Privacy Policy

Last Updated: August 2 , 2024

 

Thank you for using Sangfor aTrust !

To protect your rights, this Privacy Policy (hereinafter referred to as this "Policy") will explain to you how Sangfor collects, uses, and stores your personal information and the rights to which you are entitled. Before using Sangfor aTrust  (the "App"), please carefully read and understand all terms of this Policy, and confirm that you have fully understood and agreed to them. By using the App, you acknowledge that you have fully understood and agreed to this Policy.

This Policy only applies to the Sangfor aTrust  features and services, and does not apply to any products or services provided by third parties. Before choosing any third-party products or services, you should fully understand the features and privacy policies of the third-party products or services.

 

This Policy will help you understand the following:

1. How we collect and use your personal information

2. How we store your personal information

3. How we share, transfer, and disclose your personal information

4. How we protect your personal information

5. How you access and manage your personal information

6. How we use cookies and similar technologies

7. Protection of minors

8. Updates to this Policy

9. Contact us

 

1. How we collect and use your personal information

The currently used Sangfor aTrust  is a product developed and provided by Sangfor   to meet  the demand of the Customer  to effectively guarantee unified security access to internal and external networks. Sangfor aTrust , combined with Sangfor aTrust device , supports docking to the unified identity authentication platform and can provide ACL fine-grained access control based on identity authentication, and can also support the integration of external security capabilities to achieve the ability of trust assessment for identity, endpoint and behavior, etc, and automatic threat blocking. In order to provide the User  with the functions and services of Sangfor aTrust , to continuously maintain the normal operation of the functions and services, to identify abnormal account status in a timely manner, to safeguard your account security as much as possible, and to continuously improve and optimize the user experience of   Sangfor aTrust , we will collect and use the information that you provide voluntarily, authorize to provide or provide based on the Customers   requirements and the information that you generate  when registering and using the applicatio n for the purposes described below in this P olicy :

1.1 Help you become an Authenticated User of Sangfor aTrust

If you use Sangfor aTrust  based on the requirements of the Customer you belong to, the administrator of the Customer will create an  account of the App for you. The administrator may choose to use your name ,  employee ID , telephone number or any information that meets the requirements of laws and regulations  as the username  and set an initial password  for you. After an account is created for you, you can log in to the App using your username and initial password . If  the administrator has configured the option to reset the password by "Forgot Password", you can change your password on your own.   Otherwise, the account and password of this application can not be modified on your own.  When you log in to Sangfor aTrust , you may choose to remember the username and password of your account, so that you do not have to enter them again the next time you log in. After you have successfully logged into the Sangfor aTrust  for the first time, the password-free function of Sangfor aTrust  will support you to log in without a password for the period set by the IT administrator . I f you have not logged in to use the A pp for longer than the set period, you need to re-enter your account and password to log in the next time you use the Sangfor aTrust .

1.2 Information collected during your use of the Sangfor aTrust  features or services

1.2.1 For effective endpoint  management, Sangfor aTrust  will collect endpoint  device model, unique device identification information (ANDROID ID), system version information, CPU architecture information and IP address information, and submit the   same  to Sangfor  for processing through the Sangfor aTrust  device .

1.2.2  In the process of comprehensive management of endpoints , Sangfor aTrust  needs to collect the current network type and SSID code of WiFi used by the devices operating the Sangfor aTrust  for the purpose of diagnosing the status of network resources, and submit the same  to Sangfor  for processing through the Sangfor aTrust  device .

1.2.3. When you use the Sangfor aTrust sweep function, we will get the acceleration device sensor information, which will be used to get the angle of the phone shooting to identify the horizontal and vertical screen status of your device, and then facilitate adapting your model and status display interface, and the information will be kept on the mobile device to complete the processing .

1.2. 4  Information collected by third-party SDKs

In order to ensure the availability and stable operation of Sangfor aTrust  functions/services, we may access the software development kit (SDK) provided by third parties. We will exercise due diligence   obligations  and strictly monitor the information collected by the third party SDK to protect the security of data and information as much as possible.

The third-party SDKs we access and the personal information collected by those SDKs are listed in the following directory, and you can check   the third-party data use and protection rule s   through the relevant links.

1.2.4.1   Xiaomi Check and Update SDK

Third party name: Xiaomi Inc.

Use Purpose: to better secure the application updates of Xiaomi cell phone

Type of Personal Information collected: device information (IMEI, Android ID, device model, version number, etc.), network information (Wifi and network link information)

Privacy Policy Link: https://dev.mi.com/distribute/doc/details?pId=1404

1.2.4. 2   Tencent Browsing Service TBS SDK

Third party name: Shenzhen Tencent Computer System Co., Ltd.

Use Purpose: to secure stable and reliable web browsing services

Type of Personal Information collected: d evice information (mobile device model, O peration System , CPU type), application information (host application package name, version number), Wi-Fi status and parameters, location information, nearby Wi-Fi, CellID

Privacy Policy Link: https://x5.tencent.com/docs/privacy.html

1.2.4. 3   Facebook  SDK

Third party name: Facebook

Use Purpose: Cross-platform UI implementation

Type of Personal Information collected:   N/A

1.2. 4 . 4  Umeng Message Push SDK

Third party name: Youmeng Tongxin (Beijing) Technology Limited.

Use Purpose: for efficient and accurate message pushing

Type of Personal Information collected: device information (IMEI, MAC, Android ID/IDFA/OpenUDID/GUID/ICCID/SN, IMSI of SIM card, geolocation information, etc.)

Privacy Policy Link: https://www.umeng.com/page/policy

1.2. 4 . 5  DingTalk Login SDK

Third party name: Ding Ding Technology Co., Ltd.

Use Purpose: Supporting the User's quick logging in with a DingTalk account.

Type of Personal Information collected:None

Privacy Policy Link: https://terms.alicdn.com/legal-agreement/terms/privacy_policy_full/20230516190209936/20230516190209936.html?spm=ding_open_doc.document.0.0.37b04a97bxyiqj

1.2. 4 . 6  WeCom Login/Share SDK

Third party name: Shenzhen Tencent Computer Systems Co., Ltd.

Use Purpose: Supporting the User's quick logging in with a Wecom account.

Type of Personal Information collected:None

Privacy Policy Link: https://work.weixin.qq.com/nl/act/p/47eb57a00e9f4ad5

1.3 Permissions required during your use of the Sangfor aTrust  features or services

To provide you and the Customer you belong to with relevant features and services of the App, and ensure the normal operation of these features and services, we will request you to enable relevant permissions, as follows:

 

You understand and agree that as the processor of your relevant personal information involved therein, the Customer shall assume the obligation to protect relevant legitimate rights and interests of the individual it manages and the corresponding legal liability. Sangfor will process relevant necessary data only with the authorization of the Customer (including but not limited to through the operations and configurations by the administrator). The Customer should independently control the scope of information that it authorizes us to process based on business management, h uman r esource management, internal information security control, or other purposes. In particular, if you are an administrator authorized by the Customer, you should ensure that your choice to enable relevant features or services and your relevant use settings are in strict compliance with the actual requirements and effective instructions of the Customer you belong to, and that the Customer you belong to has obtained the valid authorization from relevant individual before granting us, through you, all authorizations required for processing relevant personal information under this Policy.

1.4 Other information you voluntarily provide to us

In the process of using the features and services of Sangfor aTrust , you can also send your feedback on y our   use experience   through emails or other ways  to help us better understand your needs for our products   and continuously improve the product features and experience .   W e will record the content of your unsolicited feedback or suggestions, as well as the contact information you voluntarily provide, so that we can further contact you and feedback on our handling opinion .

1.5 Information collected for other purposes

You understand and agree that the product features and services we provide to you are constantly iterated and upgraded. If we need to collect and process your personal information beyond the scope described in this Policy, we will separately explain to you the content, scope, and purpose of the processing of the information involved through page prompts, interaction processes, or otherwise, to obtain your consent.

1.6 Exceptions

You are fully aware that, in accordance with applicable laws, we may collect and use relevant personal information without your authorization or consent under the following circumstances:

1.6.1 It is related to the performance of our obligations specified by laws and regulations.

1.6.2 It is directly related to national security and national defense security.

1.6.3 It is directly related to public safety, public health, or major public interests.

1.6.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.

1.6.5 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals while it is difficult to obtain your consent.

1.6.6 The personal information involved is disclosed to the public by you.

1.6.7 It is necessary to execute and perform the contracts or agreements between you and us.

1.6.8 The personal information is collected from the information disclosed to public legally, such as through legal news reports, government information disclosures, or other channels.

1.6.9 It is necessary to maintain the operational security and stability of our products or services, such as discovering and handling the failure of our products or services.

 

2. How we store your personal information

2.1 If you use the aTrust APP and connect to a Sangfor server located within the territory of the People's Republic of China (hereinafter referred to as China), the data that Sangfor is authorized to process within the territory of China will be stored on Sangfor servers within the territory of China; if you use the aTrust APP and connect to a Sangfor server located outside the territory of the China, the data that Sangfor is authorized to process will be stored on Sangfor servers in accordance with the applicable laws and regulations. At the same time, the data that we are authorized to process will be retained for a period specified by applicable laws or agreed upon with the user (which shall meet the requirement for providing the products or services to the user). If you have any questions about the server you are connecting to, please contact the relevant responsible personnel of the Customer for confirmation.

2.2 If we need to transfer relevant personal information we process within one country or region  to an overseas entity for the purpose of conducting cross-border business, we wil l  transfer the personal information in accordance with the applicable laws, regulations, and the provision s of the competent regulatory authorities. We will ensure to provide sufficient protection for related personal information, such as anonymizing the personal information or taking encryption or other security measures for the storage and transmission of personal information.

2.3 You understand and agree that we may store the processed data information on the servers of affiliated companies for security and backup purposes.

 

3. How we share, transfer, and disclose your personal information

3.1 Sharing

We will not share the personal information that we process or are authorized to process with any third party, except in the following circumstances:

3.1.1 We have obtained your explicit consent.

3.1.2 We may share relevant personal information with the public in accordance with applicable laws and regulations or the compulsory requirements of the competent government authorities.

3.1.3 We may share relevant personal information with third parties including our affiliates or authorized partners for the purpose of providing our product features or services to you:

We may cooperate with third parties to improve the security of our products or services or optimize the user experience. For this purpose, we may share certain personal information with third parties. We undertake that we will expressly explain to you for what purpose and how we share your personal information and the scope of the personal information to be shared and obtain your consent before sharing the information.

We undertake that we will share relevant personal information about you with our partners only to the extent necessary to provide our product features or services to you, and strive to de-identify the information, so that our partners cannot directly identify the relevant individual. In addition, the processing of the information received by our partners will be subject to the provisions of this section. We will strictly prohibit our third-party partners from using the shared information for any other purposes without your consent.

3.2 Transfer

We will not transfer the personal information that we process or are authorized to process to any companies, organizations, or individuals, except in the following circumstances:

3.2.1 We have obtained your explicit consent.

3.2.2 In the event of merger, acquisition, or bankruptcy liquidation where personal information transfer is involved, we will require that the new company or organization holding your personal information be bound by this Policy. Otherwise, we will require the company or organization to obtain your authorization or consent again. If such event does not involve the transfer of personal information, we will fully inform you of the relevant situation and delete or anonymize the personal information we hold.

3.3 Disclosure

We will not disclose relevant personal information, except in the following circumstances:

3.3.1 The disclosure is made with your express consent or at your request.

3.3.2 Disclosure in accordance with legal requirements: t he disclosure is necessary to comply with compulsory requirements of laws, legal proceedings, litigation, or competent government authorities.

3.3.3 The disclosure is reasonable and necessary for the purpose of maintaining the public interests.

3.4 We may share, transfer, or disclose relevant personal information without your authorization or consent under the following circumstances:

3.4.1 It is for purposes related to national security and national defense security.

3.4.2 It is for purposes related to public safety, public health, or major public interests.

3.4.3 It is for purposes related to criminal investigation, prosecution, trial, or judgment execution.

3.4.4 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals while it is difficult to obtain your consent.

3.4.5 The personal information disclosed is from the information collected from legally publicly disclosed information, such as through legal news reports, government information disclosures, or other channels.

3.4.6 It is necessary to maintain the operational security and stability of our products or services, such as discovering and handling the vulnerability or failure of our products or services.

 

4.   How we protect your personal information

4.1 Sangfor attaches great importance to information security. We use various technical security measures, such as security encryption, intrusion prevention, and anti-virus measures, to protect the information against unauthorized access, use, disclosure, abuse, alteration, destruction, or loss.

4.2 We establish user information security management systems and work processes to strictly control access to user information; restrict the permissions of the staff having access to personal information and provide them with training relating to security and confidentiality; and regularly perform personal information security risk assessments and promptly handle related risks, to continuously improve our ability to protect the security of personal information.

4.3 The Internet environment is not completely secure, but we will do our best to ensure the security of the relevant personal information we process. We will bear the corresponding legal liability if your legitimate rights and interests are damaged by unauthorized access to, disclosure, alteration, or destruction of relevant personal information due to the destruction of our physical, technical, or management protection facilities.

4.4 In the event of a personal information security incident (information leakage or loss), we will, in accordance with applicable laws and regulations, promptly inform you of the basic information and possible impact of the security incident, the measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and the remedies for you in a reasonable manner. In addition, we will report our handling of the personal information security incident in accordance with the requirements of regulatory authorities.

4.5 Though we will use our best efforts to take reasonable measures to protect the security of user information, there are no security measures that are completely perfect or unbreakable. In the event of any user information leakage, loss, or other security incident arising out of your disclosure of the product or service account and password to a third party, your breach of the relevant product or service use agreement, or other reasons attributable to you, or hacking, intrusion of computer viruses, or other reasons attributable to third parties, or force majeure, you understand that Sangfor shall not bear any direct or indirect loss or liability arising therefrom.

 

5. How you access and manage your personal information

5.1 You understand and agree that we provide basic features for you to access and manage your personal information. However, since the development of relevant Sangfor aTrust  features and provision of related services is intended to provide the Customer with solutions that facilitate business development and profit growth, if the Customer you belong to, when inviting or authorizing you to become a User , sets the corresponding restrictions or approval process for your use of relevant features, you should perform operations as required by the Customer. Sangfor undertakes to protect your legitimate rights and interests in your personal information based on our statutory or agreed obligations and business ethics. If you have any problems in accessing, correcting, or otherwise managing relevant personal information for reasons other than the management restrictions set by the Customer you belong to, you can contact us through the contact information in this Policy.

5.2 Account cancellation or unbinding

To cancel your account with the App, you should contact the relevant administrator of the Customer you belong to for help , and the Domestic User may request that their cancellation process be completed within 15 working days . After your account is canceled or unbound, we will cease the provision of all features and services of the App to you, and delete or anonymize your personal information in accordance with applicable laws and regulations and relevant agreements (if any) with you or the Customer you belong to.

5.3 You may also request us to delete your relevant personal information under the following circumstances:

5.3.1 Our processing or authorized processing of relevant personal information violates applicable laws and regulations.

5.3.2 We collect and use your personal information without your express consent.

5.3.3 Our processing or authorized processing of relevant personal information seriously breaches the relevant agreement.

5.4 Response to your request

5.4.1 You understand and agree that, based on the foregoing description of the purposes of our processing or authorized processing of personal information, your management of information may conflict with your requirements for normal registration and use of our products or services. We shall not be liable for the inconvenience caused to your use of our products or services or your loss arising from your exercise of the data management right.

5.4.2 In principle, we do not charge a fee for your reasonable requests, but we will charge a certain cost for repeated requests that exceed reasonable limits, as appropriate. We may reject requests that are repeated for no reason, require excessive technical means (for example, requiring the development of new systems or fundamental changes to current practices), pose a risk to the legitimate rights and interests of others, or are highly impractical (for example, involving the backup of information stored on tapes).

5.4.3 To ensure security, you may need to submit a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.

5.4.4 Under the following circumstances, we will not be able to respond to your request:

5.4.4.1 It is related to the performance of your obligations specified by laws and regulations.

5.4.4.2 It is directly related to national security and national defense security.

5.4.4.3 It is directly related to public safety, public health, or major public interests.

5.4.4.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.

5.4.4.5 We have sufficient evidence that you have subjective malice or abuse of rights.

5.4.4.6 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals.

5.4.4.7 Response to your request will cause serious damage to the other legitimate rights and interests of related individuals or organizations.

5.4.4.8 It involves trade secrets.

 

6. How we use cookies and similar technologies

6.1  For better user experience, we may use various technologies to collect and store data related to your access to and use of our products or services during your use of our products or services. This can help you skip the step of entering your account information repeatedly when you access or re-access the same product or service, and help us rapidly identify you, judge your account security, and provide more and better services to you through data analysis. These technologies used to collect and store relevant data may be cookies, flash cookies, or other local storage provided by your browser or associated application (collectively, "cookies").

6.2  Webpages often contain some electronic image files, called "single-pixel GIFs" or "web beacons", which can help the website count the number of User s who have visited these webpages or access certain cookies. We may also use web beacons to collect information about your web browsing activities when you use related products, such as the URLs of the pages you visit, the URLs of the reference pages you visited, the time of your stay on the pages, your browsing environment, and the display settings.

6.3  You understand and agree that some services we provide can only be realized by using cookies, but we will not use the cookies for any purposes other than those described in this Policy. You are free to modify your cookie acceptance or decline cookies, but refusing cookies may, in some cases, preclude your use of some features or services that depend on cookies.

 

7. Protection of minors

7.1 We presume that you have the corresponding capacity for civil conduct in digital office work or learning, communication, and collaboration activities. We attach great importance to the protection of personal information of minors. If you are a minor, you must ask your parent or other guardians to carefully read this Policy and you may use our products or services or provide information to us after obtaining the consent of your parent or other guardians.

7.2 If you are a guardian of our minor user or a Customer or administrator with management authority over the minor user, you should pay attention to whether the minor user uses our products or services after obtaining the consent of the guardian, and prudently process or authorize us to process relevant personal information of the minor user. If you have any questions regarding the personal information of the minor in your custody that we process or are authorized to process, please contact us through the contact information in Section 9 of this Policy.

 

8. Updates to this Policy

8.1 We may amend or update the content of this Policy from time to time based on the updates to our products or services or the needs of business practice, and will inform you of the updated Policy in an appropriate manner.

8.2  We will strive to inform you of major changes through feasible channels and methods, including noticeable notifications (for example, we may explain the specific changes in this Policy through message push or website announcement). You may also check the latest version of this Policy in this App .

8.3  Major changes mentioned in this Policy include but are not limited to:

8.3.1 Major changes in our control rights and organizational structure, such as the change of owners caused by merger, acquisition, restructuring, or business adjustment;

8.3.2 Major changes in the purposes and methods of processing or authorized processing of user information, the types of information, or other aspects due to major changes in our product features or service model;

8.3.3 Changes in major subjects whom the user information is shared with or is transferred or disclosed to;

8.3.4 Major changes in your rights to participate in the processing of user information and the way to exercise such rights;

8.3.5 Changes of our department responsible for ensuring user information security, contact details, or complaint channels.

8.3.6 High risk indicated in the user information security impact assessment report.

 

9. Contact us

To obtain product-related technical support or consult, complain, or report on issues about the compliance and security protection of personal information, you may contact Sangfor customer service by sending an email to uem-feedback@sangfor.com.cn /marketing@sangfor.com  or calling the following hotline:

Pre-sales consulting hotline: 4008066868

Sangfor technical support, remote, or after-sales hotline (within the service period): 4006306430

Developer   of domestic version of aTrust : Sangfor Technologies Inc .

Developer of offshore  version of aTrust : Sangfor Technologies(Hong Kong) Limited.

If you have any questions about how to confirm whether you are using the domestic or overseas version of the aTrust APP, please read the foreword of the End User License Agreement of the aTrust APP or contact the relevant responsible personnel of the Customer for confirmation.