- This document defines the policy of LevemCRM (hereinafter – the Operator) regarding the processing of personal data (hereinafter – Personal Data);
- The Personal Data Processing Policy (hereinafter – the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by the Operator;
- The Policy applies to personal data received both before and after the approval of this Policy;
- The Policy is posted on the Operator’s Website, is a publicly available document and is mandatory for persons transferring personal data to the Operator via the Website;
Terms and definitions
The following terms, definitions and abbreviations are defined in this Policy:
- personal data – any information relating to a directly or indirectly defined, or identifiable individual (the subject of personal data);
- Operator – a state agency, municipal authority, legal entity or individual, independently or jointly with other persons, organizing and (or) carrying out the processing of personal data, as well as determining the purpose of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data
- Processing of personal data – any action (operation) or set of actions (operations), performed with or without the use of automated means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data.
Information about processing of personal data
- The operator processes personal data on a lawful and fair basis in order to perform the functions, powers and duties imposed by law, to exercise the rights and legitimate interests of the operator, the operator’s employees and third parties;
- The operator obtains personal data directly from the subjects of personal data;
- The Operator shall process personal data by automated and non-automated means, with or without the use of computer equipment;
- Actions on processing of personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction;
- Processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection shall not be permitted;
- Only personal data that meets the purposes of processing shall be processed;
- The content and scope of processed personal data correspond to the stated processing purposes. Processed personal data is not excessive in relation to the stated processing purposes;
Purposes of collection and processing of personal data
The operator processes personal data in order to comply with USA law, including, but not limited to, the following purposes:
- receiving appeals and applications from the subject of personal data;
- informing about new products, special promotions and offers;
- sending online versions of magazines and newspapers;
- conducting competitions;
- Concluding and executing contracts;
The Operator processes personal data of clients with their consent provided by clients and/or their legal representatives by performing conclusive actions on this Operator’s Website, including, but not limited to, ordering, registration in personal cabinet, subscription to newsletter, in accordance with this Policy.The Operator shall process customers’ personal data no longer than the purpose of personal data processing requires, unless otherwise required by law.The operator may process the following personal data of the clients:
- Surname, first name, patronymic;
- Address;
- Contact telephone number;
- E-mail address.
Information about security of personal data
When processing personal data, the operator shall take necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to it, destruction, change, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
The operator took the following measures in particular:
- Implemented local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of established procedures for the processing of personal data and eliminating the consequences of such violations;
- Legal, organizational and technical measures to ensure security of personal data are applied;
- Internal control over compliance of personal data processing and adopted in accordance therewith regulatory legal acts, requirements to protection of personal data, Operator’s policy in relation to processing of personal data, Operator’s local acts shall be carried out;
- assessment of damage which may be caused to personal data subjects in case of breach, correlation of said damage and measures taken by the Operator to ensure fulfillment of obligations;
- The Operator’s employees directly involved in processing personal data are familiar with the provisions of personal data legislation, including requirements to protection of personal data, documents defining the Operator’s personal data processing policy, local acts on personal data processing;
- In addition to the requirements of “On Personal Data”, the Operator implements a set of measures aimed at protecting information about customers, employees and counterparties.
Rights of subjects of personal data
The subject of personal data has the right:
- To receive personal data relating to this subject and information relating to their processing;
- To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- To withdraw its consent to the processing of personal data;
- To protect his rights and legitimate interests.