What is GDPR?
The GDPR (General Personal Information Protection Regulation) is a European data protection law that came into force in May 2018. It regulates how personal data of individuals in the EU may be collected, used and processed. A key part of GDPR compliance is ensuring that your personal data processors have security best practices in place to protect personal data.
The General Data Protection Regulation replaces the EU Data Protection Directive and aims to harmonize data protection laws across the European Union by applying a single data protection law that is binding in all EU member states.
The GDPR applies to all processing of personal data either by entities that have an establishment in the EU or by entities that process personal data of EU residents when they offer goods or services to EU residents or monitor the behavior of EU residents in the EU. Personal data means any information relating to an identified or identifiable natural person.
Controller: the entity which is responsible for the decision regarding the processing of personal data and which has a direct relationship with the data subject.
Data processor: the natural or legal person responsible for processing personal data on behalf of the controller. The GDPR significantly changes the level of responsibility and accountability of data processors. Under the GDPR, data processors are directly liable and subject to regulatory enforcement and civil lawsuits. The GDPR also imposes legal obligations regarding processing records, data breach notification procedures, and erasure of personal data.
Processing: any operation or set of operations which is performed upon personal data, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
GDPR compliance
We are responsible for taking appropriate measures to ensure and be able to demonstrate that the processing of personal data is carried out in accordance with the GDPR.
We are committed to actively improving the overall security of our systems through ongoing improvements and consistent monitoring in accordance with the GDPR.
- Data Security:
We have put in place electronic and technical procedures and controls to protect your personal information and prevent unauthorized access and ensure the security of your personal information. We currently use these security measures to protect your personal data:
(1) Security Measures
The security measures we apply to Bytello products (such as Bytello Share, Bytello Class, Bytello DMS) are as follows:
-
-
-
- Security transmission protocol:such as https, security private protocol and so on;
- Encryption algorithm: such as AES and etc;
- Multiple encryption, de-identification and other security measures for sensitive personal data;Strict access control measures to prevent unauthorized access.
(2) Certificates of Conformity
To better protect your personal information, we have obtained the following certification:- Certification of the information security management system (ISO/IEC 27001:2013)
- Certification of the data protection management system (ISO/IEC 27701:2019)
- Certification of the management system for information security services (ISO/IEC 20000-1:2018)
- Information Security Services Qualification Certification (CCRC-ISV-C01:2018).
- Certification of software process capability and maturity (SJ/T11235-2001)In addition, we have been successfully assessed using the SCAMPI(V1.3) assessment method (CMMI: Capability Maturity Model Integration) and rated at maturity level 5 according to CMMI-DEV(V1.3).
(3) Reliable and trusted third party compliance program.
We use reliable and trustworthy technical service providers and their compliance programs, such as AWS, Azure, etc.
-
- Data Awareness:
We maintain records of our data processing activities that form the basis for data protection compliance.
- Data Deletion and Retention:
We provide an account deletion feature to comply with the GDPR, and we retain your data for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted.
- Data subjects' rights:
We have developed data subject rights procedures to ensure that we provide you with adequate and appropriate assistance in exercising your rights under the GDPR.
- Transparency:
Our privacy policy helps ensure compliance with GDPR regulations and improves our transparency to you.
-
Data Protection Officer
We have appointed an internal Data Protection Officer (DPO) to oversee and advise on our data management. We involve our DPO in all personal data protection issues in a timely manner. Our DPO reports directly to our top management and has the necessary independence to perform his or her duties.
If you have any questions or concerns about our privacy policies or practices, you may contact our Privacy Officer by email at. DPODPO@cvte.com.
Our commitment to you
The following is our commitment to you:
- Our Privacy Policy sets out how we process your personal data. We make sure you understand how your personal data is used and the choices you have through in-product notifications;
- Go beyond the letter of the law when handling your data and adopt best practice standards;
- Be open with you about how we use your personal information;
- To give you control over how your personal information is used.
- We limit your personal information to the minimum necessary and delete it when we no longer need it;
- Make sure your personal information is kept secure.
Contact
We want to ensure that your concerns are addressed effectively, so we will respond to any questions you may have.
If you have any concerns or doubts about this statement, please contact us in the following manner:
E-mail address of the data protection officer: DPO@cvte.com;
Postal address: 246 Shenzhou Road, Science Park, Huangpu District, Guangzhou City, Guangdong Province P.R.China.