2026年保密及數(shù)據(jù)安全協(xié)議（中英文版）協(xié)議編號（AgreementNo.）：________________________本協(xié)議（以下簡稱“本協(xié)議”）由以下雙方于____年____月____日（以下簡稱“生效日”）在____（簽署地）自愿簽署，旨在規(guī)范雙方合作及業(yè)務(wù)往來過程中保密信息的管理與數(shù)據(jù)安全的保護事宜，明確雙方權(quán)利義務(wù)，防范保密信息泄露與數(shù)據(jù)安全風險，保障雙方合法權(quán)益。本協(xié)議依據(jù)《中華人民共和國民法典》《中華人民共和國網(wǎng)絡(luò)安全法》《中華人民共和國數(shù)據(jù)安全法》《中華人民共和國個人信息保護法》《中華人民共和國反不正當競爭法》及其他相關(guān)法律法規(guī)訂立，雙方均應(yīng)嚴格恪守履行。ThisAgreement(hereinafterreferredtoasthe"Agreement")isvoluntarilysignedbythetwopartieshereto(hereinaftercollectivelyreferredtoasthe"Parties")on____(EffectiveDate)at____(PlaceofSigning).ItaimstoregulatethemanagementofconfidentialinformationandtheprotectionofdatasecurityintheprocessofcooperationandbusinesstransactionsbetweenthetwoParties,clarifytherightsandobligationsofbothParties,preventtheleakageofconfidentialinformationanddatasecurityrisks,andsafeguardthelegitimaterightsandinterestsofbothParties.ThisAgreementisconcludedinaccordancewiththeCivilCodeofthePeople'sRepublicofChina,theCybersecurityLawofthePeople'sRepublicofChina,theDataSecurityLawofthePeople'sRepublicofChina,thePersonalInformationProtectionLawofthePeople'sRepublicofChina,theAnti-UnfairCompetitionLawofthePeople'sRepublicofChinaandotherrelevantlawsandregulations,andbothPartiesshallstrictlyabidebyit.鑒于：（1）甲方與乙方擬開展________________________（以下簡稱“合作事項”）或維持長期業(yè)務(wù)往來關(guān)系，為實現(xiàn)合作目標、履行業(yè)務(wù)職責，一方（以下簡稱“披露方”）需向另一方（以下簡稱“接收方”）披露其未公開的保密信息，并向接收方提供或授權(quán)其處理相關(guān)業(yè)務(wù)數(shù)據(jù)；（2）雙方均確認，保密信息關(guān)乎自身核心商業(yè)利益，業(yè)務(wù)數(shù)據(jù)（尤其是涉及個人信息、敏感商業(yè)數(shù)據(jù)的內(nèi)容）的安全與合規(guī)處理直接關(guān)系到雙方的法律責任與商業(yè)信譽，任何保密信息泄露、數(shù)據(jù)泄露、濫用或違規(guī)處理行為均可能給相關(guān)方造成重大經(jīng)濟損失、法律風險及不可逆的商業(yè)信譽損害；（3）為明確保密信息的界定標準、管理規(guī)范，數(shù)據(jù)安全的保護責任、處理規(guī)則及風險處置機制，以及雙方違約后的責任承擔方式，保障合作及業(yè)務(wù)往來的順利推進，經(jīng)雙方友好協(xié)商，達成如下協(xié)議，以資共同信守。Whereas:(1)PartyAandPartyBintendtocarryout________________________(hereinafterreferredtoasthe"CooperationMatter")ormaintainalong-termbusinesstransactionrelationship.Toachievethecooperationgoalsandperformbusinessduties,oneparty(hereinafterreferredtoasthe"DisclosingParty")needstodiscloseitsundisclosedconfidentialinformationtotheotherparty(hereinafterreferredtoasthe"ReceivingParty"),andprovideorauthorizetheReceivingPartytoprocessrelevantbusinessdata;(2)BothPartiesconfirmthatconfidentialinformationisrelatedtotheircorecommercialinterests,andthesafeandcompliantprocessingofbusinessdata(especiallycontentinvolvingpersonalinformationandsensitivecommercialdata)isdirectlyrelatedtothelegalliabilitiesandbusinessreputationofbothParties.Anyleakageofconfidentialinformation,dataleakage,abuseorillegalprocessingmaycausesignificanteconomiclosses,legalrisksandirreversibledamagetobusinessreputationtotherelevantparties;(3)Toclarifythedefinitionstandardsandmanagementnormsofconfidentialinformation,theprotectionresponsibilities,processingrulesandriskdisposalmechanismsofdatasecurity,aswellastheliabilitybearingmethodaftereitherpartybreachesthecontract,andensurethesmoothprogressofcooperationandbusinesstransactions,thefollowingagreementisreachedthroughfriendlynegotiationbetweenthetwoPartiesformutualabidance.第一條締約方信息（Article1:InformationofContractingParties）1.1甲方（PartyA）中文全稱（FullChineseName）：________________________英文全稱（FullEnglishName）：________________________統(tǒng)一社會信用代碼/注冊號（UnifiedSocialCreditCode/RegistrationNo.）：________________________注冊地址（RegisteredAddress）：________________________通訊地址（MailingAddress）：________________________法定代表人/負責人（LegalRepresentative/Person-in-Charge）：________________________授權(quán)聯(lián)系人（AuthorizedContactPerson）：________________________聯(lián)系電話（ContactPhone）：________________________電子郵箱（E-mail）：________________________數(shù)據(jù)安全負責人（DataSecurityOfficer）：________________________核心保密信息及數(shù)據(jù)清單（ListofCoreConfidentialInformationandData）：________________________（含信息/數(shù)據(jù)名稱、類型、敏感級別、處理范圍等）1.2乙方（PartyB）中文全稱（FullChineseName）：________________________英文全稱（FullEnglishName）：________________________統(tǒng)一社會信用代碼/注冊號（UnifiedSocialCreditCode/RegistrationNo.）：________________________注冊地址（RegisteredAddress）：________________________通訊地址（MailingAddress）：________________________法定代表人/負責人（LegalRepresentative/Person-in-Charge）：________________________授權(quán)聯(lián)系人（AuthorizedContactPerson）：________________________聯(lián)系電話（ContactPhone）：________________________電子郵箱（E-mail）：________________________數(shù)據(jù)安全負責人（DataSecurityOfficer）：________________________1.3雙方聲明與保證：各自均為依法成立并有效存續(xù)的法律主體，具備簽署和履行本協(xié)議的完全民事權(quán)利能力和民事行為能力；其授權(quán)聯(lián)系人、數(shù)據(jù)安全負責人已獲得充分、有效的書面授權(quán)，有權(quán)代表其處理本協(xié)議項下的保密信息管理、數(shù)據(jù)安全保護及相關(guān)爭議處理等全部事宜；接收方保證其具備處理本協(xié)議項下數(shù)據(jù)的合法資質(zhì)和技術(shù)能力，已建立完善的數(shù)據(jù)安全保護體系，能夠滿足本協(xié)議約定的保密及數(shù)據(jù)安全保護要求；本協(xié)議自雙方簽字蓋章（自然人簽字即可）之日起生效，對雙方均具有法律約束力。1.3RepresentationsandWarrantiesofBothParties:EachPartyisalegallyestablishedandvalidlyexistinglegalentity,withfullcivilrightscapacityandcivilconductcapacitytosignandperformthisAgreement;itsauthorizedcontactpersonanddatasecurityofficerhaveobtainedsufficientandeffectivewrittenauthorizationtoactonitsbehalfinhandlingallmattersunderthisAgreement,includingconfidentialinformationmanagement,datasecurityprotectionandrelateddisputehandling;theReceivingPartywarrantsthatithasthelegalqualificationsandtechnicalcapabilitiestoprocessthedataunderthisAgreement,hasestablishedasounddatasecurityprotectionsystem,andcanmeettheconfidentialityanddatasecurityprotectionrequirementsagreedinthisAgreement;thisAgreementshalltakeeffectonthedateofsignatureandsealbybothParties(naturalpersonsonlyneedtosign)andshallhavelegalbindingforceonbothParties.第二條術(shù)語定義（Article2:DefinitionofTerms）2.1保密信息（ConfidentialInformation）指自生效日起，披露方通過書面文件、電子數(shù)據(jù)、口頭陳述、實物展示、技術(shù)交底、系統(tǒng)授權(quán)訪問等任何形式向接收方提供或披露的，或接收方在合作事項實施、業(yè)務(wù)往來過程中自行獲知的，未通過合法途徑進入公共領(lǐng)域，且對披露方具有商業(yè)價值、技術(shù)價值或其他保密必要性的全部信息、資料、數(shù)據(jù)、文件、技術(shù)方案、商業(yè)計劃、客戶名單、財務(wù)數(shù)據(jù)、經(jīng)營策略、核心算法及其他相關(guān)內(nèi)容。無論披露方是否明確標注“保密”字樣，符合本條定義的信息均屬于保密信息。Referstoallinformation,materials,data,documents,technicalschemes,businessplans,customerlists,financialdata,businessstrategies,corealgorithmsandotherrelevantcontentsthattheDisclosingPartyprovidesordisclosestotheReceivingPartyinanyformsuchaswrittendocuments,electronicdata,oralstatements,physicaldisplays,technicaldisclosures,authorizedsystemaccess,etc.,orthattheReceivingPartylearnsonitsownintheprocessofimplementingCooperationMattersandbusinesstransactions,whichhavenotenteredthepublicdomainthroughlegalchannelsandhavecommercialvalue,technicalvalueorotherconfidentialitynecessityfortheDisclosingParty.RegardlessofwhethertheDisclosingPartyclearlymarkstheword"Confidential"ornot,theinformationconformingtothedefinitionofthisArticleshallbedeemedasConfidentialInformation.2.2業(yè)務(wù)數(shù)據(jù)（BusinessData）指基于本協(xié)議約定及合作事項需求，披露方提供給接收方、或接收方在履行業(yè)務(wù)職責過程中收集、生成、存儲、傳輸、使用的與合作事項及雙方業(yè)務(wù)相關(guān)的全部數(shù)據(jù)，包括但不限于：（1）個人信息：指以電子或者其他方式記錄的能夠單獨或者與其他信息結(jié)合識別特定自然人身份或者反映特定自然人活動情況的各種信息（如姓名、身份證件號碼、聯(lián)系方式、住址、生物識別信息等）；（2）敏感商業(yè)數(shù)據(jù)：指與披露方核心業(yè)務(wù)相關(guān)、涉及商業(yè)秘密、財務(wù)狀況、經(jīng)營策略等，一旦泄露或濫用將給披露方造成重大損失的數(shù)據(jù)；（3）普通業(yè)務(wù)數(shù)據(jù)：指不涉及個人信息及敏感商業(yè)數(shù)據(jù)，僅用于日常業(yè)務(wù)開展的基礎(chǔ)性數(shù)據(jù)（如普通辦公數(shù)據(jù)、非核心業(yè)務(wù)流程數(shù)據(jù)等）。ReferstoalldatarelatedtoCooperationMattersandthebusinessofbothPartiesthattheDisclosingPartyprovidestotheReceivingParty,orthattheReceivingPartycollects,generates,stores,transmitsandusesintheprocessofperformingbusinessdutiesbasedontheagreementofthisAgreementandtheneedsofCooperationMatters,includingbutnotlimitedto:(1)PersonalInformation:Referstovariousinformationrecordedinelectronicorotherformsthatcanidentifyaspecificnaturalpersonindividuallyorincombinationwithotherinformationorreflecttheactivitiesofaspecificnaturalperson(suchasname,IDcardnumber,contactinformation,address,biometricinformation,etc.);(2)SensitiveCommercialData:ReferstodatarelatedtothecorebusinessoftheDisclosingParty,involvingtradesecrets,financialstatus,businessstrategies,etc.,whichwillcausesignificantlossestotheDisclosingPartyifleakedorabused;(3)OrdinaryBusinessData:Referstobasicdatausedfordailybusinessoperationsthatdoesnotinvolvepersonalinformationorsensitivecommercialdata(suchasordinaryofficedata,non-corebusinessprocessdata,etc.).2.3數(shù)據(jù)安全（DataSecurity）指通過采取技術(shù)措施、管理措施等必要手段，保障業(yè)務(wù)數(shù)據(jù)的保密性、完整性、可用性，防范數(shù)據(jù)泄露、篡改、丟失、破壞、非法訪問、非法使用等安全風險，確保數(shù)據(jù)處理活動符合相關(guān)法律法規(guī)及本協(xié)議約定的行為總和。Referstothesumofactsthatensuretheconfidentiality,integrityandavailabilityofbusinessdatabytakingnecessarymeasuressuchastechnicalmeasuresandmanagementmeasures,preventsecurityriskssuchasdataleakage,tampering,loss,damage,illegalaccessandillegaluse,andensurethatdataprocessingactivitiescomplywithrelevantlawsandregulationsandtheprovisionsofthisAgreement.2.4數(shù)據(jù)處理（DataProcessing）指對業(yè)務(wù)數(shù)據(jù)進行的收集、存儲、使用、加工、傳輸、提供、公開、刪除等任何操作。Referstoanyoperationperformedonbusinessdata,includingcollection,storage,use,processing,transmission,provision,disclosure,deletion,etc.2.5除外情形（ExclusionScenarios）下列信息、數(shù)據(jù)及相關(guān)權(quán)利不屬于本協(xié)議約定的保密及數(shù)據(jù)安全保護范圍：（1）在披露方提供或接收方獲知、處理前，已通過公開出版物、官方渠道、行業(yè)慣例等合法途徑進入公共領(lǐng)域，且能為公眾自由獲取的信息及數(shù)據(jù)；（2）接收方在未接觸、未使用披露方任何保密信息及業(yè)務(wù)數(shù)據(jù)的情況下，通過獨立研發(fā)、自行調(diào)研、合法受讓、公開渠道獲取等方式獨立獲得的信息、數(shù)據(jù)及相關(guān)權(quán)利；（3）根據(jù)法律法規(guī)、司法機關(guān)生效判決、裁定、仲裁機構(gòu)裁決或政府監(jiān)管部門的強制性要求，接收方必須予以披露的信息、數(shù)據(jù)或進行的處理行為，且接收方已在披露或處理前事先書面通知披露方（法律明確禁止通知的除外），并配合披露方采取合理措施減少損失；（4）披露方已通過書面形式明確聲明無需承擔保密義務(wù)的信息、數(shù)據(jù)及無需受限處理的情形；（5）接收方從有權(quán)披露的第三方處合法獲取的，且該第三方未對其施加保密義務(wù)及數(shù)據(jù)安全保護責任的信息及數(shù)據(jù)。Thefollowinginformation,dataandrelatedrightsarenotwithinthescopeofconfidentialityanddatasecurityprotectionagreedinthisAgreement:(1)Informationanddatathathaveenteredthepublicdomainthroughlegalchannelssuchaspublicpublications,officialchannels,andindustrypracticesbeforebeingprovidedbytheDisclosingPartyorlearnedandprocessedbytheReceivingParty,andarefreelyaccessibletothepublic;(2)Information,dataandrelatedrightsindependentlyobtainedbytheReceivingPartythroughindependentresearchanddevelopment,independentinvestigation,legalassignment,publicchannelacquisitionandothermethodswithoutcontactingorusinganyConfidentialInformationandBusinessDataoftheDisclosingParty;(3)Information,datathattheReceivingPartymustdiscloseorprocessingactivitiesthatmustbecarriedoutinaccordancewithlawsandregulations,effectivejudgmentsandrulingsofjudicialorgans,arbitralawardsormandatoryrequirementsofgovernmentregulatoryauthorities,andtheReceivingPartyhasnotifiedtheDisclosingPartyinwritinginadvancebeforedisclosureorprocessing(exceptwhereexplicitlyprohibitedbylaw),andcooperatedwiththeDisclosingPartytotakereasonablemeasurestoreducelosses;(4)Information,datathattheDisclosingPartyhasexplicitlystatedinwritingthatnoconfidentialityobligationisrequiredandscenariosthatcanbeprocessedwithoutrestrictions;(5)InformationanddatalegallyobtainedbytheReceivingPartyfromathirdpartywiththerighttodisclose,andthethirdpartyhasnotimposedaconfidentialityobligationanddatasecurityprotectionresponsibilityonit.第三條保密義務(wù)（Article3:ConfidentialityObligations）3.1披露方的義務(wù)（ObligationsoftheDisclosingParty）（1）明確標識義務(wù)：對其提供的保密信息按敏感程度分為核心保密信息、重要保密信息和一般保密信息，明確標注保密標識、保密期限及使用范圍，確保接收方能夠清晰識別并準確知曉保密要求；（2）合理披露義務(wù)：根據(jù)合作事項或業(yè)務(wù)往來的實際需要，審慎確定向接收方提供的保密信息范圍，不得超出必要限度披露保密信息；提供保密信息時，應(yīng)同步書面告知接收方該信息的保密注意事項、使用限制及泄露風險；（3）內(nèi)部管控義務(wù)：對其內(nèi)部接觸、處理保密信息的人員進行專項保密培訓(xùn)，明確其保密責任，建立人員保密考核與問責機制；采取加密存儲、權(quán)限管控、專人保管等必要的安全防護措施，防范內(nèi)部人員泄露、濫用保密信息；（4）監(jiān)督與補救義務(wù)：有權(quán)對接收方履行保密義務(wù)的情況進行定期或不定期的監(jiān)督、檢查，接收方應(yīng)予以積極配合；發(fā)現(xiàn)保密信息存在泄露風險或已發(fā)生泄露的，應(yīng)立即書面通知接收方，明確風險處置要求，并配合接收方采取補救措施，降低損失。(1)ClearIdentificationObligation:ClassifytheprovidedConfidentialInformationintocoreconfidentialinformation,importantconfidentialinformationandgeneralconfidentialinformationaccordingtothedegreeofsensitivity,clearlymarktheconfidentialitylabel,confidentialityperiodandscopeofuse,toensurethattheReceivingPartycanclearlyidentifyandaccuratelyunderstandtheconfidentialityrequirements;(2)ReasonableDisclosureObligation:PrudentlydeterminethescopeofConfidentialInformationprovidedtotheReceivingPartyaccordingtotheactualneedsofCooperationMattersorbusinesstransactions,andshallnotdiscloseConfidentialInformationbeyondthenecessarylimit;whenprovidingConfidentialInformation,itshallsimultaneouslyinformtheReceivingPartyinwritingoftheconfidentialityprecautions,userestrictionsanddisclosurerisksoftheinformation;(3)InternalControlObligation:ConductspecialconfidentialitytrainingforinternalpersonnelwhoaccessandprocessConfidentialInformation,clarifytheirconfidentialityresponsibilities,andestablishapersonnelconfidentialityassessmentandaccountabilitymechanism;takenecessarysafetyprotectionmeasuressuchasencryptedstorage,authoritycontrol,andspecialpersoncustodytopreventinternalpersonnelfromdisclosingandabusingConfidentialInformation;(4)SupervisionandRemediationObligation:HastherighttoconductregularorirregularsupervisionandinspectionontheReceivingParty'sperformanceofconfidentialityobligations,andtheReceivingPartyshallactivelycooperate;ifitisfoundthatthereisariskofdisclosureordisclosureofConfidentialInformationhasoccurred,itshallimmediatelynotifytheReceivingPartyinwriting,clarifytheriskdisposalrequirements,andcooperatewiththeReceivingPartytotakeremedialmeasurestoreducelosses.3.2接收方的義務(wù)（ObligationsoftheReceivingParty）接收方應(yīng)采取不低于保護自身同類保密信息及業(yè)務(wù)數(shù)據(jù)的嚴格措施，對獲取的保密信息進行全流程規(guī)范管理，承擔以下保密義務(wù)：（1）人員管控義務(wù)：僅允許因履行本協(xié)議義務(wù)確有必要的授權(quán)人員接觸保密信息，建立授權(quán)人員登記臺賬及信息接觸記錄；對授權(quán)人員進行專項保密培訓(xùn)，并要求其簽署書面保密承諾函，明確其保密責任；嚴禁未經(jīng)授權(quán)人員接觸、查閱、使用保密信息；（2）存儲與防護義務(wù)：對書面形式的保密信息，采取上鎖存放、專人保管、借閱登記、歸還核銷、到期銷毀等管控措施；對電子形式的保密信息，采取加密存儲、設(shè)置嚴格訪問權(quán)限、定期備份、安裝安全防護軟件、定期進行安全檢測與漏洞修復(fù)等措施，防止信息被非法訪問、篡改、復(fù)制、丟失或泄露；（3）使用限制義務(wù)：嚴格按照本協(xié)議約定及披露方書面告知的范圍、用途使用保密信息，不得超出約定范圍使用，不得將保密信息用于與合作事項或業(yè)務(wù)往來無關(guān)的任何目的；不得對保密信息進行反向工程、反向編譯、破解、解密、拆解或其他試圖非法獲取信息核心內(nèi)容的行為（經(jīng)披露方事先書面授權(quán)的除外）；（4）傳輸與披露管控義務(wù)：未經(jīng)披露方事先書面同意，不得通過郵件、即時通訊工具、U盤、硬盤、云存儲等任何形式向第三方傳輸、轉(zhuǎn)發(fā)、復(fù)制、轉(zhuǎn)讓、許可使用、出租、出借保密信息，不得將保密信息以任何形式公開、發(fā)布或使其進入公共領(lǐng)域；不得向任何第三方泄露保密信息的存在及其內(nèi)容；（5）歸還與銷毀義務(wù)：當合作事項終止、業(yè)務(wù)往來結(jié)束，或披露方書面要求收回、銷毀保密信息，或接收方不再需要使用保密信息時，應(yīng)立即停止使用所有保密信息，并在5個工作日內(nèi)將其持有的包含保密信息的所有載體（包括但不限于原件、復(fù)印件、掃描件、電子文檔、備份數(shù)據(jù)、U盤、硬盤、實物樣品、圖紙等）全部歸還給披露方，或按照披露方的書面要求予以徹底銷毀；銷毀后應(yīng)向披露方提供書面銷毀證明，確保無任何形式的留存；（6）風險處置義務(wù)：發(fā)現(xiàn)保密信息存在泄露、丟失、被篡改、被非法訪問等風險或情況時，應(yīng)立即采取有效措施防止風險擴大（包括但不限于封鎖信息源頭、排查接觸人員、修改訪問權(quán)限、刪除泄露信息、采取法律措施等），并在24小時內(nèi)書面通知披露方，詳細說明事件發(fā)生的時間、原因、范圍及已采取的補救措施，配合披露方進行調(diào)查、處理及追責；（7）連帶責任義務(wù)：對其關(guān)聯(lián)方、雇員、代理人、合作伙伴等相關(guān)方的保密行為進行監(jiān)督管理，明確其保密責任；若該等相關(guān)方違反本協(xié)議約定導(dǎo)致保密信息泄露的，接收方應(yīng)承擔連帶責任。TheReceivingPartyshalltakestrictmeasuresnotlowerthanthoseforprotectingitsownsimilarConfidentialInformationandBusinessDatatostandardizethefull-processmanagementoftheobtainedConfidentialInformation,andshallassumethefollowingconfidentialityobligations:(1)PersonnelControlObligation:OnlyallowauthorizedpersonnelwhoarereallynecessaryforperformingtheobligationsunderthisAgreementtoaccessConfidentialInformation,andestablisharegistrationledgerofauthorizedpersonnelandinformationaccessrecords;conductspecialconfidentialitytrainingforauthorizedpersonnelandrequirethemtosignwrittenconfidentialitycommitmentletterstoclarifytheirconfidentialityresponsibilities;itisstrictlyprohibitedforunauthorizedpersonneltoaccess,consultoruseConfidentialInformation;(2)StorageandProtectionObligation:ForConfidentialInformationinwrittenform,adoptcontrolmeasuressuchaslockedstorage,specialpersoncustody,borrowingregistration,returnverificationandcancellation,andexpirationdestruction;forConfidentialInformationinelectronicform,adoptmeasuressuchasencryptedstorage,settingstrictaccesspermissions,regularbackup,installingsecuritysoftware,regularsecuritydetectionandvulnerabilityrepairtopreventinformationfrombeingillegallyaccessed,tamperedwith,copied,lostordisclosed;(3)UseRestrictionObligation:StrictlyuseConfidentialInformationinaccordancewiththescopeandpurposestipulatedinthisAgreementandwrittennotificationbytheDisclosingParty,shallnotuseitbeyondtheagreedscope,andshallnotuseConfidentialInformationforanypurposeunrelatedtoCooperationMattersorbusinesstransactions;shallnotconductreverseengineering,reversecompilation,cracking,decryption,disassemblyorotheractsattemptingtoillegallyobtainthecorecontentoftheinformation(exceptwiththepriorwrittenauthorizationoftheDisclosingParty);(4)TransmissionandDisclosureControlObligation:WithoutthepriorwrittenconsentoftheDisclosingParty,shallnottransmit,forward,copy,transfer,license,leaseorlendConfidentialInformationtothirdpartiesinanyformsuchasemail,instantmessagingtools,U-disks,harddisks,cloudstorage,etc.,nordisclose,publishConfidentialInformationinanyformormakeitenterthepublicdomain;shallnotdisclosetheexistenceandcontentofConfidentialInformationtoanythirdparty;(5)ReturnandDestructionObligation:WhentheCooperationMattersareterminated,businesstransactionsareconcluded,ortheDisclosingPartyrequestsinwritingtorecoverordestroyConfidentialInformation,ortheReceivingPartynolongerneedstouseConfidentialInformation,shallimmediatelystopusingallConfidentialInformation,andwithin5workingdays,returnallcarrierscontainingConfidentialInformationinitspossession(includingbutnotlimitedtooriginals,copies,scannedcopies,electronicdocuments,backupdata,U-disks,harddisks,physicalsamples,drawings,etc.)totheDisclosingParty,orcompletelydestroytheminaccordancewiththeDisclosingParty'swrittenrequirements;afterdestruction,awrittendestructioncertificateshallbeprovidedtotheDisclosingPartytoensurenoretentioninanyform;(6)RiskDisposalObligation:Ifitisfoundthatthereisariskorsituationsuchasdisclosure,loss,tampering,illegalaccessofConfidentialInformation,shallimmediatelytakeeffectivemeasurestopreventtheexpansionoftherisk(includingbutnotlimitedtoblockingtheinformationsource,investigatingtheaccessingpersonnel,modifyingtheaccesspermissions,deletingthedisclosedinformation,takinglegalmeasures,etc.),andnotifytheDisclosingPartyinwritingwithin24hours,detailingthetime,cause,scopeoftheincidentandtheremedialmeasurestaken,andcooperatewiththeDisclosingPartyininvestigation,handlingandaccountability;(7)JointandSeveralLiabilityObligation:Superviseandmanagetheconfidentialitybehaviorofitsaffiliates,employees,agents,partnersandotherrelevantparties,andclarifytheirconfidentialityresponsibilities;ifsuchrelevantpartiesviolatetheprovisionsofthisAgreementleadingtothedisclosureofConfidentialInformation,theReceivingPartyshallbejointlyandseverallyliable.3.3保密期限（ConfidentialityPeriod）（1）本協(xié)議項下的保密期限，自接收方首次獲取某一項保密信息之日起計算，直至該保密信息通過合法途徑成為公開信息且不再具有保密性為止；（2）核心保密信息的保密期限自接收方首次獲取之日起不少于10年；重要保密信息的保密期限自接收方首次獲取之日起不少于5年；一般保密信息的保密期限自接收方首次獲取之日起不少于3年；（3）即使本協(xié)議終止、解除，或雙方合作事項終止、業(yè)務(wù)往來結(jié)束，本條約定的保密期限依然有效，接收方仍需按照本協(xié)議約定履行保密義務(wù)，直至本協(xié)議3.3（1）條約定的條件成就；（4）若法律法規(guī)對商業(yè)秘密、技術(shù)秘密等保密信息的保密期限有更長強制性規(guī)定的，從其規(guī)定。(1)ThetermofconfidentialityunderthisAgreementshallbecalculatedfromthedateonwhichtheReceivingPartyfirstobtainsaspecificitemofConfidentialInformationuntiltheConfidentialInformationbecomespublicinformationthroughlegalchannelsandnolongerhasconfidentiality;(2)ThetermofconfidentialityforcoreConfidentialInformationshallbenotlessthan10yearsfromthedateoffirstacquisitionbytheReceivingParty;thetermofconfidentialityforimportantConfidentialInformationshallbenotlessthan5yearsfromthedateoffirstacquisitionbytheReceivingParty;thetermofconfidentialityforgeneralConfidentialInformationshallbenotlessthan3yearsfromthedateoffirstacquisitionbytheReceivingParty;(3)EvenifthisAgreementisterminatedorrescinded,ortheCooperationMattersbetweenthetwoPartiesareterminatedorbusinesstransactionsareconcluded,thetermofconfidentialitystipulatedinthisArticleshallremainvalid,andtheReceivingPartyshallstillperformtheconfidentialityobligationinaccordancewiththeprovisionsofthisAgreementuntiltheconditionsstipulatedinClause3.3(1)ofthisAgreementaremet;(4)IflawsandregulationshavelongermandatoryprovisionsonthetermofconfidentialityofConfidentialInformationsuchastradesecretsandtechnicalsecrets,suchprovisionsshallprevail.第四條數(shù)據(jù)安全保護義務(wù)（Article4:DataSecurityProtectionObligations）4.1數(shù)據(jù)處理基本原則（BasicPrinciplesofDataProcessing）接收方在處理本協(xié)議項下業(yè)務(wù)數(shù)據(jù)時，應(yīng)嚴格遵守以下原則：（1）合法性原則：數(shù)據(jù)處理活動必須符合相關(guān)法律法規(guī)及本協(xié)議約定，未經(jīng)披露方書面同意，不得超出約定范圍處理業(yè)務(wù)數(shù)據(jù)；（2）最小必要原則：僅收集、使用為履行本協(xié)議義務(wù)所必需的業(yè)務(wù)數(shù)據(jù)，不得收集、使用與履行義務(wù)無關(guān)的數(shù)據(jù)；（3）保密原則：對處理的業(yè)務(wù)數(shù)據(jù)（尤其是個人信息、敏感商業(yè)數(shù)據(jù)）嚴格保密，不得泄露、篡改、濫用；（4）完整性與可用性原則：采取必要措施保障業(yè)務(wù)數(shù)據(jù)的完整性，防止數(shù)據(jù)被篡改、破壞，確保數(shù)據(jù)在需要時能夠正常使用；（5）合規(guī)告知原則：若處理的業(yè)務(wù)數(shù)據(jù)涉及第三方個人信息，接收方應(yīng)配合披露方履行對第三方的告知義務(wù)，獲得第三方的明確同意（法律法規(guī)另有規(guī)定的除外）。WhenprocessingtheBusinessDataunderthisAgreement,theReceivingPartyshallstrictlyabidebythefollowingprinciples:(1)LegalityPrinciple:DataprocessingactivitiesmustcomplywithrelevantlawsandregulationsandtheprovisionsofthisAgreement,andshallnotprocessBusinessDatabeyondtheagreedscopewithoutthepriorwrittenconsentoftheDisclosingParty;(2)MinimumNecessityPrinciple:OnlycollectanduseBusinessDatanecessaryforperformingtheobligationsunderthisAgreement,andshallnotcollectorusedataunrelatedtotheperformanceofobligations;(3)ConfidentialityPrinciple:StrictlykeepconfidentialtheBusinessDatabeingprocessed(especiallypersonalinformationandsensitivecommercialdata),andshallnotdisclose,tamperwithorabuseit;(4)IntegrityandAvailabilityPrinciple:TakenecessarymeasurestoensuretheintegrityofBusinessData,preventdatafrombeingtamperedwithordamaged,andensurethatdatacanbeusednormallywhenneeded;(5)ComplianceNotificationPrinciple:IftheBusinessDatabeingprocessedinvolvesthird-partypersonalinformation,theReceivingPartyshallcooperatewiththeDisclosingPartytoperformthenotificationobligationtothethirdpartyandobtaintheexplicitconsentofthethirdparty(exceptasotherwisestipulatedbylawsandregulations).4.2技術(shù)與管理保護措施（TechnicalandManagementProtectionMeasures）接收方應(yīng)建立健全數(shù)據(jù)安全保護體系，采取符合行業(yè)標準及本協(xié)議要求的技術(shù)措施和管理措施，保障業(yè)務(wù)數(shù)據(jù)安全，具體包括但不限于：（1）技術(shù)防護措施：建立數(shù)據(jù)加密機制，對敏感業(yè)務(wù)數(shù)據(jù)進行加密存儲和傳輸；設(shè)置嚴格的訪問控制權(quán)限，實行分級授權(quán)、專人負責；安裝防火墻、入侵檢測系統(tǒng)、防病毒軟件等安全防護設(shè)備，定期進行安全檢測、漏洞掃描與修復(fù)；建立數(shù)據(jù)備份與恢復(fù)機制，定期對業(yè)務(wù)數(shù)據(jù)進行備份，確保數(shù)據(jù)在發(fā)生丟失、破壞時能夠及時恢復(fù)；（2）管理防護措施：制定完善的數(shù)據(jù)安全管理制度、操作規(guī)程及應(yīng)急預(yù)案；明確數(shù)據(jù)安全負責人及崗位職責，對內(nèi)部數(shù)據(jù)處理人員進行專項數(shù)據(jù)安全培訓(xùn)和考核；建立數(shù)據(jù)處理日志記錄制度，對數(shù)據(jù)的收集、存儲、使用、傳輸、刪除等操作進行全程記錄，日志留存期限不少于本協(xié)議約定的保密期限及法律法規(guī)規(guī)定的最低期限；定期開展數(shù)據(jù)安全風險評估，及時發(fā)現(xiàn)并整改數(shù)據(jù)安全隱患；（3）第三方管控措施：未經(jīng)披露方事先書面同意，不得將業(yè)務(wù)數(shù)據(jù)處理工作委托給任何第三方；若確因業(yè)務(wù)需要委托第三方處理的，應(yīng)嚴格審核第三方的資質(zhì)和數(shù)據(jù)安全保護能力，與第三方簽署保密及數(shù)據(jù)安全保護協(xié)議，明確第三方的責任和義務(wù)，并對第三方的處理行為進行全程監(jiān)督和管理；若第三方違反相關(guān)約定導(dǎo)致數(shù)據(jù)泄露或其他安全問題的，接收方應(yīng)承擔連帶責任。TheReceivingPartyshallestablishandimproveadatasecurityprotectionsystem,andtaketechnicalandmanagementmeasuresthatmeetindustrystandardsandtherequirementsofthisAgreementtoensurethesecurityofBusinessData,includingbutnotlimitedto:(1)TechnicalProtectionMeasures:EstablishadataencryptionmechanismtoencryptthestorageandtransmissionofsensitiveBusinessData;setstrictaccesscontrolpermissions,implementhierarchicalauthorizationandspecialpersonresponsibility;installsecurityprotectionequipmentsuchasfirewalls,intrusiondetectionsystemsandanti-virussoftware,andconductregularsecuritydetection,vulnerabilityscanningandrepair;establishadatabackupandrecoverymechanism,regularlybackupBusinessDatatoensurethatdatacanberecoveredinatimelymannerincaseoflossordamage;(2)ManagementProtectionMeasures:Formulatesounddatasecuritymanagementsystems,operatingproceduresandemergencyplans;clarifythedatasecurityofficerandpostresponsibilities,andconductspecialdatasecuritytrainingandassessmentforinternaldataprocessingpersonnel;establishadataprocessinglogrecordingsystemtorecordalloperationssuchascollection,storage,use,transmissionanddeletionofdatathroughouttheprocess,andthelogretentionperiodshallnotbelessthantheconfidentialityperiodagreedinthisAgreementandtheminimumperiodstipulatedbylawsandregulations;regularlycarryoutdatasecurityriskassessmenttotimelydiscoverandrectifydatasecurityhazards;(3)Third-PartyControlMeasures:WithoutthepriorwrittenconsentoftheDisclosingParty,shallnotentrusttheprocessingofBusinessDatatoanythirdparty;ifitisreallynecessarytoentrustathirdpartytoprocessduetobusinessneeds,shallstrictlyreviewthethirdparty'squalificationsanddatasecurityprotectioncapabilities,signaconfidentialityanddatasecurityprotectionagreementwiththethirdparty,clarifythethirdparty'sresponsibilitiesandobligations,andconductfullsupervisionandmanagementofthethirdparty'sprocessingbehavior;ifthethirdpartyviolatesrelevantagreementsleadingtodataleakageorothersecurityissues,theReceivingPartyshallbejointlyandseverallyliable.4.3數(shù)據(jù)安全事件處置（DisposalofDataSecurityIncidents）（1）事件報告義務(wù)：接收方發(fā)現(xiàn)業(yè)務(wù)數(shù)據(jù)存在泄露、篡改、丟失、非法訪問、非法使用等數(shù)據(jù)安全事件（以下簡稱“安全事件”）時，應(yīng)立即采取有效措施防止事件擴大（包括但不限于封鎖數(shù)據(jù)源頭、暫停數(shù)據(jù)處理業(yè)務(wù)、修改訪問權(quán)限、刪除泄露數(shù)據(jù)等），并在24小時內(nèi)書面通知披露方，詳細說明事件發(fā)生的時間、原因、涉及的數(shù)據(jù)范圍、影響程度及已采取的應(yīng)急措施；（2）配合調(diào)查與處置義務(wù)：安全事件發(fā)生后，接收方應(yīng)積極配合披露方及相關(guān)監(jiān)管部門開展安全事件調(diào)查、處置工作，提供必要的日志記錄、數(shù)據(jù)備份及其他相關(guān)材料；按照披露方及監(jiān)管部門的要求采取整改措施，消除安全隱患，降低事件造成的損失；（3）后續(xù)整改義務(wù)：安全事件處置完畢后，接收方應(yīng)在10個工作日內(nèi)將事件處置報告、整改措施及后續(xù)防范方案書面提交給披露方，確保同類安全事件不再發(fā)生；（4）披露方的權(quán)利：披露方有權(quán)對安全事件的處置過程、整改情況進行監(jiān)督、檢查，接收方應(yīng)予以積極配合；若安全事件造成披露方損失的，披露方有權(quán)要求接收方承擔賠償責任。(1)IncidentReportingObligation:WhentheReceivingPartyfindsadatasecurityincident(hereinafterreferredtoasthe"SecurityIncident")suchasleakage,tampering,loss,illegalaccessorillegaluseofBusinessData,itshallimmediatelytakeeffectivemeasurestopreventtheexpansionoftheincident(includingbutnotlimitedtoblockingthedatasource,suspendingdataprocessingbusiness,modifyingaccesspermissions,deletingleakeddata,etc.),andnotifytheDisclosingPartyinwritingwithin24hours,detailingthetime,cause,scopeofinvolveddata,impactdegreeandemergencymeasurestakenoftheincident;(2)ObligationtoCooperateinInvestigationandDisposal:AftertheoccurrenceofaSecurityIncident,theReceivingPartyshallactivelycooperatewiththeDisclosingPartyandrelevantregulatoryauthoritiestocarryouttheinvestigationanddisposaloftheSecurityIncident,andprovidenecessarylogrecords,databackupsandotherrelevantmaterials;takerectificationmeasuresina