1. GENERAL PROVISIONS
The Company ensures confidentiality and provides protection of processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the applicable laws of the country of processing personal information, including but not limited to the General Data Protection Regulation ("GDPR").
This Policy defines the procedure for processing personal data, as well as the order of interaction regarding the processing and protection of personal data. This Policy is binding for all employees of the Company who have access to personal data, as well as for Users.
The Company is an operator only of the personal data it receives from Users when using the Website.
Any subject of personal data has access to the Policy. An up-to-date version of the Policy is published on the Website.
2. DEFINITIONS AND TERMS
Personal data - any information related directly or indirectly to an identified or identifiable natural person (personal data subject).
Personal data processing - any action (operation) or a set of actions (operations) performed with personal data using automation equipment or without such equipment, including collection, recording, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated personal data processing - personal data processing by means of computer equipment.
Distribution of personal data - actions aimed at disclosure of personal data to an indefinite number of persons.
Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain group of people.
Blocking of personal data - temporary suspension of processing of personal data (except in cases where the processing is necessary to clarify the personal data).
Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the physical storage media of personal data are destroyed.
Depersonalization of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a specific personal data subject.
User - an authorized representative of a legal entity or a natural person (including a natural person in the status of an individual entrepreneur), who has access to the Website through the Internet and uses the Website.
3. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING
When processing personal data, the Company complies with all applicable data protection laws, including, but not limited to, the GDPR.
When processing personal data, the Company adheres to the following principles:
- Restriction of personal data processing to the achievement of specific, predetermined and legitimate purposes;
- Avoidance of processing of personal data that is incompatible with the purposes of personal data collection;
- Compliance of the content and volume of processed personal data with the stated processing purposes;
- Avoidance of redundancy of processed personal data in relation to the stated processing purposes;
- Transparency of personal data processing: the subject of personal data may be provided with relevant information regarding the processing of his/her personal data;
- Storage of personal data in a form that allows identifying the personal data subject for no longer than the stated purposes of personal data processing.
The Company does not carry out processing of personal data of special categories related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health, sexual life, or other aspects forbidden by applicable law.
The Company shall not make decisions that produce legal consequences in relation to the subject of personal data or otherwise affect the rights and legitimate interests of the subjects, based solely on automated personal data processing. Data having legal consequences or affecting the rights and legitimate interests of the personal data subject shall be subject to verification by authorized employees of the Company before its use.
The Company does not place personal data in publicly available sources without his prior consent.
The Company has the right to transfer personal data to third parties for processing under a contract to provide services, administration and maintenance of the Website, including hosting providers, subject to the conditions of confidentiality and the requirements for the order of personal data processing provided by the applicable laws.
The Company processes personal data with or without the use of automated means, complying with the requirements for automated and non-automated processing of personal data provided by the applicable laws.
Within the framework of the personal data collection purposes specified in Section 4 of this Policy, the Company may perform any actions (operations), with or without the use of automation means, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, depersonalization, blocking, deletion, destruction, transfer (distribution, provision, access) of personal data to third parties in the amount necessary to achieve the objectives of the subject of personal data consent.
Information related to personal data, which has become known to the Company, is confidential and protected by law.
4. SUBJECT AND PURPOSES OF COLLECTING PERSONAL INFORMATION OF THE USER
Personal data permitted to be processed under this Policy are provided by the User by filling out a form on the Website and/or by sending a request/message to the Company's e-mail address and may include the following information:
- User's last name, first name;
- contact phone number of the User;
- User's email address;
- name of the company represented by the User;
- TIN and KPP (if any) of the company represented by the User.
Personal data may be used by the Company for the following purposes:
- registration and maintenance of the User's account (personal account) on the Website;
- providing communication with the User, establishing feedback with the User, including enabling the User to send notifications, messages, requests and information regarding the use of the Website and the possibility of purchasing goods on the Website, enabling the User to receive customer support via hotline and email;
- conducting surveys and marketing research by the Company through the Website;
- sending technical notifications, support service messages or administrative notifications to the User;
- detection, investigation and prevention of possible fraudulent or unauthorized or illegal operations or activities;
- conducting statistical and other research by the Company through the Website and the Company's client services on the basis of impersonal data, formation of statistical reports.
Personal information is transferred voluntarily by the User for the purposes specified in this section. The User is not entitled to transfer personal data of third parties to the Company without their explicit written consent. By using the Website and / or providing personal data to the Company, the User agrees with the collection, storage, use and transfer of personal data in accordance with this Policy and the applicable laws in the field of personal data processing. The Company undertakes not to disclose to any third parties any personal data received from the User as well as not to disclose the contents of messages addressed to the Company by e-mail or via the Website, except for disclosure to its employees, contractors and partners who need to know the information received for the purposes of providing services/goods to the relevant User. The Company has the right to store and use personal data in accordance with the requirements of applicable law and for the purposes specified in this Policy.
The User agrees to express his/her consent to the processing of personal data through the interface of the Website, inter alia by ticking the boxes or other marks under the wording "I agree" or "I accept", or by accessing or using the Website or related services. The User confirms that, prior to ticking the appropriate box and expressing his/her consent to the processing of personal data, the User has read this Policy, understands and agrees to it, regardless of whether the User has registered on the Website or not. The User may send a request to the Company to delete/destroy the personal data previously submitted to the Company at any time, by sending a corresponding request to the support e-mail address specified in this Policy.
The User may request details of the personal data the Company has received from the User, in accordance with the applicable laws on personal data protection. If the User believes that the information held by the Company is incorrect or incomplete, the User undertakes to send a request to the Company to change or delete such information.
5. METHODS AND CONDITIONS OF PERSONAL DATA PROCESSING
The User personal data processing is carried out without limitation of time, in any lawful way, inter alia through information systems of personal data with or without the use of means of automation.
The User personal data may be transferred to the authorized governmental bodies only on the grounds and in the manner stipulated by the applicable laws. For the purposes of personal information processing, the Company may transfer personal data to its employees, outsourcing companies, contractors and partners.
In case of loss or disclosure of personal data, the Company informs the User about the loss or disclosure of personal data.
Terms of personal data processing or conditions of personal data processing termination:
- Upon achieving the purposes of personal data processing or in case of loss of necessity in achieving the purposes of personal data processing;
- At the request of the subject of personal data, if the personal data processed by the Company is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the stated purpose of processing;
- In case of detection of unlawful personal data processing, if it is impossible to ensure the lawfulness of personal data processing;
- In case of a withdrawal by the subject of personal data of his/her consent to processing of his/her personal data (if personal data is processed by the Company on the basis of consent of the subject of personal data);
- In case of elimination of reasons, due to which the personal data were processed, unless otherwise provided by the applicable laws;
- In case of liquidation of the Company.
The Company takes necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties.
The Company together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
The Website may use the following cookies on the Website: (i) mandatory cookies, which allow to act navigation and implement basic functionality of the Website, such as access to the protected area of the Website; (b) functional cookies, which allow to analyze the visit to the Website and their choice on the Website, downloading of certain Company products (such as user name, language or region); (iii) advertising cookies for analysis and control over the effectiveness of marketing activities. In some cases, the Company may use third-party service providers to track and analyze statistical information about the use and volume of content used by Users of the Website. This may result in cookies being set by service providers to track the Company's advertising performance. These cookies may, for example, store information about the browsers used to visit the Website. The information that may be shared with third-party providers does not include personal information. The User can set their browser to prohibit the storage of cookies, however, in some cases this may reduce the functionality offered by the Website. In addition, the User may prohibit the collection and processing of data through cookies by using the browser settings.
Personal data of the subjects can be transferred for storage both in hard copy and in electronic form.
Personal data recorded on paper is stored in locked cabinets or in locked rooms with restricted access rights.
Personal data processed by means of automation for different purposes shall be stored in different databases. It is not allowed to store and place documents containing personal data in open electronic catalogs (file-hosting services).
Retention of personal data in a form that allows to identify the subject of personal data is not longer than required by the purposes of its processing, except in cases where the period of storage of personal data is established by the applicable laws.
Destruction of documents (media) containing personal data shall be performed by incineration, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.
Information containing personal data in information systems is destroyed by the built-in software tools.
Personal data of personal data subjects on removable electronic media is destroyed by deleting data from the media or formatting the media.
If the Company fails to fulfill its obligations it shall be liable for losses incurred by the User due to the unlawful use of personal data, in accordance with the applicable laws, except as provided by paragraphs. 5.2, 5.3. and 6.2. of this Policy.
In case of loss or disclosure of Confidential Information, the Company shall not be liable if the Confidential Information:
- Was in the public domain before it was lost or disclosed;
- Was received from a third party prior to its receipt by the Company;
- Was disclosed with the consent of the User.
7. PROCEDURE OF PROCESSING APPLICATIONS AND INQUIRIES OF THE USERS
The Company process applications and inquiries of Users regarding the processing of their personal data by the Company, on the merits of which it provides responses to Users (or their representatives).
If the application regarding the User's personal data is received from the User's representative, the Company checks the representative's authority.
In the case of unlawful processing of personal data the Company shall block the personal data of the User for the period of verification within 3 (Three) days from the date of detection of the fact.
If it is impossible to eliminate the violation (unlawful processing of personal data), the Company shall destroy personal data within 5 (five) days from the date of detection of the fact.
The Company informs the subject of personal data (or his representative) about the elimination of violations or destruction of personal data.
In case the Company receives a inquiry from a User (or its representative) to provide information regarding the processing of the User's personal data, the Company shall check the validity of such inquiry and, within 10 (ten) days from the date of receipt of the inquiry provide the User (or its representative) with information regarding the processing of its personal data, or a grounded refusal to provide information regarding the processing of its personal data.
In case of a withdrawal by the User of consent to the processing of his/her personal data, the Company stops processing of the User personal data if the preservation of the User personal data is not required for the purposes of personal data processing and, within 10 (Ten) days from the date of withdrawal, destroys the personal data.
If the User believes that the Company is processing his/her personal data in violation of the requirements of the Personal Data Law or otherwise violates his/her rights and freedoms, the User may appeal against the actions or inaction of the Company by contacting competent authorities to protect the rights of subjects of personal data or in court.
Prior to taking legal action in court arising out of relations between the User and the Company, compliance with the claim procedure stipulated in this section of the Policy is mandatory.
If no agreement is reached, the dispute will be referred to the court at the jurisdiction of the Company.
This Policy and the relationship between the User and the Company are governed by the applicable laws of the Company’s location.
8. GDPR COMPLIANCE
If the User is located in the jurisdiction of the EU, by expressing his consent to the processing of personal data via the Website the User:
- Ensures that the personal data provided comply and will continue to comply with all applicable data protection laws, including, but not limited to, the GDPR.
- Agrees to the transfer of personal data to the jurisdiction in which the Website is located, which cannot ensure an adequate level of data protection to the laws of the country of the User.
- Has made sure that he has properly informed subjects of personal data regarding their data’s usage, storage, and transfer information, and obtained all necessary rights, consents and and authorizations from any data subjects for the Company to process data outside the subject of personal data the country of residence.
- Agrees to provide reasonable assistance to the Company immediately upon request to enable the Company to respond to requests from data subject(s) seeking to exercise their rights under GDPR, or similar applicable data protection laws, rules, or regulations.
- Ensures that in no event shall send the Company or via the Website any data that is generally considered highly sensitive or falls under the “special categories of personal data” under the GDPR. This includes, but is not limited to, personal data revealing racial or ethnic origin, religious beliefs, genetic data, data concerning a person’s health, a person’s sexual orientation, trade union membership, or biometric data.
EU residents with respect to their personal data have the right:
- To access. The User by request shall have access to his/her personal data and receive a copy of such personal data in an acceptable format (e.g., PDF, DOC, DOCX, etc.).
- To transmit. The User by request shall receive in a commonly-used structured form readable on an automatic device and to transmit without impediment the personal data to another Data Controller in the case that this is technically feasible.
- To request erasure (the right to be forgotten) or rectification of personal data.
- To object to the processing of personal data. The objection shall be realized upon the User’s request.
- To be informed. Upon the User's request, the Company shall provide information on: (i) the purposes of processing; (ii) the categories and types of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations (iii) the retention period; (v) the source of the personal data concerned; (vi) confidentiality rights and information on data portability; (vii) if personal data are not collected from the data subject, any available information on their source; (viii) the availability of automated decision-making processes, including profiling, about which In this case, the personal data subject has the right to be informed of the relevant safeguards regarding the transfer. Nevertheless, all information on the categories of personal data and processing conducted by the Company is available in this Policy.
- To make a complaint to the relevant Personal Data protection authority. Relevant authority means an independent public authority established by a Member State in accordance with Article 51 of the GDPR.
9. ADDITIONAL PROVISIONS
The Company updates this Policy from time to time and has the right to unilaterally change its terms at any time. At the same time, the Company is not obliged to notify the subjects of personal data about the changes made. The Company recommends the personal data subjects to independently monitor this Policy for possible changes.
The new version of the Policy shall take effect upon its posting on the Website, unless otherwise provided in the Policy.
This Policy is available at the Website www.qgroupp.com.
Company contact information:
To send inquiries concerning the personal data processing: email@example.com