Anthropic、PBC（“ Anthropic ”

克洛德应用程序编程接口研究公司消息职业机会

商业服务条款

2024年3月4日生效

欢迎来到人类！在访问我们的服务之前，请阅读这些商业服务条款。

这些商业服务条款（“条款”）是 Anthropic、PBC（“ Anthropic ”）与您或您代表的组织、公司或其他实体（“客户”）之间的协议。它们管理客户对任何 Anthropic API 密钥、Anthropic 控制台或引用这些条款的任何其他 Anthropic 产品（“服务”）的使用。这些条款自客户首次以电子方式同意这些条款版本之日和客户首次访问服务之日（“生效日期”）起生效，以较早者为准。

请注意：您不得代表组织、公司或其他实体签署这些条款，除非您拥有约束该实体的法律权力。这些条款下的服务不供消费者使用。我们的消费者产品（例如 Claude.ai）受我们的消费者服务条款管辖。

A、服务

1. 概述。根据这些条款，客户可以使用服务，包括向服务提交内容（“提示”）并生成对其提示的响应（“输出”以及与提示一起称为“客户内容”）。
2. 测试版服务。Anthropic 可能会提供预发布、测试版或试用版的服务（“测试版服务”）。这意味着它们不适合生产用途，并且是临时“按原样”提供的。Anthropic 不对客户使用或依赖测试版服务负责。
3. 反馈。如果客户自行决定向 Anthropic 提供有关服务的反馈，Anthropic 可以自行承担使用该反馈的风险，且不对客户承担任何义务。
4. 客户内容。在双方之间，在适用法律允许的范围内，Anthropic 同意客户拥有所有输出，并放弃根据这些条款获得的对客户内容的任何权利。Anthropic 预计不会根据这些条款获得客户内容的任何权利。在客户遵守这些条款的前提下，Anthropic 特此向客户转让其对输出的权利、所有权和利益（如果有）。Anthropic 不得使用付费服务中的客户内容来训练模型。
5. 数据隐私。如果客户向服务提交个人数据或个人身份信息（统称为“ PII ”），则附件 A中的人类数据处理附录适用并通过引用纳入本条款。

B. 信任和安全；限制

1. 遵守。各方将遵守适用于服务的提供（针对 Anthropic）和使用（针对客户）的所有法律，包括任何适用的数据隐私法。
2. 可接受的使用政策。客户只能按照这些条款使用服务，包括可接受的使用政策（“ AUP ”），该政策通过引用纳入这些条款中，并且可能由 Anthropic 进行更新。客户必须尽合理努力确保其客户或其他最终用户（“用户”）也同样如此。客户必须配合 Anthropic 提出的合理信息请求，以支持遵守其 AUP，包括验证客户的身份和服务的使用情况。
3. 输出的限制；用户须知。客户有责任在使用或共享输出之前评估输出是否适合客户的用例，包括适当的人工审核。客户承认并必须通知其用户，在未独立检查其准确性的情况下不应依赖输出中的事实断言，因为它们可能是错误的、不完整的、误导性的或不反映最近的事件或信息。客户进一步承认输出可能包含与 Anthropic 观点不一致的内容。
4. 使用限制。客户不得且不得尝试 (a) 访问服务来构建竞争性产品或服务，包括训练竞争性 AI 模型，除非经 Anthropic 明确批准；(b) 逆向工程或复制服务；(c) 支持任何第三方尝试实施本句中限制的任何行为。客户及其用户只能在Anthropic 目前支持的国家和地区使用服务。
5. 安全。如果客户相信或知道 (a) 用于访问服务的帐户已被盗用，或 (b) 客户遭受可能对服务产生负面影响的拒绝服务或类似恶意攻击，客户将立即通知 Anthropic。

C. 保密性

1. 机密信息。双方可以共享被确定为机密、专有或类似的信息，或者一方合理地理解为机密或专有的信息（“机密信息”）。客户内容是客户的机密信息。
2. 各方的义务。接收方（“接收方”）只能使用披露方（“披露方”）的机密信息来行使其在这些条款下的权利和履行其义务。接收方只能将披露方的机密信息分享给需要了解此类机密信息并且必须承担至少与这些条款中规定的保护措施同等程度的保密义务的接收方员工、代理和顾问（“代表”）。接收方将采取与接收方保护其自己的机密信息相同的方式，并以不低于合理的谨慎程度，保护披露方的机密信息免遭未经授权的使用、访问或披露。接收方对其代表的所有作为和不作为负责。如果接收方怀疑或知道披露方的机密信息被泄露，则将立即通知披露方，并同意合作以减轻进一步丢失或滥用的风险。
3. 排除情况。如果接收方证明披露方的机密信息 (a) 在披露方披露时已为接收方所知，(b) 由不承担保密义务的第三方向接收方披露，则接收方对机密信息的义务不适用，( c) 非接收方过错而公开提供，或 (d) 由接收方独立开发，无需使用或访问披露方的机密信息。接收方可以在法律、法院或行政命令要求的范围内披露披露方的机密信息，但除非明确禁止，否则接收方将立即通知披露方所需披露的信息，并与披露方充分合作。
4. 销毁请求。接收者将根据要求立即销毁披露者的机密信息，但接收者自动备份系统中的副本除外，这些副本在维护时仍将受​​到这些保密义务的约束。

D、知识产权

除非这些条款明确规定，否则这些条款不以暗示或其他方式授予任何一方对另一方内容或知识产权的任何权利。

E、宣传

未经另一方许可，任何一方均不得就客户使用服务的情况发表公开声明。

F. 费用

1. 费用的支付。除非双方另有约定，否则客户应按照定价模型页上指定的费率承担其帐户产生的费用。Anthropic 可能要求以积分形式预付服务费用或提供其他类型的积分，所有这些均须遵守 Anthropic 的补充积分条款。Anthropic 可能会更新公布的费率，更新将于 Anthropic 发布更新后 30 天或客户收到通知后生效，以较早者为准。
2. 税收。费用不包括客户因使用服务而可能欠的任何税费、关税或评估费（“税费”），除非适用的发票中另有规定。
3. 计费。未能按时向 Anthropic 支付所有欠款可能会导致客户暂停或终止对服务的访问。Anthropic 保留其可能拥有的任何其他收集权利。

G. 终止和暂停

1. 学期。这些条款从生效日期开始一直持续到终止（“期限”）。
2. 终止。
   1. 为方便起见，各方可随时发出通知终止这些条款，但 Anthropic 必须提前 30 天发出通知。
   2. 任何一方均可因另一方的重大违约行为而终止本条款，只需提前 30 天提供通知，详细说明违约行为的性质，除非在该期限内得到纠正。
   3. 如果 Anthropic 有理由相信或确定 Anthropic 向客户提供服务受到适用法律的禁止，则 Anthropic 可立即终止这些条款并发出通知。
3. 暂停。
   1. 如果发生以下情况，Anthropic 可以暂停客户对任何部分或全部服务的访问： (a) Anthropic 有理由相信或确定 (i) 任何服务存在风险或受到攻击；(ii) 客户或任何用户在使用服务时违反了第 B.1 条（合规性）、B.2（可接受使用政策）或 B.4（使用限制）；(iii) Anthropic 向客户提供的服务受到适用法律的禁止或会导致提供服务的成本大幅增加；(b) Anthropic 的任何供应商已暂停或终止 Anthropic 使用使客户能够访问服务所需的任何第三方服务或产品（统称为“服务暂停”）。
   2. Anthropic 将尽合理努力向客户提供任何服务暂停的书面通知，并在导致服务暂停的事件得到解决（如果可以解决）后尽快恢复提供对服务的访问。Anthropic 对客户因服务暂停而可能产生的任何损害、责任、损失（包括任何数据或利润损失）或任何其他后果不承担任何责任。
4. 终止的效力。终止后，客户将无法再访问服务。以下条款在这些条款终止或到期后仍然有效：(a) C 节（保密）、E（公开）、F（费用）、G.4（终止的影响）、H（争议）、I（赔偿）、 J.2（免责声明）、J.3（责任限制）和 K（其他）；(b) 为实现其基本目的而必须存在的任何规定或条件。

H、争议

1. 纠纷。如果发生与这些条款相关的争议、索赔或争议（“争议”），双方将首先真诚地尝试以非正式方式解决问题。提出争议的一方必须通知另一方（“争议通知”），另一方将在争议通知送达之日起 15 天内建议双方与适当级别的管理人员会面以尝试解决争议的时间。如果双方在发出争议通知后 45 天内仍未解决争议，任何一方均可按照 H.2 节的规定寻求通过仲裁解决争议。
2. 仲裁。任何争议均将由独任仲裁员根据司法仲裁和调解服务公司（“ JAMS ”）的综合仲裁规则和程序在加利福尼亚州旧金山进行最终、具有约束力的仲裁来解决。对通过 JAMS 仲裁程序发布的任何裁决的判决可以由任何有管辖权的法院进行。各方同意在与这些条款有关的法律允许的最大范围内放弃陪审团审判的权利以及加入和参与集体诉讼的权利。
3. 公平救济。本 H 节（争议）并不限制任何一方寻求衡平法救济。

一、赔偿

1. 针对客户的索赔。Anthropic 将针对任何客户索赔（定义见下文）为客户及其人员、继任者和受让人进行辩护，并就具有有效管辖权的法院就此类客户索赔向第三方做出的任何判决或仲裁员裁决第三方做出的任何判决向他们进行赔偿任何经 Anthropic 批准的此类客户索赔和解协议中的一方。“客户索赔”是指声称客户根据这些条款或通过生成的输出付费使用服务（包括 Anthropic 用于训练属于服务一部分的模型的数据）的第三方索赔、诉讼或诉讼程序此类授权使用侵犯了第三方专利、商业秘密、商标或版权。
2. 针对 Anthropic 的索赔。客户将保护 Anthropic 及其人员、继任者和受让人免受任何 Anthropic 索赔（定义见下文）的影响，并就具有有效管辖权的法院就此类 Anthropic 索赔向第三方做出的任何判决或仲裁员裁决第三方做出的任何判决向他们进行赔偿根据客户批准的此类人为索赔的任何解决方案的一方。“人为索赔”是指与客户或其用户 (a) 提示或 (b) 违反 AUP 或 B.4 节（使用限制）使用服务相关的任何第三方索赔、诉讼或程序。人为索赔和客户索赔均是“索赔”（如适用）。
3. 排除情况。如果潜在指控是因受赔偿方的欺诈、故意不当行为、违法或违反本协议而引起的，则任何一方的辩护或赔偿义务均不适用。此外，如果客户索赔是由于以下原因引起的，Anthropic 的辩护和赔偿义务将不适用： (a) 客户对服务或输出进行的修改；(b) 服务或输出与非 Anthropic 提供的技术或内容的组合；(c) 客户提供的提示或其他数据；(d) 以客户知道或合理应该知道的方式使用服务或输出会侵犯或侵犯他人的权利；(e) 成果中包含的专利发明的实践；(f) 因在贸易或商业中使用输出而涉嫌侵犯商标权。
4. 过程。受赔偿方必须及时将相关索赔通知赔偿方，并合理配合抗辩。赔偿方将保留控制任何此类索赔辩护的权利，包括律师的选择、任何诉讼或上诉的策略和过程，以及任何谈判、和解或妥协，但受赔偿方有权，不得无理行使，拒绝任何要求其承认不当行为或责任或使其承担持续肯定义务的和解或妥协。如果下列任一情况严重损害抗辩，则赔偿方的义务将被免除： (a) 受赔偿方未能及时提供索赔通知；(b) 未能合理配合辩护。
5. 唯一的补救措施。在本第 I 节（赔偿）涵盖的范围内，赔偿是各方根据本条款对任何第三方索赔的唯一补救措施。

J. 保证和责任限制

1. 保证。各方声明并保证 (a) 其被授权签署这些条款；(b) 签订和履行这些条款不会违反任何公司规则（如果适用）。客户进一步声明并保证其拥有向服务提交提示所需的所有权利和许可。
2. 免责声明。除这些条款中明确规定的范围外，在法律允许的最大范围内 (A) 服务和输出按“原样”和“可用”提供，不提供任何形式的保证；(B) Anthropic 对第三方产品或服务（包括第三方界面）不做任何明示或暗示的保证。Anthropic 明确否认所有默示保证，包括适销性、非侵权性和特定用途适用性的保证，以及因法规、交易或履行过程或贸易使用而产生的任何默示保证。Anthropic 不保证并否认服务或输出准确、完整或无错误，或者其使用不会中断。输出中提及第三方可能并不意味着他们认可 Anthropic 或以其他方式与 Anthropic 合作。
3. 责任限制。
   1. 除第 J.3.b 节所述外，各方及其附属公司和许可方对于因本条款 (i) 引起的或与之相关的任何损害所承担的责任不包括后果性、偶然性、特殊性、间接性或惩戒性损害赔偿，包括利润损失、业务损失、合同损失、收入损失、商誉损失、生产损失、预期节省或数据损失以及替代商品或服务的采购成本，并且 (ii) 仅限于客户在之前为服务实际支付的费用12个月。
   2. 第 J.3 节（责任限制）中的责任限制不适用于任何一方在第 I 节（赔偿）下的义务。
   3. 本节 J.3 中的责任限制（责任限制）适用于： (A) 在适用法律允许的最大范围内；(B) 侵权责任，包括疏忽责任；(C) 无论诉讼形式如何，无论是合同、侵权、严格产品责任还是其他；(D) 即使违约方已提前被告知有关损害的可能性，并且即使此类损害是可预见的；(E) 即使受害方的补救措施未能达到其基本目的。
   4. 双方同意，他们依据本 J.3 节（责任限制）的条款签订了这些条款，这些条款构成了双方谈判的重要基础。

K、杂项

1. 通知。这些条款项下的所有通知、要求、弃权和其他通讯（均称为“通知”）必须采用书面形式。除与仲裁要求或寻求衡平法救济相关的通知外，根据本条款提供的任何通知均可以电子方式发送至客户地址或向 Anthropic 提供的其他授权地址；如果发送至 Anthropic，则发送至notices@anthropic.com。通知仅在以下情况下有效：(i) 接收方收到后，并且 (ii) 发出通知的一方已遵守本第 K.1 节（通知）的所有要求。
2. 电子通讯。客户同意接收来自 Anthropic 的基于客户对服务的使用情况以及与这些条款相关的电子通信。除非适用法律禁止，否则电子通信可能包括通过服务或客户管理仪表板或在 Anthropic 网站上发送的电子邮件。Anthropic 还可以通过文本或 SMS 提供有关客户使用服务的电子通信，或者根据客户向 Anthropic 提出的其他要求。如果客户希望停止接收此类消息，客户可以向 Anthropic 提出请求或回复任何此类短信“停止”。
3. 修正和修改。Anthropic 可以随时更新这些条款，更新在 Anthropic 发布更新后 30 天或客户以其他方式收到通知后生效，但为响应法律或法规变更而进行的更新在发布或通知后立即生效。更改不会追溯适用。除非以书面形式并经双方签署，否则对这些条款的任何其他修订或修改均无效。未能行使或延迟行使由这些条款产生的任何权利或补救措施现在和将来都不会被解释为放弃；任何单一或部分行使任何权利或补救措施均不会妨碍未来行使此类权利或补救措施。
4. 指派和委托。未经另一方事先书面同意，任何一方均不得转让其在本条款项下的权利或委托其义务，但 Anthropic 可以在出售其全部或大部分业务的过程中转让其权利并委托其义务。除上述允许的情况外，任何声称的转让或委托均无效。任何允许的转让或委托都不会免除缔约方或受让人在这些条款下的义务。这些条款将对双方及其各自允许的继承人和受让人具有约束力并符合其利益。
5. 可分割性。如果这些条款的某项规定在任何司法管辖区无效、非法或无法执行，则此类无效、非法或不可执行既不会影响这些条款的任何其他条款或规定，也不会导致此类条款或规定在任何其他司法管辖区无效或无法执行。一旦确定任何条款或其他规定无效、非法或不可执行，双方将真诚协商修改这些条款，以尽可能反映双方的初衷。
6. 解释。这些条款将相互解释，任何一方均不被视为起草者。提供文档和章节标题是为了方便起见，不会对其进行解释。短语“例如”或“包括”或“或”不是限制性的。
7. 适用法律。这些条款受加利福尼亚州法律管辖并根据加利福尼亚州法律解释，不影响任何法律选择条款。根据 H 节（争议）的规定，与这些条款相关的所有诉讼、行动或诉讼程序将仅在位于加利福尼亚州旧金山的联邦或州法院提起，并且各方不可撤销地服从其专属管辖权。
8. 出口和制裁。客户不得向个人或实体出口或向其提供对服务的访问权限，或向美国或其他适用国际法禁止的国家或地区出口或提供对服务的访问。在不限制上述句子的情况下，此限制适用于 (a) 在未事先获得适当许可证的情况下从美国出口或向该国家出口将被禁止或非法的国家，以及 (b) 受美国制裁的个人、实体或国家。
9. 一体化。这些条款（包括 AUP、DPA、模型定价页以及通过引用纳入这些条款的其他文件或条款）构成双方对服务的提供和使用的完整理解。这些条款取代双方之间有关服务的所有其他谅解或协议。如果客户也同意我们的服务条款，则以这些条款为准。
10. 不可抗力。任何一方均不对因超出其合理控制范围的情况而导致的未能履行或延迟履行承担责任。

 

 

附件 A：人择数据处理附录

本数据处理附录（“ DPA ”）适用于 Anthropic PBC，一家公益公司（“ Anthropic ”）及其与向客户提供 Anthropic 服务相关的个人数据处理（定义见参考本 DPA 的合同） Anthropic 已同意提供服务）。除非协议中另有明确规定，本 DPA 在协议的整个期限内有效并持续有效。Anthropic 和客户在此可各自称为“一方”或统称为“双方”。

1. 定义

• “客户关联公司”是指作为本协议受益人的客户关联公司。
• “适用的数据保护法”是指与个人数据的隐私、机密性或安全性相关的所有适用的法律、规则、法规和政府要求，这些法律、规则、法规和政府要求可能会不时修订或以其他方式更新。
• “控制者”具有以下含义（如适用）： (a) 适用数据保护法赋予“控制者”的含义；(b) 适用数据保护法赋予“业务”的含义。
• “涵盖数据”是指客户或客户关联公司共享的与提供服务相关的个人数据。“数据主体”是指其个人数据属于涵盖数据一部分的自然人。
• “数据主体请求”是指数据主体根据适用数据保护法行使其权利的请求。“GDPR”是指法规 (EU) 2016/679。
• “个人数据”是指以下任何数据或信息： (a) 与已识别或可识别的自然人关联或可合理关联；(b) 是“个人数据”、“个人信息”、“个人身份信息”或适用数据保护法下类似定义的数据或信息。
• “处理”是指对个人数据或个人数据集执行的任何操作或一组操作，无论是否通过自动方式。“进程”、“进程”和“已处理”将被相应地解释。
• “处理者”具有以下含义（如适用）： (a) 适用数据保护法赋予“处理者”的含义；(b) 适用数据保护法赋予“服务提供商”的含义。
• “安全事件”是指导致涵盖数据意外或非法破坏、丢失、更改、未经授权披露或未经授权访问（包括未经授权内部访问）的安全漏洞。
• "Services" means the services to be provided by Anthropic pursuant to the Agreement.
• "Standard Contractual Clauses" or “SCCs” means Module Two (controller to processor)and/or Module Three (processor to processor) of the Standard Contractual Clauses annexed to Commission Implementing Decision (EU) 2021/914.
• "Sub-processor" means an entity appointed by Anthropic, as a Processor, toProcess Covered Data on its behalf.
• “UK GDPR” has the meaning given under the Data Protection Act 2018 (UK).

2. GENERAL

1. This DPA is incorporated into and forms an integral part of the Agreement. If there is any conflict between this DPA and the Agreement relating to the Processing of Covered Data, this DPA shall govern. Customer acknowledges and agrees that Anthropic may amend this DPA from time to time on reasonable notice to Customer where such changes are required because of changes in Applicable Data Protection Laws.
2. Clauses 3 to 9 of this DPA apply to the extent Anthropic acts as a Processor on behalf of Customer with respect to the Covered Data.

3. DETAILS OF DATA PROCESSING

1. The details of the Processing of Covered Data (such as subject matter, duration, nature, and purpose of the Processing, categories of Personal Data and DataSubjects) are described in the Agreement and in Part B of Schedule 1 to this DPA.
2. Anthropic will only Process Covered Data in accordance with Applicable DataProtection Laws and on the documented instructions of Customer (including as set out in the Agreement and this DPA), unless required to do otherwise by applicable law to which Anthropic is subject, in which case Anthropic will, unless prohibited by applicable law, inform Customer of such legal requirement before Processing. Without limiting the foregoing, Anthropic is prohibited from:
   1. selling Covered Data or otherwise making Covered Data available to any third party for monetary or other valuable consideration;
   2. sharing Covered Data with any third party for cross-context behavioural advertising;
   3. retaining, using, or disclosing Covered Data outside of the direct business relationship and for any purpose other than for the business purposes specified in Part B of Schedule 1 or as otherwise permitted by Applicable Data Protection Laws; and
   4. except as otherwise permitted by Applicable Data Protection Laws, combining Covered Data with Personal Data that Anthropic receives from or on behalf of another person or persons, or collects from its own interaction with the Data Subject.
3. To the extent that any of the instructions provided by Customer to Anthropic in accordance with clause 3.b require Processing of Covered Data in a manner that falls outside the scope of the Services, Anthropic may:
   1. notify Customer that such instructions fall outside the scope of Services under theAgreement and not carry out such instructions, or at Anthropic’s election, make the performance of any such instructions subject to the payment by Customer of any costs and expenses incurred by Customer or such additional charges asCustomer may reasonably determine; or
   2. immediately terminate the Agreement and the Services.
4. Anthropic will promptly inform Customer if, in its opinion, an instruction from Customer relating to the Processing of Covered Data infringes Applicable Data Protection Law.
5. Customer hereby authorises and instructs Anthropic to Process Covered Data anywhere that Anthropic or its Sub-processors maintain facilities.
6. Anthropic will, at the request of Customer, provide assistance that is reasonable necessary for Customer to conduct and document any data protection assessments required under Applicable Data Protection Laws.
7. Customer will have the right to take reasonable and appropriate steps to ensure thatAnthropic uses Covered Data in a manner consistent with Customer’s obligations under Applicable Data Protection Laws.
8. Anthropic will ensure that each person authorised to process Covered Data is subject to a duty of confidentiality.
9. Customer acknowledges that Anthropic’s Services are not designed, intended, or provided for the purpose of making predictions regarding any Data Subject, determining creditworthiness, or any other manner of automated decision-making regarding Data Subject(s) to which the Covered Data relates.
10. Anthropic may charge Customer, and Customer will reimburse Anthropic, for any assistance provided by Anthropic to Customer in relation to this DPA, including with respect to any TIAs or consultation with any supervisory authority of Customer.

4. SUB-PROCESSORS

1. Customer grants Anthropic the general authorisation to engage the Sub-processors listed in Schedule 5, and any additional Sub-processors in accordance with clause 4.c.
2. Anthropic will: (i) enter into a written agreement with each Sub-processor imposing data protection obligations that are substantively no less protective of Covered Data than Anthropic’s obligations under this DPA; and (ii) remain liable for each Sub-processor’s compliance with the obligations under this DPA.
3. In the event that Anthropic wishes to appoint an additional Sub-processor: (a) Anthropic will provide Customer reasonable notice; and (b) Customer may, on the basis of reasonable data privacy and data security concerns, object to Anthropic’s use of such Sub-processor by providing Anthropic with written notice of the objection within ten (10) days of the date of such notice, otherwise the additional Sub-processor shall be deemed approved. In the event Customer objects to Anthropic’s use of a newSub-processor, Customer and Anthropic will work together in good faith to find a mutually acceptable resolution to address any objections raised by Customer.

5. DATA SUBJECT RIGHTS REQUESTS

1. Anthropic will forward to Customer promptly any Data Subject Request received byAnthropic relating to the Covered Data and may advise the Data Subject to submit their request directly to Customer.
2. Anthropic will, taking into account the nature of the Processing of Covered Data, provide Customer with reasonable assistance as necessary for Customer to fulfil its obligation under Applicable Data Protection Laws to respond to Data Subject Requests.

6. SECURITY

1. Accounting for the state of the art, costs of implementation and the nature, scope and context and purposes of the relevant Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Anthropic will implement and maintain reasonable and appropriate technical and organizational data protection and security measures designed to ensure a level of security for theCovered Data appropriate to the risk of the relevant Processing.
2. The Parties agree that the measures set out in Schedule 2 provide an appropriate level of security for the Covered Data, accounting for the risks presented by theProcessing outlined in the Agreement and this DPA.

7. AUDITS AND RECORDS

1. Upon request, Anthropic will make available to Customer information reasonably necessary to demonstrate compliance with this DPA.
2. To the extent required by Applicable Data Protection Legislation, Anthropic will permitCustomer (or a suitably qualified, independent third-party auditor which is not a competitor of Anthropic) to audit Anthropic’s compliance with this DPA no more than once per calendar year on at least thirty (30) days’ written notice to Anthropic (an “Audit”), provided that Customer (or Customer’s third-party auditor, as applicable):
   1. may only conduct an Audit during Anthropic’s normal business hours;
   2. will conduct the Audit in a manner that does not disrupt Anthropic’s business;
   3. enters into a confidentiality agreement reasonably acceptable to Anthropic prior to conducting the Audit;
   4. pays any reasonably incurred costs and expenses incurred by Anthropic in the event of an Audit;
   5. ensures that its personnel comply with any policies and procedures notified byAnthropic to Customer when attending Anthropic’s premises;
   6. submits, as part of the written notice provided by Customer to Anthropic, a detailed proposed audit plan which is agreed by Anthropic (an “Audit Plan”); and
   7. conducts the Audit in compliance with the final agreed Audit Plan.
3. Customer may use the results of an Audit only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of the DPA. Nothing in this clause 7 will require Anthropic to breach any duties of confidentiality it owes to third parties.

8. SECURITY INCIDENTS

1. Anthropic will notify Customer in writing without undue delay after becoming aware of any Security Incident. Anthropic will, to the extent reasonably necessary, cooperate with Customer’s investigation of the Security Incident. Anthropic’s notification of, or response to, a Security Incident will not be construed as an acknowledgement byAnthropic of any fault or liability with respect to the Security Incident.

9. DELETION AND RETURN

1. Anthropic will, in any event, within thirty (30) days of the date of termination or expiry of the Agreement (a) if requested to do so by Customer within that period, return a copy of all Covered Data or provide a self-service functionality allowing Customer to do the same; and (b) delete all other copies of Covered Data Processed by Anthropic or any Sub-processors.

10. STANDARD CONTRACTUAL CLAUSES

The Parties agree that, to the extent required by Applicable Data Protection Laws, the terms of the Standard Contractual Clauses Module 1 (Controller to Controller),Module Two (Controller to Processor) and/or Module Three (Processor to Processor),each as further specified in Schedule 3 of this DPA, are hereby incorporated by reference and will be deemed to have been executed by the Parties.

1. To the extent required by Applicable Data Protection Laws, the jurisdiction-specific addenda to the Standard Contractual Clauses set out in Schedule 3 are also incorporated herein by reference and will be deemed to have been executed by the Parties.
2. To the extent that there is any conflict between the terms of this DPA and the terms of the Standard Contractual Clauses, the Standard Contractual Clauses shall govern.
3. Anthropic will provide Customer reasonable support to enable Customer’s compliance with the requirements imposed on international transfers of Covered Data. Anthropic will, upon Customer’s request and at Customer’s cost, provide information toCustomer which is reasonably necessary for Customer to complete a transfer impact assessment ("TIA") to the extent required under Applicable Data Protection Laws.

SCHEDULE 1 - DETAILS OF PROCESSING AND TRANSFERS

PART A – List of Parties

The Parties are set out in the preamble to this DPA. With regard to any transfers of Covered Data falling within the scope of Applicable Data Protection Laws, additional information regarding the data exporter and data importer is set out below.

1. Data Exporter
   The data exporter is: Customer and/or Customer Affiliates exporting Covered Data to which the GDPR applies.The data exporter’s contact person’s name, position and contact details as well as (if appointed) the data protection officer’s name and contact details and (if relevant) the representative’s contact details are included in the Agreement or will be disclosed to Anthropic upon request.
2. Data Importer
   The data importer is: Anthropic PBC, 548 Market Street, PMB 90375, San Francisco, CA 94104, United States. The data importer’s contact person and contact details are included in theAgreement or will be disclosed to Customer upon request.

PART B – Description of Processing

1. Categories of Data Subjects - Determined by Customer (in accordance with the Agreement).
2. Categories of Personal Data - Determined by the Customer (in accordance with the Agreement).
3. Special categories of Personal Data (if applicable) - None.
4. Duration and Frequency of the Processing - The Processing is performed on a continuous basis for the duration of the Agreement and is determined by Customer’s configuration of the Services.
5. Subject matter and nature of the Processing - Performing the Services on behalf ofAnthropic which involves Processing (including collection, storage, organisation and structuring) of Personal Data as part of a natural language-based, machine-learning tool, as further described in the Agreement; undertaking activities to verify or maintain the quality of the Services; debugging to identify and repair errors that impair existing intended functionality; helping to ensure security and integrity of the Services.
6. Purpose(s) of the data transfer and further Processing - To provide the Services to Customer pursuant to the Agreement and as may be further agreed upon by Customer and Anthropic.
7. Storage Limitation - The duration is the term of the Agreement.
8. Sub-processor (if applicable) - To provide Processing system capability toAnthropic (as described in Schedule 4) to provide the Services described in theAgreement.

PART C – Competent Supervisory Authority

Identify the competent supervisory authority/ies in accordance with clause 13 of the SCCs

Where the data exporter is established in an EU Member State: The supervisory authority of the country in which the data exporter established is the competent authority.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of the GDPR in accordance with its Article 3(2) and has appointed a representative pursuant to Article 27(1) of the GDPR: The competent supervisory authority is the one of the Member State in which the representative is established.

Where the data exporter is not established in an EU Member State, but falls within the territorial scope of application of the GDPR in accordance with its Article 3(2) without, however, having to appoint a representative pursuant to Article 27(2) of the GDPR: The competent supervisory authority is the supervisory authority of Ireland.

SCHEDULE 2 - TECHNICAL AND ORGANIZATIONAL MEASURES

Anthropic has implemented the following technical and organizational measures (including any relevant certifications) to ensure an appropriate level of security, accounting for the nature, scope, context, and purpose of the processing, as well as the risks for the rights and freedoms of natural persons:

1. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of Anthropic’s information security program.
2. Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Anthropic’s organization, monitoring and maintaining compliance with Anthropic’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
3. Utilization of commercially available and industry standard encryption technologies for Covered Data that is:
   1. being transmitted by Anthropic over public networks (i.e., the Internet) or when transmitted wirelessly; or
   2. at rest or stored on portable or removable media (i.e., laptop computers,CD/DVD, USB drives, back-up tapes).
4. Data security controls which include at a minimum, but may not be limited to, logical segregation of data, logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking/changing access promptly when employment terminates or changes in job functions occur).
5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that Anthropic’s passwords that are assigned to its employees; controls include appropriate password security requirements, and specific time and use limitations for passwords.
6. System audit or event logging and related monitoring procedures to proactively record user access and system activity for routine review.
7. Physical and environmental security of data center, server room facilities and other areas containing Covered Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of
   Anthropic facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.
8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems according to prescribed internal and adopted industry standards, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Anthropic’s possession.
9. Change management procedures and tracking mechanisms designed to test, approve, and monitor all changes to Anthropic’s technology and information assets.
10. Incident / problem management procedures designed to allow Anthropic to investigate, respond to, mitigate, and notify of events related to Anthropic’s technology and information assets.
11. Network security controls that provide for the use of firewall systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
12. Vulnerability assessment, patch management and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.
13. Business resiliency/continuity plan and procedures designed to maintain service and/or recovery from foreseeable emergency situations or disasters.

SCHEDULE 3 - INTERNATIONAL TRANSFERS

EU SCCS

Elections for the purposes of Module 1, Module Two and Module Three of the Standard ContractualClauses:

1. Clause 7 (Docking clause) – does not apply.
2. Clause 11 (Redress) – optional wording does not apply.
3. Clause 17 (Governing Law) – Option 1 will apply and the governing law will be the law of the Republic of Ireland.
4. Clause 18 (Choice of forum and jurisdiction) – the applicable choice of forum and jurisdiction will be the Republic of Ireland.
5. For the purpose of Annex I of the Standard Contractual Clauses, Part A of Schedule 1contains the specifications regarding the parties, Part B of Schedule 1 contains the description of transfer for Module Two and Module Three, and Part B of Schedule 1 contains the description of transfer for Module 1 except that the purpose, nature and subject matter of the processing shall be as set out in clause 2.3, and Part C of Schedule1 contains the competent supervisory authority.
6. For the purpose of Annex II of the Standard Contractual Clauses, Schedule 2 contains the technical and organizational measures.

Additional elections for the purposes of Module Two and Module Three of the Standard ContractualClauses:

1. Clause 9 (Use of sub-processors) – Option 2 (General written authorization) will apply, and the time period is as specified in clause 4.c of the DPA.
2. For the purpose Annex III of the Standard Contractual Clauses, the list of Sub-processors are set out in Schedule 4 or as otherwise determined by clause 4.c of the DPA. The Sub-processor’s contact person’s name, position and contact details will be provided by Anthropic upon request.

UK ADDENDUM

This UK Addendum will apply to any Processing of Covered Data that is subject to the UK GDPR or both the UK GDPR and the GDPR. For the purposes of this UK Addendum:

“Approved Addendum” means the template addendum, version B.1.0 issued by the UK Information Commissioner under S119A(1) Data Protection Act 2018 and laid before the UK Parliament on 2February 2022, as it may be revised according to Section 18 of the Mandatory Clauses.

“Mandatory Clauses” means “Part 2: Mandatory Clauses” of the Approved Addendum.

1. With respect to any transfers of Covered Data falling within the scope of the UK GDPR from Customer (as data exporter) to Anthropic (as data importer):
   1. to the extent necessary under Applicable Data Protection Law, the ApprovedAddendum as further specified in this UK Addendum of this Schedule 3 will be incorporated into and form part of this DPA;
   2. for the purposes of Table 1 of Part 1 of the Approved Addendum, the parties’ details are as set out in Part A of Schedule 1;
   3. for the purposes of Table 2 of Part 1 of the Approved Addendum, the version of the Approved EU SCCs as set out in the EU SCCs of this Schedule 3 including the Appendix Information are the selected SCCs; and
   4. for the purposes of Table 4 of Part 1 of the Approved Addendum, Anthropic (as data importer) may end the Approved Addendum.

SWISS ADDENDUM

This Swiss Addendum will apply to any Processing of Covered Data that is subject to Swiss Data Protection Laws (as defined below) or to both Swiss Data Protection Laws and the GDPR.

1. Interpretation of this Addendum
   1. Where this Addendum uses terms that are defined in the Standard Contractual Clauses, those terms will have the same meaning as in the Standard Contractual Clauses. In addition, the following terms have the following meanings:
      1. This Addendum: This Addendum to the Clauses
      2. Clauses: The Standard Contractual Clauses as further specified in this Schedule
      3. Swiss Data Protection Laws: The Swiss Federal Act on Data Protection of 19 June 1992 and the Swiss Ordinance to the Swiss Federal Act on Data Protection of 14 June 1993, and any new or revised version of these laws that may enter into force from time to time.
   2. This Addendum will be read and interpreted in the light of the provisions of SwissData Protection Laws, and so that if fulfils the intention for it to provide the appropriate safeguards as required by Article 46 GDPR and/or Article 6(2)(a) of the Swiss Data Protection Laws, as the case may be.
   3. This Addendum will not be interpreted in a way that conflicts with rights and obligations provided for in Swiss Data Protection Laws.
   4. Any references to legislation (or specific provisions of legislation) means that legislation (or specific provision) as it may change over time. This includes where that legislation (or specific provision) has been consolidated, re-enacted and/or replaced after this Addendum has been entered into.
2. Hierarchy
   In the event of a conflict or inconsistency between this Addendum and the provisions of theClauses or other related agreements between the Parties, existing at the time this Addendum is agreed or entered into thereafter, the provisions which provide the most protection to Data Subjects will prevail.
3. Incorporation of the Clauses
   1. In relation to any Processing of Personal Data subject to Swiss Data ProtectionLaws or to both Swiss Data Protection Laws and the GDPR, this Addendum amends the DPA the Standard Contractual Clauses to the extent necessary so they operate:
      1. for transfers made by the data exporter to the data importer, to the extent thatSwiss Data Protection Laws or Swiss Data Protection Laws and the GDPR apply to the data exporter’s Processing when making that transfer; and
      2. to provide appropriate safeguards for the transfers in accordance with Article 46 of the GDPR and/or Article 6(2)(a) of the Swiss Data Protection Laws, as the case may be.
   2. To the extent that any Processing of Personal Data is exclusively subject to Swiss Data Protection Laws, the amendments to the DPA including the SCCs, as further specified in this Schedule and as required by clause 3.1 of this Swiss Addendum, include (without limitation):
      1. References to the "Clauses" or the "SCCs" mean this Swiss Addendum as itamends the SCCs.
      2. Clause 6 Description of the transfer(s) is replaced with: "The details of the transfer(s), and in particular the categories of Personal Data that are transferred and the purpose(s) for which they are transferred, are those specified in Schedule 1 of this DPA where Swiss Data Protection Laws apply to the data exporter’s Processing when making that transfer."
      3. References to "Regulation (EU) 2016/679" or "that Regulation" or “GDPR" are replaced by "Swiss Data Protection Laws" and references to specific Article(s)
         of "Regulation (EU) 2016/679" or "GDPR" are replaced with the equivalent Article or Section of Swiss Data Protection Laws to the extent applicable.
      4. References to Regulation (EU) 2018/1725 are removed.
      5. References to the "European Union", "Union", "EU" and "EU Member State" are all replaced with "Switzerland".
      6. Clause 13(a) and Part C of Annex I are not used; the "competent supervisory authority" is the Federal Data Protection and Information Commissioner (the "FDPIC") insofar as the transfers are governed by Swiss Data ProtectionLaws;
      7. Clause 17 is replaced to state: "These Clauses are governed by the laws ofSwitzerland insofar as the transfers are governed by Swiss Data Protection Laws".
      8. Clause 18 is replaced to state: "Any dispute arising from these Clauses relating to Swiss Data Protection Laws will be resolved by the courts ofSwitzerland. A Data Subject may also bring legal proceedings against the data exporter and/or data importer before the courts of Switzerland in which he/she has his/her habitual residence. The Parties agree to submit themselves to the jurisdiction of such courts."

在修订后的瑞士数据保护法生效之前，这些条款还将保护法人实体的个人数据，并且法人实体将获得与自然人相同的条款保护。

1. 如果任何个人数据处理均受瑞士数据保护法和 GDPR 的约束，则 DPA（包括本附表中进一步规定的条款）将适用 (i) 按原样，以及 (ii) 此外，如果传输受瑞士数据保护法（经本瑞士附录第 3.1 和 3.3 条修订）的约束，唯一的例外是 SCC 第 17 条不会按照本瑞士附录第 3.3(b)(g) 条的规定被替换。
2. 客户保证其和/或客户关联公司已按照瑞士数据保护法的要求向 FDPIC 发出任何通知。

附表 4 - 分处理者

Anthropic 的子处理者列表可在https://www.anthropic.com/subprocessors上找到。

 

• 克洛德
• 应用程序编程接口
• 研究
• 公司
• 顾客
• 消息
• 职业机会

• 媒体查询
• 支持
• 地位
• 推特
• 领英

• 服务条款 - 消费者
• 服务条款 – 商业
• 隐私政策
• 可接受的使用政策
• 负责任的披露政策
• 遵守

© 2024 人类 PBC

 

 

Ctrl+M