personal data refers to information that can be used to confirm the identity of individuals when being used separately or in combination with other information. such data might be submitted to us directly by you when you are using our websites, products or services or when you are interacting with us, or might be obtained by us through recording how you are interacting with our websites, products or services, by using techniques such as cookie. the data collected by us depends on the websites you visited or the products and services you used, and might include names, addresses, emails, and telephone numbers. our purpose of collecting such personal data is to get in touch with you in order to provide corresponding services or send important notices.
mind electronics appliance co., ltd and its subsidiaries around the globe (hereinafter referred to as " mind ", "we" or "our" for short) really knows the importance of personal data to customers and users. for this purpose, mind attaches great importance the protection of personal data of customers and users, and has taken a series of measures to ensure that relevant businesses comply with applicable personal data protection requirements (such as gdpr).
2.1 to ensure the effective implementation of personal data protection requirements, mind has appointed a data protection officer (dpo).
2.2 mind adopts the industry-recognized personal data protection approaches and practices. in the gdpr-applicable business scenarios, mind has introduced the data protection impact assessments (dpia) approach to evaluate and mitigate the security risks of personal data in products and services.
2.2.1 mind requires a full assessment of the personal data is involved in products and services, and projects involving the personal data must undergo dpia;
2.2.2 projects involving personal data must create data lists and data flow diagrams;
2.2.3 projects involving personal data must identify possible risks in the data processing procedures (including collection, use, storage, sharing, deletion, etc.), and take corresponding measures (including administrative, physical and technical measures) according to the risk level;
2.2.4 after the implementation of the dpia, the corresponding report must be output and approved by the dpo.
2.3 mind has implemented technical measures including ids, access control, encryption, data leakage prevention, anti-spam, terminal security protection, vulnerability scanning, etc., and has conducted the penetration testing to verify the effectiveness of these measures.
2.4 mind has established an emergency response mechanism for personal data breaches. once a personal data breach occurs, mind will immediately initiate an emergency response process, strive to minimize the possible losses caused by personal data breaches and ensure that the affected persons are appropriately informed.
2.6 to ensure compliance, mind has implemented and will continuously conduct necessary technical and process audits on personal data protection.
personal data protection is not only a legal requirement, but also a social responsibility of mind. we will continue to optimize our products and services to ensure security and privacy, and reduce the risk of personal data protection for customers and users.
3、updates to this policy