Data Processing Agreement

1. Introduction

Ruijie Networks Co., Ltd. (registered address: Building 19, Juyuanzhou Industrial Park, No.618 Jinshan Avenue, Cangshan District, Fuzhou, Fujian, China, hereinafter referred to as "Ruijie", "Ruijie Networks", "We" or "Us") is the operator of Ruijie's International Service Center ("Ruijie ISC or "ISC"). Ruijie Networks will provide technical support services to customers within the scope of the underlying agreement. This Data Processing Agreement ("Agreement" or "DPA") contains the provisions on data processing and data security involved in the process as agreed by both parties.

In the process of providing you with RITA, Live Chat online support, hotline, and email support, Ruijie Networks will receive and process your or your service-related enterprise customer data and personal data. Ruijie Networks will process the data you provide based on your authorization and in accordance with the following Data Processing Agreement. This Agreement applies to the parties hereto in this context. For matters not covered herein, the relevant provisions shall prevail.

This Agreement shall take effect from the date of issuance.

2. Definitions

  • "Personal data" refers to any information relating to an identified or identifiable natural person. An identifiable natural person is the one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Enterprise Customer Data" refers to any proprietary and confidential data reflecting the internal situation of enterprises other than Ruijie, including device status data and device failure information within the enterprise.
  • "Data Subject" refers to an identified or identifiable natural person.
  • "Personal Data Processing" refers to any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "Personal Data Breach" refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3. Scope

This Agreement describes how Ruijie Networks processes your and other third-party’s enterprise customer data and personal data during the use of Ruijie Networks' post-sales services.

4. Data Types, Processing Purposes and Methods

  • Both parties acknowledge that Ruijie, as a service provider, processes relevant personal data for the purpose of storage, access, and processing of content. This Agreement is intended to set forth the respective obligations of the parties with respect to such processing.
  • Each party warrants to the other that it will comply with all data protection laws applicable to it concerning personal data.
  • Authorization for indirect data collection. When providing customer data/personal information of third-party companies/entities to Ruijie Networks, the data provider shall ensure that it has obtained authorization from the third party. Such authorization shall specify the purpose of use and whether transfer, sharing, or public disclosure of data is authorized. If the processing activities required for the operation of the organization exceed the scope of authorized consent, the data provider should immediately notify the organization to cease any data processing that goes beyond the scope of the authorized consent, or obtain the explicit consent of the relevant subject again.

5. Controller and Processor

This Agreement provides that, with respect to personal data, the party that provides us with personal data and determines the purpose and means of processing the data is the controller, and Ruijie Networks is the processor.

6. Data Processing Principles

The processor shall process personal data in accordance with this Agreement and customer instructions, without exceeding the purposes, means, and scope stipulated in this Agreement.

If the parties consider that the processing of each other's personal data violates privacy laws or other relevant laws, they shall first notify and remind each other in a friendly manner to prevent expanded loss caused by violation of laws or breach of contract. Without friendly notification or prompt, the other party shall not claim compensation for the expanded loss. The processor shall fully support the customer's rights to protect user data, such as the rights to access, modification, and deletion.

7. Obligations of the Processor

The processor shall have the following obligations:

  • Ensure that personnel authorized to process personal data are committed to confidentiality and follow written instructions.
  • Implement and comply with the measures described in the terms, their annexes, privacy policies, and service documentation.
  • Assist the controller in responding to requests from data subjects concerning their rights. The processor shall not correct, delete, or restrict the processing of personal data without the instructions of the controller. All requests from data subjects regarding their personal data that are handled by the processor on behalf of the controller should be immediately forwarded to the controller.
  • Assist the controller in notifying the regulatory agencies and data subjects of personal data breaches.

8. Emergency Response

Once the processor becomes aware of a potential or actual compromise of the personal data it processes, it shall promptly notify the data provider. This notification may be delivered through various means, including but not limited to notifications, emails, or other written forms. Such notification shall include, at least, the following:

  • A reasonably detailed overview of the impact of the personal data breach, including but not limited to a description of the nature of the personal data breach, the categories and number of affected users, and relevant personal data processing records.
  • Risks and consequences that may arise from the personal data breach.
  • Measures taken or proposed by Ruijie to address the personal data breach.

Ruijie shall retain any records related to known or suspected personal data breaches and provide such records to the customer upon request.

9. Employment of Other Processors

  • Data processors may authorize any sub-processors to process personal data on their behalf. You authorize and agree to Ruijie introducing "data sub-processors" to assist in processing the customer and personal data you provide. The Ruijie Networks allows the employment of sub-processors who comply with the relevant laws and regulations.
  • If the processor engages a subcontractor to process personal data on behalf of the organization and the subcontractor fails to fulfill its data protection obligations, the processor shall remain fully responsible to the controller and fulfill the subcontractor's obligations in accordance with data protection laws.

10. Information Disclosure

We may disclose your personal data of the aforementioned categories to our affiliates, service providers, and other third parties for business purposes. When we do so, we will ensure that your personal data is used in a manner consistent with this Agreement, either by using it in accordance with the terms of this Agreement or by entering into a contract that specifies the business purposes and requires the recipients to maintain the confidentiality of the personal data and not to use it for any purposes other than fulfilling the contract.

We may also use or disclose your personal data to:

  • Regulatory agencies, government authorities, exchanges, self-regulatory organizations, or law enforcement agencies, if required by law or if we have reason to believe that such disclosure is necessary or appropriate to prevent personal injury or financial loss resulting from suspected or actual illegal activities; or if it is necessary to protect our rights, comply with judicial or regulatory requirements, or pursue our legitimate interests or the vital interests of others.
  • Our affiliates
  • Service providers contracted with us to provide services on our behalf
  • Third parties to whom you, your agents, or the companies you represent authorize us to disclose your personal data for the products or services we provide to you
  • Regulatory agencies or other government authorities
  • Exchanges or other self-regulatory organizations
  • Law enforcement agencies
  • Relevant successor entities in the event of a merger, acquisition, or similar transaction

11. Help and Inquiry Response

  • The data processor shall promptly cooperate with you in responding to relevant personal data rights requests.
  • If you or your customer receives a request from the data subject to exercise the data subject's rights, you shall promptly notify Ruijie. Ruijie will assist you in responding to the data subject's rights request within [fifteen (15)] working days.

12. Geographical Area of Data Handling

  • You acknowledge and agree that the data processor may need to change the processing location from time to time for operational, regulatory, or other reasons.
  • If you do not request information about the service area, such as account-related information, the processor may process and store such information at any location.

13. Deletion or Destruction of Personal Information

Unless otherwise required or provided by privacy laws, in the event that the master agreement is not in effect, invalid, revoked, or terminated, or the data processor has fulfilled the obligations specified in the applicable agreement between the parties, the data processor shall promptly return the personal information to the customer or delete it upon the customer's request.

14. Contact Information of the Processor

All notices, requests, demands and other communications regarding personal data protection should be sent to Ruijie Networks Co., Ltd., at the following official address: Building 19, Juyuanzhou Industrial Park, No.618 Jinshan Avenue, Cangshan District, Fuzhou City, China. E-mail: service_rj@ruijienetworks.com

LAST UPDATED: November 6, 2023