Privacy Policy
1.Personal Data
Personal data refer to the information that can identify an individual when used alone or in combination with other information. Such data may be submitted to us by your side when you use our website, products or services, and when you interact with us, or we obtain it by recording how you interact with our website, products or services, for example, through such technologies as cookies. The data we collect depends on the website you visit or the products and services you use and may include personal data of name, address, email address, phone number, etc. We collect personal data for the purpose of contacting you in order to provide appropriate services or send important notices, etc.
2.Privacy Policy
Shanghai RASS Blood Products Co., Ltd. and its subsidiaries worldwide (hereinafter referred to as "[Shanghai RASS] [Tonrol Biopharmaceutical] [Haikang Biopharmaceutical] [Zhengzhou RASS]", "we" or "ours") are aware of the importance of personal data to our customers and users. For this reason, Shanghai RASS Blood Products Co., Ltd. takes the protection of customers' and users' personal data very seriously and has taken a series of measures to ensure that the relevant business complies with the applicable personal data protection requirements (e.g. GDPR).
2.1 In order to ensure effective implementation of personal data protection requirements,Shanghai RASS Blood Products Co., Ltd. has appointed a Data Protection Officer (DPO).
2.2 Shanghai RASS Blood Products Co., Ltd. has adopted industry-recognized personal data protection methods and practices. In business scenarios where the GDPR applies, Shanghai RASS Blood Products Co., Ltd. uses the Data Protection Impact Assessment (DPIA) methodology to assess and mitigate personal data security risks in products and services.
2.2.1 Shanghai RASS Blood Products Co., Ltd. requires that personal data involved in products and services be fully assessed and that items involving personal data be subject to a DPIA;
2.2.2 Items involving personal data shall establish a data inventory and data flow diagram;
2.2.3 Projects involving personal data shall identify potential risks in data processing (including the processes of collection, use, storage, sharing, deletion, etc.) and take appropriate measures (including administrative, physical and technical measures) according to the risk level.
2.2.4 After the execution of DPIA, the corresponding output report shall be accompanied and approved by DPO.
2.3. Shanghai RASS Blood Products Co., Ltd. implements technical measures including intrusion detection, access control, encryption, data leakage prevention, anti-spam, endpoint security protection, vulnerability scanning, etc., and tests the effectiveness of personal data protection measures through penetration test.
2.4. Shanghai RASS Blood Products Co., Ltd. has established a personal data leakage emergency response mechanism. In the event of a personal data leakage, Shanghai RASS will immediately initiate the emergency response process in an effort to reduce the potential loss caused by the personal data leakage and ensure that the affected personnel are duly notified.
2.5. Shanghai RASS Blood Products Co., Ltd. has established an ongoing employee training mechanism on privacy policy to ensure that each employee involved in GDPR accurately understands the legal principles of data protection based on his or her specific job responsibilities and strictly enforces the company’s applicable systems and processes.
2.6. To ensure compliance, Shanghai RASS Blood Products Co., Ltd. has implemented the necessary technical and process audits for personal data protection.
Personal data protection is not only a legal requirement, but also a corporate social responsibility. Shanghai RASS will continue to optimize its products and services to ensure security and privacy and to reduce the risk of personal data protection for customers and users.
3.Policy Update
Shanghai RASS reserves the right to update or modify this policy from time to time. If changes are made to this policy, we will post the latest version of this policy here. In case of material changes made to our privacy policy, we may also send you notice thereof through various channels, such as posting a notice on our website or giving you a separate notice.