Last updated — 17th of October 2017.
1. General Provisions
1.2. For the purposes of this Policy the term Personal data shall mean any information relating to any individual and include any data related somehow to the private life of individuals taking into account current international practice on personal data protection in the countries providing an adequate protection of personal data.
1.3. Personal data related to the individual cannot be used by the Operator without the consent of the said individual (hereinafter — "the subject of personal data", "the subject") except as otherwise expressly provided in this Policy. The Operator has the right to use the personal data without consent of the subject of personal data in order to perform the contract (agreement) with the relevant subject, to fulfill lawful governmental requirements, as well as in other cases expressly permitted by applicable law.
1.4. In case this policy allows the use of personal data without consent of the subject of personal data, the Operator, if it is technically and organizationally possible, and is not prohibited by applicable law, shall notify the subject of personal data on the kind of personal data to be processed by the Operator and on the purpose of the aforesaid. In particular, when the processing of personal data is made in order to perform a contract or agreement with the subject of personal data, the Operator prior to the conclusion of the relevant contract notifies the subject of the personal data on the kind of personal data to be processed by the Operator and on the purpose of the aforesaid.
1.5. The Operator undertakes to ensure the safe processing of personal data and avoidance of unauthorized access, deletion or modification of such personal data. The said measures must comply with the existing level of technological development and shall be applied taking into account the degree of harm that may be caused to the subjects of personal data in case of unauthorized access, deletion or modification of personal data, but in any event such measures should be not lower than the requirements of the applicable legislation.
2. Personal Data
2.1. Operator collect the following personal data through its websites and applications (unless otherwise mentioned in Agreement with subject of personal data)
- e-mail addresses;
- contact details provided by individuals voluntary (including telephone numbers, skype accounts, etc.)
- any other personal data provided by the subject of personal data voluntary through website or other online-services of the Operator.
2.2. In some case some other information might be accessible to the Operator, including such information which necessary to identify payer in specific payment system, to solve claims of the subject or other entities, some other technical information, including IP and software used for access to the websites or online services. If non-personal information is combined with personal information, the combined information will also be treated as personal information for as long as it remains combined.
2.3. In most cases refuse to provide the reliable information will lead to inability to provide necessary services to the individual. But information which provided voluntary is not necessary to the Operator and refuse to provide such information will not have any consequences, but providing of such information might allow to provide services of better quality to the individual.
3. Obligations of the Operator
3.1. In order to safeguard the rights and freedoms of the individuals the Operator and its representatives must comply with the following general requirements for personal data processing:
3.1.1. The personal data can be processed solely for the purpose of performance of contracts, enforcing the laws and other regulations, as well as to comply with other legal interests of the Operator or of the subjects of personal data;
3.1.2. In determining the scope and content of the personal data, the Operator shall rely on the effective legislation;
3.1.3. As a general rule, all personal data shall be obtained from the subject of personal data. But some data might be obtained from a third parties (banks or other credit organisations, internet-providers, representatives of individuals, etc.) as long as such parties act in the interest of the subject of personal data and the subject of personal data was informed of possibility of such data will be passed to the Operator. Otherwise conditions might be stipulated in Agreements with the subject of personal data.
3.2. In case the Operator discover the fact of unauthorized access to the Personal data, the Operator shall do all practically and financially reasonable actions to notify subjects of Personal data of such unauthorized access within reasonable time.
4. Collection, Processing and Storage of Personal Data
4.1. Processing of the subject's personal data shall mean any action (operation) or a combination of actions (operations) carried out with personal data including collection, recording, systematization, accumulation, storage, adjustment (update, change), extraction, use, transfer (distribution, assignment, access), depersonalization, blocking, deletion, destruction.
4.2. Personal data is collected and processed to the extent and in manner necessary to achieve purposes of such data processing. The purpose of data processing shall be indicated to the persons before or immediately after personal data of such persons collected. In failed to do so, the purpose of data processing shall be considered solely purpose of fulfilment of the obligations of the Operator in accordance with the agreement or contract entered between the Operator and the subject. The Operator seeks the ways and methods of using only anonymous personal data to the extent and degree as necessary to obtain the purpose of such personal data processing.
4.3. When transferring personal data of the subject, the Operator must comply with the following requirements:
- not to disclose personal data to third parties without the subject's consent, except in cases established by applicable legislation;
- not to disclose personal data for commercial purposes without subject's prior consent;
- notify in advance the entity receiving subject's personal data that the data can be used only for the purposes for which it is collected, and require those persons to confirm that this rule is observed;
- grant access to personal data of the subjects only to specially authorized persons. The said persons shall be entitled to receive only the personal data of the subject that is needed for performing a specific function on behalf of Operator and with respect of the Subject's consent to process the personal data.
4.4. Transfer of personal data from the subject or his representatives to a third party may be allowed only in a manner necessary to achieve purposes of processing personal data.
5. Policy Towards Children
5.1. Operators services are not directed to individuals under 16. Any personal data of individual under 16 shall be deleted or depersonalized immediately after the age of such individual is disclosed.
6. Final Provisions
6.1. This Policy can be changed by the Operator with due to the changing requirements of the legislation and/or development of technical and organizational measures of personal data protection. The Operator shall notify about changes in this Policy by replacing the current version of this Policy on the websites of the Operator.
6.2. The questions that are not regulated by the Policy shall be resolved in accordance with the legislation of Cyprus.