taiflow.com website is owned and administered by The Abwebzone Company, a Limited Liability Company, registered in the country of Panama and having its offices at: SL55 Piso 27 Via Samuel Lewis, Bella Vista, Panama. You may contact The Company via email at [email protected]
Background to the General Data Protection Regulation (‘GDPR’)
The purposes of General Data Protection Regulation 2016 is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
The Definitions of Terms in the GDPR and used by Taiflow.com can be found at:
The full GDPR regulations and directive can be viewed here:
The chief regulations fall briefly under the following headers:
- Material scope (Article 2)
- Territorial scope (Article 3)
Article 4 definitions
- Personal data
- Special categories of personal data
- Data controller
- Data subject
- Personal data breach
- Data subject consent.
- Third party
- Filing system
The Chief Officer at Taiflow.com is committed to compliance with all relevant law, in respect of personal data, and regarding the protection of the “rights and freedoms” of individuals whose information Taiflow.com collects and processes in accordance with the General Data Protection Regulation (GDPR), and other law, regulation and directives as these provide reasonable and practically attainable requirements.
Since GDPR is at the present time the most far-reaching, comprehensive, and stringent among such regulation; this policy of Taiflow.com is made so as to comply to the terms of the GDPR. Other relevant policies of Taiflow.com are also described briefly herein
The GDPR and the Taiflow Information Security Policy concern all of Taiflow.com’s personal data processing, including that of customers’, clients’, employees’, suppliers’ and partners’ personal data, as well as of any other personal data which Taiflow.com might processes and come from any source.
Taiflow.com has in place established objectives for data protection and privacy
Taiflow has an appointed Data Protection Officer (DPO) / GDPR Owner who is responsible for reviewing the register of personal data at the least annually, and also to consider this register in the light of any changes to Taiflow.com’s activities.
The Taiflow.com DPO is authorised to make changes to the data inventory register and these will be verified by way of a Taiflow.com general management review. The DPO shall also accommodate any additional requirements s/he identifies by means of the performance of data protection impact assessments.
The Taiflow.com inventory register is available on request to any relevant lawful supervisory authority.
Partners and any third parties working with or for Taiflow.com, and who have or may have access to personal data held by Taiflow.com, will be expected to have read, understood and to have complied with this Taiflow.com Privacy and Security Policy. No third party shall be given access to personal data held by Taiflow.com without that party having beforehand entered into a written signed and dated data confidentiality and security agreement as being a document of reference. It will be a document which imposes upon the said third party that set of Privacy and Security rules regulations and obligations being no less onerous than those to which Taiflow.com itself is committed as laid out here and below here. It being also an agreement which allows to Taiflow.com a free right to inspect and to audit at any time and without notice that third party’s full compliance with the set of Privacy and Security rules etc as agreed to in said written agreement.
TAIFLOW.COM: PERSONAL INFORMATION MANAGEMENT SYSTEM (PIMS)
To support compliance with the GDPR etc, The Chief Officer of Taiflow.com makes use of a documented Personal Information Management System (‘PIMS’)
All employees/staff at Taiflow.com, and also certain external (third) parties, canot operate without having received, and are required to have received, appropriate training.
In determining its scope for compliance with the GDPR etc, Taiflow.com takes consideration of:
- Any external and internal issues that are relevant to the purpose of Taiflow.com
- And that affect its ability to achieve the intended outcomes of its PIMS and of its GDPR etc obligations;
- Or which impede the specific needs and expectations of any and all interested parties,
- And all of the above which are relevant to the implementation of the Taiflow.com PIMS, and of GDPR etc compliance
- And also to the implementation of Taiflow.com’s organisational objectives and obligations;
- And which may impinge on the Taiflow.com organisation’s acceptable level of risk;
- And as well as Taiflow.com takes into consideration any and all of its applicable statutory, regulatory or contractual obligations.
Taiflow.com’s objectives for compliance with the GDPR etc and with a PIMS:
- are consistent with this policy;
- they are measurable;
- they take into account GDPR and other privacy and security requirements;
- and the results from risk assessments and from risk treatments;
- they are monitored;
- they are communicated;
- they are updated as appropriate;
- and Taiflow.com documents those objectives in its PIMS and in its GDPR etc Objectives Record.
In order to achieve the aims and objectives contained in and implied in the above statements, Taiflow.com has determined:
- what is to be done;
- what resources are to be required;
- who it is who will be responsible to do this;
- and by when these actions shall be completed;
- and how their results shall be evaluated.
TAIFLOW.COM: RESPONSIBILITIES AND ROLES
THE GENERAL DATA PROTECTION REGULATION
Taiflow.com is a data controller and/or data processor under the GDPR.
Compliance with data protection legislation is the responsibility of all personnel at Taiflow.com
Personnel at Taiflow.com are responsible for ensuring that any personal data about them and supplied by them to Taiflow.com is accurate and up-to-date.
Data protection principles
All processing of personal data must be conducted in accordance with the data protection principles as set out in Article 5 of the GDPR. Taiflow.com’s policies and procedures are designed to ensure compliance with the principles. For a summary of these principles see:
The GDPR has increased requirements about what information should be available to data subjects, and covered this in the ‘Transparency’ requirement.
Transparently – the GDPR includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. Please review these at these pages:
These pages give guidance on how to request to see the data held concerning you.
Personal data can only be collected for specific, explicit and legitimate purposes.
The responsibilities of Data Holders (in this case Taiflow.com) under GDPR can be viewed at:
- These duties include website security against internal and external unauthorised penetrations, and purloining of GDPR held data.
- They also include Taiflow.com offering proper training and putting in place administrative systemic protections against misplacing, mishandling and such, of GDPR held data, by its people
- These controls have been selected on the basis of identified risks to personal data, and the potential for damage or distress to individuals whose data is being processed.
The Data Controller must be able to demonstrate compliance with the GDPR’s principles of accountability
The GDPR includes provisions that promote accountability and governance. These provisions can be read at:
Data Subjects’ Rights
Data subjects have rights regarding data processing, and regarding the data that is recorded about them: These rights can be viewed here:
Data subjects have a right to complain to Taiflow.com related to the processing of their personal data, the handling of a request from a data subject and appeals from a data subject on how complaints have been handled in line with the Complaints Procedure.
The GDPR requirements for a data subject to have been deemed as having given her/his consent to Taiflow.com to hold his/her personal data are to be read at:
Disclosure of data
The following pages give a review of those data unable to be disclosed under GDPR
Whenever your data is disclosed by Taiflow.com (for instance upon a legal courtroom demand) you can read your rights to be informed about this here:
Retention and disposal of data
There are rights to have your personal data erased which can be viewed here:
How long data may be kept by Taiflow.com and other similar concerns are dealt with here:
The rules governing any transfer to a third party of your data are here:
An adequacy decision
A list of countries that currently satisfy the adequacy requirements of the Commission are published in the Official Journal of the European Union. http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
If Taiflow.com wishes to transfer personal data from the EU to an organisation in the United States it should check that the organisation is signed up with the Privacy Shield framework at the U.S. Department of Commerce. See page sat: https://www.privacyshield.gov/welcome
An important concept in such Data Transfers under Privacy Shield is the decision on - Assessment of Adequacy of means and destination to be made beforehand to transferring data by a data controller. Look up this concept at the Privacy Shield website pages if you are concerned at: https://www.privacyshield.gov/welcome
Information asset register/data inventory
As recordal of movements, and transactions of, quantities of, and changes to GDPR held data applies under GDPR to Taiflow.com and to its administrators, please see these pages:
The issues concerning risk and held data under GDPR are laid out at these pages: https://gdpr.eu/data-protection-impact-assessment-template/
Taiflow.com shall do all that is practically and reasonably possible to contain these risks and adhere to GDPR rules governing their containment
In this regard The Data Protection Officer (DPO) / GDPR Owner at Taiflow.com shall, if there are significant concerns, either as to the potential damage or distress, or the quantity of data concerned, escalate the matter to the supervisory authority.
Appropriate controls will be selected, as appropriate, and applied to reduce the level of risk associated with processing individual data to an acceptable level, and to the requirements of the GDPR.
Document Owner and Approval
The Taiflow.com Data Protection Officer (DPO) / GDPR Owner is the owner of this document and shall keep this policy document under review in line with the GDPR review requirements.
Such updated versions will take effect upon their publication at Taiflow.com website.
© 2021 Abwebzone