Temu | Privacy Policy
Effective Date: December 1, 2024
This Privacy Policy describes how Whaleco Technology Limited, an Irish registered company (“Temu”, “we", “us” or “our”) handles Personal Data relating to persons located in the United Kingdom (“UK”) that we collect through our digital properties that link to this Privacy Policy, including our website (www.temu.com), Temu's mobile application (collectively, the “Service”), and other activities as described in this Privacy Policy. At Temu, we care deeply about privacy. This Privacy Policy explains how we collect, use, share, and otherwise process the Personal Data of our registered account holders, those who purchase items on Temu without an account and those who browse the Service (“users”). In this Privacy Policy, we also explain the rights individuals who are affected by our data handling have with regard to their Personal Data including the right to object to certain types of processing we carry out. For more information see the “Your Rights and Choices” section below.
For the purpose of this Privacy Policy, “Personal Data” has the meaning given in the General Data Protection Regulation (“GDPR”), i.e. meaning any information that relates to an identified or identifiable natural person (the “Data Subject”).
Data Controller: If you are located in the UK, Whaleco Technology Limited, an Irish company is the data controller responsible for your Personal Data. Contact details for Whaleco Technology Limited are set out in the “Contact Us” section below.
What Information Do We Collect
In the course of providing and improving our products and services, we collect your Personal Data for the purposes described in this Privacy Policy. The following are the types of Personal Data that we collect:
Information that you provide
When you create an account, browse the Service, place an order at checkout, contact us directly, or otherwise use the Service, you provide some or all of the following information:
Account and profile
We collect your mobile phone number and/or email address as the login credentials for your account and assign a user identification number (“UID”) to your account. If you choose to sign up or login via external third-party services, such as Facebook or Google, we will collect your profile photo, username, and/or email address associated with the relevant third-party service provider. We also collect your profile information, account settings, and preferences.
Purchases
We collect data related to your orders on the Service (e.g., transaction ID, transaction history), payment information required to complete the transaction (e.g., payment card number or other third-party payment information required for payment, billing address), information provided by you for product sizing purposes, information to verify your age for certain products, your address, designated package collection point (e.g., city, state, country of residence, postal code), recipient contact information (e.g., name, mobile phone number). We also collect your region on a country/region basis.
Customer support activity
When you communicate with our customer service team through our customer support functions in the app/on the website, either with a customer service agent or with our virtual assistant (via the chatbot or hotline), through social media, or any other means, we will collect your communication history with us which includes any text, images, video, audio, or supporting documents exchanged between us.
Information when you contact us
When you contact us, we collect the information you send us, such as reports, feedback, or inquiries about your use of the Service or information about possible violations of our Terms of Use or other policies.
Chats with merchandise partners
When you chat with merchandise partners on Temu, we collect your chat communications and other related user data.
User-generated content
When you provide product reviews and ratings on the Service, we collect this information, including any accompanying images, videos, or text, as well as associated metadata.
Promotion and event participation
We may collect certain information when you participate in a contest, event, promotion, survey, giveaway or sweepstake, as part of the participation process, such as your desired prize selection. Such sweepstakes and contests are voluntary. We recommend that you read the rules and other relevant information for each sweepstake and contest that you enter. In addition, we collect information about your preferences for receiving marketing communications from us as well as your interactions with them.
Other data
We will collect other data that you provide for purposes as described in this Privacy Policy or for any other purpose disclosed to you at the time we collect your information.
Information collected automatically
To enhance your experience with the Service and support the other purposes for which we collect Personal Data as outlined in this Privacy Policy, we, automatically process information about you, your computer, or mobile device and your interactions with the Service and our communications over time, such as:
Device data
We collect Personal Data about the device you use to access the Service, such as device model, operating system information, language settings, unique identifiers (including identifiers used for advertising purposes where we have a legal basis for doing so).
Service usage information
We collect Personal Data about your interactions with the Service, including the items in your shopping cart, your order pages you view, the duration on a page, the source from which you arrived at the page, your interactions with the page, your searched text and images, your browsing history, whether you opened our emails, and whether you clicked the links within our emails. We also collect service-related, diagnostic, and performance information, including crash reports and performance logs.
General location data
We collect your approximate location based on your technical information (e.g., IP address).
Cookies data
We collect information from cookies and similar technologies stored on your device. These cookies are either necessary and required to provide our Service (for example, the cookies we use to display products relevant to your language and location) or optional (for example, the cookies used to track and measure the advertisements shown to you). To learn more, including how to disable certain cookies, please read our Cookies and Similar Technologies Policy.
Information from third-party sources
To the extent permitted by applicable law, we receive and collect Personal Data from other third-party sources, such as:
Data providers
We receive and collect Personal Data such as identity verification information and fraud prevention risk-scoring from information services to help us detect fraud regarding payments, prevent unauthorised transactions and safeguard the Service.
Marketing and advertising partners
We receive and collect Personal Data from our marketing and advertising partners such as business partners with whom we collaborate on marketing events and promotion of the Service. Specifically, we receive from these partners information including, for example, the specific advertisements you clicked on, attribution information via cookies and similar technologies to help us determine the origin of traffic to our Service, device data if you click on certain advertisements, responses to marketing emails, advertisements and offers, and audience information from marketing partners where they have the authority to share that information with us.
Public authorities, public sources, and rights holders
We obtain Personal Data which may include username, address, email, mobile phone number, purchase and/or payment information, from third party sources, for example, as necessary to comply with our obligations, prevent, investigate, detect an alleged claim or crime, or for a party to assert their legal rights.
Our payment processors
We obtain Personal Data from our third-party payment processors, who help us process transactions, provide our Service, and prevent fraudulent or illegal activity. This Personal Data our payment processors pass to us includes your name, email address, billing address, and phone number.
Other third-party services
We obtain your Personal Data from other third-party services, such as:
Social media services - from which we collect your username, profile picture, and/or email address associated with the relevant third-party service provider, if you choose to register or log in on the Service using said third-party service.
Logistics service providers and third-party mapping platforms - to effectively complete order fulfilment, we will obtain your logistics information from logistics providers, such as delivery progress and delivery address and make this information available to you within your account. In order to easily direct you to the most appropriate package collection point for deliveries, in the countries where we enable this functionality, when you provide your address, we also collect and locate the geographical coordinates of the address you provide using third-party mapping platforms such as Google maps.
Declining to provide information
We need to collect Personal Data to provide certain services. If you do not provide the information we require to provide the Service, we cannot provide the Service. Other information is optional, but without it the quality of your experience may be affected.
How and Why We Process Your Information and Our Legal Bases for Processing
We use the Personal Data that we collect for various purposes, including to develop, improve, support, and provide the Service, allowing you to use its features while fulfilling and enforcing our Terms of Use.
In the UK, we require a legal basis to process your Personal Data. We rely on different legal bases depending on why we are processing your Personal Data.
For each legal basis we rely on, we explain why and how we use your Personal Data for that purpose. We also set out the categories of Personal Data involved in each case.
You have rights available to you depending on which legal basis we use. For more information on how to exercise your rights, see the “Your Rights and Choices” section.
Contractual Necessity
When you register for, access or use the Service, we process Personal Data as necessary to perform the contracts you enter into with us (such as our Terms of Use) if you have the legal capacity to enter into an enforceable contract.
When we process Personal Data you provide to us which is necessary to perform a contract with you, you have the right to port it. To exercise your rights, please visit the “Your Rights and Choices” section of this Privacy Policy.
Account creation and maintenance
If you create a user account on the Service, we create and maintain your account, using your account and profile information, device data, and general location data (e.g., IP address), in accordance with your settings and preferences, and enable account security features (e.g., sending security codes via email or SMS).
We will collect information from social media services if you choose to register or log in on the Service using said third-party service.
Orders and delivery of products and services
We facilitate adding items to your shopping cart and enable provision of customised products using your service usage information (including customised order information you provide), allow you to chat in relation to your orders using chats with merchandise partners, receive and process your orders using account and profile and purchases information, deliver products to you using information from logistics service providers and third-party mapping platforms, and process your payments using information from our payment processors. We facilitate order disputes, refunds and/ or returns of your orders using information categories including customer support activity, purchases, general location data (e.g., IP address), information from logistics service providers, and information from our payment processors.
Provide search results and listings for non-personalised products you may wish to buy where strictly necessary to provide the service
For example, when you search for a particular item, we will present a selection of items matching your search criteria using information categories including general location data (e.g., IP address) and service usage information.
Contest, event, promotion, or survey, giveaway, sweepstake
If you have agreed to terms as part of a sweepstake, contest or other promotion, we will facilitate your participation using promotion and event participation information and general location data (e.g., use your IP address to help decide if a promotion applies to you), verify your identity using your account and profile information, inform you about the result using service usage information, and deliver the prize using purchases data, in line with the relevant terms and rules.
Such sweepstakes and contests are voluntary. We recommend that you read the rules and other relevant information for each sweepstake and contest that you enter.
Customer support
We provide customer support for your requests, including your data subject rights requests, questions, disputes, complaints and feedback. For example, we provide online, hotline and after-sale services.
For this purpose, we may use information categories including account and profile, chats with merchandise partners, customer support activity, device data, purchases, and service usage information.
To communicate with you
To the extent strictly necessary to provide the Service in line with the Terms, we use your account and profile and device data to communicate with you (e.g., announcements, updates, security alerts, support, and administrative messages), which also involves the use of customer support activity and service usage information.
Maintain permissions for sending messages
To the extent strictly necessary to provide the Service in line with the Terms. This involves the use of your account and profile and device data.
Platform Safety and Security
To the extent strictly necessary to provide the Service in line with the Terms, we prevent, detect, investigate, and respond to possible unauthorised access, fraudulent transactions, and harmful, unauthorised, unethical, or illegal activities, including cyberattacks and identity theft.
For this purpose, we may use information categories including account and profile, chats with merchandise partners, customer support activity, device data, general location data (e.g., IP address), information from data providers, information from our payment processors, purchases, service usage information and user-generated content.
Publication of user-generated content
In accordance with your settings, we make available your user-generated content. For example, when you leave a review, we process your username, profile picture and the content of your review to make the review available on the relevant product page and your user profile.
For this purpose, we may use information categories including user-generated content, service usage information, and account and profile.
Interaction with other users
If you choose to interact with other users on or through the Service, we facilitate your interaction with those other users. For example, when you click the “Helpful” button on other users’ item reviews, we will notify them of your interaction.
For this purpose, we may use information categories including user-generated content, service usage information, and account and profile.
Legitimate Interests
Where there is no legally enforceable contract in place, or where the processing is not strictly necessary, we can rely on legitimate interests to process your Personal Data for the purposes described above.
We rely on legitimate interests (ours, yours or those of another party) where they are not outweighed by your interests or fundamental rights and freedoms.
You have the right to object to, and seek restriction of, processing based on legitimate interests. To exercise your rights, please visit the “Your Rights and Choices” section of this Privacy Policy.
Recommend content and products (such as product listings and search queries) that you might be interested in, where not strictly necessary to provide the service to you
To recommend products and content that may be of interest to you and others, we use the following categories of your Personal Data: account and profile, general location data (e.g., IP address), purchases (including transaction history), service usage information, and user-generated content.
Legitimate interest relied upon:
It is in our interests to be able to provide a personalised experience for users of the Service
Users have an interest in discovering products/notifications/searches that may be interesting and meaningful to them
Merchandise partners have an interest in reaching a more relevant audience which may increase revenues
Promotion activities and events, which may be personalised
Where not strictly necessary to provide a competition you enter, we process your Personal Data to facilitate sweepstakes, contests, giveaways, and other promotions and events (e.g. to notify of wins, verify identity or send prizes). Depending on your profile settings, we will use your user profile picture and account information in promotions, which may be shared with other users, and facilitate your invitations to friends who you want to invite to join the Service.
Information categories used for this purpose may include promotion and event participation, general location data (e.g., IP address), service usage information, account and profile, and purchases (including transaction history).
Legitimate interest relied upon:
It is in our commercial interests to provide a competition, sweepstake or other promotion that is appealing to potential users and users of the Service.
It is in the interests of users and potential users who are interested in participating in a competition, sweepstake or other promotion.
It is in our interests to be able to provide a personalised experience for users of the Service.
Users have an interest in discovering promotions that may be interesting and meaningful to them.
Send Marketing Messages
We collect and use your Personal Data for marketing purposes in accordance with your stated preferences and applicable law, which may be personalised. Depending on your communication preferences, we may send you direct marketing communications, using your account and profile information, device data, service usage information and information from marketing partners.
Legitimate interest relied upon:
It is in our commercial interests to provide messages that might promote the Service.
It is in the interests of Temu users who have indicated a wish to receive marketing materials (and not since indicated otherwise).
It is in our interests to be able to provide a personalised experience for users of the Service.
Users have an interest in marketing messages that may be interesting and meaningful to them.
Provide off-platform interest-based advertising, which are personalised
We, our service providers, and our third-party advertising partners process your Personal Data for interest-based advertising purposes off the platform, and for analytics. In providing interest-based advertising, we follow the Self-Regulatory Principles for Online Behavioural Advertising as set forth by the European Digital Advertising Alliance (EDAA), which is an advocacy organisation for responsible digital marketing and consumer privacy. You can learn more about interest-based advertising and your opt-out choices of third-party advertising networks here.
Information categories used for this purpose may include account and profile, cookies data, device data, general location data (e.g., IP address), purchases, and service usage information.
See our Cookies and Similar Technologies Policy for more information on our advertising cookies.
Legitimate interest relied upon:
It is in our commercial interests to promote the Service and measure the effectiveness of advertising.
It is in the interests of persons who would be happy to learn or learn more about the Service and discover relevant products that they are interested in, including advertising that is appropriate and relevant to your location and language.
It is in the interests of merchandise partners operating to promote their products to potential customers.
Ensure Security of the Platform
We prevent, identify, investigate, report, and deter fraudulent, harmful, unauthorised, unethical, or illegal activities, including fraud, unauthorised access to or use of the Service, violations of our policies, cyberattacks, identity theft or other misconduct, where not strictly necessary to provide the Service in line with the Terms and/or where there is no legal obligation to do so.
Information categories used for this purpose may include account and profile, chats with merchandise partners, customer support activity, device data, general location data (e.g., IP address), information from data providers, our payment processors, public authorities, public sources and rights holders, information when you contact us, purchases, service usage information, and user-generated content.
Legitimate interest relied upon:
We benefit by taking steps to: (i) ensure that any harmful, unauthorised, unethical and/or unlawful activity on or in connection with the Service is detected, investigated, reported and prevented accordingly, and (ii) ensure that the Service can be provided in a manner that is safe and compliant with applicable laws.
Law enforcement agencies benefit because the information provided by us can assist with the detection, investigation and prevention of criminal offences.
Users of the Service benefit because those seeking to use the Service in a harmful, unauthorised, unethical and/or unlawful manner to cause harm to other users can be identified and removed from the platform.
Third-party financial institutions benefit because perpetrators of financial crimes can be detected, investigated and penalised accordingly.
Victims of unlawful activity benefit because the relevant perpetrator(s) can be detected, investigated and penalised accordingly.
The wider public benefits because criminal offences are being detected, investigated and prevented.
Enable security features within the Temu app and website which enable you to safeguard your Temu account
We process your Personal Data to enable security features of the Service, such as by sending you security codes via email or SMS using your account and profile information, and remembering devices from which you have previously logged in using device and general location data (e.g., IP address).
For this purpose, we may use information categories including account and profile information, purchases, service usage information, device data and general location data (e.g., IP address).
Legitimate interest relied upon:
We benefit by taking steps to ensure that any unauthorised, and/or unlawful activity or access on or in connection with the Service is prevented and detected.
Users of the Service benefit because those seeking to use the Service in a harmful, unauthorised, unethical and/or unlawful manner to cause harm to other users can be prevented from accessing the service and where not prevented can be identified and removed from the platform.
Third-party financial institutions benefit because perpetrators of financial crimes will find it more difficult to compromise Temu accounts and cardholder information linked to those accounts.
Engage with valid requests from legal authorities, regulators and rights holders
We take necessary action to protect rights, privacy, safety, or property (including introducing and defending legal claims) and to enforce the terms and conditions that govern the Service.
Information categories used for this purpose may include account and profile, customer support activity, device data, general location data (e.g., IP address), information from public authorities, public sources and rights holders, purchases, service usage information, and user-generated content.
Legitimate interest relied upon:
It is in our interests to take steps to ensure that: (i) any harmful, unauthorised, unethical and/or unlawful activity on or in connection with the Service is detected, investigated and prevented; and (ii) the Service can be provided in a manner that is safe and compliant with applicable laws
Law enforcement agencies benefit because the information provided by us can assist with the detection, investigation and prevention of criminal offences
Users of the Service benefit because those seeking to use the Service in a harmful, unauthorised, unethical and/or unlawful manner to cause harm to other users can be identified and removed from the platform
Third-party financial institutions benefit because perpetrators of financial crimes can be detected, investigated and penalised accordingly
Victims of unlawful activity benefit because the relevant perpetrator(s) can be detected, investigated and penalised accordingly
The wider public benefits because criminal offences are being detected, investigated and prevented
Improve and optimise services, features, analyse performance metrics, and improve the Service and our business
We improve the Service, analyse performance, and maintain and improve our business. As part of these activities, we may create aggregated or otherwise deidentified data. We fix errors and ensure the Service works properly outside what is strictly contractually necessary to provide you with the Service. We may use your customer support activity and chats with merchandise partners data to optimise our customer service support activity, for example, to improve the responses issued by our virtual assistant.
Other information categories used for this purpose may include account and profile, device data, general location data (e.g., IP address), information when you contact us, purchases, service usage information, and user-generated content.
Legitimate interest relied upon:
It is in our commercial interests to provide an effective Service that performs well and is updated regularly
It is in the interests of users to receive a regularly updated service that performs well
Retain certain user information for legal reasons (e.g., where necessary to defend against legal claims, or to comply with regulatory compliance requirements)
Information categories used for this purpose may include account and profile, customer support activity, device data, general location data (e.g., IP address), information from public authorities, public sources and rights holders, and purchases.
Legitimate interest relied upon:
It is in our interests to take steps to ensure that: (i) any harmful, unauthorised, unethical and/or unlawful activity on or in connection with the Service is detected, investigated and prevented; and (ii) the Service can be provided in a manner that is safe and compliant with applicable laws
Law enforcement agencies benefits because the information provided by us can assist with the detection, investigation and prevention of criminal offences
Users of the Service benefit because those seeking to use the Service in a harmful, unauthorised, unethical and/or unlawful manner to cause harm to other users can be identified and removed from the platform
Third-party financial institutions benefit because perpetrators of financial crimes can be detected, investigated and penalised accordingly
Victims of unlawful activity benefit because the relevant perpetrator(s) can be detected, investigated and penalised accordingly
The wider public benefits because criminal offences are being detected, investigated and prevented
Address user complaints or data subject rights requests
We disclose information to facilitate user complaints and data subject rights requests as described in the “Your Rights and Choices” section below.
Information categories used for this purpose may include account and profile, customer support activity, device data, and purchases.
Legitimate interest relied upon:
It is in our commercial interests to provide a Service that meets the expectations of our users with respect to the exercise of their rights
It is in the interests of Temu users to receive a service that meets their expectations with respect to the exercise of their rights
For litigation matters
Where applicable in defence or in pursuit of legal claims, we may process the following categories of your Personal Data: account and profile, customer support activity, device data, general location data (e.g., IP address), information from public authorities, public sources and rights holders, and purchases.
Legitimate interest relied upon:
It is in our commercial interests in protecting our legal rights and interests
It is in the interests of third parties in their legal rights and interests being protected
Your Consent
We process Personal Data for the purposes described below when you have given us your consent. You have the right to withdraw consent to processing based on your prior consent at any time without affecting the lawfulness of processing based on such consent before the consent is withdrawn. To exercise your rights, visit the “Your Rights and Choices” section of this Privacy Policy.
Where your prior consent is obtained
In some cases, we will specifically ask for your consent to collect, use, or share your Personal Data to the extent permitted by applicable law. For example, we will seek consent when we place certain cookies or similar technologies.
Depending on the circumstances, information categories used may include account and profile, device data, general location data (e.g., IP address), information from cookies and similar technologies, and information from marketing partners.
Compliance with a Legal Obligation
We may use your Personal Data where it is necessary to comply with a legal obligation.
Compliance and legal obligations
We can use your Personal Data for compliance purposes and to comply with applicable law, lawful requests, and legal processes (e.g., responding to subpoenas or requests from government or regulatory authorities or where there is a mandatory duty to report criminal offences); to protect our, your, and other users' rights, privacy, safety, or property (including introducing and defending legal claims); audit internal processes to ensure compliance with legal and contractual requirements and our internal policies; enforce the terms and conditions that govern the Service; prevent, identify, investigate, and deter fraudulent, harmful, unauthorised, unethical, or illegal activities, including cyberattacks and identity theft.
Information categories used for this purpose may include account and profile, chats with merchandise partners, customer support activity, device data, general location data (e.g., IP address), information from public authorities, public sources and rights holders, purchases, service usage information, user-generated content, and other data.
How and Why We Share Your Information
At Temu, we care deeply about privacy. In certain circumstances described in the Privacy Policy, we share your Personal Data with the following parties for the purposes outlined below.
Affiliates
As a global company, our Service is supported by other entities within our corporate group in addition to Whaleco Technology Limited. We share some of your Personal Data with Temu subsidiaries and affiliates as necessary to provide certain functions of the Service, including for the purposes of order fulfilment. Such Personal Data includes shipping address, and contact information. For more details about how we ensure adequate protection when transferring your information, please see the “Our Global Operations and Data Transfers” section below for more information.
Service providers
We share your Personal Data with third parties who provide services on our behalf or help us operate the Service. The services these third parties provide include hosting, information technology, customer support, content delivery, email delivery, order fulfilment and delivery, marketing, and website analytics. We generally require these service providers to use Personal Data only as necessary to perform the services or comply with applicable legal obligations.
Payment processors
We share your Personal Data with our payment processors as necessary to complete payments, process disputes, and/or process refunds.
Advertising and analytics partners
We share your Personal Data with third-party advertising, marketing, and analytics companies for the interest-based advertising and analytics purposes described in our Cookies and Similar Technologies Policy.
Third parties designated by you
We share your Personal Data with third parties where you have instructed us or provided your consent to do so and where we have a legal basis for doing so. We share the Personal Data required for the services you request with third parties designated by you. For example, where you choose to share a link to a Temu product listing via a third-party social media service. Please be aware that when you use third-party sites or services, their own terms and privacy policies will govern your use of those sites or services.
Business and marketing partners
We share your Personal Data with specialist third parties with whom we collaborate in order to offer or promote the Service. For example, depending on your communication preferences, we may share your Personal Data with third-party service providers with whom we have partnered in order to send you marketing SMS and email messages.
Professional advisors, public authorities, institutions, and regulators
We may share your Personal Data with our professional advisors (e.g., lawyers, auditors, bankers and insurers), and public authorities, such as law enforcement authorities in response to legal processes (such as those issued by courts or authorities in your country of residence); and with other parties (including financial institutions) in order to enforce our agreements or policies, protect the rights, property and safety of Temu, users and others, and to detect, prevent and address actual or suspected fraud, violations of Temu's Terms of Use, other illegal activities, security issues or when it's required by law.
Business transferees
In the rare event of a business transaction such as a merger, acquisition, or reorganisation, we may share some of your Personal Data with relevant parties (such as a buyer or successor) in order to facilitate such a transaction. If we intend to transfer information about you, we will inform you either by email or by posting a notice on the Temu app and on Temu.com.
Merchandise Partners
We share with our merchandise partners the product reviews you leave, the return or refund reasons you request a return or refund, and customisation information for customised/personalised items. When necessary to fulfil your order, we share with the merchandise partner your name, shipping address, contact information, communications with our customer support functions, and your order information. For example, to address a query or complaint or when the merchandise partner will connect directly with logistics service providers. The merchandise partner will not receive your payment information or device data.
Other users
In accordance with your settings and preferences, your Personal Data may be visible to other users; for example, when other users view products on Temu, they may see product reviews you left.
However, if you would like to hide your profile image and profile name sharing in relation to these activities from other users, you can do so by editing your reviews and/or adjusting your settings and preferences in the “Notifications” menu.
Your Rights and Choices
You have the following rights and choices:
Right to Access
You have the right to obtain from the controller confirmation as to whether or not Personal Data concerning you is being processed, and, where that is the case, access to the Personal Data and certain information about the processing. Click here to submit a data request.
Right to Erasure
You have the right to request that we delete Personal Data we maintain about you without undue delay if and to the extent that the Personal Data is no longer necessary in relation to the purposes for which it was processed, you have withdrawn your consent on which the processing is based and where there is no other legal ground for the processing. In addition, deletion will be conducted if you object to the processing and there are no overriding legitimate grounds for the processing, the Personal Data have been unlawfully processed, or the Personal Data must be erased for compliance with a legal obligation to which we are subject.
You can permanently delete your Temu account at any time should you no longer want to use the Service. For further details, please see here.
Right to Rectification
You have the right to request that we correct inaccurate Personal Data we maintain about you. You can edit your profile information at any time through your account settings.
Right to Restriction of Processing
You have the right to request that we restrict the processing of your Personal Data in any of the following circumstances: (i) if the Personal Data is inaccurate, its processing can be restricted for the period of time it takes for us to verify its accuracy; (ii) if the processing is unlawful and you object to your Personal Data being deleted you can instead request that its processing be restricted; (iii) if we no longer need the Personal Data but you require us to retain it in order for you to bring, or defend against, a legal claim; (iv) if you have objected to our processing of your Personal Data on the basis of legitimate interest and you are awaiting the conclusion of our legitimate interest assessment.
Right to Data Portability
You have the right to request that we provide the Personal Data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. This applies where the processing is based on consent or contractual necessity and the processing is carried out by automated means. Also, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you, including profiling, which is based on a task carried out in the public interest or on a legitimate interest. We will no longer process the Personal Data in case of such objection unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to Object (Direct Marketing)
When we process Personal Data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing, you have the right to object at any time to the processing of your Personal Data. See the “Opt-out from Marketing Communications” section below for further information.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, where processing is based on your consent. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to object to/opt-out of automated decision making
You have the right not to be subject to a decision when it is based on automated processing (i.e. an operation that is performed without any human intervention), if it produces a legal effect (i.e. impacts your legal rights) or significantly affects you in a similar way (e.g., significantly affects your financial circumstances or ability to access essential goods or services), or to opt out of the processing of your Personal Data for such purposes. Temu does not make decisions based solely on automated processing that produce a legal effect or that similarly significantly affect individuals.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner’s Office, the Irish Data Protection Commission who acts as our lead supervisory authority, or with your local supervisory authority.
These rights can be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights) or if you ask us to erase information which we are required by law or for certain reasons of public interest to keep. Relevant exemptions are included in both the GDPR and in relevant local implementing legislation.
You can exercise any of these rights by submitting a request via our web form dedicated to data subject requests or by contacting us using the information provided below. We will not discriminate against you for exercising any of these rights. In certain circumstances, we will need to collect additional information from you to verify your identity, before providing a substantive response to the request. You can also designate an authorised agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorised them to act on your behalf, and we may need you to verify your identity directly with us.
Opt-out from Marketing Communications
To manage your preferences or opt-out of marketing communications, you can take any of the following actions:
Email Promotional Offers. If you do not want to receive emails from us regarding special promotions or offers, you can follow the unsubscribe options at the bottom of each email to stop receiving direct marketing emails. You can also opt out of receiving promotional messages via email in the “Notifications” menu.
Mobile Promotional Offers. When you provide us with your mobile phone number and consent to receiving messages for marketing purposes, we will send you certain marketing alerts via text message and standard data and messaging rates will apply. If you no longer wish to receive mobile marketing alerts from us, you can follow the instructions provided in these messages or reply "stop" to any alerts we send. You can also opt out of receiving promotional messages via SMS in the “Notifications” menu. Rest assured that you can continue to use Temu even if you stop authorising Mobile promotional offers.
Push notifications. You can receive push notifications when you use the mobile app. If you wish to adjust push notification settings, including turning them off, you can do so in your mobile device’s notification settings. You can also opt out of receiving promotional messages via push notification in the “Notifications” menu.
Change settings for cookies and similar technologies
Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. Please note that if you set your browser to disable cookies, the Service may not work properly. For more information about cookies and similar technologies, including how to see what cookies and similar technologies have been set on your browser and how to manage and delete them, visit http://www.allaboutcookies.org. You can also configure your device to prevent images from loading to prevent web beacons from functioning.
Our Global Operations and Data Transfers
To support our global operations:
We store the information described in the “What Information Do We Collect” section in servers located in the EEA.
Certain of our subsidiaries and affiliates, located outside the EU, EEA, Switzerland, and UK are given limited remote access to your Personal Data. See the “How and Why We Share Your Information” section above for more information.
We share your Personal Data with service providers, merchandise partners, partners and other parties described in the “How and Why We Share Your Information” section, which can be located outside the EU, EEA, Switzerland, and UK. Our service providers are based in Africa, the Asia-Pacific region, Europe and North and South America.
When we transfer your information outside of the EU, EEA, Switzerland, and UK, we ensure it benefits from an adequate level of data protection by relying on:
Adequacy decisions. These are decisions from the Secretary of State under Sections 17A (and 74A) and 17B (12) (and 74B) of the Data Protection Act 2018 where it is recognised that a country offers an adequate level of data protection. We can transfer your information detailed under the “What Information Do We Collect” section as described in the “How and Why We Share Your Information” section to some countries with adequacy decisions, such as the countries listed here; or
Standard contractual clauses. The Secretary of State has approved the use of the international data transfer addendum (the “Addendum”) to the European Commission’s standard contractual clauses under Article 46 of the GDPR. The Addendum together with the European Commission’s standard contractual clauses allows companies processing the Personal Data of UK users to transfer such Personal Data to countries outside the UK where there is not an adequacy decision (as referred to above). We rely on standard contractual clauses and the Addendum to transfer information detailed under the “What Information Do We Collect” section as described in the “How and Why We Share Your Information” section to certain affiliates and third parties in countries without an adequacy decision.
In certain situations, we rely on derogations provided for under the applicable law to transfer information to a third country.
Click the following links to learn more about Adequacy decisions, Standard contractual clauses, and the Addendum.
Children
The Service is not intended for use by anyone who is under the age of 18 or a minor (as defined by applicable law). If you are a parent or guardian of a child about whom you believe we have collected personal information, please contact us directly or through our online reporting form. If we learn that we have collected personal information through the Service from a child or without the knowledge of the child’s parent or guardian as required by law, we will comply with applicable legal requirements to delete the information.
Data Security and Retention
The security of your Personal Data is important to us. We use technical and administrative measures to help protect your Personal Data from loss, theft, misuse, unauthorised access, disclosure, alteration, and/or destruction. We also follow the Payment Card Industry Data Security Standard (“PCI-DSS”) in handling your credit card information. However, security risk is inherent in all internet and information technologies.
We retain Personal Data for as long as necessary to fulfil the purposes described in this Privacy Policy, including to provide the Service, to comply with legal obligations or to protect our or other’s interests. We decide how long we need information on a case-by-case basis. To determine the appropriate retention period for Personal Data, we consider factors such as the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements. When we no longer require the Personal Data we have collected about you for those purposes, we delete it, or anonymise it.
How long we will retain your Personal Data is generally determined by how long we require it to provide you with the Service and to provide you with customer support.
For example:
As described above in the “How and Why We Process Your Information and Our Legal Bases for Processing” section:
We require certain of your Account and Profile Information to create and manage your Temu account. We need to keep this information for the lifetime of your account in order to maintain your account.
We retain your account preferences - including your communication preferences - which you are free to amend at any time, for the lifetime of your account.
We retain your report relating to products (including complaint records and supporting documentation) for 18 months after the complaint in question has been resolved.
If we decide to terminate the provision of the Service to you, we retain your appeal records and supporting documentation for no longer than one year after the appeal has been resolved.
We retain any communication you have had with our customer support team for the lifetime of your account.
In certain circumstances, we need to retain your Personal Data for longer in order to comply with legal obligations we have as described further above in the “How and Why We Process Your Information and Our Legal Bases for Processing” section. This will in certain circumstances involve the retention of certain of your Personal Data after your account has been deleted.
We retain your Personal Data:
To respond to a lawful request or legal process. For example, to respond to subpoenas or requests from government authorities we may need to preserve certain of your Personal Data after your account has been deleted.
To address requests and complaints. For example, if there is an ongoing dispute in relation to your account, we will retain certain of your Personal Data where it is required to address the dispute or complaint.
To investigate issues relating to the security and safety of our services and to protect our rights, property and customers. For example, we may retain certain of your Personal Data where it is necessary to investigate, actual or potential misuse of the Service.
Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy. We will notify you of any material changes by a notice provided through the Service or by other means. We recommend that you regularly review the Privacy Policy to stay informed of our privacy practices.
Contact Us
If you have any questions or comments about our Privacy Policy or the terms mentioned, you can contact us at any time:
Send an email to Temu's Data Protection Officer at privacy@uk.temu.com.
If you wish to contact the Data Protection Officer or the controller Whaleco Technology Limited by post, you can send mail to the following address of Temu's Data Protection Officer by post - Whaleco Technology Limited., First Floor, 25 St, Stephens Green, Dublin 2, Ireland
You also have the right to lodge a complaint with the Information Commissioner’s Office, the Irish Data Protection Commission who acts as our lead supervisory authority, or with your local supervisory authority.