第一条Article 1
适用范围Scope of Application
监管机构Regulatory Authority
澳大利亚隐私专员办公室(OAIC)负责监管本平台的隐私合规。如您认为我们违反了隐私法,可向 OAIC 投诉:www.oaic.gov.au
The Office of the Australian Information Commissioner (OAIC) oversees our privacy compliance. Complaints may be lodged at www.oaic.gov.au
本隐私政策说明 Geovision AI Mining Pty Ltd 如何收集、使用、存储和保护您的个人信息。本政策遵循澳大利亚《1988年隐私法》及13条澳大利亚隐私原则(APPs),对欧盟用户同步适用 GDPR 要求。
This Privacy Policy explains how Geovision AI Mining Pty Ltd collects, uses, stores and protects your personal information, in compliance with the Australian Privacy Act 1988, the 13 Australian Privacy Principles (APPs), and GDPR for EU users.
第二条Article 2
我们收集的数据Data We Collect
| 数据类别Category | 具体内容Details | 收集方式Method |
|---|---|---|
账号信息 Account info | 姓名、邮箱、手机号、公司、职位 Name, email, phone, company, role | 注册时提供 Provided at registration |
支付信息 Payment info | 账单地址、卡号后4位(完整卡号由 Stripe 处理) Billing address, last 4 digits (full card handled by Stripe) | 订阅时收集 Collected at subscription |
使用数据 Usage data | 页面访问、功能点击、报告下载、Agent 对话摘要 Page visits, clicks, downloads, Agent conversation summaries | 自动采集 Auto-collected |
设备信息 Device info | IP地址、浏览器、操作系统 IP address, browser, OS | 自动采集 Auto-collected |
第三方渠道数据 3rd-party channel | LinkedIn 公开资料(经授权)、Email 元数据 LinkedIn public profile (authorised), email metadata | OAuth 授权后 Post-OAuth authorisation |
第三条Article 3
数据使用目的Purpose of Data Use
- 提供服务:账号管理、内容个性化、AI Agent 响应生成Service delivery: account management, personalisation, AI Agent responses
- 支付处理:订阅计费、发票生成、退款处理Payment processing: billing, invoice generation, refunds
- 产品改进:使用分析、功能优化(数据匿名化处理后使用)Product improvement: usage analytics, feature optimisation (anonymised data)
- 安全防护:异常登录检测、欺诈防范、合规审计Security: anomaly detection, fraud prevention, compliance audit
- 法律义务:监管机构要求时的信息披露Legal obligations: disclosure required by regulatory authorities
我们不会出售您的个人数据给任何第三方。
We do not sell your personal data to any third party.
数据用于AI Agent响应的方式:(a)仅使用当前会话上下文生成实时响应;(b)未经用户明确选择加入(opt-in),不会将个人对话数据用于模型训练;(c)对话摘要(90天保留期)可匿名化和聚合后用于服务改进指标;(d)个人对话数据永不向第三方或竞争者披露。
Data use for AI Agent responses: (a) Only current session context used to generate real-time responses; (b) Personal conversation data NOT used for model training without explicit user opt-in; (c) Conversation summaries (90-day retention) may be anonymised and aggregated for service improvement metrics only; (d) Personal conversation data never disclosed to third parties or competitors.
第四条Article 4
数据共享Data Sharing
| 第三方Third Party | 共享内容Shared Data | 目的Purpose |
|---|---|---|
Stripe Inc. Stripe Inc. | 账单、支付数据 Billing and payment data | 支付处理 Payment processing |
Amazon Web Services Amazon Web Services | 加密用户数据 Encrypted user data | 云存储与计算 Cloud storage & compute |
Sentry Sentry | 匿名错误日志 Anonymised error logs | 系统监控 System monitoring |
政府/执法机构 Government / law enforcement | 依法律要求的信息 Information required by law | 法律合规 Legal compliance |
第五条Article 5
跨境数据传输Cross-Border Data Transfers
本平台数据主要存储于澳大利亚(AWS 悉尼区域)。部分数据因使用 Stripe、Sentry 等服务传输至美国,所有跨境传输均采用标准合同条款(SCCs)保障数据安全。
Platform data is primarily stored in Australia (AWS Sydney). Some data may be transferred to the US via Stripe and Sentry. All cross-border transfers are protected by Standard Contractual Clauses (SCCs).
第六条Article 6
数据保留期限Data Retention
| 数据类型Data Type | 保留期限Retention Period |
|---|---|
账号基础信息 Account information | 账号注销后30天删除 Deleted 30 days after account closure |
支付记录 Payment records | 7年(澳大利亚税务法要求) 7 years (Australian tax law requirement) |
操作日志 Audit logs | 3年 3 years |
AI 对话记录 AI conversation records | 90天(可手动删除) 90 days (manually deletable) |
匿名化分析数据 Anonymised analytics | 无限期(已去除个人标识) Indefinite (no personal identifiers) |
第七条Article 7
您的隐私权利Your Privacy Rights
- 访问权:申请查看我们持有的您的个人数据Access: request to see personal data we hold
- 更正权:要求更正不准确的个人信息Correction: request correction of inaccurate information
- 删除权:在法律允许范围内申请删除您的数据Erasure: request deletion of your data where legally permissible
- 可携带权:以结构化格式导出您的个人数据Portability: export your data in a structured format
- 反对权:反对基于合法利益的数据处理Objection: object to processing based on legitimate interests
- 撤回同意:随时撤回您之前给予的同意Withdraw consent: withdraw any previously given consent at any time
请发送邮件至 info@lynaimining.com 行使以上权利,我们将在30天内回复。
Please email info@lynaimining.com to exercise these rights. We will respond within 30 days.
欧盟用户特别权利 (GDPR)EU Users – GDPR Rights
如您受GDPR保护,您还享有以下额外权利:(a)被遗忘权(第17条):当处理不再必要时有权要求删除个人数据;(b)限制处理权(第18条):在争议期间有权限制数据处理;(c)反对权(第21条):有权反对基于画像或直接营销的数据处理;(d)自动决策权(第22条):有权不受仅基于自动处理(包括AI Agent推荐)的决定约束;(e)数据可携带权(第20条):有权以结构化、通用和机器可读格式获取个人数据。所有GDPR请求将在30天内处理,如请求显著过多可延长至60天。
If you are protected by GDPR, you have additional rights: (a) Erasure (Art 17): right to deletion when processing no longer necessary; (b) Restriction (Art 18): right to restrict processing during disputes; (c) Objection (Art 21): right to object to profiling or direct marketing; (d) Automated Decisions (Art 22): right not to be subject to decisions based solely on automated processing including AI Agent recommendations; (e) Portability (Art 20): right to receive personal data in structured, commonly used, machine-readable format. All GDPR requests processed within 30 days, extendable to 60 days for manifestly excessive requests.
第八条Article 8
数据安全Data Security
- 传输和存储全程 TLS 1.3 + AES-256 加密TLS 1.3 + AES-256 encryption in transit and at rest
- 基于角色的最小权限访问控制(RBAC)Role-based minimum-privilege access control (RBAC)
- 管理员强制双因素认证(2FA)Mandatory 2FA for all administrators
- 每年至少一次第三方渗透测试Annual third-party penetration testing
- 数据泄露72小时内通知监管机构(GDPR要求)Data breach notification within 72 hours (GDPR requirement)
第九条Article 9
儿童隐私Children's Privacy
本服务不面向18周岁以下用户。如我们发现误收集了未成年人数据,将立即删除相关信息。
This service is not directed at persons under 18. If we discover we have inadvertently collected data from a minor, we will delete it immediately.
第九b条Article 9b
澳大利亚隐私原则补充Additional Australian Privacy Principles
APP 1 — 公开性: 本隐私政策发布于平台法律文件中心(https://www.miningclawd.com/legal),并在发生重大变更后12个月内更新。用户可随时查阅最新版本。
APP 1 — Openness: This Privacy Policy is published at the Legal Documents Centre and updated within 12 months of material changes.
APP 5 — 收集通知: 在收集个人信息时,我们通过注册页面、数据导入确认和API集成流程提供收集声明,告知收集目的、接收方及拒绝提供信息的后果。
APP 5 — Notification of Collection: At the point of collection, we provide a collection statement via registration pages, data import confirmations and API integration flows, explaining collection purposes, recipients and consequences of non-provision.
APP 6 — 敏感信息: 本平台不主动收集《隐私法》定义的敏感信息(健康、种族、宗教、政治信仰)。如用户通过AI Agent对话无意间披露敏感信息,该信息不会被单独存储或用于分析目的,并将在对话记录清除时(90天)自动删除。
APP 6 — Sensitive Information: The platform does not proactively collect sensitive information as defined in the Privacy Act. If sensitive information is inadvertently disclosed via AI Agent conversations, it will not be separately stored or used for analytics and will be automatically deleted when conversation records are purged (90 days).
APP 2 — 匿名性: 在实际可行的范围内,用户可以匿名或使用化名访问平台的公开信息(如矿业新闻、公司列表)。注册和订阅功能需要身份验证,不支持匿名访问。
APP 2 — Anonymity: Where practicable, users may access public platform information (mining news, company listings) anonymously or under a pseudonym. Registration and subscription features require identity verification and do not support anonymous access.
APP 11 — 数据安全: 我们采取合理措施保护个人信息免受滥用、干扰、丢失及未经授权的访问、修改或披露(详见第8条技术措施)。不再需要的个人信息将按照第6条规定的保留期限安全销毁。
APP 11 — Data Security: We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure (see Article 8 for technical measures). Personal information no longer needed is securely destroyed per Article 6 retention periods.
APP 12 and 13 — 访问与更正: 用户可通过info@lynaimining.com申请访问或更正个人信息。我们将在30天内回应访问请求,如拒绝将说明理由并告知投诉渠道。隐私投诉请发送至info@lynaimining.com。我们将在15个工作日内确认收到投诉,并在30天内提供书面处理结果。如对处理结果不满意,您可向澳大利亚信息专员办公室(OAIC)投诉。
APP 12 and 13 — Access & Correction: Users may request access to or correction of personal information via info@lynaimining.com. We will respond within 30 days; refusals will include reasons and complaint avenues. Privacy complaints should be sent to info@lynaimining.com. We will acknowledge receipt within 15 business days and provide a written outcome within 30 days. If unsatisfied, you may complain to the OAIC.
第十条Article 10
政策更新Policy Updates
本政策发生重大变更时,我们将通过注册邮箱提前30天通知您,并在平台显著位置公告。继续使用服务视为接受新政策。
Material changes to this Policy will be communicated via registered email 30 days in advance and announced prominently on the platform. Continued use constitutes acceptance.
第十一条Article 11
企业客户数据处理条款Enterprise Data Processing Terms
本条款适用于以企业名义订阅 MiningClawd 服务的机构客户。个人订阅用户仅适用前述各条款。
This Article applies to institutional clients subscribing to MiningClawd on behalf of an organisation. Individual subscribers are subject only to the preceding articles.
11.1 角色界定11.1 Role Definitions
| 角色Role | 主体Entity | 责任Responsibility |
|---|---|---|
数据控制方 (Controller) Data Controller | 企业客户 Enterprise Client | 决定个人数据的处理目的和方式 Determines the purpose and means of personal data processing |
数据处理方 (Processor) Data Processor | Geovision AI Mining Pty Ltd (trading as MiningClawd) | 依控制方指令处理数据,提供技术保障 Processes data per Controller instructions and provides technical safeguards |
次级处理方 (Sub-processor) Sub-processor | AWS、Stripe 等 AWS, Stripe etc. | 在处理方监督下提供基础设施服务 Provide infrastructure services under Processor oversight |
11.2 处理方义务11.2 Processor Obligations
- 仅按控制方的书面指令处理个人数据(本隐私政策及服务条款构成初始指令)Process personal data only per Controller's documented instructions (this Privacy Policy and Terms of Service constitute the initial instructions)
- 确保被授权处理数据的人员签有保密协议Ensure all authorised personnel have signed confidentiality obligations
- 在协议终止后,按控制方选择删除或返还全部个人数据,并提供书面确认On termination, delete or return all personal data at the Controller's election and provide written confirmation
- 配合控制方开展的合规审计,并提供必要证明文件Cooperate with compliance audits and provide necessary documentation
11.3 次级处理方11.3 Sub-processors
| 次级处理方Sub-processor | 服务Service | 数据位置Data Location |
|---|---|---|
| Amazon Web Services | 云存储与计算 Cloud storage & compute | 澳大利亚(悉尼) Australia (Sydney) |
| Stripe Inc. | 支付处理 Payment processing | 美国 United States |
| Sentry | 错误监控 Error monitoring | 美国 United States |
新增次级处理方时,我们将提前14天书面通知企业客户,客户有权提出合理异议。
We will provide 14 days written notice before engaging new sub-processors. Enterprise clients have the right to raise reasonable objections.
11.4 数据泄露通知11.4 Data Breach Notification
如发生影响企业客户数据的安全事件,我们将在确认后 72小时内 书面通知,内容包含:事件性质、涉及数据类型及估计数量、可能影响及已采取的应对措施。
In the event of a security incident affecting enterprise client data, we will notify in writing within 72 hours of confirmation, including: nature of the incident, types and estimated volume of data affected, likely impact, and measures taken or proposed.
企业客户专项咨询Enterprise Client Enquiries
如企业客户需要签署独立的数据处理协议(DPA)正式文本用于内部合规,请联系 info@lynaimining.com,我们将在5个工作日内提供定制版本。
Enterprise clients requiring a formal standalone Data Processing Agreement (DPA) for internal compliance purposes may contact info@lynaimining.com. We will provide a customised version within 5 business days.