CDNetworks successfully mitigated a blockchain DDoS attack on the eve of Bitcoin ETF approval, peaking at 1.025 Tbps - Learn how we mitigated

CDNetworks Privacy Policy

Revision Number: 003
Last Modified: 04 Mar 2024

1. What is the Privacy Policy for

As an APAC-leading network to deliver edge as a service, CDNetworks (including its affiliates worldwide, collectively “CDNetworks”, “we”, “our” and “us”) fully respects your privacy and is committed to protecting your personal data (otherwise known as personal information). This Privacy Policy applies to: (i) our official websites (e.g., cdnetworks.com or portals that post a link to this Privacy Policy); and (ii) all services and products contain or refer to this Privacy Policy (collectively, “Services”). Please carefully read this Privacy Policy before providing your personal data to CDNetworks. By interacting with us, you agree and consent to CDNetworks processing your personal data in the manner set forth in this Privacy Policy.

This Privacy Policy describes how we collect, use, disclose, transfer, retain and otherwise process your personal data as a “controller” (i.e., we determine the purposes and means of the processing of personal data). This Privacy Policy does not apply to the processing of personal data as a processor (i.e., we process personal data on behalf of our customers and in compliance with our customers’ instructions). The details of our processing of personal data in the processor role are outlined in CDNetworks Data Processing Addendum.

Specifically, this Privacy Policy is intended to help you understand:

  1. What is the Privacy Policy for;
  2. What personal data we collect from you;
  3. Why we process your personal data;
  4. How we share your personal data;
  5. How your personal data is transferred internationally;
  6. How we protect your personal data;
  7. How long we retain your personal data;
  8. How to exercise your rights as a data subject;
  9. How we use tracking technologies;
  10. How we handle personal data of children and minors;
  11. How this Privacy Policy is updated;
  12. How to contact us.

2. What personal data we collect from you

Personal data means any information relating to you, the data subject, as an identified or identifiable natural person where an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The personal data we collect depends upon the nature of your interaction with CDNetworks.  Such interaction may occur when you browse our websites, make an enquiry on our websites, register an account with our websites, subscribe our Services, download content from us, complete payment with us, attend our premises, contact us when experiencing problems, or as you otherwise engage with CDNetworks. You may also provide your personal data to CDNetworks indirectly through use of our customers’ websites or via our third-party service providers.

In general, CDNetworks collects and processes relevant categories of personal data in connection with the following business operations:

  1. Website content provision: When you browse information and content on our Websites, we may collect your Device and Behavior information.
  2. Services provision and improvement: depending on the service you use and your preferences, you may be asked to provide your Account Information, Contact Information, Payment Information, Device and Behavior Information, Service Operation Information.
  3. Promotional and marketing activities: depending on the setting of your preferences, you may be asked to provide your Contact Information, Device and Behavior Information.
  4. Procurement activities: in order to perform relevant procurement contracts and achieve the purposes of such contracts, you may be asked to provide your Contact Information, Payment Information.
  5. Request support: depending on your requests, inquires, suggestions, or the problems you encounter, you may be asked to provide your Account Information, Contact Information, Device and Behavior Information, Service Operation Information.
  6. Legal obligations performance: we will collect your personal data as required by applicable laws and regulation.

 

In any cases, CDNetworks shall collect your personal data within the minimum scope, and personal data will be processed by CDNetworks manually or by electronic means. The following sets out the specific types of personal data that different categories of personal data may contain.

  • Account Information: this category of personal data includes your first and last name, user name, password and other similar security information for authentication and account access.
  • Contact Information: this category of personal data includes your telephone number, email address, postal address, company name, job title and other similar contact information.
  • Payment Information: this category of personal data includes your account name, credit card number and other similar payment-related information.
  • Device and Behavior information: this category of personal data includes your device type, operating system, online identifier, IP address, geographic location, the domain name of your internet service provider, the content or pages you browse, cookies and other similar information about the device you use and your interaction behavior with CDNetworks.
  • Service Operation Information: this usually refers to log data, network traffic data and other data related to services/content delivery, which include IP address, access record with time stamp, mouse clicks, movement traces, etc. Such data involves extremely limited personal data, usually in the form of IP address.

3. Why we collect your personal data

We collect personal data from you for the following purposes:

  1. To enable you to access certain information or content of our Websites;
  2. To enter into a contract with you or the entity you represent, or to perform the contract;
  3. To provide you with our Services, online content and information;
  4. To contact you and send you notices related to the provision of our Services by telephone, email and other means;
  5. To respond to your requests, inquires and suggestions;
  6. To send you information about our products, activities and services that may interest you;
  7. To optimize our products and services, expand markets relationships and deepen business cooperation;
  8. To analyze the efficiency of your service operations, and provide you with customized services;
  9. To ensure the network security of our customers, users and ourselves;
  10. To comply with applicable laws and regulations, or respond to regulatory requirements; and
  11. For any other purposes which we may separately notify you and obtain your consent for.

We process your personal data on one or more of the following legal bases:

  1. When you have given consent to the processing of your personal data for one or more specific purposes;
  2. When processing is necessary for the performance of a contract to which you or a legal entity you represent is party or in order to take steps at your request prior to entering into a contract;
  3. When processing is necessary for compliance with our legal obligation;
  4. When processing is necessary in order to protect the public interest or the vital interests of you or a legal entity you represent;
  5. When processing is necessary for the legitimate interest pursued by CDNetworks or by third-parties as described in this Privacy Policy.

4. How we share your personal data

To complete the purposes as specified in Section 3, CDNetworks may share your personal data with third-parties in the following circumstances or as described in the Privacy Policy:

Entities within CDNetworks’ Group

CDNetworks is a transnational enterprise with affiliates in several countries around the world. On some occasions (e.g., providing global services, marketing, troubleshooting, remote support and human resources), CDNetworks may need to collaborate with its affiliates and share personal data within CDNetworks’ Group. A detailed list, with locations, of CDNetworks’ affiliates covered by this Privacy Policy and contact details is available here.

Third-party vendors:

Some Services may be provided directly by third-party vendors. In such cases, the name of the third-party vendor is typically mentioned in the detailed description documentation of the specific product or service. Third-party vendors may have their own separate privacy policies, which are not governed by this Privacy Policy.

Subcontractors

Under some circumstances, such as service provision, product optimization, request response, user experience enhancement, business expansion, market development, etc., we may use sub-processors to process your personal data on our behalf. In such cases, the purposes and means of personal data processing are determined by CDNetworks, and the sub-processors will only act in accordance with CDNetworks’ instructions. When sharing your personal data with our subcontractors, CDNetworks will seek reasonably appropriate protection measures, and we share it only if the recipient agrees to comply with this Privacy Policy or has adopted a substantially similar privacy policy regarding the treatment of personal data. For more information, please see Sub-Processors.

Regulatory authority

We may have to share your personal data for the purposes of complying with applicable laws and regulations, responding to legal processes or protecting our legitimate rights and interests.

Your instructions to a third party

Other than as set out above, we may share your personal data under your instructions.

5. How your personal data is transferred internationally

CDNetworks is a transnational enterprise with global presences, business relationships, technical systems and management structures. As set out in Section 4, depending on the scope of your interactions with us, it is sometimes necessary for us to transfer your personal data to the places outside your home country or region. If international transfer happens, CDNetworks shall adopt appropriate safeguards, including technical measures and organizational measures, to ensure such transfer is compliant with this Privacy Policy and as permitted by applicable data protection laws.

6. How we protect your personal data

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity that may arise on your rights and freedoms, CDNetworks adopts appropriate physical, organizational, and technical measures that are no less than industry standard to protect the confidentiality and security of your personal data from accidental or unlawful destruction, loss, alteration, misuse, or unauthorised access.

To be specific, we have implemented the following measures to protect your personal data:

Organizational Measures

  1. Internal system construction: we have established and implemented internal privacy management system, including information security policies, risk assessments guidelines, data audit procedures, remote work policies, incident management programs, data processing addendum, etc.
  2. External contract management: in our external cooperation, we ensure that we have entered into relevant contracts with the counterparty, such as data processing agreement, nondisclosure agreement, or inserting personal data protection-related clauses into relevant contract, to require third parties to fulfill their data protection obligations and we will continuously monitor their performance.
  3. Access control: we have deployed access control mechanisms and implemented hierarchical permission management based on the necessity of service provision and personnel level to ensure that only authorized personnel can access personal data. Meanwhile, we clearly define and assign the roles and responsibilities of personal data protection, and implement separation of duties to reduce the risk of unauthorised access.
  4. Awareness & Training: we have a dedicated privacy team responsible for holding regular and ongoing trainings to enhance our employees’ personal data protection awareness.

Technical measures

  1. Encryption and pseudonymisation: we adopt appropriate encryption and pseudonymisation measures to prevent data leakage and unauthorised access. For example, in data transmission we leverage encryption technologies, such as RSA and AES, to reduce the data security risks; in data storage and display, we use encryption technologies, such as hash algorithm, NCA algorithm, etc., console desensitization display and other means to protect your personal data.
  2. Cybersecurity: we possess appropriate cybersecurity capabilities that are no less than industry standards. For example, we deploy firewall to prevent unauthorized access, implement DDOS protection to ensure the network stability, regularly run vulnerability scanning programs to detect potential security vulnerabilities and develop vulnerability strategies, take appropriate O&M security management and configuration management, remote access to the IT systems via VPN tunnels, etc. An overview of certifications and attestations maintained by CDNetworks in terms of the security of information systems can be viewed here.
  3. Password control: we have developed and documented a specific password policy, including password length, complexity, valid period, access attempts, password reset timeframe, password history, reuse restrictions, etc. All passwords will be stored in a “hashed” form.
  4. Back-up: an appropriate backup methodology is implemented to ensure data integrity and timely restoration of core operational data.

 

Physical Measures

Your personal data is stored in controlled facilities with strict entrance and exit control in place. In such facilities, we have adopted entrance guard system and CCTV to ensure the physical security of the data centers to prevent unauthorized access.

The measures listed above are not all the data protection measures we have taken. In fact, we will do our best to take the most reasonable and reliable protection measures based on the nature of the data. While we take the security of your personal data seriously, please note that no security measures are completely infallible. In the event of any data security risk, CDNetworks will respond promptly in line with any data breach requirements as detailed in the applicable laws and regulations.

7. How long we retain your personal data

The data retention period may depend on the purposes for which your personal data has been collected and the Services you use. Your personal data will be retained only when it is necessary to fulfill the purposes set out in this Privacy Policy, unless otherwise required by laws or requested by you.

When there is no longer a business necessity or legal basis for retaining your personal data, we will promptly erase, delete or anonymize your personal data as soon as possible.

We will make commercially reasonable efforts (such as inserting relevant contractual clauses) to ensure that any third party to whom we disclose your personal data retains your data consistent with this provision.

8. How to exercise your rights as a data subject

CDNetworks recognizes individuals’ data protection rights. You may have the following rights regarding your personal data under applicable laws:

  • Assess: you can access and update your personal data or other information that you have provided to us, and you may request a copy of your personal data.
  • Rectification: you have the right to rectify any inaccurate information, and you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
  • Portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format, and where technically feasible, you also have the right to transmit those data directly from us to a third party of your choice.
  • Erasure: you can request us to erase or delete any or all your personal data. However, please note that we may retain certain information if there are valid grounds under applicable data protection laws for us to do so (e.g., for the defence of legal claims or freedom of expression), but we will notify you if this is the case.
  • Objection: you have the right to object to our processing of your personal data. For example, in marketing and profiling, you may request to opt out of promotional communications through the unsubscribed link or other link within each email or contacting us directly.
  • Restriction of Processing: in certain circumstances, you may have the right to obtain restriction of personal data processing, with the exception of storage. However, please note that we may use it again if there are valid grounds under applicable data protection laws for us to do so, and we will inform you before the restriction of processing is lifted.

We will use our reasonable endeavor to respond to your request. Please note that before CDNetworks is able to provide you with any access to information, we will ask you to verify your identity and may seek other details from you to help us to respond to your request.

9. How we use tracking technologies

We use cookies and/or other similar technologies, such as web beacons, JavaScript ,etc., to remember your preferences, provide you with a more personalized and efficient browsing experience on our Websites and enhance your usage on our Services.

A “cookie” is a small amount of data that is sent by the website’s server to your web browser and stored locally on your computer or mobile device. If you do not de-activate or erase the cookies, each time you use the same device to access our Websites, our web servers will be notified of your visit and in turn we may have knowledge of your visit and the pattern of your usage.

You have the option to permit installation of such cookies or disable them at any time after allowing them. You may accept all cookies, or set your preferences to accept only certain cookies, or refuse to accept any cookie. However, in the event of your refusal to install cookies, CDNetworks may be prevented from providing some of our Services available to you. For more information about the cookies CDNetworks uses and your privacy setting, please see our Cookie Policy.

10. How we handle personal data of children and minors

Our Services is not intended for children and minors (“children and minors” as defined under applicable laws). Children and minors should not sign up to use our Services or provide any personal data through our Services.

We do not knowingly collect personal data directly from children and minors. However, in very rare cases, such as when they actively interact with us, we may obtain personal data regarding children and minors. If such a situation arises, we will ensure compliance with applicable laws.

11. How this Privacy Policy is updated

We may update or modify this Privacy Policy from time to time according to changes in our business operations or applicable laws. If we update this Privacy Policy, we will publish its latest version on our official websites or by otherwise notifying you. The revised terms will come into effect immediately upon posting or otherwise notified by us. We recommend that you check this Privacy Policy regularly to familiarize yourself with CDNetworks’ practices and to be aware of any material changes.

12. How to contact us

If you have any questions, concerns or suggestions related to this Privacy Policy, or if you want to report any problem, or if you wish to execute your data subject rights, you can contact our Privacy Team using the information contained at https://www.cdnetworks.com/contact 

You may also contact us at:

Email: abuse@cdnetworks.com

Phone: +65 6908 1198