SChat 隐私保护政策

SChat Privacy Policy （International Version）

Effective Date: July 15, 2025

Last Updated: October 22, 2025

Scope and Overview

This Privacy Policy is intended to inform the users of SChat about how it collects, uses, stores, and protects your personal information, as well as the user's data subject rights. It applies to all personal information processing activities arising from using of SChat, including but not limited to one-on-one chats, group chats, message operations, session management, and making phone calls.

For the purposes of this Privacy Policy, the data controller shall be the relevant legal entity in SHEIN group (here “we”, “us”, “our”, or “SHEIN”) deciding why and how information about you (“personal data”) are collected and processed in the context of your employment or contract, i.e. for an employee, the SHEIN entity that entered into an employment agreement with you; or otherwise for a contractor, the SHEIN entity that entered into a contract for service with you or the company that you belong, as well as if you are an external user, including external consultants, suppliers, and partners. For the purposes of this policy, any reference to ‘controller’ shall mean the SHEIN entity that determines the purposes and means of the processing your personal data, unless otherwise defined under the applicable law; and shall also refer to equivalent terms defined under the applicable privacy laws (e.g. personal information processor, APP entity, data user) that refer to entities that is responsible for protecting the personal data that they collect and/or process.

Contents

1. Collection of Personal Data
2. Use of Personal Data
3. Legal basis for processing your Personal Data
4. Collection and Use of Special Categories of Personal Data
5. Data Sharing
6. Cookies
7. Cross-Border Data Transfers
8. Data Security
9. Data Retention
10. Your Rights
11. Data Protection Officer
12. Changes to This Privacy Policy & any Addenda
13. Collection of Personal DataContact Us

1. Collection of Personal Data

For the purposes of this Privacy Policy, personal data (also referred to as “personal information” under certain jurisdictions) means any information relating to an identified or identifiable individual. Personal data excludes anonymous data that cannot be associated in any way with a particular individual by SHEIN or any third party.

In order to provide you with a complete, stable and secure services and functions provided by SChat, we will collect and use the following types of personal information within the scope permitted by applicable laws.

While collection of some personal information is considered voluntary (e.g., nickname, avatar), which does not affect the core use and function of SChat, we require collection of the personal information described below to ensure functionality of SChat and for the purposes described in Section 3 of this Privacy Policy. Failure to provide such personal information may affect your ability to use certain functions of SChat.

(For SHEIN employees) The installation of SChat on company-assigned devices is mandatory for the performance of staff duties. However, installation of SChat on personal devices is optional and at the discretion of staff.

Care has been taken in the design of SChat to ensure that only such information as is necessary for the operation of the service and for SHEIN’s business purposes is processed.

Employee Identity Information and Identifiers

Basic Identity Information: Employee ID, UID, name, nickname, corporate email address, avatar

Organizational Affiliation: Work location, department, name, and employee ID of immediate supervisor, name and employee ID of HRBP

External Users Identity Information and Identifiers

Basic Identity Information: Name/Alias/Nickname, Username, Login Account, corporate email address, contact information and photo.

Organizational Affiliation: Company, Work area, department, administrator name and ID and position.

Verification Information: login password and login verification code.

Communication & Collaboration Data

Chat Content: Chat messages in one-on-one and group chats (including images/files/voices)

Group Information: Group ID, group administrators, group announcements

Meeting & Event Data: Start and end time of events, participants, detailed descriptions of events; Start/end time of meetings, meeting subject, meeting ID, historical meeting records, participant join/leave times, participation duration, attendance records, meeting minutes, dial-in numbers; In-meeting chat, notes, shared images/files, translation, subtitles, real-time transcription

Device & Network Information

Device Hardware Details: Device model, device SN (Serial Number), Android ID, Bluetooth MAC, device name, device screen resolution, device hardware manufacturer, device product name, device storage capacity, CPU info, memory usage, battery level

OS & Software Info: OS version, system name, system language, region/language settings; Installed application list, software list, software running list

Network Status & Connectivity: Network type, network access method, IP address, WiFi status (SSID, BSSID, WiFi list)

Internet or other similar network activity: as described above

Application & Usage Behavior

Application Runtime Status: Application name, processes, number of running threads, system permission settings; App crash records, traffic statistics, operation logs, audio/video quality data (non-call content), feature usage records (e.g., third-party app authorization time), application permissions (camera/voice/album/calendar access)

User Activity Logs: Time spent in background/foreground after receiving a push notification

Geolocation & Attendance Data

For some staff, SChat offers a clock-in functionality, which necessitates the processing of GPS data, information on whether the employee is within workplace attendance area at the time of clocking in. This functionality does not track your location on a constant basis, and does not affect your ability to switch of location services on your device’s settings. Whether this functionality is used by you will depend on your work location. In some locations, other clock-in solutions may be used.

Geolocation data may be necessary for providing transportation and business travel applications.

Survey Questionnaire Data (for SHEIN employees)

We may, from time to time, conduct surveys for various purposes, such as gathering employee satisfaction surveys, training assessments, workplace culture evaluations, among others, which are voluntary in nature. The employee information collected will vary based on the questions and the responses provided by the employee to the questions.

Communication Metadata

Message & Notification Logs: Message text, message summary, push records, push information logs

Email Data: Email subject, body, attachments; Email metadata (sender/recipient addresses, timestamp, IP address, email headers, email size)

User Preferences & Settings

Preference Configurations: User notification settings, rules/filter settings, email signature data, tag data

Organization Structure Info

Organizational Metadata: Organization name, organization address book, contact phone number, organizational contacts, sub-department information

We obtain the categories of personal information listed above from the following categories of sources:

• Directly from you, such as from the forms or information you input into SChat; and
• Indirectly from you, such as from your interactions with SChat.

We will collect and use the above information lawfully, fairly, and to the extent necessary for the usage scenario to provide you with a better communication and collaboration experience.

Our third-party providers may also collect your information through SDK. For more information on how third parties may use your information, please see Section 5. (Data Sharing).

2. Use of Personal Data

We may process your personal data for the following business and employment-related purposes or to carry out other reasonable business purposes consistent with this list in compliance with applicable law.

Ensuring the normal operation of instant messaging, chat group management, phone calls, video and audio calls, meeting management, push notifications, email, and other functions of SChat.

Conducting identity verification, monitoring abnormal activities, troubleshooting errors, and preventing security threats to ensure data and network security.

Analyzing service usage to continuously improve the functions of SChat and enhance user experience.

Complying with applicable laws and regulations, as well as regulatory requirements, including cooperating with judicial or administrative authorities on information disclosures required by law.

For more information on how we use your information, please see the relevant Employee & Contractor Privacy Notice.

3. Legal basis for processing your Personal Data

We process your personal data pursuant to the legal bases set out below:

l When the processing is necessary for the performance of the employment or other agreements we concluded with you, or the organization you represent, or to take pre-contractual steps at your request.

l When the processing is necessary to comply with our legal and regulatory obligations under the applicable laws and regulations in your Home Location.

l Consent, where there is no restriction (under applicable laws in the jurisdiction you are residing in) on relying on employees' consent for processing personal data for purposes notified to employees, and where legitimate interests is not a valid legal basis under applicable privacy laws.

l Consent, for the employee satisfaction surveys, training assessments, workplace culture evaluations, among others, which are voluntary in nature.

l We may also process your personal data for our own legitimate interests or those of third parties, namely:

l To prevent fraud or other criminal activities.

l To ensure network and information security, including preventing unauthorized access to our computer and electronic communications systems and preventing malicious software distribution.

l To support internal administration with our affiliated entities.

l To carry out our contractual obligations with customers and suppliers. (e.g., personal data included in purchase orders, quality documentation, email correspondence and contracts between us and a customer or supplier).

l To restructure our business or engage in similar business transactions, such as a sale, merger, acquisition, restructure, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock.

l To conduct data analytics to review and better understand employee retention and attrition rates.

You will not be subject to decisions based solely on automated data processing or decision-making without your prior consent.

4. Collection and Use of Special Categories of Personal Data

SChat will not actively collect, store, process, or analyze your sensitive personal information, except where you use certain functions of SChat that requires collection of geolocation data and the applicable law in your Home Location includes such data within the scope of sensitive data or special categories of personal data. However, please note: When using features such as chat, file transfer, and group conversations, you may actively send or receive content that contains sensitive information belonging to you or other third parties (for example, in the form of text, images, voice, videos, etc.). Such information is entirely controlled by you and the communication counterpart, and we cannot identify, intercept, or restrict its transmission. When applicable to you, please refer to the relevant SHEIN Group policies governing the sharing and disclosure of sensitive information.

5. Data Sharing

We may disclose your personal data to other members of the SHEIN Group of companies for the purposes set out in this Privacy Policy. When you use SChat, in order to provide you with voice and video calls, online meetings, notifications, and mobile time and attendance functions, we need to entrust the processing of your personal information to the following third-party service providers for the business purposes described in Section 2 of this Privacy Policy:

The personal information disclosed to these third-party service providers consists of all personal information categories required for the necessary functionality of the services as described above.

Where we entrust the processing of your personal data to these third parties, we ensure they are bound by appropriate contractual terms of to ensure that they process the data securely, and only as instructed by us and in compliance with the requirements of applicable Privacy and Data Protection law.

We also disclose certain personal data (including name, email address and other profile details) of SHEIN employees and staff with external users (such as vendors or suppliers) when employees communicate with external users for the purposes of facilitating the communication. Similarly, certain personal data of external users will be disclosed to SHEIN employees for the purposes of facilitating communication.

We do not “sell” or “share” any Personal Information for cross-context behavioral advertising (as those terms are defined under applicable privacy laws), and we have not “sold” or “shared” any Personal Information for such purposes on any occasion.

We have the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us. We also may disclose your information where we reasonably believe that the disclosure is necessary to enforce our agreements or policies, or if we believe that disclosure will help us protect the rights, property, or safety of SHEIN or our customers.

Where we make such disclosure we will notify you, unless such notification is prohibited under applicable law.

For more information on how third parties may use your information, please see the relevant Employee & Contractor Privacy Notice.

6. Cookies

We may use cookies, tags, web pixels, and similar technologies to automatically collect information through SChat functions. Cookies or tags are bits of code that allow our technology partners to collect information that usually does not directly identify you.

Information within this section describes our use of cookies and your ability to control the use of cookies.

Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables SChat to recognize your browser and remember certain information. Cookies may be included for your web browser to interact with the SChat, such as maintaining your logged-in session, and security tools to protect your data. Generally, we use cookies for the following purposes: to make SChat function properly; to provide a secure browsing experience during your use of SChat; to collect passive information about your use of SChat; to help us improve SChat; and to remember your preferences for your convenience.

We use the following types of cookies on our Services:

• Strictly Necessary Cookies. These cookies are essential because they enable you to use SChat. For example, strictly necessary cookies allow you to access secure areas on our Services. Without these cookies, some services cannot be provided. This category of cookies is essential for SChat to work, and they cannot be disabled.
• Functional Cookies. We may use functional cookies to remember your choices so we can tailor the SChat functions to provide you with enhanced features. For example, these cookies can be used to remember your name or preferences. While these cookies can be disabled, this may result in less functionality during your use of our Services.
• Performance or Analytics Cookies. These cookies collect passive information about how you use SChat, including webpages you visit and links you click. We use the information collected by such cookies to improve and optimize SChat functions. You can disable these cookies as described below.

Your browser may provide you with the option to refuse some or all browser cookies. You can use your browser to enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the "Help", "Tools" or "Edit" settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of SChat, and some functions may not work properly. You can find more information about how to change your browser cookie settings at https://www.allaboutcookies.org .

7. Cross-Border Data Transfers

For the purposes of providing you with the SChat functions and otherwise stated in this Privacy Policy, your personal data may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal data as your home country. These countries may include (but are not limited to) the EU, the People’s Republic of China, the United States, and Singapore.

Records of usage of SChat will be stored in the region in which you are located, but should you use SChat to contact a colleague in another region, a copy will also bne stored in that region.

We have put in place appropriate safeguards (such as contractual commitments) and supplemental measures in accordance with applicable legal requirements to ensure that your data is adequately protected and lawfully transferred.

In particular, SHEIN has in place an Intra-Group Data Sharing Agreement in place between its entities, which includes Standard Contractual Clauses as approved by the relevant authorities in the countries from which the personal data is transferred. These include the Clauses approved by the European Commission and by the Government of the United Kingdom.

For more information on the appropriate safeguards in place, please contact us at the details below.

For users in Japan, we rely on your consent for the cross-border transfer of your personal data; for more information on the personal information protection system of these countries, you can refer to Personal Information Protection Commission’s (PPC) website at https://www.ppc.go.jp/personalinfo/legal/kaiseihogohou/#gaikoku.

8. Data Security

We have implemented appropriate physical, technical, and organizational security measures designed to secure your personal data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data to those employees, agents, contractors, and other third parties who have a legitimate business need for such access.

If you have reason to believe that your data is no longer secure or has been breached, please contact us using the contact information below.

9. Data Retention

We will retain your personal information for the shortest time necessary to achieve the purposes of collection or otherwise required by applicable laws and regulations. For information collected during the term of the employment contract (if applicable), it will be retained for 5 years after the employment contract ends, for the resolution of outstanding matters and to ensure business continuity (unless otherwise agreed upon between you and the Data Controller or required by applicable laws and regulations). After the retention period has expired, we will delete or anonymize your personal information.

10. Your Rights

Depending on your Home Location, by law you may have certain rights regarding your personal data. This may include:

l Request access to or know, correct, and erase (delete) the personal data that we hold about you.

l Request the receive certain personal data in a portable format

l Object to or request the restriction of the collection and processing of your personal data under certain circumstances.

l Request that we transfer your personal data to another party.

l Make a complaint with the relevant supervisory authority.

l Withdraw your consent if you have previously provided consent to the collection, processing, or transfer of your information for a specific purpose.

l Opt-out from personal information sales or sharing activities.

l To not be discriminated against for exercising any applicable rights.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your employment.

Exercising Your Rights:

If you want to access, correct, request erasure of your personal data, object to or request restriction of the processing of your personal data, request that we transfer a copy of your personal data to another party, or withdraw your consent, please contact us at [email protected].

We may request specific information from you to help us confirm your identity and your rights, and to provide you with the personal data that we hold about you or implement your request.

Applicable law may allow or require us to refuse to provide you with access to some or all of the personal data that we hold about you, or we may have destroyed, erased, or made your personal data anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal data, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

You may choose to withdraw your consent to processing of your personal data under this Privacy Policy, but such withdrawal of consent may limit your ability to use SChat and its functions. Your withdrawal of consent will not affect the validity of personal information processing activities that have been carried out based on your consent before the withdrawal.

We request that you raise any issues directly with our privacy team or our Data Protection Officer (defined below) so that we have an opportunity to address your concern. You have the right to make a complaint with the relevant data protection authority in your jurisdiction by contacting the data protection authority directly. Please contact us if you require information on how to contact the relevant data protection authority in your Home Location.

Rights under Privacy and Data Protection law are generally not absolute and may be restricted or may not apply to all the data processed by SHEIN. Where SHEIN lawfully restricts the application of a right or believes that this right is not applicable, it will explain this in responding to your request.

Requests from Authorized Agents/Third Parties. For the protection of your account and the security of your data, only you or a person you formally authorize to act on your behalf may make a privacy request related to your personal information. If you use an authorized agent to submit such a request, we will require written proof that the authorized agent has been authorized to act on your behalf, which we obtain in the request verification process. Third parties may submit requests on a data subject's behalf; however, requests will still need to be directed to the data subject themselves for verification and authorization to proceed.

11. Data Protection Officer

We have appointed a Data Protection Officer to oversee compliance with this Privacy Policy and related legislation. If you have any questions about this Privacy Policy, or how we handle your personal data, or would like to request access to your personal data, please contact our Data Protection Officer at: [email protected].

12. Changes to This Privacy Policy & any Addenda

We reserve the right to update this Privacy Policy at any time and will take steps to provide you with a new Privacy Policy when we make any updates. We will communicate these changes in the usual way that we communicate with you. If we would like to use your previously collected personal data for different purposes than those we notified you about at the time of collection, we will provide you with notice and, where required by law, seek your consent, before using your personal data for a new or unrelated purpose.

13. Contact Us

If you have any questions about our processing of your personal data or would like to make an access or other request, please contact us at [email protected] or contact the Data Protection Officer at [email protected].