Thank you for your interest in the Sangfor Platform (or the “Platform”)! To enhance the user experience with Sangfor’s products and services, Sangfor has developed a diverse range of websites, platforms, and systems, enabling access to comprehensive resources and information, including but not limited to Sangfor Community, Sangfor Support, etc.
Sangfor takes your privacy concern seriously and fully respects your privacy. Sangfor is committed to strictly complying with applicable laws and regulations to take appropriate security measures to ensure your privacy in a secure and controllable status. To achieve this objective, the service provider of this Platform (hereinafter referred to as “Sangfor” or “we”) has prepared and published this Privacy Policy (hereinafter referred to as the “Policy”).
To protect your rights, this Policy will explain to you how Sangfor collects, uses, shares, discloses and stores your privacy and which security measures have been taken to protect the End User Data (including but not limited to personal information) and the rights to which you are entitled. In addition to this privacy, we may inform you of the processing details of other End User Data which are not described in this Policy by way of a separate privacy notice or statement in advance and seek your consent as necessary, for example when you choose to activate or use a new service.
THIS POLICY GOVERNS YOUR USE OF THE PLATFORM AND ITS RELEVANT SERVICES. PLEASE READ AND UNDERSTAND ALL OF ITS TERMS CAREFULLY. BY CLICKING “I ACCEPT” OR A SIMILAR BUTTON, BY PROCEEDING TO USE THE PLATFORM SERVICES THROUGH ANY OTHER MEANS, OR BY COMPLETING ACCOUNT REGISTRATION OR IDENTITY VERIFICATION, YOU ACKNOWLEDGE THAT YOU HAVE READ THIS POLICY AND AGREE TO BE BOUND BY IT. THIS POLICY WILL FORM A LEGALLY BINDING AGREEMENT BETWEEN YOU AND SANGFOR.
This Policy will help you understand the following:
1. Application scope of this Policy
2. How we collect and use your personal information
3. How we share, transfer, and disclose your personal information
4. How we store your personal information
5. How we protect your personal information
6. How you access and manage your personal information
7. How we use cookies and similar technologies
8. Protection of minors
9. Updates to this Policy
10. Contact us
1. Application scope of this Policy
Unless specifically stated or otherwise exclusively agreed, this Policy applies to the Sangfor Platform (as defined in End User License Agreement) and other services you access through the Platform. This Policy does not apply to any products or services provided to you by third parties through this Platform. Before choosing any third-party products or services, you should fully understand the features and privacy policies of the third-party products or services and agree with third parties on the specific rights and obligations related to the use of products or services.
2. How we collect and use your personal information
The data processing activities are subject to differences depending on the specific Sangfor Platform in use. To be specific:
2.1 In the course of your use of the Sangfor Community and the relevant services, the information we collect is as follows:
2.1.1 Account Registration
In order to help you complete the Platform account registration, we require you to provide mandatory including your username, email address, country/region of residence, and company affiliation.
2.1.2 Optional Profile Information
Additionally, you may voluntarily submit optional information including your city of residence, profile avatar, personalized signature, occupation, and gender designation to further enhance your profile and platform interactions. You could also submit your mobile number for convenient login authentication and password recovery, as well as residential or office address details when required for reward redemption.
2.1.3 Discussion and Comments Content
When engaging in the Platform discussions by publishing posts or comments, we will process and retain the textual and multimedia content you submit.
2.1.4 Learning and Examination
In order to assist Users in participating in the relevant learning and examination activities, and to provide you with the necessary information and feedback, we will collect detailed engagement records during your participation in online learning modules and certification exams, which include accessed courses, exam timestamps, and submitted academic content (e.g., assignments or examination responses).
When User’s questions, interactions, comments or other published content during your engagement of these activities are selected for the Platform recommended topic, they may be viewed or accessed by other Users of the Platform.
2.1.5 Certification Activities
In order to administer technical certification programs, we mandate the submission of personally identifiable information, including your full name, mobile number, identity document, email address, and scheduled examination details. This data is essential to verify your identity, coordinate examinations, and issue credentials. After you pass the relevant technical certification, we will retain your certification records indefinitely to support statistical analysis, program management, and user-initiated verification requests.
2.1.6 Notification
In order to deliver service notifications and informational updates, we may disseminate communications via SMS (linked to your registered mobile number), email, or in-platform messaging systems. You can stop receiving our service information through SMS unsubscribe, email unsubscribe, customer feedback and other ways.
2.1.7 AI-powered Intelligent Customer Service
To enhance use efficiency and improve user experience, the Platform provides User with an AI-powered Intelligent Customer Service, which is designed to accurately understand and resolve product-related inquiries, including but not limited to questions about product features, usage instructions, troubleshooting guidance, etc. To enable your interaction with the AI-powered Intelligent Customer Service, we will use your account information, including your username and email address.
2.1.8 Cybersecurity Protection
In order to fulfill cybersecurity obligations under applicable laws and regulations, maintain the stable operation of the Platform, and to optimize your use experience, during your use of the Platform, we may collect information about your device and how you and your device interact with the Platform, including device identifiers (device name, device model, mobile phone model, IMEI, MAC address, serial number), IP address, operating system version,and usage patterns (session duration, interaction logs, system event reports such as errors or crashes). This information is analyzed to verify your identity, strengthen account security protocols, diagnose technical anomalies, and mitigate operational risks.
2.2 In the course of your use of the Sangfor Support and the relevant services, the information we collect is as follows:
2.2.1 Account Verification
To access and use the full services of this Platform, you must complete identity verification using your Sangfor Community account. To facilitate this process, we will collect and process your Sangfor Community account information, including username, password, email address and geographic information (i.e. country).
2.2.2 Optional Profile Information
During your use of the Platform, you may also submit additional personal information including company name, occupation information, etc. This kind of information will be used to enrich your profile and to provide you with more personalized content recommendations.
2.2.3 Usage Data for Service Improvement
To continuously improve your user experience, we will record and process data related to your interactions with the Platform. This includes your user ID, browser language setting, operation time, operation type (e.g., viewing, searching, downloading, saving, evaluating), accessed document IDs, browsing types (e.g., products, documents), browsing content ID, types of saved items, saved item ID, and tagged content. This data is processed to deliver more targeted content recommendations and to optimize the Platform’s services.
2.2.4 Cybersecurity Protection
To safeguard the Platform and enhance your data security during your use the Platform, we will collect and process certain security-related information. This includes device unique identifiers, User’s IP address, login time, and download time.
2.2.5 Feedback and Comments
You may submit comments and feedback through the relevant pages on the Platform. All information you provide will be recorded and processed to improve the services of the Platform or other Sangfor Products. Before submitting any feedback, please ensure that it does not contain any personal information, confidential information, or any other content unsuitable for Sangfor to process. Your submission of such content constitutes your authorization and consent for Sangfor to process the included information.
2.2.6 Information From Other Platforms
In addition to the information collected under sections 2.1 through 2.5, we may synchronize necessary information from other Sangfor platforms or systems while you use this Platform. Such cases include when you enter the purchase order number, serial number or Gateway ID of purchased Product on the relevant platform interface. We will synchronize your order and product information (license period, product version number, etc.) through other Sangfor platforms or systems to enrich the information you can view on the platform and to help you better utilize the Platform’s features and services.
2.3 Exceptions
You are fully aware that, in accordance with applicable laws, we may collect and use relevant personal information without your authorization or consent under the following circumstances:
2.3.1 It is related to the performance of our obligations specified by laws and regulations.
2.3.2 It is directly related to national security and national defense security.
2.3.3 It is directly related to public safety, public health, or major public interests.
2.3.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.
2.3.5 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals while it is difficult to obtain your consent.
2.3.6 The personal information involved is disclosed to the public by you.
2.3.7 It is necessary to execute and perform the contracts or agreements between you and us.
2.3.8 The personal information is collected from the information disclosed to public legally, such as through legal news reports, government information disclosures, or other channels.
2.3.9 It is necessary to maintain the operational security and stability of our products or services, such as discovering and handling the failure of our products or services.
3. How we share, transfer, and disclose your personal information
3.1 Sharing
We will not share the personal information that we process or are authorized to process with any third party, except in the following circumstances:
3.1.1 Service Providers of the Platform. To facilitate the operation and relevant service provision of the Platform, Sangfor may engage third-party vendors. These include, but are not limited to, technical support providers, marketing and advertising service providers etc.
3.1.2 We have obtained your explicit consent. After informing you of the name, the contact details of the third parties, the purpose and manner of the processing, as well as the type of personal information involved, and obtaining your explicit consent, we will share the information with the third parties within the authorization scope.
3.1.3 Sharing for the performance of the legal obligation. We may share your personal information in accordance with applicable laws and regulations, legal proceedings, litigation/arbitration, compulsory governmental orders or regulatory requirements; for example, in order to meet the requirements for identification authentication of relevant laws and regulations, it is necessary to share your personal information with the relevant governmental authorities or authorized third parties.
3.1.4 To the extent required or permitted by law, it is necessary to provide your personal information to a third party in order to protect the interests, property or safety of you or the public from damage.
3.1.5 It is necessary to share your personal information in order to protect national security, public safety and the significant legitimate rights and interests of you and other subjects.
3.1.6 Personal information that you disclose to the public or that we can obtain from other legitimate public sources.
3.1.7 We may share your personal information with our affiliates to provide you with transaction support, service support or security support. For example, to avoid duplicate account registrations, we need to verify the uniqueness of the accounts to be registered; we will only share your information with our affiliates for specific, explicit and lawful purposes, and only to the extent necessary to provide the Services.
3.1.8 Sharing with business partners as necessary to provide services. We may provide your personal information to business partners with your consent for the purpose of providing you with the required Service or entering into a cooperation with you. Before introducing the partners, we will carry out information security related investigation or confirmation, and require the partners to take strict measures to protect your personal information through contractual instruments.
3.2 Transfer
We will not transfer the personal information that we process or are authorized to process to any companies, organizations, or individuals, except in the following circumstances:
3.2.1 We have obtained your explicit consent.
3.2.2 In the event of merger, acquisition, or bankruptcy liquidation where personal information transfer is involved, we will require that the new company or organization holding your personal information be bound by this Policy. Otherwise, we will require the company or organization to obtain your authorization or consent again. If such event does not involve the transfer of personal information, we will fully inform you of the relevant situation and delete or anonymize the personal information we hold.
3.3 Disclosure
We will not disclose relevant personal information, except in the following circumstances:
3.3.1 The disclosure is made with your express consent or at your request.
3.3.2 Disclosure in accordance with legal requirements: The disclosure is necessary to comply with compulsory requirements of laws, legal proceedings, litigation, or competent government authorities.
3.3.3 The disclosure is reasonable and necessary for the purpose of maintaining the public interests.
3.4 We may share, transfer, or disclose relevant personal information without your authorization or consent under the following circumstances:
3.4.1 It is for purposes related to national security and national defense security.
3.4.2 It is for purposes related to public safety, public health, or major public interests.
3.4.3 It is for purposes related to criminal investigation, prosecution, trial, or judgment execution.
3.4.4 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals while it is difficult to obtain your consent.
3.4.5 The personal information disclosed is from the information collected from legally publicly disclosed information, such as through legal news reports, government information disclosures, or other channels.
3.4.6 It is necessary to maintain the operational security and stability of our products or services, such as discovering and handling the vulnerability or failure of our products or services.
4. How we store your personal information
4.1 The Platform is deployed on Sangfor servers located in Malaysia (hereafter referred to as Malaysia) and can be used by the User located outside of Malaysia. As the data processed by the Platform is triggered by the User’s independent login or use of the corresponding functions, before using the Platform, the User located outside of Malaysia shall be aware that their login and use data will be transferred to Malaysia. The User shall independently assess whether the cross-border transfer and processing of data involved in the use of the Platform meet the legal requirements applicable to you, and you shall be solely responsible for complying with the applicable legal requirements independently. As the service provider of the Platform, Sangfor will store data and take relevant management and technical measures to safeguard data security in accordance with the applicable laws and regulations.
4.2 If we need to transfer relevant personal information we process within one country or region to an overseas entity for the purpose of conducting cross-border business, we will obtain your separate consent and transfer the personal information in accordance with the applicable laws, regulations, and the provisions of the competent regulatory authorities. We will ensure to provide sufficient protection for related personal information, such as anonymizing the personal information or taking encryption or other security measures for the storage and transmission of personal information.
4.3 You understand and agree that, in order to better guarantee sufficient resources for the operation of the Platform servers so as to provide the User with more stable and high-quality services, or based on the demand for disaster recovery and backup, Sangfor may temporarily store some of the data uploaded by the User on servers other than the data center providing services, and such data will be strictly encrypted and compressed and will not be processed in any other way except for storage. And Sangfor will safeguard the data security in accordance with this Policy or other relevant agreements.
4.4 Audit log data for the Platform (which may contain the information listed in Articles 2.1 and 2.4) will be retained for not less than six months in accordance with legal requirements, and for other data uploaded by the User that contains no personal information, Sangfor will decide the retention period independently according to the business requirements of threat intelligence. In addition to the above, under the following circumstances and for the corresponding purposes, we may need to retain all or part of your information in accordance with the retention period specified in the relevant laws and regulations:
4.4.1 Comply with applicable laws and regulations and other relevant provisions.
4.4.2 Comply with a court judgment, decision or other legal process.
4.4.3 Comply with the requirements of the relevant administrative, judicial or other competent authorities.
4.4.4 Implement of this Policy or other relevant agreements, or handle any complaints/disputes, or protect the personal, property safety or legitimate rights and interests of you or other relevant subjects within the reasonable and necessary scope.
5.How we protect your personal information
5.1 Sangfor attaches great importance to your information security. We use various technical security measures to protect the information against unauthorized access, use, disclosure, abuse, alteration, destruction, or loss, for example, we provide secure browsing on the Platform using the HTTPS protocol; we use encryption technology to increase the security of End User Data; and we use trusted protection mechanisms to prevent malicious attacks on End User Data. In addition, we establish End User Data security management systems and work processes to strictly control access to End User Data; restrict the permissions of the staff having access to personal information and provide them with training relating to security and confidentiality; and regularly conduct personal information security risk assessments and promptly handle related risks, to continuously improve our ability to protect the security of personal information.
5.2 In addition to our obligation to protect your personal information, you are also responsible for the appropriate use and safekeeping of information relating to your account, so please set a password with a high level of complexity in order to maximize account security. If you identify that anyone is using your account without your authorization, you shall immediately report this to the personnel who has assigned the account access to you or contact us to assist you in stopping the unauthorized use.
5.3 In the event of a personal information security incident (information leakage or loss), we will, in accordance with applicable laws and regulations, promptly inform you of the basic information and possible impact of the security incident, the measures we have taken or will take, suggestions for you to independently prevent and reduce risks, and the remedies for you in a reasonable manner. We will promptly inform you of the incident-related situation by email, letter, phone call, online push and notification, etc. If it is difficult to inform the data subject separately, we will take a reasonable and effective way to make a public announcement. In addition, we will report our handling of the personal information security incident in accordance with the requirements of regulatory authorities.
5.4 THOUGH WE WILL USE OUR BEST EFFORTS TO TAKE REASONABLE MEASURES TO PROTECT THE SECURITY OF END USER INFORMATION, THERE ARE NEITHER COMPLETELY PERFECT SECURITY MEASURES NOR UNBREAKABLE SERVICES, PRODUCTS, WEBSITE, DATA TRANSFER, INFORMATION SYSTEM OR NETWORK CONNECTION IN THE EVENT OF ANY UNAUTHORIZED ACCESS TO, PUBLIC DISCLOSURE OF, UNINTENTIONAL ALTERATION OF, OR DESTRUCTION OF INFORMATION DUE TO A BREACH OF OUR PHYSICAL, TECHNICAL, OR MANAGERIAL SAFEGUARDS, WHICH RESULTS IN DAMAGE TO YOUR LEGAL RIGHTS AND INTERESTS, WE WILL ASSUME THE RESPONSIBILITIES AND LIABILITIES ARISING THEREFROM. IN THE EVENT OF ANY END USER DATA LEAKAGE, LOSS, OR OTHER SECURITY INCIDENT ARISING OUT OF YOUR DISCLOSURE OF THE PRODUCT OR SERVICE ACCOUNT AND PASSWORD TO A THIRD PARTY, YOUR BREACH OF THE RELEVANT PRODUCT OR SERVICE USE AGREEMENT, OR OTHER REASONS ATTRIBUTABLE TO YOU, OR HACKING, INTRUSION OF COMPUTER VIRUSES, OR OTHER REASONS ATTRIBUTABLE TO THIRD PARTIES, OR FORCE MAJEURE, YOU UNDERSTAND THAT SANGFOR SHALL NOT BEAR ANY DIRECT OR INDIRECT LOSS OR LIABILITY ARISING THEREFROM.
6. How you access and manage your personal information
Under applicable data protection laws, you may have the following data protection rights:
6.1 You have the right to access and manage your personal information processed by Sangfor.
6.2 You have the right to demand the rectification of any incorrect or inaccurate personal data we hold with respect to you.
6.3 You have the right to object to processing of your personal data, or ask us to restrict processing of your personal data.
6.4 You may also request us to delete your relevant personal information under the following circumstances:
6.4.1 Our processing or authorized processing of relevant personal information violates applicable laws and regulations.
6.4.2 We collect and use your personal information without your express consent.
6.4.3 Our processing or authorized processing of relevant personal information seriously breaches the relevant agreement.
6.5 You have the right to withdraw your consent previously made and relating to the processing of your personal data with future effect. However, such withdrawal of consent does not affect the legitimacy of any processing operations previously executed. To exercise any of the above rights, please contact us by following the instructions available in the Section 9 “Contact Us” in this Privacy Policy.
6.6 Response to your request
6.6.1 When you claim the said rights, we may require you to submit a written request and may verify your identity. In principle, we do not charge a fee for your reasonable requests, but we will charge a certain cost for repeated requests that exceed reasonable limits, as appropriate. We may reject requests that are repeated for no reason, require excessive technical means (for example, requiring the development of new systems or fundamental changes to current practices), pose a risk to the legitimate rights and interests of others, or are highly impractical (for example, involving the backup of information stored on tapes).
6.6.2 To ensure security, you may need to submit a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
6.6.3 Under the following circumstances, we will not be able to respond to your request:
6.6.3.1 It is related to the performance of your obligations specified by laws and regulations.
6.6.3.2 It is directly related to national security and national defense security.
6.6.3.3 It is directly related to public safety, public health, or major public interests.
6.6.3.4 It is directly related to criminal investigation, prosecution, trial, or judgment execution.
6.6.3.5 We have sufficient evidence that you have subjective malice or abuse of rights.
6.6.3.6 It is for the purpose of safeguarding the life, property, or other significant legitimate rights and interests of you or other individuals.
6.6.3.7 Response to your request will cause serious damage to the other legitimate rights and interests of related individuals or organizations.
6.6.3.8 It involves trade secrets.
7. How we use cookies and similar technologies
7.1 Cookies are small data files that are installed on your computer or mobile endpoint device when you visit a website. The content of a cookie can only be retrieved or read by the server that created it. We may record and use information about you through cookies, but the information recorded through cookies is only stored on your local device and only processed when you are using the relevant features/services of the Platform. The specific purposes for which we use cookies include:
7.1.1 To remember your identity for the purposes of logging in and completing authentication, e.g. cookies help us to recognize you as a registered User of Sangfor;
7.1.2 To store your operational settings or preferences so that you can have a more efficient experience.
7.1.3 To count and analyze your use of the Platform in order to provide you with a more thoughtful and personalized service, which may include, but is not limited to, customized pages, content recommendations, etc.
7.2 Other similar technologies
In addition to cookies, we may use other similar technologies to collect information automatically. For example, we may use browser web storage (including through HTML5), also known as local storage objects, for purposes similar to cookies.
7.3 Most web browsers have settings to block cookies and clear the browser’s web local storage, which you can manage or clear according to your preferences. Please note that if you set to block the operation of cookies or other similar technologies, you may not be able to enjoy an optimal experience of the Services and the usability of certain features may be affected.
8. Protection of minors
8.1 Our Products and Services are provided mainly to adults. We attach great importance to the protection of personal information of minors. If you are a minor, you must ask your parent or other guardians to carefully read this Policy and you may use our products or services or provide information to us after obtaining the consent of your parent or other guardians.
8.2 In the case of the collection of personal information of minors who use the Platform with the consent of their parents or other guardians, we will only process the relevant information as permitted by law, with the express consent of the parents or other guardians, or as necessary for the protection of the minors.
8.3 In the event that Sangfor identifies any collections of personal information of minors without obtaining verifiable consent of their parents or other guardians, we will seek to obtain valid consent from their parents or other guardians or delete the relevant personal information as soon as possible.
9. Updates to this Policy
We may revise and update this Policy from time to time according to changes in the management and operation of the Platform or the processing of personal information. If the update of this Policy may result in any material reductions of your rights under this Policy, or involves any changes of important regulation such as expanding the scope of our processing activities, we will notify you to check the updated Policy by posting a notice in a prominent position on the page of this Platform, popping up, or sending an email or other reasonable means. Your continued use of the Platform under the above circumstances constitutes your understanding and acceptance of the updated Policy.
10. Contact us
If you have any questions about this Policy or other matters related to the use of the Platform, or have any comments or suggestions, you may contact Sangfor by sending an email to privacy@sangfor.com We will review the information you submit as soon as possible upon receipt and will provide you with timely feedback after your demand is clarified.