Laws | | 13 minutes read
Policy on personal data processing
This policy of processing of personal data is intended to define the order and objectives for processing of personal data and measures to ensure the security of personal data, undertaken by Individual entrepreneur Oleg Bespalov Identification Number: 345715014, Georgia (hereinafter - the Company).
1.1 This policy of the Company with regard to processing of personal data (hereinafter - the Policy) applies to all information that the Company can receive about visitors to the website https://iqbid.ai/en (hereinafter - the Site), both registered and unregistered as users (indefinite range of persons).
1.3 This Policy applies to the automated processing of personal data of personal data subjects - Users, in accordance with the following list, including, but not limited to:
- name, e-mail, geolocation, which the User specifies independently when registering on the Site;
- the source of access to the site and search or advertising query information;
- data about the user's device (including resolution, version and other attributes characterizing the user's device);
- user clicks, page views, field fills, banner and video displays and views;
- data characterizing audience segments;
- session parameters;
- Data about the date, time of visit;
- information about the browser and its settings, addresses of requested pages, actions on the site or in the application, technical characteristics of the device, IP-address, etc.
- use of the Site, including, but not limited to, using the range of services of the Site, subscribing to the newsletter, chatting with the Site support, other Users of the Site by any possible means;
- User ID, stored in a cookie.
1.4 This Policy is published in free access on the information and telecommunications network of the Internet on the Company's website at https://iqbid.ai/en/page/policy. The Company reserves the right to update and change this Policy at any time. The user undertakes to check the provisions of this Policy independently on a regular basis for possible amendments and/or additions. Continued use of the website constitutes agreement with the Policy.
1.5 This Policy is developed in accordance with the requirements of legislative and other normative legal acts of Georgia.
2 Basic concepts used in this Policy
2.1 Personal Data - any information relating directly or indirectly to a specific or identifiable subject of personal data.
2.2 Company independently or together with other persons, organizing and (or) carrying out processing of personal data, as well as defining the purpose of processing of personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.3 Website means an aggregate of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the website at https://iqbid.ai/en and on all sub-domains created on its basis.
2.4 Processing of personal data - any action (operation) or a set of actions (operations) performed using automated means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), including cross-border, depersonalization, blocking, deletion, destruction of personal data.
2.5 Automated processing of personal data - processing of personal data using computer equipment.
2.6 Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
2.7 Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite circle of persons.
2.8 Transborder transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or a foreign legal entity.
2.9 Blocking of personal data - temporary termination of personal data processing (except in cases where processing is necessary to clarify personal data).
2.10. Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material media of personal data are destroyed.
2.11. De-identification of personal data - actions, as a result of which it becomes impossible, without the use of additional information, to determine the affiliation of personal data to a particular personal data subject.
2.12. Personal data information system - a set of information technologies and technical means contained in databases of personal data and providing their processing.
2.13. Subject of personal data - the user, in respect of whom any information relating to him directly or indirectly, will undergo automated processing.
2.14. User - is a natural person to whom the relevant personal data refers, who is browsing the content of the Website and/or using the functionality of the Website.
2.15. Website profile is a set of data to characterize the User on the Website, including, but not limited to: first name, last name, sex, age, phone number, email, links to social networks, geolocation. This data is provided by the User himself/herself. It is also a set of parameters that determine the configuration of the User's individual work with the Site's services.
3.Main Rights and Obligations of the Company
3.1 The Company takes necessary and sufficient measures to ensure compliance with legal requirements in accordance with the international legislation of the EU and the USA, as well as local legislation of Georgia, in the field of personal data.
3.2 The Company has the right:
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations under the Personal Data Law and regulations adopted in accordance with it, unless otherwise provided by the Personal Data Law or other laws;
- Assign the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, based on a contract entered into with the person;
- The Company has the right to transfer the subject's personal data in accordance with the requirements of Georgia legislation to third parties - contractors and / or partners in order to provide access to the User to services, information and / or materials contained on the Site.
- If the subject of personal data withdraws consent to the processing of personal data, the company has the right to continue the processing of personal data without the consent of the subject of personal data on the grounds specified in the Law.
4 Basic rights and obligations of subjects of personal data
4.1 The subject of personal data has the right:
4.1.1 Receive information relating to the processing of his personal data, except as required by federal laws. Information is provided to the subject of personal data by the Company in an accessible form, and it must not contain personal data relating to other subjects of personal data, except in cases where there are legitimate grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it is established by law;
4.1.2 Demand that the Company clarify its personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take statutory measures to protect its rights;
4.1.3. Contact the Company to correct, revoke, in whole or in part, block or destroy personal data, as well as with complaints and suggestions via e-mail email@example.com;
4.1.4. subject of personal data has the right to request the exclusion, modification, updating of personal data, to demand restriction of personal data processing or to object to processing of personal data, when it is provided by the current legislation.
4.2 If it is confirmed that the personal data is incorrect or processing is unlawful, the personal data must be changed by the Company, and the processing must be terminated.
4.3 Subjects of personal data must:
- Provide the Company with accurate and up-to-date data about themselves;
- Immediately inform the Company of any changes in their personal data;
- Persons who provided the Company false information about themselves, or information about another subject of personal data without the consent of the latter, shall be liable in accordance with the laws.
5. Placing Personal Data on the Site
5.1 The User fills in his/her profile data on the Site in accordance with the requirements and the Site's Policy.
5.2 The User shall independently determine the privacy settings of his/her Profile and determine which of the specified data to make available to everyone (the general public). In this case the User shall bear the risk of negative consequences associated with the dissemination of their personal data.
5.3 By posting their personal data in their Newsletters, the User shall independently disclose and distribute their personal data to an unspecified circle of people, without the Company's consent. In this case, the User himself bears the risk of negative consequences associated with the dissemination of his personal data.
5.4 The User is aware of the fact that the image (photo, avatar) which the User posts in his profile is publicly available, and the responsibility for distribution of this image is on the User.
5.5 By using the Site and/or providing personal data to the Company, the User consents to its processing in accordance with this Policy.
5.6 The subject of personal data independently decides to provide his personal data to the Company and gives consent freely, of his own free will and in his own interest.
5.7 The Company shall not be liable for disclosure and distribution of information about the User by other Users of the Website or other Internet users if such persons have gained access to the specified information in accordance with the User's chosen privacy settings of their account, or in case of violation of safety of their login and/or password or other data required for authorization by the User.
6. Principles of personal data processing
6.1 Processing of personal data shall be lawful and fair.
6.2 Processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not permitted.
6.3 Databases containing personal data, which are processed for purposes incompatible with each other, shall not be combined.
6.4 Only personal data that meets the purposes of processing shall be processed.
6.5 The content and scope of processed personal data shall comply with the stated processing purposes. Processed personal data shall not be excessive in relation to the stated processing purposes. 6.6.
When processing personal data, the accuracy of personal data, its sufficiency, and, if necessary, relevance in relation to the purpose of personal data processing shall be ensured. The Company shall take necessary measures and/or ensure that incomplete or inaccurate data is removed or clarified.
6.7 Personal data shall be stored in a form that allows to identify the subject of personal data, no longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by federal law, the contract, which party, beneficiary or guarantor under which the subject of personal data is. Processed personal data shall be destroyed or depersonalized upon attainment of processing objectives or if it is no longer necessary to attain such objectives, unless otherwise provided by federal law.
6.8 Processing of personal data is carried out with the consent of the subject of personal data to the processing of their personal data unless otherwise provided by applicable law.
6.9 The Company does not disclose or distribute personal data to third parties without the consent of the subject of personal data, unless otherwise provided by law.
6.10. In the case of assignment of personal data processing to another person with the consent of the subject of personal data on the basis of an agreement concluded with that person, such agreement must contain a list of actions (operations) with personal data, processing purposes, the obligation of such person to maintain the confidentiality of personal data and ensure security of personal data during their processing.
7.Purposes of personal data processing
71. The purpose of processing of the User's personal data is:
7.1.1.Providing User access to services, information and/or materials contained on the Site.
7.1.2.Executing the user agreement between the Company and the Subject of personal data.
7.1.3 Establishment of feedback with the User, including sending notices, requests regarding the use of the Website, provision of services, processing of requests and applications from the User
7.1.4 Providing the User with customer and technical support in case of problems associated with the use of the site.
Performing informational (advertising, newsletters) mailing. The User can always refuse to receive information messages by sending an email to the Operator at firstname.lastname@example.org with a note "Refuse notifications about new products and services and special offers".
7.2 The source of information about all personal data is directly the subject of personal data.
7.3 The Company may carry out the following personal data processing activities: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), including cross-border, depersonalization, blocking, deletion and destruction of personal data.
7.4 Processing of personal data by the Company is carried out by the following methods:
- Automated processing of personal data with or without transmission of received information via information and telecommunications networks;
8. Procedure for collecting, storing, transferring and otherwise processing personal data
8.1 In order to ensure compliance with the Company's security responsibilities, the processing of personal data the Company takes the following necessary and sufficient measures required by applicable law, including:
- Obtaining the consent of the subjects of personal data to process their personal data, except in cases provided for by the legislation of the EU and the USA, as well as local legislation of Georgia;
- Exercising internal control over the compliance of personal data processing with the Federal Law "On Personal Data";
- Establishing a ban on the transfer of personal data without applying the measures established by the Company to ensure the security of personal data (with the exception of publicly available and (or) depersonalized personal data);
- Other measures provided for by the legislation of the EU and the USA, as well as local legislation of Georgia in the field of personal data. 8.2.
8.2 Grounds for termination of processing of personal data are:
- withdrawal by the user of his consent to the processing of personal data (withdrawal of consent is made by sending the Company a corresponding notice by e-mail to the Company's e-mail address email@example.com marked "withdrawal of consent to the processing of personal data");
- On liquidation of the Company. In case of liquidation of the Company, and in case of blocking the Company's Web site, the personal data posted on the Site are to be disposed of;
- After 5 years from the date of deletion of the User's profile on the Site;
- upon discovery of unlawful processing, if it is impossible to ensure its lawfulness.
8.4 The Company shall under no circumstances be liable to the data subject for any negative consequences arising from unlawful interference in the Company's work by third parties (virus programs, hacker attacks, etc.),
8.5 The prohibitions established by the subject of personal data on the transfer (other than granting access), as well as on the processing or processing conditions (other than obtaining access) of personal data permitted for distribution, shall not apply in cases of processing of personal data in the state, public and other public interests.