Tencent Exmail Privacy Protection Guidelines

Definitions:

Tencent Exmail: An office mailbox tool provided by Tencent. Products and services of Tencent Exmail (hereinafter also referred to as "Exmail") include the features under the Exmail module on the Exmail website (https://exmail.qq.com) and the Workspace on WeCom clients (Windows, Mac, iOS, Android and other app versions).

Tencent Exmail Service Provider: Refers to the legal entity that provides Tencent Exmail products and relevant services, including Shenzhen Tencent Computer System Co., Ltd., Guangzhou Tencent Technology Co., Ltd. and Tencent Technology (Shenzhen) Co., Ltd.(hereinafter referred to as "Tencent" or "We").

Company User: Refers to an individual or organization that registers, logs in to, and uses the Tencent Exmail products and services and obtains the admin permission, including but not limited to legal persons, government agencies, other organizations, partners or sole proprietors (hereinafter referred to as "Company User"). A Company User can activate Exmail services for the company and invite and authorize an individual user to become the end user of Exmail.

Company User Admin: Refers to an individual authorized and designated by the Company User, who has the permission to operate the admin console for the Company User. There can be one or more Company User Admins.

Individual User: Refers to an individual user who uses Exmail services after the Company User activates it (hereinafter referred to as "You" or "End User". When the Company User invites you to use Exmail, you will receive an invitation and may choose whether to use it.

Personal Information: Refers to various information recorded electronically or otherwise that may identify the personal identity of a natural person individually or in combination with other information, including but not limited to the person's name, date of birth, ID card number, personal biometric information, address, telephone number, etc.

Sensitive Personal Information: Refers to the personal information that, once disclosed, illegally provided or abused, may endanger personal and property security and is likely to cause damages to personal reputation or physical and psychological health, or induce discriminatory treatment, including ID card number, personal biometric information, communication records and contents, property information, whereabouts, health and physiological information, and trading information.

Personal Information Controller: Refers to an organization or an individual that has the right to determine the purpose and method of processing personal information.

For more definitions, please seeTencent Privacy Policy.

1. What types of information do we collect

To properly provide you and the Company User with services, guarantee the normal running of the services, further improve and optimize our services, and safeguard account security, Exmail will collect the information you provide or authorize access, or the information generated as a result of the use of the services by the following means:

1.1 When you use the corporate mail service, in order to provide you and corporate users with corporate mail products and services, maintain the normal operation of our services, improve and optimize our service experience, and protect your account security, we will collect the following information from you :

1.1.1 Identity related information:

According to the registration method selected by your Company User Admin, the collection of your personal information during registration may differ in terms of the method and type. If the Company User Admin assists in registration and chooses to activate the mailbox with a mobile number, you may provide the Company User Admin with your name, email account, mobile number, and department. If the Company User Admin assists in registration and chooses to activate the mailbox with an activation code, you may provide the Company User Admin with your name, email account, and department, and enter the activation code provided by the Company User Admin and your mobile number to verify your identity and complete the registration.

If you register by visiting the registration link shared by the Company User Admin, you may open the registration link in WeChat and authorize Exmail to access your WeChat information, such as alias, profile photo, region, and gender, to log in and complete the registration by providing your name, mobile number, and email account.

According to your registration method, you may verify your identity on login by scanning the QR code via WeCom or WeChat to identify the linked mobile number, or by entering your mobile number. If you have set an Exmail password, you may also verify your identity by providing your Exmail account and password. To protect your account security, we will store and manage your password in an encrypted manner.

1.1.2 Device information: According to the device model and permission granted during your use of Exmail services, we will collect and use the device-related information, such as location information (login IP address, GPS location and WiFi access point that is able to provide relevant information).

1.1.3 Log information: When you use the corporate mail service, we will collect relevant log information, including the time of logging in to the mailbox, mail sending and receiving, archiving, backup operation logs, etc.

1.2 When you use Exmail services, the mails you compose and receive will be encrypted and transmitted to the Exmail cloud server and stored synchronously to improve the security and reliability of Exmail services, including actions to detect, prevent and respond to frauds, abuses, illegal acts, security risks, and technical issues that may harm Exmail users and the public. For example, we will utilize our technical capabilities to detect abuse issues, including spam and illegal content.

You understand and agree that, as an office mailbox tool, Exmail provides products and services that assist you in completing tasks related to working scenarios. You will not use Exmail for private purposes or send and receive personal mails. You will not or will try not to use Exmail to send and receive mails that contain your personal information, especially sensitive information.

You understand and agree that the products and services we provide to you are updated and changed from time to time, and if a product or service is not covered by the foregoing description and needs to collect your information, we will otherwise explain to you the content, scope and purpose of information collection by the means of instructions on the page, interaction process and website announcement to ask for your consent.

2. How do we store this information

2.1 Where to store information

We will store within China the personal information collected and produced within China as provided for in the laws and regulations.

2.2 Duration of information storage

In general, we will retain your personal information only for so long as is necessary to realize the purpose.

In case of halt of our products or services, we will notify you of the same by the means of push notification or announcement, delete or anonymize your personal information within a reasonable period, immediately discontinue the activity of collecting your personal information and close the third-party application service interfaces to prevent third-party services from collecting and further using your personal information.

3. How do we protect this information

3.1 We strive to provide protection for users' information security to prevent information loss, improper use, unauthorized access or disclosure.

3.2 We will use various security protection measures within a reasonable security level to ensure the security of information. For example, we will use encryption technology (for example, SSL/TLS), anonymization and other means to protect your personal information.

3.3 We have established a special management system, process and organization to ensure information security. For example, we strictly limit the scope of people who can access information, require them to comply with confidentiality obligations and conduct audits.

3.4 In case of any security incident such as personal information leakage, we will start the emergency plan in accordance with the laws to prevent escalation of such incident, and inform you of such security incident, the possible impact of such incident on you and the remedies we will take by the means of push notification or announcement. We will also report disposal of the security incident about the personal information as required by the laws and regulations and by the regulatory authority.

3.5 At present, the company’s information security has reached ISO/IEC 20000, ISO/IEC 27001, ISO/IEC 27018, level 3 certification on the classified protection of cybersecurity and other international and domestic authoritative certification standards in terms of information security.

4. How we use this information

We will strictly follow the provisions in the laws and regulations and the agreements with the User, and use the information collected for the following purposes pursuant to the provisions herein.

4.1 We collect relevant information when you use the corporate mail service to create and provide better services to corporate mail users (including corporate users and end users). We will use the collected information for the following purposes:

4.1.1 Provision, maintenance and development of corporate postal services: We will use the collected information to provide and optimize and improve corporate postal services, for example, to track service interruptions or troubleshoot issues reported by corporate postal users to us;

4.1.2 Safeguarding the security: to safeguard your and all Exmail users' security, we will use relevant information to assist in improving the security and reliability of Exmail services, including detecting, preventing and responding to frauds, abuses, illegal acts, security risks and technical issues that may harm Exmail, our users or the public;

4.1.3 Communicating with you: we will use the information collected, such as email address you provide and email of the Company User Admin, to directly communicate with you. For example, if we detect suspicious activities, such as attempting to log in to your Exmail account from a location you don't usually use, a notification may be sent to you and we may let you know what changes or improvements will happen to Exmail. Or, we will contact you for service feedback; and

4.1.4 In order to comply with the relevant requirements of relevant laws and regulations, departmental rules and government directives.

Currently, we will not use your personal information for personalized recommendation or advertisement purpose. If we use your personal information beyond the purpose stated during collection and the scope that is directly or reasonably associated, we will notify you of the same by means of instructions on the page, interaction process and website announcement and ask for your consent before we use your personal information.

4.2 According to relevant laws, regulations and national standards, we may collect and use your personal information in the following situations without asking for your authorization:

1) Related to personal information controllers fulfilling obligations stipulated by laws and regulations;

2) Directly related to national security and national defense security;

3) Directly related to public safety, public health, and major public interests;

4) Directly related to criminal investigation, prosecution, trial and execution of judgments;

5) In order to protect the life, property and other major legal rights of the personal information subject or other individuals, but it is difficult to obtain the authorization of the person;

6) The personal information involved is disclosed to the public by the subject of personal information on his own;

7) Necessary for signing and performing contracts according to the requirements of the personal information subject;

8) Collect personal information from legally publicly disclosed information, such as legal news reports, government information disclosure and other channels;

9) Necessary to maintain the safe and stable operation of the provided products or services, such as discovering and handling product or service failures;

10) The personal information controller is a news organization and is necessary for it to carry out legal news reports;

11) That is necessary for a personal information controller (if it is an academic research institution) to conduct statistics or academic research for public interests and disclose the results or descriptions of academic research with the personal information contained therein de-identified.

5. Information sharing and external provision

We will not share with or transfer to any third party your personal information, except that:

5.1 Under the authorization of the enterprise user, after obtaining your explicit consent, we may share with a third party your personal information, such as your name, email account, mobile phone number, etc., collected by the enterprise email for service provision;

5.2 For the purpose of external processing, we may share your personal information with our affiliates and permit them to process such information according to our instructions, Privacy Policy and other relevant confidentiality and security measures and to use such information to provide you with our services so as to realize the purposes set out in the section "How We Use These Information". If we share your personal information with the aforesaid affiliates, we will take encryption, anonymization and other means to safeguard the security of your personal information.

5.3 We will not publicly disclose the personal information collected, and when it is compulsory to do so, we will notify you of the purpose of this public disclosure, the type of information to be disclosed and the sensitive information that may be involved, and will ask for your express consent. It should be particularly noted that how to disclose or share the information about the End User with other End Users or the Company User to which the End User belongs shall be determined and managed by the Company User.

5.4 With the continuous development of our business, we may conduct mergers, acquisitions, asset transfers and other transactions. We will inform you of the relevant circumstances and continue to protect or require new services in accordance with laws and regulations and standards not lower than the requirements of this privacy guide. The provider continues to protect your personal information;

5.5 We may disclose your personal information based on legal requirements or law enforcement requirements of relevant departments.

6. How do you access and manage personal information

During your use of Exmail, you can refer to the following guidelines to easily access and correct your personal information.

6.1 Access/modify personal information

6.1.1 Access/modify account nickname, birthday, mobile phone number, contact phone number and other information:

1) After entering the corporate email, click "Settings";

2) Select and click "Account";

3) Access/modify personal information.

6.1.2 Access address book

1) After entering the corporate email, click "Contacts";

2) View personal contacts, corporate address books, and public contacts.

6.2 Delete personal information

You understand and agree that your account alias, date of birth, mobile number, Tel. and other information are controlled by the Company User, and individual users cannot modify them. To modify, please contact the Company User Admin of your company.

6.3 Logout of email account

To delete your email account, please contact the Company User Admin of your company.

Note: If you delete your Exmail account, your personal information in this company will be deleted or anonymized within a reasonable period. If you delete the account, we will stop providing you with services and your personal information in this company will be deleted or anonymized within a reasonable period.

7. Protection of minors

Our products and services are mainly intended for adults. We attach great importance to the personal information of minors. Subject to the provisions in relevant laws and regulations, if you are a minor, you shall obtain the written consent of your parent or legal guardian before using Exmail services. If you are the guardian of a minor, please contact us through the contact information set out in Section 10 when you have any question about the personal information of the minor under your guardianship. If we find that personal information of minors is collected without the prior verifiable consent of parents, we will delete relevant information as soon as possible.

8. Changes to this privacy guide

We may amend the Privacy Guidelines from time to time. In case of changes to the terms hereof, we will display the changed Privacy Guidelines to you by the means of push notifications.

In case of significant changes to the terms hereof, we will notify you of such changes by the means of push notifications or pop-up window that is more eye-catching.

For the purpose of this article, significant changes include but are not limited to:

1) Significant changes have taken place in our service model, such as the purpose of processing personal information, the type of personal information processed, and the way in which personal information is used;

2) Major changes in our ownership structure, organizational structure, etc., such as business adjustments, bankruptcy mergers, etc. caused owner changes;

3) The main objects of personal information sharing, transfer or public disclosure have changed;

4) Your right to participate in the processing of personal information and how to exercise it has undergone major changes;

5) When the department responsible for handling personal information security, contact information and complaint channels change;

6) When the personal information security impact assessment report shows that there is a high risk.

9. Other

TencentPrivacy Policycontains the general privacy terms that are generally applicable across Tencent, and the user's rights and information security measures set out herein, including but not limited tohow we use cookies and relevant technologies,apply to the Tencent Exmail users. In case of any inconsistency or conflict between TencentPrivacy Policyand these Privacy Guidelines, the latter shall prevail.

10. Contact us

When you have other complaints, suggestions, and minor personal information related issues, please contact us through http://kf.qq.com/. You can also send your questions to Dataprivacy@tencent.com or to the following address:

Data and Privacy Protection Center, Legal Department, Tencent Building, Keji Zhongyi Road, Nanshan District, Shenzhen, Guangdong, China

Postal Code: 518057

We will review the issues involved as soon as possible and give you the reply within fifteen days upon verification of your identity. (End)

Tencent