Effective Date: 27 March 2021
Taghash is a product of Datahash DMCC registered under – Dubai Multi Commodities Centre Authority (DMCCA), Registration Number DMCC179249, for the year 2019, License Number [DMCC-742963], Registered Office – Office 307, Fortune Tower, Cluster C, Jumeirah Lake Towers, Dubai (UAE), is committed to protecting and respecting your privacy.
- When we receive personal information, we maintain high ethical standards and take steps to handle such information in a responsible manner that is consistent with data protection laws, our core values, and business objectives.
We keep Your personal information private and believe privacy is a fundamental human right. We are committed to providing you with products, information, controls, and transparency that allow You to choose how Your information is collected and used. This is especially important as technology progresses and privacy laws evolve. Datahash believes privacy is a fundamental human right. We are committed to providing you with products, information, and controls that allow you to choose how information is processed, collected, and used. Protecting your information is our highest priority.
What Information do we collect or maintain?
We collect two types of information: personally-identifiable and non-personally identifiable to operate effectively. We may use the aforementioned types of information to create aggregate information (collectively referred to as “automated information”). The information can be categorized as below:
- Information provided deliberately: Your name, email address, phone number, and other contact information. Registrations for/from webinars, webcasts, podcasts, seminars, conferences, etc., sponsored by Us or a partner. Subscription to Our blog, newsletters, whitepapers, eBooks, or other Taghash Services-related content. Information submitted through purchases, demo request, support request, contact request, sales or pricing query, or free-trial signups of Taghash Services (either on Your own or on behalf of Your company). Your inquiries sent by email to our registered email id. The Information You submit through any other web forms and website pages.
The sign-up to receive our content, newsletters, invitations, and other information takes place in a so-called double opt-in procedure, i.e., after signing up, You will receive an email in which You will be asked to confirm Your registration. The registration data is logged to be able to verify the registration. This includes Your name, email address, the time of registration and confirmation, and Your IP address.
–Information collected automatically: When You use the Website, We automatically collect Your IP address, traffic source, search keywords, page views, visits, location (aggregated), browser and operating systems (aggregated), device (aggregated), as well as other connection information like time and transferred information (collectively referred to as “Automated Information”).
1) When you use Taghash Services, then you trust its privacy will be protected and that it will only be used in a way that’s consistent with your expectations.
Our time-tested approach to privacy is grounded in our commitment to give you control over the collection, use, and distribution of your customer data. We are transparent about the specific policies, operational practices, and technologies that help ensure the privacy of your data in Taghash Services. We put our commitment in writing and detail out Datahash data protection policies and practices in a clear & straightforward language.
2) We will use customer data only to provide the services agreed upon, and for purposes compatible with providing those services. We do not use customer data or derive information from it for advertising.
Furthermore, we will not disclose the customer data process in Taghash services to a government agency, unless required by law. If law enforcement demands customer data, we will attempt to redirect the agency to request that data directly from the customer. If we are compelled to disclose customer data to law enforcement, we promptly notify the customer and provide a copy of the demand, unless legally prohibited from doing so.
3) As mentioned above in our beliefs, we are committed to the privacy and data protection of individuals and customers. This is especially important as technology progresses and privacy laws evolve.
In support of the Security & Privacy by Design initiative, a volunteer effort created the Tagahsh Security & Privacy Management Principles. These Principles have a robust framework for building and maintaining secure systems, applications, and services that address cybersecurity and privacy consideration by default and by design.
Comparison between global privacy control frameworks was complicated to understand, what We did was identify a dozen of the leading privacy frameworks and created a set of comprehensive privacy management principles, Privacy Control Framework Principles which is a subset of Datahash Security & Privacy Management framework that is tailored for privacy and is intended to help us with designing, building and maintaining processes, systems, and applications that include both cybersecurity and privacy principles by default
4) Privacy By Design- Establish and maintain a comprehensive privacy program that ensures privacy considerations are addressed by design in the development of policies, standards, processes, systems, applications, projects, and third-party contracts.
5) Datahash has appointed a Data Protection Officer and assigned responsibilities to liaise on matters of information security, data protection, compliance, and overseeing the security and compliance of PII, Company IP, etc. for the Datahash which aligns with data protection by law and local law(s). Management Visibility provides performance metrics and trend analysis to enable management visibility and coordinate privacy efforts across the organization.
6) Datahash Periodic reviews are planned on intervals or after significant changes, policies, standards, and procedures are reviewed to ensure continuing suitability, adequacy, and effectiveness to meet the organization’s applicable statutory, regulatory and contractual needs. Datahash Provide oversight of privacy controls throughout the lifecycle of systems, applications, and services to ensure that in a timely manner, senior leaders with the organization are made aware of privacy-related risks that are not appropriately remediated.
7) Datahash Management oversees the execution of privacy controls with appropriate evidence of due care and due diligence, demonstrating compliance with all applicable statutory, regulatory, and contractual obligations, including age-based restrictions.
8) Datahash Classifies data according to the sensitivity and type of personal data as defined by appropriate statutory, regulatory, and contractual contexts.
9) We Identify and plan for resources needed to operate a privacy program and include privacy requirements in solicitations for technology solutions and services.
10) Tagahash established and maintains the Personal Information Inventory & flow which covers the whole information lifecycle from entry to exit of information like collection, processing, storing, and deletion, and reviewed and updated on an annual basis.
11) Datahash has established a robust privacy program that includes awareness and training programs for all the workforce members. Mandatory Privacy & Security Awareness training is provided to all workforce members on an annual basis. workforce members who access any system for processing, storing, or transmitting personal information or sensitive information are formally trained in data handling requirements prior to being authorized to access the system.
12) In Datahash, Individuals are directly involved in the decision-making process regarding the fair and lawful processing of the individual’s personal data and, to the extent practicable, directly-engaged to receive explicit permission to use their personal data. We provide clear and conspicuous choices that enable an individual, or a person authorized by the individual, to permit or prohibit the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of the individual’s personal data. This is also referred to as the right to “opt-out.”
13) We take initial consent, prior to the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of the individual’s personal data. We do not “sell” our customers’ personal information to anyone, meaning that we also do not rent, disclose, release, transfer, make available or otherwise communicate that personal information to a third party for monetary or other valuable consideration.
14) We ensure that the design of information collection is consistent with the intended use of the information, and the need for new information is balanced against any privacy risks. Also, we take steps to minimize the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of the individual’s personal data to what is directly relevant and necessary to accomplish a legally authorized purpose.
15) We provide a transparent notice to the public about privacy practices through a clear and conspicuous notice on all organizational websites, mobile applications, and other digital services regarding the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of personal data.
16) We Limit the collection, creation, use, dissemination, maintenance, retention, and/or disclosure of personal data to that which is legally authorized, relevant, and deemed “reasonably necessary” for the proper performance of business functions. We ensure that all records containing personal data are maintained in accordance with the organization’s records retention schedule and comply with applicable statutory, regulatory, and contractual obligations.
17) We make sure of Secure Destruction of Personal Information and Utilize secure methods to dispose of or destroy, both physical and digital media, that contains personal data. We restrict the location of processing, storage and service locations to comply with the privacy notice, as well as applicable statutory, regulatory and contractual obligations. Datahash has taken all the necessary and appropriate steps to protect and respect data subject rights and personal information.
18) Datahash keeps accurate information held in each system of records under its control including date, nature, and purpose of information of record, name, and address of the person or agency to which the disclosure was made. Retaining the accounting of disclosures for the life of the record or as per applicable data protection laws. And makes the accounting of disclosures available to the person named in the record upon request by the data protection authority or applicable.
19) We maintain quality assurances throughout the information lifecycle with such accuracy, relevance, timeliness, and completeness as is reasonably necessary to ensure fairness to the individual. Also, we Identify and correct flaws related to personal data as it is collected, created, used, disseminated, maintained, retained, and/or disclosed.
20) Datahash maintains a capability to receive and respond to privacy-related requests, complaints, concerns, or questions from individuals. We may request specific information from you to help us confirm your identity and process your request. We Provide individuals with appropriate opportunities to correct or amend their personal data.
21) Datahash provides Rights To Object that provides the data-subjects right to object at any time to our processing of personal information concerning you. For example, if you have requested to receive information from us, e.g., newsletters, but do not wish to receive further information, you can easily opt-out of receiving further information from us.
22) We will notify affected individuals when their personal data is corrected or amended. Also, We provide individuals with appropriate opportunity to request the deletion of personal data where it is used, disseminated, maintained, retained, and/or disclosed, including where the personal data is stored or processed by third-parties.
23) We have top-down governance and security in our DNA that lets us constantly wade through our threat vectors and calibrate to strengthen our security posture. That way, we align with the changing business and technology landscape. We Incorporate privacy requirements into enterprise architecture to ensure that risk is addressed so that the systems, applications, and services achieve the necessary levels of trustworthiness, protection, and resilience.
24) We Ensure that personal data is encrypted both at rest and in transit, physical security, and environmental controls to provide appropriate protection for environments where personal data is stored, transmitted, and/or processed.
25) We Upgrade, replace, or retire any system, application or service for which appropriate protections, commensurate with risk, cannot be effectively implemented.
26) We Implement personnel management practices, covering employees, contractors, and other entities, that ensure appropriate vetting and clearance to systems, applications, and/or services that contain, store or transmit personal data. We require our employees and contractors to read and agree to abide by the organization’s rules of behavior, prior to being granted access to systems, applications, and/or services that store, transmit or process personal data.
27) We have a Disciplinary Policy for sanctioning personnel who fail to comply with established security & privacy policies, standards, and procedures of the organization. We develop and enforce privacy competency requirements for staff members involved in the acquisition, management, maintenance, and use of information resources, to ensure they have the appropriate knowledge and skill.
28) We have a Notification Plan where any security incident or data breaches are reported with any undue delay.
29) We have a Risk Management Program in place, which includes but not limited to Risk assessment, Risk treatment, Business Impact Analysis, Privacy Impact Assessment, etc. We conduct an annual assessment of risk that includes the likelihood and magnitude of the harm, from unauthorized access, use, disclosure, disruption, modification, or destruction of the information systems and information. We maintain a current and accurate register of risk. We Assess supply chain risks associated with systems, system components, and services for privacy implications.
30) We govern the disclosure of personal data to ensure it is only provided to trusted third-parties that can store, process and/or transmit it in a secure manner. We also Govern third-party use of personal data to ensure privacy requirements are enforced when a third-party stores, processes or transmits personal data on behalf of the organization.
31) We enter into a contractual agreement with all of its vendors/service providers and the confidentiality clause is an essential part of such agreements. Further, wherever any personal information is involved, we sign a data protection agreement with our vendors/service providers to ensure that roles and responsibilities with respect to personal information are clearly defined. Datahash has a process and plan in place for conducting security and privacy training, assessment, monitoring activities associated with the organizational systems, and compliance with all applicable statutory, regulatory, and contractual obligations. We don’t provide any information accessible to any third parties or vendors.
We respect our Users and Customers & respect their privacy.
We believe these ideas are inseparable. Together, they represent a single, core belief that has influenced everything we’ve made since day one and everything we’ll make moving forward. When people use our products they trust us with their information, and it’s our job to do right by them. This means always being thoughtful about what information we use, how we use it, and how we protect it.