数据处理协议 · Data Processing Agreement

第 1 条Article 1

定义Definitions

在本协议中，除非文中另有所述，以下词语具有所述含义：

控制方（Controller）：指独立确定处理个人数据的目的和方式的法人或自然人、公共部门机构或其他机构。
处理方（Processor）：指代表控制方处理个人数据的法人或自然人、公共部门机构或其他机构。
次级处理方（Sub-processor）：指由处理方代表控制方处理个人数据的其他处理方。
个人数据（Personal Data）：指与已识别或可识别的自然人有关的任何信息。可识别的自然人是指可直接或间接识别的人。
处理（Processing）：指对个人数据进行的任何操作，无论采用何种方式，如收集、记录、组织、结构化、存储、改编或更改、检索、查阅、使用、通过传输、传播或以其他方式提供、分类或合并、限制、删除或销毁。
数据泄露（Data Breach）：指导致个人数据被意外或非法破坏、丢失、更改、未经授权披露或访问的安全事件。
数据主体（Data Subject）：指个人数据相关的可识别的自然人。
标准合同条款（Standard Contractual Clauses, SCCs）：指欧盟委员会采纳的标准数据保护条款，用于国际数据转移。
监管机构（Supervisory Authority）：指在根据适用的隐私法、GDPR或澳大利亚《1988年隐私法案》设立的隐私事务方面拥有权力的政府机构。

In this Agreement, unless otherwise stated herein, the following terms have the meanings ascribed to them:

Controller: A natural or legal person, public authority, agency, or any other body which, alone or jointly with others, determines the purposes and means of processing of Personal Data.
Processor: A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
Sub-processor: Any other processor engaged by the Processor or by another Sub-processor to process Personal Data on behalf of the Controller.
Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier.
Processing: Any operation performed on Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, or any other form of making available, alignment or combination, restriction, erasure or destruction.
Data Breach: A confirmed or suspected security incident resulting in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to Personal Data.
Data Subject: The identified or identifiable natural person to whom Personal Data relates.
Standard Contractual Clauses (SCCs): The standard data protection clauses adopted by the European Commission for international data transfers.
Supervisory Authority: An independent public authority vested with powers concerning data protection matters under applicable privacy legislation, the GDPR, or the Australian Privacy Act 1988.

第 2 条Article 2

数据处理范围Scope of Processing

2.1 数据主体类别

本协议适用于以下数据主体的个人数据处理：

平台用户（已验证的账户持有人）
用户的员工和代理
联系人和业务关系对象
最终受益所有人（UBOs）和董事
网站访问者和Cookie主体

2.2 个人数据类别

处理方将处理以下类别的个人数据：

2.1 Data Subject Categories

This Agreement applies to the processing of Personal Data of:

Platform users (verified account holders)
Employees and agents of users
Contacts and business counterparties
Ultimate Beneficial Owners (UBOs) and directors
Website visitors and cookie subjects

2.2 Categories of Personal Data

The Processor shall process the following categories of Personal Data:

数据类别Data Category	具体数据类型Specific Data Types	敏感性Sensitivity
身份信息Identity Information	姓名、地址、身份证号、护照号、出生日期 / Name, address, ID number, passport, DOB	高High
联系信息Contact Information	电子邮件、电话号码、通讯地址 / Email, phone, mailing address	中Medium
财务信息Financial Information	银行账户、支付方式、交易历史、税务ID / Bank details, payment methods, transaction history, tax ID	高High
账户数据Account Data	用户名、密码哈希、登录历史、双因素认证详情 / Username, password hash, login history, 2FA details	极高Very High
交易数据Transaction Data	矿场数据、设备信息、采矿活动、性能指标 / Mining pool data, device info, mining activity, performance metrics	中Medium
技术数据Technical Data	IP地址、设备标识、cookie、日志、位置数据 / IP address, device ID, cookies, logs, location	中Medium
营销数据Marketing Data	通讯偏好、浏览历史、交互记录 / Communication preferences, browsing history, interaction logs	低Low

2.3 处理目的

提供MiningClawd平台及其功能
用户身份验证和账户管理
交易处理和支付管理
法律和合规义务
欺诈检测和防止
平台安全和操作
客户支持和沟通
营销和用户研究（仅限同意的情况）

2.4 处理时限

处理持续时间为本协议的有效期，除非根据第11条（期限与终止）另有规定。

2.3 Purposes of Processing

Provision of the MiningClawd platform and its features
User authentication and account management
Transaction processing and payment management
Legal and compliance obligations
Fraud detection and prevention
Platform security and operations
Customer support and communications
Marketing and user research (consent-based only)

2.4 Duration of Processing

Processing shall continue for the duration of this Agreement unless otherwise specified under Article 11 (Term & Termination).

第 3 条Article 3

处理方义务Processor Obligations

3.1 仅按指示处理

处理方应仅按照控制方的书面指示处理个人数据。处理方不得以任何其他方式使用或披露个人数据，除非法律明确要求。

3.2 人员机密性

处理方应确保其员工、代理人和次级处理方在法律上或合同上承诺保密，并受到与本协议相同或更严格的保密义务约束。

3.3 安全措施

处理方应采取适当的技术和组织措施来保护个人数据，防止未经授权的处理、随意的损坏、销毁或被意外丢失，并特别符合第4条中详述的要求。

3.4 国际转移合规

如果处理涉及向澳大利亚以外的司法管辖区转移个人数据，处理方应遵守适用的国际数据保护法律，包括执行标准合同条款。

3.5 协助数据主体权利

处理方应在合理的时间框架内，以适当的方式，根据数据主体的请求，协助控制方履行与数据主体权利相关的义务，包括访问、更正、删除和数据可移植性请求。

3.6 数据返回或删除

处理方应确保在本协议终止后，根据控制方的明确书面指示，删除或返回所有个人数据，并删除现有副本，除非适用法律要求保留。

3.7 审计配合

处理方应配合控制方的审计活动，并应要求提供与数据处理和安全措施相关的信息和文件。

3.1 Process on Instructions Only

The Processor shall process Personal Data only on documented written instructions from the Controller. The Processor shall not use or disclose Personal Data for any other purpose unless explicitly required by law.

3.2 Personnel Confidentiality

The Processor shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate legal obligation of confidentiality, subject to obligations equal to or more stringent than those contained in this Agreement.

3.3 Technical & Organizational Measures

The Processor shall implement appropriate technical and organizational measures to protect Personal Data against unauthorized processing, accidental damage or destruction, or loss, and in particular shall comply with the requirements detailed in Article 4.

3.4 International Transfer Compliance

Where processing involves transfer of Personal Data to jurisdictions outside Australia, the Processor shall comply with applicable international data protection laws, including execution of Standard Contractual Clauses.

3.5 Assistance with Data Subject Rights

The Processor shall, taking into account the nature of processing, assist the Controller by appropriate technical and organizational measures in fulfilling the Controller's obligation to respond to Data Subject requests, including access, rectification, erasure, portability, and restriction requests.

3.6 Data Deletion or Return

The Processor shall, at the choice of the Controller, delete or return all Personal Data after the termination of the provision of services, and delete existing copies unless applicable law requires storage of the Personal Data.

3.7 Audit Cooperation

The Processor shall cooperate with and be subject to audits by the Controller and shall provide information and documentation relating to the processing of Personal Data and security measures upon request.

第 4 条Article 4

技术与组织安全措施Technical & Organizational Security Measures

4.1 概述

处理方应根据处理的风险等级，采取以下技术和组织措施来保护个人数据。详细的措施清单见附件A。

4.1 Overview

The Processor shall implement the following technical and organizational measures appropriate to the risk level of the processing. A detailed list of measures is provided in Annex A.

4.2 加密

传输中加密：所有数据传输必须使用TLS 1.3或更高版本的HTTPS进行加密。
静态加密：敏感的个人数据必须使用AES-256加密存储在数据库中。
端到端加密：高度敏感信息（如支付数据）应在应用级别进行端到端加密。

4.3 访问控制

基于角色的访问控制（RBAC）：仅授予员工执行其职责所需的最低权限。
多因素认证（MFA）：对所有管理账户和生产环境访问强制实施MFA。
审计日志：所有数据访问必须记录在经过审计的日志中，保留至少90天。

4.4 数据最小化

处理方应仅收集和保留对特定处理目的必要的个人数据。不收集不必要的数据。

4.5 假名化和匿名化

在可行的情况下，处理方应对个人数据进行假名化处理，特别是用于测试、开发或分析目的。

4.6 定期测试

处理方应至少每季度进行一次渗透测试和漏洞评估，并在发现任何问题时立即修复。

4.7 事件管理

处理方应建立和维护安全事件响应计划，包括事件检测、升级、通知和恢复程序。

4.8 业务连续性

处理方应维持灾难恢复和业务连续性计划，确保在发生中断时可在24小时内恢复关键系统。

4.2 Encryption

Encryption in Transit: All data transmissions must be encrypted using HTTPS with TLS 1.3 or higher.
Encryption at Rest: Sensitive Personal Data must be encrypted in databases using AES-256 encryption.
End-to-End Encryption: Highly sensitive information (such as payment data) shall be encrypted at the application level.

4.3 Access Controls

Role-Based Access Control (RBAC): Staff shall have only the minimum privileges necessary to perform their duties.
Multi-Factor Authentication (MFA): MFA is mandatory for all administrative accounts and production environment access.
Audit Logs: All data access must be logged in audited logs retained for at least 90 days.

4.4 Data Minimization

The Processor shall collect and retain only Personal Data that is necessary for the specific purposes of processing. No unnecessary data shall be collected.

4.5 Pseudonymization & Anonymization

Where feasible, the Processor shall pseudonymize Personal Data, particularly for testing, development, or analytical purposes.

4.6 Regular Testing

The Processor shall conduct penetration testing and vulnerability assessments at least quarterly and shall remediate any identified issues immediately.

4.7 Incident Management

The Processor shall maintain a Security Incident Response Plan including detection, escalation, notification, and recovery procedures.

4.8 Business Continuity

The Processor shall maintain disaster recovery and business continuity plans ensuring recovery of critical systems within 24 hours of any disruption.

合规性Compliance

这些措施符合GDPR第32条和澳大利亚《1988年隐私法案》APP 11.1的要求。

These measures comply with Article 32 of the GDPR and APP 11.1 of the Australian Privacy Act 1988.

第 5 条Article 5

次级处理方Sub-processors

5.1 当前经批准的次级处理方

处理方经控制方事先授权可以使用以下次级处理方。当前经批准的次级处理方清单见附件B。

5.2 次级处理方变更程序

新增次级处理方前的通知与异议程序:(a)提前30天书面通知控制方,包括次级处理方身份、所在地、处理范围及跨境传输保障措施;(b)控制方有20天提出书面异议的权利(须基于数据保护理由);(c)如控制方提出异议,MiningClawd将:(i)不聘用该次级处理方,或(ii)暂停受影响数据的处理,或(iii)控制方可终止受影响的服务;(d)当前已批准的次级处理方清单在附件B中列出。

5.3 委托责任

处理方应确保次级处理方通过书面合同承诺提供相同或更高的数据保护标准。处理方对次级处理方的行为承担全部责任。

5.4 客户通知权

处理方应向控制方提供当前次级处理方的完整清单，并应要求定期更新该清单。

5.1 Approved Sub-processors

The Processor is authorized to engage the following Sub-processors with prior authorization from the Controller. The current list of approved Sub-processors is provided in Annex B.

5.2 Sub-processor Change Procedure

Pre-engagement notification and objection procedure for new sub-processors: (a) 30 days' advance written notice to Controller, including sub-processor identity, location, processing scope and cross-border transfer safeguards; (b) Controller has 20 days to raise written objection on data protection grounds; (c) If Controller objects, MiningClawd shall: (i) not engage the sub-processor, OR (ii) suspend processing of affected data, OR (iii) Controller may terminate affected Services; (d) Current approved sub-processors listed in Annex B.

5.3 Delegation of Responsibility

The Processor shall ensure that Sub-processors are bound by written contract to provide the same or higher standards of data protection. The Processor remains fully liable for the performance of Sub-processors.

5.4 Customer Notification Rights

The Processor shall provide the Controller with a complete list of current Sub-processors and shall update this list upon request.

重要Important

处理方不得在未获得控制方事先书面同意的情况下添加或更改次级处理方。对未经授权的变更，控制方有权终止本协议。

No Sub-processor may be added or changed without prior written consent of the Controller. Unauthorized changes may result in termination of this Agreement.

第 6 条Article 6

跨境数据传输Cross-Border Data Transfers

6.1 默认存储位置

所有个人数据的主要存储位置为澳大利亚（AWS ap-southeast-2区域，悉尼）。这符合澳大利亚数据本地化要求。

6.2 转移机制

如果数据需要转移到澳大利亚以外的司法管辖区，处理方应采用以下机制之一：

欧盟委员会认可的充分性决定
标准合同条款（SCCs）
具有约束力的公司规则
数据主体明确同意

6.3 转移影响评估

处理方应进行转移影响评估，评估目标国家的隐私法律框架和执法环保。评估应记录在案，并提供给控制方。

6.4 企业级数据本地化

对于需要数据本地化的企业用户，处理方可在仅澳大利亚的AWS区域内存储所有数据，无需任何国际转移。

6.1 Primary Storage Location

All Personal Data shall be primarily stored in Australia (AWS ap-southeast-2 region, Sydney). This complies with Australian data localization requirements.

6.2 Transfer Mechanisms

Where data transfer to jurisdictions outside Australia is necessary, the Processor shall employ one of the following mechanisms:

Adequacy decisions recognized by the European Commission
Standard Contractual Clauses (SCCs)
Binding Corporate Rules
Explicit consent of Data Subjects

6.3 Transfer Impact Assessment

The Processor shall conduct a Transfer Impact Assessment evaluating the privacy legal framework and law enforcement environment of the destination country. The assessment shall be documented and provided to the Controller.

6.4 Enterprise Data Localization

For Enterprise customers requiring data localization, the Processor may store all data exclusively within Australian AWS regions with no international transfers.

GDPR合规GDPR Compliance

所有跨境转移均符合GDPR第44-50条的要求，特别是在英国和欧盟数据的转移方面。

All cross-border transfers comply with Chapter V (Articles 44-50) of the GDPR, particularly regarding transfers of UK and EU data.

第 7 条Article 7

数据主体权利Data Subject Rights

7.1 权利概述

处理方应协助控制方履行数据主体在隐私法律下的以下权利：

访问权：数据主体有权访问其个人数据副本及其处理方式的信息。
更正权：数据主体有权更正不准确的个人数据。
删除权（被遗忘权）：在某些情况下，数据主体有权要求删除其个人数据。
限制权：数据主体有权限制其个人数据的处理。
可移植性权：数据主体有权以结构化、常用的机器可读格式接收其个人数据。
反对权：数据主体有权反对处理。
自动决策保护：数据主体有权不受完全自动化决策的约束，特别是涉及自动分析其个人方面的决策。

7.2 响应时限

处理方应在收到请求后30天内协助控制方响应数据主体请求，并在必要时延长不超过两个月的额外时间。

7.3 请求验证

处理方应要求数据主体出示身份证明，以确保请求是真实的。处理方应保持请求和响应的记录。

7.4 技术协助

处理方应在其平台内提供工具或功能，使数据主体能够行使其权利，包括账户导出、数据下载和删除功能。

7.1 Overview of Rights

The Processor shall assist the Controller in fulfilling the following Data Subject rights under privacy laws:

Right of Access: Data Subjects have the right to access a copy of their Personal Data and information about how it is processed.
Right to Rectification: Data Subjects have the right to correct inaccurate Personal Data.
Right to Erasure (Right to be Forgotten): In certain cases, Data Subjects have the right to request deletion of their Personal Data.
Right to Restrict Processing: Data Subjects have the right to restrict processing of their Personal Data.
Right to Data Portability: Data Subjects have the right to receive their Personal Data in a structured, commonly-used, machine-readable format.
Right to Object: Data Subjects have the right to object to processing.
Protection Against Automated Decision-Making: Data Subjects have the right not to be subject to automated decision-making, particularly those involving profiling of personal aspects.

7.2 Response Timeline

The Processor shall assist the Controller to respond to Data Subject requests within 30 days of receipt, and may extend this period by up to two additional months where necessary.

7.3 Request Verification

The Processor shall require the Data Subject to provide proof of identity to verify the authenticity of the request. The Processor shall maintain records of requests and responses.

7.4 Technical Assistance

The Processor shall provide tools or features within its platform enabling Data Subjects to exercise their rights, including account export, data download, and deletion functions.

第 8 条Article 8

数据泄露通知Data Breach Notification

8.1 通知义务

在发生或合理怀疑发生数据泄露时，处理方应立即但最迟在48小时内以书面形式通知控制方，提供以下详细信息：

泄露的性质和规模
受影响的数据主体数量和类别
可能的后果
为缓解泄露而采取的措施
处理方的联系人

8.2 执法通知

处理方应协助控制方在任何相关的监管机构要求的时间内向其报告泄露，通常不超过72小时。

8.3 调查合作

处理方应充分配合控制方的任何泄露调查，并应要求提供相关文件和证据。

8.4 补救措施

处理方应立即采取补救措施，防止进一步的泄露或滥用，并应向控制方报告所有补救步骤。

8.5 防止通知

如果数据泄露不太可能对数据主体的权利和自由造成风险，处理方可向控制方建议免除直接数据主体通知，但控制方保留最终决定权。

8.6 通知时间表

发现影响控制方数据的个人数据泄露后:(a)处理方在24小时内通过info@lynaimining.com通知控制方;(b)通知内容包括:泄露性质、受影响数据主体/记录的大致数量、可能后果及已采取的措施;(c)处理方配合控制方在72小时内向监管机构提交GDPR第33条通知;(d)处理方在事件解决后60天内完成安全审查及补救渗透测试。

8.1 Notification Obligations

Upon becoming aware of or reasonably suspecting a Data Breach, the Processor shall notify the Controller without undue delay and in any case no later than 48 hours, in writing, providing the following details:

The nature and scope of the breach
The number and categories of affected Data Subjects
Likely consequences
Measures taken to mitigate the breach
The Processor's contact point for further information

8.2 Authority Notification

The Processor shall assist the Controller in notifying any relevant Supervisory Authority within the timeline required by the authority, typically not exceeding 72 hours.

8.3 Investigation Cooperation

The Processor shall fully cooperate with any investigation by the Controller and shall provide relevant documentation and evidence upon request.

8.4 Remedial Measures

The Processor shall immediately take remedial measures to prevent further breaches or misuse and shall report all remedial steps to the Controller.

8.5 Notification Exemption

If a Data Breach is unlikely to pose a risk to the rights and freedoms of Data Subjects, the Processor may recommend exemption from direct Data Subject notification to the Controller, but the Controller retains final decision-making authority.

8.6 Notification Timeline

Upon discovery of a personal data breach affecting Controller's data: (a) Processor notifies Controller within 24 hours via info@lynaimining.com; (b) Notification includes: nature of breach, approximate number of data subjects/records affected, likely consequences and measures taken; (c) Processor cooperates with Controller's GDPR Article 33 notification within 72 hours; (d) Processor completes security review and remedial penetration test within 60 days of incident resolution.

严重性Critical

数据泄露必须在规定的期限内通知，违反此义务可能导致罚款和法律诉讼。

Data breaches must be notified within prescribed timeframes. Failure to comply may result in fines and legal action.

第 9 条Article 9

审计权Audit Rights

9.1 审计范围与程序

审计权利规定:(a)远程审计:每年2次(30天通知);现场审计:每年1次(60天通知);(b)审计在处理方办公处所工作时间内进行,可远程通过视频会议进行;(c)处理方承担内部员工配合时间;控制方承担第三方审计师费用;(d)审计师须在获得访问权前签署保密协议;(e)处理方可提供ISO 27001或SOC 2审计报告代替直接审计;(f)审计范围限于与控制方数据相关的处理活动。

9.2 审计范围详述

审计应涵盖：

技术和组织安全措施的实施和维护
人员培训和安全认识计划
数据访问日志和审计跟踪
事件响应程序和记录
次级处理方的合规性
数据主体权利的处理

9.3 第三方审计报告

处理方应在要求时提供SOC 2 Type II审计报告（或等效的国际标准），证明对安全措施的合规性。该报告应每年更新。

9.4 成本分配

常规审计（每年一次）由控制方承担成本。额外或更频繁的审计由请求方承担成本。

9.5 审计结果保密

审计结果应作为商业机密处理，仅用于数据保护和安全改进目的。处理方可要求审计报告的敏感部分受到保密限制。

9.1 Audit Scope & Procedures

Audit rights: (a) Remote audits: 2 per year (30-day notice); on-site audits: 1 per year (60-day notice); (b) Audits conducted during Processor's business hours, may be conducted remotely via video conference; (c) Processor bears internal staff cooperation time; Controller bears third-party auditor fees; (d) Auditor must sign NDA before access; (e) Processor may provide ISO 27001 or SOC 2 audit reports in lieu of direct audit; (f) Audit scope limited to processing activities related to Controller's data.

9.2 Audit Scope Details

Audits shall cover:

Implementation and maintenance of technical and organizational security measures
Personnel training and security awareness programs
Data access logs and audit trails
Incident response procedures and records
Sub-processor compliance
Processing of Data Subject requests

9.3 Third-Party Audit Reports

The Processor shall provide SOC 2 Type II audit reports (or equivalent international standards) upon request, certifying compliance with security measures. Reports shall be updated annually.

9.4 Cost Allocation

Routine audits (once per year) are borne by the Controller. Additional or more frequent audits are borne by the requesting party.

9.5 Audit Results Confidentiality

Audit results shall be treated as business confidential and used only for data protection and security improvement purposes. The Processor may request that sensitive sections of audit reports be subject to confidentiality restrictions.

第 10 条Article 10

数据保留与删除Data Retention & Deletion

10.1 保留期

处理方应仅在达到处理目的的必要期限内保留个人数据。以下为保留期指南：

10.1 Retention Periods

The Processor shall retain Personal Data only for as long as necessary to fulfill the purposes of processing. The following are retention period guidelines:

数据类型Data Type	保留期Retention Period	法律依据Legal Basis
账户信息Account Information	账户活跃期间During account activity	服务提供Service provision
交易记录Transaction Records	交易后7年7 years after transaction	税收/法律要求Tax/legal requirement
审计日志Audit Logs	90天90 days	安全与合规Security & compliance
营销通讯Marketing Communications	直到用户退订Until user unsubscribes	营销同意Marketing consent
支持票据Support Tickets	2年2 years	客户服务/纠纷解决Customer service/dispute resolution
Cookie和跟踪数据Cookies & Tracking Data	13个月13 months	分析与优化Analytics & optimization

10.2 删除程序

在保留期届满时，处理方应：

安全删除所有个人数据副本
从备份中清除数据（除非法律要求保留）
保留删除的证据

10.3 删除证书

应要求，处理方应提供书面证书，证明已按照本条款删除了个人数据。

10.4 法律例外

如果适用法律要求保留个人数据（例如税收法律、诉讼保留），处理方应在达到保留义务时立即通知控制方，并应继续保护数据，直到法律要求解除。

10.2 Deletion Procedures

Upon expiration of retention periods, the Processor shall:

Securely delete all copies of Personal Data
Purge data from backups (unless legally required to retain)
Maintain evidence of deletion

10.3 Deletion Certificate

Upon request, the Processor shall provide a written certificate confirming deletion of Personal Data in accordance with this Article.

10.4 Legal Exceptions

If applicable law requires retention of Personal Data (e.g., tax law, litigation hold), the Processor shall notify the Controller immediately upon discovery of such obligation and shall continue to protect the data until the legal requirement is lifted.

第 11 条Article 11

期限与终止Term & Termination

11.1 协议期限

本DPA自有效日期起生效，并与主服务协议（MSA）或订阅协议的期限相同。本DPA随MSA自动续签或终止。

11.2 终止时的数据

在本协议或MSA终止时，处理方应立即：

停止处理个人数据
按照控制方的指示删除或返回所有个人数据
向控制方提供删除证书

11.3 过渡期

处理方应向控制方提供最长90天的过渡期，以便检索其数据或迁移到另一个处理方。该期间内，处理方应继续遵守本DPA的所有条款。

11.4 存续条款

以下条款在本协议终止后继续有效：

保密和安全义务
审计权
损害赔偿责任
管辖法律

11.1 Term of Agreement

This DPA becomes effective on the Effective Date and shall continue for the same duration as the Master Service Agreement (MSA) or subscription agreement. This DPA shall automatically renew or terminate with the MSA.

11.2 Data Upon Termination

Upon termination of this Agreement or the MSA, the Processor shall immediately:

Cease processing of Personal Data
Delete or return all Personal Data per the Controller's written instructions
Provide the Controller with a deletion certificate

11.3 Transition Period

The Processor shall provide a transition period of up to 90 days for the Controller to retrieve its data or migrate to another processor. During this period, the Processor shall continue to comply with all terms of this DPA.

11.4 Survival Clauses

The following provisions shall survive termination of this Agreement:

Confidentiality and security obligations
Audit rights
Liability and damages
Governing law

第 12 条Article 12

适用法律Governing Law

12.1 司法管辖权

本DPA应受澳大利亚维多利亚州法律管辖。在数据保护问题上，本DPA应受以下法律管辖：

澳大利亚《1988年隐私法案》及其APP
适用的国家和地方隐私法律
欧盟《通用数据保护条例》（GDPR）（如适用）

12.2 与MSA的关系

本DPA是MSA的不可分割的一部分。在数据保护事项上，本DPA应优先于MSA中的任何相互矛盾的条款。对于非数据保护事项，MSA条款应适用。

12.3 冲突解决

本DPA和MSA之间的任何冲突应按以下顺序解决：

首先，在数据保护事项上，本DPA的条款应优先
其次，适用的隐私法律（包括GDPR和APP）应优先
第三，MSA的其他条款应适用

12.4 争议解决

就本DPA引起的任何争议，双方应首先尝试友好协商。如果协商在30天内无果，任何一方可向维多利亚州法院或其他适用管辖权的法院提起诉讼。

12.1 Jurisdiction

This DPA shall be governed by the laws of the State of Victoria, Australia. In matters of data protection, this DPA shall be governed by:

The Australian Privacy Act 1988 and its Australian Privacy Principles (APPs)
Applicable national and local privacy laws
The European Union's General Data Protection Regulation (GDPR) (where applicable)

12.2 Relationship to MSA

This DPA is an integral part of the MSA. In matters of data protection, this DPA shall prevail over any conflicting provisions in the MSA. For non-data protection matters, the terms of the MSA shall apply.

12.3 Conflict Resolution

Any conflict between this DPA and the MSA shall be resolved in the following order:

First, in matters of data protection, the terms of this DPA shall prevail
Second, applicable privacy laws (including GDPR and APPs) shall prevail
Third, other provisions of the MSA shall apply

12.4 Dispute Resolution

For any dispute arising from this DPA, the parties shall first attempt amicable resolution. If negotiation is unsuccessful within 30 days, either party may initiate litigation in the Victorian courts or other applicable jurisdiction.

注意Note

如果欧盟或英国数据主体的个人数据受本协议约束，欧盟GDPR和/或英国《2018年数据保护法案》中的条款应优先于澳大利亚法律，但澳大利亚国内法要求更高保护的情况除外。

If Personal Data of EU or UK Data Subjects is subject to this Agreement, the provisions of the EU GDPR and/or the UK Data Protection Act 2018 shall take precedence over Australian law, except where Australian domestic law provides greater protection.

附件 AAnnex A

附件A：技术与组织安全措施Annex A: Technical & Organizational Security Measures

本附件详细描述了处理方为保护个人数据而实施的技术和组织安全措施。

This Annex details the technical and organizational security measures implemented by the Processor to protect Personal Data.

安全措施Security Measure	具体实施Implementation Details	审查频率Review Frequency
传输中加密Encryption in Transit	TLS 1.3 HTTPS, forward secrecy, certificate pinning	持续Continuous
静态加密Encryption at Rest	AES-256 database encryption, encrypted backups, key management	每季度Quarterly
访问控制Access Controls	RBAC, principle of least privilege, MFA for all admins	每月Monthly
身份认证Authentication	MFA, strong password policies, session management	持续Continuous
审计日志Audit Logging	All data access logged, tamper-proof, 90+ day retention	持续Continuous
渗透测试Penetration Testing	Third-party annual pen testing, vulnerability scanning	年度Annual
漏洞管理Vulnerability Management	Automated scanning, patch management, CVSS assessment	持续Continuous
数据备份Data Backups	Encrypted daily backups, geographic redundancy, RTO 24 hours	持续Continuous
员工培训Staff Training	Annual security awareness, GDPR/privacy training, phishing drills	年度Annual
事件响应Incident Response	IR plan, 24/7 incident response team, root cause analysis	持续Continuous
物理安全Physical Security	AWS data center security, biometric access, CCTV, fire suppression	持续Continuous
网络安全Network Security	WAF, DDoS protection, intrusion detection, firewalls	持续Continuous
代码审查Code Review	Peer review, SAST scanning, dependency checking	每个提交Per commit
数据分类Data Classification	Public, internal, confidential, restricted categories with handling rules	年度Annual
隐私设计Privacy by Design	Data minimization, pseudonymization, privacy impact assessments	每个新项目Per new project

附件 BAnnex B

附件B：经批准的次级处理方名单Annex B: Approved Sub-processors List

本附件列出了处理方代表控制方处理个人数据的所有已获批准的次级处理方。该名单最后更新于2026年2月1日。

This Annex lists all approved Sub-processors processing Personal Data on behalf of the Controller. This list was last updated on February 1, 2026.

公司名称Company Name	服务/功能Service/Function	数据位置Data Location	安全认证Security Certifications
Amazon Web Services (AWS)	云基础设施、存储、数据库Cloud infrastructure, storage, databases	ap-southeast-2 (Sydney, Australia)	SOC 2 Type II, ISO 27001, PCI-DSS
Stripe Inc.	支付处理、交易管理Payment processing, transaction management	United States (Virginia data center)	SOC 2 Type II, PCI-DSS, ISO 27001
Sentry.io	错误跟踪、监控、日志Error tracking, monitoring, logging	United States (multiple regions)	SOC 2 Type II, ISO 27001
Anthropic (Claude API)	AI模型处理、分析AI model processing, analysis	United States (varies by API region)	SOC 2 Type II, ISO 27001
SendGrid Inc.	电子邮件传送Email delivery	United States (multiple regions)	SOC 2 Type II, ISO 27001, HIPAA
Cloudflare Inc.	CDN、DDoS防护、WAFCDN, DDoS protection, WAF	Global (with Australian nodes)	SOC 2 Type II, ISO 27001
DataDog Inc.	应用性能监控、日志分析Application performance monitoring, log analysis	United States / Australia (configurable)	SOC 2 Type II, ISO 27001

跨境数据流Cross-Border Data Flows

几个次级处理方位于美国。根据GDPR第5章和澳大利亚隐私法律，这些转移受标准合同条款和转移影响评估保护。

Several Sub-processors are located in the United States. These transfers are protected by Standard Contractual Clauses and Transfer Impact Assessments under GDPR Chapter V and Australian privacy laws.