Terms of Use
Last updated on October 26, 2021
1.Preamble
1.1.Scope of Application
This Sangfor Terms of Use ("this Agreement") is applicable to the software, hardware or related services (or any combination of software, hardware and services, collectively the "Products") provided by Sangfor Technologies Inc. ("Sangfor" or "We") for customers ("Customer") and then configured by Customer to provide the Products to individual End Users ("End User" or "You"), and constitutes an integral part of the End User agreement between Sangfor and Customer on the use of the Products.
This Agreement is fully applicable to your use of Sangfor's Products within the territory of the Peoples Republic of China ("China"). If you use Sangfor's Products outside China, you shall comply with the laws of the country and/or region of which you are a citizen and/or you are located when you enter into and perform this Agreement. If you use the Products illegally or without valid authorization, resulting in violation of the laws and regulations of other countries or regions, you or Customer shall solely assume all the liability arising therefrom.
1.2.Terms of Effectiveness
Please cautiously read and fully understand all the terms of this Agreement before using Sangfor's Products, especially the explanatory terms on your authorization and consent, terms restricting the End User's rights, terms on dispute resolution methods and judicial jurisdiction, as well as some proprietary agreements or rules for some Products or services. We will remind you to pay special attention to the terms on restrictions and disclaimer or other terms involving your major rights and interests in bold form or by underlining the terms or otherwise.
Unless you have fully read, fully understood and are willing to accept all terms of this Agreement, you shall not continue to install or use Sangfor's Products. If you click "Agree" or "Next", or you directly use Sangfor's Products, or expressly or implicitly accept this Agreement by downloading, installation, use, obtaining an account, logging in, etc., you will be deemed to have read and are willing to be bound by the terms of this Agreement.
If any term of this Agreement is partially invalid or unenforceable for whatever reason, the legal effect of other terms hereof shall not be affected thereby.
2.Rights and Obligations of End User
2.1.Software Use Grant
For the Software Products purchased or ordered by Customer from Sangfor, we and the terms and conditions of this Agreement grant Customer and you a non-transferable, non-sublicensable and non-exclusive license.
According to the authorization under this Agreement, you can download, install, display, run and use Sangfor's Products purchased or subscribed by you for non-commercial purposes. We will provide related services to maintain the normal operation and use of Sangfor's Products that you have been legally authorized to use (please refer to "3. Use of the Products" of this Agreement for details).
You understand and agree that Sangfor and its licensors reserve all rights not explicitly granted to you, including but not limited to the intellectual property rights included in Sangfor's Products or other solutions, the ownership of some Products or their components beyond the scope of sale (such as the source codes of the Software Products, tools used in the technical services, etc.). Sangfor does not grant any implied license to End User hereunder.
2.2.Obligations of End User
2.2.1.Obligations to Comply with Laws, Regulations and Provisions of this Agreement
End User shall use the Products provided by Sangfor on the premise of complying with laws, regulations, policies, this Agreement and the prompt instructions/operation requirements on the product use interface. If End User uses Sangfor's Products without valid authorization, or makes operations in violation of the above relevant provisions, resulting in equipment or business failure, End User shall contact Customer for handling.
2.2.2.Restriction
Even if End User uses Sangfor's Products with valid authorization, End User has no right to carry out the following acts, regardless of whether such acts are based on commercial purposes. If End User fails to comply with the above provision, End User shall solely assume the relevant liability, and End User and Customer shall be jointly and severally liable for compensating all losses caused to Sangfor as a result of such failure (including but not limited to administrative penalties, claims caused by breach of contract, loss of business, loss of brand image or goodwill, etc.):
1) Committing any illegal acts, crime, or conducts that infringe upon legitimate rights and interests of any third party through Sangfor's Products or services (including without limitation, endangering the security of computer information networks, accessing to computer information networks without permission or using the computer information network resources without permission; or deleting, modifying or adding the data and applications stored, processed or transmitted in computer information networks without permission);
2) Modifying (including without limitation, deleting, changing, adding) the functions or configurations of the Products by any means (including without limitation, cracking the software licensing), partitioning the hardware, software, components/accessories of Sangfor's Products in a manner that compromises the integrity of rights and interests thereof, such as adding, deleting or altering the operating functions or actual effects of the Products by modifying or falsifying the instructions and data, etc. for the operation of the Products;
3) Downloading, installing, running and using Sangfor's Software Products for any commercial purposes;
4) Transferring and/or providing Sangfor's Software Products to any third party in any way, including without limitation, paid/unpaid, in a separate/bundled way, or shared/assignment;
5) Publicly distributing, leasing or transmitting via the information networks the Software Products beyond the scope of license under this Agreement;
6) Creating the derivatives based on Sangfor's Products or accessing to the third-party plug-ins, add-ons, etc., on Sangfor's Products through other means than those legally licensed by Sangfor under this Agreement; and
7) Any other act committed for any illegal purposes, in an illegal manner, or in breach of the representations and right restrictions under this Agreement, which may cause or have caused potential or actual damages to Sangfor or any third party.
You understand and agree that once we find or receive an external report that you have committed or are committing any of the above acts seriously violating legal obligations or related provisions, we have the right to take necessary measures such as deletion, shielding to perform the security maintenance obligation based on the fact that you use the Products illegally or in breach of contract, Sangfor suffers claims due to infringement of third-party rights for reasons attributable to you, etc. The measures include but not limited to temporarily ceasing, suspending and terminating your use of Sangfor's Products. Sangfor will not assume any legal liability for Sangfor's unilateral termination of this Agreement due to your illegal act or breach of contract and the losses caused to you as a result of such termination. Sangfor will reserve the right to pursue you liability and to claim all losses (including but not limited to investigation fees, litigation/arbitration fees and attorney's fees arising from rights protection, and loss of business or claims incurred as a result of your illegal act or breach of contract) suffered by Sangfor from you and Customer.
3.Use of the Products
3.1.Legal Access to the Products
Any End User shall obtain and use Sangfor's Products through legal and valid authorization. You understand and agree that if you or Customer obtain/obtains Sangfor's Products or other products with the same name as Sangfor's Products through illegal or unauthorized means, we can’t guarantee the normal use thereof, and we won’t bear the corresponding losses caused to you as a result thereof.
3.2.Operation and Maintenance of the Products
3.2.1.Software Updating
In order to perform the complete obligation to deliver the Software Products to Customer, and perform the legal obligation to maintain the safe and stable running of the network and system during the delivery process, Sangfor will upgrade and update the software according to the actual needs, including but not limited to problem repair (including safety/quality problems), software function enhancement and performance improvement. The security maintenance and functional improvement of the Software Products may need to be realized by downloading and installing the Software Products by you in a timely manner to complete the upgrading and updating. You understand and agree that if you refuse the software upgrading and updating provided by Sangfor, your equipment may be placed under serious network security risks, or some software functions may not be available; if you still choose to refuse to upgrade and update the Software Products after we remind you and inform you of the corresponding risks for many times, the related losses arising therefrom will be borne by you and Customer.
If Customer has enabled the automatic software upgrading and updating function in the management background, the Products you use will be automatically upgraded and updated within the time period selected by the management personnel of Customer. If your use of the Products or related equipment is affected due to the automatic upgrading and updating, please contact the management personnel of Customer for handling.
3.2.2.Disposal of Vulnerabilities
Sangfor is committed to providing products with improved security. Our long-term goal is to eliminate the security vulnerabilities in all Products before they are released. But despite this, vulnerabilities will still be found during the use of software, and we must be prepared to deal with the vulnerabilities when they are found. Sangfor will, pursant to the relevant laws and regulations and the agreements with Customer, undertake the corresponding obligations to deal with, repair and take preventive measures for the network security vulnerabilities in the running of Sangfor's Products you use within the after-sales maintenance service period. But the safe running of network products still needs your cooperation and active maintenance. You know and agree that Sangfor can send the necessary notices on disposal of vulnerabilities to you through the product interface for security reasons, and you agree to take response measures as promptly as possible after receiving a notice. If you do not fix the vulnerabilities of the Products in a timely manner, resulting in actual damage to you or Customer caused by exploitation and attack of vulnerabilities, we will not bear the corresponding liability for compensating losses.
You know and acknowledge that some types of product vulnerabilities may affect national security once they are exploited, so Sangfor may take appropriate and necessary measures to dispose of such security problem in an emergency. If your use of the Products or related equipment is affected due to the above disposal, please contact the management personnel of Customer for handling.
4.Protection of Personal Information
4.1.Processing of End User Data
4.1.1.Explanation of Necessity
Based on Customer's authorization, and in order to provide Customer with high-quality product/service solutions that meet Customer's requirements for network and asset security maintenance and internal management according to your Customer's instructions, Sangfor needs to strive to make development to achieve the functions of the Products/services, and at the same time, make every effort to maintain the safe and stable running of the Products/services during the use of the Products. Therefore, based on the above necessary purpose, Sangfor needs to process the End User data within the scope of authorization by your Customer.
4.1.2.Effective Authorization of Data Processing
Due to the necessity of achieving the above purpose, Customer has provided Sangfor with the authorization of data processing in written form, and configured the specific scope of the authorization through the management authority of the background interface of the Products. Sangfor will, on the premise of strictly complying with the relevant laws and regulations, process relevant data based on the reasonable trust of Customer and according to the instructions of Customer.
In particular, for your personal information that may be involved in the data that Customer authorizes Sangfor to process, Sangfor has required Customer in writing to obtain your express consent in a manner that complies with the requirements of laws and regulations related to the protection of personal information, and to make corresponding warranties to Sangfor.
4.2.Protection of Personal Information
Sangfor undertakes to perform the obligation to protect the security of End User data in accordance with the requirements of relevant laws and regulations, and will process and protect End User data in accordance with the provisions of the product/service related End User agreements, purchase and sale contracts, confidentiality agreements and other documents signed with you and Customer. For all End User data, Sangfor will protect End User data from unauthorized access, use, disclosure, abuse or destruction by using various security technologies such as security encryption, anti-intrusion, anti-virus, etc., and conduct data security risk assessments regularly, handle related risk issues timely, and improve our capability of protecting the security of End User data continuously.
In particular, Sangfor attaches great importance to respecting and protecting your legitimate rights and interests to and in your personal information involved in the data that Sangfor is authorized to process based on the Products you use (please refer to the annex for details), and will work together with Customer to implement security protection according to the relevant laws and regulations of personal information protection. However, you shall understand that based on the relevant warranties provided by Customer to Sangfor, Sangfor will implement the protection of personal information mainly on the premise of assiting Customer under its instructions and requirements. If you have any doubt about the legality and validity of provision of authorization by Customer to Sangfor, or about the manner in which Sangfor is authorize to process your personal information, you can make a request for the rights of the subject of personal information to Customer, and after reaching an agreement with Customer, send corresponding instructions or requests to Sangfor through Customer.
5.Products or Services Offered by Third Parties
5.1. To meet Customer's requirements, Sangfor may cooperate with a third party to provide Customer with an overall solution, or based on the requirements for deployment or application of the Products, Sangfor needs to interconnect with the environment or products provided by a third party. However, except for the special commitments provided by Sangfor to you or Customer in an effective written form when providing the aforesaid solution, Sangfor will maintain its independence from the third party's products or services, and will not make any warranty or assume any liability for the functional realization, mutual compatibility, data processing and other issues of the third party's products or services.
5.2. You shall pay attention to the requests for data collection or authority application during the use of third-party products or services, and cautiously provide an authorization or confirm a consent. At the same time, you shall consciously comply with the agreements or commitments between you and other third parties, and Sangfor will not be jointly and severally liable in any form for your infringement of the legitimate rights and interests of third parties.
6.Statement on Intellectual Property Rights
6.1. Sangfor shall be the intellectual property right holder of the Products, and therefore retains all rights to the copyrights, trademarks, patents and other intellectual property associated with the Products, as well as the trade secrets in accordance with the laws. Intellectual property rights are valuable intangible assets for the existence of Sangfor business operations, which are included not only in the solutions consisting of Sangfor's Products or services used by End User, but also in Sangfor's brands, lables and other brand images recognized by End User. Sangfor undertakes to End User that Sangfor has the independent and complete intellectual property rights to the Products acquired by End User through the legally authorized channels and used within the Territory of China without defects thereof, such as infringing upon the intellectual property rights of any third parties.
6.2. Furthermore, End User hereby acknowledge and agree that, during the course of using the Products or services provided by Sangfor, End User shall not infringe upon the intellectual property rights or other legitimate rights and interests of Sangfor in whatever manner, including without limitation, implementing, licensing, transferring at End User's discretion or allowing any third party to implement, license, transfer the aforesaid intellectual property rights for any commercial or non-commercial purposes without the written consent of Sangfor, or copying, modifying, disassembling, decompiling, reverse cracking, reverse engineering or otherwise using the software and hardware products and/or any part thereof, or attempting to access to nor intercepting any source codes of Sangfor's Products by any means, circumventing or destroying the technical measures taken by Sangfor to protect the intellectual property rights, or modifying, destroying or covering up Sangfor's trademarks or lables without authorization. Sangfor shall reserve the legal rights to take legal actions against any infringement upon its intellectual property rights.
7. Liabilities and Disclaimers
7.1. Liability Based on the Acts of Customer
To meet the requirements of Customer, Sangfor can provide you and Customer with diversified Products and services, and can provide Customer with efficient and convenient product/service function configuration and management capabilities. If Customer delegates the configuration or management capability/authority provided by Sangfor to relevant management personnel for specific implementation, Sangfor will provide you with corresponding Products or services according to the specific operation instructions of such management personnel. Based on this, Sangfor will not be responsible for any problems caused by the related operations independently performed by Customer or the management personnel authorized by Customer. However, Sangfor hereby reminds you of the following issues that may involve the disposal of your rights and interests:
7.1.1.Audit of Endpoint Behaviors
If Customer applies Sangfor's Internet Access Control (AC) solution or aTrust product solution based on the requirements for cyber security protection and data security protection/leakage prevention, and authorizes management personnel to configure corresponding control strategies in the background of product management, so as to realize the security audit and control of endpoints, applications, data and traffic in the whole network or in the set workspace, the network access (including the specific contents of access), device access, data copying/uploading/downloading, screen capture and other behaviors carried out by you within the scope of configuration and control by Customer will be monitored by Customer. Sangfor hereby reminds you that if relevant documents or data containing your personal information are processed in the office network environment or a specific workspace, you shall make your own assessment to confirm whether the relevant personal information can be disclosed to Customer and its authorized management personnel. If your use of the Products or related equipment/network resources is affected due to the activation of the behavior audit function of the endpoint application, please contact the management personnel of Customer for handling.
7.1.2.Enabling of the Remote Control Function
If Customer applies the product of Sangfor's Endpoint Detection and Response (EDR) based on the need to further improve the efficiency of handling endpoint security problems, and authorizes management personnel to configure and enable the remote control function of your endpoint in the product background, the management personnel authorized by Customer will be able to remotely control the endpoint equipment through the application programs installed on theendpoint. Sangfor hereby reminds you that the remote control function authority may cover all data and access rights in the endpoint device you use. Sangfor provides you with the function of refusing remote control in the setting interface of the endpoint applicaiton you use. However, based on the authorization provided by Customer to Sangfor and the management right against you, Sangfor can’t warrant that you can realize the corresponding control ability. If your use of the Products or related equipment is affected due to the activation or deactivation of the remote control function, please contact the management personnel of Customer for handling.
7.1.3.Third-party Intervention
If Customer authorizes a third-party service provider to manage the Products you use on behalf of Customer through the centralized management platform developed by Sangfor during the use of Sangfor's Products, Sangfor hereby reminds you that such authorization granted by Customer will directly apply to all background management rights of the equipment, and will cover all data and access rights of the endpoint device you use. If your use of the Products or related equipment is affected due to the related operations of a third party, please contact the management personnel of Customer for feedback and handling.
7.2. Exceptions to Obtaining Authorization and Consent from End User
In order to perform the obligations stipulated in laws, regulations or policies, or implementing the relevant management requirements of regulatory authorities, or performing other agreements with you and Customer, or achieve other necessary purposes, Sangfor may need to collect, disclose or use relevant End User data beyond the scope authorized by End User or Customer. For such exception, End User agrees to hold harmless Sangfor from any breach of contract or damages:
7.2.1.Fulfilling the obligations directly related to national security, national defense security, public security, public health and major public interest;
7.2.2.Fulfilling the obligations directly related to criminal investigation, prosecution, sentence and execution of judgment, etc.;
7.2.3.Safeguarding the life, property and other major legitimate rights and interests of End User or other individuals when it is difficult to confirm the authorization and consent;
7.2.4.Maintaining secure and stable operation of Sangfor's Products/services, e.g., detecting or disposing of the vulnerabilities or failures in the Products/services;
7.2.5.The related data has been disclosed by End User itself ; or
7.2.6.Data that has been collected from the legally publicly available information, such as through news report, government information disclosure and other channels.
8.Modifications, Suspension and Termination
8.1. Modifications to this Agreement
Sangfor shall have the right to continuously improve the solutions of the Products and services, perfect our internal management system and processes according to the changes in the application of relevant laws and regulations of China, the current situation of industry and business development and the adjustment of Customer's business strategy, and to negotiate with Customer to modify End User agreement on specific Products (including the terms of this Agreement) according to the specific situation. After the terms of this Agreement are modified and updated, Sangfor will re-submit the modified and updated agreement to you at an appropriate time through the interface of the Products you use or otherwise. If you don’t agree with some terms of the modified agreement, please cease using the Products immediately and contact the management personnel of Customer. If you continue to use the Products after this Agreement is updated, it will be deemed that you are willing to be bound by the terms of the changed agreement.
8.2. Suspension and Termination of this Agreement
You understand and agree that Sangfor shall have the right to suspend or terminate the provision of all or part of the Products to you by sending a unilateral notice when the conditions for suspension or termination of this Agreement agreed between Sangfor and you or Customer are fulfilled. If your equipment or related business is affected due to the above suspension or termination, please contact the management personnel of Customer for handling.
9.Governing Law and Dispute Resolution
9.1. The signing place of this Agreement is Nanshan District, Shenzhen City, Guangdong Province, the People's Republic of China.
9.2. The formation, validity, performance and interpretation of this Agreement, as well as the settlement of disputes and other matters regarding this Agreement shall be governed by the laws of the People's Republic of China (excluding the conflict of laws provision), or the commercial practices may be referred when no laws or regulations are available.
9.3. You shall firstly negotiate with Customer to settle any disputes or controversies related to Sangfor that arise during your use of Sangfor's Products. If such disputes or controversies cannot be settled through negotiation, you agree to submit the disputes to the competent people's court of the place where this Agreement is signed.
10.General Provisions
10.1.Entire Agreement
The corresponding policies and rules are included in this Agreement by reference (including the information quoted in the network links or other policy information quoted). The contents of this Agreement also include the quoted contents, and the relevant guidance or explanatory documents provided during the period of using the Products, etc. You may also need to comply with other proprietary agreements or rules when using a specific Sangfor's Product.
10.2.Applicability of Terms in Case of Discrepancy between the Terms herein and those in the Proprietary Agreement and Other Documents
If the terms of this Agreement are inconsistent with the relevant provisions of the proprietary agreement or rules for a specific Product, the provisions of the proprietary agreement or rules shall prevail.
10.3.The headings of all terms herein are a summary of the content and are included for reference only, which shall not alone serve as a basis for interpretation of the provisions herein.
10.4.This Agreement is prepared and executed in Chinese. The English version is provided for reference only. In the event of any inconsistency between the English version and Chinese version, the Chinese version shall prevail.
Sangfor Technologies Inc.
Appendix: Personal Information that May be Included in End User Data
Sangfor can provide flexible and integrated product solutions according to the actual management needs of Customer, and deploy and install integrated applications on the endpoint device you use through independent selection and configuration by Customer's administrators. Different applications contained in integrated applications are implemented according to their functions, which may involve the need to authorize Sangfor to process different types of End User data, as follows:
1.If your Customer applies Sangfor's endpoint detection and response (EDR) solution, to meet Customer's requirements for further improvements of the traceability analysis and processing efficiency of terminal security incidents and efficient management over endpoint device to protect the endpoint and network environment and asset security, Customer will determine the range of endpoint to be controlled according to its management requirements, complete the installation of the EDR application on the endpoint being controlled, and therefore complete the configuration of corresponding management and control policy on the EDR management background independently at the same time. By doing so, the EDR collects relevant data through the installed application on the endpoint being controlled during use and transmits the data to the Sangfor server through the management background. The data will then be entrusted by Sangfor for processing. The details of your personal information that may be involved are as follows:
1.1. Basic personal information: including End User name, contact number, email address, employee ID, and location information of the terminal equipment and network you are using.
1.2. Network identification information: including the terminal computer name/hostname, operating system and application login account/name, network role name and ID, home business group, and IP address (including IP addresses that establish connections or containing threats features, etc.).
1.3. Personal Internet access records: including the domain names you have visited, software usage records, and file whitening information.
1.4. Personal common use device information: including the endpoint equipment hardware serial number, MAC address (or unique identification information such as device ID generated by MAC), asset number, installed software name, version and patch information, and operating system information.
1.5. Other personal information: including the names, storage paths, and specific content information of all files processed by the controlled endpoint equipment.
2.If Customer adopts Sangfor's Internet Access Control (AC) solution, to meet Customer's requirements for visualization and controllability of endpoint, applications, data, and traffic under the network, smart perception of internal risks such as illegal terminal accesses, sensitive data leak, and unauthorized Internet accesses, and integrated management over Internet accesses, terminal, and data leaks, Customer will determine the network border that requires management and the range of specific terminals and End Users according to actual needs, complete the installation of necessary applications on the terminal to be controlled, and therefore configure the corresponding management and control policy on the AC management platform independently at the same time. By doing so, the AC collects relevant data through the installed application on the controlled terminal during use and transmits the data to the Sangfor server through the management background. The data will then be authorized by Sangfor for processing:
2.1.Personal Internet access records: including the domain names you have visited.