Wangsu Science & Technology Co., Ltd (hereinafter referred to as “Wangsu”) is a world’s leading internet service provider, and it mainly provides internet content delivery network (CDN) services, internet data center (IDC) services, cloud computing services, cloud security services, as well as other services. Currently, Wangsu has established over 1500 nodes across the world, covering nearly 70 countries across Asia, America, Oceania, Africa and Europe. In providing such services as content delivery, as a data processor, Wangsu needs to conduct collecting and processing of personal data according to the instructions of customers (data controllers), contractual requirements and the requirements for optimizing services; meanwhile, as a data controller, Wangsu also collects and processes customer contact information. Wangsu believes, protection of personal privacy and personal data is a basis for maintaining a cooperative relationship and trust relationship. Wangsu commits to observing the obligations that are stipulated by data protection laws, especially the EU General Data Protection Regulation (GDPR) and similar laws, regulations and administrative rules.
Wangsu refers to Wangsu Science & Technology Co., Ltd. and its affiliated companies, including but not limited to: Wangsu Science & Technology Co., Ltd, Wangsu Science & Technology Co., Ltd Beijing Branch, Hangzhou Wangsu Science & Technology Co., Ltd, Jinan Wangsu Science & Technology Co.,Ltd, Xiamen Wangsu Science & Technology Co., Ltd, Chengdu Wangsu Science & Technology Co., Ltd, Wangsu Science & Technology Co., Ltd Xiamen Branch, Xiamen Wangsu Software Technology Co., Ltd.
refer to any information relating to an identified or identifiable natural person (‘data subject’), i.e., a name, an identification number, location data, and online identifier, etc.
refer to the entities that determine the processing purpose and means of personal data.
refer to the entities that process personal data for controllers.
refer to a natural person or legal person, public institutions, administrative agencies or other organizations without a legal person status, other than data subjects, controllers, Wangsu and other data processors that Wangsu introduces after having obtained a consent of the controller.
refer to the official websites of Wangsu (the domain names are: wangsu.com, chinanetcenter.com, and their subdomains) and Wangsu client. For concepts that are not explained herein, the definitions in GDPR shall apply.
In the process of providing customers with services, the personal data that Wangsu collects or processes include:
The personal data of website visitors contained in the website content of customers that receive Wangsu’s services. When a customer purchases Wangsu’s content delivery network service, it shall sign an acceleration service contract with Wangsu. In order to achieve the objective of distribution acceleration for the customer’s website content, optimize transmission efficiency, and improve end users’ visiting experience, those website contents that contain personal data will be cached or stored on Wangsu’s servers, and will be transmitted between servers, and finally transmitted to the customer and other end users. The personal data of website visitors may include login information, user name and contact means, payment means and transaction information, personal data related content that are provided by visitors and visitors’ personal information that is collected by other customers through their websites.
The personal data that are contained in Wangsu’s user access log data. User access log refers to a record of user activities that are conducted via Wangsu’s content delivery network platform. The personal data in a user access log may include the IP addresses of end users, website visiting activities data with a time stamp and URLs that combine with IP addresses, the browsers that end users use to visit the website, and the duration of visiting. Wangsu also may obtain geographic location information based on the IP addresses and the position of Wangsu’s servers, and tele-measuring data, i.e. mouse click, travel speed, user proxy, and relevant browser data, etc.
The personal data that are included in customers’ contact information, and the personal information that is collected during visiting of Wangsu’s websites. Wangsu or Wangsu’s websites collects and stores the personal data of customers’ legal representatives, working staff or contact persons, for daily work contact, maintaining customer relationship and better serving customers. A customer’s personal data may include: the name and ID card no. of the customer’s website’s responsible person, customer contact persons’ names, posts, work addresses, telephone numbers, e-mail addresses, IP, browsers, cookies, URLs, etc.
Wangsu takes the following processing means for the above data that Wangsu collects:
Therefore, customers should be responsible for the legitimacy of relevant data processing, specifically, they should observe the laws and regulations that apply in the service area, assume the obligation for disclosure to end users, obtain the consent of end users regarding relevant data processing, tell end users the available means for exercising their rights for personal data protection, and select the service type that is suitable for transmitting personal data of end users.
Unless according to the stipulations of laws or the requirements of services that customers purchase, Wangsu will not conduct extra storage or processing of the personal data of end users. If end users and supervision entities have any question or demand about data processing, Wangsu will make all efforts to help pass on the question or demand to Wangsu’s customers, and Wangsu’s customers shall be responsible for responding to this demand, and shall not process arbitrarily.
Based on such needs as providing customers with products of service performance and data analysis, providing anti-fraud and Bot management functions, improving service, and improving use experiences of end users, Wangsu needs to accurately identify malicious network traffic, refuse malicious access requirements, and avoid denying of normal access at the same time. This further requires Wangsu to conduct traffic analysis of its network based on the personal data in logs that are collected from the websites’ sessions or the browsers of end users.
The threat data that are obtained from this are integrated to Wangsu’s tools, products and services, so as to protect Wangsu and its customers from harm as a result of network attack, hacker attack, malicious software, viruses, fraud activities, and other malicious activities.
Wangsu also will conduct processing of personal information in the logs for the purposes of billing, solving service problems or improving services, addressing service faults and summarizing reports. In relevant reports that are publicly issued (i.e. “internet report”), personal data shall be masked.
For example, Wangsu analyzes an end user’s service quality by collecting personal data in the logs, considering the end user’s IP, the IP’s rough geographic information, time stamps, URLs, and activity data; and it analyzes the quality of Wangsu’s IDC and the connection between them based on the activity data and the duration of access; and it analyzes the threat information of IP addresses based on IP, time stamps, browser information, access duration and remote sensing data; and it adjusts service and security strategies based on a customer’s configuration and Wangsu’s scheduling strategy, so as to improve the use experience of end users, and provide customers with service quality reports, and accurately shield from attacking IP addresses that pose threats to Wangsu or customers.
Wangsu shall distribute the personal data in the logs that are collected as a result of providing services with a customer to the customer, so as to comply with the contract, and help the customer understand the access situation of its website.
What should be emphasized is that Wangsu’s collection and processing behaviors for IP, URLs or any other personal data included in Wangsu’s log data are not aimed at identifying specific persons.
Wangsu collects and processes customers’ personal data so as to directly conduct contact and communication with customers, and timely give notification in the event of abnormal situation of services, and the objective is to provide customers with services, and to manage customer relationship. The collection of name and ID card number information of responsible persons of websites shall be conducted according to the requirements of the Network Security Law of the P.R.C: in providing users with internet services, the service provider should request users to provide true identity information.
Wangsu’s websites will store a small data file named Cookie on your computers or mobile devices, and Cookie generally contains identifiers, website names and some characters. Cookie can help effectively lower the possibility of Wangsu’s being infested with junk mails, and make access to Wangsu’s websites easier and more simple. Users of Wangsu’s websites can configure their browsers to accept or not accept Cookie. If a user chooses not to accept Cookie, it may cause some functions of the website to be not usable.
Wangsu provides a built-in security function in the process of providing customers with services and conducting data collecting and processing. In order to prevent others’ unauthorized access to and obtaining of customers’ personal information, we conduct encryption of customers’ personal data so as to protect privacy. Only those entities for which it is really necessary to contact and process personal information are allowed to access personal data, and it is ensured that the aforesaid entities clearly know about the importance of the security and protection of personal data, and strictly observe the confidentiality obligations that are stipulated in relevant data protection laws.
Transfer of personal data
Wangsu’s servers are located across the world. In order to better serve our customers, the servers that Wangsu uses in providing customers with services may not be located in the country or region where a corresponding customer is, but the servers that conduct processing of data are all servers that are owned by Wangsu or its affiliated companies, or servers of other data processors that Wangsu introduces after having obtained prior consent of customers, and these servers have equal security and protection capability, and observe similar data security protection rules.
Except the aforesaid situations, Wangsu shall not take the initiative to transfer or sell any personal data that it collects to any third parties, other than the data subjects, controllers, processors, and other data processors that are consented by the controllers, except the following situations:
Share data with other entities according to the data subjects’ requirements or data controllers’ written instructions;
Disclose these personal data according to the requirements for ensuring national security, public safety or public interest, or the mandatory requirements of governments or legal regulations (requirements of relevant laws, regulations and legal procedures), customers and end users acknowledge and consent the transfer of these data, so as to comply with the legal compliance procedures.
Wangsu protects customers’ personal data that customers provide by proper security management measures, and it adopts various security technical measures, including but not limited to SSL encryption, so as to ensure the security of personal data transmission; Wangsu prevents unauthorized access to such information by means of identify verification and access control; Wangsu regularly conducts security assessment and permeation test of the platform, so as to ensure the platform’s reliability; Wangsu conducts proper data security assessment for any processing and change of personal data, so as to ensure that relevant laws about data protection and these terms are observed.
The basic principles for processing of personal data:
Fair-and-square and legal: personal data shall be collected and processed in a fair-and-square and legal way;
Restricted purpose: Processing of personal data that are collected shall be restricted to the purpose that was determined before collecting the data, and shall not be used to identify individual persons;
Transparency: When the data are collected, the data subjects shall be able to know about the means and purpose of data processing, and the third parties that the data may be transmitted to.
Necessity check: it shall be checked whether it is really necessary to conduct the processing before conducting processing of personal data.
Not identify: no individual person shall be identified by processing of personal data.
Customers have the right to consult the corresponding personal data that Wangsu obtained, stored and processed, and correct or delete corresponding personal data according to the stipulations of laws and customers’ written instructions. Data subjects may contact us via our customer service representatives or our e-mail GDPR@wangsu.com, to request access to, or correction or deletion of corresponding personal data, and we will make reply to your request in a reasonable period of time. If a customer does not want to receive our marketing information any more, he/she may directly contact our customer service representatives or contact us by e-mailing to GDPR@_wangsu.com, we will complete proper handling in a reasonable period of time.
If you have any questions about Wangsu’s privacy terms, or want to exercise any of your rights that are endowed by law, you can e-mail your written requests to GDPR@wangsu.com, Wangsu is always committed to protecting your information.
About revision of these terms:
Wangsu may make revisions to these terms from time to time so as to better implement data protection policy, and all revisions will be conducted according to the stipulations of relevant data protection laws and the data processing principles stipulated in these privacy terms. For major revisions, Wangsu will send you clear notices by means of website announcements or e-mail.