Please click on the link below for the contact details of ChinaCache offices and affiliated entities in your jurisdiction: https://en.chinacache.com/contact/.
Questions and Data Protection Officer Contact
In the European Economic Area (“EEA”)—
By post: Data Protection Officer, ChinaCache Networks (UK) Limited, WeWork, 2 Eastbourne Terrace, London, England, W2 6LG
By e-mail: firstname.lastname@example.org
By phone: +44 (20) 3728 1161
Outside of the EEA—
By post: ChinaCache North America, Inc., Attn: Legal Department, 21700 Copley Drive, Suite 300, Diamond Bar, CA 91765, United States
By e-mail: email@example.com
By phone: (toll free) 1-866-998-3399
Although you are not required to provide any personal information on the public areas of our website, you may choose to do so by completing our “Contact Us” and other online communication forms. Should you do so, we may, for example, keep a record of your name, email address, and any other information you voluntarily provide to us.
Additionally, we may collect the following categories of personal information from you in the course of business, including through your use of the website, when you contact or request information from us, when we provide services to Customers for which you are a representative, or when we receive goods and services from suppliers for which you are a representative:
- Identification data, such as name, gender, title, job title, or address.
- Contact information, including your phone number(s) and your email address and perhaps social media account information where applicable.
- Job applicant data, such as identification data and contact information, resumé and other data provided by you or third parties (e.g. recruiters) via email on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertised.
- Legal and regulatory compliance data as required for purposes such as, to the extent applicable to us, know your customer, anti-money laundering, and market abuse regulations requirements, or as part of our Customer onboarding process, which may include detailed due diligence data.
- Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, Customers or suppliers, and Customer feedback.
- Cookie and device data, such as information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting.
We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, Customers, professional advisers, partners, and agents of ChinaCache, third parties with whom we interact, and publicly available sources.
Information we process as described in this Policy may also include information about third parties such as your spouse or co-worker, for example, whose details you supply to us.
A Special Note Regarding Our Customer's Content
Our primary Services enable our Customers to deliver digital content to individuals and entities who desire to access such content (our “Customers' Customers”). For example, if you access a news video from one of our media Customers’ websites, that video content is delivered across our content-neutral transitory network to you as our Customer's Customer. The scope of our Services is subject to the contractual agreements that we enter into with our Customers. Each of our Customers fully controls and is responsible for the content that it permits to be delivered using our network. We have no control over our Customer’s content that is delivered over our network, and we have no direct relationships with the individuals whose personal information our Customers may process through our network. We are merely a conduit by which our Customer delivers content to our Customer's Customers for consumption, and as such, we may “process” (in our case, allowing such data to transit our network without our collection, handling, management or interference with such data) our Customers’ content in accordance with instructions and permissions given to us by our Customers. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate data controlled by our Customer should direct this inquiry to our Customer. If the Customer then requests us to remove copies of the data from our network, we will respond to their request within 30 business days.
Systems Used to Process Data
We gather information directly from you and also via our websites and other technical systems. These may include, for example, our:
- computer networks and connections
- communications systems
- email and instant messaging systems
- intranet and Internet facilities
- telephones, voicemail, mobile phone records
- other relevant systems and other hardware and software owned, used or provided by or on behalf of us.
We may use your personal information for the following purposes and, for each purpose, based on the following legal grounds:
- Administration of Customer and supplier relationships – we use identification data, contact details, and other service data, including for the processing of invoices, the updating of Customer records, and the management of our supplier relationships. This processing is necessary to perform our contracts with our Customers and suppliers.
- Addressing Customer, prospective Customer and supplier inquiries/feedback – we use identification data, contact details, and other service data for this purpose. This process is necessary to perform our contract with our Customers and suppliers. It may also be necessary for our legitimate interests to establish or maintain a relationship with our Customers and suppliers; it is also in your interest to receive a response from us when you contact us.
- Sending relevant marketing messages and inviting you to events/seminars – we use identification data, contact details, cookie and device data, and mailing list data to communicate with our Customers through their representatives by way of email alerts and other communications to provide our Customers with information about our Services that may be of interest. This processing is necessary for our legitimate interest to send our Customers tailored marketing messages and Customer information.
- Improving our website – we use cookie and device data and statistical analysis to improve the functionality and user-friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and Services to you.
- Keeping our website and IT systems and processes safe – we use identification data, contact details, cookie and device data, and other service data. This processing is necessary to perform our contract with our Customers and suppliers and to ensure the security and confidentiality of your data. It is also necessary for our legitimate interests to prevent illegal activities, including fraud and unauthorized access, which could harm you and us.
- Complying with legal or regulatory inquiries/requests – we may use identification data, contact details, cookie and device data, for legal and regulatory compliance purposes (gathering information, for example, as part of investigations by regulatory bodies or in connection with legal proceedings or requests), including for (a) anti-money laundering or fraud detection purposes, (b) completion of statutory returns, (c) fulfillment of the Company's contractual obligations, (d) ensuring business policies are adhered to, (e) operational reasons, such as recording transactions, training and quality control, (f) ensuring the confidentiality of commercially sensitive information, (g) security vetting, (h) credit scoring, and (i) checking investigating claims, complaints and allegations of criminal offenses. This processing is necessary for the purpose of complying with legal requirements that apply to the Company.
- Publishing of testimonials from you as a representative of one of our satisfied Customers - we may use Customer-provided information or information that you provide to enable us to display personal testimonials of individual representatives of satisfied Customers on our website or other media. This processing is necessary for our legitimate interest to substantiate the usefulness of our Services to prospective Customers.
We may share your personal information with the following categories of recipients:
- amongst the group of ChinaCache entities in order to provide our Services to our Customers;
- our suppliers that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, customer relationship management databases and other cloud-based solutions, third party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third party venues in which we may host events. We contract with such suppliers to ensure that they process your personal information only under our instructions and ensure the security and confidentiality of your personal information by implementing the appropriate technical and organizational measures for such processing;
- any law enforcement, regulatory, or government agency requesting personal information in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal information to establish or protect the Company's legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims;
- with members of the public who visit our website in the case of our display of personal testimonials of individual representatives of satisfied Customers on our website or other media.
We may send you direct marketing messages including by way of email alerts provided that we have a lawful ground to do so. If you no longer wish to receive our email marketing or general information communications, to be part of a mailing list, or to receive any marketing communications, you can opt-out of such communications at any time by clicking on the unsubscribe link in the relevant communication or contacting us in the EEA at firstname.lastname@example.org and outside of the EEA at email@example.com.
If you are in the EEA, you have the following rights, which can be exercised free of charge:
- Access. You have the right to request a copy of the personal information that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
- Rectification. You have the right to require the correction of any mistake in the personal information, whether incomplete or inaccurate, that we hold about you;
- Deletion. You have the right to require the erasure of personal information concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable);
- Portability. You have the right to receive the personal information concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
- Objection. You have the right to (i) object at any time to the processing of your personal information for direct marketing purposes and (ii) object to our processing of your personal information where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
- Restriction. You have the right to request that we restrict our processing of your personal information in certain circumstances, such as when you contest the accuracy of that personal information;
- Withdrawal of consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. "Explicit consent" would be required if the Company relies on consent as the condition to lawfully process "special categories of personal data," as defined in the GDPR.
If you are in the UK and would like to receive further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as the Information Commissioner's Office ("ICO") in the UK or la Commission Nationale de l'Informatique et des Libertés ("CNIL") in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in the EEA countries.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where data may be exempt from disclosure due to professional secrecy obligations.
If you are in the EEA and would like to exercise any of those rights, please:
- Email us at firstname.lastname@example.org;
- Provide enough information to identify yourself (e.g., name, email address, etc.);
- Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
- Provide the information to which your request relates.
EEA Standard Contractual Clauses
ChinaCache offers a Data Protection Addendum (to be added to agreements executed with Customers and/or suppliers) based on the European Union Model Clauses, also known as Standard Contractual Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of Customer Data. A copy of our standard Data Processing Addendum, incorporating Model Clauses, is available here. Please contact us at email@example.com for a copy of information regarding our current subprocessors in the EEA.
Disclosures and Exchange of Information and Transfers Outside the EEA
We may disclose and exchange information amongst our affiliate companies and to our credit reference agencies, service providers, representatives and agents, as well as with law enforcement agencies and regulatory bodies for the above described reasons.
Information may be held at our offices and those of our group companies, and third party credit reference agencies, service providers, representatives and agents as described above. Information may be transferred internationally to China and other countries around the world, including those without data protection laws equivalent to those in the EEA, the UK, or the US for the reasons described above. We have security measures in place to seek to ensure that there is appropriate security for information we hold, including those measures detailed in our information security and data protection policies, which are available on request. International data transfers outside the European Economic Area are protected by Standard Contractual Clauses, as per GDPR article 46(2).
If you would like further information please contact our Data Protection Manager (see above). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Notice to California Residents
In compliance with the California Civil Code Section 1798.83, residents of California are hereby notified that our website, our services and the appertaining personal data are safeguarded by us. Our users can obtain certain information about the personal data we may have access to, including disclosure thereof with third parties for direct marketing purposes (e.g. names and addresses of those third parties, types of services or products marketed thereby) (if we ever engage in such marketing). We note that we do not currently provide any information regarding our Customer contacts to any third parties for the purposes of direct marketing. If you wish to request a copy of your information disclosure, please contact us via email at firstname.lastname@example.org.
California Online Privacy Protection Act
The California Consumer Privacy Act (CCPA) of 2018 (Effective January 1, 2020)
California residents may submit a data access request to us via email to email@example.com, or by contacting us at our toll free phone number: (866) 998-3399 (Cal. Civ. Code § 1798.130(a).
If you are a California resident, you may request that we delete any personal information about you that we have collected from you. If you have not given us any personal information about you, there is no reason for you to contact us to request that we delete such information. If you request that we delete such information about you, we will comply with applicable requirements regarding the deletion of such information. However, if you are a representative of one of our Customers or suppliers, you may need to provide us with the contact information of another representative of our Customer, or supplier as applicable, in order that we can perform our contractual commitments to our Customer, or supplier as applicable, and otherwise perform our Services and the functions detailed in this Policy.
WE DO NOT KNOWINGLY COLLECT PERSONAL INFORMATION OF CHILDREN UNDER 13. Protecting the privacy of young children is especially important. For that reason, we do not knowingly collect or maintain personally identifiable information from persons under 13 years–of–age. If we learn that personal information of persons less than 13–years–of–age has been collected on or through our website, then we will take the appropriate steps to delete this information. If you are the parent or legal guardian of a child under 13 who uses our website, then please contact us at firstname.lastname@example.org to have that child’s information deleted. The following are some resources that may help parents and legal guardians in monitoring and limiting their children’s access to certain types of material on the Internet. While we do not endorse these resources, we provide information about them as a public service to our community.
- “OnGuard Online,” maintained by the Federal Trade Commission
- The Child Safety Network
- Control Kids
- Cyber Sitter
- Net Nanny
China Cybersecurity Law
We endeavor to take all reasonable steps to protect your personal information, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
While our offices in the United Kingdom are (currently) in the EEA, not all of our offices are in countries that have the same data protection laws as the United Kingdom and the EEA. When we transfer personal information from within the EEA to countries located outside the EEA (including the United Kingdom) that have not received an adequacy decision from the European Commission, including within ChinaCache offices and affiliated entities and with our service providers, we have implemented adequate safeguards to appropriately protect such transfer of personal information, including on the terms of a valid data transfer agreement incorporating the European Commission's standard contractual clauses or as permitted under applicable data protection laws. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused. You may ask for further information on the safeguards that we have put in place to safeguard the transfer of your personal information to countries outside of the EEA by contacting one of our Data Protection Officers as noted above.
Our website uses certain tags, log files, web beacons, and similar tracking technologies from third parties (collectively, "cookies"), of which you should be aware. These mechanisms indirectly or passively collect certain information about your use and interaction with our Site and when you use our Services, as detailed below.
“Log Files”: When you visit our website, our systems automatically maintain web logs to record data about all visitors who use our website and stores this information in our database. These web logs may contain information about you including the following: IP address, type(s) of operating system(s) you use, type of device you use, date and time you visited the website, your activity and/or referring websites. We use your log information to troubleshoot problems, gather demographic information, and customize your experience when accessing our Site.
“Flash Cookies”: Flash cookies are similar to the cookies described above, and are created when you use your flash-based video player. Flash cookies are stored in your video player’s cache memory. Flash cookies may or may not be removed the same way that cookies are removed. Please review your video player’s “Help,” “Tools” and or “Options” files to learn more about the proper way to modify your Flash cookie settings. Our Flash cookies may be linked to personal information. Some of our business partners (e.g. advertisers) use Flash cookies and other tracking technologies on our site. We have no access to or control over these Flash cookies and other tracking technologies. This Policy covers the use of Flash cookies by us only, and does not cover the use of Flash cookies by any third parties. More information about Flash cookies is available on the Adobe website.
Notification of Changes
Last updated: October 2019