GDRP (Personal Data Protection)

Data protection policy of an entrepreneur Khachatur Mkrtchyan-Diacom Technology



  1. GENERAL PROVISIONS
    1. Entrepreneur Khachatur Mkrtchyan - Diacom Technology, with the registered seat at Jedová 189, Neratovice 277 11, Czech Republic, identification number 28765737, VAT number CZ7203171943 (hereinafter the “Entrepreneur”) as a data controller processes personal data of Internet visitors and users of its products and services. Simultaneously respects confidentiality of such information and also the provisions of applicable privacy laws, including but not limited to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter “GDPR”).
      This Policy regarding the processing of personal data (hereinafter the “Policy”) describes how the Entrepreneur processes your personal data in compliance with the provisions of the current laws on the protection of personal data, in particular the GDPR and the law No. 110/2019 Coll., on the processing of personal data. The Entrepreneur also assures you that it also complies with the Directive 2002/58 / EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector. This Policy applies to all personal data (hereinafter the “Personal data”) that the Entrepreneur can receive from the data subject, who is a party to a civil law contract, from a user of the Internet or software products of the Entrepreneur (hereinafter the “User”) during their use of any of the websites, services, programs, or products of the Entrepreneur, as well as from the data subject who is with the Entrepreneur in a relationship regulated by law.
    2. The Entrepreneur ensures the protection of the processed Personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the above legislation.
    3. The Entrepreneur has the right to amend this Policy. When amending the Policy, the date of the last amendment has to be indicated in the title thereof. The new version of the Policy comes into force from the moment it is posted on the Internet at https://diacom.technology (hereinafter the “website”), through the interface of the online store or in software products, unless otherwise provided by the new edition of the Policy.
  2. TERMS AND ACCEPTED ABBREVIATIONS
    1. Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data).
    2. Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with Personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal data.
    3. Automated processing of personal data – processing of Personal data using computer technology.
    4. Personal data information system (ISPD) – all the Personal data contained in databases and information technologies and technical means that ensure their processing.
    5. Personal data made publicly available by the subject of personal data – Personal data, an unlimited access to which is provided to an unlimited number of persons by the subject of Personal data or at his request.
    6. Blocking of personal data – temporary termination of the processing of Personal data (except in cases where processing is necessary to clarify Personal data).
    7. Destruction of personal data – actions due to which it becomes impossible to restore the content of Personal data in the Personal data information system and (or) due to which tangible carriers of personal data are destroyed.
    8. Website – the Entrepreneur’s online store at https://diacom.technology.
    9. Affiliate – for the purpose of this Policy means an entity which belongs to the Entrepreneur; and also, the entities which are trusted businesses or persons of the Entrepreneur who will process certain pieces of your Personal data in the course of your business relationship with Entrepreneur such as banks (e.g., for the purpose of an AML check etc.) or Google group (e.g., for your e-mail).
  3. WHY ARE WE COLLECTING AND PROCESSING DATA?
    1. The Entrepreneur collects and processes Personal data for the following reasons:
      1. when it is necessary to fulfil its agreement with you in order to provide a fully functional service and provide related content and services;
      2. when it is necessary to comply with due legal obligations (for example, obligations to retain information in accordance with tax laws);
      3. when it is necessary in order to fulfil the legitimate interests of the Entrepreneur or a third party (for example, the interests of other customers), unless such interests are outweighed by your overriding legitimate interests and rights; or
      4. when you gave your consent to this.
    2. These reasons for the collection and processing of Personal data determine and limit the types of Personal data that the Entrepreneur collects and the methods of their use, the storage periods of the data, the persons entitled to access this data, as well as what rights and other control mechanisms are available to you as a user.
  4. WHAT DATA WE COLLECT AND PROCESS
    The Entrepreneur processes the Personal data that you yourself provide.
    1. Basic credentials
      When registering an account (hereinafter “Account”) of the User, the Entrepreneur asks for your email address and country of residence. You must also choose a username and a password. The provision of such information is necessary to set up an Account and use the software and the Entrepreneur’s website. When setting up an Account, a number which is further used to refer to your Account without directly indicating your Personal data is automatically assigned.
    2. Transactions and payment details
      To complete transactions on the Entrepreneur’s website, you need to provide payment information to enable the transaction to be carried out. If you use a credit card for the payment, you need to provide the Entrepreneur with the credit card information (name, address, credit card number, expiration date and, if required, a security code) that the Entrepreneur processes and transmits to the payment processor of your choice in order to ensure the proper conduct of the transactions and perform checks under CTF and AML regulations. Likewise, the Entrepreneur will receive data from your payment system operator for the same reasons.
    3. Tracking data and cookies
      The Entrepreneur uses “cookies”, which are text files placed on your computer that help him analyse how Users use his services, and similar technologies (for example, web beacons, device identifiers, pixel tags and advertising tags) to recognize you and / or the connection of your devices when you use different devices and services. In addition, this data helps the Entrepreneur to improve the services offered, marketing, analytics or functionality of the website and software. The use of cookies is a standard practice on the Internet. While most web browsers automatically accept cookies, the final decision whether or not to accept them is yours. You can adjust your browser settings to prevent the acceptance of cookies or to receive a notification every time a cookie is sent to you. You can prevent the use of cookies by selecting the appropriate options in your web browser. However, please note that in this case you may not be able to use all the functionality of the Entrepreneur’s website.
      When you visit any of the Entrepreneur’s services, their servers log your global IP address, which is a number that is automatically assigned to the network of which your computer is a part.
    4. Information required to identify violations
      The Entrepreneur collects certain data that is necessary to detect, investigate and prevent fraud and other violations of applicable law (hereinafter “Violations”). Such data is used only for the purpose of detecting, investigating and preventing Violations and, where appropriate, taking action on such Violations, and is stored for the minimum time necessary for these purposes. If this data indicates that a Violation has occurred, the Entrepreneur will continue to store such data in order to establish, exercise or defend legal claims for the applicable limitation period or until a court decision is made. Please note that the specific data stored for this purpose will not be disclosed to you if such disclosure would jeopardize the mechanism used by the Entrepreneur to detect, investigate and prevent such Violations.
      The Entrepreneur, independently or together with other persons organizing the processing of Personal data, as well as determining the purposes of processing Personal data to be processed, actions (operations) performed with Personal data, is located at:
      In the Czech Republic:
      Jedová 189, Neratovice, 277 11, Czech Republic
  5. PROCESSING OF PERSONAL DATA
    1. Obtaining Personal data.
      1. The Entrepreneur receives all Personal data from the User himself. If the User’s Personal data can only be obtained from a third party, then the User must be notified of this or consent must be obtained from him.
      2. The Entrepreneur must inform the User about the purposes, the alleged sources and methods of obtaining Personal data, the nature of the Personal data to be received, the list of actions with Personal data, the period during which the consent is valid, and the procedure for withdrawing it, as well as the consequences of the subject’s refusal to give written consent to provide the Personal data.
      3. Documents containing Personal data are created by entering information into accounting forms.
    2. Processing of Personal data.
      1. The processing of Personal data is carried out:
        implementation of civil law relations;
        with the User’s consent to the processing of his Personal data;
        in cases when the processing of Personal data to which an unlimited number of persons have access is provided by the User or at his request.
      2. Purpose of processing Personal data:
        to communicate with the User in connection with filling out the feedback form on the website, including sending notifications, requests and information regarding the use of the store’s website, processing, coordinating orders and delivering them, executing agreements and contracts.
      3. The categories of subjects of Personal data. The Personal data of the following subjects of Personal data are processed:
        individuals who are users of the website or software products;
        individuals who are in labour relations with the Entrepreneur;
        individuals who are job candidates;
        individuals who are in civil law relations with the Entrepreneur.
      4. Personal data processed by the Entrepreneur:
        data received from users of the website or software products;
        data obtained when using the website or software products of the Entrepreneur;
        data obtained in the implementation of labour relations;
        data obtained for the selection of candidates for work;
        data obtained in the implementation of civil law relations.
      5. The processing of Personal data is carried out:
        using automation tools.
    3. Storage of Personal data.
      The Entrepreneur stores your Personal data only for the period necessary to achieve the purposes for which the collection and processing of such data is carried out, or (if the current legislation provides for a longer storage period) during the storage period required by law. After the end of this period, your Personal data is deleted, blocked or anonymized, as provided by applicable law.
      1. Personal data of Users can be obtained, undergo further processing and transferred for storage both in paper form and in electronic form.
      2. Personal data of Users, processed using automation tools for different purposes, are stored in different folders.
      3. It is not allowed to store and place documents containing Personal data in open electronic catalogues (file sharing services) in the ISPD.
      4. The storage of Personal data in a manner that makes it possible to determine the subject of Personal data is carried out no longer than the purpose of the processing thereof requires, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them.
    4. Destruction of Personal data.
      If you delete your account, your Personal data will be marked for deletion, unless legal requirements or other overriding legitimate purposes require longer storage.
      1. The destruction of documents (carriers) containing Personal data is carried out by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.
      2. Personal data on electronic media are destroyed by erasing or formatting the media.
      3. The fact of destruction of Personal data is documented by an official record on the destruction of media.
      If you exercise the right to object to the processing of your Personal data, we will consider your objection and, without undue delay, delete your Personal data processed for the purpose to which you object, if there is no other legal basis for the processing and storage of this data or the storage of this data is not required by applicable law.
    5. Transfer of Personal data.
      The Entrepreneur and his affiliates can provide each other with access to your Personal data and use it as needed to achieve goals.
      1. The Entrepreneur transfers Personal data to third parties in the following cases:
        the subject has expressed his consent to such actions;
        the transfer is provided for by applicable law within the framework of the procedure established by law.
      2. Affiliates of the Entrepreneur are.
        an entity which belongs to the Entrepreneur;
        the entities which are trusted businesses or persons of the Entrepreneur who will process certain pieces of your Personal data in the course of your business relationship with Entrepreneur such as banks (e.g., for the purpose of an AML check etc.) or Google group (e.g., for your e-mail).
  6. PROTECTION OF PERSONAL DATA
    1. Data protection laws in the European Economic Area and other territories give their citizens certain rights with respect to their Personal data. While other jurisdictions may grant less rights to their citizens, the Entrepreneur creates tools designed to enforce the rights of his customers around the world.
    2. To make it easier for you to exercise your data protection rights, the Entrepreneur provides a special section on the Entrepreneur’s technical support page (hereinafter - Privacy Protection Panel). There you can access your Personal data, correct or delete such data, if necessary, or object to their use if you feel that it is necessary.
    3. You have the following rights in relation to your Personal Data:
      1. Right of access.
        You have the right to access your Personal data stored by the Entrepreneur, i.e. the right to claim free of charge
        1) information on whether your Personal data is stored by the Entrepreneur,
        2) access and / or duplicates of stored Personal data.
        You can exercise this right to access your Personal data using the Privacy Protection Panel.
      2. Right to rectification.
        When processing your Personal data, the Entrepreneur will take appropriate measures to maintain the accuracy and relevance of your Personal data for the purposes for which it is collected. If your Personal data are inaccurate or incomplete, you can change it using the Privacy Protection Panel.
      3. Right to erasure.
        You have the right to require the Entrepreneur to delete your Personal data by deleting your Account on the Entrepreneur’s support page.
        As a result of deleting your Account, you will lose access to the Entrepreneur’s services, as well as the ability to access other services for which the Account is used.
      4. In accordance with the requirements of the regulatory documents of the Entrepreneur, a Personal data protection system (hereinafter the “PDPS”) has been created, consisting of subsystems of legal, organizational and technical protection.
      5. The subsystem of legal protection is an aggregate of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the PDPS.
      6. The organizational protection subsystem includes the organization of the control structure of the PDPS, the authorization system, information protection when working with employees, partners and third parties.
      7. The subsystem of technical protection includes a set of technical, software and hardware tools, that ensure the protection of Personal data.
      8. The main measures for the protection of Personal data used by the Entrepreneur are:
        1. Appointment of a person responsible for the processing of Personal data, who organizes the processing of Personal data, arranges training and instruction, internal control over compliance by the Entrepreneur and its Users with the requirements for the protection of Personal data.
        2. Identification of current threats to the security of Personal data during their processing in ISPD and development of measures to protect Personal data.
        3. Development of a policy regarding the processing of Personal data.
        4. Establishing rules for accessing Personal data processed in the ISPD, as well as ensuring registration and accounting of all actions performed with Personal data in the ISPD.
        5. Establishment of individual passwords for employees’ access to the information system in accordance with their production responsibilities.
        6. Application of the duly incorporated procedures for assessing the conformity of data protection means.
        7. Certified anti-virus software with regularly updated databases.
        8. Compliance with the conditions ensuring the safety of Personal data and excluding unauthorized access to them.
        9. Detection of facts of unauthorized access to Personal data and taking measures.
        10. Recovery of Personal data modified or destroyed due to unauthorized access to them.
        11. Training of the Entrepreneur’s Users who directly process Personal data on the provisions of legislation on Personal data, including the requirements for the protection of Personal data, documents defining the operator’s policy regarding the processing of Personal data, local acts on the processing of Personal data.
        12. Implementation of internal control and audit.
  7. BASIC RIGHTS OF THE PERSONAL DATA SUBJECT AND OBLIGATIONS OF THE ENTREPRENEUR
    1. Basic rights of the Personal data subject.
      1. The subject has the right to access his Personal data and the following information:
        • confirmation of the fact of processing of Personal data by the Entrepreneur;
        • legal grounds and purposes for processing Personal data;
        • the purposes and methods of processing Personal data used by the Entrepreneur;
        • name and location of the Entrepreneur, information about persons (except for the Entrepreneur's Users) who have access to Personal data or who may be disclosed on the basis of an agreement with the Entrepreneur or on the basis of law;
        • terms of processing Personal data, including the terms of their storage;
        • the procedure for the exercise by the subject of Personal data of the rights provided by law;
        • name or surname, first name and address of the person who processes Personal data on behalf of the Entrepreneur, if the processing is entrusted or will be entrusted to such a person;
        • contacting the Entrepreneur and sending him requests;
        • appeal against actions or omissions of the Entrepreneur.
    2. Obligations of the Entrepreneur.
      1. The entrepreneur is obliged to:
        • provide information on the processing of Personal data when collecting Personal data;
        • in cases where the Personal data was not obtained from the subject of Personal data, notify the subject;
        • in case of refusal to provide Personal data to the subject, the consequences of such refusal are explained;
        • publish or otherwise provide unrestricted access to the document that defines its policy in relation to the processing of Personal data, to information about the implemented requirements for the protection of Personal data;
        • take the necessary legal, organizational and technical measures or ensure their adoption to protect Personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of Personal data, as well as from other illegal actions in relation to Personal data;
        • provide answers to inquiries and requests from subjects of Personal data, their representatives and the authorized body for the protection of the rights of subjects of Personal data.
  8. CONTACT INFORMATION
    1. Email: info@diacom.email