Rules for processing personal data

  1. General provisions
    • 1.1 this document sets out the vinalfa.com Policy (hereinafter referred to as the Site) regarding the processing of personal data and sets out the basic principles applicable to the processing of personal data on the Site.
    • 1.2 this Policy applies to all transactions made on the Site with or without the use of automation tools.
    • 1.3 this Policy is mandatory for all persons authorized to process personal data on the Site and persons participating in the organization of processes of processing and ensuring the security of personal data on the Site
    • 1.4 this Policy is subject to update in the event of a change in the law on personal data.
  2. Introduction
    • 2.1 the site is a personal data operator.
    • 2.2 an important condition for the realization of the goals of the site's activity is to ensure the protection of the rights and freedoms of the subject of personal data in the processing of his personal data.
    • 2.3 the site has developed and implemented documents that establish procedures for processing and securing personal data that ensure compliance.
  3. The principles and conditions of processing personal data on the site
    • 3.1 the Site, as an operator, processes the following personal data:
      • potential, existing clients and their representatives – in the composition and in the time required for interaction with potential and existing clients, with the consent of the subjects of personal data;
      • persons receiving income, but not in labor relations with the official representative of the site, in the composition and within the time-frame necessary for the achievement of the goals stipulated by the legislation, the implementation and fulfillment of the functions, powers and duties entrusted by the legislation;
      • partners and their representatives – in the composition and in the time required for interaction with partners, with the consent of the subjects of personal data;
      • persons receiving income, but not in labor relations with the official representative of the site, in the composition and within the time-frame necessary for the achievement of the goals stipulated by the legislation, the implementation and fulfillment of the functions, powers and duties entrusted by the legislation;
      • representatives of foreign subsidiaries and affiliates – for the exercise of the rights and legitimate interests of the operator or third parties, and for the execution of the contract to which the subject of personal data is a party.
    • 3.2 the time frame for processing personal data is determined by the following:
      • purposes for processing personal data;
      • terms of validity of contracts with subjects of personal data and consent of subjects of personal data to processing of their personal data;
    • 3.3 the Site processes personal data in a legal and fair manner.
    • 3.4 the processing of personal data shall ensure that it is accurate, sufficient and, where necessary, relevant to the purposes of processing personal data.
    • 3.5 the Site does not disclose or distribute personal data to third parties without the subject's consent (unless otherwise required by law).
    • 3.6 the Site processes special categories of personal data of persons connected with accidents, employees and expats (health data within the framework of labor relations). In doing so, the Site fulfills the requirements for processing special categories of personal data, as provided by law.
    • 3.7 the site does not process biometric personal data.
    • 3.8 the Site does not make decisions that generate legal consequences for the subject of personal data or otherwise affect his or her rights and legitimate interests on the basis of exclusively automated processing of personal data.
    • 3.9 the Site assigns the processing of personal data to another person. In doing so, the Site complies with the requirements of the order for processing personal data provided by law.
    • 3.10 the Site processes personal data using automation and without their use. In doing so, the Site fulfills the requirements for automated and non-automated processing of personal data, as stipulated by law.
  4. Rights of subjects of personal data processed on the site
    • 4.1 the subject of personal data has the right to receive information concerning the processing of his personal data. To receive the specified information, the subject of personal data can send a written request to the address: info@vinalfa.com.
  5. Performance of the Operator's duties by the Site
    • 5.1 the Site receives personal data from the subjects of personal data and from third parties (persons who are not subjects of personal data). In doing so, the Site fulfills the obligations stipulated by law in the collection of personal data.
    • 5.2 the Site stops processing personal data if:
      • when the terms of termination of processing of personal data are reached or after the specified deadlines have expired;
      • objectives or if the need to achieve those objectives is lost;
      • at the request of the subject of personal data, if the personal data processed on the site is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
      • if the processing of personal data is not lawful, and it is not possible to ensure that the processing of personal data is lawful;
      • In the event that the subject of personal data has withdrawn the consent to the processing of his personal data or the expiration of such consent (if the personal data is processed by the Site solely on the basis of the consent of the subject of personal data);
      • In case of site liquidation.
    • 5.3 the following measures have been taken to ensure the fulfillment of the duties prescribed by law:
      • the person responsible for the organization of the processing of personal data has been appointed.
      • local acts on the processing and security of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the law, eliminating the consequences of such violations: Privacy Policy; this Policy; other local regulations on the processing and security of personal data;
      • legal, organizational and technical measures to ensure the security of personal data are applied;
      • Internal control of the compliance of processing of personal data with the requirements of the law, this policy, local acts on the site;
      • An assessment of the harm that can be caused to the subjects of personal data in case of violation of the requirements of the law on personal data, the ratio of the said harm and the measures taken by the site aimed at ensuring the fulfillment of the duties stipulated by the requirements of the law;
      • The site employees who directly process personal data are familiar with the provisions of the law.
    • 5.4 the following requirements for the protection of personal data are implemented on the site:
      • the protection of personal data carriers is implemented;
      • The site administration approved a document defining the list of persons whose access to personal data processed in the information system is necessary for the performance of their official (labor) duties;
      • information security tools that have passed the information security compliance assessment process