Information for people who don’t use Meta Products
Meta Platforms Ireland Limited (“Meta”, “we”, “our” or “us”) processes your name, mobile phone number and/or your email address if we receive it from our users through the contact uploading or contact syncing feature available on Facebook, Messenger or Instagram (“Contact Uploading”). We process this information even if you are not a user of Facebook, Messenger or Instagram and/or don’t have an account with us (a “Non-User”).
About Contact Uploading and how it works
When a user uses Contact Uploading and grants us access to their device’s address book. We will access and upload the names, phone numbers and email addresses in their address book on a daily basis to our servers, including those of both users of Facebook, Messenger and/or Instagram and other contacts who are not users or don’t have an account (i.e., Non-Users).
What information is collected about Non-Users?
We collect the name, mobile phone number and/or email address of a user's contacts.
How do we use a Non-User’s information?
Contact Uploading is an optional feature where users can choose to upload their device's address book to Facebook, Messenger and/or Instagram. We process the names, phone numbers and/or e-mail addresses in the address book to see if any of the numbers or email addresses belong to users. If a user’s contact is also on Facebook, Messenger and/or Instagram, we can suggest this contact on Facebook as someone to send a friend request to in the Facebook user’s People You May Know or as a suggested account to follow on Instagram. Users can also invite Non-Users to join as users of Facebook, Messenger and/or Instagram via text or email.
Contact Uploading also allows us to suggest a Non-User who joins as a user of Facebook as a friend to add for the user through People You May Know or as a suggested account to follow on Instagram.
Finally, we will also use the address books uploaded to investigate suspicious activity on the Meta Products and keep our platform safe and secure. We also conduct business intelligence and analytics using the address books uploaded to accurately count people and users of the Meta Company Products.
Meta shares information we collect, infrastructure, systems and technology with the other Meta Companies. We share Non-Users’ data with other Meta Companies to be able to provide Contact Uploading and for the purposes set out above.
We retain Non-User’s personal information for as long as needed to provide the Contact Uploading feature to users and for the purposes described above. In certain cases, we need to keep your contact information for longer, including after you ask us to erase it. This includes for legal reasons such as to respond to a legal request or comply with applicable law, for regulatory or litigation matters, to prevent harm or for safety, security and integrity purposes. The length of time we need to keep it will depend on the specific reason.
What is our lawful basis for processing?
We rely on our legitimate interests and the legitimate interests of our users to process the names, phone numbers and/or email addresses of Non-Users for the purposes described above. More specifically, we rely on our interests in operating and providing features of the Facebook, Messenger and/or Instagram to our users, and keeping the Meta Products safe and secure, alongside the interests of our users in more efficiently connecting with their contacts who use Facebook, Messenger and/or Instagram.
How Non-Users exercise their data subject rights
Under applicable data protection law, Non-Users have the right to access, rectify, port, and erase their information, as well as the right to restrict and object to certain processing of their personal information (“Data Subject Rights”).
This includes the right to object to our processing of their information where we are pursuing our legitimate interests or those of a third party. We will consider several factors when assessing an objection from a Non-User including: their reasonable expectations; the benefits and risks to them, us, other users, and third parties; and other available means to achieve the same purpose that may be less invasive and do not require disproportionate effort. The objection will be upheld, and we will cease processing their personal information, unless the processing is based on compelling legitimate grounds or is needed for legal reasons.
We hope that we can satisfy any queries a Non-User may have about the way in which we process their personal information. However, if a Non-User has unresolved concerns they also have the right to complain to Meta’s lead supervisory authority, the Irish Data Protection Commission, under the GDPR or any other data protection supervisory authority.
Click here if you have a question about the rights you may have.
Transferring information outside the European Economic Area as part of our global operations
Non-Users’ information will be transferred or transmitted to, or stored and processed in, the United States or other third countries outside of where they live for the purposes described in this Data Notice.
Meta uses Meta’s global infrastructure and data centres, including in the United States. When Non-Users’ information is transferred or transmitted to, or stored and processed outside of the European Economic Area, we rely on appropriate mechanisms for international transfers. For example:
- We rely on decisions from the European Commission by which they recognise that certain countries and territories outside of the European Economic Area ensure an adequate level of protection for personal data. These decisions are referred to as “adequacy decisions.” We transfer Non-Users’ information from the European Economic Area to Argentina, Israel, New Zealand, Switzerland and, where the decision is applicable, Canada in reliance on an adequacy decision.
- In other circumstances, we rely on standard contractual clauses approved by the European Commission or on derogations provided for under applicable law to transfer information to a third country. For example, there is currently no adequacy decision in respect of the United States, so we rely on standard contractual clauses when transferring data to Meta Platforms, Inc. In addition to the standard contractual clauses, we also apply supplemental measures to ensure equivalent protection of your data when transferred.
If you have questions about Meta's international data transfers and the standard contractual clauses, you can contact us.
Contact us
If you have questions about this Notice or if you wish to contact us at the Office of the Data Protection Officer for Meta, please use this contact form.
Alternatively, if you don’t have access to the form, you can also write to us at the following address:
Meta Platforms Ireland Limited
Attn: Privacy Operations
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Ireland