1.1. The personal data processing policy (hereinafter referred to as the “Policy”) has been issued and applied by ROWLING LIMITED.
1.2. ROWLING LIMITED shall be a Personal Data Controller.
1.3. Information about the Controller: ROWLING LIMITED, a company incorporated and existing under the laws of Cyprus with the registration number HE 238010 and the registration date 12.09.2008, registered at Agias Fylaxeos 118, CHRISTABEL HOUSE, 3087, Limassol, Cyprus.
2. PRINCIPAL PROVISIONS
2.1. The purpose of processing personal data shall be:
- acquisition by the Controller of works and/or services from the personal data owner, which he/she/it has the right to perform and/or provide by registering on the Controller’s website https://www.arbonum.com, subject to the conditions of clause 2.7. hereof;
- personal data owner shall not have the right to register and provide his/her/its personal data if he/she/it does not intend to perform work or provide services to the Controller.
2.2. The Controller shall process the data on the following basis:
- legality of the purposes and methods of personal data processing, good business practice and fairness of the Controller’s activities;
- processing only those personal data that meet the purposes of processing thereof.
- accuracy and, if necessary, updating.
- storing personal data in a form that makes it possible to identify data owners no longer than it is necessary for the purposes for which these data are processed.
2.3. The Controller shall process the following personal data:
- name and surname of the personal data owner;
- e-mail of the personal data owner;
- personal data specified in clause 2.12.1. hereof.
2.4. When processing personal data, the Controller shall take legal, organizational, and technical measures to ensure the security of personal data. In its activities, the Controller shall use SSL certificates, as well as HTTPS security extensions to the HTTP protocol in order to enhance the security of the Controller’s website data.
2.5. The Controller shall not disclose personal data to third parties and not distribute personal data without the consent of the personal data owner, except as provided by law and this Policy.
2.6. The Controller shall take into account the harm and damage that can be caused to personal data and take all measures that are required of the Controller and protect the personal data of their owners.
2.7. Personal data shall be processed by the Controller after the complete consent of the personal data owner with the service agreement and work agreement.
2.8. The Controller shall immediately cease processing personal data if the purpose for which the personal data were provided is achieved and the personal data owner does not intend to continue providing work and services to the Controller.
2.9. The Controller shall immediately cease processing personal data if the personal data owner has contacted the Controller with a request to stop processing.
3.1. A company incorporated under the laws of Cyprus, SUMSUB LTD, location: Archiepiskopou Leontiou, 23, office 201, Egkomi, 2407, Nicosia, Cyprus, shall be the Processor in relation to the Controller, which, on behalf of the Controller, shall provide the “data verification” service. (https://sumsub.com/). The Controller shall bear the risk to its customers for the work and services of the personal data owners. To prevent material losses of the Controller, the Controller shall make sure that the personal data owners do not violate the law and can provide services and perform work.
3.2. Hosting and dedicated server shall be provided by Amazon (https://aws.amazon.com/ru).
4. EXERCISE OF RIGHTS OF PERSONAL DATA OWNERS
4.1. The Controller shall take appropriate measures to provide the personal data owner with any information referred to in Articles 13 and 14 of the GDPR and to communicate with the owner regarding data processing in accordance with Articles 15 – 22 and 34 of the GDPR in a concise, transparent, understandable and easily accessible form, using clear and simple language. Information shall be provided in writing or by other means, including, if necessary, by electronic means. At the request of the data owner, information may be provided verbally, provided that the identity of the data owner is verified by other means.
4.2 The Controller shall assist the personal data owner in the exercise of the rights vested in him/her/it in accordance with Articles 15 – 22 of the GDPR. In the cases referred to in Article 11(2) of the GDPR, the Controller shall not dismiss the request of the personal data owner to exercise his/her/its rights in accordance with Articles 15 – 22, unless the Controller proves that it is unable to identify the personal data owner.
4.3. Without undue delay and in any case within one month from the receipt of the request, the Controller shall provide the personal data owner with information on the measures taken in connection with the request based on Articles 15 – 22 of the GDRP. If necessary, this period can be extended for another two months due to the complexity or the number of requests. Within one month from the date of receipt of the request, the Controller shall inform the data owner of such an extension of term, indicating the reasons for the delay. If the personal data owner has sent his/her/its request in electronic form, the information shall also be provided in electronic form, as far as possible, unless the personal data owner has requested a different form.
For contact: firstname.lastname@example.org