Feishu Projects-Privacy Policy

Post Date: February 4, 2020

Effective Date: February 4, 2020

Welcome to Feishu Projects (hereinafter referred to as this “Software”) and its services. This Software provides a one-stop solution to the problems like group management, to-do management and file sharing in project collaboration and efficient office collaboration services for all kinds of companies, enterprises and other entities (hereinafter referred to as “Entity”). This Software is provided or controlled by Beijing Feishu Technology Co., Ltd. (hereinafter referred to as “We” or “Feishu Technology”).

This Privacy Policy sets out the basis on which any Personal Data from you will be processed, collected, used, and disclosed by us when you access or use this Software.

(1) This Privacy Policy applies to the functions and services (including the group management, to-do management, file sharing and so forth in project collaboration) of this Software itself, but it does not apply to other products or services provided by any third party through this Software. You shall fully understand the terms of services and privacy policy of third party when you choose to use the third party service. You shall properly protect your Personal Data and provide your Personal Data to third parties only when necessary.

(2) When you use your [Feishu] account to log in or use this Software and its services, we will be authorized by you to collect your public information of registering/loging in [Feishu] (including employee name and avatar) at the time of your first login, which allows you to directly use your [Feishu] account to log in and use this Software and relevant services. For those Personal Data that we require but [Feishu] can not provide, we will also ask them from you. If you refuse to provide us with such data, you may not be able to use this Software and relevant services. (3) If you use this Software as an enterprise employee, then your employer is the controller of [Personal Data related with you provided to us], and we are the data processor, collecting and using your information only for providing services to your employer. We will process your Personal Data according to your employer’s requirements. Your employer may have its own privacy statement, and this Privacy Policy shall not be taken as a replacement of your employer’s privacy statement.

(4) In order to provide you with the service, this Software needs you to provide some Personal Data. If you choose not to provide the data required by this Software or some functions, you will be unable to use this Software or such function. Likewise, if we need to collect Personal Data according to relevant laws and you do not provide such data, then we may have to suspend or cancel your right to use. We will notify you if the aforesaid situations occur. Without forcing the provision of data, if you choose not to share Personal Data, then you will not be able to use the functions (such as personalization service) demanding such data.

We hereby specially remind you to carefully read all provisions of this Privacy Policy, understand how we will collect, use, transmit, share, transfer (if applicable), publicly disclose, store and protect Personal Data. The important content of the provisions regarding your rights of Personal Data is in font bold for reminding and please pay special attention.

  1. The Personal Data We Collect Within This Software
  2. How We Use Your Personal Data
  3. How We Share, Transfer, and Publicly Disclose Your Personal Data
  4. How We Store Your Personal Data
  5. How We Protect the Security of Your Personal Data
  6. Your Rights
  7. Provisions on Minors
  8. Complaints
  9. Changes
  10. Contact
  11. Miscellaneous

1.The Personal Data We Collect Within This Software

After obtaining authorized consent from you and your employer, we will collect your Personal Data through [Feishu] or your employer, and also collect from you directly and process the same (e.g. during your use of this Software).

(I) Personal Data” mean various information recorded electronically or in other forms which can identify, by itself or in combination with other information, a specific natural person or reflect a specific natural person’s activities. For the purpose of this Privacy Policy, Personal Data include personal identification information (such as name) and avatar.

(II) Personal Data related to you provided to [Feishu] by your employer. When your employer opens an account for your use of [Feishu], your employer will provide [Feishu] with certain Personal Data related to you, including your name and avatar. Your employer may provide us with your additional Personal Data, or update your Personal Data provided to us during your use of this Software.

You agree and understand that, according to your employer’s representations and warranties, your employer has obtained your prior express authorization before providing your Personal Data to us, your Personal Data collected by your employer are limited to a scope that is necessary for achieving the purpose of this Agreement or any other agreement executed by and between your employer and us, and your employer has fully informed you of the purpose and scope of collecting your Personal Data and the intended use of your Personal Data collected by your employer. If you can not confirm the contents of the present clause, you shall stop using this service immediately and confirm with your employer the aforementioned matters. We will process your Personal Data as a data processor only as required by your employer and we may assume no legal liability for the collection or use by your employer of your Personal Data.

(III) Information we collect during your use of this Software. When you use this Software, we will automatically collect your IP address, unique identifier of device, Cookies (as defined below) and other tracking technologies, browsing records, time zone, area and language settings, model and settings of hardware, server log (including the access date and time), devices, operation system and application functions (e.g., MAC address), App crashes as well as information of other system activities.

(IV)Cookies. We use cookies and other similar technologies (e.g. web beacons, Flash cookies, etc.) (hereinafter referred to as “Cookies”), so as to enhance your experience when using this Software. When you use this Software and relevant services, we may use relevant technologies to send one or more Cookie(s) or anonymous identifier(s) to your device, so as to collect and store the information during your access to and use of this Software.

Although the majority of web browsers automatically accept Cookies, whether or not to accept specifically is up to you. You have the choice to accept or disable Cookies via consent. However, even without your consent, we may also store absolutely necessary Cookies which are required for the operation of this Software, including the Cookies enable you to log into the safe area of this Software. Cookies stored by us will expire upon your termination of the website session or after thirty (30) days. Storage of the aforementioned absolutely necessary Cookies is an absolutely necessary condition for providing core services by this Software. If you do not consent to the relevant authorization, you will be unable to use any service of this Software.

2.How We Use Your Personal Data

We will use your information for the following purposes:

Purpose

Personal Data

Add a member as an administrator, verify the accuracy of information and display of information

Name and avatar

Provide basic functions and services of this Software and ensure the normal operation

Model of hardware, operation system and application functions (e.g., MAC address), IP address and server log

We will take reasonable and feasible measures to avoid collection of the Personal Data unrelated to the scope of purposes stated herein. To use your Personal Data beyond the scope of purposes stated herein and the directly or reasonably related scope, we will notify you and obtain your express consent in advance.

3.How We Share, Transfer, and Publicly Disclose Your Personal Data

(I) Sharing and Transfer of Personal Data

  1. We will not share with or transfer to any third party your Personal Data, unless we have obtained your prior authorization or consent, or the Personal Data to be shared or transferred are de-identified data and such third party is unable to re-identify the subject of such data.
  2. The principles of sharing

We will follow the following principles when sharing your Personal Data:

Authorized Consent Principle: We will not share your Personal Data without your consent unless such Personal Data shared is de-identified and the third party acquiring such Personal Data is unable to re-identify its natural person subject. If the third party uses the Personal Data for a purpose beyond the scope of the original authorized consent, they need to re-obtain your consent.

Legitimacy and Minimum Necessity Principle: The shared Personal Data must have a legitimate purpose and must be limited to that necessary to achieve the purpose.

Security Prudence Principle: We will carefully assess the purpose of the third parties’ use of the shared Personal Data, conduct a comprehensive assessment of the security capabilities of these partners and require them to follow the cooperation legal agreements. We will carry out strict security monitoring of the software tool development package (SDK) and application program interface (API) of the partners for obtaining information to protect data security.

  1. Share with authorized partners

In order to provide you with better, high-quality products and services, some of our services will be provided by authorized partners. We may share some of your Personal Data with our partners to provide better customer service and user experience. We will only share your Personal Data for legitimate, proper, necessary, specific and express purposes, and the scope of sharing will be limited to the Personal Data necessary to provide the service. At the same time, we will enter into strict confidentiality obligations with our partners and require them to process your Personal Data in accordance with our instructions, this Agreement and any other relevant confidentiality and security measures. Our partners do not have the right to use such shared Personal Data for any other purposes. If you refuse our partner to collect the Personal Data necessary to provide the service when providing the service, it may result in you being unable to use such third-party service.

  1. Transfer of Personal Data in the case of merger, acquisition, or asset transfer

We probably conduct merger, acquisition, or asset transfer as our businesses develop continuously, and your Personal Data may thus be transferred. In case of any aforementioned change, we will continue protecting, or require the transferee of your Personal Data to continue protecting your Personal Data according to relevant laws and regulations as well as the security standards no less stricter than those of this Privacy Policy. Or else, we will require the transferee of your Personal Data to re-obtain your authorization or consent.

(II) Public Disclosure of Personal Data

  1. We will not publicly disclose your data without your consent. However, we may, in accordance with the type of Personal Data and way of disclosure as required, disclose your Personal Data to an administrative, enforcing or judicial authority if disclosure of you Personal Data is required by requirements of relevant laws, regulations, rules, other regulatory documents or compulsory administrative enforcement or judicial requirements. When receiving the request for disclosure, we will require the presentation of corresponding legal certificate and we will only provide the data to law enforcement department or judicial organ with legal authority for special investigation on legal basis, in accordance with relevant laws and regulations. To the extent permitted by laws or regulations, the documents disclosed by us will all be protected by encryption measures.
  2. You understand that we may share, transfer, and publicly disclose your Personal Data according to laws, regulations, and national standards without your authorization or consent under following circumstances:
  3. Sharing, transfer, or public disclosure of those Personal Data directly related to national security or national defense security;
  4. Sharing, transfer, or public disclosure of those Personal Data directly related to public security, public health, or significant public interests;
  5. Sharing, transfer, or public disclosure of those Personal Data directly related to criminal investigation, prosecution, judgment, or execution of judgment and so forth;
  6. Sharing, transfer, or public disclosure of those Personal Data for protecting significant lawful rights and interests, such as life and property, of you or other individual but difficult to obtain principal consent on such sharing, transfer, or public disclosure;
  7. Those Personal Data have been made public by yourself;
  8. Those Personal Data have been collected from the lawfully and publicly disclosed data, such as lawful news reports, government-publicized information and other channels; or
  9. Other circumstances as provided by laws and regulations.
  10. In particular, you are reminded that if the information cannot, by itself or in combination with other information, identify your personal identity, it will not be considered as your Personal Data in the legal sense. When your information can, by itself or in combination with other information, identify your personal identity, or we use your Personal Data together with other information that cannot identify any particular person, such information will be processed and protected as your Personal Data in accordance with this Privacy Policy during the period of such combined use. According to the applicable laws, sharing and transferring Personal Data that has been de-identified and cannot be recovered by the data receiver to re-identify the subject of Personal Data is not considered as sharing, transfer and public disclosure of Personal Data, and the processing of such data does not require us to notify you and obtain your consent.

4.How We Store Your Personal Data

(I) Location of storage

We will abide by the laws and regulations to store your Personal Data collected and generated during the operation within the People’s Republic of China (hereinafter referred to as “China”) in the territory of China. If we need to transfer any of such Personal Data overseas, we will follow the relevant laws and regulations or to obtain your consent.

(II) Period of retention

We will only preserve your Personal Data for a period as necessary for providing you with this Software and our services or as provided by relevant laws and regulations. Beyond such necessary period, we will delete or anonymize your Personal Data, unless otherwise stipulated by laws or regulations.

5.How We Protect the Security of Your Personal Data

(I) We attach great importance to the security of your Personal Data. We have set up data security rules and regulations and implemented safety technical measures, so as to prevent your Personal Data from being accessed or modified without authorization, avoiding damage or loss of data. We adopt encryption techniques, such as Transport Layer Security Protocol and the like, for our network services, so as to ensure the security of your data in the process of network transmission.

(II) We adopt strict control over the data processing authority to avoid illegal use of data; we strengthen the security of Personal Data in the process of use by data desensitization means such as de-identification with mosaics and so forth; we store your Personal Data in an encrypted manner using the encryption techniques adopted widely in the industry, and isolate your Personal Data by data isolation techniques. For example, we have encrypted all data and information stored in our servers or on your terminal devices. We have been adopting and implementing such technical measures and organization and management methods all the while, and we may modify and improve the same from time to time so as to improve the overall security of the system.

(III) Although we have taken the abovementioned reasonable measures, and have abided by the standards required by relevant laws and regulations, you understand that, due to technical limitation and various potential malicious methods, it is impossible to maintain completely secure all the time in the internet industry even though one's ability is exhausted to enhance security measures. We will try our best to ensure the security of your Personal Data provided by you to us. You know and understand that any problem may occur in the system or communications network used by your access to our services due to any factor beyond our control. Therefore, we strongly suggest you take active measures, including but not limited to using complicated password, regularly changing the password, and avoiding disclosure of your Personal Data such as your account password and so forth to any other person, so as to protect the security of your Personal Data.

(IV) In case of any incident endangering network security, we will take corresponding remedial measures according to emergency response plan for internet security incident. If our physical facilities or technical safeguard measures are damaged, thus your Personal Data are disclosed, provided illegally, or misused, causing damage to your lawful rights and interests, we will bear corresponding liabilities in strict accordance with provisions of laws.

(V) After we know or are informed of any security incident of Personal Data in which your Personal Data is disclosed, provided illegally, or misused, we will notify you of the following within [ten (10)] days as required by laws and regulations: basic information about the security incident, possible influence of the security incident, the measures we have taken or will take, our suggestions on your possible preventive measures and risk reduction, and the remedial measures we may take for you and so forth. Relevant situations about the security incident will be sent to you by push notification at this Software. If it is difficult to notify each subject of Personal Data of relevant situations about the security incident, we will publish an announcement in reasonable and effective manner. In addition, we will report our treatment of the security incident of Personal Data to the competent regulatory authorities as required thereby.

6.Your Rights

Inform You of Your Rights When we Stop Operating

If we stop operating the services of this Software, we will promptly stop collecting your Personal Data and notify you of such cessation personally or by announcement. We will also delete or anonymize your Personal Data possessed by us according to applicable laws.

7.Provisions on Minors

If you are a minor under eighteen years old, you shall read and agree on this Privacy Policy jointly with your parent or any other guardian and under the guardianship and guide thereof, before you use the services of this Software.

We will protect minors’ Personal Data according to relevant laws and regulations of the State, and will collect, use, store, share, transfer, or disclose a minor’s Personal Data only to the extent permitted by law or agreed expressly by a parent or any other guardian of such minor or where it is necessary to protect such minor. If we find that we have collected a minor’s Personal Data without the verifiable prior consent of such minor’s parent, we will try to delete relevant data as soon as possible.

If you are a guardian of a minor, you may contact us via the contact information published in this Privacy Policy in the event that you have any questions concerning the Personal Data of the minor under your guardianship.

8.Complaints

In the event that you wish to object to, or make a complaint about, how we process your Personal Data, please contact us in first time at [contact@feishu.cn] and we will endeavour to deal with your request within [10] business day(s).

9.Changes

In order to provide you with better services, this Software and related services will be updated and changed from time to time. We will revise this Privacy Policy timely. These amendments form part of this Privacy Policy and have the same effect as this Privacy Policy. We will use reasonable commercial efforts to generally notify all users of any material change in this Privacy Policy, such as through a notice on this Software, however, you should look at this Policy regularly to check for relevant changes. Your continued access to or use of this Software after the date of the updated Privacy Policy shall be deemed as your acceptance of the updated Privacy Policy. If you do not agree to the updated Privacy Policy, you must stop accessing or using this Software.

10.Contact

Any questions, comments or requests regarding this Privacy Policy can be sent to [contact@feishu.cn].

11.Miscellaneous

(I) The headings herein are inserted for convenience and ease of reading only, and shall in no way affect the meaning or interpretation of any provision hereof.

(II) Definitions of following terms used herein

  1. “De-identification” or “de-identified”: means that the Personal Data are technically processed so that their subject cannot be identified without using additional information.
  2. “Anonymization”, “Anonymized”, or “Anonymize”: means the process in which the Personal Data are technically processed so that their subject cannot be identified, and the Anonymized Personal Data cannot be restored.

(III) The copyright of this Privacy Policy is owned by us, and we have the rights to interpret and modify this Privacy Policy to the extent permitted by law.