We receive various requests from governmental authorities in relation to the cloud services we provide in the Republic of Korea (“Tencent Cloud Korea Services”). Where such request is made:
(a) by any law enforcement authority or other governmental authority regarding disclosure of data about users of our Tencent Cloud Korea Services and in accordance with legal processes (e.g. court injunction, court orders, subpoenas, police investigations), we will treat such request in accordance with our Law Enforcement Data Request Guidelines; and
(b) in any manner and by any law enforcement authority or other governmental authority other than pursuant to paragraph (a), we will treat such request in accordance with this Governmental Request Policy (“Policy”) (all such request under this paragraph (b) being a “Request”).
Requests that fall under paragraph (b) include but are not limited to:
(a) take down requests;
(a) general information requests; and
(c) requests to engage in discussions with governmental authorities.
This Policy applies to Requesting Authorities (as defined below) making a Request. If you do not observe the requirements of this Policy in making your Request, we may not be able to comply with or respond to your Request.
1.1 Tencent Cloud Korea complies with the applicable laws and regulations, and we provide details and/or take steps as legally required in relation to Requests.
1.2 We may amend this Policy at any time without notice. We encourage you to check back regularly on this page for updates. This Policy is applicable to requests from Requesting Authorities only. Nothing in this Policy shall be used to create any legal obligations or any enforceable rights against Tencent Cloud Korea or any other member of the Tencent group.
1.3 In addition to the terms defined above, in this Policy:
(a) "we", "us", "our" or " Tencent Cloud Korea" means Tencent Korea Yuhan Hoesa.
(b) “Request” means any request pursuant to Section 1.1(b) that this Policy applies to.
(c) “Requesting Authority” or "you" means the law enforcement authority or other governmental authority making the relevant Request.
2. our relationship with other third parties
2.1 From time to time, we receive requests for disclosure of data which do not belong to and/or are not held by us. To clarify: We cannot assist on requests relating to any platform or service other than Tencent Cloud Korea Services (including any data that is held by or regarding such other platforms or services). It is the Requesting Authority's responsibility to make the appropriate request(s) to such other platforms or services (and their operators) as necessary.
3. general principles of this policy
We apply this Policy in accordance with the following principles. Further details are set out in the remainder of this Policy.
3.1 We act in accordance with Requests when legally required to do so. The basis for the Requests that we comply with may be pursuant to specific laws and regulations. Such actions may include the removal or disabling of certain content.
3.3 We may depart from this Policy from time to time for various reasons, including for instance, due to applicable laws and regulations or pursuant to professional advice we have received on the matter.
3.4 We aim to be transparent with our users in the actions that we take. Before and/or after we comply with a Request (depending on the Request and applicable laws and regulations), we reserve the right to notify (and in certain cases, obtain consent from) our users of the Request (including the actions being sought by the Request) unless we are explicitly requested by the Requesting Authority or prohibited from doing so by applicable laws and regulations and subject to Section 7. This is to ensure that our users have a right to respond to the Request. In addition, where the Request is in relation to actions that may affect other users, we may also notify other users of the relevant Request that we have complied with, subject to applicable laws and regulations.
3.5 We do not automatically comply with all Requests. We will always carefully review all Requests to ensure that we comply with all applicable laws and regulations in our response, while respecting our users' rights. That may include taking appropriate internal and third-party professional advice.
4. HOW WE APPLY THIS POLICY
We note the following in relation to how we apply this Policy:
(a) In certain circumstances, we may not be able to remove information and/or content due to a conflict of legal requirements in different jurisdictions. In those cases, we may treat such information and/or content differently for different jurisdictions.
(b) We will carefully review all Requests to make sure they comply with the applicable laws and regulations. Where relevant or necessary, we may require appropriate legal and/or supporting documentation to be provided by the Requesting Authority before we comply with the Request.
(c) Nothing in this Policy waives or limits any of our rights under all applicable laws and regulations – we expressly reserve all such rights and may respond to any Requests at our sole discretion. We may, as appropriate, question any Requests – including requesting governmental/judicial review of, and third-party legal advice regarding, any Requests.
5. an overview of how we deal with requests
5.1 When we receive a Request, we will generally deal with such Request in accordance with the following (and always subject to applicable laws and regulations):
(a) Review of the Request, to ensure that it meets all relevant legal and our requirements.
(b) Whether it is permitted, necessary and/or appropriate to notify the affected user(s) (also see Sections 3.6 and 7).
(c) Responding to the Requesting Authority regarding the outcome of the Request.
6. WHAT KINDS OF REQUESTS DO WE RESPOND TO?
6.1 General requirements
To the extent permitted by applicable laws and regulations, all Requests must:
(a) be typed and in PDF file format;
(b) be sent on the Requesting Authority's letterhead and signed or affixed with seal by an appropriate and authorised representative of the Requesting Authority - see Section 6.2;
(c) include all information as set out in Section 6.3;
(d) be sent in accordance with Section 9; and
(e) comply with all applicable laws and regulations. We expect all Requesting Authorities to have already obtained legal advice on whether a Request meets this requirement.
Note that we may not respond to any Requests that do not meet the above requirements.
6.2 Who can send Requests?
Appropriate Requesting Authorities may be different in different jurisdictions. Depending on the jurisdiction, legitimate Requests may be submitted by several types of government agencies, such as telecommunication authorities, consumer protection authorities.
The power of many of these authorities will differ depending on the jurisdiction in question. As above, we will review all Requests in accordance with applicable laws and regulations.
6.3 Form of Request
To the extent permitted by applicable laws and regulations, we require that each Request contains the following information, and any other information as required by applicable laws and regulations, in order to process such Request:
(a) the Requesting Authority's identity;
(b) the identity of the specific officer and/or agent of the Requesting Authority responsible for the request (the "Request Contact"), including their rank, badge/identification number and identification documents;
(c) the relevant authorisation document(s) of the specific officer and/or agent of the Requesting Authority, if applicable;
(d) contact details for the Request Contact, including phone number, email address (which must be from the Requesting Authority’s email domain address) and postal address;
(e) a reasonable date that we should respond to the Request by;
(f) if applicable, the IP address, Uniform Resource Locator, or user of the Tencent Cloud Korea Services to which the Request relates, including all known information pertaining to the relevant user - including users’ identification, account details and/or email addresses. This will help us to identify the data subject and/or other information requested;
(g) list and specific type of data and actions being requested;
(h) purpose for which each type of requested data is to be used in relation to the Request;
(i) why is the requested type of data considered necessary for the purpose; and
(j) the basis of the Request, including the provisions of any laws and/or regulations being relied upon for the Request and, where applicable and/or necessary, details of the nature of the investigation, procedure and/or process being carried out by the Requesting Authority.
Please note that we may be unable to respond to any vague or incomplete Requests.
7. NOTIFICATION OF OUR USERS
Further to Section 3.4, we respect our users’ rights and privacy. We may notify (and in certain cases, obtain consent from) the relevant user about any Requests prior to acting on them, unless we are explicitly requested by the Requesting Authority or prohibited from doing so under applicable laws or regulations, by the terms of any legal process (such as a confidentiality order), or where we reasonably believe that such actions may create imminent danger or risk for us or any third party. This notification may allow the end user to seek appropriate protective relief.
Requesting Authorities who believe that notification would jeopardize an ongoing legal investigation should obtain an appropriate court order or legal process that specifically prohibits notification of our users or otherwise substantiate its Request on the basis of the applicable laws and regulations. It is the Requesting Authority's responsibility to Request and substantiate in conformance with by applicable laws and regulations that we do not notify a user of the Request.
We reserve the right to challenge any non-disclosure requests or orders, pursuant to applicable laws and regulations.
8. REIMBURSEMENT OF COSTS
To the extent permitted by applicable laws and regulations, we may seek reimbursement of our costs in responding to a Request.
9. WHERE SHOULD REQUESTS BE SENT TO?
All Requests should be emailed to CloudLE_TKYH@tencent.com with the subject "Governmental Request".
Please note that:
(a) we may not, or take longer to, respond to any Requests not sent to the assigned contact details above;
(b) we will not review correspondences sent by anyone other than Requesting Authorities to the above contact details; and
(c) if we accept any legal processes via the above contact details, such acceptance is for convenience only and does not waive any of our rights or objections, including for lack of proper service or jurisdiction.
For general questions regarding this policy not related to specific Request(s), please contact us by email at CloudPolicy@tencent.com. Please note that we will not be responsive to unrelated enquiries.