Welcome to use VNET's (“VNET,” “we,” “us,” and “our” refer to VNET Group, Inc., and its subsidiaries and, in the context of describing our operations and consolidated financial information, also include its consolidated affiliated entities) products and services, and thank you for your trust.
We highly respect your privacy and prioritize the protection of your personal information. When you use our products and services, we may collect and use your personal information. This Privacy Statement provides information related to the processing activities such as collection, storage, use, and sharing of personal information by VNET, and all products and services provided by VNET. Additionally, this Privacy Statement also explains your privacy rights related to the aforementioned processing activities.
Whether you access our website, business systems, mobile applications, social media accounts via devices like computers, mobile phones, tablets; or access our offline office areas, computer rooms, data centers, use our office facilities, networks, etc.; or use our products and services through other third parties, and carry out the aforementioned actions, this Privacy Statement applies equally.
Therefore, please ensure you read this statement carefully, and only start using our products, services, or undertake the aforementioned actions after you have fully understood and agreed to it. Moreover, if a subsidiary of VNET Group, Inc., or our consolidated affiliated entities, or a specific product/service, has a separate privacy statement, that particular statement will take precedence. Anything not covered by the separate privacy statement will be governed by this Privacy Statement.
This Privacy Statement will help you understand the following:
1. Personal information we may collect
2. How we use your personal information
3. Information we may share, transfer, disclose, and entrust for processing
4. How we retain, store, and protect your personal information
5. Your rights
6. Information about minors
8. Cross-border transfer of information
9. Changes to the statement
10. Contact us
We fully recognize the importance of personal information to you. During the process of personal information processing, we will strictly adhere to the principles of legality, rightfulness, necessity, and integrity, and collect and process your personal information within the minimum required scope. Moreover, the enumeration in this Privacy Statement of potential personal information collection represents the broadest possible range, and does not mean we will actually collect all the information listed below.
1. Personal Information We May Collect
Personal information refers to various information recorded electronically or by other means that is related to identified or identifiable natural persons, excluding information that has been anonymized.
Certain types of personal information may be considered sensitive due to their nature. This includes biometric data, religious beliefs, specific identities, medical and health information, financial account details, travel records, as well as personal information of individuals under the age of fourteen. Sensitive personal information, once disclosed or unlawfully used, can easily lead to violations of a person's dignity or threats to their personal and financial security. You should carefully consider whether to disclose such sensitive personal information when using our products/services. In cases where it is necessary to collect your sensitive personal information, we will explain the types of information collected, the purposes of information processing, and the processing rules in accordance with legal requirements. We will also obtain your explicit consent before proceeding.
We may collect and use your personal information in the following situations:
(1) Using Our Products and Services
When you use our products and services, in order to establish and manage our business relationship and to better provide you with relevant products and services, as well as to achieve specific business functions, we may obtain or collect the following information from you: your name, gender, address, phone number, email address, mailing address, identity card number, passport number, or other identification information, personal portrait photos, and other personal information.
Additional personal information may be required from you due to the specific business functions of the products or services we provide. If you do not use a particular product or service, there is no need to provide us with that specific information. If we require you to provide or collect this information, we will provide you with a full explanation in advance and collect it after obtaining your authorization or explicit consent.
(2) Accessing Our Website, Mobile Applications, and Social Media Accounts
When you interact with us by accessing our website, using mobile applications or social media accounts, we may obtain or collect the following information from you: your account name, nickname, avatar, and other online identity information on that platform.
When you register a personal information subject account on our website or mobile applications, we may also collect the following information provided by you: account registration phone number, email address, associated account username, account login password, and other account information. We may also collect account personal information such as your name, age, gender, personal portrait photos, and location.
In addition, in order to provide you with more convenient and personalized services, we may automatically collect relevant log information when you access our website, mobile applications, or social media accounts. This includes your IP address, access time, search history, browsing information.
(3) Accessing Our Office Areas, Data Centers, and Using Our Business Systems
When you access our offline office areas, computer rooms, data centers, in order to ensure the security of information and property, we may ask you to take the visitor registration. When you access the aforementioned areas or use our business systems, we may collect the following personal information from you:
Personal information: Name, gender, address, phone number, email address, mailing address, identity card number, passport number, or other identification information, personal portrait photos, and other personal information;
Personal job-related information: Company name, contact phone number, company address, department, job position, authorization information, social security information, and other personal job-related information;
Personal biometric information: Facial recognition information, fingerprint recognition information, personal image information, or other necessary personal biometric information for identifying visitors.
When you access or use our business systems, to ensure the normal operation and functioning of the business systems, we may also obtain, with your explicit authorization, the following necessary information:
Permissions for microphone and camera usage on your access/use device;
Access to device photos, contact lists, location permissions on your device;
Device information, location information, operation records, and other necessary information required to achieve the necessary functions of the business system.
(4) Using Our Office Facilities and Networks
When you use our office facilities, networks, and so on, we may collect information such as your name, phone number, email address, location, and device information used.
(5) Product/Service Improvements and Upgrades
To achieve improvements and upgrades to our products and services, we may, with your consent and authorization, obtain or collect the following personal information: name, gender, address, phone number, email address, mailing address, identity card number, passport number, or other identification information, personal portrait photos, and other personal information. Additionally, we may collect personal job-related information such as company name, contact phone number, company address, department, job position, and other relevant information.
(6) Information Provided by Third Parties
Subject to legal permissions, we may obtain your personal information from publicly available sources, and may combine such information with other personal information we have about you.
If you access our products, services, websites, mobile applications, social media accounts, or business systems through third-party providers, and in compliance with legal requirements and with your consent and authorization, we may obtain your personal information from such third parties.
2. How We Use Your Personal Information
We may use the aforementioned personal information collected from you for the following purposes:
1) Conducting business negotiations, establishing partnerships, and signing and fulfilling contracts;
2) Contacting and communicating with you;
3) Managing and maintaining business relationships;
4) Providing you with relevant products/services or implementing corresponding business functions;
5) Improving, upgrading, and maintaining products/services;
6) Evaluating and analyzing the market and customers, offering product/service recommendations, and advertisements;
7) Other purposes with your consent;
8) Necessary for the fulfillment of legal obligations or statutory duties;
9) Other circumstances as stipulated by laws and regulations.
Regarding item 6) offering product/service recommendations, and advertisements, if it involves sending you information such as advertisements or commercial promotions via email, we will provide you with full explanations in advance. You have the choice to receive such information or not, and we will only send it after obtaining your explicit consent. Additionally, we allow you to easily unsubscribe or withdraw your consent when receiving such information.
If we need to use the above information for purposes not specified in this Privacy Statement, we will ask for your prior consent.
3. Information We May Share, Transfer, Disclose, and Entrust for Processing
Unless otherwise required by law or mandatory government authorities' demands, we will not share your personal information with any companies, organizations, or individuals outside of VNET without your explicit consent.
To achieve the purposes stated in this Privacy Statement, there may be situations, such as certain products/services or specific business functionalities, where we may share some of your personal information with our partners. We will only do so after obtaining your prior consent and for legality, rightfulness, necessity, and specific purposes.
We will not transfer your personal information to any companies, organizations, or individuals without your explicit consent. However, in cases involving mergers, acquisitions, or bankruptcy liquidations where the transfer of your personal information is required, we will require the new entity holding your personal information to continue to be bound by this Privacy Statement. Otherwise, we will ask the company or organization to ask for your authorized consent anew.
We will only disclose your personal information under the following circumstances:
1) After obtaining your explicit consent;
2) Disclosures based on legal and regulatory requirements;
3) When required by judicial proceedings;
4) When demanded by government authorities with mandatory requirements.
(4) Entrustment Processing
In the implementation of our products/services or business functionalities, specific modules or functions may involve services provided by external suppliers. For example, we may hire service providers to assist us in providing customer support.
For companies, organizations, and individuals entrusted with processing personal information on our behalf, we will sign strict confidentiality agreements with them, requiring them to handle personal information in accordance with the appropriate security and confidentiality measures and the Privacy Statement.
4. How We Retain, Store, and Protect Your Personal Information
(1) Retention Period
To meet the purposes of collecting and using your personal information as mentioned above, we will retain your personal information for the necessary time. We will take reasonable measures to ensure that your information is kept only for the time required for the collection purposes, unless an extension of the retention period is required or permitted by law.
Unless otherwise required by law or mandatory requirements from government authorities, once you voluntarily request the deletion of the information mentioned above and after your personal information exceeds the retention period, we will no longer commercially use your personal information. We will delete your personal information in accordance with legal requirements or anonymize it.
(2) Protection Measures
We will take all reasonable and feasible measures to protect your personal information. We inform you of the purposes and scope of personal information collection through this Privacy Statement. During the processes of collection, use, storage, and transmission of information, we will also follow mature security standards and regulations in the industry.
1) We establish and improve the information security management system, make use of reasonable security measures and technical means in accordance with industry standards to store and protect your personal information. This is done to prevent information leakage, loss, unauthorized use, or modification. We integrate data protection safeguards into product and service development and continuously improve these measures. In terms of protection measures, we actively and passively protect personal information processing activities through access control, vulnerability scanning, firewalls, data isolation, transmission encryption, etc. to provide comprehensive safeguards. In principle, we conduct internal and external risk assessments and audits of information security policies and systems at least once a year.
2) We have established a Compliance and Information Security Management Committee serving as the highest governing body for VNET's compliance and information security management efforts. The committee has set up a Compliance and Information Security Working Group responsible for the specific implementation and continuous improvement of information security management. We prioritize security management and privacy protection and have achieved significant results. We have obtained the "ISO/IEC 27001: Information security, cybersecurity, and privacy protection – Information security management systems" certification by internationally recognized accreditation institution. Our data centers have completed the record-filing for classified protection of cybersecurity (Level III) with the Ministry of Public Security and have consistently received high scores in the security evaluation for classified protection.
3) We regularly carry out trainings related to information security and privacy protection to improve employees’ skills and increase awareness of the importance of safeguarding information security and personal data. We take managerial, technical, and physical security measures to protect your personal data. For employees and partners who may come into contact with your personal information, we implement commitments, confidentiality agreements, and other measures to clearly define confidentiality requirements and enforce them through rigorous identity verification, authorization, and auditing.
4) When we share certain personal information with our partner after obtained your consent or entrust external vendors processing your personal information, we require our partners or external vendors to implement information protection measures for your personal information they come into contact with and adhere to the requirements outlined in this Privacy Statement.
5) We would like to remind you that the internet is not an absolutely secure environment. Communication methods such as email and instant messaging with other users may not always be encrypted. We strongly recommend that you avoid sending personal information through such methods. Additionally, please set strong passwords when using our products and services to assist us in ensuring the security of your personal information.
(3) Security Incident Response
In response to security incidents, we have established mechanisms for identifying and managing information security risks, as well as an emergency/significant information security incident response mechanism. We regularly conduct risk assessments.
If personal information security incident occurs unfortunately, we will assign dedicated personnel to take responsibility and promptly implement the necessary response measures. We will implement response plans tailored to the specific types of information involved in the security incident, promptly mitigating adverse effects and keeping them within the minimum scope. Additionally, we will take proactive and reasonable remedial measures to eliminate the impact.
We will promptly inform you, in accordance with legal and regulatory requirements, of the basic details of the security incident and its potential impacts, the measures we have taken or will take to address it, advice for you to independently prevent and reduce risks, and the remedial measures we are implementing.
We will inform you of the relevant details of the security incident through email, phone calls, push notifications, etc. If it is difficult to inform each personal information subject individually, we will adopt reasonable and effective methods to publish announcements. Furthermore, we will proactively report the handling of personal information security incidents to regulatory authorities as required.
5. Your Rights
In accordance with relevant Chinese laws, regulations, standards, and common practices in other countries and regions, you may exercise the following rights concerning your personal information:
(1) Access and Obtain Your Personal Information
For the personal information you have provided to us, unless otherwise specified by law, you have the right to access it. For other personal information generated during your use of our products or services, we will provide it to you as long as it does not require excessive efforts on our part. If you need to access or obtain your personal information, please contact us promptly, and we will provide you with access methods or respond accordingly based on your needs.
(2) Correct Your Personal Information
When you discover errors in the personal information we process about you, you have the right to request corrections. If you need to correct personal information, please promptly provide us with the information content that contains errors, along with the correct corresponding personal information, and we will make corrections promptly based on your feedback.
(3) Delete Your Personal Information
You can request the deletion of personal information in the following situations:
1) If we collect and use your personal information without your consent or if you withdraw your consent;
2) If you no longer use our products or services or if you have closed your account;
3) If we no longer provide products or services to you;
4) If our processing of personal information violates the agreement with you;
5) If our processing of personal information violates laws and regulations;
6) Other situations as stipulated by laws and regulations;
When you choose to delete your personal information, we may not immediately delete the corresponding information from the backup systems but will do so when updating the backups.
(4) Change the Scope of Your Authorized Consent
For personal information collected beyond what is necessary for the provision of our products, services, and specific business functions, you can contact us at any time to grant or withdraw your authorized consent.
When you withdraw your consent, we will no longer process the corresponding personal information, and we will be unable to continue providing services associated with the withdrawn consent. However, your decision to withdraw consent will not affect the processing of personal information based on your prior consent.
(5) Account Deletion by Personal Information Subject
You have the right to delete your previously registered account at any time. Upon account deletion, we will cease providing products or services to you, and, at your request, delete your personal information, except as required by applicable laws and regulations or mandatory requirements from government authorities.
(6) Personal Information Subjects’ Access to Personal Information Copy
You have the right to obtain a copy of your personal information. If technically feasible, you can access it yourself through methods such as data interfaces matching. We can also transmit a copy of your personal information directly to you upon your request.
If you request the transfer of personal information to another designated personal information processor and meet the conditions specified by national laws, regulations, and government authorities, we will provide the appropriate transfer method as required by related regulations.
(7) Constraint on Automated Decision-Making in Information Systems
In some business functions, we may make decisions solely based on non-human automated decision-making mechanisms, algorithms, and similar technologies. If these decisions significantly affect your legitimate rights and interests, you have the right to request an explanation from us, and we will provide suitable remedies.
(8) Response to Your Requests
To ensure information security, when exercising the above rights, you may need to provide us with written requests or other means of verifying your identity. We may require you to verify your identity before processing your request.
We generally do not charge a fee for your reasonable requests, but in cases of repeated requests or requests that exceeds the reasonable limits, we will charge a certain fee depending on the situation. For excessive, or technically challenging requests (e.g., need to develop new systems or fundamental changes to existing practices) that may pose risks to the legitimate rights and interests of others or are objectively difficult to implement, we may refuse your request.
In accordance with legal and regulatory requirements, we may not be able to respond to your requests in the following circumstances:
1) Directly related to national security or national defense security;
2) Directly related to public safety, public health, or significant public interests;
3) Directly related to criminal investigation, prosecution, trial, or execution of judgments;
4) There is sufficient evidence to show your subjective malice or abuse of rights;
5) Responding to your request would seriously harm legitimate rights and interests of you or other individuals and organizations;
6) Involves trade secrets;
7) Directly related to our fulfillment of legal obligations stipulated by laws and regulations;
8) Other circumstances stipulated by laws and regulations.
6. Information about Minors
Minors, as referred to below, are users under the age of 18.
Our products/services and related websites/businesses are primarily intended for adults.
We do not intentionally collect personal information from minors for any purpose. If it involves personal information of a minor, we will handle it strictly in accordance with the law. If you are a minor, please do not provide us with your personal information. If you become aware of any such situation involving the collection of personal information from minors, or if you are a guardian and discover such a situation, please notify us promptly so that we can take appropriate measures, including deletion, as necessary.
8. Cross-Border Transfer of Information
The personal information we collect within the territory of the People’s Republic of China (referred to as “PRC”) is stored within the territory of PRC.
The personal information we collect outside the territory of PRC is generally stored within the territory of PRC. However, in certain circumstances, your information may be stored outside the territory of PRC.
If some of our products or services involve cross-border data transfer, by using our products and services or providing us with your personal information, you consent to us collecting, storing, transmitting, using, and processing your information outside of your country/region in accordance with this Privacy Statement. When conducting cross-border data transfer, we will strictly adhere to legal requirements and take reasonable measures to protect your personal information.
However, in cases involving cross-border data transfer, different regions may have different data protection laws or even lack relevant laws. In such cases, we will ensure that your personal information receives the same level of protection as it would within the territory of China. For example, we may request your consent for the cross-border transfer of personal information or implement security measures such as data de-identification before transferring data across borders.
9. Changes to the Statement
We may make modifications to this Privacy Statement in time, and such modifications constitute a part of this Privacy Statement. The latest version and the last update date of the Privacy Statement will be posted on this website to keep you informed about the latest changes.
If you do not agree with these changes, you may discontinue using VNET's products and services and cease all activities mentioned in the introduction section of this Privacy Statement, such as accessing the website, business systems, office areas, and so on. If you choose to continue these activities, it signifies your agreement to be bound by the modified privacy statement.
For significant changes, we will provide more prominent notices, including sending emails or push notifications for certain products/services, explaining the details of the specific changes to the Privacy Statement.
Significant changes referred to in this Privacy Statement include, but are not limited to:
(1) Significant changes in our service model, such as significant changes in the purposes and types of personal information processing, and significant changes in how personal information is used;
(2) Significant changes in the primary recipients of personal information sharing, transfer, or disclosure;
(3) Significant changes in your rights and methods of exercising your rights in personal information processing;
(4) Significant changes in the department responsible for personal information security, contact information, and complaint channels;
(5) When personal information security impact assessments indicate high risks;
(6) Significant changes in our ownership structure, organizational structure, and other aspects, such as changes in ownership resulting from business adjustments, bankruptcy, mergers, and acquisitions, etc.
We will also archive previous versions of this Privacy Statement for your reference.
The Chinese and English versions of this Privacy Statement are available on this website. If there is any discrepancy between the two versions, the Chinese version shall prevail.
10. Contact Us
If you have any questions, suggestions, or comments regarding our privacy statement or matters related to your personal information, please feel free to contact us through the following channels:
Address: No. 10, Jiuxianqiao East Road, Chaoyang District, Beijing, PRC
Contact Number: 400 651 9966
Normally, we will respond to your feedback within 30 working days of receiving it.
If you are not satisfied with our response, especially if our handling of personal information has harmed your legitimate rights and interests, you can seek solutions through the following external channels:
File a lawsuit with the People's Court of Chaoyang District, Beijing, where VNET is located.
The last update date of this Privacy Statement is October 31, 2023.