最后更新日期：2026 年3 月19 日

数据处理协议

本《数据处理协议》（“DPA”）构成 ServiceChannel.com, Inc.（以下简称“ServiceChannel”）与客户（定义见《主服务协议》）签订的《主服务协议》（“MSA”）的一部分，并受其约束。客户和 ServiceChannel 单独称为“一方”，统称为“双方”。

鉴于

(i) 客户与 ServiceChannel 已签订《主服务协议》，根据该协议，ServiceChannel 将向客户提供服务。

(ii) ServiceChannel 将在提供服务的过程中处理客户数据（可能包含个人数据）；

(iii) 双方现希望签订本 DPA，以规范 ServiceChannel 对客户数据中包含的此类个人数据的处理。

因此，双方现达成以下协议：

1. 定义：

本处理协议中使用的术语应具有在 MSA 中赋予的含义。此外，以下术语应具有以下含义：

(a)“管理数据”是指：(i) 与客户的主要账户持有人或管理人有关的详细联系方式和通信内容；(ii) 客户授权用户提交的与服务有关的支持查询；

(b)“关联方”是指控制 ServiceChannel、受其控制或者与其共同受控的任何实体；

(c)“CCPA”是指 2018 年《加利福尼亚州消费者隐私法》（《加利福尼亚州民法典》第 1798.100 条及以后条款），包括其实施条例和 2020 年《加州隐私权法案》；

(d)“控制者目的”是指 (a) 进行内部研发，以开发、测试、改进和更改 ServiceChannel 产品和服务的功能；(b) 创建匿名数据集，以用于培训或评估 ServiceChannel 的产品和服务；(c) 管理 ServiceChannel 在 MSA 项下与客户及其承包商的关系；

(e)“客户”是指已签署《主服务协议》的客户；

(f)“客户个人数据”是指除评级和评论外，客户数据中包含的个人数据，详见本 DPA 附录 1；

(g)“数据保护法”是指与个人数据的隐私、保密性或安全性相关的所有适用法律、规则、法规和政府要求（及其可能不时进行的修订或以其他方式进行的更新），包括（但不限于）GDPR、英国 GDPR、巴西法律第 13,709/2018 号（“LGPD”）和美国数据保护法；

(h)“数据主体”是指：(i) 个人数据所涉及的自然人；以及 (ii) 根据数据保护法作为“数据主体”、“消费者”或任何同等术语的个人；

(i)“EU SCC”是指附于 2021 年 6 月 4 日欧盟委员会关于根据欧洲议会和理事会第 2016/679 号（欧盟）条例向第三国/地区传输个人数据的标准合同条款之第 2021/914 号实施决定的合同条款，可不时更新或替换；

(i)“GDPR”是指第 2016/679 号（欧盟）条例（“欧盟 GDPR”），或在适用情况下指英国 2018 年《数据保护法案》第 3(10) 条和第 205 条中定义的“英国 GDPR”；

(j)“个人数据”是指以下任何信息：(i) 与已识别或可识别的自然人相关、有关联或有合理联系的信息；或 (ii) 根据数据保护法，为其他“个人数据”、“个人信息”、“个人身份信息”或类似定义的数据或信息；

(k)“处理”是指对个人数据实施的任何操作或一套操作，不管是否通过自动化方式，例如收集、记录、组织、构建、存储、改编或更改、检索、咨询、使用、通过传输、传播或以其他方式提供而披露、组合或结合、限制、删除或销毁（“处理”、“已处理”和“被处理”应具有相同含义）；

(l)“评级和评论”具有第 2.1 条中赋予的含义；

(m)“出售”具有 CCPA 中赋予的含义；

(n)“共享”具有 CCPA 中赋予的含义；

(o)“安全漏洞”是指导致客户个人数据意外或非法销毁、丢失、更改、未经授权披露或未经授权访问的安全漏洞；

(p)“标准合同条款”是指欧盟标准合同条款、英国附录或巴西标准合同条款（视情况而定）；

(q)“子处理者”是指 ServiceChannel （作为处理者）聘请的代表客户处理个人信息或提供本协议中规定的服务的任何外部实体；

(r)“英国附录”是指由英国信息专员根据英国 2018 年《数据保护法案》第 S119A(1) 条规定发布并于 2022 年 2 月 2 日提交给英国议会的 B.1.0 版模板附录，可根据英国附录第 18 条进行修订；

(s)“美国数据保护法”是指与数据保护、个人数据处理、隐私和/或数据保护相关的，在美国不时生效的所有适用联邦和州法律、规则、法规和政府要求，包括（但不限于）CCPA；

(t)“使用数据”是指 ServiceChannel 收集的与客户及其授权用户使用服务有关的诊断、使用和性能信息；

(u)“控制者”、“处理者”、“企业”和“服务提供商”均具有数据保护法中赋予的含义。

2. 双方关系；遵守法律

2.1 客户：

(a) 指定 ServiceChannel 作为其处理者或服务提供商来处理客户个人数据；

(b) 承认并同意，ServiceChannel 可以：

(i) 将管理数据和使用数据用于控制者目的，并且就 GDPR 和 LGPD而言，其作为控制者进行此类行为。

(ii) 收集并显示客户授权用户就客户聘请的承包商向 ServiceChannel 提交的意见、反馈和评级（“评级和评论”），并且就数据保护法而言，其作为控制者或企业进行此类使用行为。

2.2 各方应履行数据保护法项下适用于其的义务，并提供与数据保护法要求相同水平的隐私保护。

2.3 客户应确保其有关处理客户个人数据的指示符合数据保护法。客户应对客户个人数据的准确性、质量和合法性以及客户获取客户个人数据的方式承担全部责任。

2.4 如果 ServiceChannel 确定其无法再履行其在数据保护法项下的义务，ServiceChannel 应立即通知客户。

2.5 客户可采取合理和适当的措施：

(a) 确保 ServiceChannel 以符合客户在数据保护法项下义务的方式使用客户个人数据；

(b) 在发出合理通知后，停止并纠正未经授权使用客户个人数据的行为。

3. 客户个人数据的处理

3.1 ServiceChannel 只能代表并根据 MSA、本 DPA 和（为控制者目的而进行的任何处理除外）客户的书面指示来处理客户个人数据。客户指示 ServiceChannel 为以下目的处理客户个人数据：(i) 根据 MSA 和任何适用订单进行处理；(ii) 按照客户下达的其他符合 MSA 条款的合理指示进行处理。如果 ServiceChannel 无法遵循这些指示，或者如果其认为客户的指示违反了数据保护法，则 ServiceChannel 应立即通知客户。

3.2 ServiceChannel 不得：

(a) 出售或共享客户个人数据；

(b) 出于执行 MSA 中所规定服务的特定业务目的或数据保护法允许的其他目的以外的任何目的而保留、使用或披露客户个人数据；

(d) 将客户个人数据与从他人处或代表他人接收的个人数据或从其与数据主体的互动中收集的个人数据进行合并，除非数据保护法明确允许并依据数据保护法执行。

3.3 客户保证并承诺，客户个人数据不应包含以下任何一项：

(a) 揭示种族或民族起源、政治观点、宗教或哲学信仰、工会成员身份、刑事定罪的个人数据以及 GDPR 第 9 条或第 10 条中确定的任何其他特殊类别的个人数据，或根据适用的数据保护法属于敏感个人数据的个人数据；

(b) 生物特征标识符或模板；

(d) 1999 年《格雷姆-里奇-比利雷金融现代化法案》所定义并受其约束的个人身份财务信息；

(e) 国家身份识别号码（包括但不限于社会保障号码、社会保险号码、驾照或护照号码或政府颁发的其他身份识别号码）；

(f) 与 13 岁以下个人相关的信息；

(g) 1974 年《家庭教育权利和隐私法案》中定义的教育记录；

(h)《健康保险可携性和责任法案》所定义并受其约束的受保护健康信息。

4. 处理人员/ServiceChannel 人员的保密义务

4.1 ServiceChannel 应确保其授权处理客户个人数据的任何人员（“授权人员”）均按照 ServiceChannel 在本协议项下的保密义务保护客户个人数据。

4.2 ServiceChannel 应确保其处理客户个人数据的人员知悉客户个人数据的保密性，并受到保密义务的约束。

4.3 ServiceChannel 应确保对客户个人数据的访问仅限于需要进行此类访问以履行服务的人员。

5. 安全/漏洞管理和通知

5.1 ServiceChannel 应实施适当的技术和组织措施，以保护附录 2 中列出的客户个人数据的保密性、完整性和可用性。

5.2 如果 ServiceChannel 获悉任何安全漏洞，则 ServiceChannel 应立即：(i) 按照适用的数据保护法要求的时间表向客户通知安全漏洞；(ii) 调查安全漏洞并向客户提供有关安全漏洞的信息；(iii) 采取合理措施减轻安全漏洞造成的影响并最大限度减少任何损害。

5.3 一经客户要求，ServiceChannel 应向客户提供合理的协助，以协助客户履行其在数据保护法项下与 ServiceChannel 通知客户的安全漏洞相关的义务。

5.4 ServiceChannel 没有任何义务将未经授权访问客户个人数据或存储客户个人数据的任何 ServiceChannel 设备或设施的任何不成功尝试通知客户，其中包括但不限于对防火墙或边缘服务器的 Ping 攻击和其他广播攻击、端口扫描、不成功的登录尝试、拒绝服务攻击或类似事件。

5.5 安全漏洞通知（如有）应通过 ServiceChannel 选择的任何方式（包括通过电子邮件）发送给客户的一名或多名业务、技术或行政管理联系人。客户有责任确保在 ServiceChannel 的支持系统中始终保持准确的联系信息。

5.6 ServiceChannel 在本第 5 条项下的安全漏洞相关通知或回应不应解释为 ServiceChannel 承认与安全漏洞相关的任何过错或责任。

6. 子处理

6.1 客户承认并同意，(i) ServiceChannel 可将关联方任命为其子处理者；(ii) ServiceChannel 可就服务的提供聘用第三方子处理者。任何此类子处理者只能为了提供 ServiceChannel 聘用他们来提供的服务而获取客户个人数据，并且不得将客户个人数据用于任何其他目的。ServiceChannel 将签订书面协议，对子处理者规定与本协议对 ServiceChannel 规定的义务大体相类似的数据保护义务。ServiceChannel 应仍就子处理者履行其与 ServiceChannel 签订的合同项下的义务，全权向客户负责。

6.2 ServiceChannel 可继续雇用 ServiceChannel 或任何 ServiceChannel 关联方截至本协议日期已聘用的子处理者，详情请参见 https://bit.ly/SC_Subprocessors。

6.3 ServiceChannel 应在任命任何新子处理者之前提前向客户发出书面通知，包括将由子处理者执行的处理的全部详情。如果客户在收到该通知后 10 天内向 ServiceChannel 发出书面通知，就拟议的任命提出任何异议（基于合理理由），则 ServiceChannel 不应任命该拟议的子处理者，除非已采取合理措施来解决客户提出的异议，并且已向客户提供所采取的措施的合理书面解释。客户承认，在某些情况下，如果不雇用新的子处理者，则可能无法提供所有服务。

7. 受限传输

7.1 双方同意，如果从客户向 ServiceChannel 传输客户个人数据属于受限传输，则此类传输应受下述相应标准合同条款的约束：

(a) 对于受欧盟 GDPR 保护的客户个人数据，欧盟标准合同条款应在按如下方式修改后适用：

(i) 模块 2 应适用；

(ii) 在第 7 条中，可选对接条款应适用；

(iii) 在第 9 条中，选项 2 应适用，子处理者变更的提前通知期限应如本协议第 6.3 条所述；

(iv) 在第 11 条中，可选语言不应适用；

(v) 在第 17 条中，选项 1 应适用，欧盟标准合同条款应受爱尔兰法律管辖；

(vi) 在第 18(b) 条中，争议应在爱尔兰法院解决；

(vii) 欧盟标准合同条款的附录 1 应视为已包含本协议附录 1 中列出的信息；

(viii) 欧盟标准合同条款的附录 2 应视为已包含本协议附录 2 中列出的信息；

(b) 对于受英国 GDPR 保护的客户个人数据，英国附录应在按如下方式修改后适用：

(i) 本协议上面第 7.1(a) 条中所载明的欧盟标准合同条款也适用于此类客户个人数据的传输，但须受下文第 (ii) 款的约束。

(ii) 英国附录中的表 1 至 3 应视为包括欧盟标准合同条款中的相关信息、上面所载明的规定以及表 4 中的“任一方都不”选项应视为已勾选。英国附录的开始日期（已在表 1 中载明）应为本协议的日期；以及

(d) 如果本协议的任何条款直接或间接地与标准合同条款相抵触，则应以标准合同条款为准。

7.2 如果现行英国附录或欧盟标准合同条款被新的标准合同条款所替代或取代，则双方同意，此类新的标准合同条款将自动适用于从客户向 ServiceChannel 传输客户个人数据，并应视为在按上文第 7.1 条所述，在加以必要变通后修改而成。

8. 合作和数据主体的权利

8.1 在法律允许和要求的范围内，如果 ServiceChannel 收到数据主体的要求，要求行使其在数据保护法项下的权利，则 ServiceChannel 应及时通知客户。未经客户事先书面同意，ServiceChannel 不得对任何此类数据主体的要求作出响应，除非是为了确认该要求是否与客户相关。

8.2 在法律允许的范围内，如果客户在使用或接收服务时，未能按照数据保护法的要求访问、更正、限制、阻止或删除客户个人数据，则 ServiceChannel 应尽商业上合理的努力，满足客户为了便于采取此类行动而提出的任何合理要求。

8.3 如果数据保护法要求进行任何数据保护影响评估，则 ServiceChannel 应就此向客户提供合理的配合（费用由客户承担）。

9. 终止；删除或归还数据

9.1 本协议应在 ServiceChannel 删除或匿名化所有客户个人数据后自动终止。

9.2 MSA 终止或到期后，ServiceChannel 应：

(a) 应客户的要求，在 MSA 到期后三十 (30) 天内（“保留期限”），ServiceChannel 可自行选择按照客户要求的常用格式提供所有客户个人数据的副本，或提供允许客户下载此类客户个人数据的自助功能；

(b) 在保留期限到期时，删除 ServiceChannel 或其任何子处理者处理的客户个人数据的所有副本，但以下数据除外：

(i) 为控制者目的而处理的任何管理数据或使用数据，或根据适用法律 ServiceChannel 需要保留的任何客户个人数据；

(ii) 存档在备份系统上的客户个人数据，除非法律要求，否则在可能进行删除之前，ServiceChannel 应将其安全地隔离并防止对其进行任何进一步的处理。

10. 审核

10.1 客户可以在 ServiceChannel 作为处理者的范围内审核 ServiceChannel 对本 DPA 的遵守情况。双方同意，所有此类审核应按如下要求进行：

(a) 每年不超过一次，除非为了遵守数据保护法而需要或对客户个人数据的处理有管辖权的监管机构要求进行更频繁的审核；

(b) 需提前两周书面通知 ServiceChannel；

(d) 以不会严重干扰 ServiceChannel 的业务或运营的方式进行。

10.2 对于根据第 10.1 条进行的任何审核：

(a) 客户可聘请第三方审核人员代表其进行审核，但如果此类第三方审核人员是 ServiceChannel 的竞争对手，则 ServiceChannel 可合理反对聘请第三方审核人员进行审核；

(b) 除非且直至双方根据第 10.3 条书面同意此类审核的范围、时间安排和补偿费率，否则 ServiceChannel 无需为任何审核提供便利或协助。

10.3 客户应按双方约定的费率，就任何此类审核所花费的任何时间向 ServiceChannel 提供补偿。在开始任何此类审核之前，客户与 ServiceChannel 应就审核的范围、开始时间和持续时间达成一致，此外还应就客户应负责的补偿费率达成一致。所有补偿费率均应合理，考虑到 ServiceChannel 耗费的资源。客户应及时向 ServiceChannel 告知在审核过程中发现的任何不符合项。

10.4 客户确认，独立的第三方审核人员会根据 SSAE 18 SOC 1 标准定期对 ServiceChannel 进行审核。ServiceChannel 应根据要求向客户提供或为回应任何审核要求而可能向客户提供其审核报告的一份摘要副本，该报告应受 MSA 保密条款的约束。如果 ServiceChannel 提供的审核报告中涉及客户要求进行的审核，则客户同意接受此类报告，以代替对相关报告涵盖的控制措施进行实物审核。

11. 责任限制

本 DPA 受 MSA 中的责任限制和免责声明的约束。

12. 本协议双方

除标准合同条款中规定的情况之外，本 DPA 中的任何内容均不得向本 DPA 双方以外的任何人员或实体授予任何权益或权利。

13. 法律效力

本 DPA 是 MSA 的补充和组成部分。

14. 一般规定

14.1 除纳入本 DPA 的标准合同条款外，本 DPA 应在各方面受 MSA 中的适用法律和司法管辖区条款的约束，并在各方面据此解释；但前提是，如果 MSA 与本 DPA 在个人数据处理方面存在冲突之处，则应以本 DPA 为准。

14.2 本协议可签署任意数量的副本，每份副本均应视为正本，且所有副本均证明双方达成了本协议。

14.3 除非本 DPA 另有规定，否则 MSA 应保持完全的效力。

附录 1

A. 相关各方名单

	名称	地址	联系人的姓名、职位和联系方式	与所传输的数据相关的活动	角色
数据输出者	客户（如 MSA 中所述）	如 MSA 中所述	如 MSA 中所述	服务的接收	控制者
数据输入者	ServiceChannel.com, Inc.	30 Patewood Dr Building 2, Suite 350, Greenville, SC 29615	Brian Chase，总法律顾问，[email protected]	服务的提供	处理者

B. 传输说明

数据主体	个人数据的类别	敏感个人数据	传输频率	处理的性质和目的
客户的授权用户	姓名、电子邮箱地址、业务地址、访问凭证。	无	持续	向客户的授权用户授予对服务的访问权限。
客户的授权用户	姓名、电子邮箱地址、电话号码、业务地址。	无	持续	促进客户的授权用户与客户通过服务签约的人员（“承包商”）之间的联系
客户的授权用户承包商人员	通过服务要求提供的设施管理服务、要求的日期和时间。	无	持续	向承包商提交设施管理服务请求。
客户的授权用户承包商人员	姓名、所提供的设施管理服务、提供服务的日期和地点。	无	持续	维护客户订购并完成的设施管理服务记录。
承包商人员	客户授权用户提交的姓名和联系方式（电话号码和电子邮箱地址）。	无	持续	促进客户的授权用户与其在承包商处的主要联系人之间的联系。
客户的授权用户	支持查询	无	持续	提供技术支持。
客户的授权用户	日志数据	无	持续	提供对服务的访问权限。

保留

处理持续时间将与提供 MSA 项下服务的持续时间相同。

子处理者

详情请参见 https://bit.ly/SC_Subprocessors

C. 主管监管机构

爱尔兰数据保护专员

附录 2

安全措施

ServiceChannel 应始终对以下商业上合理的传输安全措施负责：

传输安全措施	实施的措施
个人数据的匿名化和加密措施	匿名化 · 字符掩蔽 · 交换 · k-匿名算法加密 · 使用业界标准算法和证书，为每个登录界面上（使用 TLS 1.2 或更高版本）传输中的数据进行 HTTPS 加密。 · 使用业界标准的 AES-256 算法加密静态数据
始终确保处理系统和服务的保密性、完整性、可用性与恢复性的措施	保密性 · 虚拟专用网 (VPN) · 多因素身份验证 (MFA) · 基于安全组和访问控制列表的差异化权限系统。 · 使用 TLS 1.2（或更高版本）的安全传输凭证 · 密码必须达到规定的最低复杂程度。首次登录后必须更改初始密码。 · 自动锁定账户 · 密码处理准则 · 云服务提供商托管的基础设施的访问控制措施 · 访问权管理，包括授权概念、实施访问限制、实施“需知”原则、管理个人访问权。 · 为内部人员和外部人员提供培训和保密协议 · 网络分离 · 责任与义务分离 · 按照“需知”原则，并根据创建差异化访问配置文件所需的基础功能，仅向参与数据处理的相关方开放个人数据的访问权限。完整性 · 通过防火墙等确保安全的网络互连。 · 记录来自存储或处理个人数据的 IT 系统的数据的传输情况 · 记录身份验证和受监控的逻辑系统访问 · 记录个人数据访问，包括但不限于个人数据访问、修改、输入和删除 · 书面记录个人数据输入权利以及安全相关条目的日志记录 · 网络应用程序防火墙 (WAF) 可用性和恢复性 · 将客户个人数据备份到多个非易失性数据仓库，并在多个可用区域之间复制。 · 保护存储数据的备份介质
在发生物理或技术事件时确保能够及时恢复个人数据的可用性与可访问性的措施	· 连续性规划和灾难恢复计划 · 恢复数据和流程的灾难恢复流程 · 恢复时间目标 (RTO) · 恢复点目标 (RPO) · 可承受的最长停机时间 (MTD) · 监控系统资源消耗以及规划未来资源需求的能力管理措施。 · 处理和报告事件（事件管理）的程序，包括发现和应对可能的安全事件。 · 生产性数据以增量形式每小时备份一次，每天全面备份所有生产性数据。所有备份均以冗余和加密方式保存 (AES-256)。
制定流程，以定期测试、评估及评价技术和组织措施在确保处理的安全性方面的有效性	· 应急设备测试 · 界面和个人数据字段的书面记录 · 内部和外部审核 · 由外部方进行的安全检查（例如渗透测试） · SOC 1 和 SOC 2 审核 · 定期根据行业标准（例如 SANS 网上发布的 20 大互联网安全控制措施、NIST 准则等）进行基准校验和测试。
用户身份识别和授权措施	· 通过 VPN、MFA、防火墙等确保安全的网络互连。 · 记录来自存储或处理个人数据的 IT 系统的数据的传输情况 · 记录身份验证和受监控的系统访问 · 按照“需知”原则，通过相应的角色和授权概念，在系统和应用程序中确保对执行特定任务所需的数据的访问。 · 网络应用程序防火墙 (WAF)
在传输期间保护个人数据的措施	· 通过 VPN 隧道和端到端加密来远程访问网络 · 传输中数据的 HTTPS 加密（使用 TLS 1.2 或更高版本）
在存储期间保护个人数据的措施	· 通过日志文件记录的系统输入 · 访问控制列表 (ACL) · 多因素身份验证 (MFA)
确保处理个人数据所在位置的物理安全的措施	· 将设施细分为具有不同访问授权的单独区域； · 出入防护（例如钢制门、无窗房间或安全窗户）； · 用于保护安全区域的电子门禁系统； · 由安全部门进行的设施监控以及设施出入记录； · 对所有与安全相关的安全区域（例如入口、紧急出口和服务器室）进行视频监控； · 访问授权的集中分配和撤销； · 通过验证所有来访者的身份证和登记情况来识别其身份（保留来访者记录）； · 必须在安全区域内对所有员工和来访者进行身份识别； · 来访者必须始终有员工陪同。
确保事件记录的措施	· 远程记录 · 散列链 · 复制 · 中央安全事件和信息管理 (SIEM) 系统
确保系统配置（包括默认配置）的措施	· 访问控制政策和程序 · 基线配置识别 · 配置规划和管理 · 配置变更管理 · 配置状态报告 · 配置验证和审核 · 移动设备管理
内部 IT 和 IT 安全治理与管理措施	· 确定并指定专门负责监督公司信息安全和合规计划的人员 · SOC 1 和 SOC 2 审核
流程和产品的认证/保证措施	· 信息安全或质量管理认证，例如 SSAE 18 类型 2 SOC 1 和 SSAE18 类型 2 SOC 2
确保个人数据最少化的措施	· 对在未经授权的情况下链接独立个人数据来源的技术壁垒措施。 · 限制个人数据处理中使用的数据的详细程度：例如，通过 k-匿名算法和混淆等技术来限制。 · 删除对于追求的目标来说并非必要的某些流程中生成的元数据。
确保个人数据质量的措施	· 行使数据保护权利的流程（信息修改和更新权） · 对所有个人数据条件和情景的要求做明确记录 · 按照“需知”原则，并根据创建差异化访问配置文件所需的基础功能，仅向参与数据处理的相关方开放个人数据的访问权限。对输入个人数据进行严格的数据剖析和控制 · 避免重复个人数据的数据管道设计 · 质量保证团队 · 确保数据完整性
确保仅保留有限个人数据的措施	· 有明确的保留时间表和保留政策 · 有效性测试
确保问责制的措施	· 分配责任，以确保最终用户在整个产品生命周期以及整个相关业务过程中的隐私。 · 将数据保护影响评估作为任何新处理措施不可分割的一部分。 · 从“隐私设计思维”的角度书面记录组织内通过的所有决策。
允许个人数据迁移和确保删除的措施	· 与用户行使其隐私权（例如删除权或数据迁移权）相关的书面流程 · 使用开放格式，例如 CSV、XML 或 JSON。
为敏感数据采用限制或保障措施（如适用）	· 对特殊类别数据进行加密或散列化；虽然法律中未明确要求，但应将这一措施作为一种规范

EXHIBIT I – STANDARD CONTRACTUAL CLAUSES

(本附件所列标准合同条款的措辞由葡萄牙国家数据保护局 (ANPD) 根据第 19/2024 号决议确定，因此双方不得对其进行调整、修改或协商。ServiceChannel 仅提供 ANPD 官方发布的标准合同条款版本，即葡萄牙语原文和 ANPD 发布的英文译本。根据行业惯例，我们提供指向官方葡萄牙语版本的链接，但仅依赖 ANPD 的英文译本。为确保标准合同条款的法律含义和立法意图与 ANPD 的制定保持一致，我们不将其翻译成任何其他语言。)

SECTION I – GENERAL INFORMATION

CLAUSE 1. PARTIES’ IDENTIFICATION

1.1. Under this contractual deed, the Parties identified in the Data Processing Agreement, acting either as Exporter or Importer, agree to adopt the standard contractual clauses (hereinafter, Clauses) approved by the Brazilian National Data Protection Authority (ANPD), to govern International Data Transfers, as described in CLAUSE 2, according to the Brazilian Legislation.

CLAUSE 2. SUBJECT

2.1. These Clauses shall apply to all International Data Transfers by the Exporter to the Importer. The main purposes of the transfer, the categories of the personal data transferred, the retention period, and other information concerning the transfer are described in the Data Processing Agreement.

CLAUSE 3. SUBSEQUENT TRANSFERS

3.1. The Importer may carry out Onward Transfers of the Personal Data subject to the International Data Transfer governed by these Clauses under the conditions described below and provided that the provisions of CLAUSE 18 are observed.

CLAUSE 4. PARTIES’ RESPONSIBILITIES

4.1. Without prejudice to the duty to provide mutual assistance or to the Parties’ general obligations, it will be incumbent upon the Designated Party as established below, in its capacity as Controller, to carry out the following obligations as set out in these Clauses:

a) Party responsible for publishing the document referenced in CLAUSE 4;

(X) Exporter ( ) Importer

b) Party responsible for responding to requests by the data subjects as referenced in CLAUSE 15:

(X) Exporter ( ) Importer

c) Party responsible for communicating a security incident as described in CLAUSE 16:

(X) Exporter ( ) Importer

4.2. For the purposes of these Clauses, if it is subsequently determined that the Designated Party, as established in item 4.1., works as a Processor, the Controller will remain responsible:

a) for the execution of the obligations established in Sections 14, 15, and 16, and in any other provisions of the Brazilian Legislation, especially if the Designated Party neglects or fails to perform its obligations;

b) for the compliance with all ANPD requirements; and

c) for the assurance of the Data Subjects’ rights and the compensation of any damages caused, subject to the terms of CLAUSE 17.

4.3. If the Exporter is deemed to be the Controller, as referenced in item 4.2, it will be incumbent upon the Exporter to carry out the obligations established in CLAUSES 14, 15, and 16.

4.4. Except as provided in items 4.2. and 4.3, the provisions of CLAUSES 14, 15, and 16 shall not apply to the Parties in their capacities as Processors.

4.5. Under any circumstance, the Parties shall furnish all the information available to them, which are seemingly necessary to allow the Third-Party Controller to adhere to ANPD requirements and to properly perform the obligations established under the Brazilian Legislation concerning transparency, the assurance of the rights of data subjects, and the communication of security incidents to the ANPD.

4.6. The Parties shall mutually assist each other in responding to any requests by the Data Subjects.

4.7. If a request is received from a Data Subject, the applicable Party shall:

a) respond to the request, when it possesses the information needed to do so;

b) inform the Data Subject of the service channel provided by the Third-Party Controller; or

c) forward the request to the Third-Party Controller as soon as possible, to enable a response within the timeframe established under the Brazilian Legislation.

4.8. The Parties shall keep a record of security incidents involving personal data, according to the terms of the Brazilian Legislation.

SECTION II – MANDATORY CLAUSES

CLAUSE 5. Purpose

5.1. These Clauses are presented as a mechanism to enable the secure international flow of personal data, establish minimum guarantees and valid conditions for carrying out the International Data Transfer and aim to guarantee the adoption of adequate safeguards for compliance with the principles, the rights of the Data Subject and the data protection regime provided for in National Legislation.

CLAUSE 6. Definitions

6.1. For the purposes of these Clauses, the definitions in art. 5 of LGPD, and art. 3 of the Regulation on the International Transfer of Personal Data shall be considered, without prejudice to other normative acts issued by ANPD. The Parties also agree to consider the terms and their respective meanings as set out below:

a) Processing agents: the controller and the processor;

b) ANPD: National Data Protection Authority;

c) Clauses: the standard contractual clauses approved by ANPD, which are part of SECTIONS I, II and III;

d) Related Contract: contractual instrument signed between the Parties or, at least, between one of them and a third-party, including a Third-Party Controller, which has a common purpose, link or dependency relationship with the contract that governs the International Data Transfer;

e) Controller: Party or third-party (“Third Controller”) responsible for decisions regarding the processing of Personal Data;

f) Personal Data: information related to an identified or identifiable natural person;

g) Sensitive Personal Data: personal data on racial or ethnic origin, religious belief, political opinion, affiliation to trade unions or to a religious, philosophical or political organization, data regarding health or sexual life, genetic or biometric data, whenever related to a natural person;

h) Erasure: exclusion of data or dataset from a database, regardless of the procedure used;

I) Exporter: processing agent, located in the national territory or in a foreign country, who transfers personal data to the Importer;

j) Importer: processing agent, located in a foreign country, who receives personal data from the Exporter;

k) National Legislation: set of Brazilian constitutional, legal and regulatory provisions regarding the protection of Personal Data, including the LGPD, the International Data Transfer Regulation and other normative acts issued by ANPD;

l) Arbitration Law: Law No. 9,307, of September 23, 1996;

m) Security Measures: technical and administrative measures able to protect Personal Data from unauthorized access and from accidental or unlawful events of destruction, loss, alteration, communication or dissemination;

n) Research Body: body or entity of the government bodies or associated entities or a non-profit private legal entity legally established under Brazilian laws, having their headquarter and jurisdiction in the Brazilian territory, which includes basic or applied research of historical, scientific, technological or statistical nature in its institutional mission or in its corporate or statutory purposes;

o) Processor: Party or third-party, including a Sub-processor, which processes Personal Data on behalf of the Controller;

p) Designated Party: Party or a Third-Party Controller, under the terms of CLAUSE 4, designated to fulfill specific obligations regarding transparency, Data Subjects’ rights and notifying security incidents;

q) Parties: Exporter and Importer;

r) Access Request: request for mandatory compliance, by force of law, regulation or determination of public authority, to grant access to the Personal Data subject to the International Data Transfer governed by these Clauses;

s) Sub-processor: processing agent hired by the Importer, with no link with the Exporter, to process Personal Data after an International Data Transfer;

t) Third-Party Controller: Personal Data Controller who authorizes and provides written instructions for the carrying out of the International Data Transfer between Processors governed by these Clauses, on his behalf, pursuant to CLAUSE 4 (“Option B”);

u) Data Subject: natural person to whom the Personal Data which are subject to the International Data Transfer governed by these Clauses relate;

v) Transfer: processing modality through which a processing agent transmits, shares or provides access to Personal Data to another processing agent;

w) International Data Transfer: transfer of Personal Data to a foreign country or to an international organization which Brazil is a member of; and

x) Onward Transfer: transfer of Personal Data, within the same country or to another country, by an Importer to a third-party, including a Sub-processor, provided that it does not constitute an Access Request.

CLAUSE 7. Applicable legislation and ANPD supervision

7.1. The International Data Transfer subject to these Clauses shall subject to the National Legislation and to the supervision of ANPD, including the power to apply preventive measures and administrative sanctions to both Parties, as appropriate, as well as the power to limit, suspend or prohibit the international transfers arising from this agreement or a Related Contract.

CLAUSE 8. Interpretation

8.1. Any application of these Clauses shall occur in accordance with the following terms:

a) these Clauses shall always be interpreted more favorably to the Data Subject and in accordance with the provisions of the National Legislation;

b) in case of doubt about the meaning of any term in these Clauses, the meaning which is most in line with the National Legislation shall apply;

c) no item in these Clauses, including a Related Agreement and the provisions set forth in SECTION IV, shall be interpreted as limiting or excluding the liability of any of the Parties in relation to obligations set forth in the National Legislation; and

d) provisions of SECTIONS I and II shall prevail in case of conflict of interpretation with additional clauses and other provisions set forth in SECTIONS III and IV of this agreement or in Related Agreements.

CLAUSE 9. Docking Clause

9.1. By mutual agreement between the Parties, it shall be possible for a processing agent to adhere to these Clauses, either as a Data Exporter or as a Data Importer, by completing and signing a written document, which shall form part of this contract.

9.2. The acceding party shall have the same rights and obligations as the originating parties, according to the position assumed of Exporter or Importer and according to the corresponding category of treatment agent.

CLAUSE 10. General obligations of the Parties

10.1. The Parties undertake to adopt and, when necessary, demonstrate the implementation of effective measures capable of demonstrating observance of and compliance with the provisions of these Clauses and the National Legislation, as well as with the effectiveness of such measures and, in particular:

a) use the Personal Data only for the specific purposes described in CLAUSE 2, with no possibility of subsequent processing incompatible with such purposes, subject to the limitations, guarantees and safeguards provided for in these Clauses;

b) guarantee the compatibility of the processing with the purposes informed to the Data Subject, according to the processing activity context;

c) limit the processing activity to the minimum required for the accomplishment of its purposes, encompassing pertinent, proportional and non- excessive data in relation to the Personal Data processing purposes;

d) guarantee to the Data Subjects, subject to the provisions of CLAUSE 4:

(d.1.) clear, accurate and easily accessible information on the processing activities and the respective processing agents, with due regard for trade and industrial secrecy;

(d.2.) facilitated and free of charge consultation on the form and duration of the processing, as well as on the integrity of their Personal Data; and

(d.3.) accuracy, clarity, relevance and updating of the Personal Data, according to the necessity and for compliance with the purpose of their processing;

e) adopt the appropriate security measures compatible with the risks involved in the International Data Transfer governed by these Clauses;

f) not to process Personal Data for abusive or unlawful discriminatory purposes;

g) ensure that any person acting under their authority, including sub-processors or any agent who collaborates with them, whether for reward or free of charge, only processes data in compliance with their instructions and with the provisions of these Clauses;

h) keep a record of the Personal Data processing operations of the International Data Transfer governed by these Clauses, and submit the relevant documentation to ANPD, when requested.

CLAUSE 11. Sensitive personal data

11.1. If the International Data Transfer involves Sensitive Personal Data, the Parties shall apply additional safeguards, including specific Security Measures which are proportional to the risks of the processing activity, to the specific nature of the data and to the interests, rights and guarantees to be protected, as described in SECTION III.

CLAUSE 12. Personal data of children and adolescents

12.1. In case the International Data Transfer governed by these Clauses involves Personal Data concerning children and adolescents, the Parties shall implement measures to ensure that the processing is carried out in their best interest, under the terms of the National Legislation and relevant instruments of international law.

CLAUSE 13. Legal use of data

13.1. The Exporter guarantees that Personal Data has been collected, processed and transferred to the Importer in accordance with the National Legislation.

CLAUSE 14. Transparency

14.1. The Designated Party shall publish, on its website, a document containing easily accessible information written in simple, clear and accurate language on the conduction of the International Data Transfer, including at least information on:

a) the form, duration and specific purpose of the international transfer;

b) the destination country of the transferred data;

c) the Designated Party’s identification and contact details;

d) the shared use of data by the Parties and its purpose;

e) the responsibilities of the agents who shall conduct the processing;

e) the Data Subject’s rights and the means for exercising them, including an easily accessible channel made available to respond to their requests, and the right to file a petition against the Exporter and the Importer before ANPD; and

g) Onward Transfers, including those relating to recipients and to the purpose of such transfer.

14.2. The document referred to in item 14.1. shall be made available on a specific website page or integrated, in a prominent and easily accessible format, to the Privacy Policy or equivalent document.

14.3. Upon request, the Parties shall make a copy of these Clauses available to the Data Subject free of charge, complying with trade and industrial secrecy.

14.4. All information made available to Data Subjects, under the terms of these Clauses, shall be written in Portuguese.

CLAUSE 15. Rights of the data subject

15.1. The Data subject shall have the right to obtain from the Designated Party, as regards the Personal Data subject to the International Data Transfer governed by these Clauses, at any time, and upon request, under the terms of the National Legislation:

a) confirmation of the existence of processing;

b) access to data;

c) correction of incomplete, inaccurate or outdated data;

d) anonymization, blocking or erasure of unnecessary or excessive data or data processed in noncompliance with these Clauses and the provisions of National Legislation;

e) portability of data to another service or product provider, upon express request, in accordance with ANPD regulations, complying with trade and industrial secrecy;

f) erasure of Personal Data processed under the Data Subject’s consent, except for the events provided in CLAUSE 20;

g) information on public and private entities with which the Parties have shared data;

h) information on the possibility of denying consent and on the consequences of the denial;

i) withdrawal of consent through a free of charge and facilitated procedure, remaining ratified the processing activities carried out before the request for elimination;

j) review of decisions taken solely on the basis of automated processing of personal data affecting their interests, including decisions aimed at defining their personal, professional, consumer and credit profile or aspects of their personality; and

k) information on the criteria and procedures adopted for the automated decision.

15.2. Data subject may oppose to the processing based on one of the events of waiver of consent, in case of noncompliance with the provisions of these Clauses or National Legislation.

15.3. The deadline for responding to the requests provided for in this Clause and in item 14.3. is 15 (fifteen) days from the date of the data subject’s request, except in the event of a different deadline established in specific ANPD regulations.

15.4. In case the Data Subject’s request is directed to the Party not designated as responsible for the obligations set forth in this Clause or in item 14.3., the referred Party shall: a) inform the Data Subject of the service channel made available by the Designated Party; or b) forward the request to the Designated Party as early as possible, to enable the response within the period provided in item 15.2.

15.5. The Parties shall immediately inform the Data Processing Agents with whom they have shared data with the correction, deletion, anonymization or blocking of the data, for them to follow the same procedure, except in cases where this communication is demonstrably impossible or involves a disproportionate effort.

15.6. The Parties shall promote mutual assistance to respond to the Data Subjects’ requests.

CLAUSE 16. Security Incident Reporting

16.1. The Designated Party shall notify ANPD and the Data Subject, within 3 (three) working days of the occurrence of a security incident that may entail a relevant risk or damage to the Data Subjects, according to the provisions of National Legislation.

16.2. The Importer must keep a record of security incidents in accordance with National Legislation.

CLAUSE 17. Liability and compensation for damages

17.1. The Party which, when performing Personal Data processing activities, causes patrimonial, moral, individual or collective damage, for violating the provisions of these Clauses and of the National Legislation, shall compensate for it.

17.2. Data Subject may claim compensation for damage caused by any of the Parties as a result of a breach of these Clauses.

17.3. The defense of Data Subjects’ interests and rights may be claimed in court, individually or collectively, in accordance with the provisions in relevant legislation regarding the instruments of individual and collective protection.

17.4. The Party acting as Processor shall be jointly and severally liable for damages caused by the processing activities when it fails to comply with these Clauses or when it has not followed the lawful instructions of the Controller, except for the provisions of item 17.6.

17.5. The Controllers directly involved in the processing activities which resulted in damage to the Data Subject shall be jointly and severally liable for these damages, except for the provisions of item 17.6.

17.6. Parties shall not be held liable if they have proven that: a) they have not carried out the processing of Personal Data attributed to them; b) although they did carry out the processing of Personal Data attributed to them, there was no violation of these Clauses or National Legislation; or c) the damage results from the sole fault of the Data Subject or of a third party which is not a recipient of the Onward Transfer or not subcontracted by the Parties.

17.7. Under the terms of the National Legislation, the judge may reverse the burden of proof in favor of the Data Subject whenever, in his judgement, the allegation is credible, there is a lack of sufficient evidence or when the Data Subject would be excessively burdened by the production of evidence.

17.8. Judicial proceedings for compensation for collective damages which intend to establish liability under the terms of this Clause may be collectively conducted in court, with due regard for the provisions in relevant legislation.

17.9. The Party which compensates the damage to the Data Subject shall have a right of recourse against the other responsible parties, to the extent of their participation in the damaging event.

CLAUSE 18. Safeguards for Onward Transfers

18.1. The Importer shall only carry out Onward Transfers of Personal Data subject to the International Data Transfer governed by these Clauses if expressly authorized, in accordance with the terms and conditions described in CLAUSE 3.

18.2. In any case, the Importer:

a) shall ensure that the purpose of the Onward Transfer is compatible with the specific purposes described in CLAUSE 2;

b) shall guarantee, by means of a written contractual instrument, that the safeguards provided in these Clauses shall be ensured by the third-party recipient of the Onward Transfer; and

c) for the purposes of these Clauses, and regarding the Personal Data transferred, shall be considered responsible for any eventual irregularities committed by the third-party recipient of the Onward Transfer.

18.3. The Onward Transfer shall also be carried out based on another valid modality of International Data Transfer provided in National Legislation, regardless of the authorization referred to in CLAUSE 3.

CLAUSE 19. Access Request Notification

19.1. The Importer shall notify the Exporter and the Data Subject of any Access Request related to the Personal Data subject to the International Data Transfer governed by these Clauses, except in the event that notification is prohibited by the law of the country in which the data is processed.

19.2. The Importer shall implement the appropriate legal measures, including legal actions, to protect the rights of the Data Subjects whenever there is adequate legal basis to question the legality of the Access Request and, if applicable, the prohibition of issuing the notification referred to in item 19.1.

19.3. To comply with both the ANPD’s and the Exporter’s requests, the Importer shall keep a record of Access Requests, including date, requester, purpose of the request, type of data requested, number of requests received, and legal measures implemented.

CLAUSE 20. Termination of processing and erasure of data

20.1. Parties shall erase the personal data subject to the International Data Transfer governed by these Clauses after the ending of their processing, being their storage authorized only for the following purposes:

a) compliance with a legal or regulatory obligation by the Controller;

b) study by a Research Body, guaranteeing, whenever possible, the anonymization of personal data;

c) transfer to a third-party, upon compliance with requirements set forth in these Clauses and in the National Legislation; and

d) exclusive use of the Controller, being the access by a third-party prohibited, and provided data have been anonymized.

20.2. For the purposes of this Clause, processing of personal data shall cease when:

a) the purpose set forth in these Clauses has been achieved;

b) Personal Data are no longer necessary or pertinent to attain the intended specific purpose set forth in these Clauses;

c) at the termination of the treatment period;

d) Data Subject’s request is met; and

e) at the order of ANPD, upon violation of the provisions of these Clauses or National Legislation.

CLAUSE 21. Data processing security

21.1. Parties shall implement Security Measures which guarantee sufficient protection of the Personal Data subject to the International Data Transfer governed by these Clauses, even after its termination.

21.2. Parties shall inform, in SECTION III, the Security Measures implemented, considering the nature of the processed information, the specific characteristics and the purpose of the processing, the technology current state and the probability and severity of the risks to the Data Subjects’ rights, especially in the case of sensitive personal data and that of children and adolescents.

21.3. The Parties shall make the necessary efforts to implement periodic evaluation and review measures to maintain the appropriate level of data security.

CLAUSE 22. Legislation of country of destination

22.1. The Importer declares that it has not identified any laws or administrative practices of the country receiving the Personal Data that prevent it from fulfilling the obligations assumed in these Clauses.

22.2. In the event of a regulatory change which alters this situation, the Importer shall immediately notify the Exporter to assess the continuity of the contract.

CLAUSE 23. Non-compliance with the Clauses by the Importer

23.1. In the event of a breach in the safeguards and guarantees provided in these Clauses or being the Importer unable to comply with any of them, the Exporter shall be immediately notified, subject to the provisions in item 19.1.

23.2. Upon receiving the communication referred to in item 23.1 or upon verification of non-compliance with these Clauses by the Importer, the Exporter shall implement the relevant measures to ensure the protection of the Data Subjects’ rights and the compliance of the International Data Transfer with the National Legislation and these Clauses, and may, as appropriate:

a) suspend the International Data Transfer;

b) request the return of the Personal Data, its transfer to a third-party, or its erasure; and

c) terminate the contract.

CLAUSE 24. Choice of forum and jurisdiction

24.1. Brazilian legislation applies to these Clauses and any controversy between the Parties arising from these Clauses shall be resolved before the competent courts in Brazil, observing, if applicable, the forum chosen by the Parties in Section IV.

24.2. Data Subjects may file lawsuits against the Exporter or the Importer, as they choose, before the competent courts in Brazil, including those in their place of residence.

24.3. By mutual agreement, Parties may use arbitration to resolve conflicts arising from these Clauses, provided that the procedure is carried out in Brazil and in accordance with the provisions of the Arbitration Law.

SECTION III – Security Measures

The governance and internal process oversight measures, as well as the technical and administrative security measures to ensure the safety of operations such as data collection, transmission, and storage, are already described in the Data Processing Agreement.

English Deutsch Español Français (France) 中文(简体) Slovenščina Italiano Magyar