Last updated: January 10, 2025
Update Summary
We added descriptions of the InstantWeb and the processing of personal information in connection with the engine.
Thank you for using System Messages. Developed and operated by HEYTAP PTE. LTD. ("we", "us", or "our", registered at 138 MARKET STREET #15-03 CAPITAGREEN SINGAPORE 048946), System Messages (the "App") provides third-party apps with fundamental services such as the System Messages feature and InstantWeb.
During your use of our accounts, websites, mobile apps, or other products or services, we may collect and use your personal information. In this System Messages Privacy Notice (this "Privacy Notice"), "personal information" or "personal data" refers to all information that can be used alone or in combination with other information to identify a natural person.
This Privacy Notice explains how we process your personal information, the purposes for which we collect, use, and disclose your personal information during your use of System Messages, your rights to your personal information, and the security measures we use to protect personal information.
Before using the feature, please carefully read this Privacy Notice to understand our practices regarding the collection, use, and protection of personal information. By tapping "Agree" to launch System Messages, you acknowledge that you fully understand the terms below regarding the collection and use of personal information and your rights.
The general terms in Part A apply to you, regardless of your location. Part B only applies to users located in the European Union, Liechtenstein, Norway, the United Kingdom, or Switzerland ("Europe"). Part C only applies to users who are residents of California, Nevada, Colorado, Connecticut, Virginia, or Utah, USA, and provides more details about personal information to meet the disclosure requirements under the laws of these states. Part D only applies to users located in India.
In principle, this Privacy Notice applies to all jurisdictions where we provide services through the App as we have declared herein. However, different jurisdictions may have different requirements regarding personal information protection. Therefore, in addition to the "General Terms", we make disclosures through region-specific terms appended to this Privacy Notice to meet the special requirements of different jurisdictions. The appendices, along with the main part of this Privacy Notice, constitute our notice of personal information processing in specific jurisdictions. If you are in a region listed in one of the appendices, you should also read the appendix applicable to your region. Unless otherwise specified in the appendices, the general terms of this Privacy Notice prevail. In the event of any conflict or inconsistency between an appendix and the main part of this Privacy Notice, the appendix prevails.
This Privacy Notice is divided into the following sections:
A. General Terms
B. Appendix: Europe-Specific Privacy Notice (GDPR-based Terms)
C. Appendix: U.S. State-Specific Terms
D. Appendix: India-Specific Privacy Notice (DPDPA-based Terms)
Body
A. General Terms
1. How We Collect and Use Your Personal Information
The information we collect depends on the context of your interactions with us and the choices you make, including your privacy settings. The features or services provided by the App may vary by country or region, the operating system or app versions in use, and the apps installed or downloaded on a device. Therefore, the features or services actually provided by the App, the processing of personal information, and the required app permissions are subject to the device you use.
You are not obliged to provide personal information to us. If you choose not to provide the personal information necessary for the App to provide the required services, we may not be able to provide you with such services, nor will we be able to respond to or deal with any problems you may encounter. We collect personal information to operate more efficiently and provide you with the best possible user experience. The following describes in detail what personal information we collect as well as how and why we collect and use such information.
We collect information about you in three primary ways:
• directly from you;
• automatically from your use of the App; and/or
• from third parties.
If the following clauses explicitly state that your relevant information is only kept locally, then the information is only collected and processed locally on your device and it will not be uploaded to our servers, which means such information is not bound by this Privacy Notice. This is to address any privacy concerns you may have and provide transparency about our processing of personal information.
Please note that if you provide other people's personal information to us, you must ensure that you have obtained their authorization.
1.1 App features, personal information we collect and use, and intended purposes
The System Messages APK file provides you with fundamental services, including the System Messages feature and InstantWeb.
System Messages
The System Messages feature will collect and process your personal information for the following purposes:
To provide you with push service and send you notifications about software updates or new product launches (including but not limited to marketing messages about our and relevant third-party products or services), you agree that we can temporarily store messages obtained from the concerned developers and collect information relating to your device (such as device identifier, User ID, Android ID, Google Advertising ID, region and language settings, device model, and operating system version), information about the apps using push service (such as the app package names), network-related information (such as IP or domain name and network type), message sending results, notification status (such as the Notification permission and your interactions with notifications), and Lock screen status (such as whether the screen is locked and whether Lock screen notifications are allowed).
InstantWeb
The InstantWeb provides you with enhanced H5 and RPK running performance. In the course of providing you with services, we need to collect information relating to your device (such as the VAID and User ID) to improve the stability of the engine.
Product feature optimization
System Messages, InstantWeb,and other features of the App need to collect event-tracking information in order for us to optimize our products and services. Event-tracking information mainly includes the following: device identifier, device-related information (including device brand, device model, sales region, and network type), system and app information (including your system version, app versions, and app package names), categories of event-tracking data, GAID (encrypted), behavioral data (including taps, impressions, and app launches), data about cross-app launches, returned event-tracking data, cache data, device status, records of your use of the aforementioned features, and feature usage stats.
1.2 Cookies and other similar tracking technologies
Currently, the App does not use cookies or any other similar technologies to collect or store user preferences or any information about you.
2. How We Store and Retain Your Personal Information
Pursuant to laws and regulations, we will retain your personal information for the minimum period needed to provide you with products and/or services. We will delete or anonymize your personal information upon the expiration of the retention period or when it can be deleted unless otherwise provided by applicable laws or regulations.
If we discontinue the operations of some or all of our products or services for any special reason, we will promptly inform you and cease to collect and process your personal information in connection with such products or services. We will also delete or anonymize such information that we hold unless otherwise specified by laws and regulations.
2.1 How long we store your personal information
Pursuant to laws and regulations, we will retain your personal information for the minimum period necessary to provide you with products or services. For example, when a third-party app pushes a message to you, we will need to collect the information about your device. Once you have provided us with such information and while you are using this feature, we will need to retain the information in order to deliver the feature as intended and to ensure that the message from the third-party app is successfully sent to your phone.
After you take the initiative or ask us to delete your personal information, we will delete or anonymize your personal information as soon as possible in accordance with laws and regulations unless otherwise specified by laws and regulations.
We determine the minimum retention period mainly based on the following: (1) The purposes for which the personal information is processed have been fulfilled or are unable to be fulfilled, or the processing becomes unnecessary due to business changes or discontinuance; (2) It is necessary for us to maintain relevant transaction and activity records to address your information query requests or complaints you might raise in the future; (3) You authorize us to retain the personal information for a longer period; and (4) Laws or administrative regulations have otherwise specified the retention period for personal information.
If, during your use of this Platform, your actions constitute a serious violation of laws, regulations, agreements, policies, or rules relating to this Platform, the records of your violations, as well as your credit records from relevant platforms and personal information, will be retained for the maximum period permitted by law.
If we stop some or all of the services of this Platform for special reasons, we will publish an announcement on this Platform at least 30 days in advance, and we will stop collecting your personal information and no longer use it for commercial purposes. Within the minimum time limit permitted by laws and regulations, we will delete or anonymize the personal information we hold that relates to this Platform, unless otherwise specified by laws and regulations.
2.2 Where we store your personal information
As a company operating globally, we provide products and services through our resources and servers around the world. For the purpose of ensuring the quality of our services (such as to ensure processing speed) and subject to local data protection laws, we will store your personal data based on the area where your phone is purchased or the region set for your phone. Our data centers are located in Russia, Singapore, France, the United States, and India. This means that your personal information may be transferred to or accessed from a jurisdiction outside the country or region where you use the relevant products or services.
You understand that there are different risks under different data protection laws. We will take measures to ensure that the data collected by us is processed in accordance with this Privacy Notice and applicable laws, and that, when your personal information moves across borders, it is as well protected as it is in the country or region where you use the relevant products or services. For example, we will obtain your consent to the cross-border transfer of your personal information or take security measures such as encryption, de-identification, or entering into a necessary data transfer/sharing agreement with the recipient of your data before transferring your data across borders.
3. How to Exercise Your Data Subject Rights
We respect your rights to your personal information, and we do our best to protect your rights. We provide a variety of secure and convenient ways for you to configure privacy settings and manage personal information, thus ensuring the security of your personal information. Please note that the settings may vary by device model, operating system version, and App version. In addition, we may adjust the settings from time to time to improve your user experience. Therefore, the operation paths described below are for your reference only. If you have any questions regarding the operation paths or ways of exercising your rights, you can contact us as set forth in "Contact Us" of this Privacy Notice. Refer to the information below for your rights to your personal information.
3.1 Right to be informed
We inform you of how we process and protect your personal information by publishing this Privacy Notice. We are committed to staying transparent about how we use your personal information. You can regularly check this Privacy Notice, receive emails and SMS messages that contain a description of the updates to this Privacy Notice, and contact us in the manner disclosed in this Privacy Notice to learn about our collection and use of your personal information.
3.2 Right of access
You have the right to view your personal information by contacting us as set forth in "Contact Us".
3.3 Right to rectify
If you find that any of your personal information processed by us is inaccurate or incomplete, you have the right to request that we correct or complete it. You have the right to correct your personal information by contacting us as set forth in "Contact Us".
3.4 Right to erasure
You have the right to delete your personal information you have provided to us by contacting us as set forth in "Contact Us".
3.5 Right to change the scope of authorization or withdraw consent
The performance of each service function requires certain basic personal information (see the "How We Collect and Use Your Personal Information" section of this Privacy Notice). You can either change the scope of the personal information you authorize us to continue to collect or withdraw your authorization by deleting information, turning off app permissions, changing settings on the product or feature settings page, or using other methods. Specifically:
You can go to "Settings - Notifications & status bar - App notification settings" to disable certain app notifications and prevent the app from pushing messages to you again.
3.6 Right to get a copy of your personal information
You have the right to request that we provide a copy of the personal information you provided to us or transfer the copy to a third party you designated. If you need a copy of your personal information, please contact us as set forth in "Contact Us" of this Privacy Notice and send us a request. We will provide you with a copy in a timely manner.
3.7 Right to complain
You have the right to file a complaint by contacting us as set forth in "Contact Us".
You have the right to lodge a complaint with the competent supervisory authority regarding our personal information protection practices or file a lawsuit in a court with jurisdiction. However, we hope that we have the opportunity to solve your concerns or issues before you contact relevant authorities, so please first contact us directly.
4. How We Protect Minors' Personal Information
We greatly value our obligation and responsibility to protect the personal information of children. We strive to create a healthy cyber environment for them and make extra efforts to protect them. We treat anyone under the age of 18 (or a similar minimum age of full legal capacity defined in the jurisdiction concerned) as a child. Most of the features and services provided by the App are intended for adults, not for children. We do not provide services directly to children. Please note that due to technical limitations and other objective factors, the App may not be able to actively identify the age of users.
According to applicable laws and regulations, if you are a child, you must obtain the consent of your parent or another guardian before using the App, and be sure to carefully read this Privacy Notice together with them. If you are the guardian of a child, before assisting the child in using the App, you must carefully read both the Children's Privacy Statement (if any) and this Privacy Notice. Please note that children are not allowed to use the App without the consent of their parents or guardians.
We do not actively collect, store, use, transfer, or disclose children's personal information, let alone use their personal information for marketing purposes. If you are a child, or if you are a parent or guardian of a child, or if you otherwise find that any information we processed may contain the personal information of a child, please contact us in the manner disclosed in this Privacy Notice. We will try to delete the relevant data as soon as possible.
5. Contact Us
To learn more about how we protect your personal information, please refer to the Privacy Notice (https://brand.heytap.com/en/privacy.html).
If you have any questions, suggestions, or complaints regarding this Privacy Notice or our privacy practices, you can contact us or our data protection officer as set forth below. We will verify your identity and respond within the stipulated time limit in accordance with local laws and regulations. This time limit may be extended when necessary due to factors including the complexity of requests, large volumes of individual requests, and technical feasibility.
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html
Name of data protection officer: Kenneth Kwek
Address of data protection officer: 7500A Beach Road, The Plaza, #09-324, Singapore 199591
B. Appendix: Europe-Specific Privacy Notice (GDPR-Based Terms)
This Part only applies to users located in the European Union, Liechtenstein, Norway, the United Kingdom, or Switzerland ("Europe").
GDPR divides roles in personal data processing into data controller and data processor. A data controller refers to a natural or legal person, public authority, agency, or any other body that, alone or together with others, determines the purposes and means of processing personal data. (It is almost the same concept as the personal information processor in Part A "General Terms"). A data processor refers to a natural or legal person, public authority, agency, or any other body that processes personal data on behalf of a data controller. (It is almost the same concept as the party that is entrusted to process personal information described in Part A "General Terms"). If you are a user located in Europe, HEYTAP PTE. LTD. acts as the "data controller" as defined in the General Data Protection Regulation (GDPR) and is able to determine the purpose for which your personal information is collected and processed and to process your personal information in compliance with this Privacy Notice and applicable terms in the GDPR.
In this Part, personal data, the same as personal information in Part A, refers to any information relating to an identified or identifiable natural person. Personal data of special categories, or sensitive personal data, refers to personal data that reveals the racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union memberships of a natural person, as well as genetic data, biometric data, and health-related data that are processed to uniquely identify a natural person and data concerning a natural person's sex life or sexual orientation.
1. Legal Bases for Processing Personal Information
The legal bases for the processing of your personal information described in the "How We Collect and Use Your Personal Information" section, are as follows:
(1) We have obtained your express consent in advance, which you can withdraw at any time;
(2) Information processing is necessary for us to enter into a contract or perform the contract concerning our products and/or services;
(3) The processing of relevant personal information is indispensable for fulfilling our legal obligations;
(4) Disclosing your personal information is necessary for the purpose of the legitimate interests pursued by us or a third party. We will process your personal information on this lawful basis only after balancing our or the third party's interests against your privacy rights.
2. Scope of Personal Information We Process and the Purposes
In Europe, we provide the System Messages app on our devices.
When you use the App, we may collect, use, or disclose your personal information for the purposes and procedures below or for other reasonably related purposes:
| Processing purpose | Personal information we collect | Legal bases |
|---|---|---|
| Message Push Service | Messages obtained from the concerned developers, information relating to your device (such as device identifier, User ID, Google Advertising ID, region and language settings, device model, battery level, and operating system version), information about the apps using push service (such as the app package names, version numbers, and running status), the push SDK's version number, network-related information (such as IP or domain name and network type), message sending results, notification bar status (such as the Notifications permission and your interactions with notifications), and Lock screen status (such as whether the screen is locked and whether lock screen notifications are allowed) | Marketing messages: Your consent or protecting the legitimate interests of the concerned developers Service messages: Performance of the contract between the developers and you |
3. Global Transfers of Your Personal Information
We determine your location based on the country/region you have selected in "Settings - Language and region". If you have not selected the country/region, we will determine your location based on the country/region where you purchased your phone.
In principle, personal information generated and collected in the European Union will be stored in the European Union. Where your personal information is transferred to a country or region outside the European Economic Area (EEA), we will take the necessary security measures. For example, we will ensure that:
The recipient is located in a country that the European Commission has, through an adequacy decision, recognized as providing adequate protection;
The recipient has signed a contract in accordance with the "Standard Contractual Clauses" issued by the European Commission, requiring them to protect your personal information; or
In the absence of appropriate safeguards, we will obtain your express consent for the transfer of your personal information. In addition, we will use techniques such as encryption or de-identification to protect your personal information.
For more information about the safeguards relating to personal data transfers outside Europe, please submit your request through:
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html.
4. Your Rights Regarding Personal Data
According to the GDPR, you have the following rights and can send us your request through the Data Subject Rights Platform at https://brand.heytap.com/en/privacy-feedback.html.
4.1 Right of access
We inform you of how we process your personal information by publishing this Privacy Notice and, where required by laws and regulations, by posting a notice or contacting you by SMS or email. We are committed to staying transparent about how we use your personal information.
4.2. Right to rectification
If you find that the personal data we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications without undue delay and to request the supplementation of your personal data where appropriate.
4.3 Right to erasure
You have the right to request that we delete the personal information you have provided to us.
4.4 Right to restrict processing
In certain cases, for example, when you contest the accuracy of your personal data, you are entitled to request that we restrict the processing of your personal data so that we can verify its accuracy. We will keep enough data or process such data as necessary to ensure that we will comply with your restriction requests in the future.
4.5 Right to object
You are entitled to object, on grounds relating to your particular situation, at any time to any processing based on your legitimate interests. Should you decide to object to the processing, we will stop processing the personal information concerning you, unless we can demonstrate compelling reasons for continued processing that override your interests, rights, and freedoms, or in the case that we establish, exercise, or defend our legal claims. You can object to direct marketing activities at any time for any reason.
4.6 Right to data portability
You are entitled to obtain a copy of your personal data in a structured, commonly used, and machine-readable format and transmit such data to another provider. In certain circumstances, you can transmit your personal data to any other provider.
4.7 Right to change the scope of authorization or withdraw consent
If we process your personal information based on your consent, you have the right to withdraw your consent at any time, and we will stop processing your personal information immediately. For example:
You can go to "Settings - Notifications & status bar - App notification settings" to disable certain app notifications and prevent the app from pushing messages to you again.
4.8 Right to complain
You have the right to lodge a complaint with the national data protection authority in your country about the ways we process your personal information. You can go to https://edpb.europa.eu/about-edpb/about-edpb/members_en to view information about the local data protection authority in your country or region.
We will respond to your complaint as soon as possible. In general, we will respond within one month following the receipt of your complaint. (If the complaint is overly complex or requires large amounts of personal information, we may extend this time limit by two months when necessary or permitted by law. In such cases, we will notify you of the reason for the extension within a month of receiving your complaint.) If you are not satisfied with our response, you can file a lawsuit with the supervisory authority in your jurisdiction.
5. Contact Us
If you have any questions, suggestions, or complaints regarding this Privacy Notice or our privacy practices, you can contact us, our representative, or our data protection officer by going to https://brand.heytap.com/en/privacy-feedback.html.
If you are located in Europe, you can contact our European representative OROPE Germany GmbH.
Postal address: Graf-Adolf-Platz 15, 40213, Düsseldorf, Germany
If you are located in the UK, you can contact our UK representative Unumplus Limited.
Postal address: 7 Albert Buildings, 49 Queen Victoria Street, London, United Kingdom, EC4N 4SA
C. Appendix: U.S. State-Specific Terms
Part C only applies to users who are residents of California, Nevada, Colorado, Connecticut, Virginia, or Utah, USA, and provides more details about personal information to meet the disclosure requirements under the laws of these states.
1. Categories of Personal Information We Process and Use
Personal information falls into the following categories according to the laws of the above-mentioned states:
| Category | Example |
|---|---|
| A. Identifiers | Name, alias, postal address, unique personal identifier (such as ID number, unique pseudonym or alias, device identifier, cookies, beacons, pixel tags, mobile advertising ID or similar technology, and other persistent or probabilistic identifiers), online identifier, Internet Protocol ("IP") address, email address, account name, driver's license number, passport number, and other similar identifiers. |
| B. Customer records information under California's Customer Records Act (Cal. Civil Code § 1798.80(e)) | Signature, phone number, ID card number, bank account number, credit card number, debit card number, or any other financial information. |
| C. Characteristics of protected classifications under California or federal law | Age, gender identity, etc. |
| D. Commercial information | Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. |
| E. Biometric information | Any biological or behavioral characteristic that can be used to authenticate the individual's identity, such as a fingerprint or a face image that is used to create a faceprint. |
| F. Internet or other electronic network activity information | This includes but is not limited to browsing history, search history, and information regarding an individual's interaction with our services or System Messages or third-party websites, apps, or ads. |
| G. Geolocation data | Geographic location information about a particular individual or device, including the precise location collected with the individual's consent. |
| H. Sensory data | Audio, electronic, visual, thermal, or other similar information. |
| I. Professional or employment-related information | Current or past work experience. |
| J. Non-public education information under the FERPA (20 U.S.C. § 1232g; 34 CFR Part 99) | Educational records maintained by an educational institution or a party acting on its behalf that relate directly to a student, such as a student's academic transcripts and identification number. |
| K. Inferences | Inferences drawn from any of the information mentioned above to create a profile reflecting an individual's preferences, characteristics, psychological trends, predispositions, and behavior (such as data related to the personalized ads delivered to the individual). |
| L. Sensitive personal information | Government-issued identifiers (such as driver's license, state identification number, or passport number), login credentials (username, account ID, or card number, any of which is combined with the required access/security code or password), precise location, and the text of letters, emails, and SMS messages (unless we are the intended recipient). |
According to the laws of the above-mentioned states, we must provide the following details regarding the information that we collect from the residents of those states. The information we collect depends on the context of your interactions with us and the choices you make, including your privacy settings and the products and features you use.
We may use (and may have ever used in the twelve (12) months prior to the effective date of this Privacy Notice) the aforementioned categories of personal information for one or more of the purposes stated in this Privacy Notice, or for one or more of the following purposes.
Without informing you, we will not collect other categories of personal information about you (other than as set forth above or else in this Privacy Notice) or use the personal information we collect for materially different, irrelevant, or incompatible purposes.
In the United States, we need to collect the following categories of personal information to provide you with the Message Push Service.
| Category of personal information | Source | Purpose | Disclosure to third parties |
|---|---|---|---|
| Messages obtained from the concerned developers, information relating to your device (such as device identifier, User ID, Google Advertising ID, region and language settings, device model, battery level, and operating system version), information about the apps using push service (such as the app package names, version numbers, and running status), the push SDK's version number, network-related information (such as IP or domain name and network type), message sending results, notification bar status (such as the Notifications permission and your interactions with notifications), and Lock screen status (such as whether the screen is locked, and whether lock screen notifications are allowed) | Obtained from the concerned developers or directly collected by us | To send push messages | N/A |
2. Disclosure, Sale, and Sharing of Personal Information
According to the law in California, "share" means sharing, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to a third party for cross-context behavioral advertising, whether or not for monetary or other valuable consideration.
We do not sell or share your personal information (we collected in the past 12 months) with any third parties for commercial purposes. If we intend to sell your personal information in the future, we will notify you in advance through this appendix, and respect your right to restrict and refuse such action.
3. Your Rights Regarding Personal Data
You may have the following privacy rights as a consumer. Please note that these rights are not absolute and may be subject to conditions or limitations.
(1) Right to access and data portability. You have the right to know and access the categories and specific information we collect about you, the sources from which we collect such information, the purposes for our collection of such information, and the types of third parties with which the personal information is shared. Where technically feasible, we provide you with such personal data in a structured, commonly used, and machine-readable format so that you can transmit it to another entity.
(2) Right to request. You have the right to request information regarding our disclosure of personal data to third parties for business purposes.
(3) Right to rectify. You have the right to correct inaccurate personal data that we may hold about you.
(4) Right to erasure. You have the right to request the erasure of your personal data, except in cases where certain exceptions apply.
(5) Right to opt-out. You have the right to opt out of the sale or sharing of your personal data with third parties.
(6) Right to limit the use of sensitive personal information. We do not use or collect sensitive personal information to infer user characteristics, so this right does not apply.
(7) Right to not be discriminated. You have the right to non-discrimination for exercising any of the above rights.
Making a Shine the Light request
The Shine the Light law (Cal. Civ. Code § 1798.83) allows residents of California who use our services to request: (1) the list of personal information categories we shared with third parties for direct marketing uses in the last calendar year, and (2) the identities of such third parties.
If you have any questions, suggestions, or complaints regarding this Privacy Notice or our privacy practices, you can contact us as set forth below:
Data Subject Rights Platform: https://brand.heytap.com/en/privacy-feedback.html
Before handling your request, we need to verify your identity and confirm that you are a resident of California, Nevada, Colorado, Connecticut, Virginia, or Utah, USA. To verify your identity, we usually need to verify your account or match the personal information you provide in your request with the information we hold about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your email address, phone number, and/or the date of the last transaction made on our services.
In some cases, we may reject requests to exercise the rights described above, particularly if we are unable to verify your identity or locate your information in our systems. If we are unable to satisfy all or parts of your requests, we will explain the reasons for refusing to satisfy the requests.
We do not use your personal information for sale or sharing, so your right to opt out of the sale or sharing of personal information for targeted advertising does not apply in this case.
4. Submitting a Request Through an Authorized Agent
In some cases, to the extent that we can verify the permission given to an authorized agent to act on your behalf, you can designate an authorized agent (a term defined by the California Consumer Privacy Act of 2018) to act on your behalf to submit a request using the method set forth in this Privacy Notice.
For a request to know about, delete, or rectify personal information we hold about you, we need the following information for identity verification:
(a) An authorization letter from you or your authorized agent that is valid under California laws; or
(b) Sufficient evidence to indicate that you have: 1) provided the authorized agent with a signed license to act on your behalf; and 2) verified your identity directly with us as set forth in this Privacy Notice; or directly confirmed with us that you have granted permission to your authorized agent to submit the request on your behalf.
For requests to opt out of "selling" or "sharing" personal information, we require a signed license certifying that the authorized agent has authorization to act on your behalf.
D. Appendix: India-Specific Privacy Notice (DPDPA-based Terms)
This appendix applies only to users located in India.
You understand that this appendix has been prepared in accordance with the Digital Personal Data Protection Act (DPDPA) of India and the relevant personal data protection laws. DPDPA defines two roles for data processing: data fiduciary and data processor. A data fiduciary refers to any entity that, alone or together with others, determines the purposes and means of processing personal data. (It is almost the same concept as the personal information processor described in Part A "General Terms"). A data processor refers to any entity that processes personal data on behalf of a data fiduciary. (It is almost the same concept as the party that is entrusted to process personal information described in Part A "General Terms").
In general, we act as a data fiduciary to process your personal data. However, there might be third parties involved in providing the Message Push Service. You understand that in some cases, such third parties may have separate purposes and means of processing your personal data and that they will constitute independent data controllers and process your personal data independently.
1. Personal Data We Collect and the Purposes of Data Processing
In India, we provide the Message Push Service feature.
We collect your personal data only for the purposes of providing services relating to System Messages to perform the relevant functions.
Please note that your consent is not required for the processing of your personal data in the following circumstances:
(1) Where you voluntarily provide the data to us for a specific purpose without giving an express representation that you object to our processing of such data;
(2) As necessary for the country and its agencies to provide or issue prescribed subsidies, benefits, services, certificates, and licenses to you;
(3) As necessary for the country or its agencies to perform their functions under the laws currently in force in India, or in the interests of safeguarding the sovereignty, integrity, and national security of India;
(4) As necessary for any person to fulfill any obligation under the laws currently in force in India to disclose any information to the country or its agencies;
(5) As necessary to comply with any judgment, ruling, or order issued under the law currently in force in India, or judgments, rulings, or orders in relation to contracts or civil claims under the law currently in force outside India;
(6) As necessary to take measures to provide medical treatment or health services to any individual in the event of an epidemic, disease outbreak, or any other threat to public health;
(7) As necessary to take measures to protect the safety of any individual or to provide assistance or services in the event of any disaster or public disorder.
2. Data Subject Rights
Under the DPDPA, you have the following rights as a data subject. You can exercise such rights in the ways described below. You can also directly submit a data subject rights request in the manner disclosed in the "Contact Us" section.
2.1 Right to be informed
You have the right to know about:
(1) The scope of personal data we are processing and the data processing activities we are carrying out;
(2) All the data fiduciaries and processors that process your personal data and the categories of personal data we share.
(3) Information required to be disclosed by relevant laws and regulations.
2.2 Right to rectification and erasure
You have the right to (1) correct, complete, and update your personal data, and (2) delete your personal data.
2.3 Right to redress for grievances
If you believe that we have deficiencies or omissions in fulfilling our obligations regarding the processing of personal data, you may contact us for redress and remediation. In general, we will respond to your data subject rights request within 15 working days of the date we receive it. If you believe that we are unable to respond to your request, you may file a complaint with the Personal Data Protection Commission of India.
2.4 Right to withdraw consent
You have the right to withdraw your consent to our processing of your personal data.
After you withdraw your consent, we will cease to process your personal data accordingly. You understand that the withdrawal of consent does not affect the lawfulness of our processing of your personal data based on consent before its withdrawal.
2.5 Right to designate an authorized agent
If you are a child or disabled person, you have the right to designate an authorized agent to act on your behalf to exercise your rights as a data subject. When you use an authorized agent, we will take the necessary action to verify the identity of the agent for a qualification review.
3. Processing of Personal Data of Children
In principle, we do not provide our products and services to children.
Please note that in India, children refer to natural persons under the age of 18.