We work in accordance with the requirements of the rules for the processing of personal data established by the Regulation of the European Parliament and the Council (EU) 2016/679 of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data (General Regulation on data protection) or GDPR (General Data Protection Regulation).
The effect of the GDPR is not limited by the European Union, but applies to all companies that process personal data of EU residents, regardless of the location of such a company.
• Organizations established in the EU.
• Other organizations processing the data of European residents in connection with the sale of goods or services.
• Other organizations monitoring the behavior of European residents.
• "Personal data" (personal data) is any information relating to an identified or identifiable natural person (data subject) by which it can be directly or indirectly identified. Such information includes, but is not limited to, a name, location, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
• "Processing" means any operation or set of operations performed on personal data or a set of personal data, with or without the use of automated means, including collection, recording, organization, structuring, storage, processing or modification, search and sampling, examination, use, disclosure by transmission, mailing or otherwise made available for access, grouping or combination, selection, erasure or destruction.
• "Controller" (controller) is a natural or legal person, a state body, or another body that, independently or jointly with others, determines the purposes and means of personal data processing. (The key person who bears the strictest responsibility for compliance with GDPR regulations)
• "Processor" (processor) is a natural or legal person, state body, agency or other body that processes personal data on behalf and on behalf of the controller.
1. The right to be informed - the subject of personal data must be informed about how data about him is collected and used.
2. The right to access its data - the company is obliged to provide access to personal data to the subject of personal data.
3. The right to correction – the right to correct or supplement data if they are inaccurate or incomplete.
4. The right to be "forgotten" - the right of the data subject to request the deletion of personal information about himself, if there are no longer grounds for processing this data, or if the processing is unlawful.
5. The right to restrict processing – the right to restrict the processing of personal data in the event of a processing dispute, while expressly allowing data storage.
6. The right to transfer data - companies are obliged to provide an electronic copy of personal data to another company free of charge at the request of the subject of personal data (if technically possible).
7. The right to object - the right to object to the use of personal data in scientific / historical research, direct marketing, socio-demographic profiling and other similar actions.
8. Rights of protection against "automated" decisions - the company must ensure, at the request of the data subject, the intervention of the human factor in the decision-making process.
1. Legality, good faith and transparency. Personal data must be processed on the grounds provided for by the GDPR. Personal data must be processed in a way that provides for the proper information of the subject of personal data about the processing of their personal data.
2. Goal limitation. Personal data must be collected for clearly defined, explicit and legitimate purposes and not processed in a way that is incompatible with these purposes.
3. Minimization of personal data. The composition and content of processed personal data must be sufficient, adequate, appropriate and not excessive in accordance with the defined purpose of their processing.
4. Accuracy of personal data. The data must be accurate and, if necessary, updated according to the purpose of its processing.
5. Storage limitations. Data must be stored in a form that allows the identification of the subject of personal data for no longer than is necessary for the purposes for which they are processed, except for cases established by law.
6. Integrity and confidentiality. Data must be processed with the adoption of appropriate technical and organizational measures in such a way as to ensure their adequate security, including protection against unauthorized or unlawful processing, accidental loss, destruction or damage.
• the data subject has consented to the processing of his personal data for one or more specific purposes;
• processing is necessary for the performance of a contract to which the data subject is one of the parties, or for taking measures at the request of the subject and them for concluding a contract;
• processing is necessary to comply with legal obligations to which the controller is subject;
• processing is necessary to protect the vital interests of the data subject or another natural person;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official powers entrusted to the controller;
• processing is necessary for the purposes of ensuring the legitimate interests of the controller or a third party, except when such interests do not outweigh the interests or fundamental rights and freedoms of the subject of personal data that require the protection of personal data, especially if the subject of personal data is a child.
• freely expressed;
• in the form of active actions;
• unambiguous indication of the data subject's wishes for the processing of his personal data.
Consent to the processing of personal data will be invalid if the user had no choice or was not able to withdraw his consent without harming himself. If the user has consented to the processing of his personal data, the controller must be able to demonstrate this.