Temu | Privacy Policy

Effective Date: October 27, 2024

This Privacy Policy describes how Whaleco Technology Limited, an Irish registered company ("Temu", "we", "us" or "our") handles personal information relating to persons located in the European Union (EU), the European Economic Area (EEA), the United Kingdom (UK) and Switzerland that we collect through our digital properties that link to this Privacy Policy, including our website (www.temu.com), Temu's mobile application (collectively, the "Service"), and other activities as described in this Privacy Policy. At Temu, we care deeply about privacy. We strive to be transparent about our privacy practices, including how we treat your personal information. This Privacy Policy explains how we collect, use, share, and otherwise process the personal information of users in connection with our Service. In this Privacy Policy, we also explain the rights individuals who are affected by our data handling may have with regard to their Personal Data.

For the purpose of this Privacy Policy, “Personal Data” has the meaning given in the General Data Protection Regulation (“GDPR”), i.e. meaning any information that relates to an identified or identifiable natural person (the "Data Subject").

Data Controller: If you are located in the EU, EEA, UK or Switzerland, Whaleco Technology Limited, an Irish company is the service provider and data controller responsible for your personal information.

Contact details for Whaleco Technology Limited are set out in Contact Us.

What Information Do We Collect?

In the course of providing and improving our products and services, we collect your personal information for the purposes described in this Privacy Policy. The following are the types of personal information that we collect:

Information that you provide

When you create an account, place an order at checkout, contact us directly, or otherwise use the Service, you may provide some or all of the following information:

Account and Profile

In order to create and manage your Temu account, we may collect your mobile phone number or email address as the login credentials for your account. If you choose to sign up or login in via external third-party services, such as Facebook or Google, you agree we may collect your profile photo, username, and email address associated with the relevant third-party service provider. We also collect your account settings and preferences.

Purchases

In order to complete transactions and fulfil orders, we collect data related to your order on the Service (e.g., transaction history), payment information required to complete the transaction (e.g., payment card number or other third-party payment information required for payment), your shipping address (e.g., city, state, country of residence, postal code), and recipient contact information (e.g., name, mobile phone number). We also collect your region on a country basis.

Customer Support Activity

When you communicate with our customer service team through customer support functions, social media, or any other means, we will collect your communication history with us as an ongoing effort to improve customer service and support.

User-generated Content

Such as profile pictures, photos, images, videos, audio, comments, questions, messages, and other content or information that you generate, transmit, or otherwise make available on the Service, as well as associated metadata.

Promotion and Event Participation

We collect information that you actively share when you participate in a contest, promotion, or survey, such as contact information provided when you enter a sweepstakes, contest, or giveaway through the Service. We do this to notify you of a win, to verify your identity, and/or to send you a prize. In some cases, we may require additional information as part of the participation process, such as your desired prize selection. Such sweepstakes and contests are voluntary. We recommend that you read the rules and other relevant information for each sweepstake and contest that you enter. In addition, we collect information about your preferences for receiving marketing communications from us as well as your interactions with them.

Other data not explicitly listed here

We will use other data that you provide as described in this Privacy Policy or for any other purpose disclosed to you at the time we collect your information.

Information from third-party sources

We may collect personal information from other third-party sources, such as:

Data providers

Such as information services and data licensors that provide demographic and other information, which among other purposes help us detect fraud.

Our affiliate partners

Such as our affiliate network provider and publishers, influencers, and promoters who participate in our paid affiliate programs.

Marketing partners

Such as business partners with whom we collaborate on marketing events.

Public authorities in the EEA, UK and Switzerland, public sources and rights holders

We may obtain information from third party sources for example, as necessary to comply with our obligations, prevent, investigate, detect an alleged claim or crime, or for a party to assert their legal rights.

Other Third-Party Services

We may obtain your information from other third-party services, such as:

  • Social media services - from which we may collect information such as your username, profile picture, and email address associated with the relevant third-party service provider, if you choose to register or log in on the Service using said third-party service.

  • Logistics service providers - to effectively complete order fulfilment, we will obtain your logistics information from logistics providers, such as delivery progress and delivery address.

Information collected automatically

To enhance your experience with our services and support the other purposes for which we collect personal information, we, our service providers, and our business partners may automatically record information about you, your computer, or mobile device and your interactions with the Service, our communications, and other online services over time, such as:

Device Data

We collect certain information about the device you use to access the Service, such as device model, operating system information, language settings, unique identifiers (including identifiers used for advertising purposes).

Service Usage Information

We collect information about your interactions with the Service, including the pages you view, the duration on a page, the source from which you arrived at the page, your interactions with the page, whether you opened our emails, and whether you clicked the links within our emails.

Location Data

We collect your approximate location based on your technical information (e.g., IP address).

Cookies and Similar Technologies

We use cookies and similar technologies to measure and analyse how you use the Service, including the pages you view and how you interact with the content. Cookies and similar technologies are also used to enhance your experience with the Service, improve the Service, display advertisements to you, and measure the effectiveness of advertising and other content. We and our partners also use cookies to promote the Service on other websites. To understand how cookies are used on other websites, please review their policies. Web beacons are very small images or pieces of data embedded in an image, also known as "pixel tags" or "clear GIFs", that recognize cookies, the time and date the page was viewed, a description of the page on which the pixel tag was placed, and similar information from your computer or device. Some of these tools may enable us or third parties to collect information about how you act with our and other websites over time. To learn more, including how to disable certain cookies, please read our Cookie and Similar Technologies Policy.

How and Why We Use Your Information

We use the personal information that we collect for various purposes, including to develop, improve, support, and provide the Service, allowing you to use its features while fulfilling and enforcing our Terms of Use. We may use your personal information for the following purposes:

Create and maintain your account

We use your personal information to create and maintain your user profile on the Service, enable the Service's account security features (e.g. sending security codes via email or SMS).

Orders and delivery of products and services

We use your personal information to receive and process orders, deliver products and services, process payments, and communicate with you regarding orders, products and services, and promotional offers.

Improve and optimize services and troubleshooting

We use your personal information to optimise features, analyse performance metrics, fix errors, and improve the Service and our business. As part of these activities, we may create aggregated or otherwise deidentified data based on the personal information we collect.

Deidentified information

We may deidentify your information such that it cannot reasonably be used to infer information about you or otherwise be linked to you. To the extent we possess or process any deidentified information, we will maintain and use such information in deidentified form and not attempt to re-identify the information, except solely for the purpose of determining whether our deidentification process satisfies legal requirements.

Personalise your experience

We use your personal information to recommend features, products, and services that may be of interest to you. Personal information will also be used to determine your preferences and personalise your experience with the Service.

Communicate with you and provide customer support

We use your personal information to communicate with you (e.g. announcements, updates, security alerts, support, and administrative messages) and provide customer support for your requests, questions, and feedback.

Sweepstakes, contests, and other promotions and events

We may use your user profile picture and account information to identify you in related promotions and events, and facilitate your invitations to friends who you want to invite to join the Service.

Marketing

We and our service providers may collect and use your personal information for marketing purposes in accordance with your stated preferences and applicable law. We may send you direct marketing communications and abandoned cart reminders (enabled as described via the use of cookies that we collect). You may opt out of our marketing communications or abandoned cart reminders as described in the “Your Rights and Choices” section below.

Interest-based advertising

We, our service providers, and our third-party advertising partners may collect and use your personal information for interest-based advertising purposes. In providing interest-based advertising, we follow the Self-Regulatory Principles for Online Behavioural Advertising as set forth by the Digital Advertising Alliance (DAA), which is an advocacy organisation for responsible digital marketing and consumer privacy. You can learn more about interest-based advertising and your opt-out choices here.

Fraud prevention and security

We use your personal information to prevent, detect, investigate, and respond to fraud, unauthorised access to or use of the Service, violations of the Terms of Use, or other misconduct.

Compliance and legal obligations

We may use your personal information for compliance purposes and to comply with the applicable law, lawful requests, and legal processes (e.g. responding to subpoenas or requests from government authorities) associated with your country of residence; to protect our, yours, and other users' rights, privacy, safety, or property (including introducing and defending legal claims); audit internal processes to ensure compliance with legal and contractual requirements and our internal policies; enforce the terms and conditions that govern the Service; prevent, identify, investigate, and deter fraudulent, harmful, unauthorised, unethical, or illegal activities, including cyberattacks and identity theft.

With your consent

In some cases, we may specifically ask for your consent to collect, use, or share your personal information, where required by applicable law.

Cookies and similar technologies for technical operations, performance enhancement, advertising, analytics, etc

For more information about cookies and how we use them, please read our Cookie and Similar Technologies Policy.

How and Why We Share Your Information

At Temu, we care deeply about privacy. We may share your personal information with the following parties for the purpose of providing you with better services, providing you with personalised advertising and marketing communications, protecting your rights, and/or complying with legal requirements:

Affiliates

For the purpose of order fulfilment, we may share your personal information related to order fulfilment, such as shipping address, contact information, with our subsidiaries and affiliates. Other unrelated personal information will not be shared. These subsidiaries and affiliates either follow the same practices described in this Privacy Policy or follow practices at least as protective as those described in this Privacy Policy.

Service providers

Third parties that provide services on our behalf or help us operate the Service or our business (such as hosting, information technology, customer support, email delivery, order fulfilment and delivery, marketing and website analytics). We generally require these service providers to use personal information only as necessary to perform the services or comply with applicable legal obligations.

Payment processors

Any payment card information you use to make a purchase on the Service is collected and processed directly by our payment processors.

Advertising and analytics partners

Third-party advertising, marketing, and analytics companies for the interest-based advertising and analytics purposes described in our Cookie and Similar Technologies Policy. For additional information and to learn about your right to opt out of such practices, see the Your Rights and Choices section, and the Cookie and Similar Technologies Policy.

Third parties designated by you

We may share your personal data with third parties where you have instructed us or provided your consent to do so. We may share the personal information required for the services you request with third parties designated by you. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services.

Business and marketing partners

Specialist third parties with whom we may collaborate in order to offer or promote the Service.

Professional advisors, authorities, and regulators

We may share your information with our professional advisors (e.g. lawyers, auditors, bankers and insurers), in response to legal processes (such as those issued by courts or authorities in your country of residence); and with other parties in order to enforce our agreements or policies, protect the rights, property and safety of Temu, users and others, and to detect, prevent and address actual or suspected fraud, violations of Temu's Terms of Use, other illegal activities, security issues or when it's required by law.

Business transferees

Acquirers and other relevant participants in business transactions (or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganisation, sale, or other disposition of all or any portion of the business or assets of, or equity interests in, us or our affiliates (including, in connection with a bankruptcy or similar proceedings).

Merchandise Partners/Other Users

We may share with the merchandise partners the product reviews you leave, the return or refund reasons you request a return or refund, and customisation information for customised/personalised items. When necessary to fulfill your order, we share with the merchandise partner your name, shipping address, contact information, communications with our customer service team, and your order information. For example, to address a query or complaint or when the merchandise partner will connect directly with logistics service providers. The merchandise partner will not receive your payment information.

Please note that, in using our Services, you may share personal information to others; for example, when other users view items on Temu, they may see item reviews you left. They will not see your profile photo and name if you hide your profile photo and name when leaving reviews.

Your Rights and Choices

If you are a Data Subject regarding the Processing activities described in this Privacy Policy, you may have the following rights and choices which can be exercised in accordance with applicable law:

Right to Know / Access

The right to obtain from the controller confirmation as to whether or not Personal Data concerning you are being Processed, and, where that is the case, access to the Personal Data and certain information.

Right to Erasure

The right to request that we delete Personal Data we maintain about you without undue delay if and to the extent that the Personal Data are no longer necessary in relation to the purposes for which they were processed, you have withdrawn your consent on which the processing is based and where there is no other legal ground for the processing. In addition, deletion will be conducted if you object to the processing and there are no overriding legitimate grounds for the processing, the Personal Data have been unlawfully processed, or the Personal Data have to be erased for compliance with a legal obligation in the EU or Member State to which we are subject.

Right to Rectification

The right to request that we correct inaccurate Personal Data we maintain about you.

Right to Restriction of Processing

The right to request that we restrict the processing if you contest the accuracy of the Personal Data or if the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead. Also, the processing will be restricted if we no longer need the Personal Data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims. We also restrict the processing if you have objected to processing pending the verification whether our legitimate grounds override yours.

Right to Data Portability

The right to request that we provide the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to transmit those data to another controller without hindrance from us. This applies where the processing is based on consent or on a contract and the processing is carried out by automated means. Also, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Click here to submit a data request.

Right to Object

The right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on a task carried out in the public interest or on a legitimate interest. We will no longer process the Personal Data in case of such objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. When we process Personal Data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, you have the right to object at any time to the processing of your Personal Data. See section below on ‘Opt-out from Marketing Communications’ for further information.

Right to Withdraw Consent

The right to withdraw your consent at any time, where processing is based on your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Right to object to/opt-out of automated decision making

The right not to be subject to a decision when it is based on automated processing (i.e., an operation that is performed without any human intervention), if it produces a legal effect (i.e., impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services), or to opt out of the processing of your Personal Data for such purposes. Temu does not make decisions based solely on automated processing that produce a legal effect or similarly significantly affect individuals.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, the right to lodge a complaint with our lead supervisory authority, the Irish Data Protection Commission or your local supervisory authority, if you consider that the processing of Personal Data relating to you infringes the GDPR.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to erase information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in both the GDPR/UK GDPR and in relevant local implementing legislation.

You may exercise any of these rights by submitting a request via our web form dedicated to data subject requests or by contacting us using the information provided below. We will not discriminate against you for exercising any of these rights. We may need to collect information from you to verify your identity, before providing a substantive response to the request. You may also designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorised them to act on your behalf, and we may need you to verify your identity directly with us.

Opt-out from Marketing Communications

To manage your preferences or opt-out of marketing communications, you can take any of the following actions:

  • Email Promotional Offers: If you do not want to receive emails from us regarding special promotions or offers, you may follow the unsubscribe options at the bottom of each email.

  • Mobile Promotional Offers: When you provide us with your mobile phone number for marketing purposes, we may send you certain marketing alerts via text message and standard data and messaging rates will apply. If you no longer wish to receive mobile marketing alerts from us, you can follow the instructions provided in these messages or reply "stop" to any alerts we send. Rest assured that you can continue to use Temu even if you stop authorising Mobile promotional offers.

  • Push notifications: You may receive push notifications when you use the mobile app. If you wish to adjust push notification settings, including turning them off, you may do so in your mobile device’s notification settings.

Change settings for cookies and similar technologies

Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete them, visit http://www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.

Links to Third-Party Platforms

The Service may contain links to websites, mobile applications, and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. If you choose to connect to the Service through your social media account or another third-party platform, you may be able to use your settings in your account with that platform to limit the information we receive from it. However, please note that these links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. Moreover, we do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions. Therefore, we encourage you to read the privacy policies of the other websites, mobile applications and online services you use. If you revoke our ability to access information from a third-party platform, that choice will not apply to information that we have already received from that third party.

Do Not Track

Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.

Declining to provide information

We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.

Other Choices

Please see the Cookie and Similar Technologies Policy for additional choices and rights you may have and how to exercise such choices and rights.

Our Global Operations and Data Transfers

To support our global operations:

  • We store the information described in the “What Information Do We Collect?” section in servers located in the European Economic Area (EEA).

  • Certain of our subsidiaries and affiliates, located outside the EU, EEA, UK and Switzerland, are given limited remote access to your personal data. See the “How and Why we Share your Information” section above for more information.

  • We may share your information with service providers, partners and other parties described in the “How and Why We Share Your Information”, which can be located outside the EU, EEA, UK and Switzerland.

These parties commit to processing information in compliance with applicable privacy laws and to implementing appropriate security measures to protect your information.

When we transfer your information outside of the EU, EEA, UK and Switzerland, we ensure it benefits from an adequate level of data protection by relying on:

  • Adequacy decisions. These are decisions from the European Commission under Article 45 GDPR (or equivalent decisions under other laws) where they recognise that a country offers an adequate level of data protection. We transfer your information as described in “What Information Do We Collect?” to some countries with adequacy decisions, such as the countries listed here; or

  • Standard contractual clauses. The European Commission has approved contractual clauses under Article 46 of the GDPR that allows companies in the EEA to transfer data outside the EEA. These (and their approved equivalent for the UK and Switzerland) are called standard contractual clauses. We rely on standard contractual clauses to transfer information as described in “What Information Do We Collect?” to certain affiliates and third parties in countries without an adequacy decision.

In certain situations, we rely on derogations provided for under the applicable law to transfer information to a third country.

Click the link to learn more about Adequacy decisions (or equivalent links under applicable laws) or Standard contractual clauses (or equivalent links under applicable laws).

EU General Data Protection Regulation and UK Data Protection Laws – Legal Basis

The EU GDPR and UK data protection laws requires a legal basis for our use of personal information. Our basis varies depending on the specific purpose for which we use personal information. We use:

Performance of a contract

When we provide our Services, or communicate with you about them. This includes when we use your personal information to develop, improve, support, and provide the Service, allowing you to use its features while fulfilling and enforcing our Terms of Use.

Our legitimate business interests and the interests of third parties and/or our customers

When we optimize features, analyse performance metrics, fix errors, and improve the Service and our business, when we detect and prevent fraud and abuse in order to protect the security of our customers, ourselves, or others, and when we provide you with interest-based advertising.

Your consent

When we ask for your consent to process your personal information for a specific purpose that we communicate to you. When you consent to our processing your personal information for a specified purpose, you may withdraw your consent at any time and we will stop processing of your data for that purpose.

Compliance with a legal obligation

When we use your personal information for compliance purposes and to comply with the applicable law, laws, lawful requests, and legal processes (e.g. responding to subpoenas or requests from government authorities) associated with your country of residence; to protect our, yours, and other users' rights, privacy, safety, or property (including introducing and defending legal claims); audit internal processes to ensure compliance with legal and contractual requirements and our internal policies; enforce the terms and conditions that govern the Service; prevent, identify, investigate, and deter fraudulent, harmful, unauthorised, unethical, or illegal activities, including cyberattacks and identity theft.

These and other legal bases

Depending on the purpose we described in the “How and Why We Use Your Information?”

Children

The Service is not intended for use by anyone who is under the age of 18 or a minor (as defined by applicable law). If you are a parent or guardian of a child about whom you believe we have collected personal information, please contact us or through our online reporting form. If we learn that we have collected personal information through the Service from a child or without the knowledge of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.

Data Security and Retention

The security of your personal information is important to us. We use technical and administrative measures to help protect your personal information from loss, theft, misuse, unauthorised access, disclosure, alteration, and/or destruction. We also follow the Payment Card Industry Data Security Standard (“PCI-DSS”) in handling your credit card information. However, security risk is inherent in all internet and information technologies.

We generally retain personal information to fulfil the purposes for which we collected it, as well as for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we may consider factors such as the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the personal information we have collected about you, we may either delete it, or anonymise it.

Data of Temu users located in the European Union (EU), the European Economic Area, the United Kingdom (UK) and Switzerland will be stored by default in the infrastructure of cloud service providers in the European Economic Area (EEA). Temu is a global one-stop shopping destination, therefore where necessary, Temu may transfer data related to order fulfilment to service providers in other countries to provide order fulfilment and logistics services. Personal information (such as account and profile information) unrelated to fulfilment services will not be transferred. At the same time, in all cases, we will ensure that all transfers of personal data comply with applicable legal requirements.

Changes to the Privacy Policy

We reserve the right to modify this Privacy Policy. If we make material changes to this Privacy Policy, we will notify you by updating the date of this Privacy Policy, posting it on the Service and/or providing any notice required by applicable laws. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). We recommend that you review the Privacy Policy each time you visit our Service to stay informed of our privacy practices.

Contact Us

If you have any questions or comments about our Privacy Policy or the terms mentioned, you may contact us at any time:

  • Send an email to Temu's Data Protection Office - privacy@eur.temu.com for the EU/EEA/Switzerland or privacy@uk.temu.com for the UK.

  • If you wish to contact the Data Protection Office by post, you can send mail to the following address of Temu's Data Protection Office by post - Whaleco Technology Limited., First Floor, 25 St, Stephens Green, Dublin 2, Ireland.

You also have the right to lodge a complaint with Temu’s lead supervisory authority, the Irish Data Protection Commission or your local supervisory authority.