This policy describes the protection of rights of individuals regarding the processing of their personal data. The purpose of this policy is to guarantee the inviolability of personality and privacy by ensuring protection of individuals in case of unauthorized processing of their personal data, in the process of free movement of data.
1. This statement defines:
1.1. The management, maintenance and protection of personal data that includes private information of customers of Massagindr and is contained in the Personal Data Register (“Register”).
1.2. The obligations of Massagindr staff processing personal data (“Data Controller”) and their responsibility when fulfilling these tasks.
1.3. The required technical and organizational procedures by the Data Controller for the protection of personal data from unlawful processing (accidental or unlawful destruction, loss or change, unlawful disclosure or access, non-regulated alteration or distribution, as well as all other unlawful forms of processing personal data).
2. The following types of personal data are kept in the Register:
2.1. Physical identity, names, passport details, address, phone number and personal identification numbers, date of birth, personal preferences, GPS position, IP addresses, information about device used.
3. The Register collects and stores personal data from the customers of the website:
3.1. For contacting customers by phone and to send correspondence regarding completion of orders that have been received on the website (online orders).
3.2. For bookkeeping and direct marketing.
3.3. To investigate and prevent fraudulent transactions, unauthorized access to the Website, and other illegal activities.
3.4. To provide you with notices about your account, including expiration and renewal notices.
3.5. To carry out the Company's obligations and enforce its rights arising from any contracts entered into between you and the Company, including for billing and collection, photo verification, ID verification and written authorizations.
3.6. To notify you about changes to the Website or any products or services the Company offers or provides through the Website.
3.7. To allow you to participate in any interactive features on the Website.
3.8. To monitor and analyze trends, usage, and activities in connection with the Website and for marketing or advertising purposes.
3.9. To personalize the Website content, features, or advertisements.
4. The Register is kept in electronic form.
4.1. The Register is kept in electronic form and the personal data is stored in secured computer servers.
4.2. Access to the Register servers is controlled by secured passwords known only to the Data Controller staff authorized to process personal data. Data processing software is used when working with this data.
4.3. The protection of the Register from unauthorized access; corruption, loss or destruction of the data is ensured by maintaining up-to-date antivirus software and regularly scheduled backups.
5.1. Personal data is collected by placing orders in the online store of the company to the website by a person who is a customer in compliance with the General Terms of Service.
5.2. In all cases, the individuals, whose data are subject to personal data processing, shall submit, via online forms, the necessary personal data to the Data Controller appointed for processing personal data.
5.3. The need for collection of the personal data and the purposes for its use will be communicated to the individual placing the order by the Data Controller.
5.4. To rectify the personal data collected, the individual must submit an official request to the Data Controller.
6.1. The Company may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
6.2. The Company also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).
6.3. The information the Company collects automatically is statistical data and does not include personal information, but the Company may keep it or associate it with personal information the Company collects in other ways or receive from third parties. It helps the Company to improve the Website and to deliver a better and more personalized service, including by allowing the Company to:
6.4. The technologies the Company uses for this automatic data collection may include:
6.4.2. Flash Cookies. Certain features of the Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on the Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, you can access your Flash management tools from Adobe's website.
6.4.3. Web Beacons. Pages of the Website (and the Company's emails) may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages (or opened an email) and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity). If you want to learn more about web beacons, please visit allaboutcookies.org/web-beacons/.
6.4.4. By joining Massagindr you agree, that Google and other search engines will index profile data meaning that your profile will show in search results of these engines.
7.1. The right to access one's personal data contained in the Register shall be exercised by submitting a written application to the Data Controller.
7.2. The application may also be submitted in electronic form.
7.3. The application for access shall be filed personally by the individual or by explicitly authorized person with a power of attorney certified by a notary public.
7.4. The Massagindr Data Controller reviews all requests for access. The time limit for reviewing an application is 14 days from the day of submission or 30 days if more time is needed to collect the person's personal data due to unexpected difficulties in the Data Controller's ability to make the data accessible.
7.5. The decision shall be delivered personally after signature or by mail with advice of delivery.
7.6. Where the data does not exist or cannot be provided on a specific legal basis, the applicant shall be notified of refusal to access and the reasons for refusal. The refusal to grant access may be disputed by the person in front of the respective authority and in accordance with the legal deadline.
7.7. Only authorized Data Controller staff have access to the personal data with a file access password.
7.8. In addition, access to the personal data must be provided by the Data Controller staff to the officials directly involved in the clearance and verification of the legality of the documents of the requesting individual: manager, chief accountant or anyone performing technical accounting processing operations on the documents. Data Controller staff are required to provide access to them on request.
8.2. The information in the Register can only be accessed the authorized Data Controller staff. Third parties do not have the right to access the Register unless required by the legal authorities (courts, prosecutors or investigative bodies). The law permits these authorities access to the personal data of the individuals.
8.3. No consent is required if the processing of the personal data is only carried out by or under the control of a competent state authority for personal data relating to the commission of legal offenses, administrative offenses or unauthorized access. Such persons shall be granted access to the personal data and, where necessary, shall be provided with appropriate working conditions in the premises of the company.
8.4. The access by state authorities to an individual's personal data requires duly legitimated relevant documents, such as written orders of the respective body, that state the names of the individuals and the reasons for access.
8.5. In case of changes in the Data Controller company's status (transformation, liquidation, etc.), requiring the transfer of the Register by the company to another data controller, the transmission of the Register shall be done after permission of the State Commission for Personal Data Protection.
8.6. The decision to grant or deny access to personal data for the person concerned shall be communicated by the Data Controller to the third parties within 30 days of the submission of the request.
9.1. When introducing a new personal data processing software, a specific committee shall be set up to test and verify the capabilities of the new product to meet the requirements of the Personal Data Protection Act and to make sure maximum protection against unauthorized access, loss, damage or destruction.
9.2. The non-fulfillment of the obligations incumbent by the respective officials under these Regulations and the Personal Data Protection Act, are subject to disciplinary sanctions under the Labor Code. When the non-fulfillment of the respective obligation has been established and established by a competent authority, as provided by the Personal Data Protection Act, an administrative penalty or fine may be imposed. If, because of the actions of the data subject, personal injury has resulted in damage to a third party, the latter may be held liable under the general civil law or criminal procedure if it is a more serious offense for which criminal liability is provided.
9.3. Archiving of personal data on a technical medium is done periodically every 30 days by the Data Controller to keep the Register information up to date.