We respect your privacy and are committed to protecting your personal data. This Privacy Policy (“Policy”) applies to your access and/or use of Alibaba Cloud Workspace (the “App”) as provided to you by the Alibaba Cloud entity listed in Section 12 (referred to as “we”, “us”, “our” or “Alibaba Cloud” hereinafter). The Policy explains how we collect, use, and disclose your personal data in relation to the App, in the manner and for any of the purposes set forth in this Policy. In addition, it will also provide you with more information about the bases upon which we may lawfully collect, use, and/or disclose your personal data without your consent, where permitted by applicable law.
The App is designed to provide our cloud service to customers (i.e., registered users of Alibaba Cloud services) a login environment to connect Elastic Desktop Service. Any data collected, used, or disclosed in connection with the App is dealt with on behalf of and for the purposes of the relevant Customer in connection with whom you are accessing/using the App (the “Customer”). The Customer may be your employer or your educational institution, for example.
We are a data intermediary of the Customer, and it is the Customer who controls the collection, use, and disclosure of your personal data. We are not responsible for the privacy or security practices of our Customers. You should therefore direct all privacy enquiries, such as any requests to access or correct personal data, to the Customer and not to us. However, if you do direct such inquiries to us, we may assist with forwarding them to the Customer. Please also note that your use of the App and/or the collection, use, and/or disclosure of your personal data may be subject to additional terms between you and the Customer which we are not a party to.
By downloading, installing, accessing, or using the App, you agree and consent to us collecting, using, and disclosing your personal data, and disclosing such personal data to the Customer, any service providers, and relevant third parties designated by us or the Customer, in the manner set forth in this Policy.
This Policy supplements but does not supersede nor replace any other consents you may previously have provided to us or the Customer, nor does it affect any rights which we may have at law in connection with the collection, use, or disclosure of your personal data. Any consents you may have provided in connection with this Policy are cumulative and additional to any rights which we or the Customer may have under applicable law to handle or process your personal data.
What personal data do we collect?
In this Policy, "personal data" has the meaning given in the Personal Data Protection Act 2012 (No. 26 of 2012), as may be updated from time to time.Examples of personal data that we may collect or which you may provide to us include (depending on the nature of your interaction with us) include but are not limited to:
(1) Information for log-in purpose: ID and password set up by you, and other applicable authentication method(s);
(2) Information for facilitating optimal connection: IP address;
(3) Information for security and authentication purpose: IMEI of your personal device for installation and log-in of the App;
(4) Information for optimizing user experience of log-in and connection: status of successful log-in, failed log-in, successful connection, failed connection; and
(5) Information for troubleshooting and maintenance purpose: log information that is automatically generated through the usage of the App.
We may anonymise your personal data so that it no longer identifies you, in which case we shall be entitled to retain, use, disclose, and/or process such anonymised data without restriction, including for business product related reviews.
For the avoidance of doubt, where the PDPA permits us to collect, use, disclose and/or process your personal data without your consent, such permission granted by the PDPA continues to apply.
How do we collect personal data?
Generally, we collect personal data in the following ways:
a. when you submit any form in connection with the App;
b. when you seek technical support, or otherwise request to be contacted by, or contact, us, our agents, or other service providers;
c. when you use the App in connect with Alibaba Cloud Elastic Desktop Service;
d. when you submit your personal data to us for any other reason.
If you provide us with any personal data relating to a third party, by submitting such information to us, you represent and warrant to us that you have obtained the consent of such third party to you providing us with their personal data, and for the future collection, use, and disclosure and/or processing by us and/or the Customer of their personal data, for the purposes contemplated hereunder or otherwise communicated to you by us or the Customer, and that such consents have not been withdrawn.
You must ensure that all personal data submitted to us is complete, accurate, true, and correct. If you do not do so, we may be unable to provide the App to you.
Why do we collect personal data?
Generally, the purposes for which we collect, use, and disclose your personal data include:
(a) to authenticate you, to verify your identity, and for other security-related purposes;
(b) to provide you with the App and related services;
(c) to facilitate an optimal connection between your device and the servers with which the App communicates;
(d) to respond to, process, and handle your queries, feedback, and suggestions;
(e) to manage our administrative and business operations, including the processing, storage, monitoring, and backup of data;
(f) to provide updates, notices, and other communications on developments in respect of Alibaba Cloud;
(g) to improve the App, related services, and our communications to you;
(h) preventing, detecting, and investigating crime and analysing and managing commercial risks;
(i) to establish, exercise, protect, defend or enforce any legal or equitable claim, rights, or obligations;
(j) to conduct audits, reviews, and analysis of our internal processes;
(k) to comply with any applicable laws, rules, regulations, code of practices, guidelines, or to assist the relevant authorities in law enforcement and investigation (including but not limited to disclosures to regulatory bodies, conducting audit checks, or surveillance and investigation);
(l) to facilitate business asset transactions (which may extend to any merger, acquisition, or asset sale);
(m) to match any personal data held which relates to you for any of the purposes listed herein; and/or
(n) any purpose relating to any of the above.
Furthermore, and without prejudice to the generality of the foregoing, we may also collect, use, disclose and/or process your personal data where this is permitted by applicable data laws for any of the following purposes:
(a) providing or marketing services and benefits to you;
(b) matching personal data with other data collected for other purposes and from other sources (including the Customer and third parties) in connection with the customisation, provision, or offering of services, marketing, or promotions, whether by us or third parties;
(c) sending you details of products, services, special offers and rewards, either to our customers generally, or which we have identified may be of interest to you;
(d) conducting research, analysis, and development activities (including data analytics, surveys, product and service development and/or profiling), understanding and analysing customer behaviour, location, preferences, and demographics for us to offer you services as well as special offers and marketing programmes which may be relevant to your preferences and profile.
If you have provided us with your Singapore telephone number(s) and have indicated that you consent to receiving marketing or promotional information via your Singapore telephone number(s), then from time to time, we may contact you using such Singapore telephone number(s) (including via voice calls, text, fax or other means) with information about our products and services.
We or the Customer may also specifically notify you of other purposes for which we collect, use, or disclose your personal data. If so, we, or the Customer (as the case may be) may collect, use, and disclose your personal data for these additional purposes as well, unless we have specifically notified you otherwise.
You may withdraw your consent by contacting us using the contact details set out in Section 11 below.
Who do we share your personal data with?
Subject to the provisions of any applicable law, you hereby agree, acknowledge, and consent that your personal data may be disclosed for any of the purposes listed above in this Policy (as applicable) to the following categories of third-party data recipients (whether they are located overseas or in Singapore):
(1) the Customer;
(2) to our group companies, third party services providers and business partners who provide products and/or services to us, or who otherwise process personal data for purposes that are described in this Policy or which are notified to you when we collect your personal data;
(3) our professional advisors such as our auditors or lawyers;
(4) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition, or asset sale);
(5) anyone to whom we transfer or may transfer our rights and duties;
(6) to any competent law enforcement body, regulatory, government agency, court or other third party (whether local or overseas) where we believe disclosure is necessary (i) to comply with any applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your life, body or property or those of any other person; and
(7) to any other person to whom you authorise us to disclose your personal data.
When is your consent deemed?
In addition to the above, subject to and in accordance with applicable law, you shall be deemed to have consented to us collecting, using, disclosing and sharing amongst ourselves your personal data, and disclosing such personal data to the Customer, our service providers and relevant third parties:
(a) where in response to a request for your personal data in connection with identified purposes, you voluntarily provide such personal data to us for such purpose(s);
(b) where the collection, use or disclosure of your personal data is reasonably necessary for the conclusion and/or performance of a contract between you and us or any other organisation entered into at your request, which may include recipients of your personal data not indicated in this Policy; or
(c) where we have brought to your attention our intention to collect, use or disclose your personal data for identified purposes, and you have not taken any action to opt out within the period specified in our notices. For this purpose, you agree that we may provide you such notices via our website, or via other forms of communication (e.g. SMS or email) based on the contact particulars that we may have of you in our records from time to time.
For what other reasons may we handle or process your personal data?
In addition to and without limiting the consents you have provided in relation to our collection, use, and disclosure of your personal data for the purposes set out elsewhere in this Policy, where permitted by applicable law, we may also, in accordance with the requirements thereof, collect, use, and/or disclose your personal data as further detailed below, without your further consent where we meet the requirements imposed by applicable law:
(a) for our legitimate interests or the legitimate interests of any other person (including the Customer), including but not limited to the purposes expressly set forth in this Policy; or
(b) for improving the App, our products, services, processes or business, understanding customer preferences and personalising experiences and recommendations, based on your personal data.
How do we keep your personal data secure?
We use appropriate technical and organizational measures to protect the personal data that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data.
What are our data retention/deletion policies?
We retain your personal data to enable your continued use of the App:
(a) for as long as is required in order to fulfil the relevant purposes described in this Policy;
(b) as may be required by law (including for tax and accounting purposes); or
(c) as otherwise communicated to you.
How long we retain specific personal data varies depending on the purpose for its use, and we will delete your personal data in accordance with applicable law.
Keeping your personal data accurate and up-to-date
We encourage you to contact us as soon as possible to enable us to update any personal data we have about you. Incomplete or outdated personal data may result in our inability to provide, or delays in providing you with the App or related services.
Updates of this Policy
We may update this Policy from time to time in response to changing legal, technology or business developments. When we update the Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. To the maximum extent permissible under applicable law, you agree to be bound by the prevailing terms of the Policy as modified from time to time. Please check back regularly for updated information on the handling of your personal data.
You can see when this Policy was last updated by checking the “Version” date displayed at the top of this Policy.
How to contact us?
If you:
(a) have any questions or feedback regarding your personal data or this Policy;
(b) would like to withdraw your consent to any collection, use, or disclosure of your personal data in relation to any purposes; or
(c) would like to obtain access to and/or make corrections to your personal data records
you should contact the Customer directly. However, if you are unable to do so, you may send your request in writing to the relevant contact and address below, and we may assist with forwarding your request to the Customer:
• European Economic Area (EEA)
For individuals in the EEA, and/or in relation to processing conducted by or on behalf of Alibaba (Netherlands) B.V., please contact:
Attention: Data Protection Officer
c/o: Herengracht 448, 1017 CA Amsterdam, the Netherlands
E-mail address: intlcompliance@service.aliyun.com
If Alibaba (Netherlands) B.V. is not the relevant “data controller” for the purposes of EEA data protection law, you will be directed to the relevant entity.
• United Kingdom and Europe (outside the EEA)
For individuals in the UK or in Europe (but outside the EEA), and/or in relation to processing conducted by or on behalf of Alibaba.com (Europe) Limited, please contact:
Attention: Data Protection Officer
c/o Alibaba.com (Europe) Limited, 8th floor, Millbank Tower, 21-24 Millbank, London SW1P 4QP, United Kingdom
E-mail address: intlcompliance@service.aliyun.com
If Alibaba.com (Europe) Limited is not the relevant “data controller” for the purposes of UK and Europe (outside of the EEA) data protection law, you will be directed to the relevant entity.
• Outside the EEA, UK and Europe
In all other cases, please contact:
Attention: General Counsel /Alibaba Cloud (Singapore) Private Limited, Legal Department, c/o 26/F,
Tower One, Times Square, 1 Matheson Street, Causeway Bay, Hong Kong.
E-mail address: intlcompliance@service.aliyun.com
Please note that if you withdraw your consent to our collection, use, and/or disclosure of your personal data for any or all the purpose set out above, depending on the nature of your request, we may not be in a position to continue to provide the App and any related services to you. This may also have implications for your contractual relationship with the Customer. Our legal rights and remedies in such event are expressly reserved.
In addition to the addresses listed above, if you have a privacy or data use concern which has not been addressed to your satisfaction, you may contact our third-party dispute resolution provider (free of charge) here.
This Privacy Policy also contains links to third party websites. If you experience difficulties using these links, please contact us at intlcompliance@service.aliyun.com.
Alibaba Cloud Entities
The Alibaba Cloud legal entity that you are contracting with is Alibaba Cloud (Singapore) Private Limited if you are a resident in, or indicated at the time of registration of your Account (as defined in the Alibaba Cloud Membership Agreement) that your billing address is an address in any jurisdiction outside of Europe, the United States of America, India or Malaysia. If you are a resident in or have indicated that, at the time of your Account registration, your billing address is an address within the United Kingdom, Switzerland, and other jurisdictions in Europe but outside the European Economic Area, you are contracting with Alibaba.com (Europe) Limited. If you are a resident in or have indicated that, at the time of your Account registration, your billing address is an address within European Economic Area, you are contracting with Alibaba (Netherlands) B.V. If you are a resident in or have indicated that, at the time of your Account registration, your billing address is an address in the United States of America, you are contracting with Alibaba Cloud US LLC. If you are a resident in or have indicated that, at the time of your Account registration, your billing address is an address within India, you are contracting with Alibaba Cloud (India) LLP. If you are a resident in or have indicated that, at the time of your Account registration, your billing address is an address within Malaysia, you are contracting with Alibaba Cloud (Malaysia) Sdn. Bhd.
Governing Law
This Policy and your use of the App shall be governed in all respects by the laws of Singapore.