1. Personal Data
Personal data refers to the information that can identify an individual when it is used separately or in combination with other information. Such data will be collected from you when you use our website, products or services or interact with us, or acquired by recording your interaction with our website, products or services, for example, through technologies such as the Cookies. The data that we collect depends on the website that you visit or the products or services you use, which may include your name, address, email address, phone number and other personal data. We collect such personal data to reach you, so as to provide corresponding services (including commercial services) or send important notices and commercial electronic notices to you.
Absea Biotechnology Ltd. and its affiliates worldwide (hereinafter referred to as “Absea”, “We” or “Our”) are deeply aware of the significance of personal data to our clients and users. Therefore, Absea has attached great importance to the protection of the personal data of our clients and users, and taken a series of measures to ensure that relevant businesses comply with the applicable personal data protection requirements (including General Data Protection Regulation (GDPR)).
2.1 For the effective implementation of such personal data protection requirements, Absea has appointed a data protection officer (DPO).
2.2 Absea has adopted the industry-recognized personal data protection methods and practices. In business scenarios where the GDPR is applicable, Absea has adopted the data protection impact assessment (DPIA) method to assess and reduce the personal data security risks in our products and services.
2.2.1 Absea requires that the personal data involved in our products and services be fully assessed, and the projects involving personal data must be subject to DPIA.
2.2.2 The projects involving personal data must be include a data list and a data flow diagram;
2.2.3 The potential risks in data processing (including data collection, application, storage, sharing, and deletion) of the projects involving personal data must be identified, and corresponding measures (including management, physical and technical measures) must be taken according to the risk level.
2.2.4 Upon completion of the DPIA, the corresponding report must be output and approved by the DPO.
2.3 Absea has implemented numerous technical means including intrusion detection, access control, encryption, data leakage prevention, anti-spam, terminal security protection and vulnerability scanning, and tested the effectiveness of personal data protection measures through penetration tests.
2.4 Absea has established an emergency response mechanism for personal data leakage. In the event of personal data leakage, Absea will immediately initiate the emergency response process in an effort to reduce the loss that may be caused by such leakage and ensure that the affected personnel are properly notified.
2.5 Absea has established a continuous privacy policies training mechanism for employees to ensure that every employee involved in the GDPR can accurately understand the legal principles of data protection based on their specific job responsibilities, and strictly implement the systems and processes applicable to the company.
2.6 For compliance, Absea has implemented necessary audits on the technologies and processes for personal data protection.
Personal data protection is not only a legal requirement, but also a corporate social responsibility. Absea will continue to optimize our products and services to ensure security and privacy and reduce the personal data protection risks to our clients and users.
3. Policy Update
This English translation is provided for informational purposes only. In the event of any legal assessment or interpretation, the original Chinese version shall prevail.