As a company that prides ourselves on customer trust, the protection of personal data and compliance with applicable privacy laws (including GDPR) are key priorities at YTao Global and fundamental considerations in how we operate as a company.
This commitment is driven by how we oversee the use of personal data in our products and services, working in close collaboration with our information security and technology partners.
In addition, this commitment is recognized by all YTao Global employees and contractors who hold themselves to a high standard with respect to confidentiality, information security, and privacy compliance. We have built these values so that the way we collect, use, retain or transfer personal data is aligned across our business and meets best practice.
We fully recognize the importance of GDPR to our business and, most importantly, to our customers. As part of our privacy compliance we have invested time and resources into evaluating our products, vendors and services, as well as support processes and customer engagement practices to ensure that GDPR compliance can be met.
A number of our products may handle personal data and we recognize that our customer contracts should align with the requirements of GDPR.
YTao Global ensures that contractual commitments to our customers satisfies the requirement of Article 28 of GDPR where YTao Global may act as a processor of customer personal data. We commit to keeping customer personal data secure and confidential, and help our customers to understand our use of sub-processors (where applicable), what customer personal data we hold, how we process this personal data and how we will assist our customers in complying with their own GDPR obligations.
The exact nature of our commitments to a customer will vary depending on whether YTao Global is a data holder, data controller or a data processor of the personal data that it holds which is dependent on what technologies have been implemented with a customer.
YTao Global understands the importance of keeping personal data secure and our information security policies and practices are a fundamental part of this commitment. We use data classification tags to each system used to ensure that security protections are appropriate to the level of risk attaching to data we are protecting. Additionally, our security strategy includes appropriate security controls are communicated to application owners and technology teams across the business to support the secure development of products and a secure operating environment.
Security logging and monitoring of the operating environment for the purpose of awareness, event correlation, and incident response.
Monitoring of critical systems, services and operations are implemented to ensure the health of the operating environment on which our products run.
Our internal security requires that sensitive data, including customer, partner, and regulated data is encrypted when it is in transit over public networks and in certain circumstances when it is stored (at rest).
All YTao Global owned and supported operating systems that are hosted in our data centers or managed at customer sites are required to be configured with YTao Global’ antivirus solution for compliance with our policies and standards. This excludes operating systems that are not managed by YTao Global.
Some products and services may be provided through public and private networks. There may fall outside of YTao Global security management.
Data center 3rd party vendors are managed to the standards within YTao Global Security Policy guidelines based on best practices in the industry. These guidelines include requirements for physical security, building maintenance, fire suppression, air conditioning, UPS with generator back-up, and access to diverse power and communications.
A variety of secure methods are used to control access to YTao
Global facilities. Our information security policies are reviewed and updated periodically considering technical risks; regulatory changes and our customers’ needs for information security.
YTao Global policies require identity and access controls to enterprise resources, product environments and applications which adhere to established industry standards including least privilege, segregation of duties, unique IDs, password management, and privileged access management. This helps to ensure that access to information by our personnel and the personnel of our customers is appropriately limited.
Access to our production systems are governed by technical controls that require multi- factor authentication (where available) and unique IDs.
In order to operate our business and deliver our products to a global customer base, it is important that we are able to freely use subcontractors. We have a strong onboarding process in place to verify the suitability and integrity of these subcontractors and employ contractual agreements to ensure that data transfers and data processing is undertaken in a secure and authorized manner.
Employees and contractors who fail to abide by the YTao Global privacy and information security policies are subject to disciplinary action, up to and including dismissal/termination.
YTao Global takes steps to ensure that, to the best of its ability, only appropriate persons access personal data. Relevant YTao Global employees and contractors must complete pre- employment background screening checks and comply with confidentiality provisions placed upon them. Each employee is provided access only to the appropriate premises and systems once they complete these checks.
Should an employee or contractor leave YTao Global, access to systems and premises are terminated.
YTao Global is committed to complying with applicable anti-bribery and anti-corruption laws by applying and maintaining the highest level of ethical behaviour and standards in combating bribery and corruption in all of the jurisdictions in which it operates. An objective of the Anti-bribery and Anti Corruption practise is to define unacceptable behaviour and activity relating to bribery and corruption and to direct its management, prevention and identification.
As part of the management, prevention and detection of bribery and corruption issues, where necessary YTao Global works with specialist partners to conduct background checks on Employees, Contractors and
Everyone at YTao Global is encouraged to immediately report any concerns about bribery and corruption. Such reporting is conducted in a manner that the person raising the concern is protected and remains anonymous.
Instances of bribery or corruption may be investigated by Management and breaches may lead to disciplinary action, including dismissal.
Under this policy YTao Global Employees will not:
For additional information regarding the information set out in this document please contact firstname.lastname@example.org or submit a web form at www.ytao.co