Effective date:2024-12-19
The eSurfing Cloud Key Management Service Agreement ("Agreement") is entered into between the user ("Party A" or "Customer") and China Telecom ("Party B"). Party B shall provide the eSurfing Cloud Key Management Service to Party A through the eSurfing Cloud Website (www.esurfingcloud.com, also known as the "Site" or "eSurfing Cloud") in accordance with the provisions of this Agreement. Party A shall use the Services in accordance with this Agreement.
Party A shall fully read, understand and agree to accept and abide by this Agreement before using the eSurfing Cloud Key Management Service. If Party A clicks to agree or actually uses the eSurfing Cloud Key Management Service in any way, Party A is deemed to have agreed and accepted all the contents of this Agreement. This Agreement constitutes a legally binding agreement between Party A and Party B. If Party A does not agree to accept this Agreement, please do not use the eSurfing Cloud Key Management Service.
1 Product and Service Description
1.1 In accordance with this Agreement, Party B shall provide the eSurfing Cloud Key Management Service (the "Services") to the Customer helping users to realize the full life cycle management of keys and certificates. Users can easily create and host key and certificate resources to meet the needs of data encryption and decryption and digital signature verification and other needs. At the same time, it integrates seamlessly with eSurfing Cloud products to achieve encryption and protection of native data on the cloud.
2 Service Content
2.1 Party B shall provide Party A with the Services in accordance with this Agreement. The specific content of the Services is subject to the services displayed on the Site and actually provided by Party B upon Party A’s application. Party B has the right to continuously update the service content.
2.2 Pre-conditions for provision of the Services: In order to use the Services, Party A shall first meet all the following conditions:
2.2.1 Agree to and accept the eSurfing Cloud Website User Agreement, successfully register as a user of the Site, and continue to have a legal and valid user account of the Site as at the time of signing this Agreement and throughout the performance of this Agreement;
2.2.2 Agree to and accept the terms of this Agreement;
2.2.3 Agree to and accept the eSurfing Cloud Service Agreement and the eSurfing Cloud Privacy Policy Statement;
2.2.4 Subscribe to and use the Services in accordance with the Service Rules of the Site;
2.2.5 At the time of signing and during the performance of this Agreement, all the qualifications or government approval procedures required for legal operations have been obtained and maintained in accordance with the relevant national or regional regulations, and the relevant qualification documents have been submitted in accordance with this Agreement to Party B and approved by Party B.
2.2.6 Party A shall obtain and maintain the relevant licences or approvals, including but not limited to the following:
2.2.6.1 If Party A operates a website, it shall ensure that all the websites it operates have been licensed or approved by the relevant authorities of the relevant countries or regions;
2.2.6.2 If Party A provides non-commercial Internet information services, it shall register non-commercial websites, and ensure that all the filing information submitted is true and valid, and promptly submit the updated information in the registration system when the registration information changes;
2.2.6.3 If the website provides commercial Internet information services, Party A shall also obtain a commercial website license from the local communications administrative department;
2.2.6.4 If Party A provides electronic bulletin services such as BBS, it shall conduct filing or obtain corresponding approval according to relevant laws and regulations;
2.2.6.5 If Party A operates an Internet game website, it shall obtain an Internet culture business permit in accordance with laws;
2.2.6.6 If Party A operates an Internet video website, it shall obtain a license for the publication of audio-visual programs through an information network in accordance with laws;
2.2.6.7 If Party A engages in Internet information services such as news, publishing, education, medical care, pharmaceuticals and medical devices, it shall obtain approval from relevant competent authorities in accordance with laws, administrative regulations and relevant state regulations. Party A shall obtain approval from relevant competent authorities in accordance with laws before applying for a business licence or performing the filing procedures.
2.2.6.8 The above list does not exhaust all types of licenses or approvals required for commercial or non-commercial activities that Party A engages in. Party A shall obtain relevant licenses or approvals and shall comply with relevant laws and regulations promulgated by relevant countries and regions from time to time.
2.2.7 Other preconditions for using the Services as stipulated in this Agreement.
3 Service Activation
3.1 After carefully reading the Service Rules corresponding to the purchased service, Party A can purchase the required service online through the Site according to its own needs, or the account manager can assist in activating it at the service console. After the Services are activated, Party A can log in to the Site and complete the configuration and operation related to the Services in the management console.
3.2 If there is any inconsistency in the main text of this Agreement, attachments, Service Rules, service descriptions, price descriptions, confirmation terms on the order page, etc. on the relevant pages of the Site, they shall be applicable on the following order of precedence: (1) service descriptions and price descriptions on the relevant webpages on the Site, and confirmation terms on the order page, (2) Service Rules, (3) the main text of this Agreement, and (4) the attachments to this Agreement.
4 Service Fees
4.1 Monthly/annual billing modes are available for the Services. The Customer shall pay Party B the service fees and relevant taxes and dues in accordance with the prompts on the subscription page and the provisions of this Agreement. Party B reserves the right to update the price information and payment method at any time and publish the updated information on the official website of eSurfing Cloud.
4.2 Resource Expiration/Deletion and Payment Default
4.2.1 For fixed monthly/annual service subscriptions, if the Customer intends to continue its use of the Services upon the expiration of Party B's current service period, it shall renew and pay for the subscription in a timely manner. Otherwise, Party B will suspend the Customer's operating permissions for the Services and freeze the resources upon the expiration of the service period.
4.2.2 Party B will, following the expiration of the service period or early termination of the service period (including early termination by mutual agreement, early termination due to other causes), retain the Key Management service and configuration resources for another fifteen (15) days (i.e., starting from the time the Customer's permissions to perform operation is suspended on the day of such suspension and ending on the same time on the fifteenth day thereafter). If the subscription is not renewed within fifteen (15) calendar days of the aforesaid period, Party B has the right to immediately release the Customer's resources and delete the configuration data upon the expiration of the aforesaid period, which cannot be restored after the deletion of the configuration data.
5 Service Specifications
5.1 Party A understands and agrees that the use of the Services is the result of Party A's independent and prudent judgement, and that the Customer shall be responsible for the results of its own judgement or actions.
5.2 Party B will enable the Services for Party A after the subscription is completed. After the Services are activated, Party A can log in to the Site and complete the configuration and operation related to the Services in the management console.
5.3 Party A understands and acknowledges that, due to technical upgrades, service system upgrades, changes in business strategies or changes made to comply with major national technologies, regulations and policies, the continuous provision of the Services cannot be guaranteed and Party B has the right to update the form, specifications or other aspects of the Services provided (such as the price and billing mode of the Services) from time to time. eSurfing Cloud will, before terminating such service or making such changes, endeavour to notify the Customer in advance in one or more ways such as a website notice, announcement, email, or SMS.
5.4 Party A understands and agrees that when using the Services, the Customer shall be responsible for completing data backup and bear any losses and consequences caused by the data loss, omission, destruction or data leakage caused by the Customer, and Party B shall not be liable for this;
5.5 Party A understands and agrees that although Party B has established corresponding security mechanism and measures, in view of the unpredictability and complexity of Internet services and the importance of the Services, please log in to the console in time to delete key information if there are keys that are no longer used.
5.6 If the service is unavailable due to Party A’s failure to follow Party B’s product usage documentation or usage recommendation, Party A shall bear all responsibilities, including without limitation the following situations:
5.6.1 During envelope encryption, the data key is lost due to Party A’s reasons, resulting in data being unable to be decrypted;
5.6.2 Failure to clear cache in a timely manner during envelope encryption, resulting in leakage of the plaintext data key.
5.6.3 Deletion of the user master key by mal-operation, resulting the decryption failure of data.
5.6.4 Other non-standard operations, resulting in leakage of data or decryption failure.
5.7 Party A understands and agrees that security vulnerabilities may exist in any software product, and Party B will use its reasonable endeavours to reduce the occurrence of vulnerabilities, but it cannot avoid their occurrence. Party B will promptly release patches after occurrence of major vulnerabilities and notify Party A to upgrade vulnerabilities in a timely manner through vulnerability announcements, on-site messages, and other means.
5.8 Party A understands and acknowledges that Party B will use its reasonable endeavours to ensure that the upgrade operation of the key management service will not cause network and business interruption. But it does not rule out the situation of network or business interruption due to the high complexity of the upgrade and Party A’s failure to reasonably configure high availability. Party B will not be responsible for business interruption. Party B will notify Customer through one or more methods such as website announcements, site letters, emails or text messages emails or text messages before upgrading where there is a risk of business interruption.
5.9 Party A understands and acknowledges that Party B will use its reasonable endeavours to improve the key management service capabilities. However, due to the relative nature and complexity of security, the key management service cannot guarantee that Party A's protected system will 100% avoid intrusion. Party A agrees to cooperate with Party B to promote the improvement of key management service capabilities to enhance security and protection capabilities.
6 User Service Warranty
6.1 Party B provides Party A with customer service via the service hotline +852 3100 0000.
6.2 Party B provides 7 days x 24 hours customer service to Party A.
7 Technical Support Warranty
7.1 After Party B accepts the handling of faults or non-faults from Party A, it will provide Party A with a technical support warranty according to the specific situation and Party A's needs. The service hours of Party B's engineers are 7 days x 24 hours.
8 Party A's Rights and Obligations
8.1 Party A has the right to use the Services and obtain technical support and after-sales service from Party B in accordance with this Agreement.
8.2 Party A understands and agrees that for the security of Party A's data and system, when Party A requires Party B's engineers to directly operate its Service, Party A should authorize it by email, work order, telephone, etc. Party A shall designate a sole contact person as the authorizer (maintainer) who shall authorize Party B when necessary, which means that only the authorized person has the right to require Party B's engineers to operate its services. The operating system and the parts above it (such as the applications installed by Party A on the system) are the responsibility of Party A. In addition, during the period of authorization, if Party A fails to communicate with Party B's engineers and conducts operations on its own which results in business unavailability and other risks, Party A shall bear the risk.
8.3 If Party A violates any of the warranties in this Agreement, the eSurfing Cloud Website User Agreement and the eSurfing Cloud Service Agreement, including but not limited to the following circumstances, Party A shall bear the corresponding liability for breach of contract:
8.3.1 Where Party A does not have all the qualifications and permits required to carry out business and perform relevant procedures when signing this Agreement, or loses all or part of its qualifications and permits during the validity period of this Agreement, Party B has the right to suspend the provision of the Services and require Party A to make corrections within the time limit. If Party A fails to make corrections within the time limit, Party B has the right to terminate this Agreement without assuming any responsibility. Party A shall bear the liability for breach of contract and compensate Party B for the corresponding losses;
8.3.2 Where Party A uses the Services to upload, download, store and publish content that violates applicable laws, departmental regulations, or national policies, and information that infringes on the legitimate rights and interests of others and/or other information or content that is harmful to social order, public security, and public morals;
8.3.3 Where Party A carries out fraudulent and misleading behaviors such as gambling with prizes and gambling games, or conducts "private servers", "plug-ins" and other internet activities that infringe the intellectual property rights or other legitimate rights and interests of others;
8.3.4 Where Party A conducts malicious scanning, illegal intrusion into the system, illegal acquisition of data and other behaviors that damage or attempt to damage network security;
8.3.5 Where Party A runs irrelevant programs or intentionally writes malicious codes, consuming a large amount of server memory, CPU or network bandwidth resources; and
8.3.6 Where Party A engages in any activities including but not limited to "DNS resolution", "security services", "domain name proxy", "reverse proxy" etc. that may cause users to be frequently attacked (including but not limited to DDoS attacks), thereby affecting the eSurfing Cloud service platform or others.
8.3.7 Party A understands and fully acknowledges that although Party B has established (and will continue to improve according to technological development) necessary technical measures to defend against computer viruses, network intrusions and attack (including but not limited to DDoS) (hereinafter collectively referred to as such Behavior), however, in view of the limitations, relativity and unpredictability of network security technology and the unpredictability of such Behavior, if Party A's account experiences such Behavior, Party B or Party B’s network or server (including but not limited to local, foreign and international networks, servers, etc.) may cause harm or affect the smooth communication between Party B and the international Internet or between Party B and specific networks, servers, and Party B's internal parties. Party B shall have the right to decide to suspend or terminate the Services. If a major network accident is caused to Party B for reasons attributable to Party A, Party B will reserve the right to claim compensation from Party A. If a crime is involved, Party A shall bear criminal responsibility according to the laws.
8.3.8 If Party B terminates the provision of the Services to Party A due to reasons set out in the above clauses (other than due to breach of contract by Party A), Party B will calculate the service fee based on the actual number of days used by Party A, and return the remaining balance (if any) to Party A's eSurfing Cloud account.
8.4 Party A shall be responsible for the integrity and confidentiality of its data stored on the eSurfing Cloud website and the codes and passwords used for accessing and managing various products and services on the eSurfing Cloud website, and shall take necessary and effective confidentiality and security protection measures, including but not limited to standardizing permission administration for data access and account use, setting strong passwords and changing them regularly. Party A shall bear all losses and consequences caused by the loss or leakage of the above-mentioned data, codes, passwords, and alike due to improper maintenance or confidentiality by Party A.
8.5 If services in Mainland China are involved, Party A must keep the access log records of its website in accordance with the provisions of the Network Security Law, the Administrative Measures on Internet Information Service and other laws and regulations, including the content of the published information, the time of publication, and the Internet Protocol address (IP), domain names, and alike, which shall be provided to the relevant state agencies when they inquire according to the law. Party A shall bear the corresponding legal liabilities arising from failure to keep relevant records as required.
9 Term and Termination of the Agreement
9.1 This Agreement becomes effective from the date when Party A successfully purchases or applies for activation of the product, and terminates when the subscription service period of Party A expires, unless otherwise agreed by the Parties.
9.2 This Agreement may be terminated earlier if the Parties reach a consensus.
9.3 Party B has the right to terminate this Agreement under the following circumstances:
9.3.1 Where Party B detects, by itself or based on the information of relevant departments and complaints from obligees, that the assets added or scanned by Party A are not legally authorized.
9.3.2 According to laws, regulations or the requirements of government agencies;
9.3.3 Where Party B believes that continuing to provide services to Party A will cause huge economic or technical burdens or major security risks to Party B;
9.3.4 Due to any changes in laws or policies, it is not practical for Party B to continue to provide services to Party A;
9.3.5 Where Party A fails to pay relevant fees in full and on time;
9.3.6 Where Party A violates the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, the eSurfing Cloud Legal Statement or the eSurfing Cloud Privacy Policy Statement of this website;
9.3.7 Where Party A no longer meets any of the pre-conditions for the Services set out in Article 2.2 of this Agreement; or
9.3.8 Where Party A violates other terms of this Agreement.
9.4 If Party B terminates this Agreement due to Party A's breach, Party B shall have the right to withhold the remaining amount (if any) from Party A's eSurfing Cloud account, without prejudice to its other rights and remedies under this Agreement or the law, to offset any losses and damages caused to Party B due to Party A's breach.
9.5 Party B may terminate the Services 30 days in advance by publishing an announcement on the Site, or by sending a website notice or a written notice to Party A. in which case, Party B shall return the amount paid by Party A but not consumed (without interest) to Party A's eSurfing cloud account.
9.6 If any clause in this Agreement is completely or partially invalid or unenforceable for any reason, the remaining clauses in this Agreement shall still be valid and binding.
10 Others
10.1 The termination of this Agreement will not affect the effectiveness of the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement and the eSurfing Cloud Privacy Policy Statement between Party A and Party B. If the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement or the eSurfing Cloud Privacy Policy Statement between Party A and Party B is terminated, this Agreement will be automatically terminated.
10.2 For matters not stipulated in this Agreement, the Parties shall abide by the provisions set out in the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement. If there is any conflict on the same matter in this Agreement, the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement, this Agreement shall prevail.
10.3 The latest version of the eSurfing Cloud Service Agreement can be found at
https://www.esurfingcloud.com/portal/zh-cn/protocol/20685742
The latest version of the eSurfing Cloud Website User Agreement can be found at: https://www.esurfingcloud.com/portal/zh-cn/protocol/10144340
The latest version of the eSurfing Cloud Privacy Policy Statement can be found at:
https://www.esurfingcloud.com/portal/zh-cn/protocol/10139040
10.4 In the event of any conflict or inconsistency between the English and the Chinese versions of this Agreement, the English version shall prevail. If there is any unclear part in the Chinese version, please refer to the English version.
Appendix 1
Article 1 General Provisions
China Telecom (hereinafter referred to as "Party B", website: https://www.esurfingcloud.com) provides Key Management Service (hereinafter referred to as "Services") to the user (also referred to as "Party A") in accordance with the provisions of this Agreement and its operating rules as may be amended from time to time. Party B reserves the right to change the terms of the Service Level Agreement (SLA) at any time.
Article 2 Service Commitment
Party B undertakes that the service availability rate of the Services is no less than 99.90% per service cycle.
Article 3 Service Description
A service cycle is defined as a calendar month. Any duration less than a calendar month shall not constitute a complete Service Cycle. Unless otherwise specified, the Total Time of Service Cycle is the total number of minutes in a Service Cycle. Total Time of Service Cycle = Total number of days in a Service Cycle x 24 hours x 60 minutes.
Unavailability is the period when the Key Management service log shows that the Services were inaccessible for five or more consecutive minutes because of Party B. Service unavailability of less than five minutes is not counted.
Service Unavailable Duration means all the time when the Services are unavailable during a Service Cycle. The Service Unavailable Duration is only counted once, that is, the Service Unavailable Duration in a Service Cycle is not counted into that of the next Service Cycle.
Service availability rate:
Service Availability Rate for a given Service Cycle = (Total Minutes in a Service Cycle – Minutes of Unavailability)/Total Minutes in a Service Cycle x 100%.
Article 4 Compensation Scheme
1. Compensation Standard
If Party B fails to meet the service availability promised under this SLA, Party A can apply for compensation in accordance with the provisions of this SLA. The compensation will be issued in the form of service compensation time, and this compensation shall be the sole and exclusive compensation provided by Party B to Party A if the Services do not meet the service availability commitment.
Service Availability SLA | Credit (minutes) |
99.00% <= SLA < 99.90% | 4320 |
95.00% <= SLA < 99.00% | 12960 |
SLA < 95.00% | 43200 |
2. Time Limit for Claims
(1) If the Service Availability in a Service Month fails to meet the Service Availability Standard, Party A may claim compensation only through the ticket system under Party A's corresponding account after the fifth (5th) business day of the month immediately following the end of the corresponding month for which the service does not meet the standard. After Party A submits an application for compensation, Party B will conduct corresponding verification . If there is any dispute between the parties, both Parties agree that the back-end record of Party B shall prevail.
(2) The latest time for Party A to submit an application for compensation shall not exceed sixty (60) calendar days after the end of each month of the corresponding service that fails to meet the standards . If Party A fails to submit an application for compensation within sixty (60) days after the end of the corresponding monthly service that fails to meet the standard, or does not file an application for compensation until sixty (60) days after the end of the corresponding monthly service that fails to meet the standard, , or Party A makes an application through a method other than that stipulated in this Agreement, it will be deemed that you have automatically given up your right to demand compensation and claim other rights against Party B. This shall be deemed that you have automatically waived your right to claim compensation and your right to assert other rights against Party B. Party B has the right not to accept your application for compensation and not to make any compensation or remedies to you.
Article 5 Force Majeure and Exemption
The unavailability of Party A's Key Management Services due to the following reasons shall not be counted in the unavailability time:
(1) caused by Party B’s prior notification to Party A for system maintenance, including cutover, repair, upgrade and simulated fault drills, etc.;
(2) caused by network failures, device faults, or configuration adjustment other than Party B’s devices;
(3) caused by Party A's application or installation activities;
(4) Party A's application programs or data information is attacked by hackers;
(5) caused by Party A’s negligence or operations authorized by Party A;
(6) caused by improper maintenance or confidentiality by Party A, resulting in the loss or leakage of data, passphrases and passwords, etc.;
(7) caused by Party A's self-upgrading of the operating system;
(8) caused by operating system vulnerabilities; and
(9) in accordance with laws and regulations, Party A's services are suspended or terminated at the request of regulatory authorities or in accordance with the agreement or policies cited in the relevant agreement;
(10) Unavailability caused by Party A's failure to use the Services in accordance with the service usage documents or operation instructions (such as the user's shutdown or restart of the vulnerability management through console, API and other control methods), etc.
(11) Unavailability caused by other non-Party B reasons;
(12) caused by force majeure events or unforeseen accidents; Force majeure and unexpected events refer to objective events that cannot be foreseen, insurmountable and avoided and have a significant impact on one party or both parties, including but not limited to natural disasters such as floods, earthquakes, epidemics, etc. and social events such as wars, strikes, unrest, government actions, interruption of telecom backbone lines, hackers, network congestion, technical adjustments of telecommunications departments, and government regulations, etc.
Party B shall not be liable for failing to perform its commitment due to the above reasons. If either party fails to perform the SLA in whole or in part due to force majeure, and upon written notice to the other party, such party shall not be liable for the affected terms of this agreement during the period of failure to perform these clauses and within the affected scope of such non-performance. After the effect of such Force Majeure Events or other accidents has been removed, the affected party/parties shall resume its/their performance hereof.