Effective date:2024-06-30
The Database Audit Service Agreement (hereinafter referred to as the "Agreement") is entered into between the user (hereinafter referred to as "Party A" or the "Customer") and China Telecom (hereinafter referred to as "Party B"). Party B shall provide the Database Audit Service (hereinafter referred to as the "Services") to Party A through the eSurfing Cloud Website (www.esurfingcloud.com, also known as the "Site" or "eSurfing Cloud") in accordance with the provisions of this Agreement. Party A shall use the Services in accordance with this Agreement.
Party A shall fully read, understand and agree to accept and abide by this Agreement before using the Services. If Party A agrees or actually uses the Services in any way, it shall be deemed that Party A agrees and accepts all the content of this Agreement. This Agreement constitutes a legally binding agreement between Party A and Party B. If Party A does not agree with any of the content of this Agreement, please do not use the Services.
1 Product and Service Description
1.1 Party B provides the Customer with the Services in accordance with this Agreement, and the Customer uses and manages the Services on its own. The Service is centered on security events and is based on comprehensive audit and precise audit. The Services record database activities on the network in real time, perform fine-grained audit compliance management of for database operations, and provides real-time alerts for risk behaviors suffered by the database. When using the Services, the Customer can record, analyze and report the user's database access behaviors to help the administrators generate compliance reports afterwards and trace the source of the incident. At the same time, through big data search technology, it provides efficient query audit reports to locate the cause of the incident for future query, analysis and filtering to achieve enhanced monitoring and auditing of internal and external database network behaviors and improved security of data assets.
2 Service Content
2.1 Party B shall provide the Services to Party A in accordance with this Agreement. The specific content of the Services is subject to the services displayed on the Site and actually provided by Party B upon Party A’s application. Party B has the right to continuously update the service content.
2.2 Pre-conditions for provision of the Services: In order to use the Services, Party A shall first meet all the following conditions:
2.2.1 Agree to and accept the eSurfing Cloud Website User Agreement, successfully register as a user of the Site, and continue to have a legal and valid user account of the Site as at the time of signing this Agreement and throughout the performance of this Agreement;
2.2.2 Agree to and accept the terms of this Agreement;
2.2.3 Agree to and accept the eSurfing Cloud Service Agreement and the eSurfing Cloud Privacy Policy Statement;
2.2.4 Subscribe to and use the Services in accordance with the Service Rules of the Site;
2.2.5 At the time of signing and during the performance of this Agreement, all the qualifications or government approval procedures required for legal operations have been obtained and maintained in accordance with the relevant national or regional regulations, and the relevant qualification documents have been submitted in accordance with this Agreement to Party B and approved by Party B.
2.2.6 Party A shall obtain and maintain the relevant licences or approvals, including but not limited to the following:
2.2.6.1 If Party A operates a website, it shall ensure that all the websites it operates have been licensed or approved by the relevant authorities of the relevant countries or regions;
2.2.6.2 If Party A provides non-commercial Internet information services, it shall register non-commercial websites, and ensure that all the filing information submitted is true and valid, and promptly submit the updated information in the registration system when the registration information changes;
2.2.6.3 If the website provides commercial Internet information services, Party A shall also obtain a commercial website license from the local communications administrative department;
2.2.6.4 If Party A provides electronic bulletin services such as BBS, it shall conduct filing or obtain corresponding approval according to relevant laws and regulations;
2.2.6.5 If Party A operates an Internet game website, it shall obtain an Internet culture business permit in accordance with laws;
2.2.6.6 If Party A operates an Internet video website, it shall obtain a license for publication of audio-visual programs through information network in accordance with laws;
2.2.6.7 If Party A engages in Internet information services such as news, publishing, education, medical care, pharmaceuticals and medical devices, it shall obtain the approval by relevant competent authorities in accordance with laws, administrative regulations and relevant state regulations. Party A shall obtain the approval by relevant competent authorities in accordance with laws before applying for business licence or performing the filing procedures.
2.2.6.8 The above list does not exhaust all types of licenses or approvals required for commercial or non-commercial activities that Party A engages in. Party A shall obtain relevant licenses or approvals and shall comply with relevant laws and regulations promulgated by relevant countries and regions from time to time.
2.2.7 Other preconditions for using the Services as stipulated in this Agreement.
3 Service Activation
3.1 After carefully reading the Service Rules corresponding to the purchased service, Party A can purchase the required service online through the Site according to its own needs, or the account manager arranged by Party B can assist in activating it at the service console. After the Services are activated, Party A can log in to the Site and complete the configuration and operation related to the Services.
3.2 If there is any inconsistency in the main text of this Agreement, attachments, Service Rules, service descriptions, price descriptions, confirmation terms on the order page, etc. on the relevant pages of the Site, they shall be appliable on the following order of precedence: (1) service descriptions and price descriptions on the relevant webpages on the Site, and confirmation terms on the order page, (2) Service Rules, (3) the main text of this Agreement, and (4) the attachments to this Agreement.
4 Service Fees
4.1 Monthly/annual and pay-as-you-go billing modes are available for the Services. Party B shall pay Party B the service fee and relevant taxes in accordance with the prompts on the subscription page and the provisions of this Agreement. Party B reserves the right to update the price information and payment method at any time and publish the updated information on the official website of eSurfing Cloud.
4.2 Resource Expiration/Deletion and Payment Default Handling
4.2.1 For fixed monthly/annual service subscriptions, if Party A intends to continue its use of the Services upon the expiration of the current service period, it shall renew and pay for the subscription in a timely manner. Otherwise, Party B will suspend Party A's operating permissions for the Database Audit Service instance and freeze the resources upon the expiration of the service period.
4.2.2 Party B will, following the expiration of the service period or early termination of the service period (including early termination by mutual agreement, and early termination due to other causes, etc.), retain the Database Audit Service instance resources ("Instance Resources") for fifteen (15) calendar days (i.e. the period expires from the suspension start time on the day when the operating authority is suspended to the same time on the fifteenth (15) calendar day ). If the aforementioned fifteen (15) calendar days have expired and the subscription has not been renewed, Party B has the right to immediately release Party A's Instance Resources and delete the instance data upon the expiration of the aforesaid period. Instance data cannot be restored after the deletion.
4.2.3 For clarity, the "Instance Resources" mentioned here refer to a series of collection data including underlying resources, source database information or target database information, and Party A's data. "Instance data" includes but not limited to the deployed machines, specifications and validity periods.
5 Service Specifications
5.1 Party A understands and agrees that the use of the Services is the result of Party A's independent and prudent judgment, and that Party A shall be responsible for the results of its own judgment or actions.
5.2 When using the Services, Party A shall change the initial administrator password of the "Database Audit" on its own, properly keep all its account passwords, backup data and bear the risk of data loss, omission and damage caused by its own reasons, for which Party B shall not be liable.
5.3 Party A understands and acknowledges that Party B has the right to provide security services based on the business requirements, and such adjustment shall not constitute a breach of this Agreement by Party B. Party B undertakes to inform Party A by notice, email, or on-site message at least 24 hours in advance. Upon receipt of such notice, Party A shall cooperate with Party B to complete the security service upgrade, including but not limited to transferring and backing up relevant data, making business adjustments, and authorizing the adjustments as required by Party B. In case of any loss or damage of information or data caused by Party A's failure to upgrade, Party A shall bear the consequences arising therefrom.
5.4 Party A understands and acknowledges Party B will use its reasonable endeavours to ensure that there will be no network and business interruption in the upgrade operation of the product. But it does not rule out the situation that business interruption occurs due to the high complexity of the upgrade or the fact that the high availability is not reasonably configured on Party A's side, for which Party B will not be responsible. Party B will provide the Customer with notices, including announcements and on-site messages, before upgrading with business interruption risks.
5.5 Party A shall provide Party B with necessary technical parameters, including but not limited to IP address segments and corresponding application types, server-related parameters, networking structure and network resources, and alike, and actively cooperate with Party B to complete the implementation and commissioning of the "Database Audit Service" project to ensure the normal operation of the Services.
5.6 Party A shall comply with all network security-related requirements in accordance with the eSurfing Cloud Service Agreement and the eSurfing Cloud Website User Agreement signed by it. If Party A breaches any of the warranties in this Agreement or the aforesaid agreements which includes, without limitation, Party A does not have all the qualifications and permits required to carry out business and perform relevant procedures when signing this Agreement, or loses all or part of its qualifications and permits during the validity period of this Agreement, Party B has the right to suspend the provision of the Services and require Party A to make corrections within the time limit. If Party A fails to make corrections within the time limit, Party B has the right to terminate this Agreement without assuming any responsibility. Party A shall bear the liability for breach of contract and compensate Party B for the corresponding losses.
5.7 Party A understands and fully acknowledges that although Party B has established (and will continue to improve according to technological development) necessary technical measures to defend against computer viruses, network intrusions and attacks (including but not limited to DDoS) and matters or actions that endanger network security (hereinafter collectively referred to as such Behavior), however, in view of the limitations and relativity of network security technology and the unpredictability of such Behavior, if Party A's account experiences such Behavior, it will cause harm to Party B or Party B's network or server (including but not limited to local, foreign and international networks, and servers, etc.) or affect Party B’s smooth communication with the Internet or Party B’s internal connections with specific networks, servers, and Party B's internal parties. Party B shall have the right to decide to suspend or terminate the Services. If a major network accident is caused to Party B for reasons attributable to Party A, Party B will reserve the right to claim compensation from Party A. If a crime is involved, Party A shall bear criminal responsibility according to the laws. If Party B terminates the provision of the Services to Party A due to reasons set out in the above clauses (other than due to breach of contract by Party A), Party B will calculate the service fee based on the actual number of days used by Party A, and return the remaining balance (if any).
5.8 Party A shall be responsible for the effective management of the accounts entering the Database Audit process to avoid weak passwords, being hacked and other situations of the accounts. Party B is not responsible for various operational failures, network intrusions and other problems arising from improper account management by Party A.
5.9 Party A shall be responsible for the rationality of the configuration of the Database Audit products, and Party B is not responsible for invalidation or failure of function of the products caused by improper configuration or non-configuration. Party B will use its reasonable endeavours to help the Customer understand the necessity and operation process of product configuration.
5.10 Party A should understand that security vulnerabilities may exist in any software product and Party B will use its reasonable endeavours to minimize the occurrence of vulnerabilities, but it is unavoidable. Party B will quickly release patches after major vulnerabilities occur and notify users to upgrade vulnerabilities in a timely manner through vulnerability announcements, on-site messages, and other means.
5.11 Party A understands and acknowledges that Party B will use its reasonable endeavours to improve the Database Audit product and its service level. However, due to the relative nature and complexity of security, the Database Audit product cannot guarantee that Party A's protected system is 100% safe from intrusion. Party A agrees to work with Party B to improve the capabilities of the Database Audit product to enhance its protection capabilities.
5.12 Party A understands that the Database Audit product cannot guarantee that Agent plugin is compatible with all server systems. Due to possible incompatibilities, your server's resource utilization may increase significantly and there is a possibility of server downtime. You understand and acknowledge that Party B is not responsible for problems caused by the above compatibility.
5.13 Party A understands and accepts that the aim of the Database Audit product is for database audit to provide access to the Internet, which may lead to more attacks by intruders and hackers, and Party B cannot guarantee the rationality of such configurations and thus is not responsible for the security problems caused by it. Party B will provide SSL VPN, firewall, security group and other solutions to help Party A restrict such access points exposed to the Internet so as to reduce the occurrence of problems.
5.14 Party A understands and accepts that the Database Audit product is aimed to detect and defend against network attacks to the maximum extent possible, but its detection capability cannot 100% guarantee to distinguish between normal business and attack traffic. As a result, some business may be misjudged as attacks and thus be blocked. In case of such problems, Party B will do its best to cooperate with Party A to fix the problems, and Party A agrees to cooperate with Party B to promote the improvement of security rules of the Database Audit product.
5.15 Party A understands and accepts that since the Database Audit product is a product deployed in Party A's network and Party B has no right to operate, maintain or upgrade it, so Party A shall be responsible for the correct use, operation, maintenance and upgrade of the product. Party B will help Party A correctly use, operate and maintain the Database Audit product by providing documents and other means as far as possible.
5.16 The Services are effective immediately upon subscription and cannot be unsubscribed.
6 User Service Warranty
6.1 Party B provides Party A with customer service via the service hotline +852 3100 0000.
6.2 Party B provides 7 days x 24 hours customer service to Party A.
7 Technical Support Warranty
7.1 After Party B accepts the handling of faults or non-faults from Party A, it will provide Party A with technical support warranty according to the specific situation and Party A's needs. The service hours of Party B's engineers are 7 days x 24 hours.
8 Party A's Rights and Obligations
8.1 Party A has the right to use the Services and obtain technical support and after-sales service from Party B in accordance with this Agreement.
8.2 Party A understands and agrees that for the security of Party A's data and system, when Party A requires Party B's engineers to directly operate its Service, Party A should authorize it by email, work order, telephone, etc. Party A shall designate a sole contact person as the authorizer (maintainer) who shall authorize Party B when necessary, which means that only the authorized person has the right to require Party B's engineers to operate its Services. Party A shall designate a sole contact person as the authorizer (maintainer) who shall authorize Party B when necessary, which means that only the authorized person has the right to require Party B's engineers to operate the Services. The operating system and the parts above it (such as the applications installed by Party A on the system) are the responsibility of Party A. In addition, during the period of authorization, if Party A fails to communicate with Party B's engineers and conducts operations on its own which results in business unavailability and other risks, Party A shall bear the risk.
8.3 If Party A violates any of the warranties in this Agreement, the eSurfing Cloud Website User Agreement and the eSurfing Cloud Service Agreement, including but not limited to the following circumstances, Party A shall bear the corresponding liability for breach of contract:
8.3.1 Where Party A does not have all the qualifications and permits required to carry out business and perform relevant procedures when signing this Agreement, or loses all or part of its qualifications and permits during the validity period of this Agreement, Party B has the right to suspend the provision of the Services and require Party A to make corrections within the time limit. If Party A fails to make corrections within the time limit, Party B has the right to terminate this Agreement without assuming any responsibility. Party A shall bear the liability for breach of contract and compensate Party B for the corresponding losses;
8.3.2 Where Party A uses the Services to upload, download, store and publish content that violates applicable laws, departmental regulations, or national policies, and information that infringes on the legitimate rights and interests of others and/or other information or content that is harmful to social order, public security, and public morals.
8.3.3 Where Party A carries out fraudulent and misleading behaviors such as gambling with prizes and gambling games, or conducts "private servers", "plug-ins" and other internet activities that infringe the intellectual property rights or other legitimate rights and interests of others;
8.3.4 Where Party A conducts malicious scanning, illegal intrusion into the system, illegal acquisition of data and other behaviors that damage or attempt to damage network security;
8.3.5 Where Party A runs irrelevant programs or intentionally writes malicious codes, consuming a large amount of server memory, CPU or network bandwidth resources; and
8.3.6 Where Party A engages in any activities including but not limited to "DNS resolution", "security services", "domain name proxy", "reverse proxy" etc. that may cause users to be frequently attacked (including but not limited to DDoS attacks), thereby affecting the eSurfing Cloud service platform or others.
8.3.7 Party A understands and fully acknowledges that although Party B has established (and will continue to improve according to technological development) necessary technical measures to defend against computer viruses, network intrusions and attacks (including but not limited to DDoS) (hereinafter collectively referred to as such Behavior), however, in view of the limitations, relativity and unpredictability of network security technology and the unpredictability of such Behavior, if Party A's account experiences such Behavior, Party B or Party B’s network or server (including but not limited to local, foreign and international networks, servers, etc.) may cause harm or affect the smooth communication between Party B and the international Internet or between Party B and specific networks, servers, and Party B's internal parties. Party B shall have the right to decide to suspend or terminate the Services. If a major network accident is caused to Party B for reasons attributable to Party A, Party B will reserve the right to claim compensation from Party A. If a crime is involved, Party A shall bear criminal responsibility according to the laws.
8.3.8 If Party B terminates the provision of the Services to Party A due to reasons set out in the above clauses (other than due to breach of contract by Party A), Party B will calculate the service fee based on the actual number of days used by Party A, and return the remaining balance (if any) to Party A's eSurfing Cloud account.
8.4 Party A shall be responsible for the integrity and confidentiality of its data stored on the eSurfing Cloud website and the codes and passwords used for entering and managing various products and services on the eSurfing Cloud website, and shall take necessary and effective confidentiality and security protection measures, including but not limited to standardizing permission administration for data access and account use, setting strong passwords and changing them regularly. Party A shall bear all losses and consequences caused by the loss or leakage of the above-mentioned data, codes, passwords, and alike due to improper maintenance or confidentiality by Party A.
8.5 If services in Mainland China are involved, Party A must keep the access log records of its website in accordance with the provisions of the Network Security Law, the Administrative Measures on Internet Information Service and other laws and regulations, including the content of the published information, the time of publication, and the Internet Protocol address (IP), domain names, and alike, which shall be provided to the relevant state agencies when they inquire according to the law. Party A shall bear the corresponding legal liabilities arising from failure to keep relevant records as required.
9 Term and Termination of the Agreement
9.1 This Agreement becomes effective from the date when Party A successfully purchases or applies for activation of the product, and terminates when the subscription service period of Party A expires, unless otherwise agreed by the Parties.
9.2 This Agreement may be terminated earlier if the Parties reach a consensus.
9.3 Party B has the right to terminate this Agreement under the following circumstances:
9.3.1 Party B discovers by itself or according to the information of relevant departments and the complaints by right holders, etc. that the assets added or scanned by Party A are not legally authorized.
9.3.2 According to laws, regulations or the requirements of government agencies;
9.3.3 Where Party B believes that continuing to provide services to Party A will cause huge economic or technical burdens or material security risks to Party B;
9.3.4 Due to any changes in laws or policies, it is not practical for Party B to continue to provide services to Party A;
9.3.5 Where Party A fails to pay relevant fees in full and on time;
9.3.6 Where Party A violates the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, the eSurfing Cloud Legal Statement or the eSurfing Cloud Privacy Policy Statement of this website;
9.3.7 Where Party A no longer meets any of the pre-conditions for the Services set out in Article 2.2 of this Agreement; or
9.3.8 Where Party A violates other terms of this Agreement.
9.4 If Party B terminates this Agreement due to Party A's breach, Party B shall have the right to withhold the remaining amount (if any) from Party A's eSurfing Cloud account, without prejudice to its other rights and remedies under this Agreement or the law, to offset any losses and damages caused to Party B due to Party A's breach.
9.5 Party B may terminate the Services 30 days in advance by publishing an announcement on the Site, or by sending an on-site notice or a written notice to Party A. in which case, Party B shall return the amount paid by Party A but not consumed (without interest) to Party A's eSurfing Cloud account.
9.6 If any clause in this Agreement is completely or partially invalid or unenforceable for any reason, the remaining clauses in this Agreement shall still be valid and binding.
10 Others
10.1 The termination of this Agreement will not affect the effectiveness of the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement and the eSurfing Cloud Privacy Policy Statement between Party A and Party B. If the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement or the eSurfing Cloud Privacy Policy Statement between Party A and Party B is terminated, this Agreement will be automatically terminated.
10.2 For matters not stipulated in this Agreement, the Parties shall abide by the provisions set out in the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement. If there is any conflict on the same matter in this Agreement, the eSurfing Cloud Website User Agreement, the eSurfing Cloud Service Agreement, and the eSurfing Cloud Privacy Policy Statement, this Agreement shall prevail.
10.3 The latest version of the eSurfing Cloud Service Agreement can be found at:
https://www.esurfingcloud.com/portal/protocol/20685742
The latest version of the eSurfing Cloud Website User Agreement can be found at:
https://www.esurfingcloud.com/portal/protocol/10144340
The latest version of the eSurfing Cloud Privacy Policy Statement can be found at:
https://www.esurfingcloud.com/portal/protocol/10139040
10.4 In the event of any conflict or inconsistency between the English and the Chinese versions of this Agreement, the English version shall prevail. If there is any unclear part in the Chinese version, please refer to the English version.
Appendix 1
Article 1 General Provisions
China Telecom (hereinafter referred to as "Party B", website: https://www.esurfingcloud.com) provides Database Audit Service (hereinafter referred to as "Services") to the user (also referred to as "Party A") in accordance with the provisions of this Agreement and its operating rules as may be amended from time to time. Party B reserves the right to change the terms of the Service Level Agreement (SLA) at any time.
Article 2 Service Commitment
Party B undertakes that the service availability rate of a single database audit instance is no less than 99.95% per service cycle.
Article 3 Service Description
A service cycle is defined as a calendar month. Any duration less than a calendar month shall not constitute a complete Service Cycle. Unless otherwise specified, the total time of a service cycle equals to the total number of days in the service cycle x 24 (hours) x 60 (minutes).
Single Instance Unavailability is the period when the system logs of the Database Audit show that the Services were inaccessible for one or more consecutive minutes because of eSurfing Cloud. Service unavailability of less than one minute is not counted.
The service availability rate of a single Container Security Guard instance per service cycle:
Service Availability Rate for a given Service Cycle = (Total Minutes in a Service Cycle for a Single Instance – Minutes of Unavailability in the Service Cycle for the Single Instance)/Total Minutes in a Service Cycle x 100%.
Article 4 Compensation Scheme
1 Compensation Standard
In the event Party B does not meet the commitment on the Service Availability Rate specified in this SLA, Party A can apply for compensation in accordance with the provisions of this SLA. The compensation will be issued in the form of service compensation time, and the compensation is the sole and exclusive compensation provided by Party B to Party A if the Services does not meet the service availability commitment.
Service Availability SLA | Credit (minutes) |
99.00% <= SLA < 99.95% | 4320 |
95.00% <= SLA < 99.00% | 12960 |
SLA < 95.00% | 43200 |
2 Time Limit for Claims
(1) If the Service Availability in a Service Month fails to meet the Service Availability Standard, Party A may claim for compensation only through the ticket system under Party A's account after the fifth (5th) business day of the month immediately following such Service Month. Party B will verify and ascertain the application upon receipt of such application. If there is any dispute over the calculation of the Service Availability for a Service Month, both Parties agree that the back-end record of Party B shall prevail.
(2) Party A shall apply for compensation no later than the sixtieth (60th) calendar day following the end of the Service Month in which the Service fails to meet the Service Availability Standard. If Party A fails to make any application within such period, or make the application after such period, or make the application by any means other than that agreed herein, it shall be deemed that Party A has voluntarily waived its right to apply for such compensation and any other rights it may have against Party B, in which case Party B has the right to reject the application for compensation and not to make any compensation to Party A.
Article 5 Force Majeure and Exemption
Service Unavailability does not include the unavailability of Party A's Services resulting from any of the following activities:
(1) Scheduled system maintenance, including cutover, repair, upgrade, or simulated failure exercises, for which Party B has provided prior notice to Party A;
(2) Network failures, device faults, or configuration adjustment of non-eSurfing Cloud devices;
(3) Unavailability caused by Party A's application or installation activities;
(4) Party A's application programs or data attacked by hackers;
(5) Operations authorized by Party A or any Party A's misjudgment in operations;
(6) Loss or disclosure of data, including passphrases and passwords, due to improper maintenance or confidentiality by Party A;
(7) Unavailability caused by Party A's self-upgrading of the operating system;
(8) Operating system vulnerabilities; and
(9) Unavailability that arises during the period when Party A's services are suspended or terminated according to the laws and regulations at the request of supervision authorities or the relevant agreement;
10) Unavailability caused by Party A's failure to use the Services in accordance with the service usage documents or operation instructions (such as Party A's shutdown or restart of the vulnerability management through control methods such as the console and API).
(11) Unavailability caused by other non-Party B reasons;
(12) caused by force majeure or unforeseen events. Force majeure or other unexpected events refer to objective events that are unforeseeable, insurmountable, and unavoidable and have significant impact on one party or both parties, including but not limited to natural disasters such as floods, earthquakes, epidemics, etc. and social events such as wars, strikes and unrest, government actions, interruption of telecom backbone lines, hackers, network congestion, technical change of telecommunications departments, and government policies, etc.
Party B shall not be liable for failing to perform its commitment due to the above reasons. If either party fails to perform this Agreement in whole or in part due to force majeure, and upon written notice to the other party, the affected Party shall not be liable for performance of the affected terms in this Agreement during the period of failure to perform and within the affected scope.
After the effect of such force majeure events or other accidents has been removed, the affected party/parties shall resume its/their performance hereof.