Effective date:2024-07-24
This eSurfing Cloud Service Agreement (this "Agreement") is entered into between you (the "Customer") and the Service Provider (as defined below) (the Service Provider, together with the Customer referred to as the "Parties") in relation to the Customer's access to and use of and the Service Provider’s provision of cloud computing services ("eSurfing Cloud Services") via eSurfing Cloud portals (including eSurfing Cloud official website: www.esurfingcloud.com, hereinafter the "Portals").
In this Agreement, "Service Provider" means the entity the Customer is contracting with under this Agreement, and such contracting entity shall be determined by the Place of Registration (as defined below) of the Customer as more particularly detailed in Appendix 4 hereof.
(1) Upon registration, the Customer will be required to provide its Place of Registration (as defined below), and the corresponding contracting entity of the Service Provider is set forth in Appendix 4 hereof.
(2) The Service Provider shall retain the sole discretion to assign and/or designate another signing entity (if any) to be the contracting entity in such Place of Registration (as defined below) as it deems appropriate.
(3) For the aforementioned purposes: (i) the Service Provider reserves the right to, in its sole discretion, transfer, assign and/or novate its rights and responsibilities under this Agreement, to any existing or future Affiliates of the Service Provider; and (ii) "Place of Registration" shall be determined by: (a) for a Customer which is a corporate customer which includes, without limitation, a company, partnership, association, government or other organization, its place of incorporation as evidenced by its certificate of incorporation, business registration certificate or other constitutional documents as requested by the Service Provider; (b) for a Customer which is a natural person, the location of his or her IP address at the time of registration and/or such other means as approved by the Service Provider.
(4) Notwithstanding any contracting entity opted by the Service Provider, the Customer acknowledges and agrees that the eSurfing Cloud Services may be provided by one or more Affiliates of the Service Provider as deemed appropriate by the Service Provider, including as required to comply with applicable laws or in accordance with the Service Provider's internal operations in the relevant jurisdictions.
The applicable addendum as provided in Appendix 3 (the "Jurisdiction Specific Addendum") which sets forth additional requirements in the applicable jurisdictions is hereby incorporated as an integral part of this Agreement.
Before subscribing to and using the eSurfing Cloud Services, the Customer should read and fully understand the entire content of this Agreement. If any personnel uses the eSurfing Cloud Services on behalf of a company, partnership, association, government or other organization, such personnel warrants that he or she is authorised to do so and that he or she is authorised to bind the company, partnership, association, government or other organization to this Agreement. In such circumstances, the "Customer" shall refer to the company, partnership, association, government or other organization.
If the Customer has any questions about this Agreement, it shall make queries via the means set out in this Agreement and the Service Provider shall provide clarifications at such time and in such manner as it considers appropriate. If the Customer does not agree with the content of this Agreement or is unable to accurately understand the Service Provider's clarifications (if any), the Customer shall not subscribe to or use the eSurfing Cloud Services.
The Service Provider constantly updates, revises, and improves the eSurfing Cloud Services. In relation to the eSurfing Cloud Services, the Service Provider may add or remove features or functions, set new limits, or temporarily suspend or permanently discontinue the provision of all or part of the eSurfing Cloud Services. The Service Provider may revise this Agreement from time to time and issue specific terms, codes of conduct or guidelines relating to the whole or a part or more of the eSurfing Cloud Services.
If any modification to the eSurfing Cloud Services or this Agreement materially affects the Customer or materially restricts the access to or use of the eSurfing Cloud Services, the Service Provider will notify the Customer within a reasonable period prior to the change. However, to the extent permitted by applicable laws, the Service Provider may not give advance notice to the Customer if, in the sole discretion of the Service Provider, the modification to this Agreement or the eSurfing Cloud Services will not materially affect the Customer or materially restrict the access to or use of the eSurfing Cloud Services. In respect of amendments to the eSurfing Cloud Services that are made to comply with security, legal or regulatory requirements, the Service Provider may not be able to meet the foregoing advance notice time requirements, but it will notify the Customer as soon as reasonably practicable.
By clicking the confirm button, places an order on the webpage, or uses the eSurfing Cloud Services in any other way, the Customer is deemed to have read and fully understood all the content of this Agreement and to agree to accept and be bound by the content of this Agreement. If the Customer does not agree with or accept this Agreement, it shall not subscribe to or use the eSurfing Cloud Services.
I. Explanations
1. The eSurfing Cloud Services are governed by this Agreement, the eSurfing Cloud Website User Agreement, the eSurfing Cloud Privacy Policy Statement and the general terms and conditions published on the Portals from time to time (collectively, the "eSurfing Cloud Services Contract and Rules"). The Customer may accept the eSurfing Cloud Services Contracts and Rules by, but not limited to, clicking the 'agree' button when registering or subscribing to services on the Portals.
2. Matters not addressed in this Agreement may be provided in other eSurfing Cloud Services Contracts and Rules.
3. This Agreement consists of the following documents:
(1) The terms and provisions contained herein, including the General Terms of Service and the Jurisdiction Specific Addendum;
(2) Special Terms of Service and its schedules which include Service rules related to specific products / services displayed on the Portals, including service descriptions, technical specifications, usage procedures, renewal rules, unsubscription rules, help page, and other legal documents that clarify the rights and obligations of the Parties regarding the use and provision of the eSurfing Cloud Services;
(3) Orders (applicable to annual / monthly subscriptions only).
The aforementioned documents supplement each other. Save as expressly provided, where there is a conflict between the aforementioned documents regarding the same matter, the documents will prevail in the ascending order mentioned above to the extent of the conflict (i.e., the Orders being the highest precedence, followed by the Special Terms of Service and its schedules, and then the terms and provisions contained herein); when there is a conflict between multiple documents within the same order, the document formed later shall prevail. In the event of inconsistency in the interpretation of a matter between any document and the Special Terms of Service of different products or services, the interpretation as provided in the Special Terms of Service of each product or service shall prevail.
4. Upon the execution of this Agreement, if the Customer requires a written confirmation from the Service Provider for the order submitted by the Customer of the eSurfing Cloud Services, such confirmation document provided by the Service Provider to the Customer is only issued at the request of the Customer and is not a confirmation of the conclusion of a contract and does not affect the validity of and does not constitute any amendment or supplement to this Agreement or the eSurfing Cloud Services Contracts and Rules. In case of any inconsistency between such confirmation document and this Agreement, the terms of this Agreement shall prevail.
5. In this Agreement:
(1) any words following the words "include", "includes", "including", "in particular" or any similar words or expressions shall be construed without limitation and will not limit the meaning of words preceding them;
(2) "Affiliate" of the Service Provider means any company, institution, and legal successor thereto that the Service Provider controls or will control, is or will be controlled by, or is or will be under common control with;
(3) "control" means the ability, to influence the management of the relevant company directly or indirectly, whether through ownership, voting shares, contracts or other means as determined by applicable laws; and
(4) wherethe circumstances require, the non-gender references to "it" shall include the masculine "he" or "him" and the feminine "she" or "her", "its" shall include "his" and "her" and references to one gender include all genders.
II. General Terms of Service
1. Type of Service
1.1 The specific content and fees with respect to the eSurfing Cloud Services are determined by: (i) with respect to the fixed annual/monthly subscriptions, the order submitted by the Customer through the Portals and approved by the Service Provider; or (ii) with respect to the pay-as-you-go (PAYG) billing service, the bill issued by the Service Provider based on the Customer's actual use of the services.
1.2 The Customer may opt to subscribe to different offerings of the eSurfing Cloud Services based on its own needs, which include:
(1) Fixed annual/monthly subscriptions: where the specific type of service and service period are determined by the order submitted by the Customer to and confirmed by the Service Provider through the Portals.
(2) PAYG billing service: where the specific type of service is determined according to the actual usage of the Customer.
1.3 The Service Provider will provide the eSurfing Cloud Services in accordance with the service level (if any) agreed in the relevant Special Terms of Service.
2. Service Activation, Change and Termination; Service Flow
2.1 Service activation
2.1.1 Depending on the type of eSurfing Cloud Services selected by the Customer, the Service Provider will activate the eSurfing Cloud Services by:
(1) Activation of fixed annual/monthly subscriptions: the service will be activated when the Customer submits the corresponding order to the Service Provider at the Portals, and pays the fees agreed in the order that is confirmed by the Service Provider.
(2) Activation of PAYG billing service: The PAYG billing service will be activated after the Customer has deposited funds into the Service Provider’s designated bank account through online payment channels and the recharged amount has been transferred to the corresponding eSurfing Cloud account of the Customer. The recharged amount must not be less than US$20. If there is insufficient balance in the Customer's account, the PAYG billing service will be suspended. The PAYG billing service will be resumed after the Customer has deposited sufficient funds into its Service Provider account to pay the full amount required for the service and the available balance is greater than US$0.
2.1.2 After the eSurfing Cloud Services is activated, the Service Provider will provide the eSurfing Cloud Services to the Customer in accordance with the terms of this Agreement, and the Customer may log in to the Portals and complete the relevant service-related configurations and operations in the management console.
2.1.3 The Customer understands and acknowledges that, due to technical upgrades, service system upgrades, or changes in business strategies, the continuous provision of the eSurfing Cloud Services cannot be guaranteed and the Service Provider has the right to update the form, specifications or other aspects of the eSurfing Cloud Services provided (such as the price and billing model of the eSurfing Cloud Services) from time to time. The Service Provider will, before terminating such service or making such changes, endeavour to notify the Customer in advance in one or more ways such as a website notice, email, or SMS.
2.2 The Service Provider will provide 24/7 customer service to the Customer, including the after-sales hotline (+852 3100-0000) for consulting services and online ticket services, to answer questions and solve problems encountered by the Customer in the use of eSurfing Cloud Services. If the customer service is otherwise agreed in the Special Terms of Service, the provisions set out in the Special Terms of Service shall apply.
2.3 When being notified of any issue encountered by the Customer, the Service Provider will provide technical support to the Customer according to the specific circumstances and the Customer's needs, except where the relevant failure or problem is caused by the Customer's personal circumstances and/or a Force Majeure Event (as defined below), and other event beyond the control of the Service Provider.
2.4 For the purpose of enhancing and improving the eSurfing Cloud Services, the Service Provider has the right to regularly or irregularly overhaul, maintain, upgrade and optimize the service platform or related equipment, systems, software, and so forth (collectively referred to as "Routine Maintenance"), and the Service Provider shall not be liable for any interruption or suspension of the eSurfing Cloud Services within a reasonable period of time due to any Routine Maintenance. However, the Service Provider will use reasonable endeavours to inform the Customer of such Routine Maintenance at least 24 hours in advance by way of an announcement on the website or through other means as the Service Provider deems fit. In the event of extraordinary maintenance due to force majeure, for reasons attributable to third parties or any other reasons, the Service Provider will use reasonable endeavours to notify the Customer as soon as reasonably practicable.
2.5 The Service Provider has the right to adjust the system default configuration of the eSurfing Cloud Services from time to time in accordance with its own operational arrangements, and such adjustment shall not constitute a breach of this Agreement by the Service Provider. The Service Provider will use reasonable endeavours to notify the Customer at least thirty (30) days in advance of such adjustments as is reasonably practicable in the circumstances. Upon receipt of such notice, the Customer shall provide assistance, including transferring and backing up relevant data, making business adjustments, and authorizing the adjustments made by the Service Provider at the request of the Service Provider in a timely manner. If the Customer fails to assist in a timely manner after receiving the notice, or if the Service Provider is unable to contact the Customer, the Customer shall be liable for any consequences arising therefrom. If the eSurfing Cloud Services are adjusted or terminated due to a Force Majeure Event (as defined below) or for reasons attributable to third parties or any other reasons, the Service Provider will notify the Customer at such time and in such manner as the Service Provider considers appropriate.
2.6 Termination of the eSurfing Cloud Services
2.6.1 The Service Provider shall have the right to terminate the provision of the eSurfing Cloud Services to the Customer prior to the expiry of the service period without liability for breach of contract under any of the following circumstances:
(1) In accordance with applicable laws or as required by governmental departments or regulatory authorities;
(2) Where the Service Provider considers the continued provision of the eSurfing Cloud Services to the Customer will impose a significant economic or technical burden or a significant security risk on the Service Provider;
(3) Where it is not possible or practicable for the Service Provider to continue to provide the eSurfing Cloud Services to the Customer due to any change in law;
(4) Where the Customer fails to pay the relevant fees in full and/or on time;
(5) Where the Customer has suffered from operating losses, or is unable to operate normally due to significant debts, or has been ordered by the government departments or regulatory authorities to cease operations or has had its business licence or other permit required for its operations revoked for any reason (including due to illegal operations);
(6) By sending a written notice to the Customer thirty (30) days in advance; or
(7) Circumstances where the Service Provider has the right to terminate the eSurfing Cloud Service in advance pursuant to other terms of this Agreement or eSurfing Cloud Service Contracts and Rules.
2.6.2 If the eSurfing Cloud Services are terminated by the Service Provider in accordance with this Agreement, the relevant refund rules set out in the Special Terms of Service or published on the Portals shall apply.
2.7 If the Special Terms of Service of this Agreement provides other specifications on matters such as service activation, change and termination rules and service flow of the eSurfing Cloud Services, such provisions shall also apply.
3. Service Fees and Payment
3.1 Billing rules
3.1.1 All the service quotes provided for the eSurfing Cloud Services in the Portals are quoted exclusive of taxes. The Customer shall, when using the eSurfing Cloud Services, pay the service fee to the Service Provider on time and in full as provided, and fees related to the performance of the eSurfing Cloud Services include bank charges, taxes, and other expenses. Unless otherwise set out in Appendix 3, all the relevant service fees, charges, taxes, and other expenses set out herein are dominated in USD.
(1) Annual/Monthly subscriptions: The service fee payable by the Customer to the Service Provider shall be based on the amount stated in the order approved by the Service Provider.
(2) PAYG billing service: The service fee payable by the Customer to the Service Provider shall be based on the amount stated in the bill sent by the Service Provider to the Customer. During the service period, the service price will change according to the price adjustment of the Service Provider, and the service fee shall be settled based on the price published by the Service Provider in effect when the Customer actually uses the corresponding service.
3.1.2 The Service Provider has the right to adjust the price of the eSurfing Cloud Services based on objective factors such as technological developments, technical architecture adjustments, and marketing. If the Service Provider adjusts the price of the eSurfing Cloud Services, it will publish a notice on the Portals at least fifteen (15) days in advance. If the change will have a significant impact on the eSurfing Cloud Services or fees, the Customer has the right to decide whether to continue to use the corresponding eSurfing Cloud Services. If the Customer does not accept the adjusted price, it shall immediately discontinue the use of the eSurfing Cloud Services. If it continues to use the eSurfing Cloud Services, it shall be deemed to have accepted the adjusted price.
3.2 Method of settlement: the eSurfing Cloud Services provided by the Service Provider are a prepaid service.
3.2.1 The Service Provider will start providing the eSurfing Cloud Services to the Customer after it pays the service fee and relevant taxes and expenses in full. The relevant means of payment shall be provided on the Portals.
3.2.2 If the Customer wishes to continue to use the eSurfing Cloud Services after the expiry of the service period, it shall pay for the renewal before the expiry of the service period or enable the automatic renewal function if the balance in the account is sufficient (for details of the renewal process, please refer to the service renewal rules posted on the Portals). If the service system, name, and price of the relevant eSurfing Cloud Services are adjusted by the Service Provider when the Customer renews the eSurfing Cloud Services, the Customer agrees to renew and be billed according to the new service system, name, and price in effect at that time.
3.2.3 If the Customer requires the Service Provider to issue an invoice for the eSurfing Cloud Service it subscribes to, the Customer shall apply for the issuance of an invoice at the service subscription interface of the Portals upon the completion of its subscription of the eSurfing Cloud Services and payment of the service fee. No invoices will be issued for pre-paid amounts for the time being. After the eSurfing Cloud Services are officially used/consumed, a formal (tax) invoice for the corresponding amount will be issued.
3.3 The Service Provider reserves the right not to provide the eSurfing Cloud Services and/or technical support to the Customer or to terminate the eSurfing Cloud Services and/or technical support unless and until the Customer has paid all the fees as agreed. If the Customer is in arrears, the Service Provider reserves the right not to provide the eSurfing Cloud Services during the period of arrears and the Customer shall not apply for new installation, renewal or change of the eSurfing Cloud Services. Without limiting the generality of the foregoing, if the prepaid amount in Customer’s account is less than zero, the Service Provider will suspend the provision of all or any part of the eSurfing Cloud Services immediately. The Service Provider may terminate the provision of all or any part of the eSurfing Cloud Services to the Customer at any time if the Customer fails to pay any amount under this Agreement between the Parties by its due date and that outstanding amount is not paid within 15 days of the Customer receiving a notice requiring that outstanding amount to be settled. Upon termination, the Customer shall at its own costs return to the Service Provider all equipment used in relation to the eSurfing Cloud Services, failing which the Customer shall allow the Service Provider to enter the Customer’s premises for purposes of retrieving the said equipment and the Customer shall be responsible for all costs incurred by the Service Provider in relation thereto. The Service Provider shall not be liable to the Customer for any costs or damages that may be suffered or incurred by the Customer in the equipment retrieval process by the Service Provider.
3.4 The Customer understands and agrees that all complimentary service items, marketing activities and other incentives are one-time, limited offers in addition to the standard service price, and the content of the offer does not include the modification, update and maintenance costs of the complimentary service items, and the complimentary service items may not be converted to offset the service price.
3.5 If the Customer disagrees with the service fee to be paid, it shall submit a request for verification to the Service Provider in writing. If the fees are confirmed to be incorrect upon the verification by the Parties, the Service Provider shall adjust the corresponding fees.
3.6 Deposit: the Customer may deposit funds into its account, with the minimum amount for a single deposit being US$20.
3.7 Refund: the Customer may apply to withdraw the account balance after depositing the fund, but the corresponding bonus, charges, taxes paid and other related expenses shall be deducted, and no refund is allowed for vouchers and other bonus part. The minimum charge for each refund is US$10.
3.8 Taxes
3.8.1 The relevant fees are exclusive of all applicable taxes imposed by any tax authority on the amounts due under this Agreement, whether existing on the date of this Agreement or effective thereafter.
3.8.2 Each Party agrees to pay all taxes levied on that Party by the tax authorities of its jurisdiction. The Customer is responsible for all applicable taxes levied by the tax authorities in relevant jurisdictions other than those in which the Parties are located.
3.8.3 If the Customer withholds or pays any tax from any amount due under a certain agreement in accordance with the provisions of all applicable laws in relation to the relevant eSurfing Cloud Services, then notwithstanding anything to the contrary in such agreement, the Customer shall increase the total amount payable to the Service Provider so that after any withholding or payment mentioned above, the amount received by the Service Provider is equivalent to the amount it would have received without the withholding or payment. The Customer must also notify the Service Provider in writing of the relevant regulations and provide the Service Provider with appropriate documents to prove the above withholding or payment.
3.8.4 The Customer shall, before the relevant penalty or interest is incurred, pay the withholding amount to the relevant tax authority in a timely manner, and provide the Service Provider with a sufficient tax payment certificate in a timely manner.
3.8.5 Each Party undertakes to the other Party, upon the other Party's request, to promptly provide the other Party with the information it may reasonably require from time to time to perform its obligations under this Agreement or to verify any relevant fees charged under this Agreement.
4. Terms of Service Usage
4.1 Customer qualifications
4.1.1 The Customer undertakes to subscribe to and use the eSurfing Cloud Services in its own name as authenticated by the Portals on a real-name basis. From the date of this Agreement to the performance hereof, the Customer shall continue to have the legal and valid capacity and business qualifications, and provide the Service Provider with true, valid, complete, accurate and up-to-date documents of various capacity and business qualifications and licenses and permits for engaging in the relevant eSurfing Cloud Services. If the Customer is a natural person, the Customer hereby warrants that he or she is at least 18 years old when subscribing to or using the eSurfing Cloud Services. In addition, if the age of majority of the Customer’s Place of Registration is higher than 18 years old, a Customer who is under such age of majority warrants that valid and proper consent of the Customer’s parent or legal guardian has been obtained for him or her to subscribe to or to use the eSurfing Cloud Services. In such circumstances, this Agreement shall be construed as an agreement duly entered by the Customer’s parent or legal guardian on behalf of the Customer.
4.1.2 The Customer represents, warrants and undertakes that neither the Customer, nor any of its directors, board members, shareholders, employees, agents, or financial institutions involved in the performance of this Agreement is:
(1) listed in any list maintained by the United States (including, without limitation, the list of “Specially Designated Nationals” as maintained by the Office of Foreign Assets Control of the U.S. Treasury Department, the Entity List as maintained by the US Commerce Department’s Bureau of Industry and Security), the United Nations Security Council, the United Kingdom (including the Consolidated List of Financial Sanctions Targets as maintained by His Majesty’s Treasury), the European Union and any Member State thereof (including the Consolidated List of Persons, Groups and Entities Subject to Financial Sanctions), People’s Republic of China, or any other applicable government authority (any person so listed being a “Prohibited Persons”) ;
(2) organized in, operating from or resident in a country or territory that is the target of comprehensive sanctions (as of the date of this Agreement, Iran, Cuba, North Korea, Syria, and the Crimea, Donetsk People’s Republic, and Luhansk People’s Republic regions, (“Sanctioned Territories”));
(3) controlled or owned by 50 percent or more individually or collectively by any of the Prohibited Person(s); or
(4) subject to any other sanctions or export controls that, in the Service Provider’s sole discretion, would cause the Service Provider to be unable to perform the service under this Agreement.
4.1.3 From the date of this Agreement to the performance hereof, if the Customer does not have the qualifications or provide the documents as required in this Agreement, the Service Provider has the right to suspend the provision of the eSurfing Cloud Services, require the Customer to rectify within a deadline or directly terminate this Agreement, and pursue the Customer for corresponding compensation and/or other liabilities. If there is any change in the capacity or business qualification documents provided to the Service Provider, the Customer shall provide the most updated documents to the Service Provider as soon as possible upon the change.
4.2 Account security
4.2.1 The Service Provider will, when providing the eSurfing Cloud Services to the Customer, provide the Customer with a uniquely identifiable account in the Portals for the Customer to log in to the Portals and use the eSurfing Cloud Services. The Customer’s account number and password are important credentials for the Customer to subscribe to the eSurfing Cloud Services and use the same. All instructions and related actions issued or done by the Customer's account are deemed to be conducted and authorized by the Customer, and it shall assume all consequences and liabilities resulting therefrom.
4.2.2 The Customer is responsible for the confidentiality and security of its account number and password on the Portals. Upon receipt of the initial password for the relevant account in the Portals provided by the Service Provider, the Customer shall reset the password in the first instance and keep the new password in safe custody.
4.2.3 If the Customer finds that its account or password has been improperly or illegally used by others or if the Customer experiences unusual or abnormal circumstances when using its account, it shall promptly notify the Service Provider in the manner announced by the Service Provider to take measures to suspend the login and use of the account. Upon receipt of a notice from the Customer requesting to take measures to suspend the login and use of its account, the Service Provider will request the Customer to provide valid identification documents. If it is verified that the information provided by the Customer is consistent with its registered identity information, the Service Provider shall promptly take measures to suspend the login and use of the Customer's account.If the Customer does not provide a valid identification document or the information contained in the identification document provided is inconsistent with the registered identity information, the Service Provider has the right to reject the Customer's request above, and the Customer shall bear the losses and liabilities arising therefrom. If the account or password is leaked or obtained by others for reasons attributable to the Customer, it shall bear the losses and liabilities arising therefrom.
4.2.4 The Customer shall submit to the Service Provider a list of the contact person(s) and the person(s) managing the Customer's account and password on Portals and their contact information. In case of any change of the persons mentioned above, the Customer shall update the information online on its own and promptly notify the Service Provider. The Customer shall be liable for any consequences arising from untrue, inaccurate, or incomplete information it provides, as well as from the acts or omissions of the persons mentioned above.
4.3 The Customer shall, when using the eSurfing Cloud Services, meet the requirements of this Agreement and eSurfing Cloud Service Contracts and Rules. The Customer shall provide the necessary technical parameters, including IP address segments and corresponding types of application, server related parameters, networking structure and Internet resources, to the Service Provider in accordance with this Agreement (including the Special Terms of Service) and actively cooperate with the Service Provider to complete the implementation and testing of relevant service works to ensure normal operation of the eSurfing Cloud Services.
4.4 The Customer has the right to use the IP address assigned by the Service Provider and shall not transfer it to others in any way. The Customer shall not use any IP address not assigned to it by the Service Provider. When the Customer ceases to use the eSurfing Cloud Services, the Service Provider shall have the right to take back the right to use the relevant IP address, and all rights, title and interests in and to such IP address shall vest in the Service Provider solely and absolutely at all times, free and clear of any interests of the Customer or any other third parties.
4.5 Without the prior written consent of the Service Provider, the Customer shall not provide the eSurfing Cloud Services under this Agreement for any other third party to use in any manner, except when the Parties otherwise agree that the subsidiaries of the Customer are allowed to use the eSurfing Cloud Services under this Agreement. Otherwise, the Service Provider has the right to terminate this Agreement and the Customer shall be liable for all losses and liabilities arising from such unauthorized use by third parties.
4.6 If the Customer breaches any of the warranties in this Agreement (including the warranties contained in the appendices), including not having all the necessary qualifications or licenses to conduct business on the date of this Agreement, not going through the relevant formalities, or ceasing to hold the necessary qualifications or licenses within the service period, the Service Provider has the right to suspend the provision of the eSurfing Cloud Services and require the Customer to make rectification within a deadline. If the Customer fails to make rectification within the deadline to the Service Provider's satisfaction, the Service Provider has the right to terminate this Agreement without any liability. In such circumstances, the Customer shall be liable for breach of contract and shall compensate the Service Provider for all related losses and liabilities.
5. Network and Data Security
5.1 The Customer shall, when using the eSurfing Cloud Services, comply with all applicable cybersecurity laws, telecommunications regulations and other relevant laws, regulations or relevant provisions in Hong Kong and the relevant regions ("Cybersecurity Laws"), and not commit any illegal or unlawful acts or infringe upon the legitimate rights and interests of the Service Provider and any third party.
5.2 The Customer's use of the eSurfing Cloud Services and the content of the information published, transmitted or stored by the Customer with and through the eSurfing Cloud Services shall comply with the requirements of the eSurfing Cloud Website User Agreement as well as other relevant rules and, where applicable, the Network and Information Security Undertaking (as provided in Appendix 6 hereto), and the Customer shall not do any act that endangers or may endanger the Portals, the relevant business platform of the eSurfing Cloud Services, and the cybersecurity and information security of the Service Provider.
5.3 The Customer shall be solely responsible for the integrity and confidentiality of the data stored on the Portals and the code and password for accessing and managing the various products and services on the Portals, and shall take necessary and effective confidentiality and security protection measures, including standardizing the management of permissions for data access and account usage, setting strong passwords and changing them regularly. The Customer shall be liable for all losses and consequences arising from the loss or leakage of the data, PIN, password mentioned above due to its improper maintenance or insufficient confidentiality measures.
5.4 The Customer shall, when using the relevant eSurfing Cloud Services, make regular backups of its data on cloud server (including applications, databases, system configuration files) and shall be liable for all data loss, omission or destruction caused for reasons attributable to itself, and the Service Provider shall not be liable for the same.
5.5 The Customer is responsible for keeping confidential its own information, materials, and data (including trade secrets) as well as the information, materials and data of its end users and other related subjects involved in the use of the eSurfing Cloud Services, and shall be responsible for cybersecurity and information security in accordance with the law, and be liable for all the consequences and responsibilities arising therefrom.
5.6 If the resource used by the Customer involves any cloud resource situated in Mainland China, the Customer shall, in accordance with the provisions of the Cybersecurity Laws, the Measures for the Administration of Internet Information Services and other laws and regulations, retain access log records of its website, including the content of published information and its time of publication, Internet address (IP), and domain name, and shall cooperate with the queries of the relevant governmental authorities made in accordance with the law and provide the same. The Customer shall assume any legal liabilities arising from failing to keep the relevant records as required.
5.7 For data processed, stored, uploaded, downloaded, distributed, and otherwise dealt with by the Customer through the eSurfing Cloud Services, the Service Provider undertakes to take confidentiality measures and not to disclose to any third party and not to use for purposes other than those set out in this Agreement, except for:
(1) data that can be provided pursuant to this Agreement or other agreements or contracts between the Customer and the Service Provider;
(2) data that should be provided in accordance with the provisions of laws and regulations or as required by governmental departments and/or regulatory authorities;
(3) such confidential information that is publicly available or accessible from the public domain, without violating the provisions of this Agreement; and
(4) data that is disclosed to a third party as required for the provision of software or services requested by the Customer;
5.8 The Customer may delete and change its business data by itself, but shall do so with caution. If the Customer releases or deletes the data through the eSurfing Cloud Services, the Service Provider will, as instructed by the Customer, no longer retain the data.
5.9 When the service period expires or the eSurfing Cloud Services are terminated earlier for any reason or the Customer incurs unpaid fees, except as expressly provided by laws and regulations, as required by the competent authorities or as otherwise agreed between the Parties, the Service Provider will continue to store the Customer's business data (if any) only for a certain period as agreed in this Agreement, at the end of which the Service Provider will delete all of the Customer's business data, including all cached or backed up copies.
5.10 Once the Customer's business data is deleted, it cannot be recovered. The Customer shall bear the consequences and liabilities arising from the deletion of the data as a result, and the Customer understands and agrees that the Service Provider has no obligation to continue to retain, export or return the Customer's business data.
5.11 The Customer understands and agrees that for reasons of security of the Customer's data and system, if the Customer requires the Service Provider’s engineer to operate directly on the relevant eSurfing Cloud Services, it shall authorize the operation of the relevant eSurfing Cloud Services by email, on phone or with a ticket.The Customer shall designate a single contact person as the authorised person (maintainer) who will instruct the Service Provider to carry out the relevant operation when required, and only this maintainer has the right to request the Service Provider to carry out the operation on the relevant eSurfing Cloud Services. The Service Provider is merely responsible for the operation and maintenance of the underlying part below the operating system, and the Customer is responsible for the operating system and the part above it (for example, the applications installed on the system by the Customer). In addition, the Customer shall take the risk of unavailability of the service due to its own operation without communicating with the Service Provider during the authorized period.
5.12 If the Customer subscribes services in the Mainland China through the Website, the User agrees to be bound by the User Responsibilities for Access to Internet Cloud Services (Appendix 1) and the Network and Information Security Undertaking (Appendix 2) as requested by the Service Provider and strictly abide by the undertakings given thereunder. If requested by the Service Provider, the Customer shall execute the abovementioned documents in such manner as prescribed by the Service Provider.
6. Intellectual Property
6.1 The Customer shall, when using the eSurfing Cloud Services, guarantee the legitimacy and non-infringement of any software provided and used by it, its transmission or storage operations or any contents so transmitted or stored. If any third party claims that the software used by, operations on the part of or contents transmitted or stored by the Customer as specified in the preceding sentence infringe its ownership thereof or intellectual property therein or other legitimate rights thereto and interests therein, the Customer shall be liable for settling the claim and compensating the Service Provider for all costs and losses incurred by the Service Provider as a result; meanwhile, the Service Provider has the right to terminate all or part of the eSurfing Cloud Services as the case may be.
6.2 The Customer acknowledges that the intellectual property in or to the software, information, data embodied in the eSurfing Cloud Services provided to it remains the property of the Service Provider, or of which the Service Provider has the right to license/use such intellectual property. Without the prior written consent of the Service Provider, the Customer shall not copy, distribute, transfer, or license or enable others to use such resources, or it shall be held liable accordingly. The Customer shall not modify, translate, adapt, rent, sub-license, distribute on information networks or transfer the operating system and other software provided by the Service Provider, or reverse engineer, decompile or otherwise attempt to discover the source code of the software provided by the Service Provider.
7. Confidentiality
7.1 The Service Provider agrees to keep confidential the information submitted or made available by the Customer with respect to the use of eSurfing Cloud Services and not to disclose it to third parties, except for:
(1) information that, whether expressly or by implication, is intended to be provided to third parties pursuant to this Agreement or other agreements or contracts between the Customer and the Service Provider;
(2) information that should be provided in accordance with the provisions of laws and regulations or as required by governmental departments or regulatory authorities; and
(3) such confidential information that is publicly available or accessible from the public domain, without violating the provisions of this Agreement.
However, such restrictions do not apply to the provision or disclosure by the Service Provider to its Affiliates of any materials and information related to the business of the Customer.
7.2 The Customer shall not provide or disclose to a third party any data and information relating to the business of the Service Provider that comes to its knowledge because of the conclusion and performance of this Agreement without the prior written consent of the Service Provider, except as otherwise provided by laws and regulations or as otherwise agreed herein.
7.3 These confidentiality provisions shall remain valid during the term of this Agreement and survive the termination hereof.
8. Liability for Breach of Contract
8.1 Failure by either Party to perform its obligations hereunder shall be deemed to be a breach of contract. The defaulting Party shall be liable for any damage caused to the other Party as a result of its default.
8.2 If the Service Provider incurs any damages due to the Customer's violation of applicable laws, regulations or any instructions, directions or orders by any competent authority or that may lead to a risk to contract performance or damage to the legitimate rights and interests or reputation of the Service Provider, the Service Provider is entitled to suspend or terminate the performance hereof, terminate this Agreement and take other measures depending on the severity of the circumstances and shall not be liable for breach of contract. If such circumstance leads to legal or administrative proceedings brought by a third party against the Service Provider, the Customer shall be responsible for the settlement thereof, and the Customer shall indemnify the Service Provider in full.
9. Limitation of Liability
9.1 The Customer understands and fully acknowledges that the eSurfing Cloud Services are provided to the Customer on an "as is" and "as available" basis. the Service Provider makes no warranties, express or implied, with respect to eSurfing Cloud Services, including, warranties in terms of fitness for purpose, absence of errors or omissions, continuity, accuracy, reliability, or fitness for a particular purpose. Meanwhile, the Service Provider makes no promises or warranties as to the validity, accuracy, correctness, reliability, quality, stability, completeness and promptness of the technology and information embodied in the eSurfing Cloud Services.
9.2 The Customer acknowledges and understands that the Service Provider cannot guarantee that the eSurfing Cloud Services are free from defects. The Customer acknowledges and agrees that if any defect in the eSurfing Cloud Services provided by the Service Provider is unavoidable due to the technical level of the industry at the time of service provision or avoidable but can only be avoided by incurring exorbitant costs which, in the Service Provider’s sole discretion, is commercially unjustifiable, the Service Provider will not be considered to be in breach of contract and the Customer will cooperate with the Service Provider to correct such defects.
9.3 The Service Provider will take preliminary security protection measures for its systems and equipment in accordance with the requirements of applicable laws. If the Customer requests security protection measures at a level higher than the preliminary measures, the Customer shall purchase advanced security protection services or secure other security protection software or systems to fulfil its needs. To the extent the Customer is responsible for the relevant breach or violation of the Agreement, the Customer shall be liable for any claims and liabilities because of its failure to take necessary and effective security protection measures for the computer information systems and equipment used by it.
9.4 The Customer understands and fully acknowledges that, although the Service Provider has put in place (and will continue to improve with the development of technology) necessary technical measures to defend against issues or behaviors that endanger cyber security including computer viruses, network intrusion and attacks (including DDoS) (hereinafter collectively referred to as the ''Behavior''), where the continuity, accuracy, reliability and applicability of the eSurfing Cloud Services is affected due to the limitation and incompleteness of network security technology as well as the unpredictability of the Behaviors, the Customer's improper operations, or the Customer's use of the eSurfing Cloud Services by means other than those authorized by the Portals, or any potential Force Majeure Events (as defined below), the Service Provider shall not be liable for any damages resulting therefrom, including damages for loss of profits, goodwill, data property, and so forth, except in accordance with the provisions set out in this clause. If any Behaviors against the Customer's account cause harm to the Service Provider or the Service Provider's network or servers (including local, out-of-town and international networks, servers), or affects the smooth connection between the Service Provider and the international Internet or between the Service Provider and specific networks or servers and within the Service Provider, the Service Provider reserves the right to suspend or terminate the services, and if the Service Provider suffers from a major network incident attributable to the Customer, the Service Provider will reserve the right to claim compensation from the Customer, provided that the Customer is responsible for the damages and the Customer will be held criminally liable for any crimes (if any) in accordance with law.
9.5 Upon the request of competent government authorities, the Service Provider will suspend or terminate the provision of relevant services and will not be held liable in any way.
9.6 This Agreement (including the Special Terms of Service, the eSurfing Cloud Service Level Agreement, and the relevant service rules for specific products/services displayed on the Portals) sets out the Service Provider's sole and exclusive liability to compensate (if any) in the event of specific "service unavailability".Notwithstanding such agreement, the Customer agrees and acknowledges that the unavailability of the eSurfing Cloud Services provided by the Service Provider shall not count towards the calculation of unavailability period if such unavailability is the result of:
(1) System maintenance conducted by the Service Provider with prior notice to the Customer, including cutovers, repairs, upgrades, and simulated failure drills;
(2) Any network or equipment failure of or configuration adjustment to the equipment other than those owned by the Service Provider;
(3) Customer's application or installation operations;
(4) Hacking attack against the Customer's application or data information;
(5) Negligence on the part of the Customer or any operation authorized by the Customer;
(6) Loss or leakage of data, passwords, codes, and so forth caused by improper maintenance or inadequate confidentiality measures by the Customer;
(7) Upgrade of the operating system by the Customer itself;
(8) Operating system vulnerabilities; and
(9) Other unavailability not attributable to the Service Provider.
9.7 The Special Terms of Service may set out additional limitations of the liability of the Service Provider which also apply to the Customer's use of the services provided by the Service Provider.
9.8 To the maximum extent permitted by applicable laws in the Customer's jurisdiction, the Customer will access and use the eSurfing Cloud Services at its own risk, and the Service Provider expressly excludes any liability, loss or damage, whether based on contract, tort (including negligence, tort) or otherwise, suffered or incurred by the Customer or any other person in respect of the following:
(1) Loss of profits, loss of income, loss of revenue, loss of data or loss of goodwill; and
(2) Special, indirect, or consequential loss or damage.
9.9 The limitation of liability provisions and exclusion provisions hereunder shall apply whether the Service Provider has been aware or should have been aware of the possibility of such damages.
9.10 Whenever the Customer is dissatisfied with any aspect of the eSurfing Cloud Services, ceasing to access and use the eSurfing Cloud Services shall constitute the sole remedy available to the Customer. Without prejudice to the foregoing limitations, to the maximum extent permitted by the applicable laws of the Customer's jurisdiction, the Service Provider's maximum aggregate liability to the Customer for its or other person's claims, actions, liabilities, obligations, damages, losses and costs shall not exceed aggregate fees paid by the Customer to the Service Provider during the period of 12 months prior to the date that the most recent liability arises, whether based on contract, tort (including negligent tort) or otherwise. The Customer understands and agrees that the disclaimers and limitations of liability herein are fair and reasonable.
9.11 The foregoing limitations and exclusions may not be permitted by the laws of certain jurisdictions in whole or in part and in such circumstance, all or part of the foregoing exclusions or limitations may not apply to the Customer and the Customer may have additional rights. Nothing in this Agreement affects the legitimate rights to which the Customer is entitled as a consumer in the relevant jurisdictions.
9.12 Nothing in this Agreement shall limit or exclude either Party’s liability for: (i) death or personal injury caused by negligence; (ii) fraud or fraudulent misrepresentation; or (iii) any other liability to the extent that it may not be limited or excluded in accordance with applicable laws.
10. Force Majeure
Where either Party fails to perform its obligations hereunder (save and except the Customer’s obligations to pay for the services subscribed which shall remain in full force at all times) in whole or in part due to circumstances beyond the Party's reasonable control, including, but not limited to, fire, flood, earthquake, rainstorm, tempest, riot, disturbance, natural disaster, severe weather, lightning, explosion, civil unrest, labour shortage or labour dispute, public health emergency, change in laws, regulations or rules, power failure, sabotage of communication lines, loss of power or shortage of power supply, vandalism, act or threat of terrorism, war, military action, epidemic (including COVID-19), global pandemic or infectious disease, change in applicable laws, acts of government or other competent regulatory authority (including regulatory or other telecommunication operators or third party providers or management or other competent bodies) (each, a "Force Majeure Event"), the affected Party(ies) shall not be liable for breach of contract, but it (they) shall inform the other Party in writing of the situation within fifteen (15) days of such occurrence, and provide supporting documents issued by relevant authorities. Within a reasonable time after the effect of such Force Majeure Event has been removed, the Party(ies) shall resume its (their) performance hereof. If, because of a Force Majeure Event lasting three (3) months or more (counting from the date of its first occurrence), the resumption of performance hereof is impossible or unnecessary, either Party shall have the right to terminate this Agreement.
11. Data and Privacy
11.1 In this Agreement and applicable addendum as provided in Appendix 5 (“eSurfing Cloud Data Processing Addendum (DPA)”), "Personal Data" means personal data as defined in the laws, regulations, legislative and regulatory requirements and codes of practice applicable to the Service Provider, the Customer, the Portals and the eSurfing Cloud Services in respect of the use and processing of personal data, including: (a) any data protection laws which apply to personal data processing as set out under this Agreement and eSurfing Cloud Data Processing Addendum, whether international, foreign, national, state, and/or local, including the Personal Data (Privacy) Ordinance (Cap. 486 of Hong Kong); and (b) any amendments or successor legislation ("Data Protection Laws"). eSurfing Cloud Data Processing Addendum sets forth additional requirements in the applicable jurisdictions is hereby incorporated as an integral part of this Agreement. “Customer Account Information” means the information generated by or relevant to the creation and usage of the Customer’s business account on the eSurfing Cloud platform, including usernames, email addresses, the billing data associated with this account. To perform under this Agreement, Personal Data that processed by the Service Provider includes Customer Account Information and Customer Data (as defined in the DPA).
11.2 The Service Provider will process Customer Account Information in accordance with eSurfing Cloud Privacy Policy Statement and all Customer Data in compliance with the Data Protection Laws and in accordance with this Clause 11 and eSurfing Cloud Data Processing Addendum, as amended from time to time. Between the Parties, the Customer is the data controller (or equivalent terms under the Data Protection Laws) of Personal Data and the Service Provider is the data processor (or equivalent terms under the Data Protection Laws) of Personal Data. For the purpose of this Clause 11, “data controller” and “data processor’ have the meaning given to such terms (or equivalent terms) under the Data Protection Laws.
11.3 The Service Provider will only collect, use, disclose and/or process (“Process”) Personal Data which the Customer discloses to the Service Provider for the purpose of providing the eSurfing Cloud Services to the Customer and as otherwise provided for in this Clause 11 and eSurfing Cloud Data Processing Addendum. The types of Personal Data the Service Provider Processes include the information provided or disclosed by the Customer or otherwise collected by the Service Provider pursuant to the eSurfing Cloud Services. The Customer is responsible for ensuring that all Personal Data it provides to the Service Provider is legitimate, accurate and complete. Further, the Service Provider may Process Personal Data relating to an employee, worker, consultant, agent, contractor or other individual within the Customer's organization with the Service Provider's business partners for the purpose of providing the eSurfing Cloud Services, and the Service Provider's business partners may Process such Personal Data for the sole purpose of assisting the Service Provider and facilitating the Service Provider in providing the eSurfing Cloud Services.
11.4 The Service Provider operates and may continue to operate servers in a number of jurisdictions around the world, so the servers on which the Personal Data is used or stored from time to time may not be in the Place of Registration. Where required under the Data Protection Laws, the Customer consents to and undertakes to procure that relevant individuals (including directors, partners, ultimate beneficial owners, employees and other third parties, where applicable) consent to the transfer of Personal Data to places outside the Place of Registration to carry out the purposes, or directly related purposes, as described under this Clause 11. Where such a transfer is performed, it will be done in compliance with the requirements of eSurfing Cloud Data Processing Addendum and the Data Protection Laws in force at the time of transfer.
11.5 Where required under the Data Protection Laws, the Customer consents to and procures that relevant individuals consent to the Service Provider's collection, use, disclosure and/or processing of Personal Data for the purposes as set out in this Agreement. If the Customer provides any Personal Data relating to a third party to the Service Provider, the Customer warrants and represents to the Service Provider that the Customer has obtained the consent of such third party, and for the collection, use, disclosure and/or processing of their Personal Data for all purposes as set out in the Agreement (including providing the eSurfing Cloud Services and complying with applicable laws and by or for the benefit of such third party). The Customer also consents to, and undertakes to procure the relevant individuals consent to, the use of such Personal Data to enable the Service Provider and our authorised third parties to communicate with the Customer, and for statutory, accounting and archival purposes, in accordance with this Clause 11.
11.6 If the Customer has any enquiries about the Service Provider's processing of Personal Data, it shall contact the Service Provider's Privacy Officer via email at dataprotection@chinatelecomglobal.com (attention: Data Privacy Officer, China Telecom Global (Compliance Department)).
11.7 If, as part of the use of eSurfing Cloud Services, the Customer receives any Personal Data from the Service Provider, the Customer shall ensure that it: (1) uses appropriate technical and organizational measures and standards to protect the Personal Data against unauthorized or accidental access, processing, erasure, loss or use; (2) ensure that the Personal Data is accessible only to those of its personnel who need to have access to the Personal Data; (3) not disclose, transfer or grant access to the Personal Data to any other third party; and (4) process the Personal Data strictly in accordance with the Service Provider's instructions and applicable laws.
12. Application of Law and Dispute Resolution
12.1 This Agreement shall be governed by the laws of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong"), provided this stipulation is not in conflict with applicable laws and regulations.
12.2 All disputes of any kind arising out of or in connection with this Agreement will be resolved by amicable negotiation between the Parties. If such amicable negotiation fails, the Parties agree to submit to the non-exclusive jurisdiction of the courts of Hong Kong. Throughout the course of the proceedings, the Parties will continue to perform the provisions hereof other than the parts subject to such proceedings.
13. Miscellaneous
13.1 The headings of the section hereof are for convenience only and shall have no legal or contractual effect.
13.2 If any provision hereof is held to be invalid, void, or unenforceable, such provision shall be deemed severable and not affect the validity and enforceability of this Agreement and other provisions hereof. In particular, if any provision contained in this Agreement is held to be invalid or unenforceable but would be valid and enforceable if part of the wording of the provision were deleted, the provision shall apply with such modification as is necessary to make it valid and enforceable.
13.3 The Service Provider is entitled to transfer, assign and/or novate its rights and obligations hereunder in whole or in part to its Affiliates, and notify the Customer by posting an announcement on the Portals, sending a private message, or circulating a notice via email as agreed in this Agreement.
13.4 The provisions concerning confidentiality, the application of law and jurisdiction herein and other provisions of this Agreement which by their nature should survive (e.g., the Customer's warranty of authenticity of the information submitted by it to the Service Provider) shall not be invalidated by the termination hereof.
13.5 The appendices hereto constitute an integral part of this Agreement. In the event of any conflict between the appendices (other than the Jurisdiction Specific Addendums) and the main body hereof, the main body of this Agreement shall prevail.
13.6 A person who is not a Party to the Agreement has no right to enforce any terms of the Agreement under the Contracts (Rights of Third Parties) Ordinance (Cap. 623) or otherwise.
13.7 Any delay or failure by the Service Provider to enforce the terms of the Agreement shall not constitute a waiver of those terms or its rights thereunder, and such failure shall not affect the Service Provider’s rights to enforce such terms and rights later.
13.8 Nothing in the Agreement is intended to create or creates any type of joint venture, employee-employer, creditor-debtor, escrow, partnership, or any fiduciary relationship between the Service Provider and the Customer. No Party shall be deemed to be an agent or representative of the other Party by virtue of this Agreement, and no Party is authorised to, or will attempt to, create or assume any obligation or liability, express or implied, in the name of or otherwise on behalf of the other Party, and without limiting the generality of the foregoing, no Party shall enter into any contract, agreement, or other commitment, make any warranty or guarantee, or incur any obligation or liability in the name or otherwise on behalf of the other Party.
13.9 The Customer consents to receive communications from the Service Provider electronically and the Customer agrees that all agreements, notifications, disclosures, and other communications that the Service Provider provides to the Customer electronically satisfy any legal requirement that such communications be in writing, unless applicable laws specifically require a different form of communication.
13.10 In the event of any conflict or inconsistency between the English version and versions of any other language this Agreement is made available in, to the extent permitted by the applicable laws, the English version shall prevail.
Appendix 1
User Responsibilities for Access to the Internet Cloud Host
A user who accesses the telecommunications public network through the use of cloud services (“User”) must read the User Responsibilities for Access to Internet Cloud Services (these “Responsibilities”) and consciously comply with the provisions herein.
I. The User shall, when accessing the telecommunications public network, comply with the relevant national laws, regulations and rules.
II. The User guarantees that it has all the legal and necessary qualifications to engage in Internet services, including but not limited to business license, value-added telecommunications business operating license, advertising business license, non-commercial ICP filing certificate and other qualifications required by China Telecom, such that they can legally conduct business using the services provided by China Telecom. In particular:
1. The User who engages in special Internet information services such as Bulletin Board Service, news, publishing, education, health care, drugs and medical devices, culture, radio, film and television programs shall obtain the necessary approval from competent authorities and carry out the necessary approval or filing procedures in accordance with the laws, administrative regulations and relevant State regulations, and obtain the approval and filing documents from the relevant communications administration.
2. The User who engages in non-commercial Internet information services shall first log on to the filing management system of the Ministry of Industry and Information Technology to go through the Internet filing procedures and perform annual audit procedures on a regular basis. If the local communications administration requires to go through non-commercial Internet information service filing procedures, the User shall also complete such filing procedures with the communications administration at where it resides. If the User requests China Telecom to provide filing services on its behalf, it shall provide China Telecom with the information required for filing and continually maintain and update such information, and regularly submit the information required for website management to China Telecom and the competent industrial administration of China Telecom. The User undertakes and confirms that all the filing information submitted is true, complete, legitimate and valid, and that when the filing information provided changes, the updated information shall be submitted to the filing system in a timely manner, and if the filing information is inaccurate due to a failure to update in a timely manner, China Telecom shall have the right to take measures to suspend or terminate the provision of services or disconnect network access in accordance with the law.
3. The User who engages in commercial Internet services shall obtain the corresponding value-added telecommunications business operating license.
4. The User who engages in commercial Internet services shall display its business license number at a prominent position on the home page of its website; the User who engages in non-commercial Internet services shall display its filing number in the central position at the bottom of the home page of its website when it is launched, and link to the website of the Ministry of Industry and Information Technology filing management system below the filing number for public enquiry and verification, and the User shall also place the filing electronic verification logo in the designated directory of its website in accordance with the requirements of the Ministry of Industry and Information Technology filing management system.
5. The User warrants that it has completed the formalities required by other laws, regulations and departmental rules or has obtained the relevant qualifications and certificates.
Before signing the contract, the User shall provide China Telecom with the original of the aforementioned qualifications and certificates and the certificate of good standing for China Telecom’s examination and approval, and a copy (affixed with the official seal) for China Telecom’s retention. The User warrants that the information provided is true, complete, accurate, legitimate and valid. If there is any change in the content of the certificate of good standing and qualifications and certificates submitted by the User during the service period, it shall provide the most recent documents to China Telecom as soon as possible upon the completion of such change.
III. The User shall not use the public telecommunication network to engage in criminal activities such as endangering national security and leaking state secrets; it shall not use the public telecommunication network to access, duplicate and disseminate information that endangers national security, obstructs social security or is obscene and pornographic; and it shall not use the public telecommunication network to publish information that is malicious and provocative to others. If such information is found, China Telecom will immediately report it to the relevant authorities and the User shall be liable for all consequences.
IV. The User must establish an effective security and confidentiality system and technical assurance measures, and it is obliged to provide network usage and relevant information as required by China Telecom and accept China Telecom’s network security management and information security management and monitoring; the User is required to provide effective means of detection of their information services, including test accounts and passwords, and inform China Telecom in writing when its account is changed.
V. The User shall not, when using the telecommunications public network, engage in activities that endanger the safety of other people’s information systems and networks or infringe upon the legitimate rights and interests of others. In the event of occurrence of any abnormalities in the network, the User shall actively cooperate with China Telecom to resolve them. When the User maintains its equipment or makes adjustments to the equipment configuration parameters, it must accept the maintenance and management agreement of the server room in order to avoid causing impact on other users.
VI. The User shall strictly comply with the management rules of China Telecom’s server room upon its entrance thereto.
VII. The User shall not in any way, when using cloud host, engage in any business that has not been approved by the government administration or not been agreed to be carried out in the contract.
VIII. The private line applied by the User for the maintenance of the host is only for the daily maintenance of the host and updating the content of the host, and shall not be used for other purposes, otherwise China Telecom has the right to immediately disconnect such private line and recover any losses.
IX. The User shall comply with the contract and the relevant management regulations of China Telecom, otherwise China Telecom has the right to impose relevant penalties, including but not limited to refusing or stopping the provision of cloud host services and taking legal actions against the User.
X. As required by the Internet Supervision Branch of each provincial or municipal Public Security Bureau, the User shall submit its filing information online within 5 working days of accessing the Internet, and apply for filing at the Internet Supervision Branch of the corresponding provincial or municipal Public Security Bureau within 10 working days of submission of such information. Please refer to the website of the local Public Security Bureau for relevant laws and regulations, filing procedures and a list of filing materials.
XI. If the User is in violation of any of the aforementioned warranties, China Telecom has the right to refuse or stop providing services or facilities and require the User to make rectification within a time limit. If the User fails to make rectification within the said time limit, China Telecom shall have the right to terminate the contract without any liabilities; if the User causes losses to China Telecom due to any of the aforementioned circumstances, it shall also compensate for the losses.
XII. It is the responsibility of the User’s supervisors at all levels to educate and supervise the staff of their entity to strictly comply with the aforementioned provisions.
These Responsibilities shall take effect concurrently with the contract.
Appendix 2
Network and Information Security Undertaking
The User (hereinafter “we”, including sub-users of corporate users, the same below) solemnly undertake that we will comply with all relevant terms of this Undertaking and will bear any civil, administrative or criminal liabilities as a result of any breach of relevant terms herein.
I. We undertake that we will comply with the People’s Republic of China Cybersecurity Law, the Standing Committee of the National People's Congress Decision on Strengthening Network Information Protection, the People’s Republic of China Telecommunications Regulations, the People's Republic of China Regulations on Safety Protection of Computer Information Systems, the Measures for Security Protection Administration of the International Networking of Computer Information Networks, the Administrative Measures on Internet Information Services, the Administrative Measures on Filing of Non-Commercial Internet Information Services, the Provisions on the Administration of Mobile Internet Applications Information Services, the Provisions on Protecting the Personal Information of Telecommunications and Internet Users, Contingency Plans on Public Internet Safety Emergency and other relevant laws, regulations, rules and policies ("Applicable Provisions").
II. We undertake that we will use the services in compliance with Applicable Provisions, requirements of competent authorities as well as the terms of the contract; that we will not use the services beyond the scope agreed or for any purposes other than those specified in the contract; and that we have all qualifications for engaging in our business required by law.
III. We undertake that we will provide identity information and use services as required by the user authentic identity information system (the “real-name system”) and warrant that all information and documents we provide are true, complete, accurate and valid.
IV. We warrant that we will not use the network (including but not limited to the fixed network, mobile network, and Internet, the same below) for any illegal or criminal activities such as endangering national security or divulging State secrets or for infringement upon the legitimate rights and interests of others.
V. We undertake that we will, in strict accordance with applicable laws and regulations of the State, perform our duties of cybersecurity and information security management, improve cybersecurity management systems, implement technical measures for security and protection purposes, designate responsible person(s) and auditor(s) for information security and notify you of any change of responsible person(s) for security promptly. Otherwise, we will bear any consequences of failing to do so, and you have the right to terminate the contract immediately.
VI. We undertake that we will cooperate with you in providing support to public security, national security and other governmental authorities in their safeguarding national security and investigating any criminal activities, by providing true security information, materials, and data documents, and by assisting with their investigation of and punishment against illegal and criminal acts performed using information technology and cyberspace.
VII. We undertake that any information we send will be true, accurate and lawful, and that all contents will be published in strict accordance with Applicable Provisions. We will not create, duplicate, access, or spread any harmful information or disseminate any information that is illegal, undesirable, or subversive, nor will we create, duplicate, access, or spread any information that has any contents in violation of any of the following requirements (“Nine Nos” and “Six Prohibitions”):
“Nine Nos” refers to no producing, reproducing, viewing or disseminating information containing any content below:
1. which opposes the basic principles established by the Constitution;
2. which endangers national security, divulges State secrets, subverts State power, and undermines national unity;
3. which damages national honor and interests;
4. which incites ethnic hatred, ethnic discrimination, or undermines ethnic unity;
5. which undermines the State’s religious policy and promotes cults and feudal superstitions;
6. which spreads rumors, disrupts social order, and undermines social stability;
7. which disseminates obscenity, pornography, gambling, violence, murder, terror or abets crimes;
8. which insults or defames others or infringes on the legitimate rights and interests of others;
9. which contains other content prohibited by laws and regulations.
“Six Prohibitions”, i.e.,
1. No opinions that go against the Chinese Communist Party's theory, line, principles and policies are allowed to be disseminated among the masses;
2. No remarks that are contrary to the decisions of the Central Committee are allowed to be published publicly;
3. No pretentious implementation of the central government's decision-making and deployment is allowed;
4. No political rumors and remarks that vilify the image of the Party and the State are allowed to be fabricated and spread;
5. No secrets of the Party and the State are allowed to be disclosed in any form;
6. No illegal organizations or illegal activities are allowed to be participated in.
VIII. We undertake not to engage in any activities that endanger cybersecurity and information security, including but not limited to:
1. Accessing the network or using network resources without permission;
2. Deleting, modifying or adding network functions without permission;
3. Deleting, modifying or adding data and applications stored or transmitted in the network without permission;
4. Deliberately creating or spreading destructive programs such as network viruses;
5. Making other threats against cybersecurity.
IX. We undertake that we will comply with the following provisions in any use of voice access services (including but not limited to private voice lines, access of shortened numbers and numbers starting with 400):
(1) The service will be used at periods [ ] at frequencies [ ], and the outbound call forwarding function of the services is disabled by default.
(2) We will meet the real-name system requirements and refrain from applying for or using services in the name of any individual. The originally dialed telephone numbers for termination purpose shall be our telephone numbers obtained on a real-name basis and used in compliance with rules.
(3) We will not sublease or resell any services, or otherwise, you have the right to terminate the contract immediately without giving notice to us.
(4) We will regulate our use of the services in the following manner: (1) The telephone numbers used for outbound call service shall be the numbers assigned by you or competent communications administration; (2) The numbers shall be transmitted in compliance with the applicable requirements on number and signal transmission issued by competent communications administration; (3) Only the true numbers shall be transmitted, and no unauthorized change in the numbers, or transmission and display of numbers other than those specified under applicable contracts, false numbers, illegal numbers or numbers that we are not authorized to use will be permitted; and (4) We shall refrain from concealing, transferring, changing, subletting, reselling, forging or altering the numbers, whether directly or in a disguised manner. We undertake that, as required, we will provide the use and scope of availability of the numbers applied by us, and that we will not conduct business in violation of any rules or change the use specified in the contract. We further undertake that, we will not engage in wholesale traffic business without specific calling parties or called parties, transfer inbound international calls without authorization, provide inbound voice termination service for illegal VoIP, phone calls with changed phone numbers and Internet calls (PC software/APP) by any technological means, or make outbound calls via automatic voice group call. In the event of a breach of the foregoing undertaking, you have the right to terminate the contract unilaterally and immediately without giving notice to us, and we will bear any consequences of such breach.
(5) We will not transfer the numbers to another territory for further use, or sublease to other users the cloud server, network storage, content distribution services or any other Internet resources by any technological means, nor will we transfer Internet traffic via VoIP, use the services for the purpose of multiple transferring or circumventing number source tracing and detection. The call center or access platform (small switch) will not use a remote calling number to make cross-province outbound calls, or use the numbers, Internet access platform, cloud service platform, content distribution platform or other fundamental resources or services of the telecommunications network or Internet for fraud or harassment. “Fraud or harassment” referred to herein includes without limitation, the following circumstances where:
1. Any competent government authority determines there allegedly exists fraud or other crimes with respect to the numbers or domain name, URL or IP for telecommunication access;
2. Any user makes a complaint to or report to “12321 Negative Online Information or Spam Reporting Center” with respect to any number used by us;
3. Any competent communications administration or you detect, during any dialing test or online signal inspection, any anomalies with respect to the numbers used by us including abnormal outbound calls or alleged access to fraud-related business by Internet infrastructure resources.
(6) We will develop an effective information security management system and technical safeguards to ensure backup of call recording files for management, supervision and inspection by competent government authorities and you, and provide technical support to relevant competent authorities. If there are additional requirements for information security management under Applicable Provisions or from competent government authorities, we will unconditionally cooperate with you to take rectifying measures to meet the additional requirements under such Applicable Provisions or from such competent government authorities.
X. We undertake that we will comply with the following provisions when using wireless Internet (including but not limited to CDMA1X, CD MA1X EVDO and WLAN ), SMS Gateway (including but not limited to SMS information platform, ISAG system and integrated office business platform) or SMS-related businesses:
(1) We shall not use the services to produce, reproduce, view or disseminate any vulgar online contents that are detrimental to the physical and mental health of the teenagers, including but not limited to:
1. Contents that explicitly or implicitly depict sexual conduct, that are associated by one with sex, or that are provocative or insulting;
2. Contents directly exhibiting or depicting genital or sexual parts;
3. Depiction of sexual conduct, sexual intercourse or manners of sexual intercourse or sexually suggesting or titillating remarks;
4. Contents depicting or exhibiting genital or sexual parts, or genital or sexual parts that are barely covered;
5. Contents exhibiting human body or private parts that are uncovered or covered by limbs only;
6. Contents exhibiting wardrobe malfunction, photos taken in a clandestine manner or nip slip which infringe on personal privacy of others;
7. Contents using provocative titles to encourage clicks;
8. Erotic and vulgar novels or audio-visual contents prohibited by competent authorities, including the clips removed from a certain movie;
9. Inappropriate dating advertisements for the purpose of one-night stand, wife swapping or SM;
10. Erotic cartoons and animations.
11. Contents promoting violence, malicious abuse and insults;
12. Illegal advertisement of sex products and treatment for venereal disease; and
13. Private information of others maliciously disseminated without authorization or via doxing.
(2) We will not engage in the business of collecting fees on behalf of pornographic websites, or otherwise, you have the right to immediately cease to provide the services and refuse to settle any payments.
(3) Without the consent of the user, we shall not send to the user any commercial electronic information or advertisement.
XI. We will comply with the following provisions in any use of Internet access services (including but not limited to the use of the circuit, Internet data center, private network, or cloud host):
(1) We have all qualifications required for providing Intent services under law and have completed all formalities and obtained relevant qualification certificates required by Applicable Provisions. Prior to the conclusion of the contract, we will provide you with originals of our certificate of good standing, qualifications and certificates for your review and copies of the same bearing our official seal for you to retain, and we warrant that all such documents are true, complete, accurate, and valid. During the term of the contract / service period and in the event of any change to the information set out in any qualifications or certificates we have provided, we will provide you with the most recent documents as soon as possible after the completion of such change. The foregoing certificate of good standing, qualifications and certificates include without limitation our business license, value-added telecommunications business operating license, advertising business operating license, non-commercial Internet information services filing certificate and other documents you may request. In particular:
1. If we are to engage in special Internet information services such as Bulletin Board Service, news, publishing, education, health care, drugs and medical devices, culture or radio, film and television programs, we shall obtain the necessary approval from government authorities and carry out the necessary approval or filing procedures in accordance with the Applicable Provisions, and obtain the approval and filing documents from the relevant communications administration.
2. If we are to engage in non-commercial Internet information services, we shall first go through the Internet filing procedures and perform annual audit procedures on a regular basis. If we request you to provide filing services on our behalf, we shall provide you with the information required for filing and continually maintain and update such information, and regularly submit the information required for website management to you and your competent industrial administration. We undertake and confirm that all the filing information submitted is true, complete, accurate and valid, and that when the filing information changes, the information stored in the filing system shall be updated in a timely manner, and if the filing information is inaccurate due to a failure to update in a timely manner, you shall have the right to take measures to suspend or terminate the provision of services or disconnect network access in accordance with the law.
3. If we are to engage in commercial Internet services, we shall obtain the corresponding value-added telecommunications business operating license.
4. If we are to engage in commercial Internet services, we shall display our business license number at a prominent position on the home page of its website; if we are to engage in non-commercial Internet services, we shall display our filing number in the central position at the bottom of the home page of its website when it is launched, and link to the website of the Ministry of Industry and Information Technology filing management system below the filing number for public enquiry and verification; we shall place the filing electronic verification logo in the designated directory of its website in accordance with the requirements of the Ministry of Industry and Information Technology filing management system.
(2) We will strictly comply with the management rules of China Telecom's server room upon our entrance to it with your permission.
(3) We shall, as required by the Internet Supervision Branch of local Public Security Bureau, submit the filing information online within 5 working days of accessing the Internet, and apply for filing within 10 working days of submission of such information.
XII. We undertake that, in the event of any major security incident during our use of the services, we will take emergency measures immediately, preserve relevant original records, and report to the competent authority and inform you in writing of the incident within 24 hours. In the event of any major security incident or other emergency events that affect cybersecurity and information security, you have the right to take emergency measures including but not limited to stopping the provision of services to ensure cybersecurity and information security.
XIII. In the event of a breach of any of the undertakings above, we will bear liabilities for breach under the contract, accept disciplinary actions taken by competent authorities (including but not limited to corrections within a specified time frame as well as publicity), and will not evade but bear corresponding statutory liabilities; where there is a loss of property as a result of such breach, we will make a compensation on our own. Meanwhile, you have the right to suspend or cease the services or even terminate the contract without giving notice to us and without any liability, and any consequences of and liabilities for such breach will be borne by us. Where you suffer a loss or adverse impact, we will be responsible for eliminating negative impact and compensate for your loss.
XIV. It will be our responsibility to take corrective actions and assume liabilities for any complaints or reports of our breach of any of the undertakings above. When [number] or more such complaints or reports are received within a month by communications administration, “12321 Negative Online Information or Spam Reporting Center”, China Telecom Customer Service Hotline (10000) or other channels, you have the right to cease to provide the services immediately without giving notice to us.
XV. We undertake that we accept an undertaking on cybersecurity and information security be referring to this Undertaking and procure the end user to perform corresponding obligations. Otherwise, we will bear joint and several liability with the end user.
XVI. This Undertaking will take effect concurrently with the contract.
Appendix 3
Jurisdiction Specific Addendum
A. Jurisdiction Specific Addendum (Brazil)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
In this Addendum:
"ANPD" means the Brazilian National Data Protection Authority;
"Brazilian General Data Protection Law" or "LGPD" means Law No. 13,709/2018, which came into effect in August 2020 and may be amended from time to time, and guidance issued by the ANPD;
"Data Importer" or "CT Local Entity" means China Telecom do Brasil Ltda; and
"Data Exporter" means the Customer.
2. Additional Provisions
If the Service Provider is China Telecom do Brasil Ltda. and/or if the Customer uses the eSurfing Cloud Services with resources provided in Brazil, the following terms and conditions shall be applicable:
2.1 The Data Importer undertakes to implement appropriate technical and organizational measures to ensure the security of the Personal Data that is comparable to that is required of the Data Exporter in compliance with the Brazilian General Data Protection Law.
2.2 The Data Exporter shall transfer Personal Data outside of Brazil in compliance with Chapter V of the Brazilian General Data Protection Law. To the extent that the transfer of such data is reliant on a transfer mechanism approved by ANPD, such as standard contractual clauses or specific contractual clauses for a particular transfer, the Parties hereby agree to adopt an approved transfer mechanism to safeguard such transfer in compliance with the Brazilian General Data Protection Law.
2.3 In the absence of approved transfer mechanisms, the Data Importer undertakes to implement appropriate technical and organizational measures to ensure the security of Personal Data that is comparable to what is required of the Data Exporter in compliance with the Brazilian General Data Protection Law.
2.4 The Parties hereby acknowledge that future amendments to the Brazilian General Data Protection Law may require alternative or additional safeguards to protect international transfers of Personal Data. The relevant Party shall timely implement the required alternative or additional safeguards under the Brazilian General Data Protection Law.
2.5 The Customer acknowledges and consents that Personal Data in connection with this Agreement may be transferred to and stored in Hong Kong if CT Local Entity does not have its servers in Brazil.
2.6 In case of any complaints, suggestions, requests or questions regarding the collection, use, storage, transfer or protection of Customer’s Personal Data, the Customer shall contact CT Local Entity by using the contact information provided under Clause 11.8 of the Agreement.
B. Jurisdiction Specific Addendum (Cambodia)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
In this Addendum:
"Applicable Cambodian Laws" means Cambodia’s Constitution promulgated on 24 September 1993, the Civil Code dated 8 December 2007 as amended by the Law on Implementation of the Civil Code dated 31 May 2011, Criminal Code of Cambodia adopted on 30 September 2009, Law on Electronic Commerce dated 02 November 2019, and other relevant laws and regulations issued by any competent authorities of the Royal Government of Cambodia;
"Cambodia" means the Kingdom of Cambodia; and
"Substantial Clause" means any substantial clause or term of the Agreement that are important for the Customer or deemed important for the formation of the contract and the Customer should have been aware of the importance of such clause or term.
2. Additional Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in Cambodia, the following terms and conditions shall be applicable:
2.1 Use of eSurfing Cloud Services
2.1.1 The Customer shall ensure that it or its personnel is authorized with the necessary corporate power and authority to enter into and perform its obligations under this Agreement in accordance with the Applicable Cambodian Laws.
2.1.2 The Customer warrants that it or its personnel shall not use the eSurfing Cloud Services for any other purposes which may lead to the illegal acts as prohibited and restricted under the Applicable Cambodian Laws.
Data and Information Retention and Protection
2.2.1The Service Provider will not sell or share the Customer’s Personal Data collected during the Customer’s usage of the eSurfing Cloud Services under this Agreement, to any third party without prior written consent of the Customer.
2.2.2 The Service Provider will undertake to retain or keep the data and information of the Customer for a period of at least ten (10) years upon the completion of the last transaction to which they pertain.
2.2.3 The Service Provider undertakes that the Customer’s Personal Data shall be protected by the security safeguard as it is reasonable, at all circumstances, to avoid the loss, access, use, modification, leak or disclosure of those information, except where the prior written consent of the Customer is obtained or to the extent that is allowed by the applicable laws of Cambodia.
2.3 Change of Terms and Conditions
The Customer will be notified or provided with the written notification 30 days prior to the effective date of any amendment, modification, or changes to any clause of the terms and conditions other than any Substantial Clause.
2.4 Application of Law and Dispute Resolution
If the Customer is located in Cambodia, Clause 12 of the Agreement is replaced with the following:
12.1. The laws of Cambodia will govern any and all disputes, controversy, or claim arising under, out of, or relating to this Agreement.
12.2. Where there is a dispute, controversy, or claim arising under, out of, or relating to the Agreement, the aggrieved Party shall notify the other Party in writing of the nature of such dispute with as much detail as possible about the alleged deficient performance of the other Party. A representative from senior management of each of the Parties shall meet in person or communicate by telephone within ten (10) days of the date of the written notification to reach an agreement about the nature of the alleged deficiency and the corrective action to be taken by the respective Parties.
12.3 Any dispute that cannot be settled amicably as set forth above shall be referred to and finally settled by the non-exclusive jurisdiction of the competent court of Cambodia.
C. Jurisdiction Specific Addendum (Germany)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
If the signing entity with the Customer is China Telecom (Deutschland) GmbH and/or if the Customer uses the eSurfing Cloud Services with resources provided in Germany, the following terms and conditions shall be applicable:
2. Service Activation, Change and Termination; Service Flow
2.1 Clause 2.2 shall be supplemented by the following provision:
Customers located in Germany may use the after-sales hotline (0800-1806109) for consulting services and online ticket services, to answer questions and solve problems encountered by the Customer in the use of eSurfing Cloud Services.
2.2 Where the Customer is a consumer, Clause 2.5 is supplemented by the following provisions:
When determining what Routine Maintenance is reasonable, the Service Provider will consider the interests of the Customer. In addition, the following restrictions apply with respect to the aforementioned:
The Service Provider only makes changes to the eSurfing Cloud Services that go beyond what is necessary to maintain conformity with this Agreement pursuant to Sec. 327e (2) and (3) and Section 327f of the German Civil Code, where this Agreement provides for this possibility and contains a valid reason for it. In this case the Customer does not incur any additional costs because of the amendment and the Service Provider will inform the Customer clearly and comprehensibly about the change.
Where a change to the eSurfing Cloud Services that affect their usability or the Customer’s ability to access the eSurfing Cloud Services, the Service Provider will also inform the Customer within a reasonable period before the time of the change by means of a durable medium. The information will contain details of the characteristics and time of the change as well as relevant rights of the Customer under applicable laws. The restrictions shall not apply if the impairment of the accessibility or usability is only insignificant.
If a change to the eSurfing Cloud Services impairs accessibility or usability, the Customer has the right to terminate this Agreement free of charge within 30 days. The period shall commence upon receipt of the information from the Service Provider, unless the change occurs after receipt of the information, then the time of the change shall take the place of the time of receipt of the information. The Customer shall not have such right to terminate the Agreement if the impairment of accessibility or usability is only insignificant, or the Customer retains access to the unchanged eSurfing Cloud Services and the usability of the unchanged eSurfing Cloud Services without incurring additional costs.
Where the Service Provider provides and informs the Customer of any update necessary to maintain the conformity of the eSurfing Cloud Services with the Agreement to the Customer during this Agreement, the Customer shall allow and implement such update. The Customer is hereby expressly advised of the consequences of failure to do so as laid out in Clause 9.10 of this Agreement.
2.3 Where the Customer is a consumer, Clause 2.6 is supplemented by the following provision:
If the eSurfing Cloud Services are adjusted or terminated due to a Force Majeure Event or for reasons attributable to third parties or any other reasons, the Service Provider will notify the Customer and agrees to reimburse any counter-performances of the Customer without delay.
2.4 Where the Customer is a consumer, Clause 2.6.1 is supplemented by the following provision:
In case the Service Provider terminates the provision of the eSurfing Cloud Services to the Customer prior to the expiry of the service period under the circumstances indicated above, where applicable the Service Provider shall reimburse any counter-performances of the Customer without delay.
The Customer expressly agrees that the Service Provider commences the execution of this Agreement before the expiry of the withdrawal period, and that by the Customer’s consent the Customer loses the right of withdrawal pursuant to Sec. 356 (5) No. 2 of the German Civil Code at the beginning of the execution of this Agreement.
The Customer has the right to receive a copy or confirmation of this Agreement that states, where applicable, that prior to execution of this Agreement the Customer has expressly agreed that the Service Provider begins with the execution of this Agreement before the expiry of the withdrawal period, and has confirmed its awareness that by the Customer’s consent the Customer loses the right of withdrawal with the beginning of the execution of this Agreement.
3. Service Fees and Payment
Clause 3.1.2. with the heading "Service Fees and Payment" is supplemented by the following provision:
If the Customer does not express its disagreement with the adjustment of the price of eSurfing Cloud Services within the fifteen (15) days, the Customer shall be deemed to have accepted the adjusted price. the Service Provider will draw the Customer’s special attention to such consequence in its notice.
4. Customer Qualifications
Clause 4.1.3 with the heading "Customer qualifications" is supplemented by the following provision:
From the date of this Agreement to the performance hereof, if the Customer does not have the qualifications or provide the documents as required in this Agreement, the Service Provider has the right to suspend the provision of the eSurfing Cloud Services, require the Customer to rectify within a deadline or directly terminate this Agreement, and pursue the Customer for corresponding compensation and/or other liabilities, provided that the Customer is responsible for the damages.
5. Limitation of Liability
5.1 Clauses 9.8 to 9.10 shall be replaced by the follow provisions:
9.8 To the maximum extent permitted by applicable laws in the Customer's jurisdiction, the Customer will access and use the eSurfing Cloud Services at its own risk. In certain situations, the Customer may have a claim for damages or reimbursement of wasted expenses against the Service Provider. Regardless of the legal basis of the Customer's claim (breach of contract, defect in quality, defect in title, tort, or otherwise), the Service Provider will be liable for all resulting damages only in accordance with the following provisions:
· In the case of intent, claims under the German Product Liability Act, or fraudulent concealment of a defect, and in the case of injury to life, limb, or health, the Service Provider is liable only in accordance with the statutory provisions.
· In the event of gross negligence, the Service Provider's liability is limited to compensation for typical foreseeable damage. This limitation does not apply if the damage is caused by the Service Provider's executives or legal representatives.
· In the case of slight negligence, the Service Provider is only liable if the Service Provider violates a contractual obligation, the fulfillment of which makes the proper execution of such contract possible in the first place, the violation of which jeopardizes the achievement of the purpose of the contract and on the fulfillment of which the Customer may regularly rely (so-called "cardinal obligations"). In these cases, the Service Provider's liability is limited to typical and foreseeable damages. In all other cases, the Service Provider is not liable for slight negligence.
· In the case of strict liability for an impediment to performance occurring during the default, the Service Provider's liability is also limited to typical foreseeable damages.
· Insofar as the Service Provider owes the delivery of a movable item to be manufactured, claims for damages or reimbursement of expenses due to defects against the Service Provider presuppose that Customer has complied with its obligations to give notice of defects as described above.
· If the Service Provider's Services are considered to be provided on a lease basis and are subject to the statutory provisions of German tenancy law, the Service Provider will not be liable for damages based on defects under Section 536 of the German Civil Code that existed at the time the lease is entered.
The provisions of this paragraph do not apply in cases of fraudulent concealment of a defect, intentional acts, or gross negligence by the Service Provider, claims under the German Product Liability Act, or injury to life, limb, or health. In these cases, the statutory provisions apply.
9.10 Where the Customer is a consumer, the following additional provisions shall apply:
The Service Provider warrants that the eSurfing Cloud Services are free of product defects and defects of title within the meaning of Sec. 327e to 327g of the German Civil Code. In case the eSurfing Cloud Services are defective in the meaning of Sec. 327e to 327g of the German Civil Code, the Customer may, if the conditions of the following provisions are met,
· demand subsequent performance in accordance with Sec. 327l of the German Civil Code,
· terminate the Agreement in accordance with Sec. 327m (1), (2), (4) and (5) or reduce the price in accordance with Sec. 327n of the German Civil Code, and
· demand damages under Sec. 280(1) or 327m(3) or reimbursement of futile expenses under Sec. 284 of the German Civil Code.
These claims shall be subject to the statutory limitation period stated in Sec. 327j of the German Civil Code.
In addition, if the Service Provider does not immediately fulfill its due obligation to provide the eSurfing Cloud Services upon request by the Customer, the Customer has the right to terminate this Agreement. In addition, the Customer shall have the rights granted to the Customer in Sec. 327c of the German Civil Code, including but not limited to claim damages or reimbursement of futile expenses if the conditions of these provisions are met.
If the Customer fails to install an update provided to the Customer by the Service Provider in accordance with this Agreement within a reasonable period of time, the Service Provider shall not be liable for a product defect solely due to the lack of such update, provided the Customer fails to install such update or installs it improperly and the fact that the Customer failed to installed the update or installed it improperly was not due to defective installation instructions provided to the Customer.
Termination of this Agreement shall be affected by declaration to the Service Provider expressing the Customer's decision to terminate this Agreement. In the event of termination of the Agreement, the Service Provider will reimburse the Customer for payments made by the Customer for the performance of this Agreement. For the eSurfing Cloud Services that the Service Provider no longer has to provide due to the termination of this Agreement or for eSurfing Cloud Services already provided, but for that part of the provision period in which the eSurfing Cloud Services are defective, the Service Provider’s right to payment of the agreed price expires. The Service Provider will refund any price already paid for this period for which the claim has lapsed to the Customer.
The Customer may neither continue to use the eSurfing Cloud Services after termination of this Agreement nor make it available to third parties. The Service Provider is entitled to prevent further use by the Customer.
However, whenever the Customer is merely dissatisfied with any aspect of the eSurfing Cloud Services, ceasing to access and use the eSurfing Cloud Services shall constitute the sole remedy available to the Customer.
5.2 Clause 9.12 shall be removed in its entirety.
6. Force Majeure
Where the Customer is a consumer, Clause 10 with the heading "Force Majeure” is supplemented by the following provision:
In addition to the obligation to inform the other Party of the Force Majeure Event, where applicable the affected Party is obliged to reimburse counter-performances of the other Party without delay.
7. Data and Privacy
For the avoidance of doubt, references to Data Protection Laws (as defined in Clause 11.1) shall include, without limitation, the EU General Data Protection Regulation ("GDPR") and the GDPR Privacy Policy.
8. Application of Law and Dispute Resolution
Where the Customer is a consumer, Clause 12 with the heading "Application of Law and Dispute Resolution” is replaced by the following provisions:
12.1 This Agreement shall be governed by the laws of the Hong Kong Special Administrative Region of the People's Republic of China ("Hong Kong") provided this stipulation is not in conflict with mandatory rules of the state of the Customer’s habitual residence. Such rules shall remain unaffected.
12.2 All disputes of any kind arising out of or in connection with this Agreement will be resolved by amicable negotiation between the Parties. If such amicable negotiation fails, and if, following conclusion of this Agreement, the Customer relocated its place of residence or habitual residence to a location outside Germany, or for the event that the Customer’s place of residence or habitual residence is not known at the time the proceedings are brought in the courts, the Parties agree to submit to the non-exclusive jurisdiction of the courts of Hong Kong. Throughout the course of the proceedings, the Parties will continue to perform the provisions hereof other than the parts subject to such proceedings.
D. Jurisdiction Specific Addendum (Indonesia)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
In this Addendum:
"Currency Law" means Law No 7 of 2011 on currency law and the Central Bank of Indonesia Regulation No. 17/3/PBI/2015 regarding the Mandatory Use of Rupiah in the Territory of the Republic of Indonesia, as amended;
"IDR" means the lawful currency of the Republic of Indonesia; and
"Language Law" means the Law of the Republic of Indonesia No. 24 of 2009 regarding the Flag, National Anthem and Emblem and its implementing regulations, including but not limited to Presidential Regulation No. 63 of 2019 regarding the Usage of Indonesian Language.
If the Customer uses the eSurfing Cloud Services with resources provided in Indonesia, the following terms and conditions shall be applicable:
2. Additional Provisions
2.1 In compliance with the Language Law, the Parties agree to sign a Bahasa Indonesian language text of the Agreement. For the avoidance of doubt, the Indonesian and English text of the Agreement shall constitute one and the same agreement, and the execution of two (2) texts of the Agreement in different languages is not to be construed by any Party as creating different rights and obligations, or duplication or multiplication of the rights and obligations, of the Parties under either text of the Agreement. The Parties agree that:
2.1.1 the English language version and the Indonesian language version of the Agreement shall be equally authentic; and
2.1.2 in the event of any inconsistency or different interpretation between the Indonesian language version and the English version, the English version shall prevail, and the relevant part of the Bahasa Indonesian version shall be deemed automatically amended to conform with the English version.
3. Billing rules
Any invoices for the services provided by and/or through the contracting entity in Indonesia as the Place of Registration shall be made in IDR currency.
4. Data and Privacy
Notwithstanding the provision set out in Clause 11.4, CT Local Entity should also notify the Ministry of Communication and Informatics of the Republic of Indonesia, prior to and after the transfer of Personal Data that are originally from and stored in servers located in Indonesia territory.
E. Jurisdiction Specific Addendum (Japan)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
2. Additional Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in Japan, the following terms and conditions shall be applicable:
Not applicable.
F. Jurisdiction Specific Addendum (Macau)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
2. Additional or Amended Provisions
If the Customer uses the eSurfing Services with resources provided in Macau, the following terms and conditions shall be applicable:
Not applicable.
G. Jurisdiction Specific Addendum (Malaysia)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
2. Additional Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in Malaysia, the following terms and conditions shall be applicable.
2.1 Unless otherwise expressly stated, any provision in the Agreement granting the Service Provider the right to amend, vary or modify the terms of the eSurfing Cloud Services Contract and Rules or the scope and any specifications of the eSurfing Cloud Services shall grant the Service Provider the right to amend, vary or modify any such contractual terms or service specifications.
2.2 For purposes of Clause 2.7.1 of the Agreement, the Service Provider may at its sole discretion opt to compensate the Customer any sum reasonable at the Service Provider’s opinion, where termination by the Service Provider of the eSurfing Cloud Services is not due to the fault on the part of the Customer.
2.3 For purposes of Clause 3.1.2 of the Agreement, the Service Provider will use reasonable endeavours to ensure that the notice to be published on the Portals will be published at least fifteen (15) working days in advance of the effective date of price adjustment to the eSurfing Cloud Services.
2.4 For purposes of Clause 5 of the Agreement, "Cybersecurity Laws" shall include without limitation Malaysia’s Communications and Multimedia Act 1998, Computer Crimes Act 1997, and Personal Data Protection Act 2010.
2.5 For the avoidance of doubt, references to Data Protection Laws (as defined in Clause 11.1) shall include, without limitation,the Personal Data Protection Act 2010 of Malaysia.
H. Jurisdiction Specific Addendum (Singapore)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
2. Additional Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in Singapore, the following terms and conditions shall be applicable.
2.1 Notification of Infringement
The Service Provider has the right to investigate notices of copyright, trademark and other intellectual property infringement in respect of any resources, information or material used or uploaded in connection with its resources or services ("Infringing Material") and take appropriate action. If the User is an intellectual property owner and believe that its material has been used or copied in a way that constitutes infringement, it shall notify the Service Provider in writing immediately, and in relation to copyright claims, in the form prescribed in the Singapore Copyright Act 2021("Infringement Notice"). All Infringement Notices shall be sent to the Service Provider addressed as follows:
Legal Counsel, China Telecom (Asia Pacific) Pte Limited, One Marina Boulevard, #19-01, Singapore 018989, phone number: +65 63390080.
The User acknowledges and agrees that the Service Provider has no control and cannot undertake responsibility or liability in respect of Infringing Material provided by users. In its sole and absolute discretion or otherwise in accordance with the law, the Service Provider may take reasonable steps to remove or disable access to Infringing Materials, or reinstate the same in response to an appropriate counternotice.
2.2 The Customer shall ensure or procure that users who access the network of the Service Provider through the use of the eSurfing Cloud Services must not use the resources and services provided by the Service Provider to upload, download, store, or publish any information or content that is objectionable on the grounds of public interest, public morality, public order, public security, national harmony, or is otherwise prohibited by applicable Singapore laws. Notwithstanding anything in the Agreement, the Service Provider has the right to remove or deny access to any content or information which in its sole and absolute opinion is or may be objectionable or prohibited, and/or suspend or terminate any of its services to the Customer without any liability to the Customer.
2.3 The Customer warrants that the Customer's signatory is duly authorised and empowered by the Customer to sign for and on its behalf and that such signature would constitute the Customer entering into legally binding relations with the signing entity of CT under the relevant agreement. The signing entity of CT is entitled to rely on such warranty that the signatory is authorised to sign on behalf of the Customer.
I. Jurisdiction Specific Addendum (Thailand)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
In this Addendum:
"PDPA" means collectively the Thai Personal Data Protection Act B.E. 2562 (2019) as may be amended and supplemented from time to time and its sub-regulations and notifications;
"Data Controller" means a person or legal entity with the authority to make decisions on the collection, use or disclosure of Personal Data;
"Data Subject" means a natural living person to whom Personal Data relates;
"Data Processor" means a person or legal entity carrying out an operation relating to the collection, use or disclosure of Personal Data under an order or in the name of a Data Controller;
"Computer Traffic Data Notification" means the Notification of the Thai Ministry of Digital Economy and Society Re: Provisions on Retaining Computer Traffic Data of the Service Providers B.E. 2564 (2021);
"Computer Crimes Act" means the Act on Commission of Offences relating to Computers, B.E. 2550 (2007) as may be amended and supplemented from time to time and its sub-regulations and notifications; and
"Electronic Transactions Act" means the Electronic Transactions Act B.E. 2544 (2001) as may be amended and supplemented from time to time and its sub-regulations and notifications.
2. Additional or Amended Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in Thailand, the following terms and conditions shall be applicable:
2.1 Explanation
2.1.1 The following wording is deemed inserted at the end of Clause 4 of the Agreement:
Notwithstanding the foregoing, in connection with execution of this Agreement, the Parties shall comply with the requirement of execution under the Electronic Transactions Act.
2.2 Account Security
2.2.1 The following wording is deemed inserted at the end of Clause 4.2.1 of the Agreement:
The Service Provider shall request the Customer to provide and comply with the required identify verification documents and processes as provided under the Computer Traffic Data Notification.
2.3 Network and Data Security
2.3.1 The following wording is deemed inserted at the end of Clause 5.9 of the Agreement:
Notwithstanding the foregoing, the agreed data retention period must not be less than 90 days as required under the Computer Crimes Act.
2.4 Limitation of Liability
2.4.1 The following wording shall replace the penultimate sentence of Clause 9.10 of the Agreement:
Without prejudice to the foregoing limitations, to the maximum extent permitted by the applicable laws and practice and discretion of the Courts of Thailand, the Service Provider's maximum aggregate liability to the Customer for its or other person's claims, actions, liabilities, obligations, damages, losses and costs shall not exceed aggregate fees paid by the Customer to the Service Provider during the period of 12 months prior to the date that the most recent such liability arose, whether based on contract, tort (including negligent tort) or otherwise.
2.5 Data and Privacy
2.5.1 The following wording is deemed inserted at the end of Clause 11 of the Agreement:
The Customer expressly acknowledges that the said Data Subjects have the following rights under the PDPA in respect of Personal Data of the said Data Subjects and the Customer shall ensure that each said Data Subject is informed of his/her said rights:
· the right to request access and copy;
· the right to request Personal Data in a format which is generally readable or usable by automatic tools or devices and where the Personal Data may be used or disclosed automatically;
· the right to request rectification, addition, and deletion of Customer’s Personal Data;
· the right to object to the collection, use, or disclosure of Customer’s Personal Data which are legally permitted to be collected without consent at any time;
· the right to request suspension of the use of the Customer’s Personal Data in cases prescribed by the PDPA;
· the right to withdraw consent at any time, subject to the requirements of the PDPA; and
· the right to file a complaint to the relevant authority under the applicable laws if the Service Provider, including the Service Provider’s employees, or independent contractors violates or fails to comply with the PDPA.
J. Jurisdiction Specific Addendum (United Arab Emirates)
1. Definitions
Capitalized terms used in this Addendum and not otherwise defined herein shall have the meaning set forth in the Agreement. If there is any inconsistency between the provisions of the Agreement and this Addendum, the terms and conditions of this Addendum shall prevail to the extent of such inconsistency.
In this Addendum:
"CT UAE" means China Telecom Middle East FZ-LLC;
"CT UAE Party" has the meaning set forth in clause 3.1.2;
"Claims" means any actions, allegations, claims, costs, complaints, damages, demands, expenses, liabilities, losses, or penalties;
"UAE" means the United Arab Emirates;
"UAE Data Privacy Laws" means the Federal Decree By Law No. (45) of 2021 as amended; and
"VAT" means value added tax.
2. Additional Provisions
If the Customer uses the eSurfing Cloud Services with resources provided in UAE, the following terms and conditions shall be applicable:
2.1 The Customer undertakes that it will at all times, and for the entire duration of the Agreement conduct its operations in compliance with any law, regulation and order which is mandatory in the UAE including without limitation all applicable cybersecurity laws, telecommunications regulations, anti-money laundering laws and regulations and other relevant laws, regulations or relevant provisions in the UAE and must not commit any illegal or unlawful acts or infringe upon the legitimate interest of CT UAE.
2.2 The Customer agrees to indemnify and hold harmless CT UAE, its directors, officers, employees, representatives, Affiliates, agents, contractors (each a "CT UAE Party") from and against all Claims incurred or sustained by a CT UAE Party as a result of any violation or failure to comply with any UAE law by the Customer, its agents, officers, directors or employees.
3. Value Added Tax
If CT UAE is required to apply any VAT or equivalent tax (whether as a result of a change in legislation or otherwise) it shall be added to the amounts due under the Agreement at the applicable rate and the Customer shall pay such tax at the same time as the payments are due under the Agreement.
4. Data Privacy Obligations
Any reporting of any breach or violation of Personal Data will be notified to the relevant authorities in compliance with UAE Data Privacy Laws.
5. Reasonableness of provisions
The Parties consider the provisions contained in the Agreement are no greater than is reasonable and necessary for the protection of CT UAE and the Customer waives any and all defences to the strict enforcement thereof.
Appendix 4
If resources of eSurfing Cloud Services are available in the Place of Registration of the Customer, the affiliated company of China Telecom in that Place of Registration ("CT Local Entity") shall be the contracting entity providing the eSurfing Cloud Services to the Customer in that Place of Registration. That CT Local Entity shall continue to be the contracting entity with the Customer for any subsequent subscriptions for the eSurfing Cloud Services by the Customer notwithstanding such services subscribed by the Customer are in jurisdictions other than the Place of Registration. The contracting entity with the Customer shall be the entities listed in the table below.
If there are no resources of eSurfing Cloud Services in the Customer's Place of Registration, the contracting entity with the Customer shall be the entities listed in the table below.
Place of Registration of Customer | China Telecom contracting entity* |
Asia Pacific | |
Hong Kong | China Telecom Global Limited (incorporated in Hong Kong) |
Singapore | China Telecom (Asia Pacific) Pte Limited (incorporated in Singapore) |
Any other jurisdictions | To be determined by China Telecom Global Limited on a case-by-case basis |
Appendix 5
eSurfing Cloud Data Processing Addendum
Scope and Application
This eSurfing Cloud Data Processing Addendum, including its appendices (this “Data Processing Addendum”, “Addendum”, or “DPA”), is incorporated into the eSurfing Cloud Service Agreement (“Agreement”) under which we (“Service Provider”, “we,” “us,” or “our”) have agreed to provide eSurfing Cloud Services to you (“Customer”, “You”). Service Provider and the Customer are referred to together as the “Parties”. This Addendum sets forth the terms and conditions that govern orders placed under this Addendum, but only to the extent that such orders are subject to applicable data protections laws. This Addendum applies to clients conferred rights under applicable data protection laws.
In the event of any conflict between this Addendum and the eSurfing Cloud Service Agreement (and any documents or policies incorporated by reference therein, except for this Addendum), this Addendum shall prevail.
1. Definitions
Except as defined below, capitalized terms shall have the meaning given to them in the eSurfing Cloud Service Agreement.
l “Customer Data” has the meaning given in the applicable Agreement or, if no such meaning is given, means data submitted, stored, hosted, sent, or received on behalf of Customer or its end users via eSurfing Cloud.
l “Customer Personal Data” means the Personal Data contained within the Customer Data, including any special categories of Personal Data defined in Data Protection Laws.
l “Data Controller”, “Data Subject”, “Personal Data”, “Process”, “Data Processor”, “Supervisory Authority”, and “Data Protection Impact Assessment” each have the meaning given in Data Protection Laws.
l “Data Protection Laws” means, as applicable: (i) GDPR; (ii) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (the “UK GDPR”); and (iii) in each case, any related national laws, law, rules or regulations related to privacy and data protection (including law made under or in relation to (i) or (ii)). For clarity, a reference to Data Protection Laws includes a reference to Data Protection Laws as amended, modified, extended, re-enacted, consolidated or replaced from time to time.
l “EU GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC.
l “Personal Data Breach” means a confirmed: (a) Accidental, unlawful or unauthorized destruction, loss, alteration, unauthorized disclosure of or access to Customer Personal Data; or (b) Similar incidents involving Customer Personal Data for which a Controller is required under Data Protection Laws to provide notice to Supervisory Authority, competent government authorities or Data Subjects.
l “Restricted Transfer” means: (i) where EU GDPR applies, a transfer of Customer Personal Data from European Economic Area to a country outside of European Economic Area which is not subject to an adequacy determination by the European Commission; and (ii) where UK GDPR applies, a transfer of Personal Data from United Kingdom to any other country which is not based on adequacy regulations pursuant to Section 17A of United Kingdom Data Protection Act 2018.
l “Standard Contractual Clause” means standard contractual clauses published by European Commission reference 2021/914 or any subsequent final version thereof which shall automatically apply. To avoid doubt Modules 2 and 3 (Controller-to-Processor and Processor-to-Processor tbc whether Processor-to-Controller) shall apply as set out in Clause 6 - International Transfer of Customer Personal Data.
l “Sub-processor” means our Affiliates and third-party processors engaged by us or our Affiliates in connection with eSurfing Cloud Services which process Customer Data to provide eSurfing Cloud Services in accordance with this DPA.
l “Technical and Organizational Security Measures” means those measures aimed at protecting Personal Data against accidental unlawful or unauthorized destruction loss alteration disclosure or access particularly where processing involves transmission of data over a network and against all other unlawful forms of processing.
l “UK GDPR” means EU GDPR as amended and incorporated into United Kingdom law under European Union (Withdrawal) Act 2018 and applicable secondary legislation made under that Act.
2. Processing of Customer Personal Data
2.1 Roles of Parties. The Parties acknowledge and agree that with regard to the Processing of Customer Personal Data, Customer and those entities that it permits to use eSurfing Cloud Services are Controllers or Processors, Service Provider is a Processor and shall engage Sub-processors pursuant to the requirements set forth in Clause 5 Our Sub-processors.
2.2 Customer’s Processing of Personal Data. Customer shall, in its use of eSurfing Cloud Services, Process Customer Personal Data in accordance with the requirements of Data Protection Laws, including any applicable requirement to provide notice to Data Subjects of the use of Service Provider as Processor (including where the Customer is a Processor, by ensuring that the ultimate Controller does so). To avoid doubt, the Customer’s instructions for the Processing of Customer Personal Data shall comply with Data Protection Laws. Customer shall have sole responsibility for the accuracy and legality of Customer Personal Data and the means by which Customer acquired Customer Personal Data. Customer specifically acknowledges and agrees that its use of eSurfing Cloud Services will not violate the Data Subjects’ rights to the extent applicable under Data Protection Laws.
2.3 Service Provider’s Processing of Customer Personal Data. Service Provider shall treat Customer Personal Data as confidential information and shall Process Customer Personal Data on behalf of and only in accordance with Customer’s written instructions for the following purposes and in a manner that is necessary for providing eSurfing Cloud Services unless required otherwise by applicable law: (i) Processing in accordance with Agreement and applicable Order Form(s) (if any); (ii) Processing initiated by Customer’s end users in their use of eSurfing Cloud Services; and (iii) Processing to comply with other written reasonable instructions provided by Customer (e.g. via email) where such instructions are consistent with terms of Agreement.
2.4 Details of Processing. The subject matter of Processing of Customer Personal Data by Service Provider is performance of eSurfing Cloud Services according to Agreement. The nature scope context purpose and duration of Processing categories of Personal Data and categories of Data Subjects Processed under this DPA are further specified in Schedule 1 (Description of Processing and Transfer).
3. Customer Obligations.
3.1 Compliance with Data Protection Laws. Customer shall comply with its obligations in accordance with Data Protection Laws. The Parties acknowledge that Agreement, Addendum, User Agreement, and any other applicable agreements instructions configurations and use of eSurfing Cloud Services with Service Provider shall constitute complete and final instructions to Service Provider for processing of Customer Data. Customer warrants and represents that it shall not provide any instructions that breach any Data Protection Laws and shall indemnify and hold harmless Service Provider from any losses or damages incurred because of Customer’s breach of this obligation.
4. Our Obligations
4.1 Compliance with Customer’s Instructions. Service Provider shall process Customer Personal Data only in accordance with Customer’s written instructions as stated in Clause 2 hereinabove. Service Provider shall use commercially reasonable efforts to follow any other Customer instructions as long as they are required by Data Protection Laws technically feasible and do not require changes to Cloud Services. If any above-mentioned exceptions apply or Service Provider otherwise cannot comply with an instruction or is opinion that an instruction infringes Data Protection Laws Service Provider shall immediately notify Customer in writing.
4.2 Confidentiality. Without prejudice to any existing contractual agreements between Parties Service Provider shall treat all Personal Data as confidential and it shall inform all its employees agents and/or approved Sub-processors engaged in processing Personal Data of confidential nature of Personal Data. Service Provider shall ensure that all such persons or parties have signed appropriate confidentiality agreement.
4.3 Assistance. At Customer’s request Service Provider shall reasonably cooperate with Customer in dealing with requests from Data Subjects or Supervisory Authorities regarding Service Provider’s processing of Customer’s Personal Data, Data Subjects’ requests under Applicable Data Protection Law or any Personal Data Breach. If Service Provider receives request from Data Subjects or Supervisory Authorities in relation to Customer Personal Data Processing Service Provider shall promptly inform Customer and shall not respond to such request itself and direct such request to Customer.
4.4 Personal Data Breach Reporting. Service Provider shall notify Customer without delay after becoming aware of any Personal Data Breach and shall cooperate with Customer providing reasonable information about such Personal Data Breach to enable Customer to meet its obligations to report the Personal Data Breach as required under Data Protection Laws such notification Personal Data Breach should not be interpreted or construed as acknowledgement by service provider or admission fault liability Personal Data Breach.
4.5 Data Protection Impact Assessment. If Service Provider becomes aware that processing Customer Personal Data on Customer requests behalf likely result high risk data protection rights data subject customer required perform Data Protection Impact Assessment pursuant Data Protection Laws , Service Provider shall cooperate with Customer to conduct Data Protection Impact Assessment at Customer expense.
5. Our Sub-processors
5.1 Appointment of Sub-processors. Customer provides general authorization allowing the Service Provider and Service Provider’s Affiliates to engage Sub-processors to sub-process the Customer Personal Data for the purpose of the Agreement. The Service Provider (i) shall remain liable for the acts and omissions of any of its Sub-processors to the same extent Service Provider would be liable if performing the Services of each Sub-processor under this Agreement and Addendum; (ii) shall maintain an up-to-date Sub-processor list, which it shall update with details of any changes of such Sub-processor at least 30 days before changes take place; and (iii) shall impose data protection terms on Sub-processor to process Customer Personal Data according to this Addendum and Data Protection Laws.
5.2 New Sub-processors. Customer may object to the engagement of a new Sub-processor in writing, provided that the objection is based on reasonable grounds related to data protection concerns. Customer acknowledges that Service Provider’s Sub-processors are essential to provide the Services and that if the Customer objects to the engagement of a new Sub-processor, then notwithstanding anything to the contrary in the Agreement (including this Addendum), Service Provider will not be obligated to provide you with the Services for which Service Provider uses that new Sub-processor. In such event, the Customer may terminate the eSurfing Cloud Services and this Addendum to the extent that it applies to eSurfing Cloud Services, but without prejudice to any fees or costs incurred by Customer for eSurfing Cloud Services before termination and without prejudice to Agreement and any fees or costs in relation to such services.
6. Data Transfer
6.1 International Transfer of Customer Personal Data. Service Provider shall have the right to process Customer Personal Data, including using Sub-processors, outside the country or jurisdiction in which the Customer is located, in accordance with this Addendum (or Agreement) and to extent permitted under Data Protection Laws.
6.2 Restricted Transfer. The Parties acknowledge that Service Provider will transfer Customer Personal Data to countries or jurisdictions outside European Economic Area (“EEA”) or that are not covered by an adequacy decision of European Commission. Service Provider shall take appropriate safeguards to ensure transfer is in line with EU GDPR UK GDPR and Data Protection Laws. The Parties hereby enter EU GDPR Standard Contractual Clause with Customer as data exporter and Service Provider as data importer which shall apply as follows:
(i) To extent that Customer is Data Controller, Module 2 (Controller-to-Processor) shall apply; and
(ii) To extent that Customer is Data Processor, Module 3 (Processor-to-Processor) shall apply. Service Provider acknowledges that Customer acts as Data Processor under instructions of its Data Controller.
Service Provider may at any time suspend or terminate any international transfer of Customer Personal Data under this Addendum without liability to Customer if Service Provider is opinion that such transfer is or likely breach any requirement Data Protection Laws.
7. Deletion of Customer Data.
7.1 Deletion by Customer. During the term of the Agreement, Customer shall have the right to delete Customer Data in a manner consistent with the functionality and features provided by eSurfing Cloud Services. Customer acknowledges that any deletion of Customer Data in term of the Agreement cannot be recovered by Customer shall be deemed as an instruction to Service Provider to delete relevant Customer Data from Service Provider systems in accordance with Data Protection Laws.
7.2 Deletion by Termination. Customer agrees and acknowledges that all Customer Data will be automatically deleted after end agreement for whatever reasons unless Service Provider required retain part all Customer Data by Data Protection Laws.
8. Data Security
8.1 Service Provider’s Technical and Organizational Security Measures. Service Provider will implement and maintain Technical and Organizational Security Measures protect confidentiality, integrity, and availability of Customer Data particular against Personal Data Breach. Customer acknowledges Service Provider’s Technical and Organizational Security Measures set out Schedule 2 (Technical and Organizational Security Measures) and agrees the said measures is appropriate to the risk to Customer Data for the purposes of the Addendum and Agreement. Customer acknowledges and agrees Service Provider may change Technical and Organizational Security Measures anytime without notice so long as it provides comparable level of data security.
9. Audit Rights
9.1 Exercising Audit Rights. Service Provider may allow Customer to conduct an audit of eSurfing Cloud Services and IT security practices related to Customer Personal Data that is processed by Service Provider, subject to the following conditions:
(i) Customer is entitled to an audit right under Data Protection Laws.
(ii) Audit formally requested by Customer’s Supervisory Authority; or
(iii) Personal data breach has occurred.
9.2 Scope and Cost of Audits. Should Customer exercise its audit rights under Clause 9.1, Customer shall provide least [60 days] notice in writing, specifying the following details, without limitations, scope of audit, the ground for audits in advance unless otherwise Supervisory Authority provide a formal audit request with shorter period stipulated hereinabove. Customer shall use independent qualified third-party professional auditors at its expense to conduct audits. Service Provider may object such audit request, or auditor appointed by Customer to conduct audit, if such auditor is in Service Provider’s reasonable opinion, not suitable, qualified, independent, or a competitor of Service Provider, otherwise manifestly unsuitable any such objection by Service Provider, Service Provider will require Customer appoint another auditor to conduct audit.
10. Limitation of Liability
Each party and all of its Affiliates’ aggregate liability arising out of or related to this Addendum or/and Standard Contractual Clauses whether in contract tort or under any other theory of liability is subject to “Limitation of Liability” in the Agreement.
11. Termination and Survival of this DPA
This DPA will remain effective and continue to be in force after the termination of the eSurfing Cloud Service Agreement, if the nature of such data processing actions allows.
Schedule 1: Description of Processing and Transfer
This Schedule 1 describes the Processing of Personal Data for the purposes of EU GDPR Standard Contractual Clauses and applicable Data Protection Laws.
A. List of Parties
Under EU GDPR Standard Contractual Clauses
1.1 Module 2: Transfer Controller to Processor Where Service Provider is located in a third country that is subject to Restricted Transfer under EU GDPR, Customer is Data Controller and Service Provider is Data Processor, then Customer is data exporter and Service Provider is data importer.
1.2 Module 3: Transfer Processor to Processor Where Service Provider is located in a third country that is subject to Restricted Transfer under EU GDPR, Customer is Data Processor and Service Provider is Data Processor, then Customer is data exporter and Service Provider is data importer.
B. Description of Transfer
2.1 Data Subjects
Unless otherwise specified by Customer, Personal Data being transferred pertains to following categories of data subjects: employees, contractors, business partners or other individuals whose personal data is stored transmitted made available accessed or processed by data importer.
2.2 Data Categories
Transferred Personal Data concerns following categories of data:
Customer shall determine categories of data that may be transferred by eSurfing Cloud Services as specified in relevant agreement. Personal Data to be transferred includes following categories of data: name, email address, address, contact information, basic company information, customer’s organization contact information, username, alias, setting and configuration data, technical and operational data, application-specific data transferred by authorized users, financial data, such as bank account information or credit/debit card data.
Transferred Personal Data may comprise special category of Personal Data under Data Protection Laws. Customer shall determine special category of Personal Data. Service Provider has taken Technical and Organizational Security Measures as set out in Schedule 2 to ensure appropriate data security measures to safeguard special category personal data.
2.3 Name and Purpose of data transfer
Transferred Personal Data is subject to data processing activities in accordance with Addendum which may include:
(a) Act in accordance with Customer’s instructions.
(b) Hosting or provision eSurfing Cloud Services.
(c) Transmitting or storage Personal Data.
(d) Conduct operation management system.
(e) Operate evaluate optimize improve eSurfing Cloud Services features functionalities.
2.4 Upon reasonable written request by Customer list Sub-processors will be provided within 21 business days.
2.5 Terms and conditions governing transfer Personal Data Sub-processors shall be subject this Addendum.
2.6 Frequency transfer shall be made continuous basis.
2.7 Period for which Personal Data will be retained shall be subject Clause 7 Addendum.
C. Competent Supervisory Authority
3.1 Competent Supervisory Authority will be authority for jurisdiction in which Customer carries out majority its data processing activities.
Schedule 2: Technical and Organizational Security Measures
Description of Technical and Organizational Security Measures implemented by Service Provider accordance Clause 8:
Service Provider has implemented and will maintain an appropriate security level in accordance with the standards of ISO 27001, ISO 27017,ISO 27018, and/or alternative standards that are substantially equivalent, including but not limited to, Technical and Organizational Security Measures, internal controls (maintains enforces various policies standards procedures), information security routines, more specifically set forth below, designed prevent accidental unlawful , or unauthorized ,destruction ,loss ,alteration ,damage , or theft of Personal Data and technology assets (e.g. networks servers end-user devices) used access , store ,or transmit of Personal Data.
Prevent unauthorized persons from gaining access to data processing systems for processing or using Personal Data.
Prevent data processing systems from being used without authorization.
Ensure that persons authorized to use a data processing system have access only to those data they are authorized to access and that Personal Data cannot be read copied altered removed without authorization during processing use after recording.
Ensure that Personal Data cannot be read copied altered removed without authorization during electronic transfer transport while being recorded onto data storage media, and that it is possible to ascertain and check which bodies transferred personal data using data transmission facilities.
Ensure that it is possible after the fact to check and ascertain whether Personal Data have been entered into altered removed from data processing systems if so by whom.
Ensure that Personal Data processed on behalf of others are processed strictly in compliance with the controller’s instructions.
Ensure that Personal Data is protected against accidental destruction or loss.