PRIVACY POLICY
3. Categories of data subjects
4. Purpose and grounds for collecting personal data
5. Information content about Users
7. Information on the implemented requirements for the protection of personal data
9. Destruction (anonymization) of personal data
This Privacy Policy (hereinafter referred to as the Policy) defines personal data processing policy, contains provisions and requirements related to the protection of personal data in the Company.
1. Terms and definitions
1.1. User is a natural person intending to use or using the Site and the one who has also the Company.
1.2. Administration, Company - INTROSERV d.o.o.
1.3. Cookies is a piece of data that comes as a part of an HTTP request intended to be stored on the User’s terminal device and used by the Site Administration to authenticate the User, to store information about User’s preferences and User settings, to track the status of the User's access session, and to keep records about the Users.
1.4. Site is a set of programs intended to be used on electronic computers and other information in the information and telecommunications network known as the "Internet" that are intended for their further display in a browser and can be accessed using the domain name https://introserv.com/, as well as its other subdomains.
1.5. User Registration data is a set of information items defined by the Contractor that is specified by the User during the registration on the Site. In case of any change in Data Registration Information the User is liable to inform about these changes in the process of agreement execution.
1.6. Anonymization of personal data is a set of actions resulting in impossibility, without the use of additional information, to determine personal data ownership belonging to a specific data subject.
1.7. Processing of personal data is any action (operation) or a set of actions (operations) that can be performed using automation tools or without using such tools with personal data that include the process of collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.General provisions
2.1. This Policy is published on the Site page at https://introserv.com/legal/privacypolicy/
2.2. By accepting the terms of this Policy, the User expresses his consent to his User Data to be processed by the Site Administration for the purposes provided in this Policy.
3. Categories of data subjects
3.1. The Company processes personal data of the following categories of data subjects:
3.1.1. Company employees;
3.1.2. Dismissed employees;
3.1.3. Persons with whom the agreement has been concluded;
3.1.4. Representatives of the Company's counterparties.
4. Purpose and grounds for collecting personal data
4.1. Personal data of the employees and dismissed employees of the Company is collected for the purpose of fulfilling the provisions of the labor contract, as well as related legal acts.
4.2. Personal data of persons with whom contracts have been concluded is collected to fulfill the contractual obligations of the parties under the agreement.
4.3. Personal data of representatives of the Company's counterparties is collected to fulfill the contractual obligations of the parties under the agreement.
4.4. The counterparties of the company are independently responsible for the legality of the provision of personal data of their employee (representative) to the Company.
4.5. The User is responsible for providing accurate personal data. The Administration has the right, but is not obliged to request copies of documents confirming the authenticity of provided personal data.
5. Information content about Users
5.1. The Administration of the Site processes the following personal data entered by the User: last name, first name, patronymic name, postal address, email address, phone number, icq, skype, telegram.
5.2. The Administration automatically processes data provided for by international data exchange protocols to access the Site via the Internet, as well as for the purpose of identifying the user's technical session, including but not limited to IP address, MAC address, device ID, IMEI, MEID, data from cookies, information about the browser, operating system, access time.
5.3. The Administration processes personal data, the transfer of which is provided by the data exchange protocols, which are used to pay for services under the contractual obligations.
5.4. Other personal data is required for the full and faithful fulfillment of contractual obligations by the Company.
6. User rights
The data subject has the right:
6.1. To make changes independently to the provided personal data, like deleting the data.
6.2. To require notification of all persons who have previously been provided with incorrect or incomplete personal data.
6.3. To receive from the Company any information regarding the processing of his personal data.
7. Information on the implemented requirements for the protection of personal data
7.1. When processing personal data, the Company undertakes the necessary legal, organizational, and technical measures and ensures that these measures are taken to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions related to personal data use which are in particular (but not limited to):
7.1.1. Appointment of a person responsible for the processing of personal data.
7.1.2. Limiting the number of employees who have access to personal data.
7.1.3. Programmatic identification of the Users, including the employees of the Administration, and recording of their actions.
7.1.4. Implementation of anti-virus control and other measures against malicious programmatic and mathematical influence.
7.1.5. Application of backup means and recovery of information.
7.1.6. A software update if security fixes from manufacturers are available.
7.1.7. Implementation of encryption using SSL certificate when transferring personal data on the Internet.
7.1.8. Taking measures related to the admission of only trustworthy persons into the places where technical equipment is installed.
7.1.9. The use of technical means of protecting the premises in which the technical means of information systems and personal data are located, and to protect the places of storage of material carriers of that personal data.
8. Confidentiality
8.1. The administration and other people who have gained access to personal data are obliged not to disclose that data to the third parties, and not to distribute personal data without the consent to use that data from the side of the Subject of personal data in all cases, except in the cases envisaged by the current legislation.
8.2. Payment card information is stored and transmitted in accordance with the major privacy and security standards of credit and debit cards under PCI DSS (Payment Card Data Security Standard).
8.3. Payment card data is not requested and is not used for any purpose that is not related to the payment for goods and services.
8.4. Payment card data is not stored on the server.
8.5. The Company undertakes to guarantee that the personal data of the client or any other information related to Client’s card, his payment history will not be disclosed to anyone and under no circumstances, except in cases when such information is needed by the Acquiring bank or by Visa / Mastercard payment systems, or at the request of the state authorities.
9. Destruction (anonymization) of personal data
9.1. The destruction (anonymization) of the Subject's personal data is carried out in the following cases:
9.1.1. In the case the goal for which the Subject’s personal data was needed had been already achieved, or in the case of loss of the need to achieve these goals within a period not that does not exceed thirty days starting from the moment the purpose of processing personal data took place, unless otherwise is provided by the provisions of the agreement to which the subject of personal data is a party, or another agreement between the Company and the subject of personal data (his representative, or employer).
9.1.2. In the event an unauthorized disclosure or unlawful processing of the personal data by the Company is revealed within a period not exceeding ten working days from the date the detection of such case had a place.
9.1.3. In the case of the expiration of personal data storage period, determined in accordance with the current legislation and the organizational and administrative documents of the Company.
9.1.4. In the case if it is ordered by the authorized body that protects the rights of the subjects of personal data or based on a court decision.
10. Final provisions
10.1. The term for personal data processing in the Company is determined by the organizational and administrative documents of the Company.
10.2. This Policy is the subject to change, addition in case the new legislative acts and special regulations on processing and protection of personal data appear, as well as by the decision of the Administration.
10.3. Control over the fulfillment of the requirements of this Policy is carried out by a person who is responsible for organizing the processing of personal data.
10.4. Issues not regulated by this Policy are governed by the applicable law.
10.5. This Policy is publicly available and must be posted on the information stands of the Company's offices and on its Website.