Privacy

At GDS Holdings Limited and its affiliates (collectively GDS", "we" or “us”), we respect your privacy and are committed to protecting the Personal Information (as defined below) that you provide to us. The purpose of this GDS Privacy Policy (“Privacy Policy”) is to explain to you how we collect, use, share and protect your Personal Information when you use our services, visit our website or social media accounts, visit our offices or data centers, or use our facilities or networks in our offices or data centers and other circumstances. Please read it carefully.

Personal Information
When you use our services, visit our website or social media accounts, visit our offices or data centers, or use our facilities or networks in our offices or data centers and other circumstances, we will collect your personal information ("Personal Information"). Personal Information includes the following:

  • Your information such as your name, gender, date of birth, ID card number, passport number, facial features, personal image and/or other information that can identify you, as well as your identity registration information with any of our subsidiaries, affiliates, and/or business partners;
  • Your contact information such as your telephone numbers, mailing addresses, email addresses, and fax numbers;
  • Your business information such as the company name, business title, and associated contact information;
  • With your free and express consent, information you provide for market surveys and activities conducted by us or on our behalf;
  • Your network identification information such as account names, account nicknames, email addresses, passwords relating to the foregoing, as well as password protection questions and answers.


If your Personal Information is obtained by us indirectly from a third party, we will use your Personal Information in accordance with our agreement with the third party after confirming the legitimacy of the source of the Personal Information and complying with applicable laws and regulations.

GDS attaches great importance to the protection of minors' Personal Information. Except as required by the applicable laws and regulations, we will not knowingly collect the Personal Information of minors (i.e., persons under the age of 18). Minors shall not provide us with Personal Information without the consent of their guardians. Considering that we cannot identify the age of online visitors, if a minor provides us with Personal Information without the consent of his or her parent or guardian, his or her parent or guardian may send an email to our Privacy Office requesting to remove the information aforementioned or cancel scheduled contact opportunities for promotional activities.

Use of Cookies
In order for you to have a better user experience, some pages of our website use "Cookies" and other tracking technologies. Cookies are a type of small text files that are written to your hard drive when you visit our website. Cookie files may contain the user ID and other information, which are used by the website to track the webpages you visit, but the only Personal Information that can be contained in Cookies is the information provided by you. Cookies cannot read data located outside your hard drive or Cookie files created by other websites. Cookies stored on your computer will remain valid indefinitely after your first visit to the website. In this way, we can confirm how useful our information is for users and see how effective our navigation structure is in helping users obtain information. We will not link this information with the Personal Information of individual users, nor will we share or sell this information to any third party. Most web browsers automatically accept cookies, but you can change the settings of your browser to reject Cookies according to your needs, and you can remove all Cookies saved in the software. Please note that if you choose to delete or disable Cookies, you will need to re-enter your original user ID and password when you visit some parts of the website. Tracking technologies can record information such as domain and host names, Internet portal (IP) addresses, browser software, the type of the operating system, click through rate, the date and number of visits to our websites, etc. By using Cookies and other tracking technologies we can improve our website and your online experience. We may also analyze Personal Information that does not contain trends or statistics.

Data Security and Information Storage

1.Security Measures

To ensure that your Personal Information is properly stored, GDS undertakes to implement appropriate hardware, technical and organizational measures in accordance with applicable laws and regulations to protect the Personal Information we collect. We attach great importance to Personal Information security compliance, so we maintain and establish a sound information security management system. We have obtained ISO27001 certification for information security management systems issued by an authoritative international certification organization, and we regularly carry out work related to the Level III certification of graded protection of information security by the Ministry of Public Security in our data centers. Furthermore, from time to time we organize training courses on security, privacy protection, and confidentiality to enhance our employees’ awareness of Personal Information security and strengthen their appreciation of the importance of protecting Personal Information.



2.Handling of Security Incidents

To deal with potential risks such as the leakage, damage, destruction, and loss of Personal Information, we have formulated several regulations that provide methods and procedures for responding to and dealing with Personal Information security incidents. In addition, to deal with Personal Information security incidents in a proper manner, we appoint dedicated personnel to respond to and deal with such incidents, adopt effective contingency plans for different security incidents, timely formulate and adopt measures to stop loss and conduct remediation, and actively cooperate with the relevant government authorities.
Should a Personal Information security incident unfortunately occur, in accordance with applicable laws and regulations, we will inform you in a timely manner of matters such as the basic circumstances of the security incident, the possible impacts, the countermeasures adopted or to be adopted by us, the precautions and remedies that you could consider, etc. We will inform you of such information by email, letter, telephone, push notification, or other means provided by you. Furthermore, we will proactively report the handling of the Personal Information security incident in accordance with the requirements of the relevant government authorities.
The Internet is not a completely secure environment, and email, instant messaging, social media, and other means of communication with other users cannot be guaranteed to be completely encrypted. We recommend that you use complex passwords when using such tools and pay attention to protecting your Personal Information security.



3.Storage of Personal Information

To fulfill the purpose of this Privacy Policy, we will retain your Personal Information for a reasonable time, unless a more extended retention period is required or permitted by applicable laws and regulations. When the retention period set by us is exceeded, we will delete or anonymize your Personal Information.


Disclosure and Transfer
All Personal Information collected by GDS will be stored within the territory of the People’s Republic of China. We will not transfer your data abroad or disclose or transfer your Personal Information to third parties without your prior consent.

Notification and Marketing
We undertake that we will not collect your information through marketing activities or push advertisements to you without your prior consent.

Your Rights
At any time, you have the right to exercise the rights granted to you under applicable laws and regulations. When you exercise your rights, we will require you to provide relevant identification for verification to protect the security of relevant Personal Information.

User Consent
Please read this Privacy Policy to understand the information we collect, and your rights regarding your Personal Information. By providing us with your Personal Information, you consent to this Privacy Policy and the collection, use, disclosure, access, sharing, transfer, storage, and processing of your Personal Information for the purposes described in this Privacy Policy (except where your express consent is required in accordance with the applicable laws and regulations). GDS will not use your Personal Information for purposes other than those prescribed in this Privacy Policy. If it is necessary to use your Personal Information beyond such scope, we will do so after timely informing you and regaining your consent.
Please note that your authorization or consent will not be required for our collection and use of your Personal Information under the following circumstances:

  • In connection with national security or defense;
  • In connection with public security, public health or major public interests;
  • In connection with criminal investigations, institution of legal actions, trials, or enforcement of judgments, etc.;
  • In order to safeguard the material lawful rights and interests such as the lives or property of Personal Information subjects or other individuals, where it is very difficult to obtain the consent of the person concerned;
  • Where the Personal Information collected was disclosed to the public by the Personal Information subject himself or herself;
  • In other circumstances prescribed by the laws and regulations.。


Information Control and Controller
Any Personal Information provided to or collected by GDS shall be controlled primarily by Global Data Solutions Co., Ltd. (“万国数据服务有限公司”), with its registered address at Suite A0503-1, International Science Park, 1355 Jinjihu Avenue, Suzhou Industrial Park, Jiangsu, China.

Changes to Data Privacy Policy
GDS reserves the right to review and update this Privacy Policy from time to time. If we make any material changes to this Privacy Policy, we will notify you by issuing a notice on our website or by other means required by the applicable laws and regulations prior to the new policy taking effect. If you use the website after the updated Data Privacy Policy becomes effective, you will be deemed to have agreed to the amended Data Privacy Policy.

Contact Us
If you have any questions about this Privacy Policy or you wish to exercise any of your above rights, please contact us at the following email address: GDSPrivacyOffice@gds-services.com. We will generally respond within 15 days. If you are dissatisfied with our response, specifically if you believe that our processing of your Personal Information has infringed upon your lawful rights and interests, you can also file a complaint or report with regulators such as the relevant telecommunications regulatory authorities, cyberspace administration authorities, and the relevant administrations for market regulation.
The latest version of this Privacy Policy is issued on September 19, 2020 and officially takes effect from the date of publication.