Data Protection Policy

This Data Protection Policy outlines how Turing Biosystems Ltd (creator of TuringDB) ensures compliance with applicable data protection laws, including the UK Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

1. Purpose

The purpose of this policy is to ensure that all personal data handled by Turing Biosystems is managed in a lawful, secure, and transparent manner.

2. Scope

This policy applies to all employees, contractors, and third-party service providers handling personal data on behalf of Turing Biosystems.

3. Data Protection Principles

We are committed to adhering to the following data protection principles:

• ●Lawfulness, fairness, and transparency: We process personal data lawfully and fairly, providing transparency about how data is used.
• ●Purpose limitation: We collect personal data for specified, legitimate purposes and do not use it beyond those purposes.
• ●Data minimization: We collect only the data that is necessary for the intended purposes.
• ●Accuracy: We ensure that personal data is accurate and up to date.
• ●Storage limitation: We retain personal data only as long as necessary for the purposes for which it was collected.
• ●Integrity and confidentiality: We use appropriate security measures to protect personal data from unauthorized access or loss.

4. Roles and Responsibilities

• ●Data Protection Officer (DPO): [Name] is responsible for ensuring compliance with this policy and acting as the point of contact for data subjects and regulators.
• ●Employees: All employees are required to follow this policy and report any data protection breaches to the DPO.

5. Data Subject Rights

Data subjects have the following rights:

• ●Right to access personal data
• ●Right to rectify inaccurate data
• ●Right to erasure (right to be forgotten)
• ●Right to restrict processing
• ●Right to data portability
• ●Right to object to processing

6. Data Security

We employ both technical and organizational measures to ensure data security, including:

• ●Encryption of sensitive data
• ●Regular security audits and risk assessments
• ●Access control mechanisms
• ●Employee training on data protection practices

7. Data Breach Notification

In the event of a data breach, we will:

• ●Report the breach to the Information Commissioner's Office (ICO) within 72 hours if required
• ●Notify affected data subjects if the breach poses a high risk to their rights and freedoms

8. Third-Party Processors

We require third-party processors to comply with this policy and applicable data protection laws through contracts that impose appropriate security measures and data protection requirements.

9. Data Transfers

When transferring personal data outside the UK or EEA, we ensure that adequate protection is in place, such as standard contractual clauses or other recognized safeguards.

10. Training and Awareness

All employees and contractors handling personal data receive regular training to ensure they understand their responsibilities under this policy.

11. Review and Updates

This policy will be reviewed annually or when there are significant changes in data protection laws or our data handling practices.