隐私协议 / Privacy Policy
Personal Data Privacy Policy of AdventureX 2026
中英双语正式版 | Official Bilingual Version
中英文版本具有同等法律效力 | English and Chinese versions have equal legal effect
生效日期 | Effective Date: 2026年 4 月 21 日 | 21, April 2026
规管法律 | Governing Law: 本政策受中华人民共和国香港特别行政区法律专属规管,严格遵循香港法例第486章《个人资料(私隐)条例》(下称「PDPO」)及香港个人资料私隐专员公署(下称「PCPD」)发布的所有具约束力的守则、指引与监管要求制定。
This Policy is exclusively governed by the laws of the Hong Kong Special Administrative Region of the People's Republic of China, and is formulated in full compliance with the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong, hereinafter referred to as the "PDPO") and all binding codes, guidelines and regulatory requirements issued by the Office of the Privacy Commissioner for Personal Data, Hong Kong (hereinafter referred to as the "PCPD").
一、非营利项目声明 | Non-Profit Initiative Declaration
AdventureX 2026 是由香港注册成立的 AdventureX Education Technology Limited 运营的非营利青年科技创新黑客松项目,核心使命为赋能青年创新者、推动青年社群技术交流、为弱势青年群体提供普惠科技教育支持。
AdventureX 2026 is a non-profit youth science and technology innovation Hackathon project operated by AdventureX Education Technology Limited, a company incorporated in Hong Kong, with its core mission being to empower young innovators, promote technological exchanges within the youth community, and provide inclusive science and technology education support for disadvantaged youth groups.
AdventureX 2026 is a not-for-profit youth tech innovation hackathon operated by AdventureX Education Technology Limited, a company duly incorporated in Hong Kong. Our core mission is to empower young innovators, advance technological exchange among youth communities, and foster inclusive tech education for underrepresented young talents.
本项目所有来自赞助、合作及赛事相关的收入,均专项用于赛事运营、青年科技公益项目开发与青年创新者扶持,不以商业盈利为运营目的,不向任何股东进行分红,全部资源均投入于非营利公益使命。
All revenues from sponsorship, cooperation, and event-related activities of this project are earmarked for event operations, development of youth science and technology public welfare projects, and support for young innovators. It does not operate for commercial profit, does not distribute dividends to any shareowner, and all resources are invested in non-profit public welfare missions.
All funds raised from sponsorships, partnerships and event-related income are used exclusively for the operation of the event, the development of youth tech public welfare programs, and the support of young innovators. We do not operate for commercial profit, no dividends are distributed to any shareholders, and all resources are committed to our non-profit public welfare mission.
本声明不构成PDPO项下的任何合规豁免。无论我们的非营利运营性质如何,均就所有个人资料处理行为承担PDPO项下的全部法定合规义务与法律责任。
This statement does not constitute any compliance exemption under the PDPO. Regardless of our non-profit operating nature, we shall assume all statutory compliance obligations and legal liabilities under the PDPO for all personal data processing activities.
This declaration does not constitute any compliance exemption under the PDPO. We bear full statutory compliance obligations and legal liabilities under the PDPO for all personal data processing activities, regardless of our non-profit operating nature.
本政策与我们的非营利使命保持一致,我们承诺仅为推进公益目标的目的处理个人资料,全程严格遵守PDPO的相关规定。
This policy is consistent with our non-profit mission, and we are committed to processing personal data solely for the purpose of advancing public interest objectives, strictly complying with the relevant provisions of the PDPO throughout the process.
This Policy is formulated in alignment with our non-profit mission, and we commit to processing personal data solely for the purposes of advancing our public welfare objectives, in full compliance with the PDPO.
二、目录 | Table of Contents
1. 释义与定义 | Definitions & Interpretations
2. 资料使用者与资料保障主任法定公示 | Statutory Publication of Data User & Data Protection Officer
3. 资料处理核心合规原则 | Core Compliance Principles of Data Processing
4. 个人资料收集规则 | Rules for Collection of Personal Data
5. 赛事报名通道与赞助商信息共享规则 | Event Registration Channels & Sponsor Information Sharing Rules
6. 个人资料处理与使用规则 | Rules for Processing and Use of Personal Data
7. 个人资料委托处理与第三方转移规则 | Rules for Entrusted Processing and Third-Party Transfer of Personal Data
8. 个人资料存储与留存期限 | Storage and Retention Period of Personal Data
9. 个人资料安全保障措施 | Personal Data Security Protection Measures
10. 资料当事人的明示同意与撤回规则 | Rules for Express Consent and Withdrawal of the Data Subject
11. 资料当事人的法定权利与行使方式 | Statutory Rights of the Data Subject and Exercise Methods
12. 数据安全事件应急处置预案 | Emergency Response Plan for Data Security Incidents
13. 个人资料保护合规审计与持续优化 | Compliance Audit and Continuous Optimization of Personal Data Protection
14. 本政策的更新、变更与公示 | Update, Amendment and Publication of this Policy
15. 法律适用与争议解决 | Governing Law and Dispute Resolution
16. 联系方式与投诉渠道 | Contact Information and Complaint Channels
1. 释义与定义 | Definitions & Interpretations
在本政策中,除非上下文另有明确约定,否则下列术语具有本条所约定的含义,所有术语同时严格适用PDPO项下的法定解释。若本条约定与PDPO法定解释存在冲突,以PDPO法定解释为准。
In this Policy, unless the context clearly provides otherwise, the following terms shall have the meanings as agreed in this Article, and all terms shall also be strictly subject to the statutory interpretation under the PDPO. In the event of any conflict between the provisions of this Article and the statutory interpretation of the PDPO, the statutory interpretation of the PDPO shall prevail.
In this Policy, unless the context otherwise requires, the following terms shall have the meanings set out in this Article, and all terms shall be subject to the statutory interpretation under the PDPO. In case of any conflict between the definition in this Article and the statutory interpretation of the PDPO, the statutory interpretation of the PDPO shall prevail.
PDPO:指香港法例第486章《个人资料(私隐)条例》,包括其不时修订、补充、重新颁布的版本,以及PCPD发布的所有具有法律约束力的守则、指引、监管要求与执法声明。
PDPO: means the Personal Data (Privacy) Ordinance (Cap. 486 of the Laws of Hong Kong), including any amendment, supplement, re-enactment thereof from time to time, and all binding codes, guidelines, regulatory requirements and enforcement statements issued by the PCPD.
PCPD:指香港个人资料私隐专员公署,为香港特别行政区负责个人资料私隐保护的法定监管机构。
PCPD: means the Office of the Privacy Commissioner for Personal Data, Hong Kong, the statutory regulatory body responsible for the protection of personal data privacy in the Hong Kong Special Administrative Region.
资料使用者 | Data User:指AdventureX Education Technology Limited,为香港注册成立的有限公司,商業登記編號 79171672,是本政策项下唯一、排他的个人资料使用者,独立决定个人资料的处理目的与方式,独立承担PDPO项下的全部法律责任与合规义务。
Data User: means AdventureX Education Technology Limited, a limited company duly incorporated in Hong Kong with Business Registration No. 79171672, the sole and exclusive Data User under this Policy, who independently determines the purposes and means of processing of personal data, and independently bears all legal responsibilities and compliance obligations under the PDPO.
资料当事人 | Data Subject:指能够通过个人资料直接或间接识别身份的在世自然人,即本政策项下的平台用户、赛事参与者,包括但不限于访客用户、参赛选手。
Data Subject: means a living natural person who can be identified, directly or indirectly, from personal data, i.e., the platform user and event participant under this Policy, including but not limited to Visitor Users and Competition Participants.
个人资料 | Personal Data:指PDPO第2条法定定义的,以电子或其他方式记录的,与已识别或可识别的在世自然人有关的任何信息,不包括不可逆匿名化处理后的信息。
注:PDPO项下无「敏感个人资料」的法定概念,所有类别的个人资料在PDPO项下均受同等程度的法定保护。本政策参考PCPD发布的《身分证号码及其他身分代号实务守则》,对法定身份号码、金融账户信息等特定个人资料采取强化保护措施。
Personal Data: means any information relating directly or indirectly to a living natural person, from which the person can be identified, whether in electronic or other form, excluding irreversibly anonymized information, as defined in Section 2 of the PDPO.
Note: There is no statutory concept of "sensitive personal data" under the PDPO. All types of personal data are subject to the same level of statutory protection under the PDPO. This Policy adopts enhanced protection measures for specific personal data (including legal identity number, financial account information) in accordance with the Code of Practice on Identity Card Numbers and Other Personal Identifiers issued by the PCPD.
个人资料处理 | Processing of Personal Data:指PDPO第2条法定定义的,与个人资料有关的任何操作或一系列操作,无论是否通过自动方式进行,包括但不限于个人资料的收集、记录、存储、使用、加工、整理、传输、披露、转移、委托处理、共享、更正、补充、删除、销毁、匿名化、去标识化。
Processing of Personal Data: means any operation or set of operations performed on personal data, whether or not by automatic means, as defined in Section 2 of the PDPO, including but not limited to collection, recording, storage, use, adaptation, alteration, transmission, disclosure, transfer, entrusted processing, sharing, correction, erasure, anonymization and de-identification of personal data.
保障资料原则 | Data Protection Principles:指PDPO附表1所规定的六项保障资料原则,包括收集目的及方式原则、资料的准确性及保留期间原则、资料的使用原则、资料的保安原则、资料的公开原则、个人查阅及更正资料原则,为本政策项下所有个人资料处理行为的最高合规准则。
Data Protection Principles: means the six Data Protection Principles set out in Schedule 1 of the PDPO, namely the Principle of Purpose and Manner of Collection of Personal Data, the Principle of Accuracy and Retention Period of Personal Data, the Principle of Use of Personal Data, the Principle of Security of Personal Data, the Principle of Openness of Personal Data, and the Principle of Access and Correction of Personal Data, which are the supreme compliance criteria for all personal data processing activities under this Policy.
赛事 | Event:指 AdventureX 2026 全系列活动,包括但不限于 2026 年 7 月 21 日至 28 日(暂定) 举办的核心黑客松赛事、技术展会、行业分享会、配套公益项目、官方线上平台、所有衍生服务与配套活动。
Event: means the full series of activities of AdventureX 2026, including but not limited to the core hackathon competition, tech exhibition, industry sharing sessions, supporting public welfare programs, official online platform, and all derivative services held from 21 July 2026 to 28 July 2026 (TBD).
平台 | Platform:指资料使用者独家运营的 AdventureX 2026 官方网站、线上报名系统、所有相关线上服务载体。
Platform: means the official website of AdventureX 2026, online registration system, and all related online service carriers exclusively operated by the Data User.
访客用户 | Visitor User:指仅注册免费观赛资格、进入线下赛事会场、参与赛事公开环节,未申请参赛赛道的资料当事人。
Visitor User: means a Data Subject who only registers for the free visitor qualification, accesses the offline event venue, participates in public event sessions, and does not apply for the competition track.
参赛选手 | Competition Participant:指已申请并进入专属参赛赛道、提交参赛作品、获得赛事评审资格的资料当事人。
Competition Participant: means a Data Subject who has applied for and entered the exclusive competition track, submitted competition works, and obtained the competition judging qualification.
赞助商合作伙伴 | Sponsor Partners:指赛事的公益支持方,是专属参赛赛道的联合举办方、官方评审委员会独家成员、全部赛事奖金的唯一出资方、获奖项目孵化计划的独家提供方。
Sponsor Partners: means the public welfare supporting partners of the Event, who are the co-organizers, exclusive members of the official judging committee, sole funders of all competition prize money, and exclusive providers of the winning project incubation program for the exclusive competition track.
委托处理 | Entrusted Processing:指资料使用者为实现本政策告知的处理目的,委托具备相应数据安全能力的第三方(资料处理者),在授权范围内处理个人资料的行为。
Entrusted Processing: means the processing of personal data by a third party (data processor) with appropriate data security capabilities within the scope of authorization entrusted by the Data User, for the purposes set out in this Policy.
直接营销 | Direct Marketing:指PDPO第35A条法定定义的,为直接或间接推广产品、服务、活动、商业机会等目的,通过电子或非电子方式向资料当事人发送营销信息、推广内容、商业邀约的行为。
Direct Marketing: means the offering or advertising of goods, services, opportunities, events or commercial prospects to Data Subjects through electronic or non-electronic means for the purpose of direct or indirect promotion, as defined in Section 35A of the PDPO.
匿名化 | Anonymization:指对个人资料进行技术处理,使得处理后的信息无法通过任何技术手段、结合任何其他信息识别到特定的资料当事人,且无法复原的处理方式。匿名化处理后的信息不属于PDPO项下的个人资料。
Anonymization: means the technical processing of personal data such that the resulting information cannot be identified to a specific Data Subject by any technical means, in combination with any other information, and cannot be reversed. Anonymized information does not constitute Personal Data under the PDPO.
去标识化 | De-identification:指对个人资料进行技术处理,去除可直接识别资料当事人的核心字段,使得在不借助额外信息的情况下,无法识别到特定资料当事人的处理方式。去标识化处理后的信息仍属于PDPO项下的个人资料。
De-identification: means the technical processing of personal data to remove core fields that can directly identify the Data Subject, such that the Data Subject cannot be identified without additional information. De-identified information still constitutes Personal Data under the PDPO.
2. 资料使用者与资料保障主任法定公示 | Statutory Publication of Data User & Data Protection Officer
2.1 唯一个人资料使用者 | Sole Data User | 2.1 Sole Data User
本政策项下唯一、排他的个人资料使用者为AdventureX Education Technology Limited,具体信息如下:
The sole and exclusive Data User under this Policy is AdventureX Education Technology Limited, with the following specific information:
- 香港公司注册编号 | Hong Kong Company Registration No.: 79171672
- 注册地址 | Registered Address: UNIT 1307, BEVERLEY COMMERCIAL CENTRE, 87-105 CHATHAM RD SOUTH, TSIM SHA TSUI, HONG KONG
- 官方网站域名 | Official Website Domain: adventure-x.org
主体性质:本公司为 AdventureX 2026 赛事的唯一主办主体、赛事IP的独家所有权人、平台的独家运营主体,是本政策项下所有个人资料的唯一法定资料使用者,独立承担 PDPO 项下的全部法律责任、合规义务、损害赔偿责任。
Subject Nature: The Company is the sole organizer of the AdventureX 2026 Event, the exclusive owner of the Event IP, the exclusive operator of the Platform, and the only statutory Data User of all personal data under this Policy. We independently bear all legal responsibilities, compliance obligations, and damage compensation liabilities under the PDPO.
2.2 资料保障主任(DPO) | Data Protection Officer (DPO) | 2.2 Data Protection Officer (DPO)
本公司已严格按照PDPO的要求,指定具备个人资料保护专业资质、3年以上相关从业经验的专业人士担任资料保障主任(DPO),具体信息如下:
In strict accordance with the requirements of the PDPO, the Company has appointed a professional with personal data protection professional qualifications and more than 3 years of relevant working experience as the Data Protection Officer (DPO), with specific information as follows:
- 姓名 | Name: 王子豪
- 专属履职邮箱 | Exclusive Duty Email: dpo@adventure-x.org
- 咨询邮箱 | Consultation Email: support@adventure-x.org
履职职责:全面统筹本公司个人资料处理全流程的合规管理,制定并落实个人资料保护制度,响应用户权利行使申请,对接PCPD的监管问询、执法调查、合规指引,处理个人资料相关的投诉、纠纷、索赔事宜,独立履行PDPO项下的全部法定职责。
Duties: Fully coordinate the compliance management of the whole process of the Company's personal data processing, formulate and implement the personal data protection system, respond to Data Subjects' applications for exercising rights, communicate with the PCPD on regulatory inquiries, law enforcement investigations, and compliance guidelines, handle complaints, disputes, and claims related to personal data, and independently perform all statutory duties under the PDPO.
独立性声明:本公司DPO独立于赛事业务运营、商务合作、市场推广等所有业务部门,直接向本公司董事层汇报工作,不受任何业务部门的干预,具备完全的履职独立性。本公司对DPO的履职行为承担全部法律责任。
Independence Declaration: The DPO of the Company is independent of all business departments such as Event business operation, business cooperation, and marketing promotion, reports directly to the Company's board of directors, is not interfered by any business department, and has complete performance independence. The Company bears full legal responsibility for the DPO's performance of duties.
3. 资料处理核心合规原则 | Core Compliance Principles of Data Processing
本公司所有个人资料处理行为,严格恪守PDPO项下的六项保障资料原则,同时遵循以下核心合规准则,确保全流程处理行为完全符合香港法律规定与我们的非营利公益使命:
All personal data processing activities of the Company strictly abide by the six Data Protection Principles under the PDPO, and also follow the following core compliance principles, to ensure that the whole process of processing fully complies with the laws of Hong Kong and our non-profit public welfare mission:
3.1 合法、公平、透明原则 | Principle of Lawfulness, Fairness and Transparency | 3.1 Principle of Lawfulness, Fairness and Transparency | Principle of Lawfulness, Fairness and Transparency
我们仅以合法、公平的方式处理个人资料,绝不以欺诈、胁迫、误导、隐瞒的方式收集、处理个人资料;以清晰、透明、易懂的方式,完整告知资料当事人个人资料处理的全部相关事宜,绝不隐瞒任何与资料当事人权益相关的处理行为。
We only process personal data in a lawful and fair manner, and never collect or process personal data by fraud, coercion, misleading or concealment. We fully inform the Data Subject of all matters related to the processing of personal data in a clear, transparent and understandable manner, and never conceal any processing activities related to the rights and interests of the Data Subject.
3.2 目的明确、限定原则 | Principle of Specific and Limited Purpose | 3.2 Principle of Specific and Limited Purpose | Principle of Specific and Limited Purpose
我们仅为具体、明确、合法的赛事相关与非营利公益目的处理个人资料,绝不超出本政策告知的目的范围处理个人资料;若需将个人资料用于本政策未告知的新目的,必须取得资料当事人的明示书面同意,法律法规另有强制性规定的除外。
We only process personal data for specific, explicit and lawful Event-related and non-profit public welfare purposes, and never process personal data beyond the scope of purposes informed in this Policy. If we need to use personal data for a new purpose not informed in this Policy, we must obtain the express written consent of the Data Subject, unless otherwise mandatory by laws and regulations.
3.3 最小必要原则 | Principle of Minimum Necessity | 3.3 Principle of Minimum Necessity | Principle of Minimum Necessity
我们仅收集、处理为实现处理目的所必需的最低范围、最短期限的个人资料,绝不收集与赛事服务、非营利使命无关的个人资料。除非法律法规另有强制性规定,或取得资料当事人的单独明示书面同意,否则我们不会收集资料当事人的生物识别信息(包括但不限于人脸信息、指纹信息、虹膜信息、声纹信息、基因信息),绝不以拒绝提供核心赛事服务为由,强制资料当事人提供非必要的个人资料。
We only collect and process personal data within the minimum scope and shortest period necessary to achieve the processing purpose, never collect personal data irrelevant to the Event services and non-profit mission. Unless otherwise required by mandatory laws and regulations, or with the separate express written consent of the Data Subject, we will not collect biometric information of the Data Subject (including but not limited to facial information, fingerprint information, iris information, voiceprint information, genetic information), and will never force the Data Subject to provide unnecessary personal data on the grounds of refusing to provide core Event services.
3.4 准确性与完整性原则 | Principle of Accuracy and Completeness | 3.4 Principle of Accuracy and Completeness | Principle of Accuracy and Completeness
我们采取合理措施,确保所处理的个人资料准确、完整、不过时;若发现个人资料存在不准确、不完整、过时的情况,将及时予以更正、补充,并通知所有曾接收该资料的第三方。
We take reasonable measures to ensure that the personal data processed is accurate, complete and up-to-date. If we find that the personal data is inaccurate, incomplete or out-of-date, we will correct and supplement it in a timely manner, and notify all third parties who have received the data.
3.5 安全保障原则 | Principle of Security Protection | 3.5 Principle of Security Protection | Principle of Security Protection
我们采取行业标准的技术、管理、物理安全措施,保障个人资料的安全,杜绝未经授权的访问、收集、使用、披露、泄露、篡改、丢失、损坏,确保个人资料处理全流程的安全性。
We adopt industry-standard technical, management and physical security measures to protect the security of personal data, prevent unauthorized access, collection, use, disclosure, leakage, tampering, loss and damage of personal data, and ensure the security of the whole process of personal data processing.
3.6 权利保障原则 | Principle of Rights Protection | 3.6 Principle of Rights Protection | Principle of Rights Protection
我们充分尊重并保障资料当事人依据PDPO享有的全部法定权利,为资料当事人提供便捷、免费、无障碍的权利行使渠道,绝不设置不合理的限制、门槛、障碍,阻碍资料当事人行使法定权利。
We fully respect and guarantee all statutory rights of the Data Subject under the PDPO, provide the Data Subject with convenient, free and accessible channels to exercise rights, and never set unreasonable restrictions, thresholds and obstacles to hinder the Data Subject from exercising statutory rights.
3.7 非营利公益原则 | Principle of Non-Profit Public Welfare | 3.7 Principle of Non-Profit Public Welfare | Principle of Non-Profit Public Welfare
我们仅为推进非营利青年科技赋能使命的目的处理个人资料,绝不将个人资料用于任何与公益使命无关的商业牟利活动;所有处理行为均与非营利目标保持一致。
We only process personal data for the purpose of advancing our non-profit youth tech empowerment mission, and never use personal data for any commercial profit-making activities unrelated to our public welfare mission. All processing activities are aligned with our non-profit objectives.
4. 个人资料收集规则 | Rules for Collection of Personal Data
4.1 收集的一般规则 | General Rules for Collection | 4.1 General Rules for Collection | General Rules for Collection
我们仅在本条款明确约定的范围内,根据资料当事人的参与场景、用户类型,在实现处理目的的最小必要范围内收集个人资料,绝不超范围收集。
We only collect personal data within the scope clearly agreed in this Article, according to the participation scenario and user type of the Data Subject, within the minimum scope necessary to achieve the processing purpose, and never collect data beyond the scope.
所有个人资料均由资料当事人自愿、主动提供,我们绝不以任何非法方式强制收集个人资料。针对法定身份号码、金融账户信息的收集,我们将在收集前以单独弹窗、显著书面方式,完整告知资料当事人收集目的、使用范围、存储期限、处理规则、拒绝提供的法律后果,取得资料当事人的明示书面同意后,方会收集对应信息。
All personal data is provided by the Data Subject voluntarily and actively. We never collect personal data by any unlawful means. For the collection of legal identity number and financial account information, we will fully inform the Data Subject of the purpose of collection, scope of use, storage period, processing rules and legal consequences of refusal through a separate pop-up window and prominent written means before collection, and will only collect the corresponding information after obtaining the express written consent of the Data Subject.
若资料当事人提供的个人资料涉及第三方自然人的信息(如团队成员信息),资料当事人承诺已取得该第三方自然人的明示同意,有权向我们提供该信息,且该第三方自然人已充分知晓并接受本政策的全部条款。若因资料当事人未取得有效同意导致我们遭受任何索赔、处罚、损失,资料当事人应承担全部赔偿责任。
If the personal data provided by the Data Subject involves information of a third-party natural person (such as team member information), the Data Subject warrants that it has obtained the express consent of the third-party natural person, has the right to provide the information to us, and the third-party natural person has fully known and accepted all the terms of this Policy. If the Company suffers any claim, penalty or loss due to the Data Subject's failure to obtain valid consent, the Data Subject shall bear full compensation liability.
4.2 访客用户的个人资料收集 | Collection of Personal Data from Visitor Users | 4.2 Collection of Personal Data from Visitor Users | Collection of Personal Data from Visitor Users
针对仅注册平台基础账号、参与赛事公开活动、浏览平台内容的访客用户,我们仅收集保障其正常使用基础服务、参与公开活动所必需的最低范围个人资料,具体包括:
For Visitor Users who only register a basic platform account, participate in public events of the Event, and browse the Platform content, we only collect the minimum scope of personal data necessary to ensure their normal use of basic services and participation in public events, specifically including:
1. 基础注册标识信息 | Basic Registration Identification Information:电子邮箱地址、自定义昵称,用于完成平台账号注册、生成赛事电子入场凭证、账号安全核验、密码找回、服务通知发送。该信息为该类用户使用平台基础服务的必填信息,若拒绝提供,将无法完成平台注册、获取电子入场凭证。
1. Basic Registration Identification Information | Basic Registration Identification Information: Email address, custom nickname, used for completing platform account registration, generating electronic entry vouchers for events, account security verification, password retrieval, and sending service notifications. This information is required for users of this type to use the platform's basic services. If you refuse to provide it, you will not be able to complete platform registration or obtain electronic entry vouchers.
email address, custom nickname, used to complete platform account registration, generate electronic admission vouchers for the Event, account security verification, password retrieval, and service notification sending. This is mandatory information for such users to use the basic platform services. If refused, the user will not be able to complete platform registration and obtain electronic admission vouchers.
2. 技术日志信息 | Technical Log Information:设备型号、操作系统、浏览器类型、浏览器语言、屏幕分辨率、IP地址、访问时间、页面停留时长、操作行为日志、崩溃报告,用于保障平台的正常稳定运行、防范网络安全风险、排查技术故障、优化平台功能与用户体验。该信息为该类用户使用平台服务的自动收集信息,若拒绝提供,将无法正常使用平台服务。
2. Technical Log Information | Technical Log Information: Device Model, Operating System, Browser Type, Browser Language, Screen Resolution, IP Address, Access Time, Time Stay on Page, Operation Behavior Log, Crash Report, used to ensure the normal and stable operation of the platform, prevent network security risks, troubleshoot technical failures, and optimize platform functions and user experience. This information is automatically collected for users of this type when using platform services. If you refuse to provide it, you will not be able to use platform services normally.
device model, operating system, browser type, browser language, screen resolution, IP address, access time, page stay duration, operation behavior logs, crash reports, used to ensure the normal and stable operation of the Platform, prevent network security risks, troubleshoot technical faults, and optimize Platform functions and user experience. This is automatically collected information for such users to use the Platform services. If refused, the user will not be able to use the Platform services normally.
4.2.1 Cookies与第三方技术服务 | Cookies and Third-Party Technologies | 4.2.1 Cookies and Third-Party Technologies | Cookies and Third-Party Technologies
为保障平台安全、维持登录状态、分析平台使用情况并排查技术故障,我们可能在平台中使用第一方 Cookies,以及由第三方技术服务提供商部署的 Cookies、SDK、像素标签、脚本或其他类似技术标识。
To maintain platform security, preserve sign-in status, analyze platform usage and troubleshoot technical failures, we may use first-party Cookies on the Platform, as well as Cookies, SDKs, pixel tags, scripts, or other similar technical identifiers deployed by third-party technology service providers.
We may use first-party Cookies and similar technologies, as well as third-party Cookies, SDKs, pixels, scripts, or comparable identifiers, to keep the Platform secure, maintain login status, understand usage patterns, and diagnose technical issues.
我们当前使用或可能使用的第三方技术服务包括但不限于 Google Analytics(用于流量统计与使用分析)、Microsoft Clarity(用于页面行为分析与体验优化)、Sentry(用于错误监控、性能监测与故障排查),以及 Cloudflare Turnstile(用于安全验证、防止滥用与机器人攻击)。该等服务可能收集或读取 Cookie 标识符、设备信息、浏览器信息、IP 地址、访问时间、页面浏览路径、点击与滚动行为、错误日志、性能数据等技术信息。
The third-party technology services we currently use or may use include, without limitation, Google Analytics (for traffic measurement and usage analytics), Microsoft Clarity (for page behavior analysis and experience optimization), Sentry (for error monitoring, performance monitoring and troubleshooting), and Cloudflare Turnstile (for security verification and prevention of abuse or automated attacks). Such services may collect or read technical information including Cookie identifiers, device information, browser information, IP address, access time, page-view paths, click and scroll behavior, error logs, and performance data.
The third-party services we currently use or may use include Google Analytics for traffic and usage analytics, Microsoft Clarity for behavior analytics and experience optimization, Sentry for error and performance monitoring, and Cloudflare Turnstile for security verification and anti-abuse controls. These services may collect or read technical information such as Cookie identifiers, device and browser information, IP address, access timestamps, page navigation paths, click or scroll activity, error logs, and performance metrics.
我们仅在实现平台运营、安全防护、统计分析与服务优化所必需的范围内使用上述技术,不会仅因使用该等第三方技术服务而向其提供超出必要范围的身份识别信息。除法律法规另有要求,或依据适用规则另行取得资料当事人的同意外,我们不会将通过该等技术收集的资料用于未向资料当事人说明的直接营销目的。
We use the above technologies only to the extent necessary for platform operations, security protection, statistical analysis and service optimization, and will not provide personally identifying information beyond what is necessary solely because such third-party technologies are used. Unless otherwise required by laws and regulations, or unless the Data Subject's consent is separately obtained where required by applicable rules, we will not use information collected through such technologies for direct marketing purposes that have not been disclosed to the Data Subject.
We limit the use of these technologies to what is necessary for platform operations, security, analytics, and service improvement. We do not provide personally identifying information beyond what is necessary merely because these third-party tools are used, and we will not use information collected through these technologies for undisclosed direct marketing purposes unless otherwise required by law or authorized by valid consent where applicable.
资料当事人可通过浏览器设置、设备权限、广告或隐私设置、相关第三方服务提供商提供的退出机制,管理或限制部分 Cookies 与类似技术;但若禁用某些必要 Cookies、安全验证机制或相关技术标识,可能导致账号登录、平台安全验证、页面功能或部分服务无法正常运行。
The Data Subject may manage or limit certain Cookies and similar technologies through browser settings, device permissions, advertising or privacy settings, or opt-out mechanisms provided by the relevant third-party service providers. However, disabling certain necessary Cookies, security verification mechanisms, or related identifiers may cause account sign-in, platform security verification, page functions, or certain services to malfunction.
Data Subjects may manage or restrict certain Cookies and similar technologies through browser settings, device permissions, privacy controls, or opt-out tools offered by the relevant third-party providers. However, disabling certain necessary Cookies, security verification mechanisms, or related identifiers may affect sign-in, security checks, page functionality, or the availability of some services.
4.3 参赛选手的个人资料收集 | Collection of Personal Data from Competition Participants | 4.3 Collection of Personal Data from Competition Participants | Collection of Personal Data from Competition Participants
针对已进入专属参赛赛道的参赛选手,我们分两个阶段、严格遵循最小必要原则收集个人资料,具体包括:
For Competition Participants who have entered the exclusive competition track, we collect personal data in two stages, strictly in accordance with the minimum necessity principle, specifically including:
4.3.1 参赛申请阶段 | Competition Application Stage | 4.3.1 Competition Application Stage | Competition Application Stage
参赛申请阶段,我们仅收集资格审核所必需的以下非敏感个人资料,本阶段全程不收集任何法定身份号码、金融账户信息:
At the competition application stage, we only collect the following non-sensitive personal data necessary for the qualification review, and no legal identity number or financial account information is collected during this stage:
1. 基础身份与联系方式 | Basic Identity and Contact Information:真实姓名、性别、出生日期、国籍、联系电话、电子邮箱,用于核验参赛身份的真实性、确认参赛年龄符合赛事规则要求、发送审核结果通知、赛事相关事项沟通。该信息为参赛申请的必填信息。
1. Basic Identity and Contact Information | Basic Identity and Contact Information: Real name, gender, date of birth, nationality, contact phone number, and email address, used to verify the authenticity of the participant's identity, confirm that the participant's age meets the requirements of the event rules, send notification of the review results, and communicate event-related matters. This information is mandatory for the participation application.
full name, gender, date of birth, nationality, contact number, email address, used to verify the authenticity of the competition identity, confirm that the competition age meets the Event rules, send review result notifications, and communicate Event-related matters. This is mandatory information for the competition application.
未满 14 周岁的自然人不得注册账号、提交参赛申请或使用需要注册的核心平台功能。年满 14 周岁但未满 18 周岁的未成年人,应在监护人陪同下阅读本政策及相关规则,并仅可在监护人明确同意后注册、报名或提交资料。我们可在必要时要求补充年龄、监护关系或监护人同意证明。
Natural persons under the age of 14 may not register an account, submit a competition application, or use the core platform features that require registration. Minors who are at least 14 years old but under 18 must review this Policy and the relevant rules together with their guardian, and may register, apply, or submit materials only after obtaining the guardian's explicit consent. We may require supplementary evidence of age, guardianship, or guardian consent where necessary.
2. 参赛申请材料信息 | Competition Application Material Information:教育背景、在校/工作单位、工作/实习经历、获奖经历、技能证书、技术能力说明、参赛申请文书、参赛项目简介、团队成员信息,用于参赛资格的综合评估、选手选拔、赛事评审。该信息为参赛申请的必填信息。
2. Competition Application Material Information | Competition Application Material Information: Educational background, school/employer, work/internship experience, award experience, skill certificates, technical ability description, competition application essay, competition project introduction, team member information, used for comprehensive evaluation of competition eligibility, participant selection, and competition review. This information is required for the competition application.
educational background, school/employer, work/internship experience, award history, skill certificates, technical ability statement, competition application essay, competition project introduction, team member information, used for comprehensive evaluation of competition qualifications, participant selection, and Event review. This is mandatory information for the competition application.
4.3.2 录取确认阶段 | Post-Admission Confirmation Stage | 4.3.2 Post-Admission Confirmation Stage | Post-Admission Confirmation Stage
仅在选手通过资格审核、获得正式参赛资格后,我们才会收集以下为履行赛事服务合同所必需的信息:
Only after the participant passes the qualification review and obtains the official admission qualification, we will collect the following information necessary for the performance of the event service contract:
1. 法定身份号码 | Legal Identity Number:居民身份证、护照、港澳居民来往内地通行证等有效身份证件的法定身份号码,用于最终参赛身份核验、赛事安全备案、现场入场核验。该信息为正式参赛的必填信息,若拒绝提供,将无法完成最终参赛确认。
1. Legal Identity Number | Legal Identity Number: The legal identity number of valid identification documents such as resident identity cards, passports, and permits for Hong Kong and Macao residents traveling to the mainland, etc., is used for final participant identity verification, event security registration, and on-site entry verification. This information is mandatory for official participation, and if refused to provide, the final participation confirmation cannot be completed.
legal ID number of valid identity documents such as resident ID card, passport, Mainland Travel Permit for Hong Kong and Macao Residents, used for final competition identity verification, Event safety filing, and on-site admission verification. This is mandatory information for official participation. If refused, the user will not be able to complete the final competition confirmation.
2. 金融账户信息 | Financial Account Information:银行卡号、开户银行名称、开户银行SWIFT代码、开户人姓名、开户人证件号码,用于赛事约定的出行补贴、赛事奖金、获奖激励的发放。该信息为选填信息,若拒绝提供,不影响核心参赛资格与评审结果,仅无法领取相关补贴与奖金。
2. Financial Account Information | Financial Account Information: Bank card number, name of the bank where the account was opened, SWIFT code of the bank where the account was opened, name of the account holder, and identification number of the account holder, which are used for the disbursement of travel subsidies, event prizes, and award incentives agreed upon for the event. This information is optional. If you refuse to provide it, it will not affect your core eligibility to participate or the evaluation results, but you will only be unable to receive the relevant subsidies and prizes.
bank card number, account bank name, account bank SWIFT code, account holder name, account holder ID number, used for the distribution of travel subsidies, competition bonuses, and award incentives agreed in the Event. This is optional information. If refused, it will not affect the core competition qualification and review, only the receipt of relevant subsidies and bonuses.
5. 赛事报名通道与赞助商信息共享规则 | Event Registration Channels & Sponsor Information Sharing Rules
5.1 独立报名通道定义 | Definition of Independent Registration Channels | 5.1 Definition of Independent Registration Channels | Definition of Independent Registration Channels
我们设置两个完全独立、目的与权责清晰的报名通道,参与者可根据自身需求自由选择。
We have established two fully independent registration channels with clear objectives, rights and responsibilities, and participants may freely choose according to their own needs.
5.1.1 观众观赛通道 | Visitor Audience Channel | 5.1.1 Visitor Audience Channel | Visitor Audience Channel
本通道为面向仅希望进入线下赛事会场、参与赛事公开技术分享会、展会活动等开放环节的参与者设置的免费公益通道。
This is a free public welfare channel for participants who only want to access the offline event venue, participate in public tech sharing sessions, exhibition activities and other open sessions of the event.
申请观众资格,参与者仅需提供基础注册信息(电子邮箱地址、自定义昵称),无需同意赞助商信息共享,不收集任何额外个人资料。选择本通道的参与者,可正常参与赛事所有公开开放环节,但无法进入赛事报名系统、提交任何参赛申请,无法获得任何赛事评审、打分、获奖、奖金相关权益。
To apply for the visitor qualification, participants only need to provide basic registration information (email address, custom nickname). No consent to sponsor information sharing is required, and no additional personal data will be collected. Participants who choose this channel can normally participate in all public open sessions of the event, but cannot access the competition registration system, submit any competition application, or obtain any competition judging, scoring, award-winning or bonus rights.
5.1.2 选手参赛专属通道 | Participant Competition Exclusive Channel | 5.1.2 Participant Competition Exclusive Channel | Participant Competition Exclusive Channel
本通道为面向希望报名黑客松赛事、提交参赛作品、获得赛事评审资格、角逐赛事奖金、申请项目孵化机会的参与者设置的专属赛道。我们的赞助商合作伙伴是该专属赛道的联合举办方、官方评审委员会独家成员、全部赛事奖金的唯一出资方、获奖项目孵化计划的独家提供方。
This is a special track for participants who want to sign up for the hackathon competition, submit competition works, obtain competition judging qualifications, compete for event prizes, and apply for project incubation opportunities. Our Sponsor Partners are the co-organizers, exclusive judging committee members, sole funders of all prize money, and exclusive providers of the winning project incubation program for this exclusive channel.
本通道的核心目的为开展赞助商主导的赛事评审、人才选拔、项目评估与孵化。向赞助商评审委员会共享参赛者的参赛信息,是申请本通道的必要前提,该目的与参赛赛道的核心职能直接相关,符合PDPO项下的保障资料第1原则。参与者必须就赞助商信息共享作出单独、明示、自愿、书面的同意,方可进入赛事报名流程。拒绝作出同意的参与者,仅能申请观众观赛通道,无法进入赛事报名系统、提交任何参赛申请。
The core purpose of this channel is to conduct sponsor-led competition judging, talent selection, project evaluation and incubation. The sharing of participant's competition information with the sponsor judging committee is a necessary prerequisite for applying for this channel, which is directly related to the core functions of the competition track and complies with the First Data Protection Principle under the PDPO. Participants must give their separate, express, voluntary and written consent to the sponsor information sharing before entering the competition registration process. Participants who refuse to give the consent can only apply for the Visitor Audience Channel, and cannot access the competition registration system or submit any competition application.
对于已成年参与者,是否进入赞助商参与的评审、奖金、孵化等后续流程,仍以其对信息共享的单独、明示、自愿、书面同意为前提。对于所有未成年人,我们不会向赞助商或其他合作方共享其个人资料;未成年人仍可由主办方在最小必要范围内完成报名审核,但凡以后续向合作方共享个人资料为前提的流程,我们将限制其进入相应流程,直至存在另行公示的合规机制。
For adult participants, admission into subsequent sponsor-involved judging, prize, incubation, and similar workflows remains subject to their separate, express, voluntary, and written consent to information sharing. For all minors, we will not share their personal data with sponsors or other partners. Minors may still complete registration review by the organizer on a strictly necessary basis, but we will restrict minors from entering any workflow that depends on later sharing personal data with partners, unless and until a separately announced compliant mechanism exists.
5.2 信息共享范围 | Scope of Information Sharing | 5.2 Scope of Information Sharing | Scope of Information Sharing
我们仅向赞助商评审委员会共享赛事评审、人才选拔、项目孵化所必需的以下信息,绝不共享超出该范围的任何信息:
We only share the following information necessary for competition judging, talent selection and project incubation with the sponsor judging committee, and will never share any information beyond this scope:
本节所述共享范围仅适用于已成年且已作出有效授权的参与者;对于未成年人,本节所述共享不适用。
The sharing scope described in this Section applies only to adult participants who have given valid authorization; it does not apply to minors.
1. 评审基础信息 | Basic judging information:姓名、教育背景、工作经历、团队成员信息、联系邮箱(仅用于评审结果通知与奖金发放);
1. Basic judging information: Name, educational background, work experience, team member information, contact email (used only for notification of judging results and bonus payment);
full name, educational background, work experience, team member information, contact email address (only for judging result notification and prize distribution);
2. 参赛材料 | Competition materials:参与者为赛事提交的参赛项目介绍、技术文档、工作经历、获奖经历、技术能力说明。
2. Competition materials: Introduction to the participating project, technical documents, work experience, award experience, and technical capabilities description submitted by participants for the competition.
competition project introduction, technical documents, work experience, award history, technical ability description submitted by the participant for the competition.
5.3 信息共享合规承诺 | Compliance Commitment for Information Sharing | 5.3 Compliance Commitment for Information Sharing | Compliance Commitment for Information Sharing
我们在此严格遵循PDPO作出不可撤销的郑重承诺:
We hereby make an irrevocable solemn commitment in full compliance with the PDPO:
1. 我们绝不会将上述信息提供给赞助商作直接营销用途,绝不以商业对价向任何赞助商或第三方出售、出租、转让您的个人资料,除非严格遵守PDPO第35J条的法定要求并取得您的单独、明示、书面同意;
1. We will never provide the above information to sponsors for direct marketing purposes , and will never sell, rent, or transfer your personal data to any sponsor or third party for commercial consideration, unless we strictly comply with the statutory requirements of Section 35J of the PDPO and obtain your separate, express, and written consent;
We will never provide the above information to sponsors for direct marketing purposes, and will never sell, rent, or transfer your personal data for commercial consideration to any sponsor or third party, unless we strictly comply with the statutory requirements of Section 35J of the PDPO and obtain your separate, express and written consent;
2. 我们任何情况下,绝不向任何赞助商共享法定身份号码、金融账户信息等其他采取强化保护的特定个人资料;
2. We will never share specific personal data under enhanced protection, such as legal identity numbers and financial account information, with any sponsors under any circumstances ;
We will never share legal identity number, financial account information or other specific personal data with enhanced protection to any sponsor under any circumstances;
3. 我们将在您作出同意前,完整告知您信息共享的全部细节,包括核心赞助商清单、共享信息范围、使用目的、留存期限及安全保护措施,完整赞助商清单请查阅官网《赛事信息共享合作方公告》并将在该页面实时更新。
3. We will fully inform you of all details of the information sharing prior to your consent, including the list of core sponsors, the scope of information to be shared, the purposes of use, the retention period and the security protection measures. The complete list of sponsors is available on our official website at "Public Notice of Event Information Sharing Partners" and will be updated in real time on that page.
4. 所有赞助商均已通过严格合规审核,与我们签署了具有法律约束力的数据保护协议,并承诺:仅将您的数据用于向您明确告知的赛事评审、人才选拔、奖金发放、项目孵化用途;绝不向任何其他第三方出售、出租、转让、披露您的数据;采取行业标准的安全措施保护您的数据;在评审、奖金发放、孵化流程完成后立即永久删除您的全部数据;接受我们的定期合规审计,对任何违约行为承担全部责任。
4. All sponsors have passed strict compliance reviews, signed legally binding data protection agreements with us, and committed to: using your data solely for the purposes of event evaluation, talent selection, prize distribution, and project incubation as clearly informed to you; never selling, leasing, transferring, or disclosing your data to any other third parties; implementing industry-standard security measures to protect your data; permanently deleting all your data immediately after the evaluation, prize distribution, and incubation processes are completed; and accepting our regular compliance audits and assuming full responsibility for any breach of contract.
All sponsors have passed our strict compliance review, signed a legally binding data protection agreement with us, and committed to: only use your data for competition judging, talent selection, prize distribution and project incubation purposes clearly informed to you; never sell, rent, transfer or disclose your data to any other third party; take industry-standard security measures to protect your data; permanently delete all your data immediately after the judging, prize distribution and incubation process is completed; accept our regular compliance audit, and bear full liability for breach of contract.
5. 您有权随时、免费、无理由撤回授权。撤回后,我们将立即停止向赞助商共享您的新数据,并要求赞助商停止将您的数据用于新的评审、孵化活动。授权撤回不影响撤回前已完成的评审、奖金发放活动的合法性与效力。
5. You have the right towithdraw your authorization at any time, free of charge, and without reason. After withdrawal, we will immediately stop sharing your new data with sponsors and request sponsors to stop using your data for new review and incubation activities. The withdrawal of authorization does not affect the legality and validity of review and bonus distribution activities that have been completed prior to the withdrawal.
You have the right to withdraw your authorization at any time, free of charge, without any reason. After withdrawal, we will immediately stop sharing your new data with sponsors, and require sponsors to stop using your data for new judging and incubation activities. The withdrawal of authorization will not affect the legality and validity of the judging and prize distribution activities completed before the withdrawal.
对于所有未成年人,我们不会向任何赞助商、合作方或联合评审方共享其个人资料;如某后续流程以共享为必要前提,我们将限制该未成年人进入相应流程,并仅由主办方在最小必要范围内处理其资料。
For all minors, we do not share their personal data with any sponsor, partner, or joint reviewer. Where a subsequent workflow necessarily depends on such sharing, we will restrict the minor from entering that workflow and will handle the minor's data only by the organizer and only to the minimum extent necessary.
6. 个人资料处理与使用规则 | Rules for Processing and Use of Personal Data
6.1 使用的一般规则 | General Rules for Use | 6.1 General Rules for Use | General Rules for Use
我们仅在本政策明确告知的收集目的范围内,使用资料当事人的个人资料,绝不超出目的范围使用,绝不将个人资料用于与赛事服务、非营利使命无关的任何商业目的。
We only use the personal data of the Data Subject within the scope of the collection purposes clearly informed in this Policy, never use it beyond the scope of the purposes, and never use personal data for any commercial purposes unrelated to the Event services and non-profit mission.
我们使用个人资料的合法性基础,严格遵循PDPO的相关规定,包括但不限于:① 资料当事人的明示同意;② 与资料当事人订立、履行合同所必需;③ 履行我们的法定义务所必需;④ 保护资料当事人或其他自然人的重大合法权益所必需;⑤ 行使我们的合法权益所必需,且处理行为未不合理损害资料当事人的私隐权益。
The legal basis for our use of personal data strictly complies with the relevant provisions of the PDPO, including but not limited to: ① the express consent of the Data Subject; ② necessary for the performance of a contract between us and the Data Subject; ③ necessary for the performance of our statutory obligations; ④ necessary for the protection of the vital legitimate interests of the Data Subject or other natural persons; ⑤ necessary for the exercise of our legitimate rights and interests, and the processing does not unreasonably prejudice the privacy rights of the Data Subject.
若我们需将个人资料用于本政策未告知的新目的,将提前以书面、邮件、平台公告的方式,完整告知资料当事人新的处理目的、使用范围、处理方式,取得资料当事人的明示书面同意后,方会开展相关处理活动,法律法规另有强制性规定的除外。
If we need to use personal data for a new purpose not informed in this Policy, we will fully inform the Data Subject of the new processing purpose, scope of use, and processing method in advance by written, email, or Platform announcement, and will only carry out relevant processing activities after obtaining the express written consent of the Data Subject, unless otherwise mandatory by laws and regulations.
6.2 具体使用场景 | Specific Use Scenarios | 6.2 Specific Use Scenarios | Specific Use Scenarios
我们将在以下场景,严格按照对应的目的使用资料当事人的个人资料,全程与我们的非营利公益使命保持一致:
We will use the personal data of the Data Subject in the following scenarios, in strict accordance with the corresponding purposes, and in full alignment with our non-profit public welfare mission:
1. 赛事核心服务提供 | Provision of Core Event Services:使用基础注册信息完成平台账号管理、身份核验、安全验证、密码找回;使用参赛申请信息完成参赛资格审核、选手选拔、评审打分、录取确认、赛事合同订立;使用法定身份号码完成最终参赛身份核验、赛事安全备案、现场入场核验;使用金融账户信息完成赛事出行补贴、奖金、激励的发放与核验;使用行程相关信息完成赛事现场接待、行程安排、后勤保障、应急处置。
1. Provision of Core Event Services : Use basic registration information to complete platform account management, identity verification, security verification, and password retrieval; use event application information to complete eligibility review, participant selection, judging and scoring, admission confirmation, and event contract execution; use legal identification numbers to complete final participant identity verification, event security filing, and on-site entry verification; use financial account information to complete the issuance and verification of event travel subsidies, prizes, and incentives; Use itinerary-related information to complete on-site event reception, itinerary arrangement, logistics support, and emergency response.
Use basic registration information to complete platform account management, identity verification, security verification, and password retrieval; use competition application information to complete competition qualification review, participant selection, review scoring, admission confirmation, and event contract conclusion; use legal identity number to complete final competition identity verification, Event safety filing, and on-site admission verification; use financial account information to complete the distribution and verification of Event travel subsidies, bonuses, and incentives; use itinerary related information to complete Event on-site reception, itinerary arrangement, logistics support, and emergency response.
2. 赛事沟通与通知 | Event Communication and Notification:使用联系方式向资料当事人发送账号安全通知、参赛申请审核结果、赛事流程通知、活动安排变更、评审结果公示、奖金发放通知等赛事服务相关的必要信息;使用联系方式响应资料当事人的咨询、投诉、权利行使申请,提供相关客户服务与支持。
2. Event Communication and Notification | Event Communication and Notification: Use contact information to send necessary information related to event services to data subjects, such as account security notifications, results of participation application reviews, event process notifications, changes to event arrangements, announcements of review results, and notifications of prize distribution; use contact information to respond to inquiries, complaints, and requests for exercise of rights from data subjects, and provide relevant customer service and support.
Use contact details to send necessary information related to Event services to the Data Subject, including account security notifications, competition application review results, Event process notifications, event arrangement changes, review result announcements, and bonus distribution notifications; use contact details to respond to the Data Subject's consultations, complaints, right exercise applications, and provide relevant customer service and support.
2.1 消息通知 | Message Notifications:您知悉并同意,我们在运营中可能会通过您在使用产品或服务过程中所提供的联系方式(包括但不限于电子邮箱地址、电话号码),向您发送一种或多种通知,例如服务消息、身份验证、安全验证、活动提醒、报名进度、奖金与报销流程通知、用户体验调研等;在严格遵守 PDPO 对直接营销的要求并取得适用同意的前提下,我们也可能通过电子邮件、短信或电话向您发送您可能感兴趣的服务、功能、活动或合作机会信息。若您不愿继续接收该等商业性信息,您可通过邮件中的退订链接退订,或直接通过官方联系渠道联系我们办理退订。
2.1 Message Notifications | Message Notifications: You acknowledge and agree that, in the course of our operations, we may use the contact information you provide when using our products or services, including but not limited to your email address and phone number, to send one or more types of notifications to you, such as service messages, identity verification, security verification, event reminders, application progress updates, prize and reimbursement process notifications, and user experience surveys. Subject to strict compliance with the PDPO requirements applicable to direct marketing and the obtaining of any required consent, we may also send you information about services, functions, events, or cooperation opportunities that may interest you by email, SMS, or telephone. If you do not wish to continue receiving such commercial information, you may unsubscribe through the unsubscribe link in the email or contact us directly through our official contact channels to opt out.
We may use the contact details you provide, including your email address and phone number, to send service notifications, identity or security verification messages, event reminders, application progress updates, prize and reimbursement notices, and user experience surveys. Where required under the PDPO for direct marketing, we will obtain the relevant consent before sending commercial information about services, features, events, or cooperation opportunities by email, SMS, or phone. You may opt out of such commercial communications at any time through the unsubscribe link in the email or by contacting us through our official channels.
3. 平台运营与优化 | Platform Operation and Optimization:使用技术日志信息保障平台的正常稳定运行,防范、排查、修复网络安全漏洞、技术故障、系统崩溃;使用技术日志信息分析用户的平台使用习惯,优化平台功能、页面设计、操作流程,提升用户体验;使用技术日志信息防范网络攻击、网络诈骗、恶意注册、违规操作等风险行为,保障平台与用户的账号、财产安全。
3. Platform Operation and Optimization | Platform Operation and Optimization: Use technical log information to ensure the normal and stable operation of the platform, prevent, detect, and repair network security vulnerabilities, technical failures, and system crashes; use technical log information to analyze users' platform usage habits, optimize platform functions, page design, and operation processes, and enhance user experience; use technical log information to prevent risk behaviors such as cyberattacks, online fraud, malicious registration, and illegal operations, and safeguard the account and property security of the platform and users.
Use technical log information to ensure the normal and stable operation of the Platform, prevent, troubleshoot and repair network security vulnerabilities, technical faults, and system crashes; use technical log information to analyze the Data Subject's Platform usage habits, optimize Platform functions, page design, and operation processes, and improve user experience; use technical log information to prevent risk behaviors such as cyber attacks, online fraud, malicious registration, and illegal operations, and protect the account and property security of the Platform and the Data Subject.
4. 赛事安全与合规管理 | Event Safety and Compliance Management:使用身份信息、现场核验信息完成赛事现场人员管控、安全管理、人流统计、应急处置,保障赛事现场的人身、财产安全;使用个人资料履行法律法规要求的安全备案、监管上报、审计核查等法定义务;使用个人资料处理赛事相关的合同纠纷、知识产权争议、投诉索赔、诉讼仲裁等法律事宜。
4. 4Event Safety and Compliance Management | Event Safety and Compliance Management : Use identity information and on-site verification information to complete personnel control, safety management, crowd flow statistics, and emergency response at the event site, ensuring the safety of personnel and property; use personal information to fulfill legal obligations such as safety filing, regulatory reporting, and audit verification required by laws and regulations; use personal information to handle legal matters such as contract disputes, intellectual property disputes, complaints and claims, litigation and arbitration related to the event.
Use identity information and on-site verification information to complete Event on-site personnel control, safety management, passenger flow statistics, and emergency response, to protect the personal and property safety of the Event site; use personal data to perform statutory obligations such as safety filing, regulatory reporting, and audit verification required by laws and regulations; use personal data to handle legal matters related to the Event, such as contract disputes, intellectual property disputes, complaint claims, litigation and arbitration.
5. 参赛选手群体分析与赛事优化(仅非营利目的) | Participant Group Analysis and Event Optimization (Non-Profit Purpose Only):针对参赛选手,在取得其单独、明示、自愿同意的前提下,使用其提交的参赛申请材料、个人简历、教育背景、项目信息,进行参赛选手群体画像分析、青年创新人才研究、科技创新行业趋势分析;群体分析仅使用去标识化、匿名化后的数据集,分析结果为汇总性、非识别性的宏观统计数据,无法通过任何技术手段识别到特定自然人;分析结果仅用于赛事内容与赛制优化、青年创新公益项目开发、行业研究报告编制,绝不用于任何损害资料当事人合法权益的行为。
5. Participant Group Analysis and Event Optimization (Non-Profit Purpose Only): For participants, on the premise of obtaining their separate, explicit, and voluntary consent, use the submitted application materials, resumes, educational backgrounds, and project information to conduct participant group portrait analysis, research on young innovative talents, and analysis of trends in the science and technology innovation industry;Group analysis only uses de-identified and anonymized datasets, and the analysis results are aggregated, non-identifiable macro Statistical Data that cannot be used to identify specific natural persons through any technical means; the analysis results are only used for optimizing event content and competition systems, developing youth innovation public welfare projects, and compiling industry research reports, and will never be used for any actions that harm the legitimate rights and interests of data subjects.
For Competition Participants, with the separate, express and voluntary consent of the participants, use the competition application materials, personal resumes, educational background, and project information submitted by them to conduct participant group portrait analysis, youth innovation talent research, and technological innovation industry trend analysis; the group analysis only uses de-identified and anonymized data sets, and the analysis results are aggregated, non-identifiable macro statistical data, which cannot be identified to a specific Data Subject by any technical means; the analysis results are only used for the optimization of Event content and competition format, the development of youth innovation public welfare programs, and the compilation of industry research reports, and are never used for any behavior that damages the legitimate rights and interests of the Data Subject.
6.3 直接营销合规规则 | Direct Marketing Compliance Rules | 6.3 Direct Marketing Compliance Rules | Direct Marketing Compliance Rules
我们仅在严格遵守PDPO第35C条的法定要求、取得资料当事人的单独、明示、自愿同意后,方会将资料当事人的个人资料用于直接营销目的。
We will only use the personal data of the Data Subject for direct marketing purposes after strictly complying with the statutory requirements of Section 35C of the PDPO and obtaining the separate, express and voluntary consent of the Data Subject.
在取得资料当事人的直接营销同意前,我们将以书面形式向资料当事人明确告知以下订明信息:
Before obtaining the consent of the Data Subject for direct marketing, we will clearly inform the Data Subject of the following prescribed information in writing:
1. 我们拟用于直接营销的个人资料种类;
1. The types of personal data we intend to use for direct marketing;
The types of personal data we intend to use for direct marketing;
2. 我们拟通过直接营销推广的产品、服务、活动、机会或商业前景的类别;
2. The categories of products, services, activities, opportunities, or business prospects that we intend to promote through direct marketing;
The categories of goods, services, events, opportunities or commercial prospects we intend to promote through direct marketing;
3. 资料当事人可随时免费、无理由要求我们停止使用其个人资料作直接营销的渠道与方式。
3. Data subjects may at any time, free of charge and without reason, request us to cease using their personal data as a channel or method for direct marketing.
The channel and method for the Data Subject to request us to stop using their personal data for direct marketing free of charge and without reason at any time.
若我们以口头方式取得资料当事人的直接营销同意,将严格遵循PDPO要求,在取得口头同意之日起14个日历日内,以书面形式向资料当事人确认该同意及上述订明信息。
If we obtain the Data Subject's consent for direct marketing orally, we will confirm the consent and the above prescribed information to the Data Subject in writing within 14 calendar days from the date of obtaining the oral consent, in full compliance with the PDPO.
在向资料当事人发送的每一条营销信息中,我们均会提供清晰、便捷、免费的退订渠道,资料当事人有权随时免费反对我们的直接营销行为。收到资料当事人的反对申请后,我们将立即永久停止使用其个人资料作直接营销。
In each direct marketing message sent to the Data Subject, we will provide a clear, convenient and free unsubscribe channel, and the Data Subject has the right to object to our direct marketing activities free of charge at any time. After receiving the Data Subject's objection, we will immediately and permanently stop using their personal data for direct marketing.
6.4 向第三方提供个人资料作直接营销的规则 | Rules for Providing Personal Data to Third Parties for Direct Marketing | 6.4 Rules for Providing Personal Data to Third Parties for Direct Marketing | Rules for Providing Personal Data to Third Parties for Direct Marketing
除非严格遵守PDPO第35J条的全部法定要求、取得资料当事人的单独、明示、书面同意,否则我们绝不会将资料当事人的个人资料提供给任何第三方作直接营销用途。
Unless we strictly comply with all statutory requirements of Section 35J of the PDPO and obtain the Data Subject's separate, express and written consent, we will never provide the Data Subject's personal data to any third party for direct marketing purposes.
在向第三方提供个人资料作直接营销前,我们将以书面形式向资料当事人明确告知以下订明信息,并取得资料当事人的书面同意:
Before providing personal data to a third party for direct marketing, we will clearly inform the Data Subject of the following prescribed information in writing, and obtain the Data Subject's written consent:
1. 我们拟向第三方提供的个人资料种类;
1. Types of personal data we intend to provide to third parties;
The types of personal data we intend to provide to the third party;
2. 我们是否拟因向第三方提供个人资料而收取任何金钱或其他利益;
2. Whether we intend to receive any monetary or other benefits for providing personal data to third parties;
Whether we intend to receive any monetary or other gain from providing the personal data to the third party;
3. 个人资料拟提供予的人士类别;
3. 3Categories of individuals to whom personal information is intended to be provided;
The classes of persons to whom the personal data is intended to be provided;
4. 第三方拟使用个人资料作直接营销的产品、服务、活动、机会或商业前景的类别;
4. Categories of products, services, activities, opportunities, or business prospects for which a third party intends to use personal data for direct marketing;
The categories of goods, services, events, opportunities or commercial prospects for which the personal data is intended to be used by the third party for direct marketing;
5. 资料当事人可要求我们停止向第三方提供其个人资料的渠道与方式。
5. Data subjects may request us to cease the channels and methods through which we provide their personal data to third parties.
The channel and method for the Data Subject to request us to stop providing their personal data to the third party.
7. 个人资料委托处理与第三方转移规则 | Rules for Entrusted Processing and Third-Party Transfer of Personal Data
7.1 核心禁止性承诺 | Core Prohibitive Commitment | 7.1 Core Prohibitive Commitment | Core Prohibitive Commitment
除非法律法规另有强制性规定,或取得资料当事人的单独、明示、书面同意,否则我们绝不会以任何形式出售、出租、有偿转让、共享资料当事人的个人资料给任何商业第三方。
Unless otherwise required by mandatory laws and regulations, or with the separate, express and written consent of the Data Subject, we will never sell, rent, transfer for consideration, or share the personal data of the Data Subject to any commercial third party in any form.
7.2 跨境数据转移声明 | Cross-Border Data Transfer Statement | 7.2 Cross-Border Data Transfer Statement | Cross-Border Data Transfer Statement
PDPO第33条(个人资料跨境转移限制条款)至今未被香港政府实施生效,香港现行法律项下无个人资料跨境转移的法定禁止性规定。
Section 33 of the PDPO (restrictions on cross-border transfer of personal data) has not been brought into force by the Hong Kong government to date. There is no statutory prohibition on cross-border transfer of personal data under the current laws of Hong Kong.
我们自愿将全部服务器及数据存储节点部署于香港特别行政区境内,个人资料的全部核心处理均在香港境内完成。除非已向资料当事人完整告知相关详情、取得资料当事人的明示书面同意,否则我们不会将资料当事人的个人资料转移至香港以外的任何地区。
We voluntarily deploy all servers and data storage nodes within the territory of the Hong Kong Special Administrative Region, and all core processing of personal data is completed within Hong Kong. We will not transfer the Data Subject's personal data to any region outside Hong Kong unless we have fully informed the Data Subject of the relevant details and obtained the Data Subject's express written consent.
7.3 委托处理规则 | Entrusted Processing Rules | 7.3 Entrusted Processing Rules | Entrusted Processing Rules
我们仅在为实现本政策告知的处理目的确有必要的前提下,委托具备相应个人资料安全保护能力、符合合规要求的第三方,在严格限定的授权范围内处理个人资料,具体规则如下:
We only entrust third parties with appropriate personal data security capabilities and compliance qualifications to process personal data within the strictly limited scope of authorization, only when it is really necessary to achieve the processing purposes informed in this Policy. The specific rules are as follows:
我们仅会在以下场景委托第三方处理个人资料,绝不超出本政策告知的处理目的委托处理,绝不将个人资料委托给不符合合规要求的第三方:
We will only entrust third parties to process personal data in the following scenarios, never entrust processing beyond the processing purposes informed in this Policy, and never entrust personal data to third parties that do not meet compliance requirements:
1. 香港本地持牌云服务提供商,提供香港境内服务器存储、技术运维、安全防护、容灾备份服务;
1. A locally licensed cloud service provider in Hong Kong, offering server storage, technical operation and maintenance, security protection, and disaster recovery backup services within Hong Kong;
Hong Kong local licensed cloud service providers, providing Hong Kong local server storage, technical operation and maintenance, security protection, and disaster recovery backup services;
2. 香港本地持牌邮件服务商,提供赛事通知、审核结果、用户咨询回复的邮件发送服务;
2. A licensed local mail service provider in Hong Kong, offering email sending services for event notifications, review results, and user inquiry responses;
Hong Kong local licensed email service providers, providing email sending services for Event notifications, review results, user consultation responses;
3. 香港本地持牌金融机构,仅用于赛事奖金、补贴发放的账户核验与资金划转服务;
3. A licensed local Hong Kong financial institution, providing only account verification and fund transfer services for the disbursement of event prizes and subsidies;
Hong Kong local licensed financial institutions, only providing account verification and fund transfer services for the distribution of Event bonuses and subsidies;
4. 香港本地合规技术服务提供商,仅提供平台系统开发、功能优化、安全防护服务,无用户核心个人资料访问权限;
4. A Hong Kong-based compliance technology service provider that only provides platform system development, function optimization, and security protection services, without access to users' core personal information;
Hong Kong local compliant technical service providers, only providing Platform system development, function optimization, security protection services, without access to the core personal data of users;
5. 第三方线下活动执行合作方,仅提供赛事场地对接、现场后勤保障、电子入场凭证核验服务,仅可读取脱敏核验码,不得收集、存储、处理、传输任何个人资料,核验完成后立即清除所有临时数据。
5. Third - party offline event execution partners only provide services such as event venue coordination, on - site logistics support, and electronic admission credential verification, and can only read desensitized verification codes. They are not allowed to collect, store, process, or transmit any personal data, and must immediately clear all temporary data after verification is completed.
Third-party offline event execution partners, only providing Event venue docking, on-site logistics support, and electronic admission voucher verification services, only able to read desensitized verification codes, shall not collect, store, process, or transfer any personal data, and immediately clear all temporary data after verification.
所有受托方均需通过我们严格的合规审核,具备完善的个人资料保护体系、相应的技术能力、合规资质与从业经验,能够达到PDPO要求的个人资料保护标准。所有受托方均需与我们签署具有法律约束力的委托处理协议、数据保密承诺书,明确约定个人资料保护的相关权利义务。
All entrusted parties must pass our strict compliance review, have a complete personal data protection system, corresponding technical capabilities, compliance qualifications and industry experience, and can meet the personal data protection standards required by the PDPO. All entrusted parties must sign a legally binding entrusted processing agreement and data confidentiality commitment letter with us, which clearly stipulates the relevant rights and obligations of personal data protection.
我们与受托方签署的委托处理协议,严格遵循PDPO的相关要求,明确约定以下核心内容:委托处理的目的、期限、方式;委托处理的个人资料的种类、范围、敏感程度;双方的权利、义务与责任划分;个人资料安全保障措施、保密义务;数据泄露事件的应急处置与责任承担;委托期限届满后的个人资料删除、返还要求;禁止受托方超出授权范围处理个人资料;禁止受托方将个人资料转委托给任何其他第三方;违约责任与损害赔偿责任。
The entrusted processing agreement signed by us and the entrusted party will strictly comply with the relevant requirements of the PDPO, and clearly stipulate the following core contents: purpose, term and method of entrusted processing; type, scope and sensitivity of personal data for entrusted processing; division of rights, obligations and liabilities of both parties; personal data security protection measures, confidentiality obligations; emergency disposal and liability for data leakage incidents; requirements for deletion and return of personal data after the expiration of the entrustment term; prohibition of the entrusted party from processing personal data beyond the scope of authorization; prohibition of the entrusted party from re-entrusting personal data to any other third party; liability for breach of contract and damage compensation.
我们将对受托方的个人资料处理行为进行持续的监督与管理,每半年开展一次全面的合规审计,定期核查受托方的个人资料保护措施落实情况。若发现受托方存在违反约定、违反PDPO规定的处理行为,我们将立即终止合作,要求受托方立即永久删除全部相关个人资料,不保留任何副本、备份,并依法追究受托方的全部法律责任与损害赔偿责任。
We will conduct continuous supervision and management of the personal data processing activities of the entrusted party, conduct a comprehensive compliance audit every six months, and regularly check the implementation of the personal data protection measures of the entrusted party. If we find that the entrusted party has processing activities that violate the agreement or the provisions of the PDPO, we will immediately terminate the cooperation, require the entrusted party to immediately and permanently delete all relevant personal data without retaining any copies or backups, and pursue all legal liabilities and damage compensation liabilities of the entrusted party in accordance with the law.
根据PDPO第65(2)条规定,任何获授权的资料处理者就个人资料处理作出的行为,视同我们(资料使用者)本人作出的行为。我们对受托方的所有个人资料处理行为承担全部法定法律责任。若受托方违反约定、违反PDPO规定处理个人资料,造成资料当事人任何损害的,我们将先行向资料当事人承担全部赔偿责任,并有权向受托方全额追偿。
In accordance with Section 65(2) of the PDPO, any act of an authorized data processor in relation to the processing of personal data shall be treated as done by us (the Data User). We bear full statutory legal liability for all personal data processing activities of the entrusted party. If the entrusted party violates the agreement or the provisions of the PDPO to process personal data, causing any damage to the Data Subject, we will bear full compensation liability to the Data Subject first, and have the right to full recourse from the entrusted party.
7.4 向第三方转移的法定例外情形 | Statutory Exceptions for Transfer to Third Parties | 7.4 Statutory Exceptions for Transfer to Third Parties | Statutory Exceptions for Transfer to Third Parties
我们仅在以下符合PDPO规定的法定情形下,向第三方转移、披露资料当事人的个人资料,且仅在实现相关目的的最小必要范围内进行:
We will only transfer or disclose the personal data of the Data Subject to a third party under the following statutory circumstances in compliance with the PDPO, and only within the minimum scope necessary to achieve the relevant purposes:
1. 法律法规、司法机关、监管机构有强制性要求,包括但不限于响应法院的传票、判决、裁定,PCPD的监管问询、执法调查、合规要求,以及香港警务处、廉政公署等执法机构的法定要求;
1. There are mandatory requirements from laws and regulations, judicial authorities, and regulatory agencies, including but not limited to responding to court subpoenas, judgments, and rulings, Regulatory Inquiries, law enforcement investigations, and compliance requirements from the PCPD, as well as statutory requirements from law enforcement agencies such as the Hong Kong Police Force and the Independent Commission Against Corruption;
Mandatory requirements by laws and regulations, judicial authorities, or regulatory bodies, including but not limited to responding to court summonses, judgments, rulings, regulatory inquiries, law enforcement investigations, and compliance requirements from the PCPD, as well as statutory requirements from law enforcement agencies such as the Hong Kong Police Force and the Independent Commission Against Corruption;
2. 为保护资料当事人或其他自然人的生命健康、财产安全、重大合法权益,在紧急情况下所必需的披露;
1. Disclosure necessary in an emergency to protect the life, health, property safety, or significant legitimate rights and interests of data subjects or other natural persons;
Disclosure necessary in an emergency to protect the life, health, property safety, or vital legitimate interests of the Data Subject or other natural persons;
3. 为履行我们的法定义务、行使我们的合法诉讼权利、维护我们的合法权益所必需的披露;
1. Disclosures necessary for fulfilling our legal obligations, exercising our legitimate litigation rights, and safeguarding our legitimate rights and interests;
Disclosure necessary for the performance of our statutory obligations, the exercise of our legitimate litigation rights, and the protection of our legitimate rights and interests;
4. 资料当事人已作出单独、明示、书面同意,且明确知晓转移的接收方、目的、范围、风险的披露。
1. The data subject has given separate, explicit, and written consent, and clearly understands the disclosure of the recipient, purpose, scope, and risks of the transfer.
Disclosure where the Data Subject has given separate, express, written consent, and is fully aware of the receiving party, purpose, scope, and risks of the transfer.
8. 个人资料存储与留存期限 | Storage and Retention Period of Personal Data
8.1 存储加密与安全 | Storage Encryption and Security | 8.1 Storage Encryption and Security | Storage Encryption and Security
我们采用行业标准的加密技术,对个人资料实施全生命周期加密保护:所有个人资料采用AES-256对称加密算法进行静态存储加密,对个人资料传输过程采用TLS 1.3加密协议进行全程动态加密,确保个人资料的保密性、完整性与可用性。
We adopt industry-standard encryption technology to implement full-life-cycle encryption protection for personal data: AES-256 symmetric encryption algorithm is used for static storage encryption of all personal data, and TLS 1.3 encryption protocol is used for full-process dynamic encryption of personal data transmission, to ensure the confidentiality, integrity and availability of personal data.
我们采用数据脱敏和去标识化技术,对非必要场景下的个人资料进行脱敏处理,隐藏可直接识别资料当事人的核心字段,降低个人资料泄露的安全风险。
We adopt data desensitization and de-identification technology to desensitize personal data in non-essential scenarios, hiding the core fields that can directly identify the Data Subject, so as to reduce the security risk of personal data leakage.
我们建立了完善的香港本地数据备份与容灾恢复机制,每日对个人资料进行全量+增量加密备份,备份数据存储于香港本地异地容灾节点。我们定期开展容灾恢复演练,确保在发生系统故障、自然灾害、突发事件时,能够快速恢复数据与系统服务,保障数据完整性与可用性。
We have established a complete local data backup and disaster recovery mechanism in Hong Kong, conduct full + incremental encrypted backup of personal data every day, and the backup data is stored in an off-site disaster recovery node in Hong Kong. We carry out disaster recovery drills on a regular basis to ensure that data and system services can be quickly recovered in the event of system failure, natural disasters and emergencies, so as to ensure the integrity and availability of data.
8.2 留存期限的一般规则 | General Rules for Retention Period | 8.2 General Rules for Retention Period | General Rules for Retention Period
我们严格恪守PDPO项下的保障资料第2原则,仅在实现本政策明确告知的处理目的所必需的最短期限内,留存资料当事人的个人资料。留存期限届满后,我们将立即对个人资料执行永久删除或不可逆匿名化处理,绝不超期留存,除非法律法规另有强制性规定。
We strictly abide by Data Protection Principle 2 under the PDPO, and only retain the personal data of the Data Subject within the shortest period necessary to achieve the processing purposes clearly informed in this Policy. After the expiration of the retention period, we will immediately perform permanent deletion or irreversible anonymization of the personal data, and will never retain it beyond the period, unless otherwise mandatory by laws and regulations.
根据PDPO第26条规定,当资料当事人的个人资料不再为其被使用的目的所必需时,我们将采取所有切实可行的步骤删除该资料,除非:(1) 法律禁止删除该资料;(2) 不删除该资料符合公众利益(包括历史方面的利益)。
In accordance with Section 26 of the PDPO, when the personal data of the Data Subject is no longer necessary for the purpose for which it is used, we will take all practicable steps to erase the data, unless: (1) the erasure is prohibited by law; (2) it is in the public interest (including historical interest) for the data not to be erased.
若因诉讼、仲裁、监管要求、执法调查等法定情形,需要延长个人资料存储期限的,我们仅在该法定情形存续期间继续留存相关个人资料,期间不开展任何与法定情形无关的处理活动。法定情形消失后10个工作日内,我们将立即对相关个人资料执行永久删除或不可逆匿名化处理。
If the storage period of personal data needs to be extended due to statutory circumstances such as litigation, arbitration, regulatory requirements, or law enforcement investigations, we will only continue to retain the relevant personal data during the existence of the statutory circumstances, and will not carry out any processing activities unrelated to the statutory circumstances during the period. Within 10 working days after the statutory circumstances disappear, we will immediately perform permanent deletion or irreversible anonymization of the relevant personal data.
8.3 分级分类留存期限 | Classified Retention Period | 8.3 Classified Retention Period | Classified Retention Period
我们严格遵循最小必要原则,针对不同用户类型、不同类型的个人资料,设置差异化的留存期限,具体如下:
We set differentiated retention periods for different user types and different types of personal data in strict accordance with the principle of minimum necessity, specifically as follows:
1. 正式录取参赛选手的个人资料(分级存储) | Personal Data of Officially Admitted Competition Participants (Classified Storage)
1. Personal Data of Officially Admitted Competition Participants (Classified Storage) | Personal Data of Officially Admitted Competition Participants (Classified Storage)
- 第一类:采取强化保护的特定个人资料 | Category 1: Specific Personal Data with Enhanced Protection(法定身份号码、银行卡号等金融账户信息):留存期限为自AdventureX 2026全系列活动结束之日起12个月(1年)止;期限届满后,我们将立即执行永久删除处理,不做任何备份、留存;
必要性依据:仅满足赛事结束后身份核验追溯、安全事件核查、法定纠纷处理的最低需求,符合PDPO最小必要存储原则。
legal identity number, financial account information such as bank card number: the retention period is 12 months (1 year) from the date of the end of the full series of AdventureX 2026 events; after the expiration of the period, we will immediately perform permanent deletion processing without any backup or retention;
Necessity basis: only meet the minimum requirements for identity verification traceability, security incident investigation, and statutory dispute handling after the Event, which complies with the minimum necessary storage principle of the PDPO.
- 第二类:参赛申请与项目材料 | Category 2: Competition Application and Project Materials(个人简历、教育背景、工作经历、获奖经历、参赛申请文书、参赛项目简介、技术能力说明等非敏感参赛材料):留存期限为自AdventureX 2026全系列活动结束之日起36个月(3年)止;期限届满后,我们将立即执行永久删除或不可逆匿名化处理;
必要性依据:满足香港法定诉讼时效内的赛事合同履约、奖金发放追溯、知识产权归属确认、参赛资格复核、合同纠纷处理、维权与应诉需求,以及非营利青年创新人才库建设、公益项目优化的合法权益,完全符合PDPO的资料保留要求。
personal resume, educational background, work experience, award experience, competition application documents, competition project introduction, technical ability description and other non-sensitive competition materials: the retention period is 36 months (3 years) from the date of the end of the full series of AdventureX 2026 events; after the expiration of the period, we will immediately perform permanent deletion or irreversible anonymization processing;
Necessity basis: to meet the needs of event contract performance, bonus distribution traceability, intellectual property ownership confirmation, competition qualification review, contract dispute handling, rights protection and response within the statutory limitation of action in Hong Kong, as well as the legitimate rights and interests of non-profit youth innovation talent pool construction and public welfare project optimization, which fully complies with the data retention requirements of the PDPO.
2. 未通过审核的参赛申请用户个人资料 | Personal Data of Competition Applicants who fail to pass the review:留存期限为自审核结果出具之日起24个月(2年)内永久删除;
1. Personal Data of Competition Applicants who fail to pass the review | Personal Data of Competition Applicants who fail to pass the review: The retention period is from the date of issuance of the review resultto be permanently deleted within 24 months (2 years);
必要性依据:参考PCPD关于落选应征者资料留存的官方指引,仅满足审核结果异议处理、歧视相关投诉及用户维权的最低需求,符合最小必要原则。
the retention period is permanent deletion within 24 months (2 years) from the date of issuance of the review result;
Necessity basis: with reference to the official guidelines of the PCPD on the retention of data of unsuccessful applicants, it only meets the minimum requirements for handling objections to review results, discrimination-related complaints and user rights protection, which is in line with the principle of minimum necessity.
3. 访客用户个人资料 | Personal Data of Visitor Users:留存期限为自用户注册之日起、或AdventureX 2026全系列活动结束之日起(以较晚者为准)3个月内永久删除;
1. Personal Profile of Visitor Users | Personal Data of Visitor Users: Retention period is within 3 months from the date of user registration or the end date of all AdventureX 2026 series activities (whichever is later) for permanent deletion;
必要性依据:仅满足活动期间安全管理、用户咨询处理的最低需求,符合最小必要原则。
the retention period is permanent deletion within 3 months from the date of the user's registration or the date of the end of the full series of AdventureX 2026 events (whichever is later);
Necessity basis: only meet the minimum requirements for safety management and user consultation processing during the event, which is in line with the principle of minimum necessity.
4. 技术日志信息 | Technical Log Information:留存期限为自日志生成之日起6个月止,期限届满后立即执行永久删除处理;仅在发生安全事件、诉讼仲裁、监管要求的情况下可延长留存期限,法定情形消失后立即删除。
1. Technical Log Information | Technical Log Information: The retention period is from the date of log generationfor 6 months, and permanent deletion processing will be immediately executed upon expiration of the period; the retention period may be extended only in the event of a security incident, litigation or arbitration, or regulatory requirements, and deletion will be immediately carried out after the legal circumstances disappear.
the retention period is 6 months from the date of log generation, and permanent deletion will be performed immediately after the expiration of the period; it can only be retained for an extended period in the event of a security incident, litigation arbitration, or regulatory requirements, and will be deleted immediately after the statutory circumstances disappear.
5. 营销授权相关信息 | Marketing Authorization Related Information:若资料当事人同意我们使用其个人资料作直接营销,相关信息留存至资料当事人撤回营销授权之日止,撤回后立即删除相关营销处理记录,不影响其他必要资料的留存。
1. Marketing Authorization Related Information | Marketing Authorization Related Information: If the data subject consents to our use of their personal data for direct marketing, the related information will be retained until the date the data subject withdraws their marketing authorization. After the withdrawal, the related marketing processing records will be deleted immediately, without affecting the retention of other necessary data.
If the Data Subject consents to our use of their personal data for direct marketing, the relevant information will be retained until the Data Subject withdraws the marketing authorization, and the relevant marketing processing records will be deleted immediately after withdrawal, without affecting the retention of other necessary data.
6. 赞助商授权相关信息 | Sponsor Authorization Related Information:赞助商信息对接平台的授权展示信息,留存期限与资料当事人的授权有效期一致,资料当事人关闭授权后,立即永久删除平台内的对应展示信息,不做任何留存备份。
1. Sponsor Authorization Related Information | Sponsor Authorization Related Information: The authorized display information on the Sponsor Information Docking Platform has a retention period consistent with the authorization validity period of the data subject. After the data subject revokes the authorization, the corresponding display information within the platform will be immediately and permanently deleted, without any retention or backup.
The authorized display information on the Sponsor Information Docking Platform has the same retention period as the validity period of the Data Subject's authorization. After the Data Subject closes the authorization, the corresponding display information in the platform will be permanently deleted immediately without any retention backup.
8.4 永久删除与匿名化的合规标准 | Compliance Standards for Permanent Deletion and Anonymization | 8.4 Compliance Standards for Permanent Deletion and Anonymization | Compliance Standards for Permanent Deletion and Anonymization
永久删除标准 | Permanent Deletion Standard:我们对个人资料执行逻辑删除+物理双重删除,彻底清除所有服务器、备份系统、缓存、日志、第三方存储中的对应个人资料全部副本,确保无法通过任何技术手段复原、检索、识别到特定资料当事人。
Permanent Deletion Standard: We perform logical deletion + physical dual deletion of personal data, completely clear all copies of the corresponding personal data in all servers, backup systems, caches, logs, and third-party storage, to ensure that it cannot be recovered, retrieved, or identified to a specific Data Subject by any technical means.
不可逆匿名化标准 | Irreversible Anonymization Standard:我们对个人资料执行的匿名化处理,严格符合PCPD发布的相关指引要求,处理后的信息无法通过任何技术手段、结合任何其他信息识别到特定资料当事人,且无法复原。匿名化处理后的信息不属于PDPO项下的个人资料,不受本政策约束。
Irreversible Anonymization Standard: The anonymization processing we perform on personal data strictly complies with the relevant guidelines issued by the PCPD. The processed information cannot be identified to a specific Data Subject by any technical means, in combination with any other information, and cannot be reversed. Anonymized information does not constitute Personal Data under the PDPO and is not bound by this Policy.
9. 个人资料安全保障措施 | Personal Data Security Protection Measures
我们严格恪守PDPO项下的保障资料第4原则,采取行业标准的技术、管理、物理、人员安全措施,建立覆盖个人资料全生命周期的安全保护体系,全方位保障个人资料的安全,杜绝未经授权的访问、收集、使用、披露、泄露、篡改、丢失、损坏。
We strictly abide by Data Protection Principle 4 under the PDPO, adopt industry-standard technical, management, physical and personnel security measures, establish a security protection system covering the whole life cycle of personal data, comprehensively protect the security of personal data, and prevent unauthorized access, collection, use, disclosure, leakage, tampering, loss and damage of personal data.
9.1 技术安全措施 | Technical Security Measures | 9.1 Technical Security Measures | Technical Security Measures
1. 加密防护体系 | Encryption Protection System:我们对所有个人资料采用AES-256对称加密算法进行静态存储加密,对个人资料传输过程采用TLS 1.3加密协议进行全程动态加密;针对法定身份号码、金融账户信息,采用单独的加密密钥进行二次加密,确保数据保密性。
1. Encryption Protection System | Encryption Protection System: We use the AES-256 symmetric encryption algorithm to encrypt all personal data during static storage, and the TLS 1.3 encryption protocol to perform full-process dynamic encryption during the transmission of personal data; for legal identity numbers and financial account information, we use a separate encryption key for secondary encryption to ensure data confidentiality.
We use AES-256 symmetric encryption algorithm for static storage encryption of all personal data, and TLS 1.3 encryption protocol for full-process dynamic encryption of personal data transmission; for legal identity numbers and financial account information, we use a separate encryption key for secondary encryption to ensure data confidentiality.
2. 访问权限管控体系 | Access Permission Control System:我们建立严格的分级数据访问权限控制体系,严格遵循「最小权限、按需授权、权责对应」原则,仅授权极少数工作必需的人员访问对应范围的个人资料,无授权人员绝对无法访问任何用户个人资料。所有访问权限均设置有效期,定期进行权限复核与回收,杜绝超权限访问。
1. Access Permission Control System | Access Permission Control System: We have established a strict hierarchical data access permission control system, strictly adhering to the principles of "minimum privilege, authorization on demand, and corresponding rights and responsibilities". Only a very small number of personnel whose work requires it are authorized to access the corresponding scope of personal data, and unauthorized personnel are absolutely prohibited from accessing any user's personal data. All access permissions are set with an expiration date, and regular permission reviews and revocations are conducted to prevent unauthorized access.
We have established a strict hierarchical data access permission control system, strictly follow the principle of "minimum permission, authorization on demand, corresponding rights and responsibilities", only authorize a very small number of necessary personnel to access the corresponding scope of personal data, and unauthorized personnel can never access any user's personal data. All access permissions are set with a validity period, and regular permission review and recovery are carried out to prevent unauthorized access.
3. 操作留痕与审计体系 | Operation Traceability and Audit System:所有个人资料的访问、查询、导出、修改、删除等全部操作,全程留痕、实时监控,生成不可篡改的操作日志;操作日志内容包括操作人、操作时间、操作内容、操作设备、访问IP地址、操作结果,留存期限不低于3年。我们每月对操作日志进行合规审计,及时发现、处置违规操作行为。
1. Operation Traceability and Audit System | Operation Traceability and Audit System: All operations such as access, query, export, modification, and deletion of all personal data are fully traceable, monitored in real-time, and generate tamper-proof operation logs; the content of the operation logs includes the operator, operation time, operation content, operation device, access IP address, and operation result, with a retention period of no less than 3 years. We conduct monthly compliance audits on operation logs to promptly detect and address any violations.
All operations such as access, query, export, modification and deletion of all personal data are fully traced, monitored in real time, and tamper-proof operation logs are generated; the operation logs include the operator, operation time, operation content, operation device, access IP address, and operation results, and the retention period is no less than 3 years. We conduct a compliance audit of the operation logs every month to timely detect and dispose of illegal operation behaviors.
4. 网络安全防护体系 | Network Security Protection System:我们部署企业级防火墙、入侵检测系统(IDS)、入侵防御系统(IPS)、Web应用防火墙(WAF),实时监控、拦截、阻断网络攻击、恶意访问、SQL注入、跨站脚本攻击、爬虫爬取等恶意行为。每季度开展全面的网络安全风险评估、渗透测试与漏洞扫描,及时排查并修复安全隐患。
1. Network Security Protection System | Network Security Protection System: We deploy enterprise-level firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and web application firewalls (WAF) to monitor, intercept, and block malicious activities such as network attacks, malicious access, SQL injection, cross-site scripting attacks, and crawler scraping in real time. We conduct comprehensive network security risk assessments, penetration tests, and vulnerability scans on a quarterly basis to promptly identify and fix security vulnerabilities.
We deploy enterprise-level firewalls, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), and Web Application Firewall (WAF) to monitor, intercept and block cyber attacks, malicious access, SQL injection, cross-site scripting attacks, web crawlers and other malicious behaviors in real time. We conduct a comprehensive network security risk assessment, penetration testing and vulnerability scanning every quarter to timely investigate and repair potential security risks.
5. 系统与数据容灾体系 | System and Data Disaster Recovery System:我们建立了完善的香港本地数据备份与容灾恢复机制,每日对个人资料进行全量+增量加密备份,备份数据存储于香港本地异地容灾节点。定期开展容灾恢复演练,确保在发生系统故障、自然灾害、突发事件时,能够快速恢复数据与系统服务,保障数据完整性与可用性。
1. System and Data Disaster Recovery System | System and Data Disaster Recovery System: We have established a comprehensive local data backup and disaster recovery mechanism in Hong Kong, conducting full + incremental encrypted backups of personal data daily, with backup data stored in local off-site disaster recovery nodes in Hong Kong. Regular disaster recovery drills are carried out to ensure that data and system services can be quickly restored in the event of system failures, natural disasters, or emergencies, safeguarding data integrity and availability.
We have established a complete local data backup and disaster recovery mechanism in Hong Kong, conduct full + incremental encrypted backup of personal data every day, and the backup data is stored in an off-site disaster recovery node in Hong Kong. We carry out disaster recovery drills regularly to ensure that data and system services can be quickly recovered in the event of system failure, natural disasters and emergencies, so as to ensure the integrity and availability of data.
9.2 管理安全措施 | Management Security Measures | 9.2 Management Security Measures | Management Security Measures
1. 合规管理制度体系 | Compliance Management System:我们制定并落实完善的个人资料保护管理制度,包括但不限于《个人资料处理管理办法》《个人资料安全保护规范》《数据分类分级管理规则》《第三方数据处理管理办法》《资料外泄事故应急处置预案》《个人资料合规审计制度》,明确各部门、各岗位的个人资料保护职责与操作规范。
1. Compliance Management System | Compliance Management System: We have developed and implemented a comprehensive personal data protection management system, including but not limited to the "Measures for the Management of Personal Data Processing", "Specifications for the Security Protection of Personal Data", "Rules for the Classification and Grading Management of Data", "Measures for the Management of Third-Party Data Processing", "Emergency Response Plan for Data Leakage Incidents", and "Compliance Audit System for Personal Data", which clearly define the responsibilities and operating procedures for personal data protection of each department and position.
We have formulated and implemented a complete personal data protection management system, including but not limited to Personal Data Processing Management Measures, Personal Data Security Protection Specifications, Data Classification and Grading Management Rules, Third-Party Data Processing Management Measures, Data Breach Incident Emergency Response Plan, Personal Data Compliance Audit System, to clarify the personal data protection responsibilities and operation specifications of each department and each post.
2. 合规组织架构 | Compliance Organization Structure:我们设立专门的个人资料保护合规部门,由DPO直接负责,统筹全公司的个人资料保护合规管理工作,独立于业务部门,具备完全的履职权限与独立性。我们明确各业务部门的合规负责人,建立全公司的合规管理体系。
1. Compliance Organization Structure | Compliance Organization Structure: We have established a dedicated Personal Data Protection Compliance Department, directly led by the DPO, which coordinates the company-wide personal data protection compliance management work, is independent of business departments, and has full authority and independence to perform its duties. We have clearly defined the compliance officers for each business department and established a company-wide compliance management system.
We have set up a special personal data protection compliance department, which is directly responsible by the DPO, coordinates the personal data protection compliance management of the whole company, is independent of the business department, and has complete performance authority and independence. We have clarified the person in charge of compliance of each business department, and established a company-wide compliance management system.
3. 合规培训与教育 | Compliance Training and Education:我们定期对所有可接触个人资料的内部人员、受托方人员,开展个人资料保护合规培训与教育,培训内容包括PDPO相关法律法规、本政策要求、个人资料保护操作规范、数据安全事件应急处置、违规行为的法律责任。培训每年不少于2次,培训后进行考核,考核不合格的人员不得接触任何个人资料。
1. Compliance Training and Education | Compliance Training and Education: We regularly conduct compliance training and education on personal data protection for all internal personnel and personnel of entrusted parties who have access to personal data. The training content includes relevant laws and regulations of PDPO, requirements of this policy, operating specifications for personal data protection, emergency response to data security incidents, and legal liability for violations. Training is conducted at least twice a year, and assessments are conducted after training. Personnel who fail the assessment shall not have access to any personal data.
We regularly carry out personal data protection compliance training and education for all internal personnel and entrusted party personnel who have access to personal data. The training content includes relevant laws and regulations of the PDPO, the requirements of this Policy, personal data protection operation specifications, emergency disposal of data security incidents, and legal responsibilities for illegal behaviors. The training is conducted no less than 2 times a year, and an assessment is conducted after the training. Personnel who fail the assessment are not allowed to access any personal data.
4. 保密管理 | Confidentiality Management:所有可接触个人资料的内部人员、受托方人员,均需签署严格的《数据保密承诺书》,明确约定保密义务、保密期限、竞业限制、违规责任。保密义务不因人员离职、合作终止而失效,永久有效。
1. Confidentiality Management | Confidentiality Management: All internal personnel and personnel of entrusted parties with access to personal data are required to sign a strict "Data Confidentiality Commitment Letter", clearly stipulating confidentiality obligations, confidentiality period, competition restriction, and liability for violations. Confidentiality obligations shall not become invalid due to personnel resignation or termination of cooperation, and shall remain in effect permanently.
All internal personnel and entrusted party personnel who have access to personal data must sign a strict Data Confidentiality Commitment Letter, which clearly stipulates confidentiality obligations, confidentiality period, non-compete restrictions, and liability for breach of contract. The confidentiality obligation is permanently valid and will not be invalidated due to personnel resignation or cooperation termination.
5. 离岗与离职管理 | Departure and Resignation Management:人员离岗、离职时,我们将立即回收其全部数据访问权限,注销相关系统账号,回收所有相关的设备、资料、密钥,完成离岗保密告知与承诺,确保无任何数据泄露风险。
1. Departure and Resignation Management | Departure and Resignation Management: When an employee leaves the post or resigns, we will immediately revoke all their data access rights, deactivate relevant system accounts, retrieve all related equipment, materials, and keys, complete confidentiality notice and commitment upon departure, and ensure there is no risk of data leakage.
When personnel leave their posts or resign, we will immediately recover all their data access permissions, cancel relevant system accounts, recover all relevant equipment, data and keys, complete off-post confidentiality notification and commitment, to ensure that there is no risk of data leakage.
9.3 物理安全措施 | Physical Security Measures | 9.3 Physical Security Measures | Physical Security Measures
1. 服务器机房安全 | Server Room Security:我们使用的香港服务器机房,具备行业标准的物理安全防护措施,包括24小时安保值守、门禁管控、视频监控、生物识别准入、消防系统、环境监控系统,无授权人员绝对无法进入机房接触服务器设备。
1. Server Data Center Security | Server Data Center Security: The Hong Kong server data center we use has industry-standard physical security measures, including 24-hour security guards, access control, video surveillance, biometric access, fire protection systems, and environmental monitoring systems. Unauthorized personnel are absolutely prohibited from entering the data center and accessing server equipment.
The Hong Kong server room we use has industry-standard physical security protection measures, including 24-hour security on duty, access control, video surveillance, biometric access control, fire protection system, and environmental monitoring system. Unauthorized personnel can never enter the server room to contact server equipment.
2. 办公设备安全 | Office Equipment Security:所有可接触个人资料的办公设备,均设置开机密码、屏幕锁、硬盘加密,定期进行安全检查与病毒查杀;禁止使用个人设备处理、存储个人资料;办公区域设置门禁管控,无授权人员无法进入。
1. Office Equipment Security | Office Equipment Security: All office equipment that can access personal data is set with a boot password, screen lock, and hard drive encryption, and undergoes regular security checks and virus scans; the use of personal devices to process or store personal data is prohibited; access control is set up in the work area, preventing unauthorized personnel from entering.
All office equipment that can access personal data is set with boot password, screen lock, and hard disk encryption, and is regularly inspected for security and virus detection; the use of personal equipment to process and store personal data is prohibited; the office area is set with access control, and unauthorized personnel cannot enter.
3. 纸质资料安全 | Paper Data Security:若因必要场景产生包含个人资料的纸质资料,我们将进行加密存储、专人管理,仅限授权人员查阅;留存期限届满后,执行专业碎纸销毁处理,确保无法复原。
If paper data containing personal data is generated due to necessary scenarios, we will carry out encrypted storage and special person management, and only authorized personnel can access it; after the retention period expires, professional shredding and destruction will be performed to ensure that the data cannot be recovered.
9.4 安全提示 | Security Tips | 9.4 Security Tips | Security Tips
尽管我们已经采取前述合理、有效且符合法律法规要求的安全措施,并尽最大努力持续提升个人资料保护水平,但请您理解,由于技术限制、互联网环境的不确定性以及可能存在的各种恶意手段,即使采取行业标准乃至更高标准的安全保护措施,也无法始终保证信息百分之百安全。我们将继续尽力确保您向我们提供的个人资料安全,并在发生法定需要告知的安全事件时依法及时采取应对与通知措施。
Although we have adopted the above reasonable, effective, and legally compliant security measures and will continue to make our best efforts to improve the protection of personal data, you understand that, due to technical limitations, the uncertainties inherent in the internet environment, and various potentially malicious means, it is not possible to guarantee that information will always remain 100% secure even where industry-standard or higher-level protection measures are used. We will nevertheless continue to use our best efforts to safeguard the personal data you provide to us and, where legally required, respond to and notify you of relevant security incidents in a timely manner.
Although we take reasonable, effective, and legally compliant security measures and continuously improve our controls, you understand that no information system can be guaranteed to be absolutely secure at all times because of technical limitations, internet risks, and malicious activities. We will continue to use our best efforts to protect the personal data you provide and will respond to and notify affected parties of relevant security incidents in accordance with applicable law where required.
10. 资料当事人的明示同意与撤回规则 | Rules for Express Consent and Withdrawal of the Data Subject
10.1 明示同意规则 | Rules for Express Consent
本政策项下所有个人资料处理的同意,均必须为资料当事人单独、明示、自愿、书面作出的同意,我们绝不会以欺诈、胁迫、误导、捆绑、默认勾选的方式获取同意。
All consent to the processing of personal data under this Policy must be the separate, express, voluntary and written consent of the Data Subject, and we will never obtain consent by means of fraud, coercion, misleading, bundling, or default check.
我们将在获取同意前,向资料当事人完整告知以下内容,确保资料当事人在充分理解后作出决定:资料使用者的身份、个人资料处理的目的、处理的个人资料种类与范围、数据使用的方式与范围、留存期限、可能接收数据的第三方、资料当事人享有的权利、同意的撤回方式。
We will fully inform the Data Subject of the following contents before obtaining consent, to ensure that the Data Subject makes a decision after full understanding: the identity of the Data User, the purpose of personal data processing, the type and scope of personal data processed, the method and scope of data use, the retention period, the third party that may receive the data, the rights of the Data Subject, and the method of withdrawing consent.
同意完全独立、非捆绑:我们针对每一项不同的处理目的,均设置独立的同意开关,资料当事人可选择仅同意部分处理目的,不会被强制同意全部处理内容。资料当事人拒绝同意非必要处理目的的,不影响其使用已同意的处理目的对应的核心服务。
The consent is completely independent and non-bundled: we set up a separate consent switch for each different processing purpose, and the Data Subject can choose to agree to only part of the processing purposes, and will not be forced to agree to all processing contents. The Data Subject's refusal to agree to non-essential processing purposes will not affect the use of the core services corresponding to the processing purposes that the Data Subject has agreed to.
针对法定身份号码、金融账户信息的同意,我们将采用更突出的告知方式与单独的同意流程,仅在取得资料当事人明确的单独书面同意后,才会进行收集、处理。
For the consent of legal identity number and financial account information, we will adopt a more prominent way of notification and a separate consent procedure, and will only collect and process it after obtaining the explicit and separate written consent of the Data Subject.
10.2 同意撤回规则 | Rules for Withdrawal of Consent
资料当事人有权随时、免费、无理由撤回已作出的同意,我们绝不会设置任何不合理的限制、门槛、障碍,阻碍资料当事人行使同意撤回权。
The Data Subject has the right to withdraw the consent given at any time, free of charge, without any reason, and we will never set any unreasonable restrictions, thresholds or obstacles to hinder the Data Subject from exercising the right to withdraw consent.
资料当事人可通过以下渠道撤回同意:
The Data Subject can withdraw consent through the following channel:
向 DPO 专属履职邮箱 dpo@adventure-x.org 发送带有本人有效身份信息的邮件,明确说明需撤回的同意内容,我们将在收到邮件、完成身份核验后15 个工作日内完成处理。
By sending an email with valid personal identity information to the DPO's exclusive duty email dpo@adventure-x.org, clearly stating the content of the consent to be withdrawn, and we will complete the processing within 15 working days after receiving the email and completing the identity verification.
同意撤回的效力边界:同意的撤回,仅对撤回通知送达后我们未来的个人资料处理行为生效,不影响撤回前基于有效同意已经完成的个人资料处理行为的合法性与效力。
Validity Boundary of Consent Withdrawal: The withdrawal of consent only takes effect on our future personal data processing behaviors after the withdrawal notice is served, and does not affect the legality and validity of the personal data processing behaviors that have been completed based on valid consent before the withdrawal.
由于本赛事的评审、排名、奖金发放及项目孵化均由赞助商评审委员会独立执行,向赞助商共享参赛信息是上述后续流程得以进行的法定必要前提。若您撤回赞助商信息共享同意,您的作品将自动退出所有未完成的评审环节,不再参与后续任何打分、排名及奖项评选,也将无法获得任何未发放的奖金、补贴及项目孵化资格。
Since the review, ranking, prize distribution and project incubation of this Event are independently performed by the Sponsor Judging Committee, sharing competition information with sponsors is a statutory necessary prerequisite for the above subsequent processes. If you withdraw your consent to sponsor information sharing, your work will automatically withdraw from all unfinished review sessions, will no longer participate in any subsequent scoring, ranking and award selection, and will not be able to receive any undistributed bonuses, subsidies and project incubation qualifications.
资料当事人撤回赞助商信息共享同意后,我们将立即从赞助商对接平台永久清除该资料当事人的全部信息,并在 24 小时内向对应赞助商发送书面通知,要求其在 15 个工作日内永久删除该资料当事人的所有数据,并向资料当事人提供书面删除凭证。同意的撤回,不影响撤回前已完成的评审、奖金发放活动的合法性与效力。
After the Data Subject withdraws the consent to sponsor information sharing, we will immediately and permanently clear all the Data Subject's information from the sponsor docking platform, and send a written notice to the corresponding sponsor within 24 hours, requiring it to permanently delete all the Data Subject's data within 15 working days, and provide the Data Subject with a written deletion certificate. The withdrawal of consent will not affect the legality and validity of the judging and prize distribution activities completed before the withdrawal.
资料当事人撤回直接营销同意后,我们将立即永久停止向该资料当事人开展的所有直接营销活动,不收取任何费用,不再向其发送任何营销信息。
After the Data Subject withdraws the consent to direct marketing, we will immediately and permanently stop all direct marketing activities to the Data Subject, without any charge, and will not send any marketing information to the Data Subject again.
11. 资料当事人的法定权利与行使方式 | Statutory Rights of the Data Subject and Exercise Methods
我们充分尊重并保障资料当事人依据PDPO享有的全部法定权利,为资料当事人提供便捷、免费、无障碍的权利行使渠道。资料当事人可通过本政策载明的联系方式,行使以下权利。
We fully respect and guarantee all statutory rights of the Data Subject under the PDPO, and provide the Data Subject with convenient, free and barrier-free channels for exercising rights. The Data Subject can exercise the following rights through the contact information specified in this Policy.
11.1 资料查阅权(查册权) | Right of Access
资料当事人有权向我们申请查询以下内容:
The Data Subject has the right to apply to us for inquiry of the following contents:
1. 我们是否持有该资料当事人的个人资料;
Whether we hold the personal data of the Data Subject;
2. 我们持有的该资料当事人的个人资料的种类、类别;
The type and category of the personal data of the Data Subject we hold;
3. 我们处理该资料当事人个人资料的目的;
The purposes for which we process the personal data of the Data Subject;
4. 该资料当事人的个人资料已经或可能转移给的接收方类别。
The category of recipients to whom the personal data of the Data Subject has been or may be transferred.
我们将严格遵循PDPO第19条规定,在收到申请、完成身份核验后20日内,向资料当事人提供完整的查册结果。针对查册申请,我们将按照PCPD规定的标准收取合理的查册费用,费用标准不超过PCPD规定的最高限额,仅覆盖我们依从申请的直接成本。
We will strictly comply with the provisions of Section 19 of the PDPO, and provide the Data Subject with a complete access result within 20 days after receiving the application and completing the identity verification. For data access applications, we will charge a reasonable access fee in accordance with the standards stipulated by the PCPD, and the fee standard will not exceed the maximum limit stipulated by the PCPD, only covering the direct cost of complying with the application.
我们可根据PDPO第8部项下的豁免条款,拒绝遵行查册要求,包括但不限于:资料披露将涉及司法职能、家庭事务、职工策划、未完成的相关程序、个人评介、健康资料、法律专业保密权、自我归罪、新闻活动等情形。若我们拒绝遵行查册要求,将在40日的期限内以书面形式告知资料当事人拒绝的理由。
We may refuse to comply with the data access request in accordance with the exemption provisions under Part 8 of the PDPO, including but not limited to: the disclosure of the data will involve judicial functions, domestic affairs, staff planning, relevant procedures that have not been completed, personal references, health information, legal professional privilege, self-incrimination, news activities, etc. If we refuse to comply with the access request, we will inform the Data Subject of the reasons for the refusal in writing within the 40-day time limit.
11.2 资料更正权 | Right of Correction
若资料当事人发现我们持有的其个人资料存在不准确、不完整、过时的情况,有权要求我们予以更正。
If the Data Subject finds that the personal data we hold about them is inaccurate, incomplete or out-of-date, the Data Subject has the right to require us to correct it.
我们将在核验身份后及时完成更正,并向资料当事人书面反馈更正结果,同时将更正后的内容通知所有曾接收该资料的第三方。
We will complete the correction in a timely manner after verifying the identity, give the Data Subject written feedback on the correction result, and notify all third parties who have received the data of the corrected content.
11.3 反对直接营销权 | Right to Object to Direct Marketing
资料当事人有权随时、免费、无理由反对我们将其个人资料用于直接营销目的。
The Data Subject has the right to object to our use of their personal data for direct marketing purposes at any time, free of charge, without any reason.
收到资料当事人的直接营销反对申请后,我们将在24小时内永久停止为营销目的处理该资料当事人的个人资料,不收取任何费用,不设置任何限制。
After receiving the Data Subject's objection to direct marketing, we will permanently stop processing the Data Subject's personal data for marketing purposes within 24 hours, without any charge, and will not set any restrictions.
11.4 资料删除权 | Right to Erasure
出现以下情形时,资料当事人有权向我们申请删除其个人资料:
The Data Subject has the right to apply to us for erasure of personal data in the following circumstances:
1. 处理目的已实现、无法实现或不再必要;
The processing purpose has been achieved, cannot be achieved, or is no longer necessary;
2. 我们违反约定或PDPO规定处理个人资料;
We process personal data in violation of the agreement or the provisions of the PDPO;
3. 资料当事人撤回已作出的同意;
The Data Subject withdraws the given consent;
4. 本政策约定的留存期限届满;
The retention period agreed in this Policy has expired;
5. 其他法律法规规定的情形。
Other circumstances stipulated by laws and regulations.
我们将在核验身份后,依法完成个人资料的永久删除处理,并向资料当事人提供删除凭证,除非法律法规强制要求留存该资料,或不删除该资料符合公众利益。
We will complete the permanent deletion of personal data in accordance with the law after verifying the identity, and provide the Data Subject with a deletion certificate, unless the retention of the data is required by mandatory laws and regulations, or it is in the public interest not to delete the data.
11.5 账号注销权 | Right to Account Cancellation
资料当事人有权随时申请注销平台账号。
The Data Subject has the right to apply for cancellation of the Platform account at any time.
我们将在收到注销申请、完成身份核验后15个工作日内完成账号注销处理。账号注销后,我们将立即删除该资料当事人的全部个人资料,法律法规另有强制留存要求的除外。注销完成后,资料当事人将无法再使用该账号登录平台,我们将不再处理该资料当事人的任何个人资料。
We will complete the account cancellation process within 15 working days after receiving the cancellation application and completing the identity verification. After the account is cancelled, we will immediately delete all personal data of the Data Subject, except as otherwise required by mandatory laws and regulations. After the cancellation is completed, the Data Subject will no longer be able to log in to the Platform with this account, and we will no longer process any personal data of the Data Subject.
11.6 投诉权 | Right to Complaint
资料当事人若对我们的个人资料处理行为有任何疑问、异议、不满,有权随时向我们提出投诉。我们将在收到投诉后24小时内响应,72小时内完成调查处理,并向投诉人书面反馈最终结果。
The Data Subject has the right to make a complaint to us at any time if they have any questions, objections or dissatisfaction with our personal data processing behavior. We will respond within 24 hours after receiving the complaint, complete the investigation and processing within 72 hours, and give the complainant written feedback on the final result.
若资料当事人对我们的处理结果不满意,有权向香港个人资料私隐专员公署提出投诉,或向香港特别行政区有管辖权的法院提起诉讼。
If the Data Subject is not satisfied with our processing results, they have the right to file a complaint with the Office of the Privacy Commissioner for Personal Data, Hong Kong, or file a lawsuit with the competent court of the Hong Kong Special Administrative Region.
12. 数据安全事件应急处置预案 | Emergency Response Plan for Data Security Incidents
我们严格按照PCPD发布的《资料外泄事故的处理及通报指引》,制定了完善的资料外泄事故应急处置预案,每半年开展一次应急演练,针对个人资料泄露、篡改、丢失、损坏等安全事件,明确应急流程、责任分工、处置措施。
We have formulated a complete emergency response plan for data breach incidents in strict accordance with the Guidance on Handling and Notification of Data Breach Incidents issued by the PCPD, and conduct emergency drills every six months, to clarify the emergency process, division of responsibilities, and disposal measures for security incidents such as personal data leakage, tampering, loss and damage.
12.1 事件上报与应急启动 | Incident Reporting and Emergency Launch
发现或收到个人资料安全事件通知后,相关人员必须立即向DPO与应急响应小组上报,应急响应小组立即启动应急预案,2小时内完成事件等级、影响范围、风险等级的初步评估,明确处置优先级。
After discovering or receiving a notification of a personal data security incident, the relevant personnel must immediately report to the DPO and the emergency response team. The emergency response team will immediately launch the emergency plan, complete the preliminary assessment of the incident level, scope of influence, and risk level within 2 hours, and clarify the disposal priority.
若资料外泄事故相当可能对受影响资料当事人构成实质损害的风险,我们将按照PCPD的指引,在知悉事故发生后,在切实可行的范围内尽快向私隐专员公署作出通报。
If the data breach incident is likely to pose a material harm risk to the affected Data Subjects, we will notify the PCPD as soon as practicable after knowing the occurrence of the incident in accordance with the guidelines of the PCPD.
12.2 应急处置措施 | Emergency Disposal Measures
应急预案启动后,我们将严格遵循PCPD指引,立即采取以下措施控制风险,防止损害扩大:
After the emergency plan is launched, we will strictly follow the PCPD guidelines and immediately take the following measures to control risks and prevent the expansion of damage:
1. 步骤1:立即收集关键信息:确认事件发生的时间、范围、源头、成因,涉及的个人资料类型,受影响的资料当事人数量,固定相关证据;
Step 1: Immediately collect key information: Confirm the time, scope, source, and cause of the incident, the type of personal data involved, the number of affected Data Subjects, and fix relevant evidence;
2. 步骤2:遏止事件扩大:立即采取隔离、阻断、加密、权限关闭等技术措施,切断泄露路径,防止数据泄露持续扩大,及时修复安全漏洞与系统缺陷;立即暂停相关人员的处理活动,撤销相关访问权限;
Step 2: Contain the incident and prevent expansion: Immediately take technical measures such as isolation, blocking, encryption, and permission closing to cut off the leakage path, prevent the continuous expansion of data leakage, and repair security vulnerabilities and system defects in a timely manner; immediately suspend the processing activities of relevant personnel and revoke relevant access permissions;
3. 步骤3:评估事件可造成的损害:评估事件可能对受影响资料当事人造成的损害,包括外泄资料的类型与敏感程度、被未获授权使用的风险、可能产生的不利后果;
Step 3: Assess the risk of harm: Evaluate the possible harm to the affected Data Subjects caused by the incident, including the type and sensitivity of the leaked data, the risk of unauthorized use, and the possible adverse consequences;
4. 步骤4:法律处置:若事件涉嫌违法犯罪行为,我们将立即向香港执法机构报案,并配合调查;若事件为受托第三方造成,我们将立即终止合作,要求其立即停止个人资料处理、永久删除全部相关数据,并追究其全部法律责任;
Step 4: Legal disposal: If the incident is suspected of illegal or criminal acts, we will immediately report to the Hong Kong law enforcement agencies and cooperate with the investigation; if the incident is caused by an entrusted third party, we will immediately terminate the cooperation, require it to immediately stop the processing of personal data, permanently delete all relevant data, and pursue its full legal liability;
5. 步骤5:完整记录事件:我们将完整记录事件的全过程、处置措施、调查结果、整改方案,相关记录留存期限不低于5年。
Step 5: Complete incident record: We will fully record the whole process of the incident, disposal measures, investigation results, and rectification plans, and the relevant records will be retained for no less than 5 years.
12.3 受影响资料当事人告知 | Notification to Affected Data Subjects
若资料外泄事故相当可能对受影响资料当事人构成实质损害的风险,我们将在切实可行的范围内尽快通过电话、邮件、平台公告等方式,将事件情况告知受影响的资料当事人,并明确告知以下内容:
If the data breach incident is likely to pose a material harm risk to the affected Data Subjects, we will inform the affected Data Subjects of the incident through telephone, email, Platform announcement and other means as soon as practicable, and clearly inform the following contents:
1. 事件的基本情况与发生原因,涉及的个人资料范围与类型;
The basic situation and cause of the incident, the scope and type of personal data involved;
2. 我们已采取的处置措施与风险控制情况;
The disposal measures we have taken and the risk control status;
3. 事件可能对资料当事人造成的潜在风险,以及建议的风险防范措施;
The potential risks of the incident to the Data Subject, and the recommended risk prevention suggestions;
4. 资料当事人行使权利、寻求法律救济的渠道与方式。
The channels and methods for the Data Subject to exercise rights and seek legal remedies.
若采取措施后能够有效避免危害风险的,我们可不予个别告知资料当事人,法律法规或PCPD另有要求的除外。
If the harm risk can be effectively avoided after taking measures, we may not inform the Data Subject individually, except as otherwise required by laws and regulations or the PCPD.
12.4 事后整改 | Post-Incident Rectification
事件处置完成后,我们将开展全面的事件复盘,对安全隐患进行全量排查,完成系统整改与漏洞修复,完善安全管理制度,开展全面的合规审计。我们将对所有相关人员开展针对性合规培训,并依规对责任人员进行追责。
After the incident is disposed of, we will conduct a comprehensive incident review, conduct a full investigation of potential security hazards, complete system rectification and vulnerability repair, improve the security management system, and conduct a comprehensive compliance audit. We will conduct targeted compliance training for all relevant personnel, and hold the responsible personnel accountable in accordance with the regulations.
13. 个人资料保护合规审计与持续优化 | Compliance Audit and Continuous Optimization
我们建立了完善的个人资料保护合规审计制度,定期对我们的个人资料处理活动开展合规审计,持续优化个人资料保护体系与技术措施,确保所有处理活动完全符合PDPO要求。
We have established a complete compliance audit system for personal data protection, regularly conduct compliance audits on our personal data processing activities, and continuously optimize the personal data protection system and technical measures to ensure that all processing activities fully comply with the requirements of the PDPO.
13.1 内部合规审计 | Internal Compliance Audit
我们每月对内部人员的数据访问行为、个人资料处理系统运行情况、安全措施落实情况开展合规审计;每半年对所有个人资料处理活动开展全面的全流程合规审计,包括但不限于数据收集、存储、使用、转移、删除的合规性,保障资料原则的落实情况,受托方数据保护义务的履行情况,资料当事人权利的保障情况。
We conduct a monthly compliance audit on the data access behavior of internal personnel, the operation of the personal data processing system, and the implementation of security measures; we conduct a comprehensive full-process compliance audit on all personal data processing activities every six months, including but not limited to the compliance of data collection, storage, use, transfer, and deletion, the implementation of the Data Protection Principles, the performance of the entrusted party's data protection obligations, and the protection of the Data Subject's rights.
内部审计由DPO与合规部门主导,独立于业务部门,审计报告直接提交公司董事层,审计报告留存期限不低于5年。
The internal audit is led by the DPO and the compliance department, independent of the business department. The audit report is directly submitted to the company's board of directors, and the retention period of the audit report is no less than 5 years.
13.2 第三方独立审计 | Third-Party Independent Audit
我们每年委托香港具备个人资料保护合规资质的专业第三方机构,对我们的个人资料保护体系开展独立合规审计,并出具独立审计报告。针对审计发现的问题,我们将及时优化整改,确保所有整改措施落实到位。
We entrust a professional third-party institution with personal data protection compliance qualifications in Hong Kong to conduct an independent compliance audit of our personal data protection system every year and issue an independent audit report. For the problems found in the audit, we will timely optimize and rectify to ensure that all rectification measures are implemented in place.
13.3 保护体系持续优化 | Continuous Optimization of the Protection System
我们将根据PDPO的修订、PCPD发布的最新指引、行业安全标准的更新、赛事运营情况,持续优化我们的个人资料保护体系、技术措施、管理制度,确保我们的个人资料保护水平始终符合行业标准与监管要求。
We will continuously optimize our personal data protection system, technical measures, and management system according to the revision of the PDPO, the latest guidelines issued by the PCPD, the update of industry security standards, and the operation of the Event, to ensure that our personal data protection level is always in line with industry standards and regulatory requirements.
14. 本政策的更新、变更与公示 | Update, Amendment and Publication of this Policy
我们有权根据PDPO的修订、监管政策的调整、赛事运营需求,对本政策进行不定期更新与修改。更新内容不会减损资料当事人依法享有的合法权利,始终完全符合PDPO要求。
We have the right to update and amend this Policy from time to time according to the revision of the PDPO, the adjustment of regulatory policies, and the operational needs of the Event. The updated content will not derogate from the legitimate rights of the Data Subject enjoyed in accordance with the law, and will always be fully compliant with the PDPO.
本政策更新后,我们将通过平台官方网站、注册邮箱等渠道,以显著方式向您公示更新后的政策内容,明确标注更新日期、生效日期、主要变更内容,公示期限不少于7个工作日。
After the Policy is updated, we will publicly announce the updated Policy content to you in a prominent way through the official website of the Platform, registered email and other channels, clearly marking the update date, effective date and main changes, with a publicity period of no less than 7 working days.
针对本政策的重大变更,我们将在更新生效前,单独向您告知变更内容,并重新取得您的明示同意。重大变更包括但不限于:资料使用者的身份发生变化、个人资料处理的目的与范围发生重大变化、数据转移的对象发生重大变化、资料当事人的权利发生重大变化、个人资料的安全保护措施发生重大变化、管辖法律与争议解决方式发生变化。
For major changes to this Policy, we will separately inform you of the changes and re-obtain your express consent before the update takes effect. Major changes include but are not limited to: changes in the identity of the Data User, major changes in the purpose and scope of personal data processing, major changes in the objects of data transfer, major changes in the rights of the Data Subject, major changes in the security protection measures for personal data, and changes in the governing law and dispute resolution methods.
若您不同意本政策的更新内容,您有权要求我们删除您的个人资料、注销您的账号、停止使用我们的服务。
If you do not agree with the updated content of this Policy, you have the right to ask us to delete your personal data, cancel your account, and stop using our services.
本政策终止后,我们将立即停止处理您的个人资料,并在终止后6个月内,对存储的全部个人资料执行永久删除或不可逆匿名化处理,全程严格符合PDPO要求。
After the termination of this Policy, we will immediately stop processing your personal data, and perform permanent deletion or irreversible anonymization of all stored personal data within 6 months after the termination, in full compliance with the PDPO.
15. 法律适用与争议解决 | Governing Law and Dispute Resolution
本政策的订立、生效、履行、解释与争议解决,强制适用中华人民共和国香港特别行政区法律法规,不适用其冲突法规则。
The conclusion, validity, performance, interpretation and dispute resolution of this Policy shall be mandatorily governed by the laws and regulations of the Hong Kong Special Administrative Region of the People's Republic of China, excluding its conflict of laws rules.
因本政策引起的或与本政策有关的任何争议、纠纷、索赔,包括其订立、效力、履行、违约、终止或无效,双方应首先通过友好协商解决;协商不成的,任何一方均有权将争议提交香港特别行政区有管辖权的法院专属管辖。
Any dispute, controversy or claim arising out of or in connection with this Policy, including its conclusion, validity, performance, breach, termination or invalidity, shall first be resolved through friendly negotiation between the parties. If the negotiation fails, either party has the right to submit the dispute to the courts with competent jurisdiction in the Hong Kong Special Administrative Region for exclusive jurisdiction.
本政策的中英文版本具有同等法律效力,我们已确保两个版本的实质内容完全一致。若两个版本出现任何不一致,双方可协商解决;协商不成的,以英文版本为准。
The English and Chinese versions of this Policy have equal legal effect. We have ensured that the substantive content of the two versions is completely consistent. If there is any inconsistency between the two versions, the two parties can negotiate to resolve it; if the negotiation fails, the English version shall prevail.
16. 联系方式与投诉渠道 | Contact Information and Complaint Channels
若您对本政策、我们的个人资料处理活动有任何疑问、异议、投诉,或需要行使 PDPO 项下的法定权利,包括个人资料保护咨询、向资料保障主任(DPO)履职沟通、赞助商数据合规相关投诉,均可通过以下统一官方邮箱联系:
If you have any questions, objections, complaints about this Policy or our personal data processing activities, or need to exercise your statutory rights under the PDPO (including personal data protection consultation, communication with the Data Protection Officer (DPO), and complaints regarding sponsor data compliance), you may contact us via the following unified official email:
- 统一官方邮箱 | Unified Official Email: dpo@adventure-x.org
- 官方通讯地址 | Official Mailing Address: UNIT 1307, BEVERLEY COMMERCIAL CENTRE, 87-105 CHATHAM RD SOUTH, TSIM SHA TSUI, HONG KONG
我们承诺,在收到您的邮件后24小时内响应您的咨询与投诉,72小时内完成处理并向您书面反馈最终结果。
We promise to respond to your consultation and complaint within 24 hours after receiving your email, complete the processing and give you written feedback on the final result within 72 hours.