Facebook Data Policy: https://www.facebook.com/about/privacy/update
Date of Last Revision: April 19, 2018
Access date: May 18, 2018
Accessed from: Germany
Do you live outside of the European Union (EU)? Sections highlighted in yellow below are only relevant for residents in the EU, to be in line with the new General Data Protection Regulation. These sections do not appear in Facebook's Data Policy for those outside of the EU.
Additionally, there a few minor terminology differences (for example "mobile phone masts"/"cell towers"), and where it refers to "EU law" below, this is replaced with "the laws of your country", for non-EU residents.
-----
Data Policy
This Policy describes the information we process to support Facebook, Instagram, Messenger and other products and features offered by Facebook (Facebook Products or Products). You can find additional tools and information in the Facebook settings and Instagram settings.
What kinds of information do we collect?
To provide the Facebook Products, we must process information about you. The type of information that we collect depends on how you use our Products. You can learn how to access and delete information that we collect by visiting the Facebook settings and Instagram settings.
Things that you and others do and provide.
- Information and content you provide. We collect the content, communications and other information you provide when you use our Products, including when you sign up for an account, create or share content and message or communicate with others. This can include information in or about the content that you provide (e.g. metadata), such as the location of a photo or the date a file was created. It can also include what you see through features that we provide, such as our camera, so we can do things such as suggest masks and filters that you might like, or give you tips on using portrait mode. Our systems automatically process content and communications that you and others provide to analyse context and what's in them for the purposes described below. Learn more about how you can control who can see the things you share.
- Data with special protections: You can choose to provide information in your Facebook profile fields or life events about your religious views, political views, who you are "interested in" or your health. This and other information (such as racial or ethnic origin, philosophical beliefs or trade union membership) is subject to special protections under EU law.
- Networks and connections. We collect information about the people, Pages, accounts, hashtags and groups that you are connected to and how you interact with them across our Products, such as people you communicate with the most or groups that you are part of. We also collect contact information if you choose to upload, sync or import it from a device (such as an address book or call log or SMS log history), which we use for things such as helping you and others find people you may know and for the other purposes listed below.
- Your usage. We collect information about how you use our Products, such as the types of content that you view or engage with, the features you use, the actions you take, the people or accounts you interact with and the time, frequency and duration of your activities. For example, we log when you're using and have last used our Products, and what posts, videos and other content you view on our Products. We also collect information about how you use features such as our camera.
- Information about transactions made on our Products. If you use our Products for purchases or other financial transactions (such as when you make a purchase in a game or make a donation), we collect information about the purchase or transaction. This includes payment information, such as your credit or debit card number and other card information, other account and authentication information, and billing, delivery and contact details.
- Things others do and information that they provide about you. We also receive and analyse content, communications and information that other people provide when they use our Products. This can include information about you, such as when others share or comment on a photo of you, send a message to you or upload, sync or import your contact information.
Device information.
As described below, we collect information from and about the computers, phones, connected TVs and other web-connected devices you use that integrate with our Products, and we combine this information across different devices that you use. For example, we use information collected about your use of our Products on your phone to better personalise the content (including ads) or features that you see when you use our Products on another device, such as your laptop or tablet, or to measure whether you took an action in response to an ad that we showed you on your phone on a different device.
Information that we obtain from these devices includes:
- Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
- Device operations: information about operations and behaviours performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
- Identifiers: unique identifiers, device IDs and other identifiers, such as from games, apps or accounts that you use, and Family Device IDs (or other identifiers unique to Facebook Company Products associated with the same device or account).
- Device signals: Bluetooth signals, information about nearby Wi-Fi access points, beacons and mobile phone masts.
- Data from device settings: information that you allow us to receive through device settings that you turn on, such as access to your GPS location, camera or photos.
- Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network, so we can do things such as help you stream a video from your phone to your TV.
- Cookie data: data from cookies stored on your device, including cookie IDs and settings. Learn more about how we use cookies in the Facebook Cookies Policy and Instagram Cookies Policy.
Information from partners.
Advertisers, app developers and publishers can send us information through Facebook Business Tools that they use, including our social plugins (such as the Like button), Facebook Login, our APIs and SDKs, or the Facebook pixel. These partners provide information about your activities off Facebook – including information about your device, websites you visit, purchases you make, the ads you see and how you use their services – whether or not you have a Facebook account or are logged in to Facebook. For example, a game developer could use our API to tell us what games you play, or a business could tell us about a purchase you made in its shop. We also receive information about your online and offline actions and purchases from third-party data providers who have the rights to provide us with your information.
Partners receive your data when you visit or use their services or through third parties that they work with. We require each of these partners to have lawful rights to collect, use and share your data before providing any data to us. Learn more about the types of partners we receive data from.
To learn more about how we use cookies in connection with Facebook Business Tools, review the Facebook Cookie Policy and Instagram Cookie Policy.
How do we use this information?
We use the information that we have (subject to choices you make) as described below, and to provide and support the Facebook Products and related services described in the Facebook Terms and Instagram Terms. Here's how:
Provide, personalise and improve our Products.
We use the information that we have to deliver our Products, including to personalise features and content (including your News Feed, Instagram Feed, Instagram Stories and ads) and make suggestions for you (such as groups or events you may be interested in or topics you may want to follow) on and off our Products. To create personalised Products that are unique and relevant to you, we use your connections, preferences, interests and activities based on the data that we collect and learn from you and others (including any data with special protections that you choose to provide where you have given your explicit consent); how you use and interact with our Products; and the people, places or things that you're connected to and interested in on and off our Products. Learn more about how we use information about you to personalise your Facebook and Instagram experience, including features, content and recommendations in Facebook Products; you can also learn more about how we choose the ads that you see.
- Information across Facebook Products and devices: We connect information about your activities on different Facebook Products and devices to provide a more tailored and consistent experience on all Facebook Products that you use, wherever you use them. For example, we can suggest that you join a group on Facebook that includes people you follow on Instagram or communicate with using Messenger. We can also make your experience more seamless, for example, by automatically filling in your registration information (such as your phone number) from one Facebook Product when you sign up for an account on a different Product.
- Location-related information: We use location-related information – such as your current location, where you live, the places you like to go, and the businesses and people you're near – to provide, personalise and improve our Products, including ads, for you and others. Location-related information can be based on things such as precise device location (if you've allowed us to collect it), IP addresses and information from your and others' use of Facebook Products (such as check-ins or events you attend).
- Product research and development: We use the information we have to develop, test and improve our Products, including by conducting surveys and research, and testing and troubleshooting new products and features.
- Face recognition: If you have it turned on, we use face recognition technology to recognise you in photos, videos and camera experiences. The face recognition templates that we create are data with special protections under EU law. Learn more about how we use face recognition technology, or control our use of this technology in Facebook settings. If we introduce face recognition technology to your Instagram experience, we will let you know first, and you will have control over whether we use this technology for you.
- Ads and other sponsored content: We use the information we have about you – including information about your interests, actions and connections – to select and personalise ads, offers and other sponsored content that we show you. Learn more about how we select and personalise ads, and your choices over the data we use to select ads and other sponsored content for you in the Facebook settings and Instagram settings.
Provide measurement, analytics and other business services.
We use the information that we have (including your activity off our Products, such as the websites you visit and ads you see) to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and understand the types of people who use their services and how people interact with their websites, apps and services. Learn how we share information with these partners.
Promote safety, integrity and security.
We use the information that we have to verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, maintain the integrity of our Products, and promote safety and security on and off Facebook Products. For example, we use data that we have to investigate suspicious activity or breaches of our Terms or Policies, or to detect when someone needs help. To learn more, visit the Facebook Security Help Centre and Instagram Security Tips.
Communicate with you.
We use the information that we have to send you marketing communications, communicate with you about our Products and let you know about our Policies and Terms. We also use your information to respond to you when you contact us.
Research and innovate for social good.
We use the information that we have (including from research partners who we collaborate with) to conduct and support research and innovation on topics of general social welfare, technological advancement, public interest, health and well-being. For example, we analyse information that we have about migration patterns during crises to aid relief efforts. Learn more about our research programmes.
How is this information shared?
Your information is shared with others in the following ways:
Sharing on Facebook Products
People and accounts that you share and communicate with
When you share and communicate using our Products, you choose the audience for what you share. For example, when you post on Facebook, you select the audience for the post, such as a group, all of your friends, the public or a customised list of people. Similarly, when you use Messenger or Instagram to communicate with people or businesses, those people and businesses can see the content you send. Your network can also see actions that you have taken on our Products, including engagement with ads and sponsored content. We also let other accounts see who has viewed their Facebook or Instagram Stories.
Public information can be seen by anyone, on or off our Products, including if they don't have an account. This includes your Instagram username, any information you share with a public audience, information in your public profile on Facebook, and content you share on a Facebook Page, public Instagram account or any other public forum, such as Facebook Marketplace. You, other people using Facebook and Instagram, and we can provide access to or send public information to anyone on or off our Products, including in other Facebook Company Products, in search results or through tools and APIs. Public information can also be seen, accessed, reshared or downloaded through third-party services such as search engines, APIs and offline media such as TV, and by apps, websites and other services that integrate with our Products.
Learn more about what information is public and how to control your visibility on Facebook and Instagram.
Content that others share or reshare about you.
You should consider who you choose to share with, because people who can see your activity on our Products can choose to share it with others on and off our Products, including people and businesses outside the audience that you shared with. For example, when you share a post or send a message to specific friends or accounts, they can download, screenshot or reshare that content to others across or off our Products, in person or in virtual reality experiences such as Facebook Spaces. Also, when you comment on someone else's post or react to their content, your comment or reaction is visible to anyone who can see the other person's content, and that person can change the audience later.
People can also use our Products to create and share content about you with the audience they choose. For example, people can share a photo of you in a story or mention, tag you at a location in a post or share information about you in their posts or messages. If you are uncomfortable with what others have shared about you on our Products, you can learn how to report the content.
Information about your active status or presence on our Products.
People in your networks can see signals telling them whether you are active on our Products, including whether you are currently active on Instagram, Messenger or Facebook, or when you last used our Products.
Apps, websites and third-party integrations on or using our Products.
When you choose to use third-party apps, websites or other services that use, or are integrated with, our Products, they can receive information about what you post or share. For example, when you play a game with your Facebook friends or use a Facebook Comment or Share button on a website, the game developer or website can receive information about your activities in the game or receive a comment or link that you share from the website on Facebook. Also, when you download or use such third-party services, they can access your public profile on Facebook, and any information that you share with them. Apps and websites that you use may receive your list of Facebook friends if you choose to share it with them. But apps and websites that you use will not be able to receive any other information about your Facebook friends from you, or information about any of your Instagram followers (although your friends and followers may, of course, choose to share this information themselves). Information collected by these third-party services is subject to their own terms and policies, not this one.
Devices and operating systems providing native versions of Facebook and Instagram (i.e. where we have not developed our own first-party apps) will have access to all information that you choose to share with them, including information that your friends share with you, so they can provide our core functionality to you.
Note: We are in the process of restricting developers' data access even further to help prevent abuse. For example, we will remove developers' access to your Facebook and Instagram data if you haven't used their app in three months, and we are changing login, so that in the next version, we will reduce the data that an app can request without app review to include only name, Instagram username and bio, profile photo and email address. Requesting any other data will require our approval.
New owner.
If the ownership or control of all or part of our Products or their assets changes, we may transfer your information to the new owner.
Sharing with third-party partners
We work with third-party partners who help us provide and improve our Products or who use Facebook Business Tools to grow their businesses, which makes it possible to operate our companies and provide free services to people around the world. We don't sell any of your information to anyone and we never will. We also impose strict restrictions on how our partners can use and disclose the data we provide. Here are the types of third parties that we share information with:
Partners who use our analytics services.
We provide aggregated statistics and insights that help people and businesses understand how people are engaging with their posts, listings, Pages, videos and other content on and off the Facebook Products. For example, Page admins and Instagram business profiles receive information about the number of people or accounts who viewed, reacted to or commented on their posts, as well as aggregate demographic and other information that helps them understand interactions with their Page or account.
Advertisers.
We provide advertisers with reports about the kinds of people seeing their ads and how their ads are performing, but we don't share information that personally identifies you (information such as your name or email address that by itself can be used to contact you or identifies who you are) unless you give us permission. For example, we provide general demographic and interest information to advertisers (for example, that an ad was seen by a woman between the ages of 25 and 34 who lives in Madrid and likes software engineering) to help them better understand their audience. We also confirm which Facebook ads led you to make a purchase or take an action with an advertiser.
Measurement partners.
We share information about you with companies that aggregate it to provide analytics and measurement reports to our partners.
Partners offering goods and services in our Products.
When you subscribe to receive premium content, or buy something from a seller in our Products, the content creator or seller can receive your public information and other information that you share with them, as well as the information needed to complete the transaction, including shipping and contact details.
Vendors and service providers.
We provide information and content to vendors and service providers who support our business, such as by providing technical infrastructure services, analysing how our Products are used, providing customer service, facilitating payments or conducting surveys.
Researchers and academics.
We also provide information and content to research partners and academics to conduct research that advances scholarship and innovation that supports our business or mission and enhances discovery and innovation on topics of general social welfare, technological advancement, public interest, health and well-being.
Law enforcement or legal requests.
We share information with law enforcement or in response to legal requests in the circumstances outlined below.
Learn more about how you can control the information about you that you or others share with third-party partners in the Facebook settings and Instagram settings.
How do the Facebook Companies work together?
Facebook and Instagram share infrastructure, systems and technology with other Facebook Companies (which include WhatsApp and Oculus) to provide an innovative, relevant, consistent and safe experience across all Facebook Company Products that you use. We also process information about you across the Facebook Companies for these purposes, as permitted by applicable law and in accordance with their Terms and Policies. For example, we process information from WhatsApp about accounts sending spam on its service so we can take appropriate action against those accounts on Facebook, Instagram or Messenger. We also work to understand how people use and interact with Facebook Company Products, such as understanding the number of unique users on different Facebook Company Products.
What is our legal basis for processing data?
We collect, use and share the data that we have in the ways described above:
- as necessary to fulfil our Facebook Terms of Service or Instagram Terms of Use;
- consistent with your consent, which you may revoke at any time through the Facebook settings and Instagram settings;
- as necessary to comply with our legal obligations;
- to protect your vital interests, or those of others
- as necessary in the public interest and
- as necessary for our (or others') legitimate interests, including our interests in providing an innovative, personalised, safe and profitable service to our users and partners, unless those interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
Learn more about these legal bases and how they relate to the ways in which we process data.
How can you exercise your rights provided under the GDPR?
Under the General Data Protection Regulation, you have the right to access, rectify, port and delete your data. Learn more about these rights and find out how you can exercise your rights in the Facebook settings and Instagram settings. You also have the right to object to and restrict certain processing of your data. This includes:
- the right to object to our processing of your data for direct marketing, which you can exercise by using the "unsubscribe" link in such marketing communications, and
- the right to object to our processing of your data where we are performing a task in the public interest or pursuing our legitimate interests or those of a third party. You can exercise this right on Facebook and on Instagram.
Data retention, account deactivation and deletion
We store data until it is no longer necessary to provide our services and Facebook Products or until your account is deleted – whichever comes first. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. For example, when you search for something on Facebook, you can access and delete that query from within your search history at any time, but the log of that search is deleted after six months. If you submit a copy of your valid photo ID for account verification purposes, we delete that copy 30 days after submission. Learn more about deletion of content that you have shared and cookie data obtained through social plugins.
When you delete your account, we delete things that you have posted, such as your photos and status updates, and you won’t be able to recover this information later. Information that others have shared about you isn't part of your account and won't be deleted. If you don't want to delete your account but want to temporarily stop using the Products, you can deactivate your account instead. To delete your account at any time, please visit the Facebook settings and Instagram settings.
How do we respond to legal requests or prevent harm?
We access, preserve and share your information with regulators, law enforcement or others:
- In response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards.
- When we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the Products, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or Products), you or others, including as part of investigations or regulatory enquiries; or to prevent death or imminent bodily harm. For example, if relevant, we provide information to and receive information from third-party partners about the reliability of your account to prevent fraud, abuse and other harmful activity on and off our Products.
Information that we receive about you (including financial transaction data related to purchases made with Facebook) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm. We also retain information from accounts disabled for term breaches for at least a year to prevent repeat abuse or other term breaches.
How do we operate and transfer data as part of our global services?
We share information globally, both internally within the Facebook Companies and externally with our partners and with those you connect and share with around the world in accordance with this Policy. Information controlled by Facebook Ireland will be transferred or transmitted to, or stored and processed in, the United States or other countries outside where you live for the purposes as described in this Policy. These data transfers are necessary to provide the services set forth in the Facebook Terms and Instagram Terms, and to globally operate and provide our Products to you. We utilise standard contractual clauses approved by the European Commission and rely on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries.
How will we notify you of changes to this Policy?
We'll notify you before we make changes to this Policy and give you the opportunity to review the revised Policy before you choose to continue using our Products.
How to contact Facebook with questions
You can learn more about how privacy works on Facebook and on Instagram. If you have questions about this Policy, you can contact us as described below. We may resolve disputes that you have with us in connection with our Privacy Policies and practices through TrustArc. You can contact TrustArc through its website.
Contact us
The data controller responsible for your information is Facebook Ireland, which you can contact online or by post at:
Facebook Ireland Ltd.
4 Grand Canal Square
Grand Canal Harbour
Dublin 2 Ireland
Contact the Data Protection Officer for Facebook Ireland Ltd.
You also have the right to lodge a complaint with Facebook Ireland's lead supervisory authority, the Irish Data Protection Commissioner, or your local supervisory authority.