Privacy Policy
Last Updated:
August 2
, 2024
Thank you for using
Sangfor aTrust
!
To protect your rights, this Privacy Policy (hereinafter referred to as this "Policy") will explain
to you how Sangfor collects, uses, and stores your personal information and the rights to which you
are entitled.
Before using
Sangfor aTrust
(the "App"), please carefully read and understand all terms of this Policy, and
confirm that you have fully understood and agreed to them. By using the App, you acknowledge
that you have fully understood and agreed to this Policy.
This Policy only applies to the
Sangfor aTrust
features and services, and does not apply to any products or services provided by
third parties. Before choosing any third-party products or services, you should fully
understand the features and privacy policies of the third-party products or services.
This Policy will help you understand the following:
1. How we collect and use your personal information
2. How we store your personal information
3. How we share, transfer, and disclose your personal information
4. How we protect your personal information
5. How you access and manage your personal information
6. How we use cookies and similar technologies
7. Protection of minors
8. Updates to this Policy
9. Contact us
1. How we collect and use your personal information
The
currently used
Sangfor aTrust
is a product developed and provided by
Sangfor
to meet
the demand of
the Customer
to effectively guarantee unified security access to internal and external networks.
Sangfor aTrust
, combined with
Sangfor aTrust device
, supports docking to
the
unified identity authentication platform and can provide ACL fine-grained access control based on
identity authentication, and can also support
the
integration of external security capabilities to achieve the ability of trust assessment for
identity,
endpoint and behavior, etc, and automatic threat blocking.
In order to provide
the User
with the functions and services of
Sangfor aTrust
, to continuously maintain the normal operation of the functions and services, to identify abnormal
account status in a timely manner, to safeguard your account security as much as possible, and to
continuously improve and optimize the
user
experience of
Sangfor aTrust
, we will collect and use the information that you provide voluntarily, authorize to provide or
provide
based on
the Customers
’
requirements and the information that you generate
when registering and using the applicatio
n
for the purposes described below in this
P
olicy
:
1.1 Help you become an Authenticated User of
Sangfor aTrust
If you use
Sangfor aTrust
based on the requirements of the Customer you belong to, the administrator of the Customer
will create an
account
of the App for you. The administrator may choose to use
your name
,
employee ID
, telephone number or any information that meets the requirements of laws and regulations
as the username
and set an
initial password
for you. After an account is created for you, you can log in to the App using your username
and initial password
. If
the administrator has configured the option to reset the password by "Forgot Password", you
can change your password on your own.
Otherwise, the account and password of this application can not be modified on your own.
When you log in to
Sangfor aTrust
, you may choose to remember the username and password of your account, so that you do not have to
enter them again the next time you log in. After you have successfully logged into the
Sangfor aTrust
for the first time, the password-free function of
Sangfor aTrust
will support you to log in without
a
password for the period set by the
IT
administrator
. I
f you have not logged in to use the
A
pp for longer than the set period, you need to re-enter your account and password to log in the next
time you use
the Sangfor aTrust
.
1.2 Information collected during your use of the
Sangfor aTrust
features or services
1.2.1
For effective
endpoint
management,
Sangfor aTrust
will collect
endpoint
device model, unique device identification information (ANDROID ID), system version
information, CPU architecture information and IP address information, and submit the
same
to
Sangfor
for processing through the
Sangfor aTrust
device
.
1.2.2
In the process of comprehensive management of
endpoints
,
Sangfor aTrust
needs to collect the current network type and SSID code of WiFi used by the devices
operating the Sangfor aTrust
for the purpose of diagnosing the status of network resources, and submit
the same
to
Sangfor
for processing through the
Sangfor aTrust
device
.
1.2.3.
When you use the Sangfor aTrust sweep function, we will get the acceleration device sensor
information, which will be used to get the angle of the phone shooting to identify the
horizontal and vertical screen status of your device, and then facilitate adapting your model
and status display interface, and the information will be kept on the mobile device to complete
the processing
.
1.2.
4
Information collected by third-party SDKs
In order to ensure the availability and stable operation of
Sangfor aTrust
functions/services, we may access the software development kit (SDK) provided by third
parties. We will exercise due diligence
obligations
and strictly monitor the information
collected by the third party SDK to protect the security of data and information as much
as possible.
The third-party SDKs we access and the personal information collected by those SDKs are listed
in the following directory, and you can
check
the third-party data use and protection rule
s
through the relevant links.
1.2.4.1
Xiaomi Check and Update SDK
Third party name: Xiaomi Inc.
Use Purpose: to better secure the application updates of Xiaomi cell phone
Type of Personal Information collected: device information (IMEI, Android ID, device model,
version number, etc.), network information (Wifi and network link information)
Privacy Policy Link:
https://dev.mi.com/distribute/doc/details?pId=1404
1.2.4.
2
Tencent Browsing Service
(
TBS
)
SDK
Third party name: Shenzhen Tencent Computer System Co., Ltd.
Use Purpose: to
secure stable and reliable web browsing services
Type of Personal Information collected:
d
evice information (mobile device model, O
peration System
, CPU type), application information (host application package name, version number), Wi-Fi status
and parameters, location information, nearby Wi-Fi, CellID
Privacy Policy Link:
https://x5.tencent.com/docs/privacy.html
1.2.4.
3
Facebook
SDK
Third party name:
Facebook
Use Purpose: Cross-platform UI implementation
Type of Personal Information collected:
N/A
1.2.
4
.
4
Umeng Message Push SDK
Third party name: Youmeng Tongxin (Beijing) Technology Limited.
Use Purpose: for efficient and accurate message pushing
Type of Personal Information collected: device information (IMEI, MAC, Android
ID/IDFA/OpenUDID/GUID/ICCID/SN, IMSI of SIM card, geolocation information, etc.)
Privacy Policy Link: https://www.umeng.com/page/policy
1.2.
4
.
5
DingTalk Login SDK
Third party name: Ding Ding Technology Co., Ltd.
Use Purpose: Supporting the User's quick logging in with a DingTalk account.
Type of Personal Information collected:None
Privacy Policy Link: https://terms.alicdn.com/legal-agreement/terms/privacy_policy_full/20230516190209936/20230516190209936.html?spm=ding_open_doc.document.0.0.37b04a97bxyiqj
1.2.
4
.
6
WeCom Login/Share SDK
Third party name: Shenzhen Tencent Computer Systems Co., Ltd.
Use Purpose: Supporting the User's quick logging in with a Wecom account.
Type of Personal Information collected:None
Privacy Policy Link: https://work.weixin.qq.com/nl/act/p/47eb57a00e9f4ad5
1.3 Permissions required during your use of the
Sangfor aTrust
features or services
To provide you and the Customer you belong to with relevant features and services of the App, and
ensure the normal operation of these features and services, we will request you to enable relevant
permissions, as follows:
You understand and agree that as the processor of your relevant personal information involved
therein, the Customer shall assume the obligation to protect relevant legitimate rights and
interests of the individual it manages and the corresponding legal liability. Sangfor will
process relevant necessary data only with the authorization of the Customer (including but not
limited to through the operations and configurations by the administrator). The Customer should
independently control the scope of information that it authorizes us to process based on
business management,
h
uman
r
esource management, internal information security control, or other purposes. In particular, if
you are an administrator authorized by the Customer, you should ensure that your choice to
enable relevant features or services and your relevant use settings are in strict compliance
with the actual requirements and effective instructions of the Customer you belong to, and that
the Customer you belong to has obtained the valid authorization from relevant individual before
granting us, through you, all authorizations required for processing relevant personal
information under this Policy.
1.4 Other information you voluntarily provide to us
In the process of using the features and services of
Sangfor aTrust
, you can also send
your
feedback on
y
our
use
experience
through emails or other ways
to help us better understand your needs for our products
and
continuously improve the product features and experience
.
W
e will record the content of your unsolicited feedback or suggestions, as well as the contact
information you voluntarily provide, so that we can further contact you and feedback on our handling
opinion
.
1.5 Information collected for other purposes
You understand and agree that the product features and services we provide to you are constantly
iterated and upgraded. If we need to collect and process your personal information beyond the scope
described in this Policy, we will separately explain to you the content, scope, and purpose of the
processing of the information involved through page prompts, interaction processes, or otherwise, to
obtain your consent.
1.6 Exceptions
You are fully aware that, in accordance with applicable laws, we may collect and use relevant
personal information without your authorization or consent under the following circumstances:
1.6.1 It is related to the performance of our obligations specified by laws and regulations.
1.6.2 It is directly related to national security and national defense security.
1.6.3 It is directly related to public safety, public health, or major public interests.
1.6.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.
1.6.5 It is for the purpose of safeguarding the life, property, or other significant legitimate
rights and interests of you or other individuals while it is difficult to obtain your consent.
1.6.6 The personal information involved is disclosed to the public by you.
1.6.7 It is necessary to execute and perform the contracts or agreements between you and us.
1.6.8 The personal information is collected from the information disclosed to public legally, such
as through legal news reports, government information disclosures, or other channels.
1.6.9 It is necessary to maintain the operational security and stability of our products or
services, such as discovering and handling the failure of our products or services.
2. How we store your personal information
2.1 If you use the aTrust APP and connect to a Sangfor server located within the territory of
the People's Republic of China (hereinafter referred to as China), the data that Sangfor is
authorized to process within the territory of China will be stored on Sangfor servers within the
territory of China; if you use the aTrust APP and connect to a Sangfor server located outside
the territory of the China, the data that Sangfor is authorized to process will be stored on
Sangfor servers in accordance with the applicable laws and regulations. At the same time, the
data that we are authorized to process will be retained for a period specified by applicable
laws or agreed upon with the user (which shall meet the requirement for providing the products
or services to the user). If you have any questions about the server you are connecting to,
please contact the relevant responsible personnel of the Customer for confirmation.
2.2 If we need to transfer relevant personal information we process within
one country or region
to an overseas entity for the purpose of conducting cross-border business, we wil
l
transfer the personal information in accordance with
the applicable
laws, regulations, and the
provision
s of the competent regulatory authorities. We will ensure to provide sufficient protection for
related personal information, such as anonymizing the personal information or taking encryption or
other security measures for the storage and transmission of personal information.
2.3 You understand and agree that we may store the processed data information on the servers of
affiliated companies for security and backup purposes.
3. How we share, transfer, and disclose your personal information
3.1 Sharing
We will not share the personal information that we process or are authorized to process with any
third party, except in the following circumstances:
3.1.1 We have obtained your explicit consent.
3.1.2 We may share relevant personal information with the public in accordance with applicable laws
and regulations or the compulsory requirements of the competent government authorities.
3.1.3 We may share relevant personal information with third parties including our affiliates or
authorized partners for the purpose of providing our product features or services to you:
We may cooperate with third parties to improve the security of our products or services or optimize
the user experience. For this purpose, we may share certain personal information with third parties.
We undertake that we will expressly explain to you for what purpose and how we share your personal
information and the scope of the personal information to be shared and obtain your consent before
sharing the information.
We undertake that we will share relevant personal information about you with our partners only to
the extent necessary to provide our product features or services to you, and strive to de-identify
the information, so that our partners cannot directly identify the relevant individual. In addition,
the processing of the information received by our partners will be subject to the provisions of this
section. We will strictly prohibit our third-party partners from using the shared information for
any other purposes without your consent.
3.2 Transfer
We will not transfer the personal information that we process or are authorized to process to any
companies, organizations, or individuals, except in the following circumstances:
3.2.1 We have obtained your explicit consent.
3.2.2 In the event of merger, acquisition, or bankruptcy liquidation where personal information
transfer is involved, we will require that the new company or organization holding your personal
information be bound by this Policy. Otherwise, we will require the company or organization to
obtain your authorization or consent again. If such event does not involve the transfer of personal
information, we will fully inform you of the relevant situation and delete or anonymize the personal
information we hold.
3.3 Disclosure
We will not disclose relevant personal information, except in the following circumstances:
3.3.1 The disclosure is made with your express consent or at your request.
3.3.2 Disclosure in accordance with legal requirements:
t
he disclosure is necessary to comply with compulsory requirements of laws, legal proceedings,
litigation, or competent government authorities.
3.3.3 The disclosure is reasonable and necessary for the purpose of maintaining the public
interests.
3.4 We may share, transfer, or disclose relevant personal information without your authorization
or consent under the following circumstances:
3.4.1 It is for purposes related to national security and national defense security.
3.4.2 It is for purposes related to public safety, public health, or major public interests.
3.4.3 It is for purposes related to criminal investigation, prosecution, trial, or judgment
execution.
3.4.4 It is for the purpose of safeguarding the life, property, or other significant legitimate
rights and interests of you or other individuals while it is difficult to obtain your consent.
3.4.5 The personal information disclosed is from the information collected from legally publicly
disclosed information, such as through legal news reports, government information disclosures, or
other channels.
3.4.6 It is necessary to maintain the operational security and stability of our products or
services, such as discovering and handling the vulnerability or failure of our products or services.
4.
How we protect your personal information
4.1 Sangfor attaches great importance to information security. We use various technical security
measures, such as security encryption, intrusion prevention, and anti-virus measures, to protect the
information against unauthorized access, use, disclosure, abuse, alteration, destruction, or loss.
4.2 We establish user information security management systems and work processes to strictly control
access to user information; restrict the permissions of the staff having access to personal
information and provide them with training relating to security and confidentiality; and regularly
perform personal information security risk assessments and promptly handle related risks, to
continuously improve our ability to protect the security of personal information.
4.3 The Internet environment is not completely secure, but we will do our best to ensure the
security of the relevant personal information we process. We will bear the corresponding legal
liability if your legitimate rights and interests are damaged by unauthorized access to, disclosure,
alteration, or destruction of relevant personal information due to the destruction of our physical,
technical, or management protection facilities.
4.4 In the event of a personal information security incident (information leakage or loss), we will,
in accordance with applicable laws and regulations, promptly inform you of the basic information and
possible impact of the security incident, the measures we have taken or will take, suggestions for
you to independently prevent and reduce risks, and the remedies for you in a reasonable manner. In
addition, we will report our handling of the personal information security incident in accordance
with the requirements of regulatory authorities.
4.5 Though we will use our best efforts to take reasonable measures to protect the security of
user information, there are no security measures that are completely perfect or unbreakable. In
the event of any user information leakage, loss, or other security incident arising out of your
disclosure of the product or service account and password to a third party, your breach of the
relevant product or service use agreement, or other reasons attributable to you, or hacking,
intrusion of computer viruses, or other reasons attributable to third parties, or force majeure,
you understand that Sangfor shall not bear any direct or indirect loss or liability arising
therefrom.
5. How you access and manage your personal information
5.1 You understand and agree that we provide basic features for you to access and manage your
personal information. However, since the development of relevant
Sangfor aTrust
features and provision of related services is intended to provide the Customer with
solutions that facilitate business development and profit growth, if the Customer you belong to,
when inviting or authorizing you to become a
User
, sets the corresponding restrictions or approval process for your use of relevant features, you
should perform operations as required by the Customer.
Sangfor undertakes to protect your legitimate rights and interests in your personal information
based on our statutory or agreed obligations and business ethics. If you have any problems in
accessing, correcting, or otherwise managing relevant personal information for reasons other than
the management restrictions set by the Customer you belong to, you can contact us through the
contact information in this Policy.
5.2 Account cancellation or unbinding
To cancel your account with the App, you should contact the relevant administrator of the Customer
you belong to for help
, and the Domestic User may request that their cancellation process be completed within 15
working days
. After your account is canceled or unbound, we will cease the provision of all features and
services of the App to you, and delete or anonymize your personal information in accordance with
applicable laws and regulations and relevant agreements (if any) with you or the Customer you belong
to.
5.3 You may also request us to delete your relevant personal information under the following
circumstances:
5.3.1 Our processing or authorized processing of relevant personal information violates applicable
laws and regulations.
5.3.2 We collect and use your personal information without your express consent.
5.3.3 Our processing or authorized processing of relevant personal information seriously breaches
the relevant agreement.
5.4 Response to your request
5.4.1 You understand and agree that, based on the foregoing description of the purposes of our
processing or authorized processing of personal information, your management of information may
conflict with your requirements for normal registration and use of our products or services. We
shall not be liable for the inconvenience caused to your use of our products or services or your
loss arising from your exercise of the data management right.
5.4.2 In principle, we do not charge a fee for your reasonable requests, but we will charge a
certain cost for repeated requests that exceed reasonable limits, as appropriate. We may reject
requests that are repeated for no reason, require excessive technical means (for example, requiring
the development of new systems or fundamental changes to current practices), pose a risk to the
legitimate rights and interests of others, or are highly impractical (for example, involving the
backup of information stored on tapes).
5.4.3 To ensure security, you may need to submit a written request or otherwise prove your identity.
We may ask you to verify your identity before processing your request.
5.4.4 Under the following circumstances, we will not be able to respond to your request:
5.4.4.1 It is related to the performance of your obligations specified by laws and regulations.
5.4.4.2 It is directly related to national security and national defense security.
5.4.4.3 It is directly related to public safety, public health, or major public interests.
5.4.4.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.
5.4.4.5 We have sufficient evidence that you have subjective malice or abuse of rights.
5.4.4.6 It is for the purpose of safeguarding the life, property, or other significant legitimate
rights and interests of you or other individuals.
5.4.4.7 Response to your request will cause serious damage to the other legitimate rights and
interests of related individuals or organizations.
5.4.4.8 It involves trade secrets.
6. How we use cookies and similar technologies
6.1
For better user experience, we may use various technologies to collect and store data related
to your access to and use of our products or services during your use of our products or services.
This can help you skip the step of entering your account information repeatedly when you access or
re-access the same product or service, and help us rapidly identify you, judge your account
security, and provide more and better services to you through data analysis. These technologies used
to collect and store relevant data may be cookies, flash cookies, or other local storage provided by
your browser or associated application (collectively, "cookies").
6.2
Webpages often contain some electronic image files, called "single-pixel GIFs" or "web
beacons", which can help the website count the number of
User
s who have visited these webpages or access certain cookies. We may also use web beacons to collect
information about your web browsing activities when you use related products, such as the URLs of
the pages you visit, the URLs of the reference pages you visited, the time of your stay on the
pages, your browsing environment, and the display settings.
6.3
You understand and agree that some services we provide can only be realized by using cookies,
but we will not use the cookies for any purposes other than those described in this Policy. You are
free to modify your cookie acceptance or decline cookies, but refusing cookies may, in some cases,
preclude your use of some features or services that depend on cookies.
7. Protection of minors
7.1 We presume that you have the corresponding capacity for civil conduct in digital office work
or learning, communication, and collaboration activities. We attach great importance to the
protection of personal information of minors. If you are a minor, you must ask your parent or
other guardians to carefully read this Policy and you may use our products or services or
provide information to us after obtaining the consent of your parent or other guardians.
7.2 If you are a guardian of our minor user or a Customer or administrator with management
authority over the minor user, you should pay attention to whether the minor user uses our
products or services after obtaining the consent of the guardian, and prudently process or
authorize us to process relevant personal information of the minor user. If you have any
questions regarding the personal information of the minor in your custody that we process or are
authorized to process, please contact us through the contact information in Section 9 of this
Policy.
8. Updates to this Policy
8.1
We may amend or update the content of this Policy from time to time based on the updates to our
products or services or the needs of business practice, and will inform you of the updated Policy in
an appropriate manner.
8.2
We will strive to inform you of major changes through feasible channels and methods, including
noticeable notifications (for example, we may explain the specific changes in this Policy through
message push or website announcement). You may also check the latest version of this Policy in this
App
.
8.3
Major changes mentioned in this Policy include but are not limited to:
8.3.1 Major changes in our control rights and organizational structure, such as the change of owners
caused by merger, acquisition, restructuring, or business adjustment;
8.3.2 Major changes in the purposes and methods of processing or authorized processing of user
information, the types of information, or other aspects due to major changes in our product features
or service model;
8.3.3 Changes in major subjects whom the user information is shared with or is transferred or
disclosed to;
8.3.4 Major changes in your rights to participate in the processing of user information and the way
to exercise such rights;
8.3.5 Changes of our department responsible for ensuring user information security, contact details,
or complaint channels.
8.3.6 High risk indicated in the user information security impact assessment report.
9. Contact us
To obtain product-related technical support or consult, complain, or report on issues about the
compliance and security protection of personal information, you may contact Sangfor customer service
by sending an email to
uem-feedback@sangfor.com.cn
/marketing@sangfor.com
or calling the following hotline:
Pre-sales consulting hotline: 4008066868
Sangfor technical support, remote, or after-sales hotline (within the service period): 4006306430
Developer
of domestic version of aTrust
:
Sangfor Technologies Inc
.
Developer of
offshore
version of aTrust
: Sangfor Technologies(Hong Kong) Limited.
If you have any questions about how to confirm whether you are using the domestic or overseas
version of the aTrust APP, please read the foreword of the End User License Agreement of the
aTrust APP or contact the relevant responsible personnel of the Customer for confirmation.