PREAMBLE

Voxtron Design, as a personal data administrator, collects and processes certain information about individuals.

This information may refer to employees, managers, clients, suppliers, contractors, business contacts and other individuals with whom the Administrator has a connection or wants to establish business contacts.

This privacy policy governs how personal data is collected, processed and stored to meet the standards of the Administrator's organization and is consistent with legal requirements.

I. Legal basis

This Privacy Policy ("Policy") is issued on the basis of the Personal Data Protection Act and its Amending Laws ("U.S Legislation") and the General Data Protection Regulation (US) 2016 / 679 ("GDPR")

U.S legislation and the GDPR provide rules on how organizations, Software Ltd. must collect, process and store personal data. These rules are applied by the Administrator regardless of whether it is data processed electronically, on paper or on other media.

In order for personal data to be processed in accordance with legal requirements, personal data is reasonably collected and used, stored securely and the Administrator takes the necessary measures to ensure that the processed personal data are not subject to unlawful disclosure.

The Privacy Controller is familiar with and follows the principles set forth in the GDPR:

- the personal data are processed in a lawful, conscientious and transparent manner; - personal data are collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with those purposes; - personal data is appropriate, relevant and limited to what is necessary for connection with the purposes for which it is being processed; - personal data are accurate and, if necessary, kept up-to-date; - the personal data are kept in a form that allows the persons concerned to be identified for a period no longer than is necessary for the purposes for which the personal data are processed; - personal data are processed in such a way as to ensure an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures.

II. Goals of Policy

The present Policy aims to:

- be in compliance with the applicable legislation on personal data and follow best practice; - establish the mechanisms for keeping, maintaining and protecting the accounting registers; - Establish the responsibilities of officials handling personal data and / or persons having access to personal data and working under the direction of personal data processors, their liability for non-performance of these obligations; - protect the rights of staff, clients and partners; - be discovered how to store and protect the personal data of individuals; - establish the necessary technical and organizational measures to protect personal data from unauthorized processing (accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination, and all other unlawful forms of processing of personal data); - be protected against the risk of disturbances.

III. Scope

This Policy applies to the processing of personal data of suppliers, human resources, clients and partners as described in the electronic reporting registers established in accordance with this Policy, U.S Legislation and Art. 30 of the GDPR ("Registry of Processing Activities").

IV. Collection of personal data

Categories of data and entities

"Personal Data" means any information relating to an identifiable natural person or an identifiable natural person (the "Data subject"), namely:

The administrator collects personal data with respect to the following categories of persons:

- persons representing the companies with which the Administrator has business relationships; - contact persons in companies with which the Administrator has business relationships; - persons who are interested in obtaining information services - newsletters, guides, etc .; - persons who register for the use of an online shop.

Targets of data collection

The administrator collects personal data in connection with the following purposes:

1. To carry out activities related to the concluding, existence, modification and termination of contractual relations, incl. for:

- preparation of any documents; - to establish contact with the contact person by telephone, fax or any other lawful means; - for the delivery and/or acceptance of goods / services, communication in connection with the provision and/or receipt of goods / services and the provision of related customer service; - Accounting for performance of contracts under which the Administrator is a party; - For processing of payments in connection with the contracts entered into by the Administrator; - For sending important information to entities in connection with changes to Administrator's policies, terms and policies and / or other administrative information;

2. For marketing purposes - subject to the explicit consent of the data subjects;

3. For statistical purposes.

Collect data

Data of contractors (managers, representatives and / or contact persons of the legal entity under a commercial contract)

The personal data for each person shall be provided voluntarily by the persons themselves and shall be collected by the Administrator in fulfillment of a statutory obligation in connection with the conclusion of a contract and / or fulfillment of the obligations under a contract under the provisions of the Commercial Act, the Accountancy Act, and contracts, Value Added Tax Act and others. and the terms and conditions set forth in a sales contract with the respective client through paper - written documents (including proxies, contracts, attachments, bank information, etc.), by e-mail - provided in connection with the execution of a commercial contract and/or a registration form. Individuals are notified of the provisions of this Policy in advance or at the time of receiving their details.

V. Legitimate interests pursued by the Administrator

In relation to data processing of managers and contractors:

The processing of the data is done on the grounds of a legitimate interest in connection with the conclusion, existence, modification, and termination of commercial and civil contracts in the implementation and implementation of the normative requirements of the Commercial Act, the Social Security Code, the Tax Insurance Procedure Code, , The Law on the Taxes on Income of Natural Persons, the Accountancy Law, the Law on Obligations and Contracts, etc.

VI Transparency Rights of individuals whose data is processed by the Administrator

Transparency and conditions for exercising the rights of individuals

The administrator shall provide information to the persons in a clear, transparent, comprehensible and easily accessible form, in plain and simple language.

The administrator shall endeavor to ensure that the person is aware of the personal data he processes and that the persons fully and fully understand and are informed about the processing in accordance with the requirements of the GDPR and the U.S legislation.

The controller shall provide the information to the persons in writing or otherwise, including, where appropriate, by electronic means. If the person so requested, the information may be given orally, provided that the identity of the person is proved by other means.

The administrator shall provide free of charge information to the persons concerned on the action taken in connection with a request concerning their right of access, rectification, erasure, limitation of processing, portability, objection and automated decision making without undue delay, and in any event within one month of receiving the request.

If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests. The administrator shall inform the person of any such extension within one month of receipt of the request, indicating the reasons for the delay. Where a person submits a request by electronic means, the information shall, if possible, be provided by electronic means, unless the person has requested otherwise

If the Administrator does not act on the request, the Administrator shall notify the person without delay and at the latest within one month of receipt of the request for reasons not to take action and the possibility of filing a complaint to a supervisory authority and seeking legal protection.

Where the person's claims are manifestly unfounded or excessive, in particular, because of their repeatability, the Administrator may either:

- impose a reasonable fee, taking into account the administrative costs of providing information or communication or undertaking the requested action, or - refusing to act on the request.

Right of access of the persons

Everyone has the right to receive from the Administrator a confirmation that personal data relating to him/her is being processed and, if so, to access the data and the following information:

- the purpose of the processing; - the relevant categories of personal data; - the recipients or categories of recipients to whom personal data (including third countries or international organizations) are or will be disclosed, - where possible, the period for which the data will be stored and, if that is not possible, the criteria used to determine that period; - the existence of a right to require the Administrator to correct or delete personal data or to limit the processing of personal data relating to the persons concerned or to object to such processing; - the right to complain to the Commission for the protection of personal data; - where personal data are not collected by the persons themselves, any available information on their source; - the existence of automated decision-making, incl. profiling, and at least in those cases, essential information about the logic used, as well as the meaning and foreseeable consequences of such processing for the individuals.

Where personal data is transferred to a third country or an international organization, individuals have the right to be informed of the appropriate delivery guarantees.

The administrator provides the person with a copy of the personal data that is being processed. For additional copies requested by the persons, the Administrator may impose a reasonable fee based on administrative costs. Where a person submits a request by electronic means, the information shall, if possible, be provided a widely used electronic form, unless the person has requested otherwise.

Right of rectification

Any person whose data is processed by the Administrator may request the Administrator to correct inaccurate personal data relating to him without undue delay. Given the purpose of the processing, the person has the right to supplement incomplete personal data.

Right to delete (right to be forgotten)

Any person whose data is processed by the Administrator has the right to ask the Administrator to delete the personal data related to him/her without undue delay and the Administrator has the obligation to delete personal data without undue delay when:

- personal data are no longer necessary for the purposes for which they were collected or otherwise processed; - the person withdraws his consent on which the processing of the data is based and no other legal basis for the processing; - the person objected to the processing and there are no legitimate grounds for the processing that would have an advantage; - personal data has been tampered with; - personal data must be deleted in order to comply with a legal obligation applying to the controller; - personal data were gathered in connection with the provision of information society services.

When the Administrator has made the personal data available to the public and is required under the preceding paragraph to erase personal data, he shall, taking into account available technology and enforcement costs, take reasonable steps, including technical measures, to inform the data processors that the person concerned has requested that those administrators delete all links, copies, or replies to his or her personal data.

Right to restrict processing

Any person whose data is being processed by the Administrator is entitled to require the Administrator to limit the processing when one of the following applies:

- the accuracy of personal data is disputed by the person for a period that allows the Administrator to verify the accuracy of the personal data; - processing is unlawful, but the data subject does not want the personal data to be deleted but instead requires a limitation of their use; - The controller no longer requires personal data for processing purposes but the data subject requires them to identify, exercise or protect legal claims; - the data subject has objected to the processing pending verification that the legal grounds of the Administrator have an advantage over the interests of the data subject.

Where the processing is restricted under the above paragraph, such data shall be processed, except for its storage, only with the consent of the data subject or for the establishment, exercise or protection of legal claims or for the protection of the rights of another individual or for important reasons public interest.

When a data subject has requested a limitation of processing, the Administrator shall inform him/her prior to the revocation of the processing restriction.

Obligation to notify when correcting or deleting personal data or restricting processing

The administrator shall report any correction, deletion, or limitation of processing to any recipient to whom the personal data has been disclosed unless this is impracticable or requires a disproportionate effort. The administrator shall inform the data subject about those recipients if the data subject so requests.

Right to data portability

The data subject has the right to receive the personal data that concerns him and which he has provided to the Administrator in a structured, widely used and machine-readable format, and has the right to transfer this data to another Administrator without hindrance by the Administrator when (i ) processing is based on consent in relation to certain objectives or a contractual obligation of the entity or taking pre-contract steps, and (ii) the processing is done in an automated manner

When exercising its right of portability, the data subject is entitled to receive a direct transfer of the personal data from one administrator to another where this is technically feasible.

Right of objection

The data subject is entitled, at any time and on grounds relating to his or her particular situation, to object to the processing of personal data relating to him (when processing is necessary for the performance of a public interest task or in the exercise of official authority Administrator, or processing is for the legitimate interests of the Administrator or a third party), including profiling. The administrator terminates the processing of personal data unless it can demonstrate that there are convincing legal grounds for the processing that take precedence over the interests, rights, and freedoms of the data subject or for the establishment, exercise or protection of legal claims.

When processing personal data for the purposes of direct marketing, the data subject is entitled at any time to object to the processing of personal data relating to him for this type of marketing, including profiling insofar as it relates to direct marketing. When the data subject opposes processing for direct marketing purposes, the processing of personal data for these purposes is terminated.

At the latest at the time of the first contact with the data subject, it shall be expressly informed of the existence of the right under the preceding paragraphs, which shall be presented to it in a clear and separate manner from any other information.

VII. Technical and organizational data protection measures

The protection of the data of a hard copy and an electronic medium from unauthorized access, damage, loss or destruction is ensured through a series of internal technical and organizational measures.

VIII. Violations Notification of violations

Violations

A security breach occurs when the personal data that Voxtron Design responds to are affected by a security incident that results in a violation of privacy, privacy, or integrity of personal data. In this sense, a breach of data arises when there is a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of data that is transmitted, stored or otherwise processed.

In the event of a breach of security of personal data, it should be immediately notified

Evaluation of violations

Once the respective employee of Voxtron Design has received information about a violation, it has to determine whether the particular event is a violation of personal data and notify the Administrators of the event (in case they do not know).

In the event of a personal data breach likely to pose a risk to the rights and freedoms of individuals, the Administrator (through the relevant employee), without undue delay and where feasible - no later than 72 hours after it is learned about it, informs the Commission about the protection of personal data

Where and as far as it is not possible to submit the information at the same time, the information may be submitted in stages without further unnecessary delay.

Where the personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the Administrator shall without undue delay notify the offender of the violation.

The administrator shall document any violation of personal data security, including the facts of the violation, its consequences, and the action taken to address it.

Additional provisions

This Policy is subject to affirmation and disclosure to the persons concerned by an order of the administrator of the Administrator.

The policy was effective since: 25.05.2018.

  • +92 300 435 6567
  • info@voxtrondesign.com

Get Free Consultancy