1. GENERAL PROVISIONS
1.2. The term Personal data in this Policy shall have the meaning defined by the legislation of the country of residence of the Operator with regard to the practice of application and interpretation of the said term by courts and other authorities. At the same time to the extent permitted by technical and organizational abilities and if not contrary to the applicable legislation, for the purposes of this Policy the term Personal data shall also include any other data related in any manner to the private life of Individuals taking into consideration current international best-practices on Personal data protection.
1.3. Personal data cannot be used without the consent of the owner of such Personal data (hereafter –“Individual”) unless otherwise expressly provided herein. In case this policy allows the use of Personal data without consent of the Individual, the Operator, if it is technically and organizationally possible, and is not prohibited by applicable law, shall notify the Individual on the kind of Personal data to be processed by the Operator and on the purpose of the aforesaid. In particular, when the use of Personal data is carried out in order to perform a contract or agreement with the Individual, the Operator prior to the conclusion of the relevant contract notifies the Individual on the kind of Personal data to be processed by the Operator and on the purpose of the aforesaid.
1.4. The Operator has the right to use the Personal data without consent of the Individual if that is necessary in order to perform the contract (agreement) with such Individual and only to the extent necessary for fulfillment of obligations of the Operator. Operator prior to the conclusion of the relevant contract notifies the Individual on the kind of Personal data to be processed by the Operator and on the purpose of the aforesaid.
1.5. The Operator has the right to use the Personal data without consent of the Individual if it is necessary to fulfill any law or statute requirements or in other cases expressly permitted by the applicable law.
1.6. Personal data cannot be used with the purpose of causing damage or harm or preventing Individuals from exercising their rights and freedoms.
1.7. The Operator shall ensure the safe processing of Personal data and avoidance of unauthorized access, deletion or modification of such Personal data. The said measures must comply with the existing level of technological development and shall be applied taking into account the degree of harm that may be caused to the Individuals in case of unauthorized access, deletion or modification of Personal data, but in any case such measures should be not lower than the requirements of the applicable legislation.
2. THE PERSONAL DATA.
2.1. Notwithstanding the aforesaid Operator treats the following information as the Personal data:
* Name, surname, nickname and any other similar data;
* Information about gender, date of birth or any other data provided by the Individual for the purposes of registration;
* IP of computer devices;
* home or mobile phone number;
* any other Personal data that is considered Personal data in compliance with clause 1.2 hereof.
3. OBLIGATIONS OF THE OPERATOR
3.1. In order to protect the rights and freedoms of the Individuals the Operator and its representatives must comply with the following general requirements for Personal data processing:
3.1.1. The Personal data can be processed only for the purpose of performance of contracts, enforcing the laws and other regulations, or with the aims defined in consent of or notification to the Individuals;
3.1.2. In determining the scope and content of the Personal data, the Operator shall use its best efforts to collect as little Personal data as possible for the purposes defined in clause 3.1.1. hereof;
3.1.3. All Personal data shall be obtained from the Individual. If the Personal data can be obtained only from a third party, the Individual must be notified in advance and the appropriate consent must be received from him. The Individual must be informed of the purposes, expected sources and ways of obtaining Personal data, as well as of the nature of Personal data to be received;
3.1.4. In order to protect the Individuals’ interests, the Operator reserves the right to establish a special
procedure for protection of information that is a Personal data in accordance with this Policy but is not
considered a Personal data according to the applicable legislation.
4. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
4.1. Processing of the Individual’s Personal data shall mean any action (operation) or a combination of actions (operations) carried out with Personal data including collection, recording, systematization, accumulation, storage, adjustment (update, change), extraction, use, transfer (distribution, assignment, access), depersonalization, blocking, deletion, destruction.
4.2. Regarding collection of Personal data the Operator shall comply with the following rules:
4.2.1. All Personal data shall be obtained from the person himself. If the Personal data of the person can be obtained only from a third party, the Individual must be notified about it in advance and his consent shall be obtained.
4.2.2. The Operator must inform the Individual of the purposes, expected sources and ways of obtaining Personal data, as well as of the nature of Personal data to be received.
4.3. Regarding transfer of Personal data, the Operator must comply with the following rules:
* not to disclose Personal data to third parties without the Individual's prior consent, except in cases established by applicable legislation;
* notify in advance the persons receiving Personal data that the data can be used only for the purposes for which it is provided, and require those persons to confirm that this rule is observed. Persons receiving the Personal data are required to provide confidentiality of such Personal Data and shall use Personal Data only as stated herein;
* access to Personal data shall be granted only to employees who need to have access to such Personal Data. The said employees shall be entitled to receive only the Personal data that is required to such employees for the purposes stipulated herein;
4.4. In any cases Operator shall do its best to find the ways and methods of using only Personal data which cannot be used to identify specific Individuals to the extent and degree it is practically possible.
5. RESPONSIBILITY FOR PERSONAL DATA DISCLOSURE
5.1. Personal responsibility of each Operator’s employees and obligatory condition to ensure the effectiveness of system of Personal data protection is one of the main requirements of the Operator.5.2. The manager granting access to confidential document to the employee is personally responsible for such permission.
5.3. Each employee of the Operator receiving confidential information for work, is solely responsible for the data carrier safety and confidentiality of Personal data.
5.4. Nothing stated herein does not limit the responsibility of the Operator for any damages or harm caused by its employees.
6. FINAL PROVISIONS
6.1. This Policy can be changed by the Operator due to the changing of requirements of the legislation and the development of technical and organizational measures of Personal data protection. The Operator shall notify regarding the changes in this Policy by replacing the current version located in all publically available places where this Policy available by the new version, or by publication of amendments to this Policy.
6.2. The questions not regulated herein shall be resolved in accordance with the applicable legislation.