I. GENERAL PROVISIONS
1.1. This Policy sets out the procedure for the processing and protection of information about users of the websites www.hiper-it.com, www.hiper-it.de, checkup.hiper-it.com, checkup.hiper-it.de (hereinafter referred to as the “Website”), owned by BPS International GmbH, address: Wilhelmine-Reichard-Str. 26, 80935, Munich, Germany (hereinafter referred to as the “Company”), including the procedure for processing and protecting personal data of users that the Company may receive while they use the Website, programs and products of the Website. In accordance with this Policy, the Company ensures compliance with the requirements for protecting the rights of personal data subjects when processing personal data.
1.3. The Company works exclusively with legal entities. Information about legal entities received by the Company through the Website is not considered as personal data. In case of receiving personal data of individuals from users, the data processing will be carried out in accordance with this Policy.
1.4. The Company takes into account the provisions of the General Data Protection Regulation (Regulation of the European Union No. 2016/679, adopted on April 27, 2016, entered into force on May 25, 2018, hereinafter referred to as the “GDPR”), as well as the provisions of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ “On Personal Data” in applicable cases.
1.5. The data provided by the users to the Company may be processed in countries outside the Russian Federation, including the following countries: Germany, the Netherlands, France, Great Britain, Switzerland, Spain, Italy. Based on the general business practice of the Company, the data received from users in the European Union (hereinafter referred to as the “EU”) are processed on servers located in the EU and Russia.
2.1. For the purposes of this Policy, the following basic terms are used:
website – a complex of software and hardware for electronic computing machines, providing the publication of data on the Internet for public inspection. The website is accessible by its unique electronic address or letter identification. It may contain graphic, text, audio, video, and other information reproduced by a computer.
controller – a legal entity or a natural person, independently or together with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) to be performed with personal data;
personal data – any information relating directly or indirectly to a specific or identifiable individual (personal data subject);
personal data subject – an individual who is a user of the Website, i.e. possesses access to the Website via the Internet and uses the Website;
processing of personal data – any action (operation) or a set of actions (operations) performed with personal data using automation tools or without using such tools, including collection, recording, systematization, structuring, accumulation, storage, adaptation / clarification / change, downloading, viewing, using, disclosing by means of transfer, distributing or other type of access providing, matching or combining, reducing, deleting or destroying;
confidentiality of personal data – a mandatory requirement for the controller or other person who has gained access to personal data to prevent their dissemination without the consent of the personal data subject or without other legal basis;
dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
use of personal data – actions (operations) with personal data performed by the controller in order to make decisions or perform other actions that generate legal consequences in relation to the personal data subject or other persons, or otherwise affect the rights and freedoms of the personal data subject or other persons;
destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which tangible media of personal data are destroyed;
depersonalization of personal data – actions as a result of which it becomes impossible to determine the ownership of personal data by a specific personal data subject without using additional information;
blocking of personal data – temporary termination of the processing of personal data (except for cases when processing is necessary to clarify personal data);
publicly available personal data – personal data with access of an unlimited number of persons which is provided by the personal data subject either at his/her request, or which, in accordance with the relevant applicable legal acts, is not subject to the requirement of confidentiality, including personal data obtained from a publicly available source.
III. COMPOSITION OF THE USER’S PERSONAL DATA
3.1. The composition of personal data that may be received by the Company:
Data independently provided by the user:
– full name;
– the name of the company in which the user works or on behalf of which the user acts;
– contact information, including phone numbers, e-mail address.
Data collected automatically:
– IP address, cookie data;
– information about the user’s browser, technical characteristics of the hardware and software used by the user;
– the date and time of access to the Website, the addresses of the requested pages and other similar information.
The processing of automatically collected data does not lead to the identification of the Website user.
Cookies are small pieces of data stored by the user’s browser on the hard drive of his/her computer, that are necessary to use the Website. The Company works with cookies to better understand how the Website is used and to improve navigation. Cookies help determine, for example, whether a particular page of the Website has been viewed. Cookies can also determine if the user is visiting the Website for the first time or if he/she has already visited it before. The cookies stored by the Company do not contain any personal data and do not collect personally identifiable information in any other way. If the user does not want to receive cookies, he/she needs to configure his Internet browser so as to delete all cookies from his computer hard drive, block cookies or receive a warning before storing cookies.
3.3. Personal data as specified in clause 3.1. of the Policy can be processed in order to identify users, provide the user with personalized services and content, improve the quality of the Website and provide services, establish feedback with the user, including sending notifications, requests regarding the use of the Website, processing requests and inquiries from the user, conducting statistical, marketing and other research on the basis of anonymized personal data.
3.4. The processing of personal data of users is carried out with their consent. The user who provides personal data in order to gain access to the services of the Company, thereby expresses his/her full consent to the automated processing and use of his personal data and to the one without the use of automation tools, as well as to transfer them to third parties, including for purposes of personal data processing.
IV. CONFIDENTIALITY OF USER INFORMATION
4.2. All confidentiality measures while collecting, processing and storing information and personal data of users apply to both paper and electronic (digital) information carriers.
4.3. If the Company, on the basis of a contract, entrusts the processing of information and personal data to another person, an essential condition of the contract is the obligation to ensure the confidentiality of personal data and the security of personal data during their processing by the said person.
4.4. The transfer of information and personal data to third parties is carried out by the Company only on the basis of an appropriate agreement, an essential condition of which is the obligation of the third party to ensure the confidentiality of information and personal data and their security during processing.
This provision does not apply in case of depersonalization of personal data and in relation to publicly available personal data.
V. PROCESSING OF PERSONAL DATA
5.1. The processing of the user’s personal data is carried out exactly as much as it is necessary to fulfill the relevant purposes for which the data were obtained, or as required in accordance with the applicable law, in any legal way, including in personal data information systems using automation tools or without using such media.
5.2. The processing of personal data is carried out by the Company solely to achieve the goals defined by this Policy.
5.3. Only employees of the Company, whose job duties are directly related to access and work with the user’s personal data, can have access to the processing of the user’s personal data.
5.4. In the event of an appropriate request from the personal data subject, the Company is obliged to make the necessary changes, delete or restrict the processing of the relevant personal data upon the provision by the personal data subject of information confirming that the personal data that relate to the relevant subject and which are processed by the controller are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of the processing. The Company is obliged to notify the personal data subject and third parties to whom the personal data of this subject were transferred about the changes made and the measures taken.
5.5. The Company protects the user’s personal data from their misuse or loss at its own expense.
5.6. The Company does not make decisions based solely on automated processing of the user’s personal data and does not process special categories of personal data.
VI. RIGHTS OF THE PERSONAL DATA SUBJECT
6.1. The personal data subject has the right to receive information about: (1) the purposes for which his/her personal data are processed; (2) the categories of personal data that are processed; (3) the recipients or categories of recipients to whom personal data concerning the personal data subject were (or will be) disclosed; (4) the planned period of storage of personal data concerning the data subject, or, if it is not possible to provide accurate data about this, the criteria by which the duration of storage is set up; (5) the existence of the right to rectification or deletion of personal data concerning the personal data subject, the right to restrict the processing by the controller of personal data, or the right to object to such processing; (6) the existence of a right to appeal to a supervisory authority; (7) other information provided for by applicable legal acts.
6.2. The personal data subject has the right to make corrections and / or additions if the processed personal data concerning the personal data subject is incorrect or incomplete. The controller of personal data is obliged to immediately make corrections.
6.3. The personal data subject has the right to delete personal data:
The personal data subject can demand that the controller immediately deletes personal data concerning the data subject, and the controller is obliged to immediately delete these data, in particular in the following cases:
(1) The personal data concerning the data subject are no longer required for the purposes for which they were collected or processed in any other way.
(2) The personal data subject revokes his consent, which is the basis for the processing of personal data, while there is no other legal basis for processing.
(3) The processing of the user’s personal data was carried out illegitimately.
(4) Occurrence of other circumstances provided for by the GDPR.
If the controller of personal data discloses personal data concerning the data subject, and he/she is obliged to delete them, he/she must also take, as far as possible, the necessary measures to inform other controllers who process personal data that the personal data subject has requested from them to remove all links to personal data (or copies and repetitions of these personal data).
In cases foreseen by the GDPR, there may be no right to erasure.
6.4. The personal data subject has the right to restrict processing: The personal data subject may request to restrict the processing of his/her personal data, in particular, under the following conditions:
(1) if the personal data subject disputes the correctness of his/her personal data; the processing will be then restricted for the time during which the controller can check the correctness of the personal data;
(2) the processing is illegitimate and the personal data subject refuses to delete the personal data, demanding instead to restrict the use of personal data;
(3) Occurrence of other circumstances provided for by the GDPR.
6.5. The personal data subject has the right to data portability, the right to withdraw a statement of consent to the processing of personal data in accordance with the GDPR.
6.6. Requests from the personal data subject to the Company, including requests regarding the use of personal data, revocation of consent to the processing of personal data, can be sent to the e-mail address indicated in the contact information section of the Website.
6.7. The personal data subject has the right to appeal against the actions or omissions of the controller to the supervisory authority, in particular, in the EU Member State in which his place of residence, place of work or place of alleged violation is located, if he/she believes that the processing of personal data is a violation of the GDPR requirements, or to appeal against these actions or omissions in a judicial procedure.
6.8. The personal data subject has the right to protect in court his/her rights and legitimate interests, including compensation for damages and compensation for moral damage. 6.9. Access for the data subject to his/her personal data is provided upon personal contact or upon receipt of a written request by the controller. The controller is obliged to inform the personal data subject about the availability of personal data about him/her, as well as to provide the opportunity to familiarize him/her with them when the data subject applies or within one month from the date of receipt of the request from the personal data subject.
VII. PROTECTION OF PERSONAL DATA OF USERS
7.1. When processing personal data of users, the controller is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them, from destruction, alteration, blocking, copying, distribution of personal data, as well as from other illegal actions.
VIII. DISPUTE RESOLUTION
8.1. Before going to court with a claim for disputes arising from the relationship between the user of the Website and the Company, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute). 8.2. The recipient of the claim within 30 (thirty) calendar days from the date of receipt of the claim shall notify the applicant of the claim in writing about the results of the consideration of the claim.
IX. ADDITIONAL PROVISIONS