Terms and Policies
- Legal
- Service Level Agreements
- Container and Middleware
- Middleware
- Serverless
- Microservice
- Storage
- Essential Storage Service
- Storage Data Service
- Smart Data Processing
- Database
- Networking
- Cloud Networking
- CDN and Communication
- CDN and Acceleration
- Media Services
- Media Services
- Media Processing
- Cloud Rendering
- Low-Code Development
- Security
- Business Security
- Risk Control Engine
- Cloud Security
- Data Security
- Security Services
- Network Security
- Big Data
- Data Analysis
- AI and Machine Learning
- AI Infrastructure
- Voice Technology
- Image Creation
- Video Creation Large Model Service
- Enterprise Applications
- Domain Management
- Domains and Websites
- Office Collaboration
- Industry Applications
- Medical Services
- Education Services
- Developer Services
- Cloud Resource Management
- Information Requests Europe
- Information Requests North-America
- Information Requests South-Korea
- Information Requests Rest of World
Privacy FAQs
Last updated: 2025-03-20 14:20:14
1. Introduction
We take your data privacy and security very seriously. Whether you are an individual user, a small business owner or a large corporation, we take steps to ensure that your content is stored and processed by us in a transparent way and using secure and reliable technology.
We understand that your trust is something we earn. As part of that process, we work to keep you informed of our data security policies and measures, as they may change over time.
These FAQs explain some basic principles that we apply to our provision of Tencent Cloud, particularly for those customers and prospective customers who have questions about how Tencent Cloud meets the requirements of data protection laws and other applicable regulations concerning data privacy and security.
These FAQs are intended to be a general overview and do not constitute legal advice. We urge you to consult with your own legal counsel to familiarise yourself with the requirements that govern your specific circumstances and to take advice as necessary.
2. How does Tencent Cloud help to ensure that we handle personal data in compliance with data protection laws?
At Tencent Cloud, data privacy and protection are top priorities. We develop our products, business practices, and customer agreements in accordance with global data privacy requirements. While data protection laws vary across different regions across the world, we maintain a comprehensive privacy and security programme directed at protecting the confidentiality, integrity, and availability of your content, including your personal data. We also maintain clear policies on the processing of personal data. We continuously monitor evolving data protection requirements and update or revise our administrative, technical, and operational measures to stay aligned with these requirements.
3. Is Tencent Cloud a controller or processor of personal data?
Under many global privacy laws, a data controller determines the purposes and means of processing personal data, while a data processor processes data on behalf of the data controller.
Tencent Cloud customers will typically act as the data controller for any personal data they provide to Tencent Cloud in connection with their use of Tencent Cloud’s services. We act as a data processor for such information.
We also hold personal data that you provide to us to set up and manage your account and our services, and personal data generated in connection with your use of our services (“Administrative Information”). We are the data controller of Administrative Information. Our Privacy Policy informs you of your choices and our practices regarding your Administrative Information.
4. How does Tencent Cloud protect our customer business data from unauthorised third party access?
As a data processor, Tencent Cloud does not access customer business data unless we have obtained the customer’s authorization (for example, to assist with addressing a technical issue). However, in most cases, the operation and maintenance personnel of Tencent Cloud platform do not need to access customer business data when providing technical support to customers. To the extent where customer clearly requires support from Tencent Cloud to process customer business data, Tencent Cloud will process strictly in accordance with the principle of minimum necessity.
Customers have control over their data hosted in the cloud and are ultimately responsible for the security management of their own business data stored in the cloud.
Tencent Cloud has implemented a comprehensive privacy and security programme for the purpose of protecting the confidentiality, integrity, and availability of your content. This includes stringent rules on internal network isolation to achieve access control and border protection for internal networks (including office networks, development networks, testing networks and production networks) by way of physical and logical isolation. We have designed and implemented the following measures to protect customer’s business data against unauthorized access:
Security standards for different data classification;
a set of authentication and access control capabilities at the physical, network, system and application levels; and
a mechanism for detecting big data-based abnormal behaviour.
For additional information regarding security controls, please see the Tencent Cloud Security Whitepaper.
5. How does Tencent Cloud help to protect customers’ privacy/ help customers to comply with data protection laws of different regions?
Data privacy regulations vary across regions and countries, and data privacy obligations also vary company by company, depending on their industry, the nature of personal data collected, policy commitments, and internal compliance processes. At Tencent Cloud, we actively monitor evolving data protection requirements in the jurisdictions where our customers do business.
When Tencent Cloud acts as a data processor, Tencent Cloud supports customers to fulfil their data compliance obligations by implementing the following:
We process personal data only for the limited and specified purpose of providing the services, and other agreed purposes, in accordance with your written instructions (including instructions given provided via our Console) and applicable data protection laws;
We implement contractual, technical, and organizational measures (see further details in question 6. below) commensurate with the product nature to protect data confidentiality, integrity, and availability of the customer’s data;
We process this data in regions that you have selected, unless otherwise disclosed in the Data Processing and Security Agreement, including in Section 9, which sets forth information regarding Tencent Cloud Modules if you use the specific Feature (as defined in each relevant Module).
Depending on the product or service you engage with, Tencent Cloud may offer different tools to help our customers comply with their obligations, such as tools for data controllers to access, rectify, restrict the processing of, or delete personal data that they provide to Tencent Cloud to process. For example, Tencent Cloud provides a service console to facilitate customers to manage their purchased services through accessing, rectifying, restricting the processing of, or deleting the data that they transfer to Tencent Cloud. Another example is, Cloud Access Management (CAM) is a customer permission management system provided by Tencent Cloud to help customers securely and finely manage the access to Tencent Cloud products and resources. You can create customers or roles in access management, assign them separate security credentials (console login password, cloud API key, etc.) or request temporary security credentials for them to access Tencent Cloud resources. You can manage permissions to control what operations customers and roles can perform and what resources they can access.
Other than the provision of the aforementioned tools, Tencent Cloud also has a dedicated data protection mailbox which helps customers to fulfil their data subject rights requests under the applicable data protection laws such as correction and deletion of personal data requests.
Tencent Cloud has confidentiality and privacy training programs for our employees and other than that, our employees are also required to maintain confidentiality over any customer personal data we process.
For information on how we protect customer business data from unauthorised third party access, please also see question 4 above.
6. What steps has Tencent Cloud taken to protect customers’ privacy and security?
Protecting customers’ data’s privacy and security is at the heart of Tencent Cloud’s services. Tencent Cloud has built cloud services in accordance with applicable data protection laws and internationally recognised standards for information security and IT management, thereby providing our customers with cloud services certified by authoritative third-party accrediting agencies. For information on our various country- and industry-specific certifications, please see the Tencent Cloud Compliance Center.
7. Who owns and controls your content?
You do. All content that you upload to Tencent Cloud remains yours, and you remain in control of it.
8. Does Tencent Cloud share your content with third parties?
Tencent Cloud is designed to protect the confidentiality, integrity, and availability of your content. We will not share your content with any third parties other than to provide our services, when you direct us to do so, or in exceptional circumstances, such as where we are legally required to do so (for example, if we are required to do so by law or are subject to a court order for disclosure), or where we need to do so in order to enforce or protect your rights, our own rights, or the rights of other users.
Please consult our Tencent Cloud Terms of Service and Privacy Policy for further details of the limited circumstances in which we will disclose your content.
9. What rights do individuals have over their personal data?
We are committed to giving customers transparency and control over their data. Data subject rights are the rights that individuals (or “data subjects”) may have to view, correct, export, and delete personal data that companies hold about them in accordance with the applicable data privacy laws.
Depending on your jurisdiction, you may have certain data subject rights under applicable local law. We have built controls into our products and services so you can see what personal data Tencent Cloud has collected and you can make choices about that data. Please see the “Your Rights” section of our Privacy Policy for further information about these rights.
Please note that to the extent we process your personal data as a data processor, we may direct you to the data controller to exercise your data subject rights as appropriate.
10.Does Tencent Cloud use any sub-processors?
We use various sub-processors to provide the Tencent Cloud services to our customers. These sub-processors may change from time to time. For more information, please see the Data Processing and Security Agreement for more detail and the list of third parties used on the Third Party Information page.
Tencent Cloud carefully selects sub-processors to ensure they meet same standards of data protection as those guaranteed in customer agreements. It is imperative to us that our selected sub-processors have implemented appropriate technical and organizational measures to safeguard the personal data they receive and process.
11.How does Tencent Cloud respond to regulatory requests for your content and personal data?
We may, from time to time, receive regulatory requests to disclose your content and personal data to regulators, government agencies, or law enforcement bodies. We will not disclose any of your content or personal data in response to such a government or regulatory request, unless this is required by law or a valid and binding order of a governmental body.
When we receive these requests, we are committed to notifying you and to taking reasonable steps to redirect any such requests directly to you, unless we are prohibited from doing so by applicable laws. We will also take reasonable steps to establish whether or not we are legally required to respond and to challenge and appeal the request if we believe that there are reasonable grounds to consider that the request is unlawful under applicable laws.
When we are required to respond to a request, we are committed to protecting your privacy, to narrowing the scope of the request, and to providing the minimum amount of information when responding to the request, to the extent this is required under applicable laws.
12.What international transfer mechanism does Tencent Cloud rely on for international data transfers of EU/EEA personal data outside of the EU?
Tencent Cloud conducts data transfers in accordance with applicable laws.
For example, to the extent personal data is transferred outside of the EEA or UK for processing, and where required, we rely on the European Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses) and the UK international data transfer addendum to the European Commission’s standard contractual clauses, in addition to conducting a transfer impact assessment and implementing additional supplementary measures as appropriate.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No