BytePlus Privacy Policy

Last Updated: Aug. 30th, 2024

Our new Privacy Policy comes into effect on Aug. 30th, 2024, which you can view below. Click here to view our current Privacy Policy.

This Privacy Policy (the "Policy") applies to any websites, platforms, and services for BytePlus products that link to this Privacy Policy, including those for BytePlus (collectively, the "Services"). The Services are provided and controlled by Byteplus Pte. Ltd. ("BytePlus", "we", "us" or "our").

This Privacy Policy explains how we collect, use, share, and otherwise process the personal data of website visitors, corporate customers and partners and other organizations who use the Services, and their representatives ("you" or "your") of the Services on our own behalf. Although we may process personal data of others on behalf of our corporate customers and other organizations who use the Services, such processing is not covered by this Privacy Policy. Please refer to the corporate customer’s or organization’s own privacy policy for more information regarding its data processing practices and other relevant information, including how to submit privacy inquiries to that corporate customer or organization.

Please note that Jurisdiction Specific Supplemental Terms in the Annex may apply depending on the jurisdiction from which you are accessing or using the Services.

1. What is personal data?
In this Policy "personal data" means any information which directly or indirectly identifies you, or which relates to a living individual.

2. Personal data we collect
The personal data about you that we collect includes:
Information You Provide
(a) Account information: When you register an account in order to access the Services on behalf of your organization, you may provide us with personal data such as your username or account number/ID, password, full name (and/or nickname, if applicable), email address, country/region, company name, job title, telephone number, relationship to us (i.e. Customer), enterprise identification code, or SMS verification code ("Account Data"). We may collect such personal data in order to complete your account registration and verify your identity to enable you to access and utilize the Services.
(b) Correspondence: When you communicate with us, such as when you submit complaints, inquiries, or other requests, we receive any information you provide in the content of your communications to us ("Communications Data").
(c) Marketing data: When you participate in marketing activities organized by us, our affiliates or third parties, you may be required to provide personal data such as your name, correspondence address, and contact details ("Marketing Data"). If you refuse to provide such information, your ability to participate in the activities may be affected, but this will not affect your use of other functions.
Information Automatically Collected
(a) Technical Information: To ensure the safe operation of the Services and to optimize your experience, we may collect information such as your user ID, registration time, IP address, use and service logs (including your login/logout, password changing and etc), performance data (including response times), device and network information (including device model, operating system, browser version) and other application-specific details ("Technical Data"). We may use this information to protect your account, authenticate user identity, and to detect and prevent security incidents.
(b) Usage data: We may collect user behavior data such as interactions with our Services, details of error events (such as error type and where the error occurred), the duration and frequency of your use of our Services in order to analyze, customize and/or improve our service offerings and overall user experience (“Usage Data”).
(c) Location Information such as your address, country or region as provided by you during sign-up or included in Communications Data and country location based on your IP address (“Location Data”).
Information From Other Sources
Where available, if you choose to sign up or log in to the Services using a third party service, or link your account to a third party service, we may collect information from the third party service, such as your username and email address (“Third Party Service Data”).
Cookies And Similar Technologies
Cookies and similar tracking technologies (collectively "Cookies") are commonly used on the Internet to collect personal data . When you access the Services, we may use Cookies to collect and store your personal data and information generated when you access or use the Services. For further details, please see our Cookie Policy.
Sensitive Personal Data
We do not collect any sensitive personal data, such as health-related information or information about race or ethnicity, or sexual orientation.

3. How we use personal data We may use, process and/or disclose personal data collected from you for any or all of the following purposes:
(a) performing obligations in the course of or in connection with our administration, operation, provision of the Services to you or your organization;
(b) responding to, handling and processing queries, requests, applications, complaints and feedback from you (or purported to be given by you);
(c) notifying you of changes to the Services, updates to our agreements, terms or policies, or providing you with updates related to your access to the Services in general;
(d) providing you with user support;
(e) personalizing the content you receive and providing you with tailored content that will be of interest to you, or improving your user experience;
(f) managing your account/relationship with us;
(g) processing payment or credit transactions, including allowing you to redeem rewards from your participation in marketing activities;
(h) carrying out marketing activities;
(i) carrying out diagnostics, data analysis and testing the Services to ensure their stability and security;
(j) improving the Services and products, including adding new features or capabilities;
(k) detecting and combating any abuse of the Services or conduct of any harmful activity, fraud, spam, and illegal activity on the Services;
(l) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority; and
(m) transmitting to any unaffiliated third parties including our third party service providers, partners and agents, and relevant governmental and/or regulatory authorities, for the aforementioned purposes.

4. How we share personal data
We may share your personal data as follows:
(a) Our Corporate Group: We are supported by certain entities within our corporate group (“Corporate Group”) to support the provision of the Services or who otherwise process personal data for purposes described in this Privacy Notice. These entities may process Information You Provide, Information Automatically Collected, and Information From Other Sources for us in support of the Services.
(b) Third-Party Service Providers and Business Partners: We may share your personal data with our third party service providers and our business partners who provide services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Services) or who otherwise process personal data for purposes that are described in this Policy (such as marketing activities) or notified to you when we collect your personal data.
(c) Any competent law enforcement body, regulatory, government agency, court or other third party if legally required or reasonably necessary to:
(i) comply with legal obligation, process or request;
(ii) enforce applicable Terms of Service and other agreements, policies and standards, including investigation of any potential violation thereof;
(iii) detect, prevent or otherwise address security, fraud or technical issues; or
(iv) protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
(d) Potential Buyers (and their agents and advisers) : In the event that we discuss or negotiate the sale of any business or assets (whether a result of merger and acquisition activity, liquidation, bankruptcy or otherwise), we may disclose your personal data to the prospective buyer of such business or assets. If we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets, your personal data may be among the transferred assets.
(e) Any other person with your consent to the disclosure (obtained separately from any contract between us).

5. How we store personal data
In accordance with the applicable laws and regulations, we store personal data in secure servers located in the United States, Malaysia, and Singapore. Whenever we transfer personal data to other jurisdictions, we will ensure that such personal data is transferred in accordance with this Policy and as permitted by applicable data protection laws.

6. How we retain personal data
We will retain your personal data for the length of time needed to fulfill the purposes for which such personal data was collected, for example, for such time as is necessary to provide you with the Services, to comply with applicable legal, tax or accounting requirements, for our ongoing product improvement purposes, or other legitimate business purposes. Beyond such period, we will delete or anonymize your personal data, unless otherwise required by applicable laws or regulations.

7. How we secure personal data
We take appropriate technical and organizational measures to protect personal data from unauthorized access, use, disclosure, alteration, and destruction. The measures are designed to provide a level of security appropriate to the risk of processing. Further details on these measures can be found here.

8. Your rights
Depending on where you live, you may have certain rights with respect to your personal data, such as a right to know and be informed on how we collect and use your data. You may also have the right to access, update, rectify, restrict the processing of, and delete your personal data in our possession; and to withdraw your consent for the collection, use and/or disclosure of your personal data.
To exercise any of these rights, please submit your request to privacy@byteplus.com. We will process your request in accordance with applicable laws. Please note that depending on the nature and scope of your request, we may not be in a position to continue the provision of the Services to you and we shall, in such circumstances, notify you before completing your request.
If you wish to exercise your rights with respect to personal data we are processing on behalf of our users or customers, please refer to that user’s or customer’s privacy policy to submit your request directly to that user or customer.

9. Minors
The Services are intended for use and sale on a business to business basis and are not directed at individuals below the age of 18 years or the minimum age in your jurisdiction. If you are below 18 years of age or the minimum age in your country, you must not use the Services.

10. Revisions
This Policy may be updated by us from time to time. When we update the Privacy Policy, we will notify you of any material changes to this Policy by updating the “Last Updated” date at the top of the new Privacy Policy, posting the new Privacy Policy, or providing other notice required by applicable law. We recommend that you review this Policy regularly to stay informed of our privacy practices.

11. Contacting us
If you have any questions on the protection of your personal data or any concerns, queries, comments or suggestions to this Policy, you can contact us at privacy@byteplus.com. We will endeavor to provide timely feedback on your complaints and reports after verifying your user identity.



ANNEX

Jurisdiction Specific Supplemental Terms

EEA and UK
If you are using our Services from the European Economic Area ("EEA") or the United Kingdom, the following additional terms will apply.

1. Legal Basis for Processing
Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. The legal bases we may rely on for processing your personal data include:

If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal data is mandatory or not (as well as of the possible consequences if you do not provide your personal data).
The following table provides more details on our purposes for processing your personal data and the related legal bases. The legal basis under which your personal data is processed will depend on the data concerned and the specific context in which we use it.

Purpose/Activity Type of personal data Lawful basis for processing including basis of legitimate interest
Register your account for the Services, to manage and to administer your account. Account Data
Location Data
Third Party Service Data
Technical Data
· Performance of a contract.
Provide and deliver the Services including managing the relationship between you and us. This includes storing your information on an internal relationship management platform. Account Data
Communication Data
Technical Data
Location Data
· Performance of a contract.
Managing orders, billing, payments and promotion campaigns. Account Data
Location Data
· Performance of a contract with you.
Respond to your communications regarding our Services, send you service updates, confirmations, invoices, technical notices, updates, security alerts, support and administrator messages, respond to your enquiries , requests or complaints. Account Data
Financial Data
Communication Data
Location Data
· Performance of a contract with you.
· Consent.
· Otherwise, where the processing is not in the context of an existing or potential contract or consent is not sought from you, for our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you.
Reviewing communications with you for customer support and quality assurance and training purposes, and related recordkeeping. Account Data
Communications Data
· Performance of a contract with you.
· Otherwise, where the processing is not in the context of an existing or potential contract, our legitimate interests (to operate, provide and improve our business; to communicate with you) – where our communications are not necessary to perform or enter into a contract with you.
Personalizing the content you receive and providing you with tailored content that will be of interest to you, or improving your user experience Account Data
Usage Data
Marketing Data
Location Data
· Consent (where applicable under applicable law).
· Otherwise our legitimate interest to operate, provide and improve our business; to use the insights to improve or develop marketing activities and promote our products and services.
Keep our business including our website(s) secure; to detect any abuse of the Services or conduct of any harmful activity and prevent fraud, spam and illegal activity on the Services. For example, online we use malware and spyware monitoring tools to detect suspicious activity and algorithms to detect unauthorised access. Account Data
Technical Data
Usage Data
Communications Data
Location Data
· Necessary for our and our third parties' legitimate interests (to operate and provide our business, including our website(s) and to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).
Manage compliance with our terms of service and related internal reporting. Account Data
Communications Data
· Performance of a contract with you.
· Otherwise, where the processing is not in the context of an existing or potential contract, as necessary for our legitimate interests (to operate, provide and improve our business, including our website(s)]; to detect or prevent illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).
Administer and maintain our website(s) and our IT systems (including diagnostics, monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data). Account Data
Technical Data
Usage Data
· Our and our third parties' legitimate interests (to operate, provide and improve our business, including our website(s); to detect or prevent Illegal activities (e.g. fraud) and/or to manage the security of our IT infrastructure).
Manage our use of tracking technologies such as cookies (including enabling you to manage your cookie preferences) and analyse collected data to learn about our website(s), to improve our websites) and Services and to develop new products and services (including new features or capabilities). This includes website analytics, identifying browsing / purchasing trends and patterns and evaluating this information. Account Data
Technical Data Data
Usage Data
Location Data
· Consent (where required under applicable law – see cookie consent tool on our website).
· Otherwise (for strictly necessary cookies) our legitimate interests to operate, provide and improve our business, including our website(s), to improve our website(s) or use the insights to improve or develop marketing activities and promote our products and services.
Contact current and prospective customers (including in response to sales requests received via the website) about our products and services including to generate and provide information relating to a demo account. Account Data
Marketing Data
Communications Data
· Consent (where required under applicable law).
· Performance of a contract with you.
· Otherwise, where the processing is not in the context of an existing or potential contract, our legitimate interests (to operate, provide and improve our business; to communicate with you and to develop marketing activities and promote our products and services).
Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law. Account Data
Usage Data
Location Data
Communications Data
· Legal obligation (including all applicable data protection law including the EU/UK GDPR).
Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims against us and to conduct litigation to defend our interests. Account Data
Financial Data
Location Data
Usage Data
Communications Data
· Our legitimate interests to protect our business interests.

2. International Transfers
In some cases, your personal data may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Specifically, our servers are located in Singapore, Malaysia, and the United States, and our affiliates, business partners, and service providers operate around the world. This means that when we collect your personal data we may process it in any of these countries.
Where we transfer your personal data to countries and territories outside of the European Economic Area and the UK, which have been formally recognised as providing an adequate level of protection for personal data, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations" (data bridges) from the Secretary of State in the UK.
Where the transfer is not subject to an adequacy decision or regulations, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Policy and applicable laws, for example entry into the European Commission's Standard Contractual Clauses for controller to controller and controller to processor transfers, including the UK Addendum or the UK International Data Transfer Agreement where applicable.

3. Your Rights
Individuals located in the UK and EEA have the following data protection rights. To exercise any of them, contact us using the details provided in the "Contacting us" section above. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

4. Data Controller
The data controller of your information is Byteplus Pte. Ltd.

Indonesia

If you are using our Services in Indonesia, the following additional terms will apply. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail.

If you are using our Services in Indonesia, we will collect, use, disclose and/or process your personal data in accordance with our obligations under the applicable laws in Indonesia relating to the protection of personal data, including: Law No. 11 of 2008 on Electronic Information and Transactions, as amended by Law No. 19 of 2016 ("EIT Law"); Government Regulation No. 71 of 2019 on Management of Electronic Systems and Transactions ("GR 71"); and Regulation of Minister of Communication and Informatics No. 20 of 2016 on Personal Data Protection in Electronic Systems ("MOCIT Regulation 20"), collectively, the "Indonesian Personal Data Protection Regulations".

1. Storage of your personal data
Your personal data will be stored in encrypted form. We will retain your personal data for at least 5 (five) years following the termination of your Account or such other period as required under the Indonesian Personal Data Protection Regulations. We may store your personal data outside of the jurisdiction of Indonesia in which our servers or third party cloud servers cooperating with us are located.

2. Transfer of your personal data
Please ensure that you comply with required standards under prevailing Indonesian Personal Data Protection Regulations when transferring your personal data to us.

3. Data breach notification
In circumstances where we become aware of any occurrence of failure relating to your personal data that is under our control (including if there is any incident relating to encrypted data sent to us which becomes readable), we will notify you in writing within 14 (fourteen) days of acquiring knowledge of such failure. Upon sending such notification to you, we will seek your confirmation regarding whether such data protection failure possesses the potential for damages/loss to be suffered by you.

4. Terminating your Account
After your Account is terminated, we will retain your personal data for the period mentioned in paragraph 1 above. If such retention period has lapsed, we will delete or anonymize your personal data in our possession or under our control pursuant to this Policy.

5. Restriction on the basis of age
By having opened an Account, you represent that you are at least 21 years of age or married or not under guardianship. If you are below 21 years old and you are not married, the Account must be opened under the name of your parent(s) or guardian(s). Further, you represent and warrant that you have obtained consent from your parent(s) or legal guardian(s) unless you indicate otherwise. By consenting, your parent(s) or legal guardian(s) are agreeing to take responsibility for: (i) all your actions in connection with your access to theServices; (ii) any fees or charges associated with your use of any of the Services (as applicable); (iii) your compliance with this Policy; and (iv) ensuring that any action related to your Account will not, in any event, result in any violation of applicable laws and regulations relating to child protections. If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or guardian(s) is not willing to open the Account under their name, you must cease accessing and using our Services.

Brazil

If you are using our Services in Brazil, the following additional terms will apply. In the event of any conflict between the following additional terms and the provisions of the main body of this Policy, the following terms shall prevail.

1. International Transfers
Your personal data may be transferred to, and processed in, countries other than the country in which you are resident.
Specifically, our servers are located in Singapore, Malaysia, and the United States, and our affiliates, business partners and service providers operate around the world. This means that when we collect your personal data we will process it in any of these countries for the purposes of providing the services set out in this Policy.
However, we have taken appropriate safeguards to require that your personal data will remain protected in accordance with this Policy. These include implementing the Standard Contractual Clauses or other transfer mechanisms provided by law for international transfers of personal data between affiliates, which require all group companies to protect personal data they process from Brazil. We have implemented similar appropriate safeguards with our service providers and business partners, and further details can be provided upon request.

2. Your Rights
You have the following data protection rights:

You can exercise these rights by contacting our DPO using the details provided below.

3. Terminating your Account
After your Account is terminated, we will delete or anonymize your personal data in our possession or under our control pursuant to this Policy, except when the retention of the personal data is necessary for the fulfillment of a legal or regulatory obligation or in other cases justified by law.

4. Data Security and Breach Notification
In circumstances where we become aware of any occurrence of failure relating to your personal data that is under our control (including if there is any incident relating to encrypted data sent to us which becomes readable), we may notify you and the Brazilian Data Protection Agency, in writing, if required by law upon becoming aware of such incident.

5. Data Protection Officer (DPO)
If you wish to reach the BytePlus DPO, contact us at: dpo.br@legal.byteplus.com.