Last Updated: September 1, 2020
What information do we collect about you?
We collect and process information about you if you use the Platform and interact with the Services and related content such as our web pages. This includes technical and behavioral information about your use of the Services.
How will we use the information about you?
We use your information to provide the Services to you and to improve, develop and administer it. We use your information to ensure your safety.
Who do we share your information with?
We may share your information with third party service providers who help us to deliver the Platform, or with any member of our group to improve the Platform or for internal business purposes. Where and when required by law, we will share your information with law enforcement agencies or regulators, and with third parties pursuant to a legally binding court order.
How long do we keep hold of your information?
We retain your information for as long as it is necessary to provide you with the Services and fulfil our contractual obligations and rights in relation to the information involved. Where we do not need your information in order to provide the Services to you, we retain it only as long as we have a legitimate business purpose in keeping such data or where we are subject to a legal obligation to retain the data. We will also retain your information if we believe it is or will be necessary for the establishment, exercise or defence of legal claims.
How will we notify you of any changes to the Policy?
We will use commercially reasonable efforts to generally notify all users of any material changes to the Policy through a notice on the Platform. However, you should look at the Policy regularly to check for any changes. We will also update the “Last Updated” date at the top of the Policy, which reflects the effective date of such policy. Your continued access to or use of the Services after the date of the updated Policy constitutes your consent to the updated Policy. If you do not consent to the updated Policy, you must stop accessing or using the Services.
1. The types of information we collect
Information you choose to provide. When you register or otherwise interact with the Services, you may be invited to provide access to your photographs, videos and audio files. We may also collect your feedback about the Services if you choose to provide it.
Information we collect automatically. We may collect the following information about you:
· Technical information we collect about you. We automatically collect certain information from you when you access or use the Services, including IP address, unique device identifiers, network type and connections, mobile or device model, device manufacturer, mobile phone area, application version number, operating system, information about operations and behaviors performed on the device, CPU and GPU information, and information regarding your use of the Platform.
· Behavioral information we collect about you. We also collect information regarding your use of the Services, e.g., video editing acts.
Information we obtain from other sources. We may receive information about you from other sources, including through third-party services or providers. For example, if you access third-party services through the Services or share information about your experience on the Services with others, we may collect information from these third-party services.
2. How we use your information
We will use the information in the following ways:
We may use your information to:
· provide you with the Services;
· notify you about changes to the Services;
· provide you with user support;
· enforce our terms, conditions and policies; and
· communicate with you.
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organization, we may use your information to:
· improve the Platform and to ensure tools on the Platform are presented in the most effective manner for you and your device;
· administer the Platform and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
· allow you to participate in interactive features of the Platform, when you choose to do so;
· keep the Platform safe and secure; and
· develop our Platform and conduct product development.
We may also use your information with your consent or at your direction.
3. How we share your information
We don’t sell any of your information and we impose restrictions on how partners can use the data we provide. We may disclose the categories of personal information discussed above for a business purpose to selected third parties in or outside your country, including with:
· our service providers, suppliers and subcontractors who help us run the Platform;
· data analytics, crash analytics, and search engine providers that assist us in the improvement and optimization of the Platform.
We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, or companies that we control, are controlled or under common control, and our service providers and strategic business partners, in each case in or outside your country, for the purposes set out above, as permitted by applicable law, to assist in the improvement and optimization of the Platform, or for our internal business purposes.
We may share your information with law enforcement agencies, public authorities or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
· comply with legal obligation, process or request;
· enforce our Terms of Service and other agreements, policies, and standards, including investigation of any potential violation thereof;
· detect, prevent or otherwise address security, fraud or technical issues; or
· protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).
We may also disclose your information to third parties:
· in the event that we sell or buy any business or assets in which case we may disclose your information to the prospective seller or buyer of such business or assets; or
· if we sell, buy, merge, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.
In this case, we will ensure that the terms of the Policy are observed and will inform you in advance if the transfer implies any change to these terms.
Finally, we may share information otherwise with your consent or at your direction.
4. Third-party content
The Services may contain links to content maintained by third parties who we do not control. We are not responsible for the privacy practices of these third parties, and the information practices of these third parties are not covered by the Policy.
5. Where we store your information
The information that we collect from you may be transferred to, and stored at, a destination inside or outside of your country, for the purposes as described in the Policy. By submitting your information, you agree to this transfer, storing or processing. We will take reasonable steps to secure your information and treat it in accordance with the Policy.
6. Your choices
We provide tools in settings that allow you to control how you use the Platform. If you have any questions on how to use or want to know about any rights you may have in the country where you live, please contact us at email@example.com.
7. The security of your information
We will take reasonable steps to secure your information and treat it in accordance with the Policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted through the Platform. We have put in place technical and organizational measures that we will amend and update from time to time to improve the overall security of our systems.
8. Data retention
We will delete your information upon request. Otherwise, we will use the following criteria to determine the period for which we will keep your information:
· our contractual obligations and rights in relation to the information involved;
· legal obligations under applicable laws and regulations to retain data for a certain period of time;
· statute of limitations under applicable laws;
· our legitimate business purposes; and
· disputes or potential disputes.
After you have terminated your use of our Services, we may store your information in an aggregated and anonymized format. Notwithstanding the foregoing, we may also retain any personal information as reasonably necessary to comply with our legal obligations, allow us to resolve and litigate disputes, and to enforce our agreements.
9. Information relating to children
The Platform is not directed at children under the age of 13. Users under the relevant age are not allowed to use the Platform. If we become aware that personal information has been collected from a person under the relevant age, we will delete the user’s information in accordance with applicable law. If you believe that we may have information about or collected from a child under the relevant age, please contact us at firstname.lastname@example.org.
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at email@example.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your information protection authority or follow the dispute process.
We will use commercially reasonable efforts to generally notify all users of any material changes to the Policy, such as through a notice on our Platform, however, you should look at the Policy regularly to check for such changes. We will also update the “Last Updated” date at the top of the Policy, which reflects the effective date of such policy. Your continued access to or use of the Services after the date of the updated Policy constitutes your consent to the updated Policy. If you do not consent to the updated Policy, you must stop accessing or using the Services.
Questions, comments and requests regarding the Policy are welcomed and should be addressed to:
CapCut, Bytedance Pte. Ltd.
Address: Level 43, Asia Square Tower 1, 8 Marina View, Singapore 018960
SUPPLEMENTAL TERMS – JURISDICTION SPECIFIC
In the event of a conflict between the provisions of the Supplemental Terms – Jurisdiction Specific that are relevant to your jurisdiction from which you access or use the Services, and the rest of the Policy, the relevant jurisdiction’s Supplemental Terms – Jurisdiction Specific will supersede and control.
If you are using our Services in the United States, the following additional terms apply:
California Privacy Rights
If you are a California resident, you may request certain information about our disclosure of personal information to third parties for their own direct marketing purposes during the preceding calendar year. This request is free and may be made once a year. Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities over time and/or across different websites. Our products do not support Do Not Track requests at this time.
Pursuant to the California Consumer Privacy Act (“CCPA”), California residents ,subject to verification, may request to see what personal information we have collected about them over the past 12 months, including the categories of personal information that the business has collected about the consumer, the categories of sources for that information, the business or commercial purposes for collecting the information, the categories of third parties with which the information was shared, and the specific pieces of personal information collected about them. If you are a California resident, you may also request that we delete your personal information subject to certain exceptions. Consistent with California law, if you choose to exercise either of these rights, we will not charge you different prices or provide different qualities of services unless those differences are related to your information. Please submit your request via the following method:
We do not sell personal information to third parties for purposes of the CCPA. We may permit third parties to collect personal information through our Services and share each of the categories of personal information described above with third parties for business purposes. These business purposes are described above and include providing advertising on our products and services and elsewhere based on users’ online activities over time and across different sites, services, and devices (so-called “interest-based advertising”) and website and online service analytics. The information practices of these third parties are not covered by the Policy.
If you are using our Services in Brazil, the following additional terms apply:
Exercise of data protection rights. Brazilian law provides certain rights to individuals with regard to their personal data. Thus, we seek to ensure transparency and access controls in order to allow users to benefit from the mentioned rights.
We will respond and/or fulfill your requests for the exercise of your rights below, according to the applicable law and when applicable, to the Brazilian General Data Protection Law - LGPD, once it comes into force:
a. confirmation of whether your data are being processed;
b. access to your data;
c. correction of incomplete, inaccurate or outdated data;
d. anonymization, blocking or erasure of data;
e. portability of personal data to a third party;
f. object to the processing of personal data;
g. information of public and private entities with which we shared data;
h. information about the possibility to refuse providing personal data and the respective consequences, when applicable;
i. withdrawal of your consent.
Verifying your identity. For your safety and to allow us to make sure that we do not disclose any of your personal data to unauthorized third parties, in order to verify your identity and guarantee the adequate exercise of your rights, we may request specific information and/or documents from you before we can properly respond to a request received concerning your data. All data and documents received from you in the process of responding to your requests will be used for the strict purposes of analyzing your request, authenticating your identity, and finally responding to your request.
Limitations to your rights. In certain situations, we may have legitimate reasons not to comply with some of your requests. For instance, we may choose not to disclose certain information to you when a disclosure could adversely impact our business whenever there is a risk of violation to our trade secrets or intellectual property rights. In addition, we may refrain from complying with a request for erasure when the maintenance of your data is required for complying with legal or regulatory obligations or when such maintenance is required to protect our rights and interests in case a dispute arises. Whenever this is the case and we are unable to comply with a request you make, we will let you know the reasons why we cannot fulfill your request.
In case of doubt about your privacy, your rights or how to exercise them, please contact us through the form "Contact". If you have any questions about the processing of your personal data, we would like to clarify them.
International Transfer of Data. We share your personal data globally with companies of our business group to carry out the activities specified in this Policy. We may also subcontract the processing of data involved in the Services or share your personal data with third parties located in other countries. Your personal data may therefore be subject to privacy laws other than those applicable in your country.
Whenever we transfer your personal data to third parties located in other countries, we will ensure that these companies comply with applicable data protection laws and we will take all measures that are reasonably necessary to ensure the existence of adequate safeguards to protect your personal data and to ensure that are processed safely.
Language. The Policy may have been prepared in the English language and in the Portuguese language. If you are a user located in Brazil, you shall refer to the Portuguese version, which shall prevail.
If you are using our Services in South Korea, the following additional terms apply:
Data retention. We destroy personal data whose purpose of collection as consented to by you have been achieved, or whose periods of and use to which you consented to or which were provided in the Policy have expired; provided, however, we will continue to store your personal data for the following statutorily-prescribed periods, where applicable, including, but not limited to:
· Act on Consumer Protection in Electronic Commerce:
o Records on your cancellation of an order, your payment on a purchased item, and our supply of a good/service: 5 years
o Records on the handling of consumer complaints or disputes: 3 years
o Records on advertisements and labels: 6 months
· Protection of Communications Secrets Act
o Records on your visits to our website: 3 months
Destruction of Personal data. We destroy your personal data in a manner that renders it unrestorable by the relevant department.
· Data rights. You have the right to access personal data we hold about you, to rectify any personal data held about you that is inaccurate, to request the deletion of personal data held about you, and the right to request the suspension of the processing of your personal data. You can exercise your rights by contacting us at firstname.lastname@example.org.
· Data Security. We work hard to protect CapCut and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. To this end, we have in place technical, managerial and physical safeguards, including internal policy for data protection, limiting the access to personal data on a need-to-know basis and controlling access to the facilities where personal data is processed.
· Information Relating to Children. CapCut is not directed at children under the age of 14.
· Entrustment and/or Overseas Transfer of Personal Data. We entrust your data to our affiliates, cloud storage providers, IT service providers, and data centers, some of whom are located abroad, subject to your consents or notifications to you, if applicable. The entities receiving and processing your data are committed to using and storing personal data in compliance with domestic and international regulations and to taking all available physical and technical measures to protect personal data. You may opt-out of such transfer so long as the transfer is not necessary to provide you with the Services, by contacting email@example.com.
If you are using our Services in Thailand, the following additional terms apply:
Legal Basis. Subject to section entitled "2. How we use your information", we may rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.
If you fail to provide your personal data when requested, we may not be able to provide our Services to you.
Parental and Guardian Consent. Subject to section entitled “9. Information relating to children”, our activities are not generally aimed at minors and we do not knowingly collect Personal Data from customers who are minors (those who have not reach the legal age (20 years of age or by marriage)) without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. If we learn that we have unintentionally collected personal data from any minor without parental consent when it is required, or from quasi-incompetent person or incompetent person without their legal guardians' consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent. If you are under the age of 20, or if you are a quasi-incompetent persons or incompetent person, you declare that your parent or legal guardian has acknowledged to our Terms of Service and the Policy and you had the consent of your parent or legal guardian to use the Services if required.
Changes. Subject to section entitled "11. Changes", if you do not acknowledge to the updated Policy, you must stop accessing or using the Services.
· Marketing. You have the right to ask us not to collect, use, and/or disclose your personal information for email or text marketing purposes. We will usually inform you (before collecting your information) if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such collection, use, and/or disclosure by checking certain boxes on the forms we use to collect your information. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
· Data Rights. Pursuant to and subject to the Personal Data Protection Act B.E.2562 (2019), you have the right to (i) access and have a copy of your personal data or know the source of any personal information obtained without your consent; (ii) request an update or rectification of your personal data; (iii) request that we restrict the use of your personal data under certain circumstances; (iv) the right to data portability where the collection of your personal data is based on consent or because it is necessary for the performance of a contract or for taking steps at your request prior to entering into our Services; (v) where the processing of your personal data is based on consent, the right to withdraw that consent; (vi) the right to object to collection, use and/or disclosure in certain circumstances; (viii) the right to lodge complaints before the appropriate data protection regulator; and (ix) the right to request us to erase, destroy or anonymize your personal data. Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details. You can exercise your rights by contacting us at email@example.com.
Where we transfer and/or store your information. The section above entitled “5. Where we store your information” shall we be amended and restated in its entirety by the section quoted immediately below:
5. Where we transfer and/or store your information
Subject to section entitled “3. How we share your information”, the information that we collect from you may be transferred to Singapore and stored at Singapore, for the purposes as described in the Policy. By submitting your information, you agree to this transfer, storing or processing.
Language. Any local language translation (where applicable) of the Policy exists for reference purposes only, and only the English version shall take precedence. If there is any inconsistency between different versions, the English version shall prevail.
How we share your information. In addition to the existing section entitled “3. How we share your information”, if you agree to push notifications, we may also provide your device information to your operating system.
EEA and Switzerland
If you are using the Services in the EEA and Switzerland, the following additional terms apply:
Where we store your information
If you are a citizen of the EEA, the personal data that we collect from you will be transferred to, and stored at, a destination outside of the European Economic Area ("EEA"). Where we transfer your personal data to countries outside the EEA, we do so under the Commission’s model contracts for the transfer of personal data to third countries (i.e. standard contractual clauses) pursuant to 2004/915/EC or 2010/87/EU (as appropriate). For a copy of these Standard Contractual Clauses, please contact us at firstname.lastname@example.org.
How we share your information
If you consent to push notifications, we may also provide your device information to your operating system.
You have the following rights:
• The right to request free of charge (i) confirmation of whether we process your personal data and (ii) access to a copy of the personal data retained;
• The right to request proper rectification or removal of your personal data or restriction of the processing of your personal data;
• Where processing of your personal data is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to have your personal data transmitted directly to another company, where technically feasible (data portability);
• Where the processing of your personal data is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal;
• The right not to be subject to any automatic individual decisions, including profiling, which produces legal effects on you or similarly significantly affects you unless we have your consent, this is authorised by Union or Member State law or this is necessary for the performance of a contract;
• The right to object to processing if we are processing your personal data on the basis of our legitimate interest unless we can demonstrate compelling legitimate grounds which may override your right. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your personal data and to balance our legitimate interest in processing and your objection to this processing;
• The right to object to processing your personal data for direct marketing purposes; and
• The right to lodge complaints before the competent data protection regulator.
Before we can respond to a request to exercise one or more of the rights listed above, you may be required to verify your identity or your account details.
Please send an e-mail to us if you would like to exercise any of your rights email@example.com.