Privacy Policy

PRIVACY POLICY
 
1. CONCEPTS
 
1.1. On the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive (General Data Protection Regulation).
 
1.2. Data/Personal data – any information about an identified or identifiable natural person (Data Subject); an identifiable natural person is a person whose identity can be determined directly or indirectly, in particular by an identifier such as a name, a personal identification number, location data and an Internet identifier, or by one or more of that natural person’s physical, signs of physiological, genetic, mental, economic, cultural or social identity.
 
1.3. Data Recipient – a natural or legal person, government authority, agency or other body to which Personal Data is disclosed, whether or not it is a third party.
 
1.4. Data Subject – Customer or employee of the Data Controller or any other person whose Personal Data is processed by the Data Controller.
 
1.5. Data processing – any operation or sequence of operations performed by automated or non-automated means on personal data or sets of personal data, such as collection, recording, sorting, systematization, storage, adaptation or modification, familiarization, use, disclosure by forwarding, distribution or otherwise creating the possibility of using them, as well as juxtaposition or combination with other data, restriction, deletion or destruction.
 
1.6. Data Controller – a natural or legal person, public authority, agency or other institution that processes Personal Data on behalf of the Data Controller.
 
1.7. Data controller – Solid Gold Invest LTD, legal entity code 13975220, registered address 38a Station Road West, Oxted, England, RH89EU
 
1.8. Third party – a natural or legal person, public authority, agency or other institution that is not a data subject, data controller, data processor, or persons who are allowed to process personal data by direct authorization of the data controller or data processor.
 
1.9. Customer – a person who uses the services provided by the data manager, or previously used them.
 
1.10. Consent of the data subject – any freely given, specific and unambiguous expression of the will of a properly informed data subject by means of a statement or unambiguous actions by which he agrees to the processing of personal data related to him.
 
1.11. Policy – means this Personal Data Processing Policy.
 
Other terms used in the Policy correspond to the laws on legal protection of personal data and the terms used in the Electronic Communications Act.
 
2. GENERAL PROVISIONS
 
2.1. The Data Controller collects certain Personal Data for administrative and direct marketing purposes, to conduct its business and to fulfill legal obligations. The Data Controller is responsible for processing your Personal Data under the conditions specified in this Policy.
 
2.2. In this Policy, we explain what Personal Data we collect, how we process and store it, while providing the goods and services we offer. This includes information collected off-line in physical stores or received in the course of providing services to Customers and online through the website www.solidgoldshop.com (hereinafter referred to as the Websites).
 
2.3. This Policy also applies to our targeted content, including online offers and advertisements for products and services that you may see on third-party websites, platforms and apps (“Third Party Sites”) while browsing the Internet. Please note that these Third Party websites may have their own separate privacy policies and terms. Please read them before using these Third Party Sites.
 
2.4. Before starting to use our websites, you must carefully read and familiarize yourself with this Policy. By using the services provided by the Data Controller, you confirm that you agree to comply with this Policy.
 
2.5. The data subject has no right to use the Internet sites if he is not familiar with the Policy and/or does not agree with it. In cases where the data subject does not agree with the policy, or a certain part of it, he must not use the Internet sites. Otherwise, it is considered that the customer has familiarized himself with and unconditionally agreed to the policy.
 
2.6. Third-party services, such as those of the social network Facebook, may be subject to third-party terms and conditions. For example, Facebook has a data policy for all its users and visitors. Therefore, when using the services of such third parties, it is recommended to familiarize yourself with their applicable terms.
 
2.7. The data controller ensures that it complies with the following fundamental principles of data protection:
 
2.7.1. Personal data must be processed in a legal, fair and transparent manner in relation to the data subject (principle of legality, fairness and transparency);
 
2.7.2. Personal data must be collected for established, clearly defined and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing of data for archiving purposes, in the public interest, for scientific or historical research purposes, or for statistical purposes, is not considered incompatible with the original purposes (principle of purpose limitation);
 
2.7.3. Personal data must be adequate, appropriate and only necessary to achieve the purposes for which they are processed (principle of reducing the amount of data);
 
2.7.4. Personal data must be accurate and updated when necessary; all reasonable measures must be taken to ensure that personal data that are not accurate, taking into account the purposes of their processing, are immediately deleted or corrected (principle of accuracy);
 
2.7.5. Personal data must be kept in such a form that the identity of the Data subjects can be determined for no longer than is necessary for the purposes for which the personal data is processed; Personal data can be stored for longer periods if personal data will be processed only for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes, after implementing the appropriate technical and organizational measures required by this regulation in order to protect the rights and freedoms of the Data Subject ( the principle of storage duration limitation).
 
2.7.6. Personal data must be processed in such a way that appropriate technical or organizational measures are used to ensure adequate security of Personal data, including protection against unauthorized or illegal processing of Data and against accidental loss, destruction or damage (principle of integrity and confidentiality).
 
2.7.7. The data controller is responsible for ensuring that the above principles are followed and must be able to demonstrate that they are followed (principle of accountability).
 
2.8. Data is processed after proper notification of the Data Subjects.
 
2.9. Data is stored for the periods specified in this Policy for each type of Personal Data. Storage is carried out in accordance with the procedures provided for in Section 4 of the Policy.
 
2.10. The Data Controller’s access rights to the Data are terminated upon termination of the Personal Data Processing Agreement concluded with the Data Controller, or when this Agreement ceases to be valid.
 
2.11. Data is transferred to Data Processors and Data Recipients when the right and/or obligation to do so is provided by legal acts on the appropriate grounds.
 
2.12. Personal data may be submitted by the Data Controller to a pre-trial investigation institution, prosecutor or court for administrative, civil, criminal cases, as evidence or in other cases established by law.
 
3. METHODS OF COLLECTION OF PERSONAL DATA
 
3.1. We collect your personal information directly online, such as when you provide us with your personal information, register as a Customer on our websites or participate in our loyalty programs, register for prize sweepstakes, games and contests, subscribe to our newsletter, receive information or electronic communications, from by purchasing our products and services, completing questionnaires, commenting, making inquiries or contacting our Customer Service.
 
3.2. When you provide us with your Personal Data, we process it for the purposes and in the manner defined in this Policy. If you do not want us to process your Personal Data in this way, please do not submit them to us.
 
3.3. We may also receive your personal data from other sources, including commercial sector data sources such as public databases and data aggregators and information from third parties. If you do not want us to receive personal data from other sources, please indicate your needs to the relevant sources.
 
3.4. We process your Personal Data in order to provide you with services as explained below. In specific cases, we can process your personal data only after receiving your consent, for example, usually when we process your personal data for trading purposes, you can change our location data. In other cases, we may be guided by another legal basis for the processing of your personal data, e.g. to fulfill an agreement with you or to have other legitimate interests, e.g. to prevent crime.
 
3.5. If you become a member of one of our loyalty programs, we may consider this as consent that you want us to process your personal data for marketing purposes. You can receive these sales communications at any time and this will not affect your participation in the loyalty program and its benefits.
 
3.6. When processing your personal data with your consent, we ask for your consent for a specific purpose of data processing. We will also ask for your consent if we need your personal data for other purposes not specified in this Policy.
 
3.7. Please see the table in section 4.1 for more information about the personal data we may collect, the purposes for which we collect it and the legal basis for processing this data.
 
3.8. Our Websites are intended for adults, but there may be cases where some Customers who are under 16 (sixteen) years of age view or purchase products on our Websites. If we know that Customers are under 16 (sixteen) years of age, we do not use such Customer’s personal data for marketing purposes, except in cases where we obtain their parents’ consent.
 
3.9. Withhold your consent to the use of your data by asking your parent or guardian as set out in section 12.
 
3.10. In certain cases, based on your actions, we will assume that you have obtained parental consent. We then reserve the right to decide whether you will receive our marketing communications until you reach the required age.
 
3.11. Please note that access to prizes, samples and other rewards may only be permitted to users who have reached the required age. We may process your Personal Data to verify your age and implement age-specific restrictions.
 
4. PURPOSES OF PROCESSING PERSONAL DATA
 
4.1. Browsing websites
 
Collected Personal Data:
 
Information about the browser you use when you visit our websites, your IP address and device address, links you clicked, other websites visited before our websites and information collected by cookies and similar tracking tools. Your username, profile picture, gender, relationships and any other information you agree to share when you use third-party websites (such as when you like us on Facebook).
 
Purpose of processing personal data:
 
We (and third party service providers acting on our behalf) use cookies and similar technologies to manage data about you when you visit our websites. We want to know if you have visited our websites before and what you prefer so that we can tailor our experience to you. Please also review Section 5 for more detailed information on cookies.
 
Personal data storage term:
 
Use the Cookie Permission Tool to find out the storage period for each cookie.
 
Legal basis for processing personal data:
 
Your consent when you click “accept and continue” on the Cookie Allowed on our websites. In some cases and whenever permitted by law, we will assume that you consent to the use of cookies based on your actions. Please note that we need to process basic data about your browsing in order to provide you with the basic functions of the Internet sites, such as a secure login, or to remember which stage of the order you are at. You can change your cookie preferences at any time in our Cookie Allower or by changing your browser settings.
 
 
 
4.2. Offering products and services
 
Collected Personal Data:
 
Name, surname, postal address, e-mail e-mail address, mobile phone number, loyalty card number, order history / wish list (including your purchases on our Website, store), payment history, age, date of birth, gender, products you view on our websites, favorite brands, favorite store, Your actions on our websites and when reading our letters, your answers in surveys or contests, your purchasing habits and priorities, and information about your lifestyle, hobbies and areas of interest.
 
Purpose of processing personal data:
 
To offer you customized products or services (including from related third parties) that may be of interest to you based on your purchase history and behavior, priorities and our marketing segmentation strategies. We can do this by sending you information by mail, e-mail. by mail, newsletters, SMS messages or by phone about products, services, promotions, etc. We may also contact you and offer you to participate in Customer surveys, promotions, prize draws and contests. You may also receive in-store promotions (such as coupons) when you create an account on our websites or participate in a loyalty program.
 
Personal data storage term:
 
As long as you buy from us. If you have a loyalty card and no transactions have taken place within 3 (three) years, we delete your personal data, except in cases where the law establishes a longer storage period for such data. If you shop online as a guest, we store your data for 1 (one) year after shopping. If you have subscribed to our newsletter, we will store your Data until you unsubscribe.
 
Legal basis for processing personal data:
 
You allow us to process your personal data if you become a member with a loyalty card and agree to the terms of our customer loyalty program (execution of the contract).
 
If you do not participate in the loyalty program, you give us permission to process your Personal Data by subscribing to our newsletters.
 
If you shop online as a guest, we will contact you about related offers to the extent permitted by law, including anti-spam provisions.
 
You can opt-out of our marketing communications at any time by using the Privacy Settings panel in your profile (if you have one) or by clicking the unsubscribe button in our marketing emails sent to you. You can opt-out of our direct marketing SMS messages by contacting us via email: info.solidgoldinvest@gmail.com
 
4.3. Customer service
 
Collected Personal Data:
 
First name, last name, mailing address, home phone number, mobile phone number, loyalty card number, passwords, order history, payment history, payment information (i.e. bank or credit card information), order history/wish list, age, gender, request fulfillment information, postings and other content you provide on our websites, as well as other information you provide when purchasing or ordering a service, making a request.
 
Purpose of processing personal data:
 
We process your Personal Data when you contact us and when we respond to your inquiries and comments.
 
Personal data storage term:
 
General inquiries and comments related to service issues, store standards, product availability, etc. are stored for 3 (three) years from the date of the last contact with you. Correspondence related to personal injury, accidents and other health and safety issues may be kept longer if there is litigation or settlement.
 
Legal basis for processing personal data:
 
Processing of your requests, comments and complaints at your request (execution of an obligation arising from a contract or other legal actions).
 
 
 
4.4. Purchase
 
Collected Personal Data:
 
Name, surname, postal address, e-mail email address, home phone number, mobile phone number, loyalty card number, passwords, order history, payment history, payment information (i.e. bank or credit card details), order history/wish list, age, gender, your order fulfillment information and other personal data that you voluntarily provide to us.
 
Purpose of processing personal data:
 
We process personal data to provide you with the products and services you have ordered, including sending you ordered products or samples.
 
Personal data storage term:
 
As long as you buy from us. If no transactions have taken place within 3 (three) years, we delete your personal data, except in cases where the law establishes a longer term for the storage of such data.
 
Legal basis for processing personal data:
 
We use this information to fulfill your order or any other service ordered by you (execution of the contract).
 
4.5. Lotteries and contests
 
Collected Personal Data:
 
Name, surname, postal address, e-mail e-mail address, home or mobile phone number, age, date of birth, gender, user-generated content or any other personal data provided by you – according to the needs of the competition or game.
 
Purpose of processing personal data:
 
To conduct prize sweepstakes, games and contests in which you choose to participate and to determine the winner or transfer the prize if you win.
 
Personal data storage term:
 
3 (three) months after the end of the game or competition, except in cases where the law establishes a longer term for the storage of such data.
 
Legal basis for processing personal data:
 
We need this data to identify the participants/winners of the contest or game and to transfer the prize to you (execution of the contract). If we intend to use your Personal Data for marketing purposes, we will clearly inform you before starting data processing and ask for your consent.
 
 
 
4.6. Online shopping
 
Collected Personal Data:
 
Name, surname, postal address, e-mail e-mail address, home phone or mobile phone number, information about ordered products, order history, IP address, detailed information about your purchases, payment information, payment history.
 
Purpose of processing personal data:
 
To process your online order and deliver the ordered products. Your Personal data related to the execution of payment may be forwarded to payment intermediaries for the purpose of execution of payments.
 
Personal data storage term:
 
As long as you buy from us. If no transactions have taken place within 3 (three) years, we delete your Personal Data, except in cases where the law establishes a longer storage term for such data. If you pay as a guest, we store your data for 1 (one) year after shopping.
 
Legal basis for processing personal data:
 
We need this Personal Data in order to fulfill your online order (execution of the contract).
 
4.7. Loyalty services
 
Collected Personal Data:
 
Name, surname, postal address, e-mail e-mail address, home phone or mobile phone number, information about the products you ordered using the loyalty program, transactions related to the loyalty program, account status, payment information (such as bank information) and payment history.
 
Purpose of processing personal data:
 
To provide you with all services under the loyalty program, including exclusive offers.
 
Personal data storage term:
 
While you are participating in one of our loyalty programs. If no transactions have taken place within 3 (three) years, we delete your Personal Data, except in cases where the law establishes a longer storage term for such data.
 
Legal basis for processing personal data:
 
By registering in one of our loyalty programs, you allow us to process your Personal Data in order to provide you with all services according to the loyalty program (execution of the contract).
 
 
 
4.8. Service and crime prevention
 
Collected Personal Data:
 
Name, surname, postal address, e-mail mailing address, home phone or mobile phone number, payment information (such as bank details) and payment history.
 
Purpose of processing personal data:
 
To provide our services, including processing your service requests, preventing fraud and other crimes, verifying your identity and credit/payment status, and executing payment instructions. Your Personal Data related to the execution of a payment may be forwarded to payment intermediaries for the purpose of execution of payments, or to the police for the purpose of fraud prevention.
 
Personal data storage term:
 
As long as you buy from us. If no transactions have taken place within 3 (three) years, we delete your Personal Data, except in cases where the law establishes a longer storage term for such data.
 
Legal basis for processing personal data:
 
Dedicated to fraud detection and prevention to ensure your identity and transactions are secure (combining interests with ours to prevent fraud and protect our customers). We provide other services to provide you with relevant additional services (execution of the contract).
 
5. COOKIES AND SIMILAR TECHNOLOGIES
 
5.1. We use cookies and similar technologies (“cookies”) to improve our products and your experience on our websites by collecting information about how you use our websites. Some of the cookies used are necessary for the main functions of the Internet sites, for example to provide a secure login or to remember which stage of the order you are at; however, we also use cookies to analyze the use of websites (so that we can evaluate and improve their performance); advertising cookies are used by advertising companies to present advertising that matches your interests.
 
5.2. Cookies can be temporary or permanent: a) temporary cookies are valid and are not removed until you browse your browser; b) persistent cookies are not removed after closing the browser and the information stored in them facilitates subsequent access to your Account (password, username). Such cookies speed up and facilitate the use of websites.
 
5.3. You can block the use of cookies and remove persistent cookies at any time with the help of your browser software. For more information on how to manage Cookies in your browser, please see the Cookie Allower.
 
A. Web analysis with Google Analytics
 
5.4. The websites use Google Analytics, a web analysis service from Google Inc. (hereinafter referred to as “Google”). Google Analytics uses so-called cookies – text files that are saved on your computer and allow us to analyze the use of the website. The information generated by the cookie about your use of our website is usually sent to a Google server in the United States, where it is stored. However, if you have activated IP anonymization for this website, your IP address will first be shortened by Google in the United Kingdom, member states of the European Union or other countries of the European Economic Area. Acting at the request of the website operator, Google uses this information to analyze how you use the website, to provide us, the website operators, with reports on the operation of the website and to provide us with other services related to the use of the website and the Internet. The IP address that Google Analytics sends via your browser will not be linked by Google to other available data. If you wish to prevent the collection of data generated by the cookie and the data about the use of the website collected by Google (including your IP address) and if you wish to opt out of the processing of such data by Google, you can download and install the browser plug-in from the following link : https://tools.google.com/dlpage/gaoptout?hl=en.
 
 
5.5. Data collected by Google Analytics is stored for 26 months. We draw your attention to the fact that without cookies you may not be able to use all the services of our Internet sites.
 
B. Use of Google Inc. Remarketing or Similar Target Groups Feature
 
5.6. On our websites, we use a remarketing or similar targeting function provided by Google Inc. (hereinafter referred to as “Google). Using this function, providers can direct visitors to website-targeted advertising, in other words, interest-based ads tailored to website visitors, – ads that are displayed when you visit other websites in the Google display advertising network. In order to carry out this analysis of the use of the website, which is the basis for the creation of interest-based advertising (remarketing), Google uses so-called cookies. Therefore, Google stores a small file containing a sequence of numbers in the browsers of visitors to the Google website. The file records the number of visitors to the website, as well as anonymous data about the use of the website. No personal data of website users will be stored. Subsequent visits to other sites in the Google display advertising network will display advertisements that take into account the products and information the visitor viewed on previously visited sites. If you want to prevent the collection of cookie-generated data related to your use of the site (including your IP address) If you wish to opt out of such data processing by Google, you can download and install a browser plug-in from the following link: https://tools.google.com/dlpage/gaoptout?hl=en. If you want to disable the use of Google cookies permanently, please click on the following link and download and install the provided plugin: https://www.google.com/settings/ads/plugin. You can disable the use of third-party cookies by visiting the website at: http: //www.networkadvertising.org/choices/ and by adapting the opt-out information provided there.
 
C. Use of Google AdWords Conversion Tracking
 
5.7. As a Google AdWords customer, we use Google Conversion Tracking, an analytics service provided by Google Inc. Google AdWords places a cookie (“conversion cookie”) on your computer if you reach our websites via a Google ad. These cookies expire after 300 days and are not used for personal identification. If you visit certain of our pages and the cookie has not yet expired, we and Google can recognize that someone clicked on an ad and was directed to our website. Each advertiser receives a different cookie. Cookies cannot be tracked through advertisers’ websites. The information collected by the conversion cookie is used to generate conversion statistics for AdWords advertisers who have opted in to conversion tracking. Advertisers will see the total number of users who clicked on an ad and were directed to the conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in the tracking, you can object to this use by preventing the installation of cookies with the appropriate setting of your browser software (disable option).You will not be included in the conversion tracking statistics.
 
7. RIGHTS OF DATA SUBJECTS
 
7.1. The data subject can exercise the following rights in accordance with the procedure established by the GDPR and the ADAĮ:
 
7.1.1. The right to receive confirmation as to whether we are processing your Personal Data or not;
 
7.1.2. The right to access and familiarize yourself with your Personal Data;
 
7.1.3. The right to demand correction of inaccurate personal data;
 
7.1.4. The right to request the deletion of your Personal Data (“right to be forgotten”);
 
7.1.5. The right to object to the processing of Personal Data;
 
7.1.6. The right to restrict data processing;
 
7.1.7. The right to data portability – to receive your Personal data in a structured, commonly used and automatically readable form and forward them to another Data Controller;
 
7.2. In cases where the Customer’s consent constitutes a legal basis for us to process your Personal Data, you can withdraw your consent in the following ways:
 
• For direct marketing purposes: by logging into your account in the Privacy Settings area or by using the unsubscribe link in any marketing communication we send you;
 
• Administrative and other purposes: Email us at info.solidgoldinvest@gmail.com
 
• Please note that the withdrawal of your consent does not affect the legality of the processing of your Personal Data before the withdrawal.
 
7.3. The rights specified in clauses 7.1.1-7.1.7 of the Policy are exercised within the specified periods. The periods indicated and fixed above are as follows:
 
Data subject request
Period
The right to be informed
When the Data is collected (if provided by the Data Subject) or within one month (if provided by a non-Data Subject)
Right of access
One month
Right to rectification
One month
Right of erasure
Unreasonably immediately
The right to restrict Data Processing
Unreasonably immediately
Right to data portability
One month
Right to object Upon receiving an objection
7.4. The Data Controller has the right to reasonably refuse to allow the Data Subject to exercise his rights or to charge a reasonable fee in accordance with Article 12(5) of the GDPR. for the circumstances provided for in point (b).
 
 
 
8. WHO MAY WE TRANSFER (SHARE) YOUR PERSONAL DATA?
 
8.1. We share your Personal Data with the following data processors (i.e. service providers who help us perform the above tasks):
 
• To SOLID GOLD INVEST LTD related companies and trusted third parties that directly support our promotional activities.
 
8.2. We emphasize that we impose strict requirements on these Data Processors in accordance with the applicable data protection laws, so that they process your personal data in accordance with the purposes and scope specified by us and meet high IT security standards.
 
8.3. We share your personal data with the following third parties who process your personal data for their own purposes (i.e. these third parties are not our authorized Data Processors, they use your Personal Data for their own interests or because you have agreed to it):
 
• To interested third parties (which are not affiliated companies of “SOLID GOLD INVEST”) who will send you marketing material, but only if you have agreed to receive it from them.
 
• To law enforcement and other institutions, if disclosure of your personal data is required by law, legal order of authorities/officials or court decision.
 
8.4. Please note that we never share your personal data on social networks. When we expand our customer base or target customers through social networks such as Facebook or Google, we anonymize your personal data before transmitting it. If there are changes in the future and we have to share your personal data on social networks, we will ask for your consent in advance.
 
8.5. With your consent, we will share information about your use of the Websites with trusted third parties (i.e. advertisers, advertising agencies, advertising networks, data exchange entities, etc.) in order to provide you with content that is tailored to you and may be of interest to you based on your past activity on our Websites. . These trusted third parties may set and use their own cookies, web beacons and similar tracking technologies on your device to help us deliver tailored content and advertising to you when you visit our respective websites. You can find more information about cookies and opting out in Section 5.
 
9. DATA PROTECTION OFFICER
 
9.1. According to the GDPR, it is mandatory to have a Data Protection Officer if the main activity of the Data Controller consists of data processing operations that require regular and systematic monitoring of data subjects on a large scale, or when the main activity of the data controller or data processor is the processing of special categories of data on a large scale.
 
9.2. The rights and duties of the Data Protection Officer are detailed in the GDPR, Policy Annexes, job regulations, if this position is held by an employee of the Data Controller, or in the service provision agreement, if the person holding the position of Data Protection Officer is an external provider of this service.
 
9.3. Taking into account the specified criteria and the activities performed by the Data Controller, the Data Controller is not obliged to appoint a Data Protection Officer.
 
10. PROCEDURE FOR MANAGEMENT OF PERSONAL DATA SECURITY VIOLATIONS AND RESPONSE TO SUCH VIOLATIONS
 
10.1. Employees of the Data Controller who have the right of access to Data, upon noticing Data Security violations (inaction or actions of individuals that may cause or cause a threat to Data Security), must inform the responsible employee and/or their direct manager.
 
10.2. After assessing the risk factors of a Data Protection breach, the degree of impact, damage and consequences of the breach, in accordance with the relevant internal procedures, the Data Controller makes decisions on the measures necessary to eliminate the Data Protection breach and its consequences and to inform the necessary entities.
 
10.3. If you believe that we are in breach of data protection laws when processing your Personal Data, you may submit a complaint to the competent supervisory authority in the United Kingdom or another country where you live, work or where the GDPR has been breached.
 
11. TECHNICAL AND ORGANIZATIONAL PERSONAL DATA SECURITY MEASURES
 
11.1. The organizational and technical data security measures implemented by the Data Controller ensure a level of security that corresponds to the nature of the Data managed by the Data Controller and the risks posed by their processing, including, but not limited to, the measures specified in this section.
 
11.2. Personal data security measures:
 
11.2.1. Administrative (safe handling of documents and computer data and their archives, as well as establishment of work organization procedures for various fields of activity, training of personnel during employment and exit/dismissal, etc.);
 
11.2.2. Technical and software protection (administration of service stations, information systems and databases, maintenance of workplaces, protection of operating systems, monitoring of user access (monitoring), protection against computer viruses, etc.);
 
11.2.3. Administration of information systems and databases, maintenance of workplaces, protection of operating systems, protection against computer viruses, etc.;
 
11.2.4. Protection of communications and computer networks (technical and software tools for encoding and transmitting shared data, programs, personal data, filtering of unwanted data packets, etc.).
 
11.3. The personal data protection measures listed above ensure: 1) installation of storage for copies of operating systems and databases, storage control of copying equipment; 2) continuous data processing (processing) process technology; 3) the strategy of resuming system activity in unforeseen cases (management of contingencies); 4) unique user identification and password system; 5) physical (logical) separation of the program testing environment from work mode processes; 6) registered use of data, their inviolability.
 
11.4. The Data Controller ensures the procedure for restoring Personal Data in case of accidental loss. The Data Controller makes backup copies of the system data at the periodicity set by the Data Controller and stores them under the set conditions. Data is restored according to an approved internal procedure using Veeam backup and SQL database tools from backup device libraries. Back-up copies of Data are in all cases stored within the Data storage terms set in the Policy.
 
11.5. The Data Controller also applies other measures to ensure the security of Personal Data:
 
11.5.1. VPN technology is used for remote connection to the Data Controller’s internal network, a digital certificate is used for user identification;
 
11.5.2. Access to Personal Data is controlled by such organizational and technical data security measures that capture and control registration and rights acquisition efforts;
 
11.5.3. The following records of connections to the database of persons who have the right to process Personal Data are recorded: connection identifier, date, time, duration, connection result (successful, unsuccessful). These records are stored for at least 1 (one) year;
 
11.5.4. The security of the premises where Personal Data is stored is ensured (only authorized persons are allowed access to the relevant premises, etc.);
 
11.5.5. The aim is to ensure the use of secure protocols and/or passwords when providing Personal Data through external data transmission networks;
 
11.5.6. Safety control and deletion of Personal data contained in external data carriers and e-mail after their use and transfer to databases is ensured;
 
11.5.7. Emergency Personal Data recovery actions are registered (when and who performed Personal Data recovery actions both automatically and manually);
 
11.5.8. It is ensured that the testing of information systems is not carried out with real Personal data, except for necessary cases, during which organizational and technical Personal data security measures are used to ensure the security of real Personal data;
 
11.5.9. Personal data on laptops, if they are not used in the internal data transmission network of the Data Controller, are protected by appropriate measures that correspond to the risks posed by Data processing.
 
11.6. The Data Controller implements appropriate technical and organizational measures to ensure that only those Personal Data that are necessary for each specific purpose of data processing are processed in a standardized manner. That obligation applies to the amount of Personal Data collected, the scope of their processing, their storage period and their availability.
 
12. CONTACTS
 
12.1. You can get in touch with this Policy and/or general data protection-related issues by contacting the following contacts:
 
  “SOLID GOLD INVEST LTD”, legal entity code 13975220. Email: info.solidgoldinvest@gmail.com
 
 
 
13. FINAL PROVISIONS
 
13.1. The Policy may be revised once per calendar year at the initiative of the Data Controller and/or upon changes to legal acts regulating the processing of Personal Data.
 
13.2. The policy and its amendments take effect from the date of their approval.
Copyright © Solidgoldshop
Powered by: LilijaDigital.lt
Shopping Cart