批注[RL1]###发布隐私政策是个  
人信息控制者遵循公开透明原则的  
重要体现,是保证个人信息主体知  
情权的重要手段,还是约束自身行  
为和配合监督管理的重要机制。隐  
私政策应清晰、准确、完整描述  
个人信息控制者的个人信息处理行  
为。  
Privacy Policy  
Our privacy policy came into effect on xx/xx/20xx. This privacy policy can provide privacy  
details on how we manage the personal information you disclose when using all AA products and  
services.  
If you have any questions, opinions or suggestions, please feel free to contact us through the  
following methods:  
E-mail:  
在要求用户同意此政策时,不得默  
认勾选,必须让用户主动勾选。  
Telephone:  
Fax:  
批注[RL2]1.请填写为上线时间  
2.请将 AA 替换为具体产品的名字  
This policy will help you understand the following:  
1
2
3
4
5
6
7
8
. How do we collect and apply your personal information  
. How do we use cookies and similar technologies  
. How do we share, transfer, and publicly disclose your personal information  
. How do we protect your personal information  
. Your rights  
批注[ZX3]:均需要补充。  
. How do we handle children's personal information  
. How can your personal information be transferred globally  
. How to update this policy  
How to contact us  
[Company Name] (hereinafter referred to as "XX" or "we") understands the importance of  
1.批注[RL4]:请补充完整公司的  
personal information to you and will do its utmost to protect the security and reliability of your  
personal information. We are committed to maintaining your trust in us, adhering to the following  
principles, and protecting your personal information: the principle of consistency of rights and  
responsibilities, the principle of clear purpose, the principle of selective consent, the principle of  
minimum sufficiency, the principle of ensuring security, the principle of subject participation, and  
全称  
2.请将 XX 替换为公司的简称,下  
the principle of openness and transparency.  
Meanwhile, XX promises that we will adopt  
corresponding security measures in accordance with mature industry security standards to protect  
your personal information.  
批注[RL5]:请注意:按照此定  
义,可以识别到特定个人的信息均  
属于个人信息,因此,如果使用设  
备需要使用账号登陆,那么设备信  
息,比如设备的型号、IP 地址、  
MAC 地址、WIFI 名称等在日常一般  
被视为非个人信息,此时也属于个  
人信息。关于更多个人信息的举  
例,请参见附录 A  
Please read and understand this Privacy Policy carefully before using our products (or services).  
How do we collect and use your personal information  
Personal information refers to various types of information recorded electronically or in other  
ways that can be used alone or in combination with other information to identify the identity of a  
specific natural person or reflect the activities of a specific natural person. XX will only collect and  
use your personal information for the following purposes as described in this policy:  
批注[ZX6]此为所提供服务大  
类。下述每个业务功能项为小类,  
请确保按照类别清晰列举。  
1 Provide you with online shopping services [Note: Example]  
1. Business Function 1: Register as a user.  
To complete the account creation, you need to provide the following information: your name,  
email address, username and password created.  
批注[ZX7]:1.明确描述哪些类型的  
During the registration process, providing the following additional information will help us  
provide you with better service and experience: phone number, job position, company, educational  
background, etc. But if you do not provide this information, it will not affect the basic functionality  
of using this product/service.  
The above information you provide will continue to authorize us to use it during your use of this  
service. When you cancel your account, we will stop using and delete the above information.  
The above information will be stored within the territory of the People's Republic of China. If  
cross-border transmission is required, we will separately obtain your authorization and consent.  
批注[ZX8]:1.使用个人信息时,是  
批注[ZX9]如果数据有特定的保  
批注[ZX10]:说明个人信息在使用  
2
. Business Function 2: Product Display, Personalized Recommendations, and Sending  
Promotional Marketing Information.  
omitted)  
. Business Function Three: Communicate and interact with sellers.  
omitted)  
. Business Function Four: Payment and Settlement.  
omitted)  
2 Delivery of products or services [Note: Example]  
omitted)  
3Conduct internal audits, data analysis, and research to improve our products or services.  
Note: Example]  
omitted)  
(
3
(
4
(
(
批注[ZX11]:下同。  
[
(
4)  
……  
When we use information for purposes not specified in this policy, or when we use information  
collected for specific purposes for other purposes, we will seek your consent in advance.  
批注[ZX12]:必须保留,且必须做  
How do we use cookies and similar technologies  
批注[RL13]:1.对于本节,如果个  
批注[RL14]1. 请添加官网地址  
1Cookie  
To ensure the website http://example.aa.com Normally, we will store small data files  
called cookies on your computer or mobile device. Cookies typically contain identifiers, site names,  
as well as some numbers and characters. With the help of cookies, websites can store data such as  
your preferences or items in your shopping basket.  
We will not use cookies for any purposes other than those stated in this policy. You can  
manage or delete cookies according to your preferences. For more details, please refer to  
AboutCookies.org. You can clear all cookies saved on your computer, and most web browsers  
have a feature to block cookies. But if you do so, you will need to personally change the user  
settings every time you visit our website. To learn more about how to change browser settings,  
please visit the following links:<Internet Explorer>,<Google Chrome>,<Mozilla Firefox>,<Safari>,  
and<Opera>.  
批注[RL15]向用户提供限制自动  
批注[RL16]请问针对常见浏览器  
批注[ZX17]:请根据实际情况做调  
2 Website beacons and pixel tags  
In addition to cookies, we also use other similar technologies such as website beacons and pixel  
tags on our website. For example, the email we send you may contain a click URL that links to the  
content of our website. If you click on the link, we will track this click to help us understand your  
product or service preferences and improve customer service. A website beacon is typically a  
transparent image embedded in a website or email. By using pixel tags in emails, we can determine  
whether the email has been opened. If you do not want your activities to be tracked in this way, you  
can unsubscribe from our mailing list at any time.  
3 Do Not Track  
批注[ZX18]:请根据实际情况做调  
Many web browsers have a Do Not Track function, which can issue Do Not Track requests to  
websites. At present, the major Internet standards organizations have not established relevant  
policies to specify how websites should respond to such requests. But if your browser has enabled  
Do Not Track, then all of our websites will respect your choice.  
整。  
4)  
……  
How do we share, transfer, and publicly disclose your personal  
information  
批注[RL19]:1.本节主要是说明是  
否会共享、转让个人信息,并详细  
描述需要共享转让的个人信息类  
型、共享转让的原因、个人信息的  
接收方、对接收方的约束和管理准  
则、接收方使用个人信息的目的、  
个人信息共享转让过程中的安全措  
施、共享转让个人信息是否对用户  
带来高危风险。  
1Sharing  
We will not share your personal information with any company, organization, or individual  
outside of XX, except for the following situations:  
. Sharing with explicit consent: With your explicit consent, we will share your personal  
information with other parties.  
. We may share your personal information with external parties in accordance with laws and  
regulations or mandatory requirements of government authorities.  
. Sharing with our affiliated companies: Your personal information may be shared with XX's  
1
2
3
2. 说明何种情况下个人信息控制  
affiliated companies. We will only share necessary personal information and are bound by the  
purposes stated in this privacy policy. If affiliated companies want to change the purpose of  
processing personal information, they will seek your authorization and consent again.  
Our affiliated companies include:.  
者会不经过用户同意,共享转让和  
公开披露数据,如响应执法机关和  
政府机构的要求、进行个人信息安  
全审计、保护用户免受遭受欺诈和  
严重人身伤害等。  
4. Shared with authorized partners: Some of our services will be provided by authorized  
partners solely for the purposes stated in this policy. We may share some of your personal  
information with our partners to provide better customer service and user experience. For example,  
when you purchase our products online, we must share your personal information with the logistics  
service provider in order to arrange delivery or arrange for partners to provide services. We will  
only share your personal information for legal, legitimate, necessary, specific, and clear purposes,  
and will only share personal information necessary for providing services. Our partners have no  
right to use the shared personal information for any other purpose.  
批注[RL20]请根据实际情况填  
写。如果有附属公司,则必须在此  
处披露。  
At present, our authorized partners include the following types:  
批注[ZX21]:请按照实际情况补充  
1) Authorized partners for advertising and analytics services.  
Unless we obtain your  
和修改。  
permission, we will not share your personal identification information (referring to information that  
can identify you, such as name or email, which can be used to contact or identify you) with partners  
who provide advertising and analytics services. We will provide these partners with information  
about their advertising coverage and effectiveness, without providing your personally identifiable  
information, or we will aggregate this information so that it does not identify you personally. For  
example, we may only inform advertisers about the effectiveness of their ads, how many people  
have watched their ads or installed apps after seeing them, or provide non personally identifiable  
demographic information to these partners (such as "25-year-old male based in Beijing who enjoys  
software development"), to help them understand their audience or customers, only after the  
advertiser agrees to comply with our advertising guidelines.  
2) Suppliers, service providers, and other partners. We send information to suppliers, service  
providers, and other partners who support our business globally, including providing technical  
infrastructure services, analyzing how our services are used, measuring the effectiveness of  
advertising and services, providing customer service, facilitating payment, or conducting academic  
research and surveys.  
3……  
We will sign strict confidentiality agreements with companies, organizations, and individuals  
with whom we share personal information, requiring them to handle personal information in  
accordance with our instructions, this privacy policy, and any other relevant confidentiality and  
security measures.  
2Transfer  
We will not transfer your personal information to any company, organization, or individual,  
except in the following circumstances:  
. Transfer with explicit consent: After obtaining your explicit consent, we will transfer your  
personal information to other parties;  
. When it comes to mergers, acquisitions, or bankruptcy liquidation, if there is a transfer of  
1
2
批注[ZX22]:个人信息控制者说明  
是否需要公开披露个人信息,并详  
细描述需要公开披露的个人信息类  
型、原因、是否对用户带来高危风  
险。  
personal information, we will require the new company or organization holding your personal  
information to continue to be bound by this privacy policy. Otherwise, we will require the company  
or organization to seek your authorization and consent again.  
3 Public disclosure  
We will only publicly disclose your personal information in the following situations:  
批注[RL23]以下八点请根据实际  
情况填写。详细说明个人信息  
1. After obtaining your explicit consent;  
2
. Legal Disclosure: We may publicly disclose your personal information in the event of legal,  
控制者对个人信息进行安全保护的  
措施。包括但不限于个人信息完整  
性保护措施,个人信息传输、存储  
和备份过程的加密措施,个人信息  
访问、使用的授权和审计机制,个  
人信息的保留和删除机制等。  
procedural, litigation, or mandatory requirements from government authorities.  
How do we protect your personal information  
1We have implemented industry standard security measures to protect the personal information  
you provide, preventing unauthorized access, public disclosure, use, modification, damage, or loss  
of data. We will take all reasonable and feasible measures to protect your personal information.  
For example, when exchanging data (such as credit card information) between your browser and the  
批注[RL24]可以根据实际情况做  
微调。  
"
service", it is protected by SSL encryption; We also provide HTTPS secure browsing for the  
XXXX website; We will use encryption technology to ensure the confidentiality of data; We will  
use trusted protection mechanisms to prevent data from being maliciously attacked; We will  
deploy access control mechanisms to ensure that only authorized personnel can access personal  
information; And we will hold security and privacy protection training courses to enhance  
employees' awareness of the importance of protecting personal information.  
批注[ZX25]:包含个人信息控制者  
目前主动遵循的国际或国内的个人  
信息安全法律、法规、标准、协议  
等,以及个人信息控制者目前已取  
得的个人信息安全相关的权威独立  
机构认证。  
2 We have obtained the following certifications:  
.
3 Meanwhile, our data security capabilities:  
批注[RL26]:可根据 GB/T AAAAA  
信息安全技术 大数据服务安全  
.
4  We will take all reasonable and feasible measures to ensure that unrelated personal  
information is not collected. We will only retain your personal information for the period  
necessary to achieve the purposes stated in this policy, unless an extension of the retention period is  
required or permitted by law. When it is no longer necessary to retain personal information for  
legal, dispute resolution, enforcement of our agreements, or other commercial purposes, we will no  
longer retain personal information or eliminate ways to associate personal information with specific  
individuals.  
5 The Internet is not an absolutely secure environment, and email, instant messaging, and  
communication methods with other XX users are not encrypted. We strongly recommend that you do  
not send personal information through such methods. Meanwhile, please use complex passwords  
to assist us in ensuring the security of your account.  
6 We will regularly update and disclose the relevant content of security risk and personal  
information security impact assessment reports. You can obtain... through the following methods.  
7 The Internet environment is not 100% secure. We will try our best to ensure or guarantee the  
批注[ZX27]:请按照实际情况补  
充。  
security of any information you send us. If our physical, technological, or management protective  
facilities are damaged, resulting in unauthorized access, public disclosure, tampering, or destruction  
of information, which damages your legitimate rights and interests, we will bear corresponding legal  
responsibilities.  
批注[ZX28]1.可重点提醒公众如  
何在使用产品或服务时保护好个人  
批注[ZX29]:应表明在发生个人信  
8After the unfortunate occurrence of a personal information security incident, we will promptly  
息安全事件后,个人信息控制者将  
inform you of the basic situation and possible impact of the security incident, the disposal measures  
we have taken or will take, suggestions for you to independently prevent and reduce risks, and  
remedial measures for you in accordance with the requirements of laws and regulations. We will  
promptly inform you of the relevant situation of the event through email, letter, phone, push  
notifications, etc. When it is difficult to inform individual information subjects one by one, we will  
adopt reasonable and effective methods to publish announcements.  
批注[ZX30]:应表明在发生个人信  
息安全事件后,将及时告知个人信  
At the same time, we will proactively report the handling of personal information security  
incidents in accordance with regulatory requirements.  
Your rights  
1.批注[RL31]:说明用户对其个人  
According to relevant laws, regulations, standards in China, as well as common practices in  
other countries and regions, we guarantee that you exercise the following rights over your personal  
information:  
信息拥有何种权利,内容包括但不  
1 Accessing your personal information  
You have the right to access your personal information, except for exceptions provided by laws  
and regulations. If you want to exercise your data access rights, you can access them yourself  
through the following methods:  
批注[ZX32]:需注意:此处的信息  
类型,与上文收集的信息一一对  
Account Information - If you wish to access or edit personal and payment information in your  
account, change your password, add security information, or close your account, you can do so  
through Perform such operations.  
批注[ZX33]:请与实际情况保持一  
致,本句不得删除。  
Search Information - You can access or clear your search history, view and modify interests,  
and manage other data in.  
……  
If you are unable to access these personal information through the above link, you can always  
use our... to contact us or send an email to XXXX. We will reply to your access request within 30  
days.  
批注[ZX34]:必须保留,不得删  
除。至少提供一种用户可以联系的  
途径。  
For other personal information generated during your use of our products or services, as long as  
we do not require excessive investment, we will provide it to you. If you wish to exercise your data  
access rights, please send an email to XXXX.  
批注[RL35]如果用户提出行使权  
利的需求后需要较长时间才能响  
应,需明确说明响应的时间节点,  
以及无法短时间内响应的原因。  
2 Correct your personal information  
When you discover errors in the personal information we process about you, you have the right  
to request us to make corrections. You can submit a correction request through the methods listed  
in "(1) Accessing Your Personal Information".  
批注[ZX36]:不得删除,必须提供  
一种途径支持用户行使权利。  
If you are unable to correct these personal information through the above link, you can contact  
us at any time using our... or send an email to XXXX.. We will reply to your correction request  
within 30 days.  
批注[ZX37]:请与实际情况保持一  
致,本句不得删除。  
批注[ZX38]:必须保留,不得删  
除。至少提供一种用户可以联系的  
途径。  
3 Delete your personal information  
In the following situations, you can request us to delete your personal information:  
1
2
3
4
5
. If our handling of personal information violates laws and regulations;  
. If we collect and use your personal information without your consent;  
. If our handling of personal information violates our agreement with you;  
. If you no longer use our products or services, or if you cancel your account;  
. If we no longer provide you with products or services.  
批注[RL39]如果用户提出行使权  
利的需求后需要较长时间才能响  
应,需明确说明响应的时间节点,  
以及无法短时间内响应的原因。  
If we decide to respond to your deletion request, we will also notify the entities that have  
obtained your personal information from us to delete it in a timely manner, unless otherwise  
provided by laws and regulations, or if these entities have obtained your independent authorization.  
When you delete information from our service, we may not immediately delete the  
corresponding information from the backup system, but will delete this information when the  
backup is updated.  
批注[ZX40]:以下情形中用户提出  
删除个人数据,必须支持。  
批注[ZX41]:不得删除,必须做  
到。  
4 Change the scope of your authorized consent  
Each business function requires some basic personal information to be completed (see the  
"
How We Collect and Use Your Personal Information" section of this policy). For the collection  
and use of additional personal information, you may also give or revoke your authorization and  
consent at any time.  
You can operate it yourself through the following methods:  
批注[ZX42]:此部分针对的是额外  
收集的个人信息,用户如何操作给  
与和收回同意。  
After you withdraw your consent, we will no longer process the corresponding personal  
information. But your decision to withdraw consent will not affect the personal information  
processing previously carried out based on your authorization.  
If you do not want to accept the commercial advertisements we send you, you can cancel them  
at any time through the following methods:  
批注[ZX43]:请一定做到。  
……  
批注[ZX44]:必须提供一种机制拒  
绝广告,至少提供邮箱。  
5 Personal Information Subject Account Cancellation  
You can cancel your previously registered account at any time by following the steps below:  
……  
批注[ZX45]:必须做到,并且提供  
After account cancellation, we will cease to provide you with products or services and delete  
your personal information as per your request, except as otherwise provided by laws and regulations.  
一种机制,至少是邮箱。  
6 Personal information subject obtains a copy of personal information  
You have the right to obtain a copy of your personal information, and you can operate it  
yourself through the following methods:  
批注[ZX46]:必须做到,并且提供  
If technically feasible, such as data interface matching, we can also transfer a copy of your  
personal information directly to a third party designated by you according to your requirements.  
一种机制,至少是邮箱。  
7 Constrained information system automatic decision-making  
In xxxx business functions, we may only make decisions based on non manual automatic  
批注[ZX47]:请补充具体的业务功  
decision-making mechanisms such as information systems and algorithms. If these decisions  
significantly affect your legitimate rights and interests, you have the right to demand an explanation  
from us, and we will also provide appropriate remedies.  
8 In response to your above request  
To ensure your safety, before responding to your above request, you may need to provide a  
written request, and we may also require you to verify your identity before processing your request.  
We will provide a response within 30 days. If you are not satisfied, you can also file a complaint  
through the following channels:  
批注[RL48]如果用户行使权利的  
过程需要再次验证身份,需明确说  
明验证身份的原因,并采取适当的  
控制措施,避免验证身份过程中造  
成的个人信息泄露。  
……  
For your reasonable requests, we generally do not charge any fees, but for requests that are  
repeated multiple times or exceed reasonable limits, we will charge a certain cost fee depending on  
the situation. We may refuse requests that are unnecessarily repetitive, require excessive technical  
means (such as developing new systems or fundamentally changing current practices), pose risks to  
the legitimate rights and interests of others, or are highly impractical (such as involving information  
stored on backup tapes).  
批注[RL49]如果用户提出行使权  
利的需求后需要较长时间才能响  
应,需明确说明响应的时间节点,  
以及无法短时间内响应的原因。  
In the following situations, as required by laws and regulations, we will not be able to respond  
to your request:  
批注[ZX50]:请补充投诉的途径。  
1
2
3
4
5
. Directly related to national security and defense security;  
批注[RL51]如果用户行使权利的  
过程产生费用,需明确说明收费的  
原因和依据。但总的来说,不得收  
费。  
. Directly related to public safety, public health, and major public interests;  
. Directly related to criminal investigation, prosecution, trial, and execution of judgments;  
. There is sufficient evidence to suggest that you have subjective malice or abuse of power;  
. Responding to your request will result in serious harm to your or other individuals' or  
批注[RL52]如果当用户请求时,  
拒绝用户对个人信息进行访问、更  
正、删除、撤回同意等的要求,则  
需明确说明拒绝的原因和依据。  
organizations' legitimate rights and interests.  
. Involving trade secrets.  
6
How do we handle children's personal information  
Our products, website, and services are primarily aimed at adults. Children are not allowed to  
create their own user accounts without the consent of their parents or guardians.  
For cases where personal information of children is collected with the consent of parents, we  
will only use or publicly disclose this information when permitted by law, with the explicit consent  
of parents or guardians, or when necessary to protect the child. Although local laws and customs  
define children differently, we consider anyone under the age of 14 as a child.  
If we find that we have collected personal information of children without obtaining verifiable  
parental consent in advance, we will try to delete the relevant data as soon as possible.  
批注[ZX53]:对于儿童数据的保  
护,国内日趋严格,请务必做到。  
How can your personal information be transferred globally  
In principle, the personal information we collect and generate within the territory of the  
People's Republic of China will be stored within the territory of the People's Republic of China.  
Due to our global resources and servers providing products or services, this means that with  
your authorized consent, your personal information may be transferred to or accessed from overseas  
jurisdictions in the country/region where you use the products or services.  
批注[RL54]如果因业务需求、政  
府和司法监管要求存在跨境信息传  
输情况,需详细说明需要进行跨境  
传输的数据类型,以及跨境传输遵  
守的标准、协议和法律机制(合同  
等)。  
Such jurisdictions may have different data protection laws, or even no relevant laws in place.  
In such cases, we will ensure that your personal information receives sufficient and equal protection  
within the territory of the People's Republic of China. For example, we may request your consent  
for cross-border transfer of personal information, or implement security measures such as data de  
identification before cross-border data transfer.  
How to update this policy  
Our privacy policy may change. Without your explicit consent, we will not reduce the rights  
you are entitled to under this privacy policy. We will post any changes made to this policy on this  
page. For significant changes, we will also provide more prominent notifications (including for  
certain services, we will send notifications via email explaining the specific changes to the privacy  
policy).  
批注[RL55]通常情况下采取的通  
知方式如:用户登录信息系统时、  
更新信息系统版本并在用户使用时  
弹出窗口、用户使用信息系统时直  
接向用户推送通知、向用户发送邮  
件、短信等。  
The significant changes referred to in this policy include but are not limited to:  
1. Our service model has undergone significant changes. Such as the purpose of processing  
personal information, the types of personal information processed, and the ways in which personal  
information is used;  
2
. We have undergone significant changes in ownership structure, organizational structure, and other  
aspects. Changes in ownership caused by business adjustments, bankruptcy mergers and  
acquisitions, etc;  
3
4
. The main objects of personal information sharing, transfer or public disclosure have changed;  
. There has been a significant change in your right to participate in personal information processing  
and the way you exercise it;  
. When the responsible department, contact information, and complaint channels for handling  
personal information security change;  
. When the personal information security impact assessment report indicates the presence of high  
risks.  
5
6
We will also archive the old version of this policy for your reference.  
How to contact us  
批注[ZX56]:必须明确给出处理个  
人信息安全问题相关反馈、投诉的  
渠道,如个人信息安全责任部门的  
联系方式、地址、电子邮箱、用户  
反馈问题的表单等,并明确用户可  
以收到回应的时间。  
If you have any questions, comments, or suggestions regarding this privacy policy, please  
contact us through the following methods:  
……  
We have established a dedicated department for personal information protection (or a personal  
information protection specialist), and you can contact them through the following methods:  
……  
批注[ZX57]:建议与开头的联系方  
Normally, we will reply within 30 days.  
式保持一致。  
If you are not satisfied with our response, especially if our personal information processing  
behavior has harmed your legitimate rights and interests, you can also seek solutions through the  
following external channels:  
批注[ZX58]:企业指定的数据保护  
官的联系方式  
Thank you for reading our privacy policy!  
批注[ZX59]:需给出外部争议解决  
机构及其联络方式,以应对与用户  
出现无法协商解决的争议和纠纷。  
外部争议解决机构通常为:个人信  
息控制者所在管辖区的院、认证个  
人信息控制者隐私政策的独立机  
构、行业自律协会或政府相关管理  
机构等。