Information for Achieving Functions or Services
(1) When you use the functions provided by our related parties or third parties in this Platform, or when the software service providers, smart device providers and system service providers jointly with us to provide services for you, we will share the information necessary to realize the business with these related parties and third parties to recommend and display specific functions or services more suitable for you.
(2) If you are an employee of a corporate User, when the administrator of the corporate User chooses to open, manage and use third-party products or services through this Platform, he will consent on your behalf that we provide your personal basic information (account number, name, avatar, enterprise mobile phone number, enterprise email address, department organizational structure) and basic permissions to the third-party application service providers, otherwise you cannot use such third-party application services. When using third-party application services, the administrators of corporate User need to read and fully understand and comply with the product functions and privacy protection policies of third-party services. If you, as an individual User, choose to open, manage and use third-party products or services through this Platform, you consent that we provide your Personal Data (account number, name, avatar, enterprise mobile phone number, enterprise email address, departmental organizational structure) and basic permissions to the third-party application service providers, otherwise you will not be able to use such third-party application services. When you open and use the third-party application services, you need to read and fully understand and comply with the product functions and privacy protection policies of the third-party services.
(3) Log in and bind products in this Platform: With your consent, when you use your Feishu account to log in to a third-party product or service (including applications in the Feishu App Store) or bind your account to other third-party accounts, we will share your basic information (name, avatar) and other authorized information with the above-mentioned product or service.
(4) Location service provider (Amap). We will provide your de-identified location data to the Location service provider (Amap), so as to provide you with more precise location in the calendar function.
(5) Affiliates. We undertake not to share your Personal Data with any Affiliates under unnecessary circumstances, excluding necessary circumstances: we may provide you with the service you need only after sharing your information. However, for the purpose of providing you with better relevnat services, we may store, transfer, and process your Personal Data using more sophisticated tools, including Toutiao Cloud provided by Toutiao and relevant function plug-ins, provided by Affiliates based on the purposes of using your Personal Data under this Platform.
(6) Other auxiliary processing program supporters. You understand and agree that we need to cooperate with relevant processing program supporter so as to provide you with core business functions of this Platform. Therefore, we may share with the processing program supporter your Personal Data collected by us as authorized by you provided, however, that such sharing of information will follow proper, legal, and necessary principles. We will send to you a separate notice stating the scope and type of your Personal Data to be shared with relevant processing program supporter and such notice constitutes a valid part of this Agreement.
We will only share with third parties the information necessary for achieving the purposes stated herein and you understand and authorize such information sharing by us. If it is necessary to use your Personal Data beyond the scope of purposes stated herein for business needs of a third party, such third partywill required to re-obtain your consent.
Prior to the cooperation with a third party, we will make commercially reasonable efforts to test the security capability of such third party, evaluate whether it is proper, legal, and necessary to share relevant information with such third party, execute a confidentiality agreement with such third party, carry out technical monitoring against the inquiry activities by such third party, and urge such third party to abide by laws, regulations, rules and the confidentiality and security measures specified in the agreement in case that such third party uses the user information.
2. Transfer of Personal Data in the case of merger, acquisition, or asset transfer
We probably conduct merger, acquisition, or asset transfer as our businesses develop continuously, and your Personal Data may thus be transferred. In case of any aforementioned change, we will continue protecting, or require the transferee of your Personal Data to continue protecting your Personal Data according to relevant laws and regulations as well as the security standards no less stricter than those of this Policy. Or else, we will require the transferee of your Personal Data to re-obtain your authorization or consent.
(II) Public Disclosure of Personal Data
We will not publicly disclose your data without your consent. However, we may, in accordance with the type of Personal Data and way of disclosure as required, disclose your Personal Data to an administrative and enforcing authority or judicial authority if disclosure of you Personal Data is required by requirements of relevant laws, regulations, rules, other regulatory documents or compulsory administrative enforcement or judicial requirements. When receiving the request for disclosure, we will require the presentation of corresponding legal certificate and we will only provide the data to law enforcement department or judicial organ with legal authority for special investigation on legal basis, in accordance with relevant laws and regulations. To the extent permitted by laws or regulations, the documents disclosed by us will all be protected by encryption measures.
You understand that we may share, transfer, and publicly disclose your Personal Data according to laws, regulations, and national standards without your authorization or consent under following circumstances:
(1) Sharing, transfer, or public disclosure of those Personal Data is directly related to national security or national defense security;
(2) Sharing, transfer, or public disclosure of those Personal Data is directly related to public security, public health, or significant public interests;
(3) Sharing, transfer, or public disclosure of those Personal Data is directly related to criminal investigation, prosecution, judgment, or execution of judgment and so forth;
(4) Sharing, transfer, or public disclosure of those Personal Data is for protecting significant lawful rights and interests, such as life and property, of you or other individual but it is difficult to obtain principal consent on such sharing, transfer, or public disclosure, unless otherwise prohibited expressly by laws or regulations;
(5) Those Personal Data have been made public by yourself; or
(6) Those Personal Data have been collected from the lawfully and publicly disclosed data, such as lawful news reports, government-publicized information and other channels.
According to the provisions of laws, sharing or transfer of de-identified Personal Data which cannot be restored by the receiving party and of which the subject of Personal Data cannot be identified by the receiving party is not outward sharing, transfer, or public disclosure of Personal Data, and we may process such Personal Data without notifying you or obtaining your consent separately.
IV. Where We Store Your Personal Data
(I) Location of storage
Your personal information collected and generated in the course of our operation within the territory of the People’s Republic of China will be stored in the territory of the People’s Republic of China in accordance with the provisions of applicable laws and regulations. At present, we will not transmit such information abroad. Where there is any need for such transmission, we will abide by the applicable regulations of relevant country or ask for your consent.
(II) Period of retention
During the period when you use this Platform, we will continuously protect your Personal Data for a period as necessary for providing you with our services. After you terminate the use of this Platform, we will delete or anonymize your Personal Data, unless the retention of specific information is otherwise stipulated by laws or regulations. If we stop operating the services of this Platform, we will delete or anonymize your Personal Data possessed by us according to applicable laws within a reasonable period.
V. How We Protect the Security of Your Personal Data
(I) We attach great importance to the security of your Personal Data. At present, Feishu has passed the assessment of national information security level (Level III) and been filed therewith, as well as certification of international authorized information security management system (ISO 27001). We have set up data security rules and regulations and implemented safety technical measures, so as to prevent your Personal Data from being accessed or modified without authorization, avoiding damage or loss of data. We adopt encryption techniques, such as Transport Layer Security Protocol and the like, for our network services, so as to ensure the security of your data in the process of network transmission.
(II) We adopt strict control over the data processing authority to avoid illegal use of data; we strengthen the security of Personal Data in the process of use by data desensitization means such as de-identification with mosaics and so forth; we store your Personal Data in an encrypted manner using the encryption techniques adopted widely in the industry, and isolate your Personal Data by data isolation techniques. For example, we have encrypted all data and information stored in our servers or on your terminal devices. We have been adopting and implementing such technical measures and organization and management methods all the while, and we may modify and improve the same from time to time so as to improve the overall security of the system.
(III) Although we have taken the abovementioned reasonable measures, and have abided by the standards required by relevant laws and regulations, you understand that, due to technical limitation and various potential malicious methods, it is impossible to maintain completely secure all the time in the internet industry even though one's ability is exhausted to enhance security measures. We will try our best to ensure the security of your Personal Data provided by you to us. You know and understand that any problem may occur in the system or communications network used by your access to our services due to any factor beyond our control. Therefore, we strongly suggest you take active measures, including but not limited to using complicated password, regularly changing the password, and avoiding disclosure of your Personal Data such as your account password and so forth to any other person, so as to protect the security of your Personal Data.
(IV) In case of any incident endangering network security, we will take corresponding remedial measures according to emergency response plan for internet security incident. If our physical facilities or technical safeguard measures are damaged, thus your Personal Data are disclosed, provided illegally, or misused, causing damage to your lawful rights and interests, we will bear corresponding liabilities in strict accordance with provisions of laws.
(V) After we know or are informed of any security incident of Personal Data in which your Personal Data is disclosed, provided illegally, or misused, we will notify you of the following within ten (10) days as required by laws and regulations: basic information about the security incident, possible influence of the security incident, the measures we have taken or will take, our suggestions on your possible preventive measures and risk reduction, and the remedial measures we may take for you and so forth. Relevant situations about the security incident will be sent to you by push notification at this Platform. If it is difficult to notify each subject of Personal Data of relevant situations about the security incident, we will publish an announcement in reasonable and effective manner. In addition, we will report our treatment of the security incident of Personal Data to the competent regulatory authorities as required thereby.
VI. Your Rights
(I) How to Access and Correct Your Personal Data
1. Access Personal Data. To access avatar, name, work status, department, immediate supervisor, email address, or mobile phone number, you may click the personal avatar at the top left corner of Feishu.
2. If you are an employee of a corporate User, you may submit an application for data correction to your employer, and the administrator of corporate user will handle the application.
(II) How to Cancel Your Account
If you are an employee of a corporate User, you may submit an application for deleting your personal account to your employer, and the administrator of corporate user will handle the application. If you are an individual User, you can submit your online cancellation application through this Platform.
We will use reasonable commercial efforts to generally notify all users of any material change in this Policy, such as through a notice on this Platform, however, you should look at this Policy regularly to check for relevant changes. We will also update the “Updated Date” and the “Effective Date” at the top of this Policy. Your continued access to or use of this Platform after the date of the updated Policy shall be deemed as your acceptance of the updated Policy. If you do not agree to the updated Policy, you must stop accessing or using this Platform.
Questions, comments and requests regarding this Policy are welcomed and shall be sent email@example.com. Generally, we will give you a reply within fifteen days following receipt of your relevant information and verification of your identity.
IX. Provisions on Minors
We will protect minors’ Personal Data according to relevant laws and regulations of the State, and will collect, use, store, share, transfer, or disclose a minor’s Personal Data only to the extent permitted by law or agreed expressly by a parent or any other guardian of such minor or where it is necessary to protect such minor. If we find that we have collected a minor’s Personal Data without the verifiable prior consent of such minor’s parent, we will try to delete relevant data as soon as possible.
(II) The headings herein are inserted for convenience and ease of reading only, and in no way affect the meaning or interpretation of any provision hereof.
(III) Definitions of following terms used herein
1. “Affiliate”: means an entity that is controlled by, controls, or is under common control with Feishu Technology. As used herein, “control” means the power of an entity to direct major business acts or activities of another entity, the formation of the power may be based on stock, voting right, or any other relationship generally deemed as having directing power or significant influence.
2. “De-identification” or “de-identified”: means that the Personal Data are technically processed so that their subject cannot be identified without using additional information.
3. “Anonymization”, “Anonymized”, or “Anonymize”: means the process in which the Personal Data are technically processed so that their subject cannot be identified, and the Anonymized Personal Data cannot be restored.
(IV) The copyright of this Policy is owned by us, and we have the rights to interpret and modify this Policy to the extent permitted by law.