1. Personal Data
Personal data refers to information that can identify an individual when used alone or in combination with other information. Such data is submitted by you when using our website, products, or services, or when interacting with us, or it is obtained by us through recording how you interact with our website, products, or services, for example, through technologies such as Cookies. The data we collect depends on the websites you visit or the products and services you use and may include personal data such as name, address, email, phone number, etc. We collect personal data in order to contact you to provide corresponding services, send important notifications, or provide customer support.
2. Privacy Policy
Beijing International Bilingual Academy (hereinafter referred to as "BIBA," "we," or "our") recognizes the importance of personal data to our customers and users. Therefore, BIBA attaches great importance to the protection of personal data of customers and users and has taken a series of measures to ensure that related business complies with applicable personal data protection requirements (such as GDPR).
2.1 To ensure the effective implementation of personal data protection requirements, BIBA has appointed a Data Protection Officer (DPO).
2.2 BIBA adopts industry-recognized personal data protection methods and practices. In business scenarios where GDPR applies, BIBA uses the Data Protection Impact Assessment (DPI BIBA) method to assess and reduce the risk of personal data security in products and services.
2.2.1 BIBA requires a thorough assessment of personal data involved in products and services, and projects involving personal data must undergo DPI BIBA;
2.2.2 Projects involving personal data must establish a data inventory and data flow diagram;
2.2.3 Projects involving personal data must identify potential risks in the data processing process (including collection, use, storage, sharing, deletion, etc.), and take appropriate measures according to the risk level (including management, physical, and technical measures).
2.2.4 After completing DPI BIBA, a corresponding report must be produced and approved by the DPO.
2.3 BIBA has implemented technical measures including intrusion detection, access control, encryption, data leakage prevention, anti-spam, endpoint security protection, vulnerability scanning, and uses penetration testing to verify the effectiveness of personal data protection measures.
2.4 BIBA has established an emergency response mechanism for personal data breaches. In the event of a personal data breach, BIBA will immediately initiate the emergency response process, strive to reduce the potential damage caused by the data breach, and ensure that affected individuals are properly notified.
2.5 BIBA has established a continuous training mechanism for employee privacy policies to ensure that every employee involved in GDPR can accurately understand the legal principles of data protection based on their specific job responsibilities and strictly implement the company's applicable systems and processes.
2.6 To ensure compliance, BIBA has implemented necessary technical and process audits for personal data protection.
Protecting personal data is not only a legal requirement but also a corporate social responsibility. BIBA will continue to optimize its products and services to ensure security and privacy, and reduce the risk of personal data protection for customers and users.
3. Policy Updates
BIBA reserves the right to update or modify this policy from time to time. If there are any changes to this policy, we will publish the latest version on this page. If we make significant changes to the privacy policy, we may also send you a notice of the change through different channels, for example, by posting a notice on our website or sending you a separate notification.