1.2. The Policy applies to the personal data that the Controller receives about the Data Subject during their use of the Website and the acquisition of Controller services.
1.3. An exhaustive list of personal data about the Data subject (hereinafter – «the personal data») collected and used by the Controller is provided in the Article 2 of the Policy.
2. THE PERSONAL DATA COLLECTED AND USED BY THE CONTROLLER
2.1. Categories of personal data collected and used:
2.1.1. Name, patronymic and surname;
2.1.2. Email address;
2.1.3. Mobile number;
2.2. The personal data is provided by the Data subject independently during their filling of the feedback form on the Website.
2.3. The Policy is only applicable to data collection was carried out during the interaction of the Data subject with the user interface posted on the Website. The Controller does not control and is not responsible for the third party’s websites to which the Data subject can click following links available on the Controller’s website. The Controller is not responsible for the information which can be collected or requested or to other actions of the Data subject on the websites of third parties.
2.4. The Controller does not check reliability of the personal data about the name, patronymic and surname and different information provided by the Data subject. At the same time the Controller assumes that the Data subject provides reliable and sufficient information about himself and keeps this information up to date.
3. THE PURPOSE FOR THE PROCESSING OF PERSONAL DATA
3.1. The Controller collects and uses the personal data for the following purposes:
3.1.1. providing feedback to the Data subject, including sending notifications, requests and information related to the Website, as well as request management from the Data subject;
3.1.2. rendering services for the Data subject;
3.1.3. concluding the agreement for the provision of services between the Controller and Data subject, performance of the agreement;
3.1.4. improving the quality of services provided to the Data subject, ease of use, carrying out statistical and other studies based on anonymous data;
3.1.5. informing about new offers, advertising and promotional material (marketing) by electronic communications like emails.
3.2. In the processing of the personal data, the Controller is guided by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27April 2016 (GDPR). Processing of the personal data is based on the following principles:
3.2.1. lawfulness, fairness and transparency;
3.2.2. purpose limitation;
3.2.3. data minimization;
3.2.5. storage limitation;
3.2.6. integrity and confidentiality.
4. STORAGE PERIOD
4.1. The personal data is used by the Controller within one year.
4.2. The Controller erase the personal data after the above described storage period or when the Data subject requests us to erase the personal data.
5. LEGITIMATE GROUNDS FOR PROCESSING
5.1. The Controller process the personal data to pursue his legitimate interest to run, maintain and develop his business.
5.2. The Controller process the personal data to comply with his legal obligations.
6. RIGHTS OF THE DATA SUBJECT
6.1. The Data subject have the right to:
6.1.1. receive confirmation of the existence of the personal data, access their content and obtain a copy, including the right to lodge a complaint with a supervisory authority (right of access);
6.1.2. update, change and/or correct the personal data (right of rectification);
6.1.3. request the personal data erasure or restriction of the data processing in the cases envisaged by the Regulation, including where the data have been processed in violation of the law or if storage is not necessary for the purposes for which the data were collected or otherwise processed (right to erasure and right to restriction);
6.1.4. object at any time to the processing of the personal data (right to object);
6.1.5. withdraw the Data subject consent, where given, at any time and without prejudice to the lawfulness of the processing based on the consent given prior to withdrawal (right of withdrawal of consent);
6.1.6. receive a copy of the data provided by the Data subject in a structured, commonly used and machine-readable format and request that such data be submitted to another data controller if technically feasible (right to data portability).
6.2.1. name, patronymic and surname;
6.2.2. email address;
6.2.3. mobile number;
6.2.4. the Data subject’s relationship and/or interactions with the Controller (as applicable);
6.2.5. the specifics of the information the Data subject would like the Controller to provide or the Data subject want the Controller to take action upon.
6.3. The Controller may request additional information necessary to confirm Data subject’s identity.
7. OBLIGATIONS OF THE CONTROLLER
7.1. The Controller undertakes:
7.1.1. demonstrate that the processing it performs or has performed are compliant with the Regulation (the principle of accountability);
7.1.2. ensure that, in the planning phase of processing activities and implementation phase of any new service, data protection principles and appropriate safeguards are addressed/ implemented (data protection “by design” and “by default”);
7.1.3. keep a detailed record of processing operations which can be made available to the supervisory authority at all times, and cooperate with it;
7.1.4. set up technical and organizational measures to ensure the security of the processing, such as pseudonymization and data encryption;
7.1.5. notify the competent supervisory authority of any breach likely to endanger individuals’ rights and freedoms without undue delay;
7.1.6. provide information to the Data subject relating to processing to the personal data upon Data subject’s request within two weeks.
8. PROTECTION OF THE PERSONAL DATA
8.1. The Controller takes necessary and sufficient organizational and technical measures to protect the personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties with them.
9.1. The Controller has the right to make changes to the Policy. When changes are made, the date of the last update shall be indicated in the latest version. The new version of the Policy comes into force from the date of its renewal and placement on the company’s website, unless otherwise provided by the new version of the Policy.
9.2. Continued use of the Website by the Data subject after any amendments to the Policy means the Data subject’s consent to such amendments and / or additions. The Data subject agrees to regularly view the content of the Policy to ensure awareness with its amendments.
10. CONTACT DETAILS OF THE CONTROLLER AND DATA PROTECTION OFFICER
10.1. The Controller is: « Mentalstack» with registered office in 347900, Russia, Taganrog, ul. Petrovskaya, 51.
10.2. The DPO can be contacted at the following email address: email@example.com.