Privacy Policy

Introduction

taichidtx.com website is owned and administered by GlobalMD.

By using the  taichidtx.com website, you (“The User”) accept the terms of this Privacy Policy. If you The User do not agree to its terms, please do not use the website, nor any of the other websites operated by GlobalMD and associated with taichidtx.com

Background to the General Data Protection Regulation (‘GDPR’)

The purposes of General Data Protection Regulation 2016 is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.

 

The Definitions of Terms in the GDPR and used by taichidtx.com can be found at:

https://easygdpr.eu/gdpr-article/4/#:~:text=GDPR%20Article%204%20Paragraph%2014,such%20as%20a%20name%2C%20an   

 

The full GDPR regulations and directive can be viewed here:

https://gdpr-info.eu/ 

The chief regulations fall briefly under the following headers:

  • Material scope (Article 2) 
  • Territorial scope (Article 3)

Article 4 definitions

  • Establishment 
  • Personal data
    • Special categories of personal data
  • Data controller
  • Data subject
  • Processing
  • Profiling
  • Personal data breach 
  • Data subject consent.
  • Child 
  • Third-party
  • Filing system

 

POLICY STATEMENT

The Chief Officer at taichidtx.com is committed to compliance with all relevant law, in respect of personal data, and regarding the protection of the “rights and freedoms” of individuals whose information taichidtx.com collects and processes in accordance with the General Data Protection Regulation (GDPR), and other law, regulation and directives as these provide reasonable and practically attainable requirements.

Since GDPR is at the present time the most far-reaching, comprehensive, and stringent among such regulation; this policy of taichidtx.com is made so as to comply to the terms of the GDPR. Other relevant policies of taichidtx.com are also described briefly herein

The GDPR and the taichidtx Information Security Policy concern all of taichidtx.com’s personal data processing, including that of customers’, clients’, employees’, suppliers’ and partners’ personal data, as well as of any other personal data which taichidtx.com might processes and come from any source.

taichidtx.com has in place established objectives for data protection and privacy

taichidtx has an appointed Data Protection Officer (DPO) / GDPR Owner who is responsible for reviewing the register of personal data at the least annually, and also to consider this register in the light of any changes to taichidtx.com’s activities. 

The taichidtx.com DPO is authorised to make changes to the data inventory register and these will be verified by way of a taichidtx.com general management review. The DPO shall also accommodate any additional requirements s/he identifies by means of the performance of data protection impact assessments. 

The taichidtx.com inventory register is available on request to any relevant lawful supervisory authority.

This taichidtx.com privacy policy applies to all its employees/staff and, insofar as its conditions impact via taichidtx on taichidtx’s clientèle, and on third-parties including associates, such as outsourced suppliers; it applies to all interested parties of taichidtx.com,. Any breach of the regulations of GDPR or of the taichidtx.com Personal Information Security Policy will be dealt with under taichidtx.com’s disciplinary policy; and since such a breach might also constitute a criminal offense, if this is the case then taichidtx will report the matter to the appropriate authorities.

Partners and any third parties working with or for taichidtx.com, and who have or may have access to personal data held by taichidtx.com, will be expected to have read, understood, and to have complied with this taichidtx.com Privacy and Security Policy.  No third party shall be given access to personal data held by taichidtx.com without that party having beforehand entered into a written signed and dated data confidentiality and security agreement as being a document of reference.  It will be a document that imposes upon the said third party that set of Privacy and Security rules regulations and obligations being no less onerous than those to which taichidtx.com itself is committed as laid out here and below here.  It is also an agreement that allows taichidtx.com a free right to inspect and to audit at any time and without notice that third party’s full compliance with the set of Privacy and Security rules etc as agreed to in said written agreement.

taichidtx.COM: PERSONAL INFORMATION MANAGEMENT SYSTEM (PIMS)

To support compliance with the GDPR etc, The Chief Officer of taichidtx.com makes use of a documented Personal Information Management System (‘PIMS’) 

All employees/staff at taichidtx.com, and also certain external (third) parties, canot operate without having received, and are required to have received, appropriate training. 

In determining its scope for compliance with the GDPR etc, taichidtx.com takes into consideration of: 

  1. Any external and internal issues that are relevant to the purpose of taichidtx.com 
  2. And that affect its ability to achieve the intended outcomes of its PIMS and of its GDPR etc obligations; 
  3. Or which impede the specific needs and expectations of any and all interested parties, 
  4. And all of the above which are relevant to the implementation of the taichidtx.com PIMS, and of GDPR, etc compliance
  5. And also to the implementation of taichidtx.com’s organizational objectives and obligations; 
  6. And which may impinge on the taichidtx.com organization’s acceptable level of risk; 
  7. And as well as taichidtx.com takes into consideration any and all of its applicable statutory, regulatory, or contractual obligations.

taichidtx.com’s objectives for compliance with the GDPR etc and with a PIMS: 

  1. are consistent with this policy; 
  2. they are measurable; 
  3. they take into account GDPR and other privacy and security requirements; 
  4. and the results from risk assessments and from risk treatments; 
  5. they are monitored; 
  6. they are communicated; 
  7. they are updated as appropriate; 
  8. and taichidtx.com documents those objectives in its PIMS and in its GDPR etc Objectives Record.

In order to achieve the aims and objectives contained in and implied in the above statements, taichidtx.com has determined: 

  1. what is to be done; 
  2. what resources are to be required; 
  3. who it is who will be responsible to do this; 
  4. and by when these actions shall be completed; 
  5. and how their results shall be evaluated.

taichidtx.COM: RESPONSIBILITIES AND ROLES 

    under 

THE GENERAL DATA PROTECTION REGULATION

 

taichidtx.com is a data controller and/or data processor under the GDPR.

Compliance with data protection legislation is the responsibility of all personnel at taichidtx.com 

Personnel at taichidtx.com are responsible for ensuring that any personal data about them supplied by them to taichidtx.com is accurate and up-to-date.

 

Data protection principles

All processing of personal data must be conducted in accordance with the data protection principles as set out in Article 5 of the GDPR. taichidtx.com’s policies and procedures are designed to ensure compliance with the principles. For a summary of these principles see:

https://gdpr-info.eu/art-5-gdpr/ 

 

Transparency

The GDPR has increased requirements about what information should be available to data subjects and covered this in the ‘Transparency’ requirement.

Transparently – the GDPR includes rules on giving privacy information to data subjects in Articles 12, 13, and 14. Please review these these pages:

https://gdpr-info.eu/art-12-gdpr/ 

https://gdpr-info.eu/art-13-gdpr/

https://gdpr-info.eu/art-14-gdpr/

 

These pages give guidance on how to request to see the data held concerning you.

https://dpnetwork.org.uk/right-access-gdpr/

Personal data can only be collected for specific, explicit, and legitimate purposes.

 

The responsibilities of Data Holders (in this case taichidtx.com) under GDPR can be viewed at:

https://gdpr-info.eu/art-24-gdpr/

  1. These duties include website security against internal and external unauthorized penetrations and the purloining of GDPR-held data.
  2. They also include taichidtx.com offering proper training and putting in place administrative systemic protections against misplacing, mishandling, and such, of GDPR-held data, by its people 
  3. These controls have been selected on the basis of identified risks to personal data, and the potential for damage or distress to individuals whose data is being processed.

The Data Controller must be able to demonstrate compliance with the GDPR’s  principles of accountability

The GDPR includes provisions that promote accountability and governance. These provisions can be read at:

https://gdpr-info.eu/art-5-gdpr/

 

Data Subjects’ Rights

Data subjects have rights regarding data processing, and regarding the data that is recorded about them: These rights can be viewed here:

https://gdpr-info.eu/chapter-3/ 

Data subjects have a right to complain to taichidtx.com related to the processing of their personal data, the handling of a request from a data subject and appeals from a data subject on how complaints have been handled in line with the Complaints Procedure.

 

Consent

The GDPR requirements for a data subject to have been deemed as having given her/his consent to taichidtx.com to hold his/her personal data are to be read at:

https://gdpr.eu/gdpr-consent-requirements/ 

 

Disclosure of data

The following pages give a review of those data unable to be disclosed under GDPR

https://gdpr-info.eu/art-48-gdpr/  

Whenever your data is disclosed by taichidtx.com (for instance upon a legal courtroom demand) you can read your rights to be informed about this here:

https://gdpr-info.eu/issues/right-to-be-informed/ 

 

Retention and disposal of data

There are rights to have your personal data erased which can be viewed here:

https://gdpr-info.eu/art-17-gdpr/ 

How long data may be kept by taichidtx.com and other similar concerns are dealt with here:

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/principles-gdpr/how-long-can-data-be-kept-and-it-necessary-update-it_en  

 

Data transfers

The rules governing any transfer to a third party of your data are here:

https://gdpr-info.eu/chapter-5/ 

 

An adequacy decision

A list of countries that currently satisfy the adequacy requirements of the Commission are published in the Official Journal of the European Union. http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm

 

Privacy Shield

If taichidtx.com wishes to transfer personal data from the EU to an organization in the United States it should check that the organization is signed up with the Privacy Shield framework at the U.S. Department of Commerce.  See page at: https://www.privacyshield.gov/welcome 

The obligations applying to companies under the Privacy Shield are contained in the “Privacy Principles”. The US DOC is responsible for managing and administering the Privacy Shield and ensuring that companies live up to their commitments. In order to be able to certify, companies must have a privacy policy in line with the Privacy Principles e.g. use, store, and further transfer personal data according to a strong set of data protection rules and safeguards. The protection given to personal data applies regardless of whether the personal data is related to an EU resident or not. Organizations must renew their “membership” to the Privacy Shield on an annual basis. If they do not, they can no longer receive and use personal data from the EU under that framework.

 

An important concept in such Data Transfers under Privacy Shield is the decision on – Assessment of Adequacy of means and destination to be made beforehand to transfer data by a data controller. Look up this concept at the Privacy Shield website pages if you are concerned at: https://www.privacyshield.gov/welcome 

 

Information asset register/data inventory

As recorded of movements, and transactions of, quantities of, and changes to GDPR held data applies under GDPR to taichidtx.com and to its administrators, please see these pages:

https://gdpr-info.eu/art-30-gdpr/ 

The issues concerning risk and held data under GDPR are laid out at these pages: https://gdpr.eu/data-protection-impact-assessment-template/ 

taichidtx.com shall do all that is practically and reasonably possible to contain these risks and adhere to GDPR rules governing their containment

In this regard, The Data Protection Officer (DPO) / GDPR Owner at taichidtx.com shall, if there are significant concerns, either as to the potential damage or distress, or the quantity of data concerned, escalate the matter to the supervisory authority.

Appropriate controls will be selected, as appropriate, and applied to reduce the level of risk associated with processing individual data to an acceptable level, and to the requirements of the GDPR.

 

Document Owner and Approval

The taichidtx.com Data Protection Officer (DPO) / GDPR Owner is the owner of this document and shall keep this policy document under review in line with the GDPR review requirements.

This policy was last updated on Dec 20 2020 date and is to be issued on a version-controlled basis.  Please refer to the taichidtx.com website with regular frequency so as to be aware of updated versions of this Privacy Policy having been made and published here. 

Such updated versions will take effect upon their publication at the taichidtx.com website.