Last Updated: March 29, 2020
Effective : April 5, 2020
Thanks for using Lark products and services. We respect your privacy and are committed to protecting it through our compliance with this Policy.
Lark offers an online, multi-tool business management, efficiency, and communications platform and the standalone applications associated with the Services (the “Platform”), including but not limited to the instant messaging services used to support for sending voice messages, pictures and text, Documents, calendars, chat, creation and cloud storage, audio and video calls, video conferencing, email, Lark Meetings, People and other functions, as well as services that interoperate with other software. The Services and its related services, products, sub-applications within the Services, standalone applications associated with the Services (e.g., Lark Meetings), software program and content are collectively referred to herein as the service (“Services”).
The Services are provided or controlled by (i)Lark Technologies Pte. Ltd.(located at 8 Marina View Level 43 Asia Square Tower 1 Singapore 018960) if you are accessing it outside the US; or (ii) Lark Enterprise Applications Inc.( located at Suite 105, 501 Silverside Road, Wilmington, DE, 19809, Country of New Castle, US) if you are accessing it from inside the US. (“we” or “us”).
Please read the following carefully to understand our approach and practices regarding the processing of your personal data.
How Does This Policy Apply?
Under applicable data protection laws, a party is either considered to be a controller or a processor of data. This is a factual assessment and is determined based on the role and activities of the relevant parties.
(i) If you are using the Services as an individual
If you use the Platform to create a Personal Account or are an individual who has been invited to join a Workplace used for personal not business purposes (a “Personal Workplace”) (collectively an “Authorized User”) or are an individual who has been invited to access the Services without an account (an “IndividualUser”), we will be the controller of the following categories of data:
(ii) If you are using the Services as an Authorized User of a Business Account:
A Business Account is an account owned by (i) a corporate entity or (ii) an individual who uses it for non-personal purposes. If you use the Platform as an Authorized User of a Workplace used and owned by (i) a corporate entity or (ii) a third party who uses it for non-personal purposes (a “Business Workplace”), then we will only be the controller of:
All Workplace Data of a Business Account will be controlled by (i) a corporate entity or (ii) a third party that owns the Workplace (the “Business Workplace Owner”) ,this data is referred to herein as “Business Owner Controlled Data”. The Business Workplace Owner may be a different person or entity than the person or entity who has invited you to the Workplace (“Workplace Creator”), e.g. in an employment context, you may be invited to a Workplace by a colleague but your employer will likely be the Business Workplace Owner. If you are unclear on the identity of a Business Workplace Owner, please contact us.
We will be subject to the instructions of the Business Workplace Owner with regards to our processing of Business Owner Controlled Data. We are, for the purpose of applicable data protection laws, a processor of this data.
If you are an employee who is an Authorized User of a Business Workplace, and cease to be employed by the Business Workplace Owner, the Business Workplace Owner may terminate your access to all Workplaces they control. On termination, Lark will convert your access to a Personal Account and the provisions on “If you are using the Services as an individual” above will apply.
Types of Data We Use
We may collect and use the following types of data when you access the platform or use the Services:
Account Data. You, a Business Workplace Owner or Workplace Creator may give us data regarding the creation or activation of your account on the Platform, including your name, your photo, your business telephone number and your email address, passwords, password hints, and similar security information used for authentication and account access when you access the Platform or use the Services, such as IM chat (instant messaging), group creation, video conference, livestream, message, Lark Meetings and other communication functions. If you only browse and search the introduction of Lark products, functions and services displayed on the our website or if you are a Individual User, you do not need to register as a Platform user and provide the above information.
Workplace Data. We process the content you generate on the Platform and with the Services, including:
Administrative Data. We process data as necessary to administer and provide the Services. This data includes:
Location Data. We process information about your location including location information based on your SIM card and/or IP address. With your permission, we may also collect your location and Global Positioning System (GPS) data according to Customer's instruction. If you refuse to provide location information, you can switch off GPS and location information functionality on your mobile device and Services. If you choose to share your location with us and consent to our use of this data, we may process this information to provide you with relevant services based on location. For the information about the device you are using (such as device model, operating system version, device settings, unique device identifiers, software and hardware characteristics, etc.) where the device is located, based on the specific permissions you grant in software installation and use Location-related information (such as IP address, GPS / Beidou location information, and sensor information such as Wi-Fi access points, Bluetooth, and base stations that can provide relevant information). Please note that individual device information, log information, etc. are information that cannot identify a specific natural person. If we use such non-personal information in combination with other information to identify a specific natural person, or use it in combination with personal information, such non-personal information may be treated as personal information during the combined use. Unless authorized by you or otherwise provided by laws and regulations, we will anonymize and de-identify such personal information.
In order to bring you a better product and service experience, we are constantly working to improve our technology, and we may introduce new or optimized features from time to time.. We will explain to you the purpose, scope, and use of the data and information by updating this Policy, pop-ups, page prompts, etc.. We will always seekyour consent to collect and use any additional information and data in relation to such new features. If you have any questions, comments or suggestions, you can contact us at email@example.com .We will answer your questions as soon as possible.
How We Use Information
We may use ,process, and disclose tothird parties (only to the extent necessary),, Account Data, Administrative Data, Business Workplace Data (including data accessed through your use of a Third Party Integration with Lark Email such as Gmail), Interactions Data and Third Party Data to allow your access to and use of the Platform and the Services. Without prejudice to the purposes already set out above, We may use, process and/or disclose your personal data for the following purposes including:
We may also process Administrative Data in furtherance of our legitimate business interests. In this regard, we will be processing the Administrative Data:
We will only process Location Data for providing location-specific functions and Account Data for the purpose of providing personalized marketing messages, if we have your consent to do so. For example, we use data we collect to deliver promotional communications. You can sign up for email subscriptions and choose whether you wish to receive promotional communications from Lark by email, SMS, physical mail, and telephone. For information about managing your contact data, email subscriptions, and promotional communications, we do not use what you say in email, chat, video conference, or voice mail, or your documents, photos, or other personal files to target ads to you.
If you consent to this form of processing, we will share data with our Business Partners to facilitate the provision of such location services and personalized marketing.
We will process Interactions Data to provide personalized display and other productivity tools depending on your settings. We will use automated software to analyze the historical use, your organization trend and other elements to customize your services experience. For example, we may make suggestions, or rank and display the content based on its relevance to a User. We do not share with advertisers information that can be used to identify you personally, such as your name or email address (unless you ask us to do so).
If we stop operating the services of this Services, we will stop collecting your personal data, notify you in the form of announcement 60 days in advance, and delete or anonymize your personal data possessed by us according to applicable laws.
How We Share Your Personal Data
In order to provide the Services to you, we may disclose your personal data (including data which you choose to share with us through Third Party Integrations with Lark Email such as Gmail) with the following selected third parties including without limitation to those who may be processing your personal data on our behalf for one or more of the purposes stated above and herein:
Service Providers and Authorized third-party vendors
We may disclose your personal data toservice providers who support our business, such as cloud service providers and other technology and authorized third-party vendors(wheresoever located and only to the extent necessary). These service providers and vendors help us provide, administer and support the Services, including research, payment processing and transaction fulfillment, database maintenance, technology services, deliveries, email deployment, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing.
Business Workplace Owners
We will share certain data with Business Workplace Owners only if you are an Authorized User of such Business Workplace Owner.
Third Party Integrations
We may share certain data with Third Party Integrations if you give such Third Party Integrations access to your account and information, and any content you choose to use in connection with those Third Party Integrations.
Our Corporate Group
We may also share your information with other members, subsidiaries, or affiliates of our corporate group, in order to provide the Services including improving and optimising the Services, preventing illegal use and supporting users.
Sale or Merger
We may also disclose your information to third parties in our legitimate business interests:
If applicable, we will also disclose your information to our business partners so that we can make you special offers via the Services with your consent and / or in our legitimate business interests.
We will share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or based on our legitimate business interest if such use is reasonably necessary to:
International Data Transfers: Privacy Shield and Contractual Terms
We maintain servers located in US and your information may be processed on servers located outside of the country where you live. Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we apply the same protections described in this policy. Whenever we process the personal data of European Union or United Kingdom Services users outside of the European Economic Area, we ensure we comply with Model Contractual Clauses, or EU-US or Swiss-US privacy shield frameworks, when required.
Security Of Your Personal Data
We attach great importance to the security of your ersonal data. However, please note that Information you send to us electronically may not be secure when it is transmitted to us.
Security measures we take include adopting encryption techniques such as Transport Layer Security for all data and information stored in our servers or on your terminal devices. We have also received compliance and security certifications such as SOC 2 (which was developed by the American Institute of CPAs), ISO 27001 (information security management system), ISO 27018 (code of practice for protecting personal data in the could) and ISO 27017 (information security controls for cloud services).
Despite our best efforts, you understand that due to technical limitations and various potential malicious attacks, no security measures are perfect or impenetrable and it is impossible to maintain complete security at all times. Therefore, we strongly suggest you take active measures, including but not limited to using a complicated password, regularly changing your password, and avoiding disclosure of your account password or other Information relating to logging in to your account, so as to protect the security of your personadata. We also recommend that you do not use unsecure channels to communicate personal data or other sensitive or confidential information to us.
For detailed information, please visit Lark security center.
We will retain your personal data for the length of time needed to fulfill the purposes outlined in this Policy unless a longer retention period is required, for example to comply with legal obligations or requests or for the establishment, exercise or defense of legal claims, or for legitimate businesses purposes, or as provided by law.
Should you or we terminate your account for any reason, we will take steps to ensure that your personal data is no longer available through the Services, or otherwise used by us, within a reasonable period of time (subject to technical limitations) after such account termination.
Third Party Integrated Services
When you add a third party email account to Lark, you can choose to sync your mail, calendar events, files, contacts, settings and other data from that account to your Lark email feature, and the same will be processed and stored in Lark, and at any time, Lark could sync up dual delivery of data between Lark email and your third party email account.For example, once you authorize Lark Email to access your Gmail, you can check and send your Gmail using Lark Email. When you remove your email account from Lark Email, the content synced from your third party email account will be deleted.If you add an account provided by Business Workplace Owner(such as your employer or other third party email service provider ), the admin of the organizational domain can implement policies and controls (for example, create and delete user account, that can affect your use of Lark Email.We only process your email and other information synced to Lark Email with your authorization, and only to provide and improve the email service to you.We do not use or share the email data for serving ads, including retargeting, personalized, or interest-based advertising, except with your explicit consent.
Information Relating to Children
By accessing the Platform and/or using this Services, you represent that you are at the legal age in your jurisdiction or not under guardianship. If you are below legal age or under guardianship:
If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or guardian(s) is not willing to open the account under their name, you must cease accessing the Services.
We do not seek or knowingly collect any data about children under of the legal age. If we become aware that we have unknowingly collected data about a child under of the legal age, we will make commercially reasonable efforts to delete such information from our database.
Additional Information for Certain Jurisdictions
We may provide additional information about the privacy, collection, and use of personal data of prospective and current user of Lark Services located in certain jurisdictions.
A. California Privacy Rights
This Policy describes how we may share your personal data for marketing purposes. It applies to all users of the Services, including California residents.
If you are a user of the Services and a California resident under 18 years of age, you may request to have your User Content or personal data removed from the publicly viewable portion of the Services by contacting us directly. User Content or personal data may not be removed from our systems or databases. In certain situations, User Content or personal data cannot be removed.
As a California resident, you may contact us with any questions or to request a list of third parties to whom we may disclose personal data for marketing purposes and the categories of Information we may disclose. See “Contact Us” below.
Under the California Consumer Privacy Act (“CCPA”), California residents have the right to know what personal information about them is collected, request deletion of their personal data, opt-out of the sale of their personal data, and not be discriminated against if they choose to exercise any of these rights. Lark does not sell any of the data we collect about you. If you’d like to exercise any of the other rights afforded to you, contact us at firstname.lastname@example.org.
B. Privacy Rights for Services users in the European Union
If you are a user of the Services in the European Union, under the General Data Protection Regulation you have the below rights in relation to your personal data. Where we act as a controller for your personal data, you should contact us to exercise any of your rights. Where we act as a processor, you should contact the Business Workplace Owner to exercise any of your rights.
You have the right to ask us to access the personal data we hold about you and be provided with certain information about how we use your personal data and who we share it with. You also have the right to ask us to correct your personal data where it is inaccurate or incomplete. In certain circumstances, you have the right to ask us to delete the personal data we hold about you:
In certain circumstances, you have the right to ask us to restrict (stop any active) processing of your personal data:
Right to Object
To the extent that Lark’s processing of your personal data is subject to the General Data Protection Regulation, we rely on its legitimate interests, described above, to process your data. You can object to our processing of your personal data based on our legitimate interests and we will no longer process your personal data unless we can demonstrate an overriding legitimate ground.
Right to Withdraw Consent
You have the right to withdraw your consent to our processing of data about you for marketing purposes at any time, and we will stop processing data about you for that purpose.
To exercise any of these rights above, please contact us at email@example.com. In addition, you have the right to complain to the applicable data protection supervisory authority.
You also may access, correct or request deletion of personal data We have about you by logging into your account. You may also request cancellation of your account by contacting us at firstname.lastname@example.org. We’ll take steps to delete your information within a reasonable timeframe, but some information may remain in archived/backup copies for our records or as otherwise required by law.
Please note that these rights are limited, for example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interest reasons or where we are required by law to retain your personal data .
In the event that you wish to make a complaint about how we process your Information, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a complaint with the data protection authority in the country in which you live or work where you consider we have infringed data protection laws.
If you are using our services in Singapore, we will collect, use, disclose and/or process your personal data in accordance with our obligations under the Singapore Personal Data Protection Act 2012 (“PDPA”). For the purpose of this Policy, “personal data” shall have the same definition as under the PDPA, meaning data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which an organisation has or is likely to have access.
Data access and correction
You may request to access and/or correct the personal data currently in our possession at any time by submitting your request to firstname.lastname@example.org.
We will retain your personal data for the length of time needed to fulfil the purposes outlined in this Policy unless a longer retention period is required, for example, to comply with legal obligations or requests or for the establishment, exercise or defence of legal claims, or for legitimate businesses purposes, or as provided by law. After such time, we will take commercially reasonable efforts to ensure that your personal data in our possession or under our control is securely destroyed and/or anonymized.
Should you or we terminate your account for any reason, we will take steps to ensure that your personal data is no longer available through the Services, or otherwise used or processed by us, within a reasonable period of time (subject to technical limitations) after such account termination.
Transfer of Personal Data Outside of Singapore
In circumstances where we may need to transfer your personal data to third parties outside of Singapore, we will ensure that such transfers are compliant with the requirements under the PDPA. In this regard, we will take such necessary measures to ensure that such overseas recipients are bound by legally enforceable obligations (such as data transfer agreements or binding corporate rules where applicable) to ensure that these overseas recipients will provide a standard of protection to your personal data so transferred that is at least comparable to the protection to your personal data under the PDPA.
Disclosure of Personal Data Without Your Consent
Save as permitted under this Policy, we will not disclose any of your personal data to any third parties without first obtaining your express consent. However, please note that we may disclose your personal data to third parties without first obtaining your consent in certain situations as set out in the PDPA, including, without limitation, the following:
D. Indonesia .
If you are using our services in Indonesia, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of this policy, the following terms shall apply.
If you do not have consent from your parent(s) or legal guardian(s) and your parent(s) or guardian(s) is not willing to open the account under their name, you must cease accessing the Services.
You may request Lark to (i) disclose history of personal data that we have collected; and/or (ii)erase and dispose your personal data that we have collected on our server. Please note that by requesting us to erase and dispose your personal data, you may not be able to use some of Lark features and functionality.
To exercise any of your rights, please contact email@example.com.
After you have terminated your use of our Services and the five (5) years retention period has lapsed,we store your information in an aggregated and anonymised format. Non-personally identifiable information may be retained indefinitely for analytics.
E. South Korea.
If you are using our services in South Korea, the following additional terms apply. In the event of any conflict between the following additional terms and the provisions of the main body of this policy, the following terms shall prevail.
If you wish to talk with us about how we process your personal data, please contact us at firstname.lastname@example.org and we will endeavor to deal with your request as soon as possible.
This Policy may be updated by us from time to time to reflect changes to applicable laws, regulations, standards, industry codes or other instruments of a similar nature, or to reflect changes, updates or new features to the Services.We will use commercially reasonable efforts to generally notify all users of any material changes to this Policy, such as through a notice on our Services, however, you should look at this Policy regularly to check for such changes. We will also update the “Last Updated” and “Effective “date at the top of this Policy, which reflects the effective date of such Policy. Your continued access to or use of the Services after the date of the updated Policy constitutes your acknowledgment and agreement that you have read, understood and accepted the terms of the updated Policy. If you do not agree to the updated Policy, you must stop accessing or using the Platform and/or the Services.