1. 引言
在 ESUN TECHNOLOGY(“我们”),我们深知数据安全和合规在金融及强监管行业中的重要性。我们承诺依据适用法律(包括但不限于《个人信息保护法》(PIPL)、通用数据保护条例(GDPR)、加州消费者隐私法(CCPA)等),保护您的个人信息与数据安全。本隐私声明说明了我们如何收集、使用、存储、共享和保护您的个人信息。
2. 我们收集的信息
- 个人身份信息:姓名、联系方式(如邮箱、电话)、职位及组织信息
- 技术信息:IP 地址、浏览器类型、操作系统、设备信息、日志数据
- 使用数据:系统操作记录、登录信息、审计日志
- 合规性数据:基于监管要求需记录和留存的用户操作信息
3. 信息使用目的
- 服务交付:系统运行、维护和功能改进
- 安全与合规:访问控制、日志审计、入侵检测、防欺诈
- 合规报告:满足金融及相关行业监管机构要求
- 沟通联络:响应您的请求与提供支持
- 法律义务:履行法律法规及监管要求
4. 信息共享与第三方处理
我们不会出售或出租您的信息,仅在以下情况下共享:
- 法律与监管要求:应法院、监管机构或其他有权机关要求
- 业务合作与外包:在签署数据保护协议(DPA)并采取合同约束下,向云服务商、IT 支持或合规审计机构提供必要信息
- 业务变更:如合并、收购或资产转让
5. 数据安全措施
- 加密:数据传输与存储采用强加密(TLS、AES 等)
- 访问控制:基于最小化权限的身份验证与角色管理
- 日志与审计:全量操作日志留存与定期审计
- 安全测试:定期漏洞扫描、渗透测试与风险评估
- 连续性保障:灾备机制与业务连续性计划
6. 数据主体权利
您享有以下权利:
- 访问、复制您的个人数据
- 更正或删除您的个人数据(在法律允许范围内)
- 限制或反对数据处理
- 请求数据可携性
- 向监管机构提出申诉
我们将在收到请求后的 30 天内 回复,特殊情况下可依法延长。
7. 数据保留
我们仅在实现收集目的所需期间或满足监管要求所需的最短时间内保留您的数据,超过期限后将安全删除或匿名化处理。
8. 国际数据传输
如需将数据传输至境外,我们将遵循适用的数据保护法律,采取合同、认证或其他法律认可的保护措施。
9. 更新
我们可能会因业务、技术或法律要求更新本声明。最新版本将发布于网站,并标注“生效日期”。
10. 联系我们
如对隐私保护或数据合规有疑问,请联系:
info@esuntechnology.com
如您认为我们未妥善处理您的信息,您有权向所在司法辖区的数据保护监管机构提出申诉。
1. Introduction
At ESUN TECHNOLOGY ("we"), we recognize the critical importance of data security and compliance in the financial and highly regulated industries. We are committed to protecting your personal data in accordance with applicable laws, including but not limited to the Personal Information Protection Law (PIPL), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). This Privacy Notice explains how we collect, use, store, share, and safeguard your personal data.
2. Information We Collect
- Personal Identifiers: name, contact details (email, phone), job title, and organizational information
- Technical Data: IP address, browser type, operating system, device details, log data
- Usage Data: system activity records, login information, audit logs
- Compliance Data: records required by regulatory obligations
3. Purposes of Processing
- Service Delivery: operating, maintaining, and improving the system
- Security & Compliance: access control, audit logging, intrusion detection, fraud prevention
- Regulatory Reporting: meeting requirements of financial regulators or supervisory authorities
- Communication: responding to your requests and providing support
- Legal Obligations: compliance with applicable laws and regulations
4. Sharing & Third-Party Processing
We do not sell or rent your data. We may share data only:
- Legal & Regulatory Requirements: when requested by courts, regulators, or competent authorities
- Business Partners & Service Providers: under binding Data Processing Agreements (DPA), with cloud providers, IT support, or compliance auditors
- Business Transfers: in case of mergers, acquisitions, or asset transfers
5. Data Security
- Encryption: strong encryption for data in transit and at rest (TLS, AES)
- Access Control: role-based authentication and least-privilege principles
- Logging & Auditing: comprehensive activity logs and regular audits
- Security Testing: vulnerability scans, penetration tests, and risk assessments
- Business Continuity: disaster recovery and continuity planning
6. Data Subject Rights
Subject to applicable law, you may exercise the following rights:
- Access and obtain a copy of your personal data
- Rectify or erase personal data (within legal limits)
- Restrict or object to processing
- Request data portability
- Lodge an appeal with a supervisory authority
We will respond within 30 days of receiving your request, unless an extension is legally permitted.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the stated purposes or as required by regulatory obligations, after which it will be securely deleted or anonymized.
8. International Data Transfers
Where personal data is transferred outside your jurisdiction, we will apply safeguards recognized under applicable laws, such as contractual clauses or certifications.
9. Updates
We may update this Privacy Notice due to business, technical, or legal requirements. The most recent version will always be published on our website with the “Effective Date.”
10. Contact Us
For any privacy or compliance inquiries, please contact:
info@esuntechnology.com
If you believe we have not handled your data appropriately, you may lodge an appeal with your local data protection authority.