Huawei Cloud Privacy Statement History Version (V1004 August 2023)

Huawei Cloud Privacy Statement History Version (V1004 August 2023)

Huawei Cloud ("Huawei Cloud", "we", "our" and "us") understands how important your privacy is to you and fully respects it. Please carefully read this Privacy Statement ("Statement") before you submit your personal data to us. This Statement applies to https://www.huaweicloud.com/intl/en-us/ ("Website"), and all products and services that contain or refer to this Statement (collectively “Services”).

This Statement does not apply to Your Content that we process as a provider of Huawei Cloud, on behalf of our customers as their data processor, based on Huawei Cloud Data Processing Addendum. "Your Content" is defined in the Huawei Cloud Customer Agreement you entered into with Huawei Cloud, and without prejudice to such definition, it covers all data (including personal data) that you entrust to Huawei Cloud. Our materials, data and information do not form part of Your Content.

This Statement describes how we collect, use and disclose your personal data, as well as our legal bases for processing, and the security measures implemented by us to protect your personal data. It also demonstrates your rights in connection with your personal data, and other related details you need to know before you provide personal data to us. We may inform you of product- or service-specific data collection which is not reflected in this Statement through supplementary policies or notices provided before the relevant collection of your personal data.

By interacting with us, using our Website, submitting information to us, or signing up for our Services, you agree and consent to Huawei Cloud (including its affiliates), as well as our third-party service providers, representatives and/or agents, collecting, using, and disclosing your personal data in the manner set forth in this Statement.

We have created this Statement to help you understand:

  •      1. How Huawei Cloud Collects Your Personal Data
  •      2. How Huawei Cloud Processes Your Personal Data
  •      3. How Huawei Cloud Uses Cookie and Similar Technologies
  •      4. How Huawei Cloud Shares Your Personal Data
  •      5. How Huawei Cloud Protects Your Personal Data
  •      6. How Long Huawei Cloud Retains Your Personal Data
  •      7. How to Access and Control Your Personal Data
  •      8. How Huawei Cloud Handles Personal Data of Children
  •      9. How Your Personal Data Is Transferred Internationally
  •      10. How This Statement Is Updated
  •      11. How to Contact Huawei Cloud
  •      12. Additional Information for Certain Jurisdictions

 

1. How Huawei Cloud Collects Your Personal Data

Personal data means any information (whether true or not) relating to an identified or identifiable natural person, including information that can identify an individual when taken in combination with other information to which we have or are likely to have access. We collect personal data from you in the course of your interaction with us for various purposes, such as providing you with the Services and maintaining the best possible operations of the Services. Your interaction with us may include: registering a Huawei Cloud account (the “Account”) with the Website, subscribing to the Services, completing payment with us, contacting us when experiencing (technical) problems, browsing our Website and configuring your settings for your Account.

If you provide us with any personal data relating to a third party (e.g. information of your employees and/or end users), by submitting such information to us, you represent and warrant to us that you have notified such third party of the terms of this Statement, and that such third party has consented to you disclosing his/her personal data to us for the collection, use and disclosure of their personal data by us as described in this Statement.

Depending on your use of the Services, we collect the following personal data:

a) Personal data provided through Huawei ID (which may be collected by our affiliate administering Huawei ID accounts and shared with us) to register the Account, such as mobile phone number, email address, account name, account ID, country/region as required for registration. For more information about Huawei ID, please refer to Statement About HUAWEI ID and Privacy.

b) Personal data provided when you manage your information, including account information (such as account name, avatar, and authentication credential), contact information (full name, email and mailing address, mobile phone number), business information (company name, industry, position, country/region, tax information) and payment information (bank account information including credit card number, expiry date and security code, invoice information).

c) Personal data provided when you order, subscribe to or use the Services, including your account information, order information, transaction information and service information. If the service you select runs on Chinese infrastructure, personal data collected may include your name, ID card number (such as passport or driver's license number), and a scanned copy of your ID card, passport or driver's license when you choose individual real-name authentication in accordance with the laws and regulations of China.

d) Personal data provided when you contact us or request support or help from us through various ways (such as service ticket, hotline, customer service), including account information, operation and maintenance information, contact information, business information, service information (such as service name, specifications, configuration information), chat sessions, phone conversations, problem description, and other information you submit (such as text, picture, video).

e) Personal data provided when you sign up as a seller on KooGallery, including contact information (full name, email and mailing address, mobile phone number) and self-introduction description.

f) Personal data provided when you join Huawei Cloud Partner Network (“HCPN”), including name, phone number, and email address of a business contact person.

g) Personal data provided when you participate in marketing activities (including open beta testing (OBT) activities, promotion activities, market survey, or satisfaction survey), including contact information, business information and problem description information.

h) Personal data obtained and collected automatically by us when you access and use the Services, including your browser history, access date and time, browser information (including but not limited to fonts, types), your activities on the Website, hardware and software features, network link information (such as IP address) and other information about your use of Services (such as service information, transaction information, billing information, operation and maintenance information).

i) Personal data that we legally obtain from business partners which join HCPN, sellers or third parties. We may receive and collect personal data about you from publicly and commercially available sources as permitted by applicable laws and regulations.

Many of the Services require personal data to operate. If you choose not to provide the data required, you may not be able to use those Services. For example, if you do not register for an Account on our Website by submitting your personal data, you cannot purchase the Services. In other cases, where providing personal data is optional, and you choose not to submit your personal data, you may be unable to use certain features of the Services, such as personalization. However, this will not affect your use of other features of the Services.

 

2. How Huawei Cloud Processes Your Personal Data

We process your personal data for the following purposes:

a) Creating your Account and managing your Account.

b) Performing a contract entered into with you, in particular processing your transaction or service requests, including orders, requests for purchase, payment and use; providing you with certain seller services (such as releasing and listing of Services on KooGallery), or providing you with business partners services (such as training and enablement, professional technical support, and marketing).

c) Responding to your requests, inquiries, comments or suggestions about us, including requests for changes or information (such as materials on the Services, and white papers).

d) Delivering, activating, or verifying the Services; providing maintenance services, customer service and technical support.

e) Contacting you and sending you notices related to the provision of the Services by telephone, email and other means.

f) Sending you information about the Services that may interest you; inviting you to participate in Huawei Cloud activities (including promotional activities), market surveys or satisfaction surveys; or sending you marketing information. If you do not want to receive such information through messages, please refer to paragraph 7(c) below.

g) Using automated processes to tailor your Services experiences based on various data, including your personal data, and providing you with personalized user experience and content on such basis.

h) Evaluating and improving the Services through troubleshooting, internal audits, data analysis and research.

i) Ensuring the security of the Services and our customers and users, executing and improving our loss prevention and anti-fraud programs.

j) Complying with and enforcing applicable legal or regulatory requirements, or industry standards.

k) Any other purposes which we may separately notify you and obtain your consent for.

We process your personal information on one or more of the following legal bases:

a) As necessary to enter into a contract with you or a legal entity you represent, or to perform our contractual obligations, e.g. to provide Services, to respond to requests from you, or to provide customer support;

b) Where processing is based on our legitimate interests and those of third parties as described in this Statement;

c) When necessary to comply with applicable law and relevant legal obligations;

d) When you have given your consent.

 

3. How Huawei Cloud Uses Cookie and Similar Technologies

To ensure our Website works correctly, we may at times place cookies on your computer or mobile device. Please see our Cookie Policy for details on the cookies and similar technologies we use and how they process your data.

 

4. How Huawei Cloud Shares Your Personal Data

Sharing means providing third parties with personal data, where such third parties would handle the personal data independently of us or on our behalf. We do not share your personal data with third parties without your consent, except in the following circumstances or as described in this Statement:

a) Third parties under your instruction. We may share your personal data with your consent and/or in accordance with your instructions.

b) For compliance, fraud prevention and security. We may share your personal data for the purposes of complying with applicable laws and regulations and enforcing or applying our terms or agreements, protecting the rights or property of Huawei Cloud, and protecting our customers and/or the public. For example, we may share your personal data, when we believe sharing is necessary or appropriate to prevent or defend against cyber threat, fraud, physical harm, or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.

c) Affiliates. We may share your personal data with our affiliates including Huawei Cloud Computing Technologies Co., Ltd. located in China, for purposes of transactions support, Services support, delivery and maintenance support, customer service support and technical support or security support, and for other reasonable purposes, to the extent required by the Services.

d) Partners. We may share your personal data with our partners or enable partners to collect information (including your personal data) directly via the Services, such as your billing information and account information, for the purpose of implementing our Services and/or other reasonable purposes. Our partners may include:

1) Third-party Service providers, including business partners and sellers: Some Services may be provided directly by third-party providers. In such cases, we may share with them the relevant account information, contact information, order information and transaction information to fulfil the transaction, after-sales service or service delivery. For example, if you purchase third parties’ Services via KooGallery, we need to share your personal data with them to fulfil the transaction. If you have enabled features or functionality that connect the Services to a third-party platform or social media network (such as by logging in to the Website using your account with the third-party, providing your access token for the Services to a third-party, or otherwise linking your account to a third-party’s services), we may share the personal data that you authorized us to share for this purpose. If you connect your account with a solution provider’s account, we need to share the necessary information with them in order to facilitate the service. Third-party Service providers’ names will be publicized on the product or service details page and third-party Service providers may have their own separate privacy policies and are not subject to the Statement.

2) Service providers and professional advisors. We may share your personal data with third party companies and individuals that provide services on our behalf or help us operate the Website and the Services (such as supply, payment, marketing, data analytics and compliance assessment). We share such data only for purposes consistent with this Statement or under your authorization. For example, we may need to share your order information with logistic service providers in order to arrange delivery, and we may need to share your payment information with payment service providers (e.g. Worldpay, learn more about Worldpay Privacy Policy) in order to confirm and proceed with your payment instructions. We may share your personal data with professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services that they render to us.

When we share your personal data with third parties, their responsibilities and obligations will be governed by contracts and we will require them to take appropriate measures to ensure the security of the personal data shared and/or processed.

 

5. How Huawei Cloud Protects Your Personal Data

We take the security of your personal data seriously. We take appropriate physical, organizational, and technical measures to protect your personal data. For example, we use encryption to ensure data confidentiality; we use trusted protection mechanisms to prevent malicious data attacks; we deploy access control mechanisms to ensure that only authorized personnel can access your personal data; and we raise awareness among employees about the importance of protecting personal data through security and privacy protection training sessions. While we take the utmost care to protect your personal data, please note that no security measures are completely infallible. You can find more details on our security measures at Huawei Cloud Security. To this end, Huawei Cloud takes the following measures:

a) Sets up a privacy protection organization to identify and manage personal data protection risks.

b) Adopts strict data security and personal data protection policies, in accordance with the risk of the categories of data processed. Develops security breach response and data breach process to reduce privacy and security risks brought by personal data breaches and guide relevant departments to handle personal data in compliance with laws and regulations.

c) Holds security and privacy protection training courses, tests, and publicity activities to raise employees' personal data protection awareness.

d) Takes reasonable and feasible measures to ensure that the personal data collected is minimal and relevant to what is necessary in relation to the purposes for which they are processed.

e) Takes a range of measures such as an entrance and exit control, entrance guard systems and CCTV system to ensure the physical security of the data centers to prevent unauthorized persons from gaining access to data processing systems with which personal data are processed or used.

f) Deploys access control mechanisms and implements hierarchical permission management on them based on service requirements and personnel levels to ensure that only authorized personnel can access personal data.

g) Clearly defines and assigns cyber security roles and responsibilities, and implements separation of duties (SOD) based on a risk assessment to reduce risks to prevent data processing systems from being used by unauthorized persons.

h) Encryption and pseudonymisation of personal data, as appropriate, using recommended industry standard protocols to prevent data breach and unauthorized access,

i) Degausses the discarded storage media before returning to the warehouse to ensure that software-based overwriting shall be performed on media prior to their disposal. In cases where this is not possible (CD’s, DVD’s, etc.) physical destruction shall be performed.

j) Implements appropriate O&M security management and technical measures, including identity authentication and access control, change and event management, vulnerability management, configuration management, event logging, and continuously monitors cyber security events and threats, detects exceptions in a timely manner, and proactively takes measures to deal with them to ensure that personal data cannot be read, copied, altered or removed by unauthorized persons.

k) Implements protection mechanisms such as DDoS protection to protect networks from attacks, develops vulnerability management policies, evaluation standards, and management processes to manage security vulnerabilities throughout the lifecycle. In addition, regularly runs vulnerability scanning programs to detect potential security vulnerabilities and promptly take countermeasures.

l) Strictly selects business partners and service providers and incorporates personal data protection requirements into commercial contracts, audits, and appraisal activities.

Although we protect your personal data, you are responsible for safekeeping your login data including account ID, account name and passwords.

If you find that your account ID is being used by others without your permission, please promptly notify us. You have the right to request us to suspend any unauthorized use of your Account.

In summary, Huawei Cloud is committed to protecting your personal data. Nevertheless, no security measure is perfect and no product, service, website, data transfer, computing system, or network connection is absolutely secure.

To cope with possible risks, such as personal data breach, damage, and loss, Huawei Cloud has developed several mechanisms and control measures, clear rating standards of security incidents and vulnerabilities, and corresponding processing procedures. Huawei Cloud has established a dedicated emergency response team to implement security planning, loss reduction, analysis, locating, and remediation, and to perform tracking operations with related departments based on security incident response regulations and requirements.

 

6. How Long Huawei Cloud Retains Your Personal Data

We will retain your personal data for no longer than is necessary for the purposes set out in this Statement, unless otherwise required by laws or requested by you. The data storage period may vary depending on the processing purpose and the relevant Service.

We will maintain your account information as long as is necessary for us to provide the Services to you or to perform our obligations or exercise our rights under agreements related to the Services. You can choose to close your Account. After you close your Account, we will stop providing you with the Services and delete your relevant personal data within reasonable time, provided that we are not required to continue to process certain of your personal data by law, e.g. for accounting or bookkeeping purposes or to perform our obligations, or exercise our rights under agreements related to the Services.

 

7. How to Access and Control Your Personal Data

It is your responsibility to ensure that all personal data submitted to us is correct. We are dedicated to maintaining the accuracy and completeness of your personal data and keeping your personal data up-to-date based on the information you provide to us.

According to the applicable laws and regulations of some countries and/or regions, data subjects may have rights to make requests (hereinafter referred to as “requests”) of accessing, correcting, deleting or erasing the personal data retained by us.

You can easily amend and control the personal data relating to you, which we hold, as follows:

a) Account information: If you want to add or update personal data related to your Account, please access the Website and log in to your Account via Log in > My Account. For modification of information provided through Huawei ID, please refer to Statement About HUAWEI ID and Privacy.

b) Cookie: Regarding the management of Cookie, please see our Cookie Policy.

c) Messages: Please access the Website and log in to your Account's mailbox via Log in > My Account > unread messages. You can set your preferences in the upper right corner of your mailbox via Message Receive Management.

You may have the following rights regarding your personal data under applicable laws:

a) Right to access the personal data we hold about you and obtain copies thereof;

b) Right to request us to update or correct your personal data;

c) Right to request us to erase your personal data;

d) Right to object to our processing of your personal data;

e) Right to restrict our processing of your personal data;

f) Right to obtain your personal data and have us transfer it to a third party of your choice (data portability); and

g) Right to lodge a complaint with the competent data protection authority.

Please note that these rights are not absolute and may be restricted in accordance with applicable laws. If you need our assistance to exercise the rights above, please contact us as set out in Section 11 “How to Contact Huawei Cloud” below.

Generally, we will respond to you within 30 days, unless otherwise required by applicable laws. Depending on the complexity of your requests, we may extend the period by a further two months. In this case, we will inform you of the extension and its reasons within 30 days of receiving your request. Please note that under some circumstances, for example where we cannot verify your identity, where we are prohibited by law from giving effect to your request, or your request exceeds your rights under applicable laws, we may refuse your request. In this case, we will inform you in writing that your request is refused together with the reasons for our refusal.

You can change the authorized personal data collection scope or withdraw your consent, without affecting the lawfulness of the processing activities based on the consent and prior to such withdrawal. Your right to withdraw consent can be exercised by setting privacy options on your Account, disabling related Services, or deleting your Account. You may also seek help by contacting us as set out under Section 11 “How to Contact Huawei Cloud”.

You can delete your Account in the account-related Services. After you delete your Account, we will stop providing Services, and delete your personal data unless otherwise required by law. Your Account cannot be restored after deletion. You need to register a new Account if you want to use related Services again.

 

8. How Huawei Cloud Handles Personal Data of Children

Our Services are only intended for adults. Minors are not allowed to create their own user Account. If you are a minor, you may use our Services only with the involvement of a parent or guardian.

 

9. How Your Personal Data Is Transferred Internationally

Your personal data is stored on a server located in Singapore, and we serve you through our global resources. In order to provide the Services to you, your personal data may be transferred to or accessed by countries/regions where Huawei Cloud, Huawei Cloud’s affiliates, Huawei Cloud’s partners are located.  

These countries/regions may have different data protection laws, which may impose less stringent data protection requirements. In such cases, we will ensure the transfer is in accordance with applicable laws and regulations (including by ensuring that overseas recipients are subject to confidentiality and data protection obligations where appropriate), as well as this Statement.

 

10. How This Statement Is Updated

We may update or modify this Statement from time to time according to changes in our Services or data processing. If we update this Statement, we will publish the latest version of the Statement on the Website or by otherwise notifying you. The modified terms will come into effect immediately upon posting or otherwise notified by us. You are advised to review this Statement periodically for any changes.

 

11. How to Contact Huawei Cloud

Country/Region in Which You Are Registered

Data Controller (Entity You Have Contracted With)

Address

South Africa

Sparkoo Technologies South Africa (Pty) LTD.

Building 17 - Huawei Office Park, 124 Western Service Road, Woodmead - Johannesburg, Gauteng, 2191

Chile

Sparkoo Technologies Chile SpA

ROSARIO NORTE 530 OF 1101 LAS CONDES

Peru

Sparkoo Technologies PERU S.A.C.

Calle Las Begonias 415, Int. 2301, San Isidro, Lima 27, Perú

Brazil

Sparkoo Technologies Do Brasil Ltda.

Avenida Doutor Chucri Zaidan, S/N, conjunto 252, Edifício EZ Towers, Vila São Francisco, São Paulo/SP, CEP 04711-130

Thailand

Sparkoo Technologies (Thailand) Co., Ltd.

No. 9, G Tower Grand Rama 9, Room No. GN01-04, 35th Floor, Rama 9 Road, Huaykwang Sub-district, Huaykwang District, Bangkok Metropolis

Hong Kong

Sparkoo Technologies Hong Kong Co., Limited

7/F., Tower 6, The Gateway, No. 9 Canton Road, Tsimshatsui,Kowloon

Countries other than the above

Sparkoo Technologies Singapore Pte. Ltd.

1 Changi Business Park Ave 1 #05-01/06 Singapore 486058

Data controller: If there are any conflicts between the table and the contracting party displayed in the Account Center, the information set out in the Account Center shall prevail.

We have set up a dedicated personal data protection department (or data protection officer). If you have any questions, comments, or suggestions, please contact us or submit them to our global offices. If you want to exercise your privacy rights, or wish to raise or consult us on any privacy issues please visit our Data Subject Right Portal: https://www.huaweicloud.com/intl/en-us/personal-data-request.html. You can also contact us by email [dposg@huaweicloud.com]. You can also raise a concern or lodge a complaint with a data protection authority or other official with jurisdiction.

If you are customers from Malaysia, please refer to our Privacy Statement in Malay at https://www.huaweicloud.com/intl/en-us/declaration/sa_prp_ms.html.

 

12. Additional Information for Certain Jurisdictions

We provide additional information about our controllers and data protection officers (as applicable), the privacy, collection, and use of personal information of prospective and current customers of Huawei Cloud Offerings located in certain jurisdictions.

Türkiye

You may have the following rights regarding your personal data under the Turkish law:

a) Right to access the personal data we hold about you and obtain copies thereof;

b) Right to request us to update or correct your personal data;

c) Right to request us to erase your personal data;

d) Right to object to our processing of your personal data;

e) Right to restrict our processing of your personal data;

f) Right to obtain your personal data and have us transfer it to a third party of your choice (data portability);

g) Right to learn whether your personal data are processed or not;

h) Right to demand for information as to if your personal data have been processed;

i) Right to learn the purpose of the processing of your personal data and whether these personal data are used in compliance with the purpose;

j) Right to know the third parties to whom your personal data are transferred in country or abroad;

k) Right to request reporting of the operations carried out related to erasure of your personal data to third parties to whom your personal data have been transferred;

l) Right to object to the occurrence of a result against you by analyzing the data processed solely through automated systems; and

m) Right to lodge a complaint with the competent data protection authority.