Personal data refers to information that can be used to confirm the identity of individuals when being used separately or in combination with other information. Such data might be submitted to us directly by you when you are using our websites, products or services or when you are interacting with us, or might be obtained by us through recording how you are interacting with our websites, products or services, by using techniques such as cookie. The data collected by us depends on the websites you visited or the products and services you used, and might include names, addresses, emails, and telephone numbers. Our purpose of collecting such Personal data is to get in touch with you in order to provide corresponding services or send important notices.
Contemporary Amperex Technology Co., Limited and its subsidiaries around the globe (hereinafter referred to as "CATL", "We" or "Our" for short) really knows the importance of personal data to customers and users. For this purpose, CATL attaches great Importance the protection of personal data of customers and users, and has taken a series of measures to ensure that relevant businesses comply with applicable personal data protection requirements (such as GDPR).
1. To ensure the effective implementation of personal data protection requirements, CATL has appointed a Data Protection Officer (DPO).
2. CATL adopts the industry-recognized personal data protection approaches and practices. In the GDPR-applicable business scenarios, CATL has introduced the Data Protection Impact Assessments (DPIA) approach to evaluate and mitigate the security risks of personal data in products and services.
2.1 CATL requires a full assessment of the personal data is involved in products and services, and projects involving the personal data must undergo DPIA;
2.2 Projects involving personal data must create data lists and data flow diagrams;
2.3 Projects involving personal data must identify possible risks in the data processing procedures (including collection, use, storage, sharing, deletion, etc.), and take corresponding measures (including administrative, physical and technical measures) according to the risk level;
2.4 After the implementation of the DPIA, the corresponding report must be output and approved by the DPO.
3. CATL has implemented technical measures including IDS, access control, encryption, data leakage prevention, anti-spam, terminal security protection, vulnerability scanning, etc., and has conducted the penetration testing to verify the effectiveness of these measures.
4. CATL has established an emergency response mechanism for personal data breaches. Once a personal data breach occurs, CATL will immediately initiate an emergency response process, strive to minimize the possible losses caused by personal data breaches and ensure that the affected persons are appropriately informed.
6. To ensure compliance, CATL has implemented and will continuously conduct necessary technical and process audits on personal data protection.
7. CATL has obtained internationally recognized certifications and will continuously accept assessment such as ISO 27001, TISAX, etc..
Personal data protection is not only a legal requirement, but also a social responsibility of CATL. We will continue to optimize our products and services to ensure security and privacy, and reduce the risk of personal data protection for customers and users.
If you have any questions, comments or suggestions about this policy, you can contact us via the following email.
By clicking on the button “I accept” or by further usage of this website you express consent with usage of cookies as well as you grant us the permission to collect and process personal data about your activity on this website. Such information are used to determine personalised content and display of the relevant advertisement on social networks and other websites. More information about personal data processing can be found on this link. Read More