1.1. This document defines the Policy of the Website Administrator escorteurogirls.de (the "Website") regarding the processing of personal data and the implementation of personal data protection requirements (the "Policy") in accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals in relation to the processing of personal data and the free movement of such data, known as the "General Data Protection Regulation," hereinafter referred to as the "GDPR."
We assure you that your personal data is handled with due care in accordance with applicable law. Your personal data is protected as much as possible based on the technical level of resources available. Our company has strict rules governing what personal data can be processed and under what conditions.
1.2 The following basic concepts are used in this Policy:
- personal data is any information relating to a directly or indirectly identified or identifiable natural person (personal data subject);
- personal data operator (operator) is a person who is the Website Administrator, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
- processing of personal data is any action (operation) or a set of actions (operations) performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data;
- automated processing of personal is processing of personal data by means of computer technology;
- dissemination of personal data means actions aimed at disclosure of personal data to an indeterminate circle of persons;
- provision of personal data means actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
- blocking of personal data means temporary termination of processing of personal data (except for cases when processing is necessary for clarification of personal data);
- destruction of personal data means actions that make it impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed;
- the depersonalisation of personal data means actions that make it impossible, without the use of additional information, to determine which personal data belongs to a specific personal data subject;
- personal data information system is a set of personal data contained in databases and providing their processing of information technologies and technical means;
- cross-border transfer of personal data means transfer of personal data to the territory of a foreign state to a foreign authority, a foreign natural person or a foreign legal entity;
- personal data subject is an individual to whom personal data is directly or indirectly related.
Principles of personal data processing by the Administrator
2.1 The processing of personal data is carried out on a legal and fair basis.
2.2 Processing of personal data shall be limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection shall not be permitted.
2.3 Databases containing personal data whose processing is incompatible with one another may not be merged.
2.4 Only personal data that meet the purposes of its processing can be processed.
2.5 The content and amount of personal data processed corresponds to the stated purposes of processing and is not excessive in relation to the stated purposes of processing.
2.6 The processing of personal data ensures the accuracy of personal data, its sufficiency and, where necessary, its relevance to the purposes of processing personal data. Necessary measures shall be taken to remove or clarify incomplete or inaccurate data.
2.7 Personal data shall be stored in a form that allows the identification of the subject of personal data no longer than is required by the purpose of the processing of personal data, if the period of retention of personal data is not established by law, by agreement to which, the beneficiary or guarantor for which is the subject of personal data. Processed personal data shall be destroyed or depersonalized after processing or when processing is no longer necessary, unless otherwise stipulated by law.
2.8 Personal data are stored from the moment of registration of the User and granting of consent to processing of the data until the moment of deletion of the personal page or until the withdrawal of consent to the use of personal data.
Legal basis for processing personal data:
3.1 Processing of personal data by the Administrator is carried out on the basis of international laws and normative legal acts adopted on the basis of them, regulating the relations related to the activities of the operator, contracts concluded between the operator and the subject of personal data, consent to the processing of personal data (“GDRP”).
Purposes of personal data processing:
4.1 The administrator shall only collect, store and process personal data that is necessary for the provision of services and for the performance of his activities, as well as to ensure the rights and legitimate interests of third parties, provided that the rights of the subject of personal data are not violated thereby.
4.2 Personal data of a subject of personal data may be processed by the Administrator for the following purposes:
4.2.1 To identify the subject of personal data;
4.2.2 For communication with the subject of personal data in case when it is necessary, including for sending notifications, requests and information related to the provision of services, as well as for processing enquiries and applications from subjects of personal data;
4.2.3 For conducting statistical and other research based on anonymised data;
4.2.4 To enable users of the Website to interact with each other.
4.3 The Administrator does not process special categories of personal data relating to race, ethnicity, political views, religious beliefs, health status, as well as biometric personal data.
Composition of personal data:
5.1 Personal data of the personal data subject (the Contractor or the Client) in accordance with the User Agreements with the Administrator is the information necessary for the Administrator to fulfill its obligations under the contractual relationship with the personal data subject and to comply with international legislation in the field of personal data protection.
5.2 The operator processes information provided by personal data subjects in accordance with the User Agreements of the Website. This information includes facts about the features of the physical appearance of personal data subjects, their territory of origin, photographs, as well as other data specified in the User Agreements of the Website.
Processing of personal data:
6.1 Processing of personal data of personal data subjects by the Administrator is carried out in order to ensure compliance with laws and other international regulatory legal acts, to enable users of the Website to take full advantage of its functional features.
6.2 The processing of personal data is carried out by the Administrator with the consent of the subjects of personal data obtained as a result of the accession of subjects of personal data using a simple digital signature, as with the use of automation tools, and without the use of such means.
6.3 The administrator shall not provide or disclose information containing personal data of the personal data subjects to any third party without the written consent of the personal data subject, except in cases where this is necessary to prevent a threat to life or health, as well as in cases established by current international legislation in the field of personal data protection and the GDPR.
6.4 At the motivated request of the authorized body and solely within the framework of the implementation of the current international legislation, personal data of the subject can be transferred to this authorized body without his consent.
6.5 In case of obtaining consent to the processing of personal data from a representative of the subject of personal data, the authority of that representative to give consent on behalf of the subject of personal data shall be verified by the Administrator.
6.6 In cases where the subject of personal data withdraws his consent to the processing of personal data, the Administrator has the right to continue processing personal data without the consent of the subject if there are grounds specified in the current international legislation and GDPR.
6.7 The destruction of documents containing personal data shall be carried out in any manner that excludes the possibility of access by unauthorized persons to the materials being destroyed and the possibility of their text retrieval.
6.8 The dissemination of personal data is carried out with the prior written consent of the subject of personal data. The consent of the personal data subject may be signed by a simple electronic digital signature representing a unique combination of the personal data subject's login and password for the Website.
6.9 The operator shall process and store personal data in a form that makes it possible to identify the subject of personal data no longer than the purpose of personal data processing requires, unless the storage period of personal data is prescribed by law or a separate agreement.
6.10 A condition for the termination of personal data processing along with those specified in this Agreement is the expiry or withdrawal of the personal data subject's consent to the processing of their personal data, as well as the discovery of unlawful processing of personal data.
Rights of subjects of personal data
7.1 Information relating to personal data, which has become known in connection with the provision of services by the Service Administrator, is confidential information and is protected by current international legislation and GDPR.
7.2 Persons who have gained access to the processed personal data have signed an obligation not to disclose confidential information, and also have been warned of possible disciplinary, administrative, civil and criminal liability in case of violation of the norms and requirements of the current international legislation in the field of personal data protection.
7.3 Persons who have gained access to the processed personal data shall not have right to disclose the personal data of a personal data subject to a third party without the written consent of such subject, except in cases where this is necessary in order to prevent a threat to the life and health of the subject of personal data, as well as in cases established by current international legislation and GDPR.
7.4 Persons who have gained access to personal data undertake not to share personal data for commercial purposes without the written consent of the personal data subject. The processing of personal data of personal data subjects for the purpose of promoting goods, works or services on the market through direct contact with a potential consumer by means of communication is permitted only with the prior consent of the subjects.
Rights of subjects of personal data:
8.1 The subject of personal data shall, in accordance with Article 13, Article 14 and Article 15 of the GDPR, have the right to receive information relating to the processing of his or her personal data, including information containing:
8.1.1 confirmation of the processing of personal data by the Administrator;
8.1.2 legal grounds and purposes of personal data processing;
8.1.3 purposes and methods of personal data processing used by the Administrator;
8.1.4 the processed personal data relating to the personal data subject concerned, the source of such data, unless another procedure for the provision of such data is provided for under international law;
8.1.5 the time limits for processing personal data, including the time limits for its retention;
8.1.6 information on the cross-border transfer of data that has taken place or is suspected to have taken place;
8.1.7 other information as required by international legal acts and the GDPR.
8.2 In accordance with Articles 16 and 17 of the GDPR, the subject of personal data has the right to request that the Administrator clarify, block or delete personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and to take statutory measures to protect his or her rights.
8.3 If the personal data subject considers that the Administrator processes his personal data in violation of the requirements of international legislation in the field of personal data protection or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal against the actions or inaction of the Administrator to the body for the protection of the rights of subjects of personal data or in court.
8.4 The subject of personal data has the right to protection of his or her rights and legitimate interests, including compensation for damages and/or compensation for moral harm in a court of law.
8.5 The subject of personal data has the right to withdraw consent to the processing of personal data. Revocation of consent shall not affect the validity of processing based on consent prior to withdrawal of consent. In order to exercise the right to withdraw consent to the processing of personal data mentioned in this paragraph, the subject of personal data shall apply to the withdrawal of said consent to the operator’s e-mail: [email protected].
Measures aimed at ensuring the implementation of international legislation in the field of personal data protection:
9.1 Legal, organizational and technical measures stipulated by the relevant regulations shall be applied to ensure security of personal data during its processing in the Administrator's personal data information systems.
9.2 The processing of personal data carried out without the use of automation shall comply with the requirements established by current legislation.
9.3 The administrator is responsible for breach of obligations to ensure the security and confidentiality of personal data while processing in accordance with international law.
9.4 In order to ensure unlimited access to the Administrator's Policy regarding the processing of personal data and information on the measures taken to protect personal data, the text of this Policy is published on the Administrator's official website escorteurogirls.de.