Last update:2023-12-20 15:30:03
CDNetworks Enterprise Secure Access service is designed to create a secure, efficient, and easy-to-use remote access/office environment for enterprises. The Enterprise Secure Access service is operated by CDNetworks Inc. and its global affiliates (each separately, and collectively, “CDNetworks” or “us”). CDNetworks understands end users (hereinafter, “you”) play a high value on how your personal data been processed and is committed to safeguard the security and reliability of your personal data to the best of our ability.
Upon your company/organization (hereinafter, “organization”)’s successful subscription to the Enterprise Secure Access service, one or more designated persons of organization can be registered as system administrator with access to the backend of Enterprise Secure Access management system.
This Privacy Policy for Enterprise Secure Access Service (hereinafter, “Privacy Policy”) will help you to be aware of and understand the following:
Please make sure that you have fully read, understand, and consent with the content of this Policy before using Enterprise Secure Access service.
1. Your Enterprise Secure Access Service Account
CDNetworks’ provision of Enterprise Secure Access service to you (and your organization) and processing of your personal data in connection therewith is based on the subscription agreement between your organization and us. Your Enterprise Secure Access service account is provided by your organization to you.
Your organization can:
Besides this Policy, your use of the Enterprise Secure Access service may also be subject to the rules and policies of your organization. CDNetworks is not responsible for the rules, policies, or privacy/security practices of your organization. If you have any privacy inquiry (including, any requests to exercise your data subject rights) during your use of Enterprise Secure Access service, we recommend you to first direct that inquiry to the administrator of your organization.
The cancellation of your account at your organization (e.g. due to change of employment) will lead to the loss of access to your Enterprise Secure Access account.
2. What Personal Data Do We Collect
The personal data we collect depends on the choices of you and/or the administrator of your organization made on the product settings, as well as the context of your interactions with CDNetworks.
Categories of data collected and processed by CDNetworks may include the following:
Name and contact data. Your first and last name, phone number, e-mail address, username, company name, and other similar contact data.
When the administrator of your organization registers Enterprise Secure Access service account for you, your organization may provide us with your first and last name, phone number, e-mail address and username (such username may be your name or other identifying name stipulated by the management strategy of your organization, the same concept applies to the other parts of this Policy) for account registration, two-factor authentication when logging in, and processing of the verification code during password resetting.
CDNetworks believes that before your personal data be provided by your organization to us, your organization has already obtained your prior written consent on personal data sharing.
To put it specifically:
a)Username: a username is necessary to use Enterprise Secure Access service. However, the specific setting as the user name will only affect the administrator’s ability to identify the real identity of the account user. It will not affect your ability to use Enterprise Secure Access for its normal functions;
b)Phone number: if the administrator of your organization didn’t provide us with this information, the end user who enables SMS two-factor authentication will not be able to login to Enterprise Secure Access, reset his/her account password through mobile phone number, or modify and bind his/her mobile phone number. This will not affect the users who did not enable SMS two-factor authentication function;
c)E-mail address: if the administrator of your organization didn’t provide us with this information, you will not be able to reset your Enterprise Secure Access account password through e-mail, and you will not be able to receive notification e-mails sent by the server, including, but not limited to: account creation, account expiration, password reset, TOTP key reset, and mobile phone number modification. This will not affect other features of Enterprise Secure Access that you use.
The aforementioned data may be collected directly from you during your use of Enterprise Secure Access, or indirectly from the administrator of your organization during account set up or recovery process, if any.
3. How We Use Personal Data
CDNetworks uses the data it collects to provide better service to you, which including, but not limited to:
Our processing of personal data for the above purposes includes both automatic and manual processing. CDNetworks’ use and process of your personal data are on the ground of your consent and/or as required to fulfill our contractual obligations and provide Enterprise Secure Access service to you. CDNetworks believes that before your personal data be provided by your organization to us, your organization has obtained your prior written consent on personal data processing.
Personal data processing activities on different occasions:
When you install and run Enterprise Secure Access software on your device for the first time, we will request storage and location permissions, where the storage permission is necessary for software installation. You may choose on your own accord whether to authorize us with the location permission.
In the process of logging in to Enterprise Secure Access, we will request for VPN permission to ensure the normal function of the product. It collects your mobile phone number, device name, device model, operating system, Enterprise Secure Access software version number, location information of the device (such as login IP address, GPS location, etc., accurate to one kilometer), unique device identifier (this refers to the string information used by the device manufacturer to identify a specific device, such as Mac address), operation log, etc., in which the mobile phone number is used for two-factor authentication when logging in. If the administrator of your organization does not enable SMS two-factor authentication for you, then we will not collect your mobile phone number information.
In the process of resetting your password, we will collect your mobile phone number or e-mail address information for sending the two-factor authentication verification code. If you refuse to provide this information, you may ask the administrator of your organization to reset the account password through his/her console. This does not affect other features of Enterprise Secure Access that you use.
In the process of resetting your TOTP key, we will collect your mobile phone number or e-mail address information for sending the two-factor authentication verification code. If you refuse to provide this information, you may ask the administrator of your organization to reset the account TOTP key through his/her console. This does not affect other features of Enterprise Secure Access that you use.
When using Enterprise Secure Access service, if your organization has access behavior audit requirements, then we will collect access log information, including access time, quintet, domain name details and other information.
When using the change mobile phone number function, we will collect your mobile phone number information for sending the two-factor authentication verification code.
When you use the issue report/user feedback function and need to upload images, we will request permissions to access photo albums and your device camera, and your uploaded descriptions, user logs and images will be stored on our server. Storage of this information is necessary for us performing this function.
When you encounter usage issues that require our assistance in troubleshooting, we will collect and proceed with your operation log information, including but not limited to username, permission resources, operation behavior, domain name access record, DNS resolution result, software failure information, IP routing information, the method, type and status of access to the network, network quality data, etc., which are the basic information that we must collect for troubleshooting. For instance, we will use permission resources and domain name access records to determine the occurrence of any unauthorized access; we will use DNS resolution results to determine abnormal DNS resolution incidents.
When the administrator of your organization resets your password through the console and chooses to notify you through your mobile phone number or e-mail address, we will collect the information of your mobile phone number or e-mail address.
When you use the above functions, our App will request for a total of 5 system permissions: storage, location, photo album, camera and VPN. The aforementioned permissions are not enabled by default. You can choose whether to grant these system permissions to our App.
4. How Do We Entrust, Share, and Transfer Your Personal Data
4.1 Entrustment
No delegated processing will be involved in any functions and/or modules of Enterprise Secure Access.
4.2 Information Sharing
We share your personal data with your consent or for provision of Enterprise Secure Access service to you:
Please note that if you use Enterprise Secure Access service to link or connect to products of third parties, those third-party products may adopt their own privacy policies. Your submission and provision of your personal data to such third-party products will be governed by the privacy policies of such third-party product.
4.3 Transfer
We will not transfer your personal data to any third-party company, organization or individual outside our organization, except in the following cases:
5. How Do We Protect Personal Data
5.1 CDNetworks has adopted administrative, technical, and organizational measures to protect your personal data from unauthorized access, use, alternation, disclosure, or leakage. We will take all reasonable and feasible measures to protect your personal data. For instance:
5.2 We will take all reasonable and feasible measures to ensure that personal data will be collected to the minimal necessary extent. We will only retain your personal data for the period necessary to fulfill our contractual obligations as described in this Policy, unless otherwise required by law.
5.3 We are all aware that the Internet is not a 100% secure environment. CDNetworks will endeavor to the best of our ability to safeguard the security of your personal data.
5.4 In the event of any personal data security incident, we will follow the requirements of laws and regulations, inform you of the incident and its possible impact at the earliest, and keep you updated about the measures we have taken or will take, and suggest actions that you can take to prevent and reduce the impact at your side. We will promptly inform you about the incident-related information in one or a combination of ways such as e-mail, telephone, etc., and when it is not feasible to get contact with you directly, we will issue an announcement in a reasonable and effective manner.
At the meantime, we will also report the handling of personal data security incident to the corresponding regulatory authority in accordance with the requirements applicable.
6. How Do We Store and Retain Personal Data
Personal data collected by CDNetworks will be stored in an encrypted manner in your region or other regions where CDNetworks or its affiliates operates.
CDNetworks will retain personal data as necessary to provide services to you and/or your organization, or for the fulfillment of our statutory/judicial obligations. Our retention period may vary depending on the type of personal data and difference of mandatory requirements in data protection laws among jurisdictions applicable.
To put it specifically:
7. Your Rights
You may exercise the following rights with regards to your personal data:
You have the right to access, correct, delete your personal data, or withdraw the authorization of your consent, unless otherwise stipulated by relevant laws and regulations. If you wish to exercise the above rights, you may do the following: 1) log in to our App and click “Settings”; 2) Click “Account Management” to access, correct or delete your personal data.
However, subject to the agreement between CDNetworks and your organization, if the administrator of your organization sets certain restrictions on end user accounts, you may not be able to modify, delete your personal data or withdraw the consent at your side, in such circumstance please contact your organization to learn more about how to access and control your personal data.
Please note that only when your organization confirms that you are no longer been granted access to Enterprise Secure Access, may you cancel your Enterprise Secure Access account and CDNetworks will stop providing services to you and delete (or anonymously process) your personal data under the relevant accounts within a reasonable period of time.
8. Protection of Children and Minors
CDNetworks Enterprise Secure Access service is provided to organizations and their employees who have full civil capacity. The Enterprise Secure Access is not designed or intended to be used by children or minors. You as end user should not lend or allow any third party to use your Enterprise Secure Access account, including children or minors in your family. CDNetworks assumes that there is no personal data of children or minors been collected or processed under Enterprise Secure Access.
Definition to “children” and “minor” are subject to the laws applicable.
9. Change to This Privacy Policy
We may update this Privacy Policy from time to time in response to:
If any change be introduced to this Privacy Policy and may materially affect the manner we collect and process your personal data or the way you use Enterprise Secure Access service, we will notify you through the contact method you chose. If CDNetworks is not able to get in touch with you directly, we will notify you by posting a notice on our website. All changes to this Privacy Policy will be posted on our website with change history available. CDNetworks recommends you to periodically check the latest version of this Privacy Policy to be aware of any changes.
10. How to Contact Us
If you have any question, concern or suggestion in relation with this Privacy Policy, please reach us via e-mail to: abuse@cdnetworks.com with title: [privacy_Enterprise Secure Access].