Ця Політика обробки персональних даних (далі – “політика”) визначає загальні принципи і процедури обробки персональних даних і заходи щодо забезпечення їх безпеки в X-partners, включаючи піддомени trk.xpgoal.io , trk.goxp.tech, trk.xplink.io, trk.xplead.io , при організації роботи сайту https://x-partners.com /(далі іменованого “Сайт”). Усі персональні дані, що обробляються, накопичуються та збираються в цих доменах та субдоменах, однаково захищені відповідно до законодавства та судової практики.
- Terms
In the Policy, the following terms are used in the following meanings:
- Legislation – the current legislation of the country of registration of the Site.
- Personal Data Information System – a set of Personal Data contained in the Controller’s databases and information technologies and technical means that ensure their processing.
- Confidentiality of Personal Data – is the obligation of persons who have access to Personal Data not to disclose to third parties and not to distribute Personal Data without the consent of the subject of Personal Data, unless otherwise provided by Law.
- Personal Data processing – any action (operation) or set of actions (operations) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.
- Controller – X-partners, independently or jointly with other persons organizing and (or) processing Personal Data, as well as determining the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.
- Personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
- Subject – a personal data subject who has access to and uses the Site and/or has consented to the processing of personal data by the Controller.
The content of terms whose meaning is not established in the Policy is determined in accordance with the Legislation.
- General provisions
- The Policy defines the requirements for processing and ensuring the security of Personal Data of Subjects.
- Measures to ensure the security and Confidentiality of Personal Data are an integral part of the activities of the Controller.
- Principles of Personal Data processing
- The processing of Personal Data by the Controller is carried out both with the use of automation tools and without their use in accordance with the following principles:
- the processing of Personal Data is carried out on a legal and fair basis;
- the processing of Personal Data is limited to the achievement of specific, predetermined and legitimate goals;
- processing of Personal Data incompatible with the purposes of Personal Data collection is not allowed;
- it is not allowed to combine databases containing Personal Data, the processing of which is carried out for purposes incompatible with each other;
- only Personal Data that meet the purposes of their processing are subject to processing;
- the content and volume of the processed Personal Data correspond to the stated purposes of processing;
- the processed Personal Data is not redundant in relation to the stated purposes of their processing;
- when processing Personal Data, their accuracy, sufficiency and relevance in relation to the purposes of processing are ensured;
- the storage of Personal Data is carried out in a form that allows to identify the Subject of personal data, no longer than the purposes of processing Personal Data require, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them;
- Personal data must be processed in ways that ensure their security, using appropriate technical and organizational measures.
- The composition of the processed Personal data and the purposes of processing
- Personal Data is processed by the Controller for the following purposes:
- Conclusion and execution of contracts with the Subject that can be concluded using the Site:
list of processed Personal Data: mobile phone number; e-mail; Full name;
categories of processed Personal Data: Personal data is not sensitive;
methods of processing and storing Personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, transfer (provision, access), blocking, deletion, destruction;
terms of processing and storage of Personal Data: until the moment of termination of the use of the Site by the Subject, if a longer storage period is not provided for by Law;
procedure for destruction of Personal Data: deletion of Personal Data from electronic and/or tangible media or destruction of tangible media containing Personal Data;
- Receipt by the Subject of information and advertising mailings:
list of processed Personal data: Full name; mobile phone number; e-mail;
categories of Personal Data processed: Personal Data does not relate to confidential or biometric Personal Data;
methods of processing and storing Personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, transfer (provision, access), blocking, deletion, destruction;
terms of processing and storage of Personal data: until the Subject withdraws consent to receive informational and promotional mailings;
procedure for destruction of Personal Data: deletion of Personal Data from electronic and/or tangible media or destruction of tangible media containing Personal Data;
- Terms of Personal Data processing
- Processing of Personal Data by the Controller is allowed in the following cases:
- with the consent of the Subject to the processing of his Personal data;
- if there are grounds provided for by Law that allow the processing of Personal Data in the absence of the consent of the Subject.
- Rights of the Subject
- The Subject in relation to his Personal Data has the right:
- make a decision to provide your Personal Data to the Controller and third parties and consent to their processing freely, voluntarily and in your own interest;
- withdraw your consent to the processing of Personal Data by sending the appropriate notification to the Controller;
- receive information from the Controller regarding the processing of Personal Data by sending a corresponding request;
- require the Controller to clarify Personal Data, block or destroy them if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purposes of processing;
- to demand the termination of the processing of Personal Data in order to promote goods, works and services on the market by making direct contacts with them using means of communication;
- appeal the actions or omissions of the Controller to the authorized body for the protection of the rights of personal data subjects or in court;
- exercise other rights provided for by Law.
- In order to exercise the rights provided for in paragraphs 6.1.2–6.1.5 of the Policy, the Subject must send an appropriate request (request, notification) to the Controller’s address or to the Controller’s e-mail specified in Section 11 of the Policy.
- Rights and obligations of the Controller
- The Controller undertakes to process Personal Data in accordance with the Legislation and local regulations of the Controller.
- With respect to the Subject’s Personal Data, the Controller undertakes to maintain their Confidentiality, except in cases provided for by Law.
- The Controller is obliged to take measures necessary and sufficient to ensure the fulfillment of the obligations provided for by Law. The Controller independently determines the composition and list of such measures.
- The Controller is obliged to inform the Subject or his representative about the processing of Personal Data related to the relevant Subject, as well as to provide an opportunity to get acquainted with these Personal Data free of charge, in accordance with the procedure and terms established by Law.
- In case of detection of unlawful processing of Personal Data, the Controller is obliged to stop processing such Personal Data. If it is impossible to ensure the legality of the processing of Personal Data, the Controller is obliged to destroy or ensure the destruction of such Personal Data in the manner and within the time limits established by Law.
- If the fact of inaccuracy of personal data is revealed, the Controller is obliged to block or ensure the blocking of such Personal Data and clarify or ensure their clarification in the manner and within the time limits established by Law.
- The Controller performs other duties stipulated by the Legislation.
- The Controller has the right to transfer the Personal Data of the Subject to third parties with the consent of the Subject.
- The Controller has the right to transfer the Subject’s Personal Data to third parties without the Subject’s consent in the following cases:
- the transfer is necessary within the framework of the use of the Site by the Subject, the execution of the agreement on the use of the Site (User Agreement), the execution of other contracts of the Controller with the Subject;
- the transfer is carried out to state bodies, including bodies of inquiry and investigation, and local self-government bodies upon their reasoned and relevant Legislation request;
- in other cases directly provided for by the Legislation.
- Cross-border transfer of Personal Data
- The Controller has the right to carry out cross-border transfer of Personal Data of a Subject on the territory of foreign states that provide adequate protection of the rights of Personal Data subjects, except in cases where such transfer is prohibited or restricted by Law.
- The Controller is obliged to make sure that the foreign state to whose territory the transfer of Personal Data is carried out ensures adequate protection of the rights of subjects Personal Data, prior to the start of the cross-border transfer of Personal Data.
- The Controller has the right to carry out cross-border transfer of Personal Data on the territory of foreign states that do not adequately protect the rights of Personal Data subjects, with the written consent of the Subject, as well as in other cases expressly provided for by Law.
- Personal Data Security
- The Controller applies measures to ensure the security of the Personal Data of the Subject.
- Third parties may process the Personal Data of the Subject strictly in accordance with the instructions of the Controller and in cases when they take protective measures with respect to Personal Data similar to the measures provided for in the Policy.
- The Controller applies appropriate security measures to prevent accidental loss, use or availability of the Subject’s Personal Data for unauthorized use, modification or disclosure.
- The Controller restricts access to the Subject’s Personal Data only to those employees, agents, contractors and other third parties who require it in connection with business purposes or purposes provided for by Law.
- Access to Information Systems containing Personal Data is provided by a password system. Passwords are set by authorized employees of the Controller and are individually communicated to employees of the Controller who have access to Personal Data.
- The Controller uses procedures to deal with any suspicions of violations of security requirements with respect to Personal Data, and also notifies the Subject and the relevant regulatory authorities of such violations in cases where this is required by Law.
- Other provisions
- This Policy and the relations between the Subject and the Controller arising in connection with the application of the Policy are subject to the law of the country of registration of X-partners.
- All possible disputes between the Subject and the Controller related to the Policy are subject to resolution in accordance with the Legislation.
- If, for one reason or another, one or more provisions of the Policy are declared invalid, this does not affect the validity of the remaining provisions of the Policy.
- The Controller has the right to change the text of the Policy by posting a new version of the Policy on the Website in the credentials/x-partners.com section. The new version of the Policy comes into force the day after it is posted in the specified section.
- The Subject undertakes to independently monitor changes in the Policy by familiarizing himself with the current version.
- Contact information of the Controller