General Data Protection Regulation Policy
Bearing in mind the special protection of personal data, including a high level of security through, inter alia, data encryption by BEEBLE.
- Introduction
1.1. This personal data protection policy is a document describing the method of processing personal data and the obligations of BEEBLE acting as the administrator of personal data processed in connection with its business.
1.2. Sikneco Technologies LTD, Reg. No: HE356830 Michalakopoulou 25, office 202, 1075 Nicosia, Cyprus declares that it is the data controller within the meaning of European regulations of April 27, 2016 on the protection of physical data, regarding the protection of personal data. The rules regarding such conditions and the repeal of Directive 95/46 / EC – hereinafter referred to as the GDPR, entrusted under certain rules in the provisions of the GDPR.
1.3. Dictionary:
Controller – a natural or legal person, public authority, unit or other entity that independently or jointly with others sets the purposes and methods of personal data processing; User data – personal data in an encrypted form; the data includes mainly information about a given natural person collected during its registration during the provision of its services, a designation assigned to a given natural person to identify that natural person; Personal data (data) – information about an identified or identifiable natural person; an identifiable natural person is one who can be directly or indirectly identified; Breach of personal data protection – a breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transmitted, stored or otherwise processed; Recipient – a natural or legal person, public authority, entity or other entity to whom personal data is disclosed, regardless of whether it is a third party; are not recipients public authorities that may receive personal data in the course of a specific proceeding in accordance with Unioor Member State law; Processor – a natural or legal person, public authority, entity or other entity that processes personal data on behalf of the controller; Processing – an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, storing, adapting or modifying, downloading, browsing, using, disclosing by sending, distributing or otherwise the type of sharing, matching or combining, limiting, deleting or destroying; Regulation (GDPR) – Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC.
- Principles of personal data processing
2.1. The administrator processes personal data based on the rules regarding the processing of personal data within the meaning of art. 5 GDPR:
legality – has an appropriate legal basis for data processing and the processing is based on it; reliability and correctness – ensures that the data is up-to-date and correct; transparency – processes data in a transparent manner for the data subject (in particular by informing about data processing); purposefulness – processes data for specific, explicit and legitimate purposes and does not process data in a manner inconsistent with these purposes; adequacy – data is relevant to the purpose for which it was collected; minimization – data are processed to the extent necessary for the purpose for which they were obtained; storage limitation – data is stored for a period no longer than it is necessary for the purposes for which the personal data was obtained; integrity and confidentiality – takes care of data security, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
2.2. The administrator ensures accountability – he is able to demonstrate compliance with all the principles referred to in point 2.1, in particular by applying appropriate policies and procedures.
- Administrator duties
3.1. The administrator uses technical and organizational measures to ensure an appropriate level of security of the processed personal data, taking into account the state of technical knowledge, implementation cost, nature, scope, context and purpose of processing, the risk of violating rights or freedoms with a different probability of occurrence and the severity of the threat. In particular, the administrator uses for this purpose:
data encryption; measures ensuring confidentiality, integrity, data availability and resilience of processing systems and services; regularly testing, measuring and evaluating the effectiveness of these measures.
3.2 The administrator allows for the processing of personal data only persons authorized by the administrator who have submitted a statement on the preservation of data and the manner of their protection in confidentiality.
3.3. The administrator keeps a register of authorized persons and stores the content of the declarations.
3.4. The administrator has developed and implemented procedures that guarantee the protection of privacy at the stage of creating new projects, investments and changes in the processes conducted by the administrator with the participation of personal data.
3.5. The administrator regularly trains staff with access to data and increases their knowledge in the field of personal data security.
3.6. The administrator shall be released from liability related to the processing of the necessary personal data, if he is not responsible for the occurrence that led to the damage. In addition, the administrator is not responsible for the data stored by the user and the method of transmission between users3.7. Every data subject shall have the right to lodge a complaint with a supervisory authority,in particular in the Member State of his or her habitual residence, place of work or place ofthe alleged infringement if the data subject considers that the processing of personal datarelating to him or her infringes this Regulation.
- The right to access data
4.1. At the customer’s request, the administrator provides him with information about the method of processing his personal data and to what extent they are processed.
4.2. At the customer’s request, the administrator provides him with the first copy of his personal data free of charge. For each subsequent copy, the administrator may charge a fee in the appropriate amount.
4.3. If the request for a copy of the data has been submitted to the administrator in electronic form and the customer does not indicate otherwise – the copy is issued in the same form.
4.4. The administrator may provide a copy in a different way than chosen by the client, if it is not possible for technical reasons (e.g. due to the importance of the file in the electronic version) the administrator shall immediately notify the customer of the inability to provide a copy in the manner chosen by the customer and the proposed alternative solution.
4.5. The administrator allows the customer to immediately correct his personal data if it is incorrect or out of date, or to supplement it.
4.6. The administrator may request the client to present relevant documents to establish the legitimacy and legality of the change of personal data.
- Personal data breaches
5.1. The administrator has developed and implemented procedures for dealing with violations or suspected violations of personal data protection.
5.2. The administrator keeps a register of personal data breaches and documents all the circumstances related to the breaches.
- Consent to the processing of personal data
6.1. The person whose data is processed declares that he has read the personal data processing policy (GDPR) and agrees to the processing of his personal data.
