Effective date:2023-05-01
About Us
The official website of eSurfing Cloud, located at www.esurfingcloud.com, (“eSurfing Cloud Website” or “Website”) is owned and operated by China Telecom Global Limited and its affiliates in the relevant jurisdictions (collectively referred to as “CTG”, “We”, “Our” or “Us”).
About this Privacy Policy
This Privacy Policy describes how we collect, use, disclose, transfer, store, and share (collectively referred to as, “Process”) your personal information about our applications, products, services, events, and experiences from our Website (collectively referred to as “eSurfing Cloud Services”). We shall comply with this Privacy Policy by applicable laws and regulations in the places we operate. We may provide additional privacy statements applicable to certain eSurfing Cloud Services, practices, or regions in certain cases. These terms should be read in conjunction with this Privacy Policy.
What this Privacy Policy does not cover
The Privacy Policy does not apply to the content processed, stored, or hosted by you using eSurfing Cloud Services in connection with your cloud user accounts. (collectively referred to as, “Customer Data”) In such cases, we provide you with a storage and management information platform, and any information collected or processed is processed on your behalf. The services provided by eSurfing Cloud for uploading, downloading, transmitting, publishing, distributing, storing, and other processing activities of Customer Data and its relevant data do not apply to this Privacy Policy. If you use the services provided by eSurfing Cloud for data processing, you should ensure the legality of your data processing activities. You should ensure that the processing of the above personal information complies with the applicable laws and that the relevant individuals have been informed of the type, purpose, method, and other matters of personal information processing before processing personal information and have obtained personal consent by the applicable laws.
This Privacy Policy also does not apply to any products, services, websites, or content that are offered by other third parties. When you provide personal information to us on a third-party website or platform, the personal information you provide may be separately collected by the third party and subject to the privacy statement of the third-party website or platform. We are not responsible for the privacy measures of such websites or platforms.
The term 'Personal Information' used in this Privacy Policy refers to information related to identified or identifiable individuals as defined by the applicable laws. For example, this information may include your name, address, email address, business contact details, or information collected when you interact with us through our website or event.
If there is any conflict or inconsistency between the English version and any other available language versions, to the extent permitted by the applicable laws, the English version shall prevail.
Contents
How We Collect Personal Information
Personal Information We Collect
How We Use Personal Information
How We Share and Transfer Personal Information
How We Secure Personal Information
Retention of Personal Information
Cookies
Your Controls and Choices
Children’s Personal Information
Changes to Privacy Policy
Contacts
Supplemental Privacy Policy for European Economic Area and the United Kingdom
Supplemental Privacy Policy for Hong Kong
Supplemental Privacy Policy for Indonesia
Supplemental Privacy Policy for South Africa
How We Collect Personal Information
l Information You Give Us: When you inquire about or use eSurfing Cloud Services, when you contact us by phone, email, or other means when you register, subscribe to, or purchase our eSurfing Cloud Services (including linking your Personal Information on third-party websites or platforms to your registered account), when you conduct real name-authentication, we will collect the information you provide us.
l Information We Collect About You When Use Our Services: We will automatically collect information related to you through various technologies: when you visit this website or our eSurfing Cloud Services, when you download content from the relevant platform we provide, when you open the email we send or click on the link in the email, and interact or communicate with us.
l Information From Third Parties: When you make payments through a third party, when the applicable laws may require you to authorize a third party to share your information with us, to maintain the operation of eSurfing Cloud Services, to protect you or other users and legitimate interests, we will collect your information from a third party.
Personal Information We Collect
We collect and use Personal Information collected or generated during the process of providing and managing eSurfing Cloud Services and related technical support, excluding any Customer Data. (collectively referred to as "Service Data")
Service Data includes:
l Account Data: Your name, email address, address, phone number, contact information, basic company information (such as company name, industry type, designated contact information), your organization and contact information (such as colleagues or personnel information of your organization), user name and alias.
l Payment and Transaction Data: payment information, billing detail, business record, (including credit card and bank account information), company and financial information, tax information, consumption record, and other information related to you and us and our affiliated or third parties provide information on product and service interaction related to eSurfing Cloud Services.
l Real Name Authentication related data: Individual user identity information, including government-issued photo ID document (such as government-issued ID cards, driver's licenses, and passports), identification document type, identification number, and identification document photo; and enterprise user identity information, including enterprise name, enterprise registration country/region, enterprise registration number, business registration number, photocopy of enterprise license, legal representative information, legal person ID number, and bank account information (including deposit bank, bank account number, deposit bank, and bank location).
l Setting and Configuration: Configuration and setting record, including resource identifier and attribute, as well as service and security setting for data and another resource.
l Technical and Operational Data: Usage and device data ( such as eSurfing Cloud Services indicator information, Internet Protocol ("IP") address, device type, operating system and platform, service usage, other log information, and network and connection information), activity data (such as browsing data, when you use eSurfing Cloud Services, how often you use our services, and your preferences ), identifiers and information contained in cookies and visit data.
l Direct communication data: feedback, proof, inquiry, support for order, as well as any phone conversation, chat conversation, and email content sent to us, your image (still image, video, and in some cases 3D image), sound, and other personal identifier related to your participation in eSurfing Cloud Services activities or use of specific suggested eSurfing Cloud Services.
You have the right to choose not to provide or disclose your personal information to us. However, if you refuse to provide or allow us to collect your Personal Information, we may not be able to provide you with certain information or services or you may not be able to log in and access certain parts of the site. We retain Personal Information only to the extent necessary to achieve the purposes set out below.
How We Use Personal Information
We use your Personal Information to provide and improve our eSurfing Cloud Services. The purposes for using your Personal Information include:
l Provide eSurfing Cloud Services: The provision and delivery of eSurfing Cloud Services and processing activities related to the same, including registrations, subscriptions, purchases, and payments, including sharing your Personal Information with payment and transaction with other service providers to process your order.
l Provide eSurfing Cloud Services in China for Real Name Authentication: If you choose to use servers located in China (excluding Hong Kong, Macao, and Taiwan, China) to provide services, we shall use your government-issued ID card with photos (or, if you are an enterprise customer, use enterprise user ID documents) to ensure that your account has been legally verified by the applicable laws. You have the option to decline real name authentication, however, this may prevent you from accessing features or associated services that necessitate it. While you will be unable to use those specific functions or services, it will not impact your ability to utilize other features and services available.
l Operate, evaluate, optimize, improve, and develop eSurfing Cloud Services: To evaluate the use of eSurfing Cloud Services, analyze its performance, rectify errors, test, provide customer support, research, statistics, surveys, improve and develop the eSurfing Cloud Services.
l Communicate with You: To communicate with you about eSurfing Cloud Services through different means (e.g. by phone, text message, email, and chat box) and respond to your requests.
l Recommendations: To recommend eSurfing Cloud Services that might be of interest to you.
l Marketing: To market and promote eSurfing Cloud Services. We may send promotional messages about eSurfing Cloud Services.
l Comply with Legal Obligations: To comply with the applicable laws, legal procedures, or legitimate government requirements, or make any claims or potential claims against us or our parent, shareholders, subsidiaries, and affiliates. For example, we collect bank account information from third party payment service providers for identity verification.
l Fraud & Abuse Prevention and Credit Risk: To monitor, investigate, prevent, and detect potential violations of our policies and identify activities that cause security issues, fraud and abuse, and illegality to protect the security of our customers, eSurfing Cloud platform, and other security aspects. We may also use scoring methods to assess and manage credit risks.
l Other Purposes: We may also need to ask for your consent to use your Personal Information for a specific purpose that we communicate to you.
How We Share and Transfer Personal Information
Personal Information about our customers is an important part of our business and we will not disclose or transfer our customers’ Personal Information to others, except in limited circumstances, including:
l Share Personal Information to affiliates of CTG that are either subject to this Privacy Policy or follow practices at least to the same standard those as described in this Privacy Policy.
l Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include: delivering eSurfing Cloud hardware, sending communications, processing payments, real name authentication, assessing credit and compliance risks, analyzing data, providing marketing and sales assistance (including advertising and event management), conducting customer relationship management, and providing training. If you choose to purchase eSurfing Cloud Services within China, third-party service provider shall provide authentication services to verify your true identity information.
l Business Transfers: As we continue to develop our business, we might sell or buy businesses or services. In such transactions, Personal Information generally falls part of the transferred business assets but it remains subject to the promises made in any pre-existing Privacy Notice. Also, in the unlikely event that eSurfing Cloud or substantially all of its assets are acquired, your Personal Information will be transferred, we will notify you if this happens and you will have an opportunity to consent or to reject its transfer.
l To protect ourselves and to protect others: We may release your account and other Personal Information as we deem appropriate to comply with any applicable laws, to enforce or apply our terms and other agreements, or to protect our rights, property, or safety or those of others, including exchanging information with other companies and organizations for fraud prevention and identification and credit risk reduction.
l At your discretion: Other than as set out above, we will notify you when Personal Information about you might be shared with third parties, and you will have an opportunity to choose not to share the information.
We will take appropriate measures to protect your Personal Information whenever it is transferred, stored, or processed by us. These measures may involve adopting standard contractual clauses of the applicable laws, securing your consent, or using other legal means for transferring your Personal Information.
How we secure Personal Information
At eSurfing Cloud, security, integrity, and confidentiality of your Personal Information is our highest priority. We design our systems with your security and privacy in mind. We only collect your Personal Information that is necessary to achieve our specified purposes. We strive to safeguard your data, however, given the technological limitations and various potential threats present in the digital environment, some vulnerabilities might be inevitable. We have developed and implemented technical and organizational data security measures to ensure that your Personal Information will not be unauthorized accessed, disclosed, used, modified, damaged, or lost, including:-
l We use encryption technology to protect the security of your Personal Information during transmission to or from the eSurfing Cloud platform, applications, and eSurfing Cloud Services.
l We review our collection, storage, and processing practice of Service Data on a regular basis, including our technical and organizational data security measures, to prevent unauthorized access to our system.
l We only allow authorized employees and agents to process Personal Information.
l We implement physical, electronic, and procedural safeguards about the collection, storage, and disclosure of Personal Information. In conjunction with our implementation of security procedures, we may ask you to provide proof of identity before disclosing Personal Information to you.
Retention of Personal Information
We retain your Personal Information to enable you to continue to use eSurfing Cloud Services for as long as necessary to fulfill the relevant purposes described in this Privacy Policy, as may be required by law (without limitations, for tax and accounting purposes), or as otherwise notified to you. The length of time we retain particular Personal Information depends on the purpose or legally required to retain this information for a longer period, and we will delete your Personal Information by the applicable laws.
Cookies
We may collect and use your information through cookies and similar technologies, our policy on the use of cookies is as follows:
l Cookies are small data files that are stored on your hard drive or in your device's memory. With the help of cookies, we can store your preferences (such as the language of your computer or mobile device, font size, and other browsing preferences) or shopping carts.
l You can refuse or manage cookies by modifying your browser settings yourself, or if you turn off the use of cookies or delete stored cookies, you will need to change your user settings each time you use the eSurfing Cloud platform.
l When you access third-party services, view web pages created by third parties, or use applications developed by third parties, you are advised that these third parties may place their own cookies, which are not under our control and it is not governed by this Privacy Policy Statement; you should be aware we cannot guarantee that these third parties will protect your personal data to the standards we require, and if you find these third party services to be at risk, you are advised to terminate them to protect your legitimate interests, the service provider should have its independent privacy policy, and the third party services you use are subject to them, we advise you to read their policies carefully.
For more information on cookies and how we use them, please read our Cookies Notice.
Your Controls and Choices
You can access, change, rectify, and delete certain information about your account and your interactions with eSurfing Cloud Services. You may have other rights under specific applicable laws. For details, please refer to the applicable supplemental privacy policy. If you are unable to manage your information yourself, you may also contact us at any time for assistance. Please note that we will verify your identity before exercising your rights.
You can choose how your Personal Information is collected and used. Many eSurfing Cloud Services provide you with options on how your information is being used. You can choose not to provide certain information, but you may not be able to use certain eSurfing Cloud Services as a result.
l Account Information: If information relating to your account needs to be accessed, changed, rectified, or deleted, we will usually retain the previous version for archival purposes.
l Message notifications: If you do not wish to receive promotional messages from us, please unsubscribe or adjust the notification options settings in the administration console. If you do not wish to receive in-app notifications from us, please adjust the notification settings in the app or on your device.
l Browsers and devices: The “help” function on most browsers and devices will tell you how to prevent your browser or device from accepting new cookies, how to have your browser notify you when you receive a new cookie, or how to disable cookies altogether.
Children’s Personal Information
We do not offer or provide the eSurfing Cloud Services to children, but only to adults who have attained the age of majority under applicable laws. For children i.e. who have not yet attained the age of majority under the applicable laws, provide us with Personal Information, parents or guardians may contact us on behalf of the children, requesting us to stop further collection, use, and/or disclosure of such Personal Information, and to delete any related Personal Information that we may hold.
Changes to Privacy Policy
As our business continues to change, our Privacy Policy Statement is subject to change. You should visit our Website frequently to check for the latest changes. You can see the date of publication of the most recent version of this Privacy Policy Statement. Unless otherwise stated, our current Privacy Policy Statement applies to all Personal Information we hold about you and your account. However, we maintain a commitment to always notify customers who will be affected and give appropriate choices in the event of a material change in our Privacy Policy.
Contacts
If you have any privacy concerns about eSurfing Cloud Services or wish to access, change or delete your Personal Information, please contact us with a detailed explanation and we will do our best to resolve the issue for you.
Contact: Data Privacy Officer at China Telecom Global (Compliance Department)
Email Address: dataprotection@chinatelecomglobal.com
If you interact with eSurfing Cloud Services on behalf of or through your organization, then your Personal Information may also be subject to your organization’s privacy statement and you should direct your privacy questions to your organization.
Supplemental Privacy Policy for European Economic Area and the United Kingdom
This supplement to our Privacy Policy and applies to the Personal Information processing in the European Economic Area and the United Kingdom or of European Economic Area and United Kingdom residents and shall be read in conjunction with our Privacy Policy.
This policy covers Personal Information processing performed by China Telecom (Europe) Limited as a data controller, i.e. those processes for which China Telecom (Europe) Limited determines the purposes and means.
Controller of Personal Information
China Telecom (Europe) Limited is the data controller of Personal Information collected for the purposes of account registrations, payment services, provision of customer support, marketing, and advertisement and operates to understand, optimize, develop, or improve our sites, applications, products, services, and operations only. For more information relating to the purposes of the collection of Personal Information, please visit our Privacy Policy.
Processing of Personal Information
We process your Personal Information on one or more of the following legal bases:
l with your consent;
l as necessary to enter into a contract with you or a legal entity you represent, to perform our contractual obligations, to provide our services, to respond to requests from you, or to provide customer support;
l where we have a legitimate interest, as described in this Privacy Notice and our Privacy Policy; or
l as necessary to comply with relevant laws and legal obligations, including responding to lawful requests and orders.
Information We Retain After Your Account is Closed
If you decide to terminate your agreement and close your account, we will delete your Personal Information in accordance with applicable law. After account closure, we may need to keep certain information for an additional period for legal and legitimate business purposes. For example, we may retain Personal Information such as your contact information (e.g. name, email address, physical address) and any invoices that China Telecom (Europe) Limited has sent to you for tax and accounting purposes. If applicable, China Telecom (Europe) Limited may also retain records of communications with you, as well as relevant logs (e.g., a log of your account closure) for dispute resolution purposes. We further may keep records for preventing fraud and ensuring security, for example in case of misuse of our services or violation of our terms.
Your Rights
Subject to the applicable law, you have the right to:
l request access to the Personal Information we hold about you;
l request correction of inaccurate Personal Information;
l request deletion of Personal Information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements;
l request us to restrict the processing of Personal Information where the processing is inappropriate;
l object to the processing of Personal Information; and
l request portability of Personal Information that you have provided to us (which does not include information derived from the collected information), where the processing of such Personal Information is based on consent or a contract with you and is carried out by automated means.
Transfers outside of the European Economic Area
China Telecom (Europe) Limited aims to limit the transfer of Personal Information outside the European Union.
This section relates only to data processed by China Telecom (Europe) Limited as data controller according to this policy, excluding Personal Information entrusted by you to China Telecom (Europe) Limited which is processed by China Telecom (Europe) Limited as a data processor under your instructions.
When we transfer your Personal Information outside the European Economic Area we do so in accordance with the terms of this Supplemental Privacy Policy, our Privacy Policy, and applicable data protection law.
Cookies
Please refer to our Cookie Notice in our Privacy Policy.
Contacts and Questions
The data protection officer can be contacted at: dataprotection@chinatelecomglobal.com. You have a right to lodge a complaint with your local Data Protection Supervisory Authority or with the UK Information Commissioner’s Office: ico.org.uk/for-the-public.
When you consent to our processing of your Personal Information for a specified purpose, you may withdraw your consent at any time, and we will stop any further processing of your data for that purpose.
Supplemental Privacy Policy for Hong Kong
This supplement to our Privacy Policy and applies to the collection, processing, and use of Personal Information in Hong Kong or of Hong Kong residents and shall be read in conjunction with our Privacy Policy.
Sharing Your Personal Information with Affiliates and Service Providers
We collect your Personal Information where it is necessary for the provision of our services. Your Personal Information may be transferred to the following classes of transferees to achieve the purposes prescribed in our Privacy Policy:
l Affiliates of China Telecom Global Limited.
l Governments, law enforcement authorities, courts, and tribunals.
l Legal and other professional advisors.
l Any third party whom you have authorized to obtain your personal information from China Telecom Global Limited and its Affiliates.
l Third party providers who provide the following services to China Telecom Global Limited:
- Payment services
- Digital services
- Other relevant services
Your Rights
You have the right to request access, correction, and deletion in respect of the personal information we collected from you by contacting our Data Protection Officer:
Data Protection Officer Email: dataprotection@chinatelecomglobal.com
Telephone: +852 3100 0000
Address: 28/F., Everbright Centre, 108 Gloucester Road, Wan Chai, Hong Kong Sar China
Contact Us
If you have any comments or questions about this privacy policy, please email dataprotection@chinatelecomglobal.com.
Supplemental Privacy Policy for Indonesia
This supplement to our Privacy Policy and applies to the collection, processing, and use of personal information in Indonesia or of Indonesia residents and shall be read in conjunction with our Privacy Policy
Your Rights
You are entitled to the following rights according to the applicable law: -
l Right to obtain access to your Personal Information;
l Right to have your Personal Information rectified, updated, or deleted;
l Right to object to processing;
l Right to object to automated decision-making; and
l Right to lodge a complaint with a relevant data protection authority.
Children’s Personal Information
We do not offer or provide eSurfing Cloud Services and related services to children, but only to adults who have attained legal age.
Supplemental Privacy Policy for South Africa
This supplement to our Privacy Policy and applies to the collection, processing, and use of Personal Information in South Africa or of South Africa residents and shall be read in conjunction with our Privacy Policy.
Controller of Your Personal Information
Name of the Controller of Your Personal Information: China Telecom (Africa and Middle East) Ltd
Address: Acutus Business Centre, 24 St. Georges Street, Port-Louis 11324, Mauritius
Your Rights
You have the right to request access, correction, deletion, or complaint in respect of the Personal Information we collected by applicable law. If you wish to submit a data subject request, please send an email to Information Officer at ctmealegal@chinatelecomglobal.com.
If you are unsatisfied with the way we address your complaint about our processing of Personal Information, you can contact the office of the local regulator, the details of which are:
The Information Regulator (South Africa)
General inquiry: enquiries@inforegulator.org.za
Complaints (complete POPIA form 5): POPIAComplaints@inforegulator.org.za