Approved by Order No. 19-П/2017 of 26.12.2017 issued by the Director of Data Delivery Ltd. PERSONAL DATA PROCESSING POLICY
1. This document (hereinafter referred to as the "Policy") shall define the policy of the Data Delivery Limited Liability Company (hereinafter referred to as the "Company") for the personal data processing and include the system of main principles to be used for personal data processing in the Company, and also, inter alia, data on the requirements and measures being implemented for the personal data protection.
2. The Policy shall be aimed to protect rights and freedoms of an individual when processing personal data thereof, including protection of rights to privacy, personal and family confidentiality, in particular, to provide protection against unauthorized access to and illegal disclosure of the personal data to be processed by the Company.
3. The personal data shall be defined as any information related directly or indirectly to a specified or to be specified natural person (personal data subject).
4. The personal data processing shall be defined as any action (operation) or a range of actions (operations) to be performed upon the personal data by using automation facilities or without using such facilities and shall include as follows: the personal data acquisition, recording, systematization, accumulation, storage, validation (updating, alteration), retrieval, use, transmission (dissemination, submission, access), depersonalization, interlocking, deletion and destruction.
5. The Policy shall be applicable to all actions to be performed with the personal data by using the automation facilities or without using them in the Company.
6. The persons authorized to process the personal data in the Company and the persons involved in organizing the personal data processing operations and guaranteeing security thereof in the Company should be mandatory informed about this Policy and implement it. .
7. This Policy shall be free to access on the Internet.
8. The personal data processing in the Company shall be performed on a legal and fair basis.
9. The Company shall not disclose the personal data to third parties and shall not disseminate them without the consent of the personal data subject, exclusive of the following cases:
- the information is made publicly available by the personal data subject himself/herself;
- the data transfer is directly permitted by the personal data subject;
- the data is requested by the public authorities in cases and under procedures set out in the legislation in force;
- the non-personal data may be transferred to and used by third parties, as well may be used for statistical and commercial purposes.
The data on plastic cards and other payment information when effecting payments at the Company sites and also via services and applications thereof shall be transmitted directly to the respective payment system by the Company.
10. The Company shall process, in particular, the following data:
- the personal data specified when filling in the information fields at the Company sites, as well as when filling in a contact form and using the software made available on the Company sites;
- the personal data and other information contained in the messages to be sent to the Company address;
- the technical data which are automatically transmitted by a device designed for using the Company sites, including the device specifications, IP-address, the data stored in cookie files which were transmitted to the devices, the information about a browser, date and time of access to the site, addresses of requested pages and other detailed information;
- the data on a location in case the personal data subject informed about the coordinates thereof or selected the location thereof in the Company sites interface;
- text, photographic and multimedia files loaded by the personal data subject;
- the data on Wi-Fi connection;
- other data on the personal data subject which the personal data subject preferred to post on the Company sites;
- the data on the Company employees.
The data may be cached during the processing operations.
11. Objectives of processing data by the Company shall be as follows:
- enforcing existing legislation, judicial acts and acts of other bodies or officials being enforceable subject to the legislation;
- preparing, performing, concluding and terminating the contracts a party to which or a beneficiary or a guarantor under which shall be the Company;
- concluding contracts on the initiative of the personal data subject or contracts under which the personal data subject shall be a beneficiary or a guarantor;
- coordinating actions with vendors with the consent of the personal data subjects;
- registering the personal data subjects at the Company sites;
- providing information about the Company and services rendered thereby;
- communicating with the personal data subject when the personal data subject applies to the Company;
- ensuring functioning and security of the Company sites;
- improving quality of the Company sites;
- conducting research, targeting, etc. for marketing purposes;
- managing human resources, keeping human resources records, concluding employment and civil law contracts and performing obligations thereunder; complying with requirements of the tax legislation due to computation and payment of the income tax from natural persons, pension legislation and social insurance legislation; filling in primary statistical documentation;
- protecting life health and other vital interests of personal data subjects.
12. The term of the personal data processing shall be defined with due regard to as follows:
- set objectives of the personal data processing;
- validity of contracts with personal data subjects and consent thereof of the personal data subjects for processing the personal data thereof.
13. A personal data subject shall have the right to obtain the information related to processing the personal data thereof in the manner and within the time limits specified by the legislation. To obtain this information, the personal data subject may mail a letter titled "Request for Personal Data" (or "Withdrawal of Consent for the Personal Data Processing" in case of withdrawal of consent for the personal data processing) to the e-mail address: firstname.lastname@example.org
or to the address: Room 37-2, 8th
floor, 57 Dzerzhinskogo Prospect, 220089 Minsk, Republic of Belarus.
14. In processing the personal data, the Company shall take all necessary legal, organizational and technical measures to protect the personal data from illegal or accidental access thereto, from destruction, alteration, interlocking, copying, submission and dissemination of the personal data, as well as from other illegal actions with respect to the personal data.
Requirements and measures to be implemented for personal data protection shall include as follows:
- arranging procedures for providing security for the premises in which information systems are accommodated in order to prevent the persons not entitled to access to these premises from unauthorized entering and staying in these premises;
- safeguarding personal data carriers;
- appointing a person responsible for managing the personal data processing operations;
- approving a list of Company employees directly involved in processing the personal data and having the right of access to personal data being processed in the information system;
- identifying threats to security of the personal data when processing thereof in personal data information systems;
- using data protection facilities;
- familiarizing the Company employees directly involved in the personal data processing with the personal data legislation provisions, as well as with the requirements for the personal data protection and documents defining the Company's personal data processing
- obtaining consents from personal data subjects to process personal data thereof, exclusive of the cases provided for by the legislation.
15. The Company shall cease the personal data processing:
- upon occurrence of conditions for cessation of the personal data processing or upon expiration of the deadline;
- upon achievement of objectives of processing thereof or in case the need for achieving these objectives is eliminated;
- upon the request of the personal data subject;
- upon expiry of the validity period of the consent for the personal data processing or in case of withdrawal of the consent for the personal data processing;
- in case of liquidation of the Company.
16. Links to third-party sites and services being not under control of the Company may be posted at the Company sites. The Company shall bear no responsibility for security or confidentiality of any information being collected by third-party sites and services.
17. This Policy may be unilaterally updated, changed and abolished by the Company without prior notice thereof. However, the personal data subject, while continuing to use the Company sites after changes in the Policy shall confirm consent with changes made.