Privacy Statementfor Online Services Operated by 21Vianet
Online services operated by Shanghai Blue Cloud Technology Co., Ltd. (“21Vianet”, “we”, or “us”), an affiliate of Beijing 21Vianet Broadband Data Center Co., Ltd., include (1) Microsoft Azure; (2) Microsoft Office 365; (3) Microsoft Dynamics 365; (4)Microsoft Power Platform; and(5)Microsoft Intune (“Online Services”). The Online Services operated by 21Vianet are cloud services based on Microsoft’s technology but operated and sold by 21Vianet from data centers located in the People’s Republic of China (excluding Hong Kong and Macau Special Administrative Regions and Taiwan, referred to below as “China”). This Privacy Statement applies to the use of the Online Services and any other 21Vianet services that display or link to this Privacy Statement. For more information about the functionality of particular features, please review the service description or service documentation.
The Online Services may enable you to purchase, subscribe or use other products and services from 21Vianet or third parties with different privacy practices. Your use of other products and services, and any data you provide to a third party is governed by their privacy statements and policies.
Notice to End Users: This Privacy Statement is written for customers and potential customers of the Online Services operated by 21Vianet (collectively referred to as our "Customers"). All references to "you" or "your" in this privacy statement are to 21Vianet customers, who, in turn, may use the Online Services to develop and host their own services for their end users. Any data 21Vianet collects or handles in such circumstances is processed by us on behalf of our customer, who controls the collection and use of the data. End users should direct privacy-related requests to the entity providing them with service. If an end user accesses the Online Services using an email address provided by his or her organization (e.g., employer or school), the owner of the domain associated with the email address may: (i) have control and power of administration over the end user's service account; and (ii) access and process end-user data, including the content of end-user’s communications and files. The end user's use of the Online Services may be subject to the organization's policies (if any). We are only responsible for the Customer's privacy-related practices within the scope agreed with the Customer.
How We Collect and Use Your Data
Definition of Personal Data
Personal Data refers to all kinds of datarecorded via electronic means or otherwise that can be used to identify a particular natural person or to reflect the particular natural person’s activities, whether on its own or combined with other data. For the purpose of this Privacy Statement, Personal Data may include the administrator data of the account administrator you specify in the administrator portal, Real-Name Authentication Data, the name, the number of the payment instrument, the billing address in the Payment Data, the registration data you submit on our website, in our marketing events, or for any survey or questionnaire, as well as the contact and verification information in support data, etc.
Sensitive Personal Data is a subset of Personal Data that can easily lead to damage of personal reputation, physical and mental health, or discriminatory treatment, and may endanger the safety of people and property if it is revealed, illegally provided, or abused. For the purpose of this Privacy Statement, Sensitive Personal Data may include Administrator Data, Real-Name Authentication Data, Payment Data, registration data which includes personal phone number, e-mail address, identification and payment instrument account numbers, security code, transaction record, support data which includes contact and verification information, etc.
We collect and use your data in the following scenarios, which may involve Personal Data. If we collect your Personal Data beyond the scope of the following statement, or use your Personal Data beyond the scope directly or reasonably associated with the stated purpose at the time of collection, we will inform you again and obtain your express consent before collecting or using your Personal Data.
Customer Data is all the data, including all text, sound, software or image files that you provide, or are provided on your behalf, to us through your use of the Online Services. For example, Customer Data includes data that you upload for storage or processing in the Online Services and applications that you or your end users upload for hosting in the Online Services. It does not include configuration, technical settings, or support ticket information, or Administrator Data, Real-Name Authentication Data, and Payment Data indicated below.
We only use Customer Data to provide the Online Services and for purposes compatible with providing the Online Services. This may include improvement of underlying technology, troubleshooting aimed at preventing, detecting and repairing problems affecting the operation of the Online Services and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam).
Customer Data will only be stored in data centers located in China. In limited circumstances, when it is necessary to troubleshoot customer support incidents or solve technical problems, 21Vianet may authorize an affiliate, supplier, or subcontractor located outside the territory of China to access the Customer Data according to applicable laws and regulations. 21Vianet will supervise such access and terminate such access when the problem is resolved in accordance with applicable laws and regulations.
Administrator Data is the data about administrators (including account contact and subscription administrators) provided during sign-up, purchase, or administration of the Online Services, such as name, address, phone number, and e-mail address.
We use Administrator Data to complete the transactions you request, administer your account, improve the Online Services, and detect and prevent fraud.
We may contact you to provide information about new subscriptions, billing and important updates about the Online Services, including information about security or other technical issues. We may also contact you regarding third-party inquiries we receive regarding your use of the Online Services, as described in your customer agreement. You will not be able to unsubscribe from these communications during the reasonable period within or after the Online Services. Subject to your contact preferences, you may also be contacted, by phone or e-mail, regarding information and offers about other products and services or to request your feedback. You may manage your contact preferences or unsubscribe such communications in your account profile for the applicable Online Service.
Real-Name Authentication Data
We implement real-name management in accordance with applicable laws and regulations. Real-Name Authentication Data refers to your business license, administrator's mobile phone number, or the scanned copy of ID card provided by you during real-name authentication. If you do not provide the above data, you will not be able to complete the real name authentication and may not be able to use the Online Services.
In order to verify the accuracy and completeness of the Real-Name Authentication Data, we may verify the data provided by you with agencies that legally store your data.
When you make online purchases, you will be asked to provide payment data, which includes your payment instrument number, your name and billing address, and the security code associated with your payment instrument and other financial data ("Payment Data").
We use Payment Data to complete transactions, as well as for the detection and prevention of fraud.
When you use authenticated Payment Data, we will store that data to help you complete future transactions without your having to provide the data again. We do not, however, retain the security code associated with your payment instrument in this manner.
Support Data is the data we collect when you submit a support request or run an automated fault detector, including data about hardware and software, and other details related to support incidents, such as contact or verification information, chat session personalization, data about the conditions of the device and application during the period of error and diagnostics, system and registration data regarding software installation and hardware configuration, and error tracking files.
Support services can be provided by phone, email or online chat. With your permission, we may temporarily manipulate your machine through Remote Access. Calls, live chat, or Remote Access by professional support staff may be recorded and/or monitored. For Remote Access, you can also view the record after the operation has ended. You can choose to terminate live chat or Remote Access at any time. We use Support Data in accordance with this Privacy Statement, and we also use it to resolve your support issues and for training purposes.
After the support experience is over, we may send you a questionnaire about your experience and service content. If you are unwilling to participate in the survey, you may unsubscribe through the footer link in the email or contact the support department through other communication methods provided by 21Vianet to unsubscribe.
You may object or manage Cookies by changing the settings on your browser. However, please note that if you stop using Cookies, you may not enjoy the best service experience, and some of our Online Services may not function properly.
Some features of the Online Services may enable or require that you install or run local software (e.g., agents, Azure Stack software, etc.). Such software may collect data from your local environment in order to provide the Online Services that you have requested. Local agents may also collect diagnostic data that will be sent to us (including our affiliates, and domestic or overseas suppliers or subcontractors) for operating and improving the Online Services. For more information about agents, please consult the relevant service documentation.
How We Store Your Personal Data
Your Personal Data will be stored in China. If necessary, your Personal Data may be transferred overseas upon your authorization or in accordance with applicable laws and regulations.
During your use of the Online Services, we retain the Personal Data you provided. After you close your account, in accordance with relevant laws and regulations, we will retain your Personal Data, but we will not use or process your Personal Data during this period; upon expiry of the aforementioned retention period, we will immediately delete or anonymize your data.
When we terminate an Online Service or operation, we will notify you by e-mail or announcement, and delete or anonymize your relevant Personal Data upon such termination.
How We Share, Transfer, and Disclose Your Data
We will not disclose or transfer Customer Data, Administrator Data, Real-Name Authentication Data, Payment Data, or any other Personal Data ("your data") to, or share your data with, any third party apart from 21Vianet and its affiliates except as you direct, or as described in your customer agreement or this Privacy Statement, or pursuant to applicable laws and regulations.
- We contract with other companies within or outside China from time to time to provide technical support or services (such as customer support) on our behalf. We may provide these companies with access to your data where necessary for their engagement. This data mainly includes various technical data for providing technical support or services, and in rare cases involves your Personal Data. If it is really necessary to have your Personal Data accessed by an overseas supplier or subcontractor, our customer support personnel will explain the relevant information to you and obtain your prior consent. These companies are required to maintain the confidentiality of your data and are prohibited from using it for any purpose other than that for which they are engaged by 21Vianet.
- If it is strictly necessary to disclose Customer Data to a third party, we will use commercially reasonable efforts to notify you in advance of the disclosure unless legally prohibited. Should a third party contact us with a complaint about your use of the Online Services (for example, allegation of infringement by you or your end user), we may ask the third party to contact you directly and may provide your basic contact datato the third party.
- 21Vianet may share Administrator Data or Payment Data with third parties within or outside China for the purpose of fraud prevention or to process payment transactions. Currently, the data of such overseas subcontractors are stored in the US and other countries or regions. The third parties are required to keep your data confidential and are prohibited from using it for other purposes. They are required to take adequate security measures to ensure that your Personal Data receives the level of protection no less than that in China.
- The Online Services enable you to purchase, subscribe to, or use services, software, and contents from companies other than 21Vianet ("Third Party Offerings"). If you choose to purchase, subscribe to, or use a Third Party Offering, we may provide the third party with your Administrator Data or Payment Data to enable the third party to provide its offering to you (and subject to your contact preferences, send you promotional communications). That data and your use of a Third Party Offering will be governed by the privacy statement and policies applicable to the third party.
- We will not substantively respond to data protection and privacy requests from your end users without your prior written instruction, unless required by applicable laws and regulations.
- If your Personal Data has to be transferred due to acquisitions, mergers, reorganizations, or similar transactions, we will notify you. The succeeding company that holds your Personal Data will continue to perform the responsibilities and obligations under this Privacy Statement. If the succeeding company modifies the purpose of using your Personal Data, it should acquire your explicit consent again with regard to such modification.
We may not need to obtain your explicit instruction when sharing, transferring or disclosing your Personal Data under the following circumstances:
- circumstances directly related to national security and national defense;
- circumstances directly related to public security, public health and significant public interests;
- circumstances directly related to criminal investigation, prosecution, trial, execution of a sentence, etc.;
- for securing significant lawful interests, such as your or other person’s life, property, etc., but only where it is difficult to acquire the consent from the data subject;
- where you have already publicly disclosed your Personal Data; and
- where we collect your Personal Data from the information that is lawfully disclosed to the public, such as from legitimate news report or information published by the government.
How We Protect Your Personal Data
We are committed to protecting your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorized access, use, or disclosure. For example, we store your Personal Data on computer systems located in controlled locations and restrict access to these systems. When storing and transmitting your Personal Data, we will take appropriate security measures such as encryption.
In the event of Personal Data security incidents, 21Vianet will promptly notify you via push notifications or announcements in accordance with the requirements of applicable laws and regulations, informing you of the basic circumstances and possible impacts of the security incidents, the measures we have taken or will take, advice for you on self-prevention and mitigation of risks, remedial measures for you, etc.
In the event of a cybersecurity incident, we will follow the emergency response plan for cybersecurity incidents, take appropriate remedial measures, and report to the competent authorities in accordance with relevant applicable laws and regulations.
How You Can Manage Your Personal Data
We provide you with ways to manage your Personal Data. You can access and manage your Administrator Data, Real-name Authentication Data, and Payment Data in the account information of your administrator portal. However, for security and identification considerations or as required by applicable laws and regulations, you may not be able to modify the initial registration information provided at the time of registration, such as Real-Name Authentication Data.
If you have other questions or needs for managing Personal Data, please contact customer support. If you choose to delete your Personal Data or change the scope of the authorization, it may result in our failure to provide certain Online Services for you. For example, deleting Payment Data or contact details will make it difficult for you to complete payments and receive corresponding Online Services.
If we decide to respond to your request for deletion, we will also notify the supplier or subcontractor who has obtained your Personal Data from us and request them to delete your Personal Data in a timely manner, unless otherwise required by applicable laws and regulations.
To ensure security, we may ask you to verify your identity first in response to your request to manage Personal Data under this section. We will timely respond to your request above after verifying your identity, and reply or make reasonable explanations to you within 30 days or the time limit stipulated by applicable laws and regulations, or inform you about the external approaches you may choose to resolve the disputes.
Notwithstanding the above, pursuant to applicable laws and regulations, we may not need to respond to your requests under the following circumstances, including but not limited to:
- related to the performance of the obligations specified in laws and regulations by the personal data subject;
- directly related to national security and national defense security;
- directly related to public security, public health and major public interests;
- directly related to criminal investigation, prosecution, trial and enforcement of judgments;
- personal data controller has sufficient evidence indicating that the personal data subject has subjective malicious intention or abuses his rights;
- it is for the purpose of safeguarding the major legitimate rights and interests of the personal data subject or other individuals including life and property, but it is impossible to get his consent;
- responding to the request of personaldata subject will result in serious damage to the legitimate rights and interests of personal data subject or other individuals and organizations;
- involving trade secrets.
Compliance with Law
You acknowledge that under Chinese regulations:
An Internet information service provider shall not produce, reproduce, publish, or disseminate information that includes the following content (“Prohibited Content”). Prohibited Content is content that:
- is against the basic principles determined by the Constitution;
- impairs national security, divulges State secrets, subverts State sovereignty or jeopardizes national unity;
- damages the reputation and interests of the State;
- incites ethnic hostility and ethnic discrimination or jeopardizes unity among ethnic groups;
- damages State religious policies or that advocates sects or feudal superstitions;
- disseminates rumors, disrupts the social order or damages social stability;
- disseminates obscenity, pornography, gambling, violence, homicide and terror, or that incites crime;
- insults or slanders others or that infringes their lawful rights and interests; and
- is otherwise prohibited by laws or administrative regulations.
- If an Internet information service provider discovers that information distributed on its website falls within the scope of the Prohibited Content, it shall promptly terminate the distribution, keep relevant records, and report to relevant authorities.
You further agree that:
If the business or organization you operate by using the Online Services is subject to permit or approval by relevant governmental authorities, you should obtain such relevant permit or approval, including but not limited to:
- if your website provides non-operational Internet information services, Customer will make the filing for the non-operational website with the governmental authority; and
- if your website provides operational Internet information services, you will obtain the VAT permit for operational website from the governmental authority.
- If you are an Internet information service provider using Online Services, you will keep records of the information provided, time of publishing and the Internet address or domain name, and assist in providing such information when inquired by related government authorities in accordance with applicable laws.
- You will provide your real identity and contact information when registering for the Online Services and promptly update that information in the administrator portal if there are any changes to the information. We will use this information to contact you, as detailed in this Privacy Statement. You warrant that the information you provide is true, complete, and valid; otherwise, you will bear all the consequences.
Trials are provided to examine Online Services prior to purchase. At the end of the trial period, 21Vianet can temporarily retain the data it collects during your Online Service trial to improve your customer experience when you decide to purchase the Online Services in the future. However, your data may be removed from the Online Services at any time after the trial period for the Online Service ends.
Preview version, beta version, or other pre-release services ("Previews") are optional evaluation versions of the Online Services offered by 21Vianet to obtain customer feedback prior to general release. This section describes the different or additional terms specific to Previews:
- Security: We will do our best to provide security measures for your data in the Previews, but these security measures may differ from the present security measures in typical Online Services.
Protection of Minors
If you are a minor under the age of 18, please be sure to ask your guardian to read the Privacy Statement carefully, and please use our Online Services or provide your data to us under the condition that you have obtained the consent of your guardian.
Changes to this Privacy Statement
We will update our Privacy Statement from time to time to reflect requirements of applicable laws and regulations, customer feedback and changes in our Online Services. When we post changes to the Privacy Statement, we will revise the "last updated" date at the top of the Privacy Statement. If there are substantial changes to the Privacy Statement or in how 21Vianet will use your data, we will notify you either by posting a notice or by directly sending you a notification about such changes before they take effect. We encourage you to periodically review the Privacy Statement for the products and services you use to learn about how 21Vianet protects your data.
How to Contact Us
21Vianet welcomes your comments. If you believe that 21Vianet is not adhering to its privacy or security commitments, or you need more help from us, please contact us through the customer support hotline 400-089-0365.
We have a personal data protection officer. Our mailing address is:
12-13F, Building 6, No.6, Jiuxianqiao Road, Beijing Electronics Zone, Chaoyang District, Beijing, 100015
Shanghai Blue Cloud Technology Co., Ltd, an affiliate of Beijing 21Vianet Broadband Data Center Co., Ltd.
We will respond to you within 30 days after the verification of your identity.
2.0 Last Updated: June 2020
1.0 Last updated：November 2018