Data is critical to the digital economy. Almost every online action we take produces data, whether it’s something as simple as paying a friend or looking up a restaurant. Data can be used to help companies improve their products and services, maximizing value to users.
User privacy and data security are the top priorities at Tencent. We believe that protecting the privacy of our users’ data is essential to creating both safe and market-leading user experiences, and that users should be in control of their data and well informed about how their data is collected and used. This is why we practice “Privacy by Design” and “Privacy by Default” in developing our products and services.
It’s important to be transparent about how we manage data so we can build trust with users and help make our products and services safer and more accessible for everyone.
Design
Tencent focuses on privacy at every level. Our dedicated privacy and legal teams work hand-in-hand with our product teams to ensure that our products and services are built with privacy in mind from the ground up and comply with all applicable laws and regulations. Our product teams also work closely with our engineering teams to ensure that our data collection and data use practices are transparent.
We believe that users should be able to manage their own data. Our products and services are designed to minimize the amount of data that Tencent, or anyone else, collects and has access to. When data is collected, we provide a wealth of user controls so users can manage how much of their data is collected, used, and shared. These features have been researched, designed and implemented over many years in order to protect users’ privacy and allow them to directly manage their data.
Privacy by Design
Our approach to data protection follows the widely recognized ‘Privacy by Design’ concept, which is the foundation on which all of our products and services are designed and developed. ‘Privacy by Design’ means integrating privacy protection features from the very early stages of development to ensure it is a core component of a new product or service. We then continuously think about and aim to improve privacy protection throughout the product lifecycle. Our approach to ‘Privacy by Design’ is encapsulated in three words: ‘Person-Button-Data’.
Tencent’s Data Protection Officer is available to address any and all questions regarding Tencent’s privacy practices, or any product-specific privacy policy, at dataprotection@tencent.com.
Internationally-recognized efforts
Tencent’s data privacy protection efforts are internationally recognized. WeChat/Weixin and QQ have secured TrustArc and ISO/IEC 27018 accreditations, and Tencent Cloud has secured CISPE and ISO 27701 accreditations, among others.
Building a Secure and Privacy-Focused Culture
Culture and Responsibility
We are committed to developing and maintaining a privacy-focused culture, placing user privacy at the heart of everything we do. We believe that protecting our users’ privacy is a shared responsibility for each member of our team regardless of job function or level, and we provide comprehensive and regular company-wide privacy education and awareness training programs for all of our employees. We systematically communicate our privacy and cybersecurity guidelines and procedures to all staff, and strictly enforce safeguards across our products and services at all levels.
Oversight
Tencent and its board of directors have always attached great importance to the protection of our users' personal data. Tencent has a top-down approach when it comes to data privacy compliance and has developed a robust internal evaluation process to ensure that all products are fully assessed to comply with all applicable data privacy laws, and that all data collected are securely transmitted and stored.
Privacy Impact Assessments
As part of our privacy-focused work, we regularly undertake Privacy Impact Assessments (PIAs) for our products and services. These PIAs evaluate the privacy-related risks of our products and services in the relevant jurisdictions where we operate. Our dedicated privacy legal team identifies, highlights, and manages privacy risks and minimizes potential impacts to individual rights and any other adverse privacy issues.
Incident Management
Tencent has comprehensive systems in place to ensure that our teams respond rapidly to information security incidents (such as attacks from attrition, ransomware, the web, email, impersonation, improper usage, system outages and deletion, loss or theft of data, etc.). Our main goals are to ensure the integrity of our systems, to protect the data entrusted with us by users, and ensure we meet all business and compliance regulations. We use various incident analysis mechanisms and risk protocols to ensure that Tencent responds appropriately and swiftly to any threat detected.
Reporting
Government Enforcement
Tencent acts in accordance with applicable laws and is guided by the following general principles whenever we receive requests for disclosure of data from authorities and regulators:
