隐私政策Privacy Policy
Smallsoft Pty Ltd. 在提供 Smallsoft Identity 平台及相关服务时,作为数据控制者或数据处理者依法处理个人信息,并遵守《1988 年隐私法》(联邦)及其他适用的数据保护法律;在适用情况下,我们亦遵守包括 GDPR 在内的相关国际数据保护法规。Smallsoft Pty Ltd. processes personal data as either a controller or processor when providing the Smallsoft Identity platform and related services, and complies with the Privacy Act 1988 (Cth) and other applicable data protection laws; where applicable, we also comply with relevant international data protection laws, including the GDPR.
最后更新:2026 年 2 月 19 日Last updated: February 19, 2026
适用范围与法律主体Scope and Legal Entity
本政策适用于 Smallsoft 网站、Smallsoft Identity 平台及相关支持服务。法律主体为 Smallsoft Pty Ltd.(澳大利亚)。This Policy applies to the Smallsoft website, the Smallsoft Identity platform, and related support services. The legal entity is Smallsoft Pty Ltd. (Australia).
处理角色Processing Roles
在企业客户使用场景中,客户通常作为数据控制者,Smallsoft 作为数据处理者;但对于 Smallsoft 为履行自身运营或合规义务而自主决定处理目的与方式的活动,Smallsoft 作为数据控制者。In enterprise customer deployments, the customer is typically the controller and Smallsoft acts as a processor, except where Smallsoft determines the purposes and means of processing for its own operational or compliance obligations.
收集的数据类型Data Categories
我们处理的数据可能包括:
1) 账户标识信息(如邮箱地址、用户 ID)
2) 认证日志与安全事件
3) 设备与风险遥测信号
4) 客户配置的身份属性Data we process may include:
1) Account identifiers (e.g., email address, user ID)
2) Authentication logs and security events
3) Device and risk telemetry
4) Customer-configured identity attributes
处理目的与法律依据Purpose and Legal Basis
处理目的包括身份验证、访问控制、威胁检测、故障排查和合规报告。法律依据通常包括合同履行、法定义务、合法利益,以及在适用情况下的同意。我们不会出售身份数据,也不会将身份数据用于第三方广告定向。Processing purposes include authentication, access control, threat detection, troubleshooting, and compliance reporting. Legal bases generally include contract performance, legal obligations, legitimate interests, and consent where applicable. We do not sell identity data and do not use identity data for third-party advertising targeting.
数据保留与删除Retention and Deletion
数据保留期限取决于服务配置、客户合同义务与法定要求。我们执行文档化的保留与删除流程,支持客户发起导出、删除或纠正请求,并在生产系统与备份生命周期内落实处理。Retention periods depend on service configuration, contractual obligations, and legal requirements. We operate documented retention and deletion workflows, support customer export/deletion/correction requests, and apply them across production systems and backup lifecycles.
跨境传输与第三方处理者Cross-border Transfers and Subprocessors
主要生产环境部署于 Microsoft Azure Australia East(Sydney)。为支持服务、事件响应或法律要求,数据可能在严格的合同、技术与组织性保障措施下由其他法域访问或进行受控传输。我们仅在必要范围内使用子处理者,并通过合同、访问控制及安全要求约束其处理活动;子处理者清单可按请求提供。Primary production hosting is in Microsoft Azure Australia East (Sydney). Data may be accessed from other jurisdictions, or transferred in a controlled manner, for support, incident response, or legal requirements under strict contractual, technical, and organizational safeguards. We engage subprocessors only as necessary and bind them through contractual, access, and security controls; a current subprocessor list is available on request.
澳大利亚隐私法框架说明Australian Privacy Act Framework
以下信息用于说明适用法律的现行状态与权威来源。The following clarifies legal status and authoritative references.
现行法律状态Current Legal Status
Privacy Act 1988 (Cth) 是澳大利亚联邦层面的主要隐私法律框架。该法自 1988 年实施后经多次修订,其中 2014 年引入 Australian Privacy Principles (APPs) 属于关键更新。近期改革和修法(包括严重隐私侵害法定诉因)是在原有框架上扩展,而非废止该法。The Privacy Act 1988 (Cth) is Australia's principal federal privacy framework. The Act has been amended multiple times since 1988, with the 2014 introduction of the Australian Privacy Principles (APPs) being a major update. Ongoing reforms and recent amendments (including a statutory cause of action for serious invasions of privacy) update and extend, rather than repeal, the Act.
关键合规要点Key Compliance Points
该法包含 13 项 Australian Privacy Principles (APPs),用于规范个人信息的收集、使用、存储与披露。该法适用于许多组织和政府机构(包括达到适用门槛的私营企业),并由 OAIC 负责监管与执法。The Act contains 13 Australian Privacy Principles (APPs) governing the collection, use, storage, and disclosure of personal information. It applies to many organisations and government agencies, including private-sector entities above applicable thresholds, and is administered and enforced by the OAIC.
权威来源(立法与监管)Authoritative Sources
1) 联邦立法网站(Privacy Act 1988 (Cth) 现行整合文本):legislation.gov.au/Details/C2014C00076
2) OAIC 对 Privacy Act 与 APP 的官方说明:oaic.gov.au/privacy/privacy-legislation/the-privacy-act
3) 澳大利亚总检察长部门(Attorney-General’s Department)隐私总览:ag.gov.au/rights-and-protections/privacy1) Federal legislation (current consolidated Privacy Act 1988 (Cth)): legislation.gov.au/Details/C2014C00076
2) OAIC guidance on the Privacy Act and APPs: oaic.gov.au/privacy/privacy-legislation/the-privacy-act
3) Attorney-General’s Department privacy overview: ag.gov.au/rights-and-protections/privacy
对 Smallsoft 的适用说明Application to Smallsoft
Smallsoft 的身份平台控制体系围绕数据最小化、访问控制、审计留痕和受控传输设计,以支持 APP 框架下的合规实践。具体法律义务范围仍以适用法律及已签署协议为准。Smallsoft’s identity platform controls are designed around data minimization, access controls, auditability, and controlled transfers to support APP-aligned compliance practices. Specific legal obligations remain subject to applicable law and executed agreements.
数据主体权利Data Subject Rights
在适用法律范围内,个人可请求访问、更正、删除、限制处理、数据可携带及反对处理。对于我们作为数据处理者处理的数据,请求应首先提交至相关客户(控制者);对于我们作为数据控制者处理的数据,请求可直接提交至 Smallsoft。Subject to applicable law, individuals may request access, correction, deletion, restriction, portability, and objection. Where we act as a processor, requests should be directed to the relevant customer as controller; where we act as a controller, requests may be submitted directly to Smallsoft.
安全保障措施Security Safeguards
我们实施加密传输与静态保护、最小权限访问控制、多因素认证、审计日志与事件响应流程,以保护个人数据的机密性、完整性与可用性。We implement encryption in transit and at rest protections, least-privilege access controls, multi-factor authentication, audit logging, and incident response processes to protect confidentiality, integrity, and availability of personal data.
隐私咨询与投诉Privacy Inquiries and Complaints
如需提交隐私请求或投诉,请联系:privacy@smallsoft.com.au。我们通常会在 30 天内回复。如你对处理结果不满意,可向澳大利亚信息专员办公室(OAIC)提交投诉(oaic.gov.au)。For privacy requests or complaints, contact: privacy@smallsoft.com.au. We generally respond within 30 days. If you are dissatisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) (oaic.gov.au).
政策更新Policy Updates
我们可能不时更新本政策。重大变更将通过网站公告或合同约定的通知方式发布。We may update this Policy from time to time. Material changes will be communicated via website notice or contractual notification channels.
合规说明Compliance Note
如本政策与客户与 Smallsoft 之间已签署协议存在冲突,以已签署协议为准;本政策作为公开透明披露文件进行补充说明。If this Policy conflicts with an executed agreement between the customer and Smallsoft, the executed agreement prevails; this Policy supplements transparency disclosures.