TERMS OF USE
Last Updated: May 16, 2024
The following terms and conditions ( “Terms of Use”) contain a description of your personal information and other rights that may be involved during your use of the current endpoints and network. PLEASE CAREFULLY READ AND FULLY UNDERSTAND ALL TERMS AND CONDITIONS OF THIS TERMS OF USE, IN PARTICULAR, THOSE TERMS THAT INVOLVE YOUR AUTHORIZATION AND CONSENT OR LIMIT YOUR RIGHTS AND INTERESTS. BY CLICKING ON “CONFIRM”, “AGREE”, “NEXT” OR OTHERWISE USE OF THE ENDPOINTS AND NETWORK PROVIDED, YOU ACKNOWLEDGE AND AGREE THAT YOU ARE BOUND TO THIS TERMS OF USE. THE ORGANIZATION YOU BELONGS TO (HEREINAFTER REFERRED TO AS “YOUR ORGANIZATION”) WILL PROVIDE CORRESPONDING SERVICES OR RESOURCES FOR YOU BASED ON YOUR AUTHORIZATION.
IF YOU HAVE ANY QUESTIONS ABOUT THIS TERMS OF USE, YOU MAY CONTACT YOUR ORGANIZATION'S IT ADMINISTRATORS OR THE MANAGEMENT PERSONNEL FOR COMMUNICATION. To avoid disruption of normal business work due to network usage issues, your organization may also proactively contact you when necessary.
1. ENDPOINTS MANAGEMENT AND CONTROL
1.1 The Purpose of Endpoints Management and Control
With the rapid development of the internet and digitalization, you and your organization are facing unprecedented threats in network and information security while accessing and using massive resources conveniently in work and life. As for your organization, the internal core business systems and the data they carry are important assets, any external attack or internal data leakage will cause irreparable damage and will damage your vital interests. If flexible and effective access management for internal resources can not be achieved, work efficiency and benefits will also be affected. In order to effectively protect the operation of information systems in the current network environment as well as the security and efficient utilization of data assets and information content, it is necessary for your organization to conduct management and control on endpoints that access the current network environment and the behavior of the endpoints using the network or accessing specific resources.
1.2 The Scope and Method of Endpoints Management and Control
In order to achieve the purpose of endpoints management and control, Your organization may apply single or combined solutions including but not limited to access control, internet access authentication, security audit, data leak prevention, or antivirus provided by a third-party vendor and configure the relevant features according to the de facto situation. For more details and further information of the application status, you can refer to your organization for assistance. Typically:
i. Access control products and/or services can conduct access control for endpoint devices accessing to the network, application installation and use, access traffic, etc. based on the security control policies configured.
ii. The internet access authentication solution can set access authentication rules or authentication requirements based on your organization’s unified management requirements for user identity.
iii. Security audit products and/or services can audit the destination addresses of networks and applications accessed by endpoints through the controlled network resources; the specific information of website pages and content of application interface, etc; the behaviors of uploading, publishing, or downloading data, connecting external devices, installing and using applications or plugins on endpoint devices.
iv. Data leak prevention products and/or services can cover all-round control of various traffic to and from endpoints that may involve confidential information of us, including but not limited to monitoring and risk prevention and control of instant messaging applications, email clients, file transfer and network drive applications and internet business traffic.
v. Endpoint detection and response solutions can detect the data involved in endpoint domain access, application usage, and file storage, etc., and help users deal with threats like viruses based on basic endpoint information.
Based on the configuration policies of your organization on the management and control of endpoints, your organization may adjust or limit your permissions to access the internet or relevant resources based on the overall conditions of your use of endpoints and network traffic, including, without limitation, your organization may redirect you to the authentication pages for authentication before you access the network, or directly block certain pages that may pose security risks, or limit your bandwidth during certain peak period, your organization may also send you important notification or notes when necessary and require you to cooperate in the execution of certain risk fixing or other related operations.
1.3 Personal Information Protection
1.3.1 Personal Information Involved in the Endpoints Management and Control
As described above, your organization may deploy and apply different types of solutions based on different levels of control requirements. The personal information necessary to be processed for the implementation of different solutions is also different. The appendix has set forth the details of personal information that may be processed based on the solutions currently applied by your organization. To the extent possible, you will be notified via the client when a solution or related important function is officially launched to help you understand how your personal information is being processed during your current client usage process. However, due to the limitations of the technology or out of reasonable considerations such as avoiding affecting your use of the endpoint device, your organization may also silently upgrade the client so as to support the new control functions. In this case, if you need to know the specific control functions that the client already has and the details of the processing of personal information, you can contact your organization’s IT administrators or management personnel for further assistance.
1.3.2 Personal Information Protection
As mentioned above, your organization manages and controls network endpoint devices only for the purposes of safeguarding network and information security. Your organization respects and strives to protect the legitimate rights and interests of your personal information. In the process of conducting endpoints management and control, your organization will try its best to protect your rights to know and other personal information subject rights. Your organization will process your personal information within the minimum and necessary extent and take corresponding technical measures (including but not limited to pseudonymization, de-identification or encryption of data, and access control of the data) to safeguard the confidentiality and security of your personal information.
1.4 Notice for Use
Please use the controlled network resources with knowledge of and consent to the purpose, scope, and method of endpoint management and control and the relevant personal information processing. Please do not handle your personal affairs not related to your work on the current controlled network or endpoint, or place your personal information that you do not want to disclose to your organization in the controlled network environment or workspace so as to better protect your privacy.
If you want to know more details about the specific strategies of internet operation behavior, traffic/application type, or resource type that your organization has configured for endpoint management and control, or if you have any questions about the protection measures taken by your organization for personal information or the details of data processing conducted by the authorized third parties, or if you need to exercise data subject rights, you can send your specific requests to your organization’s IT administrators or management personnel.
2. CYBERSECURITY MANAGEMENT
2.1 Restrictions
You shall strictly comply with the applicable cybersecurity laws and regulations during your use of the network provided by your organization, and shall not engage in the following activities:
i. dissemination of software viruses or other computer code, programs, or related materials that may interfere with, damage or limit the functionality of any computer software, hardware, or communications equipment, etc., through uploading, publishing or targeted sending method;
ii. illegally invade, destroy, interfere with, change or attempt to change the function, software, server system, network operation or connection of the relevant product/service by technical means, or modify, add, delete, steal, intercept or replace the data in the server system that carries the relevant product/service, or illegally occupy the server space of the relevant product/service, or perform other acts that overload it;
iii. unauthorized mining/detection of possible vulnerabilities or flaws in the products/services or server systems used through scanning or other means, or release of vulnerabilities or flaws in violation of applicable laws and regulations, or use of relevant vulnerabilities or flaws to engage in activities that damage your organization or third parties rights and interests;
iv. producing, distributing, and disseminating software, media, or methods for the aforementioned purposes, regardless of whether the related actions are for commercial purposes or not.
2.2 Cybersecurity Maintenance
Maintaining cyber security is not only the responsibility of IT administrators, but also closely related to each end user. In order to effectively maintain the secure and stable operation of your network and information systems, and to ensure your smooth use of the network to carry out business activities or related work, your organization may need your cooperation when necessary, including, without limitation, your manual operation for some software upgrades and updates, your assistance for timely fixing vulnerabilities or removing virus/Trojan that may be found on your endpoint; your organization may turn on the automatic upgrade/protection function when necessary or cooperate with regulatory authorities or product/service providers to take appropriate and necessary measures to address security risks that may affect national or public security under emergency circumstances, if your use of the network or related equipment/resources is affected as a result, you can contact our IT administrators to address the issues. You acknowledge and agree to cooperate actively when necessary, and warrant to comply with the requirements of your organization’s confidentiality and information security-related policies and shall not disclose any information that may affect your organization’s cybersecurity.
3. ACCOUNT MANAGEMENT
You shall comply with the applicable laws and regulations and your organization’s management policies during your login and use of the network, device, or information system accounts. You shall take necessary measures to effectively protect the security of your accounts, not share your accounts with others or authorize others to use your accounts. If you find that your accounts and passwords have been stolen, or any other cases of unauthorized access to your accounts, you shall immediately contact your organization’s IT administrators to handle the issues.
You understand and agree that you shall ensure that your registered account name, profile, profile picture, and other materials will not contain any information that violates legal norms, public policies, social security regulation, or any information violates the legitimate rights and interests of any third party, including but not limited to the following:
i. do not counterfeit or fabricate the names or logos of political parties, party, government and military organizations, enterprises and institutions, and social organizations, countries (regions), international organizations, news media, and geographical names and logos of important spaces;
ii. do not impersonate others (including but not limited to IT administrators) identity or unauthorized use of other people’s names, likenesses or trademarks/logos;
iii. do not deliberately include QR codes, website addresses, email addresses, contact information, etc.;
iv. do not contain false names, exaggerated words, etc. that may deceive the public or cause misunderstandings.
4. CONTENT MANAGEMENT
You shall strictly comply with the applicable laws, regulations, public order, and morality, and shall not produce, reproduce, publish or disseminate by any means illegal or undesirable information prohibited by the applicable laws and regulations.
4.1 You shall not produce, reproduce or disseminate by any means the following content, or provide technical support or any facilitation/assistance for the production, reproduction, publication or dissemination of information containing the following content:
i. being violent, obscene, offensive, hateful, inflammatory or advocating terrorism or extremism; ii. promoting, advocating, inciting or assisting any illegal activities;
iii. promoting violence, sexually explicit material, discrimination based on race, sex, religion, nationality, disability, sexual orientation, age or any other grounds;
iv. insulting or slandering others, infringing on their reputation, privacy, intellectual property rights or other legitimate rights and interests, and that harming the physical and mental health of minors and is not conducive to the healthy growth of minors;
v. being likely to false, deceive or mislead;
vi. be threatening, abuse, violate or invade third party’s privacy; or
vii. other information prohibited by applicable laws and regulations.
viii. contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducements to the commission, preparation or instigation of acts of terrorism.
4.2 If your use of the Endpoint is governed by the laws of the People's Republic of China, you shall not produce, reproduce or disseminate by any means the following content, or provide technical support or any facilitation/assistance for the production, reproduction, publication or dissemination of information containing the following content:
i. opposing the basic principles established by the Constitution, endangering national security, national honor, and national interests, divulging state secrets, inciting subversion of national sovereignty, overturning the socialist system, inciting separatism, undermining national unity;
ii. undermining national religious policies, and advocating evil cults and feudal superstitions;
iii. creating or disseminating false information to disrupt the economic or social order;
iv. creating or disseminating false information about dangerous situations, epidemics, alert situations, natural disasters, production safety, product safety such as food and drugs, and other aspects to disrupt social order;
v. disseminating information to incite illegal gatherings, associations, processions, demonstrations, or other information to disrupt social management order and disrupts social stability;
If your organization identifies that you have engaged, or are likely to engage, in the aforesaid conducts and to violate this Terms of Use, your organization shall have the right to take appropriate measures, including but not limited to immediately suspending or terminating your use of the network or related resources, deleting the corresponding information, as well as possibly reporting the situation to regulatory authorities in order to effectively protect network security and your organization’s legitimate rights and interests.
APPENDIX: DESCRIPTION OF PERSONAL INFORMATION OR PERMISSION THAT MAY BE INVOLVED
To meet identity authentication and access security requirements and make the relevant configuration, the Personal Information that may be collected and processed in connection with your access to the office network is as follows:
1. Network identifier information: your username and ID, computer name, and IP address;
2. Device information: basic information such as device name, device model, MAC address, and CPU model and architecture, and information about the operating system (including version and account information, system network configuration, process list, and system service list) and browser version, CPU and memory information.
3. Information about your access to and use of the office network: the software version, configuration, and operational logs of the client included in the solution, other information about the operations on your device (such as the information about the software and applications installed and run on the device, Domain name or IP address information accessed through the software or application, whether the specified anti-virus software is running, whether the specified processes are running, whether the specified files exist, and whether the system firewall is enabled), and the workspace-specific information recorded during the audit of your operations in the workspace on your device, including the processes in an operation such as copy, import, export, and screen capture, the names of the imported or exported files, the file sizes, the MD5 values of the files, and the content of the copied text and information about your organization’s auditing of your operations on sensitive internal business systems via screen recording.
If you subscribes to Sangfor Secured Global Access, the following information may be processed by Sangfor:
1. Relevant information of your identity as an Internet end user: user name/account name and ID, password for logging in the client, mobile phone number, email address, work title, work ID and working status, position, department or user group to which you belong, etc.
2. Depending on how your organization configures and uses the different service functions of Secured Global Access (including the Internet behavior management, zero-trust network access management, threat protection management and data leak prevention), the following data may be processed as well:
(1) Endpoint device or network environment, application information: endpoint type and device ID, service port information, MAC address, and geographical location of the endpoint device or End User.
(2) Detailed information relating to the End Users’ access to the network: source IP of network access, destination IP, the specific application name accessed, detailed request information and page response content, and access time. Based on the specific policies configured by the Customer, it may include the relevant instant messaging application chat record, the detailed information of e-mail sent or received (including attachments), outgoing file information by other means, U disk or mobile hard drive usage information, etc.
(3) Relevant security risk information found on the endpoint device or network: vulnerability ID, number information, vulnerability hazard summary information, type of attack or threat suffered, information related to network access, or other types of operations associated with the security risk.
IF YOUR ORGANIZATION HAS APPLIED SANGFOR SECURED GLOBAL ACCESS SOLUTION BASED ON THE ORGANIZATIONAL STRUCTURE AND UNIFIED MANAGEMENT, THE PERSONAL INFORMATION SPECIFIED ABOVE MAY BE SUBJECT TO CROSS-BORDER TRANSFER DUE TO THE LOCATION OF THE DATA CENTER SELECTED BY YOUR ORGANIZATION AND THE FULFILLMENT OF THE NEEDS OF UNIFIED MANAGEMENT AND DATA ACCESS. THE DETAILED CROSS-BORDER TRANSFER PATH MAY VARY DEPENDING ON YOUR ORGANIZATION'S DEPLOYMENT AND APPLICATION OF THE RELEVANT SOLUTION, AND YOU MAY CONTACT THE MANAGEMENT PERSONNEL OF YOUR ORGANIZATION FOR FURTHER INFORMATION AND ASSISTANCE.