2026年保密及隱私保護協議（中英文版）協議編號（AgreementNo.）：________________________本2026年保密及隱私保護協議（中英文版）（以下簡稱“本協議”）由以下雙方（以下統稱“雙方”）于____年____月____日（以下簡稱“生效日”）在____（簽署地）自愿簽署。為規(guī)范雙方在合作及業(yè)務往來過程中保密信息的管理與個人隱私的保護事宜，明確雙方權利義務，防范保密信息泄露與隱私侵權風險，保障雙方及相關個人的合法權益，依據《中華人民共和國民法典》《中華人民共和國網絡安全法》《中華人民共和國數據安全法》《中華人民共和國個人信息保護法》《中華人民共和國反不正當競爭法》及其他相關法律法規(guī)，結合雙方合作實際情況，經友好協商，達成如下協議，以資共同信守。This2026ConfidentialityandPrivacyProtectionAgreement(ChineseandEnglishVersion)(hereinafterreferredtoasthe"Agreement")isvoluntarilysignedbythefollowingtwoparties(hereinaftercollectivelyreferredtoasthe"Parties")on____(EffectiveDate)at____(PlaceofSigning).ForthepurposeofregulatingthemanagementofconfidentialinformationandtheprotectionofpersonalprivacyintheprocessofcooperationandbusinesstransactionsbetweenthetwoParties,clarifyingtherightsandobligationsofbothParties,preventingtheleakageofconfidentialinformationandprivacyinfringementrisks,andsafeguardingthelegitimaterightsandinterestsofbothPartiesandrelevantindividuals,inaccordancewiththeCivilCodeofthePeople'sRepublicofChina,theCybersecurityLawofthePeople'sRepublicofChina,theDataSecurityLawofthePeople'sRepublicofChina,thePersonalInformationProtectionLawofthePeople'sRepublicofChina,theAnti-UnfairCompetitionLawofthePeople'sRepublicofChinaandotherrelevantlawsandregulations,andcombinedwiththeactualsituationofcooperationbetweenthetwoParties,thefollowingagreementisreachedthroughfriendlynegotiationformutualabidance.第一條締約方基本信息（Article1:BasicInformationofContractingParties）1.1甲方（PartyA）中文全稱（FullChineseName）：________________________英文全稱（FullEnglishName）：________________________統一社會信用代碼/注冊號（UnifiedSocialCreditCode/RegistrationNo.）：________________________注冊地址（RegisteredAddress）：________________________通訊地址（MailingAddress）：________________________法定代表人/負責人（LegalRepresentative/Person-in-Charge）：________________________授權聯系人（AuthorizedContactPerson）：________________________聯系電話（ContactPhone）：________________________電子郵箱（E-mail）：________________________隱私保護負責人（PrivacyProtectionOfficer）：________________________1.2乙方（PartyB）中文全稱（FullChineseName）：________________________英文全稱（FullEnglishName）：________________________統一社會信用代碼/注冊號（UnifiedSocialCreditCode/RegistrationNo.）：________________________注冊地址（RegisteredAddress）：________________________通訊地址（MailingAddress）：________________________法定代表人/負責人（LegalRepresentative/Person-in-Charge）：________________________授權聯系人（AuthorizedContactPerson）：________________________聯系電話（ContactPhone）：________________________電子郵箱（E-mail）：________________________隱私保護負責人（PrivacyProtectionOfficer）：________________________1.3雙方聲明與保證（RepresentationsandWarrantiesofBothParties）：雙方均為依法成立并有效存續(xù)的法律主體，具備簽署和履行本協議的完全民事權利能力和民事行為能力；其授權聯系人、隱私保護負責人已獲得充分、有效的書面授權，有權代表其處理本協議項下保密信息管理、隱私保護及相關爭議處理等全部事宜；接收方保證其具備處理本協議項下保密信息及個人隱私信息的合法資質和技術能力，已建立完善的保密及隱私保護體系，能夠滿足本協議約定的保密及隱私保護要求；雙方簽署本協議是真實意思表示，不存在任何欺詐、脅迫等情形；本協議自雙方簽字蓋章（自然人簽字即可）之日起生效，對雙方均具有法律約束力。EachPartyrepresentsandwarrantsthatitisalegallyestablishedandvalidlyexistinglegalentitywithfullcivilrightscapacityandcivilconductcapacitytosignandperformthisAgreement;itsauthorizedcontactpersonandprivacyprotectionofficerhaveobtainedsufficientandeffectivewrittenauthorizationtoactonitsbehalfinhandlingallmattersunderthisAgreement,includingconfidentialinformationmanagement,privacyprotectionandrelateddisputehandling;theReceivingPartywarrantsthatithasthelegalqualificationsandtechnicalcapabilitiestoprocesstheconfidentialinformationandpersonalprivacyinformationunderthisAgreement,hasestablishedasoundconfidentialityandprivacyprotectionsystem,andcanmeettheconfidentialityandprivacyprotectionrequirementsagreedinthisAgreement;thesigningofthisAgreementbybothPartiesisatrueexpressionofintent,withoutanyfraud,coercionorothercircumstances;thisAgreementshalltakeeffectonthedateofsignatureandsealbybothParties(naturalpersonsonlyneedtosign)andshallhavelegalbindingforceonbothParties.第二條核心術語定義（Article2:DefinitionofCoreTerms）2.1保密信息（ConfidentialInformation）指自生效日起，披露方（DisclosingParty）通過書面文件、電子數據、口頭陳述、實物展示、技術交底、系統授權訪問等任何形式向接收方（ReceivingParty）提供或披露的，或接收方在合作事項實施、業(yè)務往來過程中自行獲知的，未通過合法途徑進入公共領域，且對披露方具有商業(yè)價值、技術價值或其他保密必要性的全部信息、資料、數據、文件、技術方案、商業(yè)計劃、客戶名單、財務數據、經營策略、核心算法、技術參數、商業(yè)秘密及其他相關內容。無論披露方是否明確標注“保密”字樣，符合本條定義的信息均屬于保密信息。Referstoallinformation,materials,data,documents,technicalschemes,businessplans,customerlists,financialdata,businessstrategies,corealgorithms,technicalparameters,tradesecretsandotherrelevantcontentsthattheDisclosingPartyprovidesordisclosestotheReceivingPartyinanyformsuchaswrittendocuments,electronicdata,oralstatements,physicaldisplays,technicaldisclosures,authorizedsystemaccess,etc.,orthattheReceivingPartylearnsonitsownintheprocessofimplementingcooperationmattersandbusinesstransactions,whichhavenotenteredthepublicdomainthroughlegalchannelsandhavecommercialvalue,technicalvalueorotherconfidentialitynecessityfortheDisclosingParty.RegardlessofwhethertheDisclosingPartyclearlymarkstheword"Confidential"ornot,theinformationconformingtothedefinitionofthisArticleshallbedeemedasConfidentialInformation.2.2個人隱私信息（PersonalPrivacyInformation）指基于本協議約定及合作需求，披露方提供給接收方、或接收方在履行業(yè)務職責過程中收集、生成、存儲、傳輸、使用的，能夠單獨或者與其他信息結合識別特定自然人身份或者反映特定自然人活動情況，且依法受保護的各類信息（以下簡稱“隱私信息”），包括但不限于：（1）敏感隱私信息（SensitivePrivacyInformation）：指一旦泄露、非法提供或濫用可能危害人身、財產安全，損害個人名譽、身心健康，或者導致個人遭受歧視等的隱私信息，如身份證件號碼、生物識別信息、健康信息、金融賬戶信息、行蹤軌跡信息、未成年人個人信息等；（2）普通隱私信息（OrdinaryPrivacyInformation）：指除敏感隱私信息以外的其他隱私信息，如姓名、聯系方式、住址（脫敏處理后）、工作單位等。Referstovariouslegallyprotectedinformation(hereinafterreferredtoas"PrivacyInformation")thattheDisclosingPartyprovidestotheReceivingParty,orthattheReceivingPartycollects,generates,stores,transmitsandusesintheprocessofperformingbusinessdutiesbasedontheagreementofthisAgreementandcooperationneeds,whichcanidentifyaspecificnaturalpersonindividuallyorincombinationwithotherinformationorreflecttheactivitiesofaspecificnaturalperson,includingbutnotlimitedto:(1)SensitivePrivacyInformation:ReferstoPrivacyInformationthatmayendangerpersonalandpropertysafety,damagepersonalreputationandphysicalandmentalhealth,orleadtopersonaldiscriminationifleaked,illegallyprovidedorabused,suchasIDcardnumber,biometricinformation,healthinformation,financialaccountinformation,locationtrackinginformation,minor'spersonalinformation,etc.;(2)OrdinaryPrivacyInformation:ReferstootherPrivacyInformationexceptSensitivePrivacyInformation,suchasname,contactinformation,address(afterdesensitization),workunit,etc.2.3隱私保護（PrivacyProtection）指通過采取技術措施、管理措施等必要手段，保障隱私信息的保密性（Confidentiality）、完整性（Integrity）、可用性（Availability）和真實性（Authenticity），防范隱私信息泄露、篡改、丟失、破壞、非法訪問、非法使用、非法提供等安全風險，確保隱私信息處理活動符合相關法律法規(guī)及本協議約定的行為總和。Referstothesumofactsthatensuretheconfidentiality,integrity,availabilityandauthenticityofPrivacyInformationbytakingnecessarymeasuressuchastechnicalmeasuresandmanagementmeasures,preventsecurityriskssuchasleakage,tampering,loss,damage,illegalaccess,illegaluseandillegalprovisionofPrivacyInformation,andensurethatPrivacyInformationprocessingactivitiescomplywithrelevantlawsandregulationsandtheprovisionsofthisAgreement.2.4信息處理（InformationProcessing）指對保密信息及隱私信息進行的收集、存儲、使用、加工、傳輸、提供、公開、刪除、銷毀等任何操作行為。ReferstoanyoperationalactperformedonConfidentialInformationandPrivacyInformation,includingcollection,storage,use,processing,transmission,provision,disclosure,deletion,destruction,etc.2.5除外情形（ExclusionScenarios）下列信息及相關權利不屬于本協議約定的保密及隱私保護范圍：（1）在披露方提供或接收方獲知、處理前，已通過公開出版物、官方渠道、行業(yè)慣例等合法途徑進入公共領域，且能為公眾自由獲取的信息；（2）接收方在未接觸、未使用披露方任何保密信息及隱私信息的情況下，通過獨立研發(fā)、自行調研、合法受讓、公開渠道獲取等方式獨立獲得的信息及相關權利；（3）根據法律法規(guī)、司法機關生效判決、裁定、仲裁機構裁決或政府監(jiān)管部門的強制性要求，接收方必須予以披露的信息或進行的處理行為，且接收方已在披露或處理前事先書面通知披露方（法律明確禁止通知的除外），并配合披露方采取合理措施減少損失及影響；（4）披露方已通過書面形式明確聲明無需承擔保密義務的信息及無需受限處理的情形；（5）接收方從有權披露的第三方處合法獲取的，且該第三方未對其施加保密義務及隱私保護責任的信息；（6）為履行法定職責或法定義務所必需，且已履行法定程序的信息處理行為及相關信息。ThefollowinginformationandrelatedrightsarenotwithinthescopeofconfidentialityandprivacyprotectionagreedinthisAgreement:(1)Informationthathasenteredthepublicdomainthroughlegalchannelssuchaspublicpublications,officialchannels,andindustrypracticesbeforebeingprovidedbytheDisclosingPartyorlearnedandprocessedbytheReceivingParty,andisfreelyaccessibletothepublic;(2)InformationandrelatedrightsindependentlyobtainedbytheReceivingPartythroughindependentresearchanddevelopment,independentinvestigation,legalassignment,publicchannelacquisitionandothermethodswithoutcontactingorusinganyConfidentialInformationandPrivacyInformationoftheDisclosingParty;(3)InformationthattheReceivingPartymustdiscloseorprocessingactivitiesthatmustbecarriedoutinaccordancewithlawsandregulations,effectivejudgmentsandrulingsofjudicialorgans,arbitralawardsormandatoryrequirementsofgovernmentregulatoryauthorities,andtheReceivingPartyhasnotifiedtheDisclosingPartyinwritinginadvancebeforedisclosureorprocessing(exceptwhereexplicitlyprohibitedbylaw),andcooperatedwiththeDisclosingPartytotakereasonablemeasurestoreducelossesandimpacts;(4)InformationthattheDisclosingPartyhasexplicitlystatedinwritingthatnoconfidentialityobligationisrequiredandscenariosthatcanbeprocessedwithoutrestrictions;(5)InformationlegallyobtainedbytheReceivingPartyfromathirdpartywiththerighttodisclose,andthethirdpartyhasnotimposedaconfidentialityobligationandprivacyprotectionresponsibilityonit;(6)Informationprocessingactivitiesandrelatedinformationthatarenecessaryforperforminglegaldutiesorobligationsandhavegonethroughlegalprocedures.第三條保密義務（Article3:ConfidentialityObligations）3.1披露方義務（ObligationsoftheDisclosingParty）（1）明確標識與告知義務：對其提供的保密信息按敏感程度分為核心保密信息、重要保密信息和一般保密信息，明確標注保密標識、保密期限及使用范圍，提供信息時同步書面告知接收方該信息的保密注意事項、使用限制及泄露風險；（2）合理披露義務：根據合作及業(yè)務往來的實際需要，審慎確定向接收方提供的保密信息范圍，不得超出必要限度披露保密信息；（3）內部管控義務：對其內部接觸、處理保密信息的人員進行專項保密培訓，明確保密責任，建立人員保密考核與問責機制；采取加密存儲、權限管控、專人保管等安全防護措施，防范內部人員泄露、濫用保密信息；（4）監(jiān)督與補救義務：有權對接收方履行保密義務的情況進行定期或不定期監(jiān)督、檢查，接收方應積極配合；發(fā)現保密信息存在泄露風險或已發(fā)生泄露的，立即書面通知接收方，明確風險處置要求，并配合接收方采取補救措施降低損失。(1)ObligationofClearIdentificationandNotification:ClassifytheprovidedConfidentialInformationintocoreconfidentialinformation,importantconfidentialinformationandgeneralconfidentialinformationaccordingtothedegreeofsensitivity,clearlymarktheconfidentialitylabel,confidentialityperiodandscopeofuse,andsimultaneouslyinformtheReceivingPartyinwritingoftheconfidentialityprecautions,userestrictionsanddisclosurerisksoftheinformationwhenprovidingit;(2)ObligationofReasonableDisclosure:PrudentlydeterminethescopeofConfidentialInformationprovidedtotheReceivingPartyaccordingtotheactualneedsofcooperationandbusinesstransactions,andshallnotdiscloseConfidentialInformationbeyondthenecessarylimit;(3)ObligationofInternalControl:ConductspecialconfidentialitytrainingforinternalpersonnelwhoaccessandprocessConfidentialInformation,clarifyconfidentialityresponsibilities,andestablishapersonnelconfidentialityassessmentandaccountabilitymechanism;takesafetyprotectionmeasuressuchasencryptedstorage,authoritycontrol,andspecialpersoncustodytopreventinternalpersonnelfromdisclosingandabusingConfidentialInformation;(4)ObligationofSupervisionandRemediation:HastherighttoconductregularorirregularsupervisionandinspectionontheReceivingParty'sperformanceofconfidentialityobligations,andtheReceivingPartyshallactivelycooperate;ifitisfoundthatthereisariskofdisclosureordisclosureofConfidentialInformationhasoccurred,immediatelynotifytheReceivingPartyinwriting,clarifytheriskdisposalrequirements,andcooperatewiththeReceivingPartytotakeremedialmeasurestoreducelosses.3.2接收方義務（ObligationsoftheReceivingParty）接收方應采取不低于保護自身同類保密信息的嚴格措施，對獲取的保密信息進行全流程規(guī)范管理，承擔以下保密義務：（1）人員管控義務：僅允許因履行本協議義務確有必要的授權人員接觸保密信息，建立授權人員登記臺賬及信息接觸記錄；對授權人員進行專項保密培訓，并要求其簽署書面保密承諾函，明確保密責任；嚴禁未經授權人員接觸、查閱、使用保密信息；（2）存儲與防護義務：對書面形式的保密信息，采取上鎖存放、專人保管、借閱登記、歸還核銷、到期銷毀等管控措施；對電子形式的保密信息，采取加密存儲、設置嚴格訪問權限、定期備份、安裝安全防護軟件、定期進行安全檢測與漏洞修復等措施，防止信息被非法訪問、篡改、復制、丟失或泄露；（3）使用限制義務：嚴格按照本協議約定及披露方書面告知的范圍、用途使用保密信息，不得超出約定范圍使用，不得將保密信息用于與合作及業(yè)務往來無關的任何目的；不得對保密信息進行反向工程、反向編譯、破解、解密、拆解或其他試圖非法獲取信息核心內容的行為（經披露方事先書面授權的除外）；（4）傳輸與披露管控義務：未經披露方事先書面同意，不得通過郵件、即時通訊工具、U盤、硬盤、云存儲等任何形式向第三方傳輸、轉發(fā)、復制、轉讓、許可使用、出租、出借保密信息，不得將保密信息以任何形式公開、發(fā)布或使其進入公共領域；不得向任何第三方泄露保密信息的存在及其內容；（5）歸還與銷毀義務：當合作終止、業(yè)務往來結束，或披露方書面要求收回、銷毀保密信息，或接收方不再需要使用保密信息時，立即停止使用所有保密信息，并在5個工作日內將其持有的包含保密信息的所有載體（包括但不限于原件、復印件、掃描件、電子文檔、備份數據、U盤、硬盤、實物樣品、圖紙等）全部歸還給披露方，或按照披露方的書面要求予以徹底銷毀；銷毀后應向披露方提供書面銷毀證明，確保無任何形式的留存；（6）風險處置義務：發(fā)現保密信息存在泄露、丟失、被篡改、被非法訪問等風險或情況時，立即采取有效措施防止風險擴大（包括但不限于封鎖信息源頭、排查接觸人員、修改訪問權限、刪除泄露信息、采取法律措施等），并在24小時內書面通知披露方，詳細說明事件發(fā)生的時間、原因、范圍及已采取的補救措施，配合披露方進行調查、處理及追責；（7）連帶責任義務：對其關聯方、雇員、代理人、合作伙伴等相關方的保密行為進行監(jiān)督管理，明確其保密責任；若該等相關方違反本協議約定導致保密信息泄露的，接收方應承擔連帶責任。TheReceivingPartyshalltakestrictmeasuresnotlowerthanthoseforprotectingitsownsimilarConfidentialInformationtostandardizethefull-processmanagementoftheobtainedConfidentialInformation,andshallassumethefollowingconfidentialityobligations:(1)ObligationofPersonnelControl:OnlyallowauthorizedpersonnelwhoarereallynecessaryforperformingtheobligationsunderthisAgreementtoaccessConfidentialInformation,andestablisharegistrationledgerofauthorizedpersonnelandinformationaccessrecords;conductspecialconfidentialitytrainingforauthorizedpersonnelandrequirethemtosignwrittenconfidentialitycommitmentletterstoclarifyconfidentialityresponsibilities;itisstrictlyprohibitedforunauthorizedpersonneltoaccess,consultoruseConfidentialInformation;(2)ObligationofStorageandProtection:ForConfidentialInformationinwrittenform,adoptcontrolmeasuressuchaslockedstorage,specialpersoncustody,borrowingregistration,returnverificationandcancellation,andexpirationdestruction;forConfidentialInformationinelectronicform,adoptmeasuressuchasencryptedstorage,settingstrictaccesspermissions,regularbackup,installingsecuritysoftware,regularsecuritydetectionandvulnerabilityrepairtopreventinformationfrombeingillegallyaccessed,tamperedwith,copied,lostordisclosed;(3)ObligationofUseRestriction:StrictlyuseConfidentialInformationinaccordancewiththescopeandpurposestipulatedinthisAgreementandwrittennotificationbytheDisclosingParty,shallnotuseitbeyondtheagreedscope,andshallnotuseConfidentialInformationforanypurposeunrelatedtocooperationandbusinesstransactions;shallnotconductreverseengineering,reversecompilation,cracking,decryption,disassemblyorotheractsattemptingtoillegallyobtainthecorecontentoftheinformation(exceptwiththepriorwrittenauthorizationoftheDisclosingParty);(4)ObligationofTransmissionandDisclosureControl:WithoutthepriorwrittenconsentoftheDisclosingParty,shallnottransmit,forward,copy,transfer,license,leaseorlendConfidentialInformationtothirdpartiesinanyformsuchasemail,instantmessagingtools,U-disks,harddisks,cloudstorage,etc.,nordisclose,publishConfidentialInformationinanyformormakeitenterthepublicdomain;shallnotdisclosetheexistenceandcontentofConfidentialInformationtoanythirdparty;(5)ObligationofReturnandDestruction:Whenthecooperationisterminated,businesstransactionsareconcluded,ortheDisclosingPartyrequestsinwritingtorecoverordestroyConfidentialInformation,ortheReceivingPartynolongerneedstouseConfidentialInformation,immediatelystopusingallConfidentialInformation,andwithin5workingdays,returnallcarrierscontainingConfidentialInformationinitspossession(includingbutnotlimitedtooriginals,copies,scannedcopies,electronicdocuments,backupdata,U-disks,harddisks,physicalsamples,drawings,etc.)totheDisclosingParty,orcompletelydestroytheminaccordancewiththeDisclosingParty'swrittenrequirements;afterdestruction,awrittendestructioncertificateshallbeprovidedtotheDisclosingPartytoensurenoretentioninanyform;(6)ObligationofRiskDisposal:Ifitisfoundthatthereisariskorsituationsuchasdisclosure,loss,tampering,illegalaccessofConfidentialInformation,immediatelytakeeffectivemeasurestopreventtheexpansionoftherisk(includingbutnotlimitedtoblockingtheinformationsource,investigatingtheaccessingpersonnel,modifyingtheaccesspermissions,deletingthedisclosedinformation,takinglegalmeasures,etc.),andnotifytheDisclosingPartyinwritingwithin24hours,detailingthetime,cause,scopeoftheincidentandtheremedialmeasurestaken,andcooperatewiththeDisclosingPartyininvestigation,handlingandaccountability;(7)ObligationofJointandSeveralLiability:Superviseandmanagetheconfidentialitybehaviorofitsaffiliates,employees,agents,partnersandotherrelevantparties,andclarifytheirconfidentialityresponsibilities;ifsuchrelevantpartiesviolatetheprovisionsofthisAgreementleadingtothedisclosureofConfidentialInformation,theReceivingPartyshallbejointlyandseverallyliable.3.3保密期限（ConfidentialityPeriod）（1）本協議項下的保密期限，自接收方首次獲取某一項保密信息之日起計算，直至該保密信息通過合法途徑成為公開信息且不再具有保密性為止；（2）核心保密信息的保密期限自接收方首次獲取之日起不少于10年；重要保密信息的保密期限自接收方首次獲取之日起不少于5年；一般保密信息的保密期限自接收方首次獲取之日起不少于3年；（3）即使本協議終止、解除，或雙方合作終止、業(yè)務往來結束，本條約定的保密期限依然有效，接收方仍需按照本協議約定履行保密義務，直至本協議3.3（1）條約定的條件成就；（4）若法律法規(guī)對商業(yè)秘密、技術秘密等保密信息的保密期限有更長強制性規(guī)定的，從其規(guī)定。(1)ThetermofconfidentialityunderthisAgreementshallbecalculatedfromthedateonwhichtheReceivingPartyfirstobtainsaspecificitemofConfidentialInformationuntiltheConfidentialInformationbecomespublicinformationthroughlegalchannelsandnolongerhasconfidentiality;(2)ThetermofconfidentialityforcoreConfidentialInformationshallbenotlessthan10yearsfromthedateoffirstacquisitionbytheReceivingParty;thetermofconfidentialityforimportantConfidentialInformationshallbenotlessthan5yearsfromthedateoffirstacquisitionbytheReceivingParty;thetermofconfidentialityforgeneralConfidentialInformationshallbenotlessthan3yearsfromthedateoffirstacquisitionbytheReceivingParty;(3)EvenifthisAgreementisterminatedorrescinded,orthecooperationbetweenthetwoPartiesisterminatedorbusinesstransactionsareconcluded,thetermofconfidentialitystipulatedinthisArticleshallremainvalid,andtheReceivingPartyshallstillperformtheconfidentialityobligationinaccordancewiththeprovisionsofthisAgreementuntiltheconditionsstipulatedinClause3.3(1)ofthisAgreementaremet;(4)IflawsandregulationshavelongermandatoryprovisionsonthetermofconfidentialityofConfidentialInformationsuchastradesecretsandtechnicalsecrets,suchprovisionsshallprevail.第四條隱私保護義務（Article4:PrivacyProtectionObligations）4.1隱私信息處理基本原則（BasicPrinciplesofPrivacyInformationProcessing）接收方在處理本協議項下隱私信息時，應嚴格遵守以下原則：（1）合法性、正當性、必要性原則（Legality,LegitimacyandNecessityPrinciples）：隱私信息處理活動必須符合相關法律法規(guī)及本協議約定，具有合法目的，不得超出履行本協議義務所必需的范圍，未經隱私信息主體明確同意（法律法規(guī)另有規(guī)定的除外），不得處理隱私信息；（2）保密原則（ConfidentialityPrinciple）：對處理的隱私信息（尤其是敏感隱私信息）嚴格保密，不得泄露、篡改、濫用、非法提供給第三方；（3）完整性與真實性原則（IntegrityandAuthenticityPrinciples）：采取必要措施保障隱私信息的完整性，防止數據被篡改、破壞，確保隱私信息的真實性與準確性；（4）告知同意原則（NotificationandConsentPrinciple）：若處理的隱私信息涉及第三方隱私信息主體，接收方應配合披露方履行對隱私信息主體的告知義務，明確告知信息處理的目的、范圍、方式等內容，獲得隱私信息主體的明確同意（法律法規(guī)另有規(guī)定的除外）；（5）可追溯原則（TraceabilityPrinciple）：建立隱私信息處理全程追溯機制，確保隱私信息處理行為可查、可追溯，責任可明確；（6）安全保障原則（SecurityAssurancePrinciple）：采取與隱私信息敏感程度相匹配的安全保護措施，防范隱私信息泄露、丟失、濫用等安全風險。WhenprocessingthePrivacyInformationunderthisAgreement,theReceivingPartyshallstrictlyabidebythefollowingprinciples:(1)Legality,LegitimacyandNecessityPrinciples:PrivacyInformationprocessingactivitiesmustcomplywithrelevantlawsandregulationsandtheprovisionsofthisAgreement,havealegitimatepurpose,shallnotexceedthescopenecessaryforperformingtheobligationsunderthisAgreement,andshallnotprocessPrivacyInformationwithouttheexplicitconsentofthePrivacyInformationsubject(exceptasotherwisestipulatedbylawsandregulations);(2)ConfidentialityPrinciple:StrictlykeepconfidentialthePrivacyInformationbeingprocessed(especiallySensitivePrivacyInformation),andshallnotdisclose,tamperwith,abuseorillegallyprovideittothirdparties;(3)IntegrityandAuthenticityPrinciples:TakenecessarymeasurestoensuretheintegrityofPrivacyInformation,preventdatafrombeingtamperedwithordamaged,andensuretheauthenticityandaccuracyofPrivacyInformation;(4)NotificationandConsentPrinciple:IfthePrivacyInformationbeingprocessedinvolvesthird-partyPrivacyInformationsubjects,theReceivingPartyshallcooperatewiththeDisclosingPartytoperformthenotificationobligationtothePrivacyInformationsubjects,clearlyinformthemofthepurpose,scope,methodandothercontentsofinformationprocessing,andobtaintheexplicitconsentofthePrivacyInformationsubjects(exceptasotherwisestipulatedbylawsandregulations);(5)TraceabilityPrinciple:Establishafull-processtraceabilitymechanismforPrivacyInformationprocessingtoensurethatPrivacyInformationprocessingactivitiesaretraceable,verifiableandaccountable;(6)SecurityAssurancePrinciple:TakesecurityprotectionmeasuresmatchingthesensitivityofPrivacyInformationtopreventsecurityriskssuchasleakage,lossandabuseofPrivacyInformation.4.2隱私保護技術與管理措施（TechnicalandManagementMeasuresforPrivacyProtection）接收方應建立健全隱私保護體系，采取符合行業(yè)標準及本協議要求的技術措施和管理措施，保障隱私信息安全，具體包括但不限于：（1）技術防護措施（TechnicalProtectionMeasures）：建立隱私信息加密機制，對敏感隱私信息進行加密存儲和傳輸；設置嚴格的訪問控制權限，實行分級授權、專人負責、最小權限管控，對敏感隱私信息的訪問進行雙重認證；安裝防火墻、入侵檢測系統、防病毒軟件、數據防泄漏軟件等安全防護設備，定期進行安全檢測、漏洞掃描與修復；建立隱私信息備份與恢復機制，定期對隱私信息進行全量備份和增量備份，確保信息在發(fā)生丟失、破壞時能夠及時恢復；對隱私信息進行脫敏處理，在不影響業(yè)務開展的前提下，屏蔽不必要的敏感字段；（2）管理防護措施（ManagementProtectionMeasures）：制定完善的隱私保護管理制度、操作規(guī)程及應急預案；明確隱私保護負責人及崗位職責，對內部隱私信息處理人員進行專項隱私保護培訓和考核，建立人員離崗離職隱私信息交接機制，確保離崗離職人員及時移交或銷毀所持有的隱私信息；建立隱私信息處理日志記錄制度，對隱私信息的收集、存儲、使用、傳輸、刪除等操作進行全程記錄，日志留存期限不少于本協議約定的保密期限及法律法規(guī)規(guī)定的最低期限；定期開展隱私保護風險評估，及時發(fā)現并整改隱私保護隱患；（3）第三方管控措施（Third-PartyControlMeasures）：未經披露方事先書面同意，不得將隱私信息處理工作委托給任何第三方；若確因業(yè)務需要委托第三方處理的，應嚴格審核第三方的資質和隱私保護能力，與第三方簽署保密及隱私保護協議，明確第三方的責任和義務，并對第三方的處理行為進行全程監(jiān)督和管理；若第三方違反相關約定導致隱私信息泄露或其他侵權問題的，接收方應承擔連帶責任；（4）應急處置措施（EmergencyDisposalMeasures）：制定隱私信息安全事件應急預案，明確應急處置流程、責任分工等內容，定期組織應急演練，確保在發(fā)生隱私信息安全事件時能夠快速響應、有效處置。TheReceivingPartyshallestablishandimproveaprivacyprotectionsystem,andtaketechnicalandmanagementmeasuresthatmeetindustrystandardsandtherequirementsofthisAgreementtoensurethesecurityofPrivacyInformation,includingbutnotlimitedto:(1)TechnicalProtectionMeasures:EstablishaPrivacyInformationencryptionmechanismtoencryptthestorageandtransmissionofSensitivePrivacyInformation;setstrictaccesscontrolpermissions,implementhierarchicalauthorization,specialpersonresponsibilityandminimumpermissioncontrol,andconductdualauthenticationforaccesstoSensitivePrivacyInformation;installsecurityprotectionequipmentsuchasfirewalls,intrusiondetectionsystems,anti-virussoftwareanddataleakagepreventionsoftware,andconductregularsecuritydetection,vulnerabilityscanningandrepair;establishaPrivacyInformationbackupandrecoverymechanism,regularlyperformfullbackupandincrementalbackupofPrivacyInformationtoensurethatinformationcanberecoveredinatimelymannerincaseoflossordamage;desensitizePrivacyInformationandshieldunnecessarysensitivefieldswithoutaffectingbusinessoperations;(2)ManagementProtectionMeasures:Formulatesoundprivacyprotectionmanagementsystems,operatingproceduresandemergencyplans;clarifytheprivacyprotectionofficerandpostresponsibilities,conductspecialprivacyprotectiontrainingandassessmentforinternalPrivacyInformationprocessingpersonnel,andestablishaPrivacyInformationhandovermechanismforpersonnelleavingtheirpoststoensurethatpersonnelleavingtheirpoststimelyhandoverordestroythePrivacyInformationintheirpossession;establishaPrivacyInformationprocessinglogrecordingsystemtorecordalloperationssuchascollection,storage,use,transmissionanddeletionofPrivacyInformationthroughouttheprocess,andthelogretentionperiodshallnotbelessthantheconfidentialityperiodagreedinthisAgreementandtheminimumperiodstipulatedbylawsandregulations;regularlycarryoutprivacyprotectionriskassessmenttotimelydiscoverandrectifyprivacyprotectionhazards;(3)Third-PartyControlMeasures:WithoutthepriorwrittenconsentoftheDisclosingParty,shallnotentrusttheprocessingofPrivacyInformationtoanythirdparty;ifitisreallynecessarytoentrustathirdpartytoprocessduetobusinessneeds,shallstrictlyreviewthethirdparty'squalificationsandprivacyprotectioncapabilities,signaconfidentialityandprivacyprotectionagreementwiththethirdparty,clarifythethirdparty'sresponsibilitiesandobligations,andconductfullsupervisionandmanagementofthethirdparty'sprocessingbehavior;ifthethirdpartyviolatesrelevantagreementsleadingtoPrivacyInformationleakageorotherinfringementissues,theReceivingPartyshallbejointlyandseverallyliable;(4)EmergencyDisposalMeasures:FormulateanemergencyplanforPrivacyInformationsecurityincidents,clarifytheemergencydisposalprocess,divisionofresponsibilitiesandothercontents,andorganizeregularemergencydrillstoensurerapidresponseandeffectivedisposalincaseofPrivacyInformationsecurityincidents.4.3隱私信息安全事件處置（DisposalofPrivacyInformationSecurityIncidents）（1）事件報告義務：接收方發(fā)現隱私信息存在泄露、篡改、丟失、非法訪問、非法使用、非法提供等隱私信息安全事件（以下簡稱“隱私安全事件”）時，應立即采取有效措施防止事件擴大（包括但不限于封鎖信息源頭、暫停隱私信息處理業(yè)務、修改訪問權限、刪除泄露信息、通知相關隱私信息主體等），并在24小時內書面通知披露方，詳細說明事件發(fā)生的時間、原因、涉及的隱私信息范圍、影響程度及已采取的應急措施；（2）配合調查與處置義務：隱私安全事件發(fā)生后，接收方應積極配合披露方及相關監(jiān)管部門開展隱私安全事件調查、處置工作，提供必要的日志記錄、信息備份及其他相關材料；按照披露方及監(jiān)管部門的要求采取整改措施，消除隱私保護隱患，降低事件造成的損失及影響；（3）后續(xù)整改義務：隱私安全事件處置完畢后，接收方應在10個工作日內將事件處置報告、整改措施及后續(xù)防范方案書面提交給披露方，確保同類隱私安全事件不再發(fā)生；（4）披露方的權利：披露方有權對隱私安全事件的處置過程、整改情況進行監(jiān)督、檢查，