Effective date:2024-05-31
This eSurfing Cloud Penetration Test Service Agreement ("Agreement") is entered into between the user (also known as "Party A" or the "Customer") and China Telecom (also known as "Party B"). Party B shall provide the eSurfing Cloud Penetration Test Services to Party A through the eSurfing Cloud Website (www.esurfingcloud.com, also known as the "Site" or "eSurfing Cloud") in accordance with the provisions of this Agreement. Party A shall use the eSurfing Cloud Penetration Test Services in accordance with this Agreement.
Party A shall read the entire content of this agreement carefully before using the eSurfing Cloud Penetration Test Services. If Party A clicks to agree, it will be deemed that Party A agrees and accepts all the content of this Agreement. This Agreement constitutes a legally binding agreement between Party A and Party B. Should Party A do not agree to this agreement, please do not use the eSurfing Cloud Bastion Host Services. Should Party A do not agree to this agreement, please do not use the eSurfing Cloud Penetration Test Services.
If Party A has any questions about this Agreement, it shall make queries via the means set out in this Agreement or on the Site, and Party B will explain to and clarify with Party A. If Party A does not agree with any of the content of this Agreement or is unable to accurately understand Party B's explanations, it shall not subscribe to or use eSurfing Cloud services.
1.1 Party B provides Party A with the eSurfing Cloud Penetration Test Services (hereinafter the "Services") in accordance with this Agreement. Penetration Test is a method to evaluate the security network system by simulating the attack methods of malicious hackers. This process includes proactive analysis of any weaknesses, technical defects or vulnerabilities in the system. The analysis is conducted from a location where attackers may be present, and from there, they can actively exploit security vulnerabilities, identify the risks that exist in the system, and avoid serious impact on the system.
2.1 Party B shall provide Party A with the eSurfing Cloud Penetration Test Services in accordance with this Agreement. The specific content of the Services is subject to the services displayed on the Site and actually provided by Party B upon Party A’s application. Party B has the right to continuously update the service content.
2.2 Pre-conditions for provision of the Services: In order to use the Services, Party A shall first meet all the following conditions:
(1) Agree to and accept the eSurfing Cloud Website User Agreement, successfully register as a user of the Site, and continue to have a legal and valid user account of the Site as at the time of signing this Agreement and throughout the performance of this Agreement;
(2) Agree to and accept the terms of this Agreement;
(3) Agree to and accept the eSurfing Cloud Service Agreement and the eSurfing Cloud Privacy;
(4) Subscribe to and use the Services in accordance with the Service Rules of the Site;
(5) At the time of signing and during the performance of this Agreement, all the qualifications or government approval procedures required for legal operations have been obtained and maintained in accordance with the relevant national or regional regulations, and the relevant qualification documents have been submitted in accordance with this Agreement to Party B and approved by Party B.
Party A shall obtain and maintain the relevant licences or approvals, including but not limited to the following:
1) If Party A operates a website, it shall ensure that all the websites it operates have been licensed or approved by the relevant authorities of the relevant countries or regions;
2) If Party A provides non-commercial Internet information services, it shall register non-commercial websites, and ensure that all the filing information submitted is true and valid, and promptly submit the updated information in the registration system when the registration information changes;
3) If the website provides commercial Internet information services, Party A shall also obtain a commercial website license from the local communications administrative department;
4) If Party A provides electronic bulletin services such as BBS, it shall conduct filing or obtain corresponding approval according to relevant laws and regulations;
5) If Party A operates an Internet game website, it shall obtain an Internet culture business permit in accordance with laws;
6) If Party A operates an Internet video website, it shall obtain a license for the publication of audio-visual programs through an information network in accordance with laws;
7) If Party A engages in Internet information services such as news, publishing, education, medical care, pharmaceuticals, and medical devices, it shall obtain approval from relevant competent authorities in accordance with laws, administrative regulations, and relevant state regulations. Party A shall obtain approval from relevant competent authorities in accordance with laws before applying for a business licence or performing the filing procedures.
The above list does not exhaust all types of licenses or approvals required for commercial or non-commercial activities that Party A engages in. Party A shall obtain relevant licenses or approvals and shall comply with relevant laws and regulations promulgated by relevant countries and regions from time to time.
(6) Other preconditions for using the Services as stipulated in this Agreement.
3.1 After carefully reading the Service Rules corresponding to the purchased service, Party A can contact the account manager via email or phone according to its own needs. The account manager will organize experts to conduct an overall assessment of your business scale and assist in creating orders, making payments, and completing service activation. After the service is activated, Party A needs to complete the signing of the penetration testing authorization agreement and agree on the start and end time of the service. The eSurfing Cloud Penetration Test Service team will complete the penetration test according to Party A's needs and provide a penetration test report.
3.2 If there is any inconsistency in the main text of this Agreement, attachments, Service Rules or service descriptions on the relevant pages of the Site, they shall be appliable on the following order of precedence: (1) service descriptions on the relevant webpages of the Site, (2) Service Rules, (3) the main text of this Agreement, and (4) the attachments to this Agreement.
4.1 eSurfing Cloud Penetration Test supports pay-per-use billing. The customer shall pay the service fee to Party B in accordance with the final order content and this agreement.
4.2 Resource Expiration/Deletion and Payment Default Handling:
4.2.1 eSurfing Cloud Penetration Test Service is manual service-oriented, and the deliverable is a penetration test report. This service is non-refundable and ends after the test report is submitted. If you have any questions after the end of the service, you can contact the account manager to communicate the details.
5.1 Party A shall ensure that it has the operating authority for the designated services/products. Before performing penetration test services based on the instructions of Party A, it shall be deemed that Party A has obtained authorization from the customer. All operational actions and the consequences thereof shall be borne entirely by Party A;
5.2 Party A is responsible for its own operations, such as writing application code in the image, setting business logic, etc.
5.3 Unless otherwise agreed by the Parties, if Party A uses other eSurfing Cloud services along with the Penetration Test Services, Party A shall pay the service fee to Party B in accordance with the corresponding service fee standards and comply with the corresponding service terms;
5.4 When using the Services, Party A shall back up data and bear the risk of data loss, omission, and damage caused by its own reasons, and Party B shall not be liable for this.
6.1 Party B provides Party A with customer service via the service hotline +852 3100 0000.
6.2 Party B responds to Party A's service communication: 8 hours, 5 business days.
7.1 After Party B accepts the handling of faults or non-faults from Party A, it will provide Party A with a technical support warranty according to the specific situation and Party A's needs. The service hours of Party B's engineers are 7 days x 24 hours.
8.1 If Party A violates any of the warranties in this Agreement, the eSurfing Cloud Website User Agreement, and the eSurfing Cloud Service Agreement, including but not limited to the following circumstances, Party A shall bear the corresponding liability for breach of contract:
8.1.1 Where Party A does not have all the qualifications and permits required to carry out business and perform relevant procedures when signing this Agreement, or loses all or part of its qualifications and permits during the validity period of this Agreement, Party B has the right to suspend the provision of the Services and require Party A to make corrections within the time limit. If Party A fails to make corrections within the time limit, Party B has the right to terminate this Agreement without assuming any responsibility. Party A shall bear the liability for breach of contract and compensate Party B for the corresponding losses.
8.1.2 Where Party A uses the eSurfing Cloud Penetration Test Services to upload, download, store and publish content that violates applicable laws, departmental regulations, or national policies, and information that infringes on the legitimate rights and interests of others and/or other information or content that is harmful to social order, public security, and public morals.
8.1.3 Where Party A carries out fraudulent and misleading behaviors such as gambling with prizes and gambling games, or conducts "private servers", "plug-ins" and other Internet activities that infringe the intellectual property rights or other legitimate rights and interests of others;
8.1.4 Where Party A conducts malicious scanning, illegal intrusion into the system, illegal acquisition of data, and other behaviors that damage or attempt to damage network security;
8.1.5 Where Party A runs irrelevant programs or intentionally writes malicious codes, consuming a large amount of server memory, CPU or network bandwidth resources; and
8.1.6 Where Party A engages in any activities including but not limited to "DNS resolution", "security services", "domain name proxy", "reverse proxy" etc. that may cause users to be frequently attacked (including but not limited to DDoS attacks), thereby affecting the eSurfing Cloud service platform or others.
8.2 Party A understands and fully acknowledges that although Party B has established (and will continue to improve according to technological development) necessary technical measures to defend against computer viruses, network intrusions and attack (including but not limited to DDoS) (hereinafter collectively referred to as such Behavior), however, in view of the limitations, relativity and unpredictability of network security technology and the unpredictability of such Behavior, if Party A's account experiences such Behavior, Party B or Party B's network or server (including but not limited to local, foreign and international networks, servers, etc.) may cause harm or affect the smooth communication between Party B and the international Internet or between Party B and specific networks, servers, and Party B's internal parties. Party B shall have the right to decide to suspend or terminate the Services. If a major network accident is caused to Party B for reasons attributable to Party A, Party B will reserve the right to claim compensation from Party A. If a crime is involved, Party A shall bear criminal responsibility according to the laws.
8.3 Party A shall be responsible for the integrity and confidentiality of its data stored on the eSurfing Cloud platform and the codes and passwords used for entering and managing various products and services on the eSurfing Cloud platform, and shall take necessary and effective confidentiality and security protection measures, including but not limited to standardizing permission administration for data access and account use, setting strong passwords and changing them regularly, etc. Party A shall bear all losses and consequences caused by the loss or leakage of the above-mentioned data, codes, passwords, and alike due to improper maintenance or confidentiality by Party A.
8.4 If services in Mainland China are involved, Party A must keep the access log records of its website in accordance with the provisions of the Network Security Law, the Administrative Measures on Internet Information Service, and other laws and regulations, including the content of the published information, the time of publication, and the Internet Protocol address (IP), domain names, and alike, which shall be provided to the relevant state agencies when they inquire according to the law. Party A shall bear the corresponding legal liabilities arising from failure to keep relevant records as required.
9.1 This Agreement becomes effective from the date when Party A successfully purchases or applies for activation of the product, and terminates upon the completion of Party B's services, unless otherwise agreed by the Parties.
9.2 This Agreement may be terminated earlier if the Parties reach a consensus.
9.3 Party B has the right to terminate this Agreement under the following circumstances:
9.3.1 According to laws, regulations or the requirements of government agencies;
9.3.2 Where Party B believes that continuing to provide services to Party A will cause huge economic or technical burdens or major security risks to Party B;
9.3.3 Due to any changes in laws or policies, it is not practical for Party B to continue to provide services to Party A;
9.3.4 Where Party A fails to pay relevant fees in full and on time;
9.3.5 Where Party A violates the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, the eSurfing Cloud Legal Statement or the eSurfing Cloud Privacy Policy Statement of this website;
9.3.6 Where Party A no longer meets any of the pre-conditions for the Services set out in Article 2.2 of this Agreement; or
9.3.7 Where Party A violates other terms of this Agreement.
9.4 Except as stipulated in Article 9.5, if Party B terminates this Agreement according to this Agreement, Party B will calculate the service fee based on the actual number of days used by Party A, return the remaining amount (if any) to Party A's eSurfing Cloud account, and reserves the right to pursue legal claims against Party A for its breach of contract.
9.5 Party B may terminate the Services 30 days in advance by publishing an announcement on the Site, or by sending an on-site notice or a written notice to Party A, in which case, Party B shall return the amount paid by Party A but not consumed (without interest) to Party A's eSurfing cloud account.
9.6 If any clause in this Agreement is completely or partially invalid or unenforceable for any reason, the remaining clauses in this Agreement shall still be valid and binding.
10.1 The termination of this Agreement will not affect the effectiveness of the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement between Party A and Party B. If the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement or the eSurfing Cloud Privacy Policy Statement between Party A and Party B is terminated, this Agreement will be automatically terminated.
10.2 For matters not stipulated in this Agreement, the Parties shall abide by the provisions set out in the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement. If there is any conflict on the same matter in this Agreement, the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement, this Agreement shall prevail.
10.3 In the event of any conflict or inconsistency between the English and the Chinese versions of this Agreement, the English version shall prevail. If there is any unclear part in the Chinese version, please refer to the English version.