Entrlcom

ENTRLCOM PRIVACY POLICY

Effective May 15, 2020

This policy defines the policy of Entrlcom Limited (hereinafter referred to as the Operator) in relation to the processing of personal data and contains information on the requirements for the protection of personal data implemented by the Operator. This policy applies to all personal data processed using the Service that the Operator receives or may receive from the Visitor.

General terms

1.1. The following terms and definitions for the purposes of this policy have the following meanings:
"Personal data" is any information relating to a specific person (owner of personal data) defined or determined on the basis of such information, including his last name, first name, middle name, year, month, date and place of birth, address, email address mail, phone number, marital, social, property status, education, profession, income, other information. For the purposes of this policy, personal data means both information that the Visitor provides about himself independently when using the Service, and information that is automatically transmitted to the Operator in the process of using the Service using the software installed on the Visitor’s device, including the IP address, data cookies, information about the Visitor’s browser, technical specifications of the equipment and software used by the Visitor, the date and time of access to the Service, the addresses of the requested website pages and other similar information. In addition, personal information for the purposes of this policy also includes information about the Visitor, the processing of which is provided for by the Agreement governing the use of the Service. Personal data refers to confidential information.
"Operator" is Entrlcom Limited processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
"Visitor" is any physical person (owner of personal data), including acting on behalf of and in the interests of a legal entity who visits the Service website (User) and can, in the process of using the Service (User or Advertiser), or receive from using his services (Advertiser) to provide the Operator with his personal data, either independently or through the legal entity represented by him, expressing his consent to the terms and conditions set forth in the Agreement either by signing it or by performing the specified actions therein aimed at using the Service, or by entering into another agreement or contract with the Operator.
"Service", "Personal data information system", "Information System" is a web service available on the Internet at Entrlcom, which is a web portal for placing a catalog of products with the ability to search on it and promote products. The service includes a combination of information, other computer programs, databases, program codes underlying their know-how, algorithms, design elements, fonts, logos, as well as text, graphic, and other materials, as well as other results of intellectual activity.
"Agreement" is a license agreement/contract, a user or other agreement between the Visitor and the Operator that governs the use of the Service and contains the instruction of the Visitor to the Operator to process personal data concluded either by signing it or by performing specific actions specified therein aimed at the use of the Service.
"Personal data processing" is a license agreement/contract, a user or other agreement between the Visitor and the Operator, which regulates the use of the Service and contains the instruction of the Visitor to the Operator to process personal data concluded either by signing it or by performing specific actions specified therein aimed at the use of the Service.
"Automated processing of personal data" is the processing of personal data using computer technology.
"Non-automated processing of personal data", "Processing of personal data without the use of automation" is the processing of personal data contained in the personal data information system or extracted from such a system in cases when such actions are with personal data as the use, refinement, dissemination, destruction of personal data in relation to each of the personal data subjects is performed with the direct participation of a person.
"Distribution of personal data" are actions aimed at the disclosure of personal data to an indefinite circle of persons.
"Provision of personal data" are actions aimed at transferring personal data to a specific person or a specific circle of persons.
"Blocking of personal data" is temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).
"Destruction of personal data" are actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
"Anonymization of personal data" are actions, as a result of which it is impossible to determine whether personal data belongs to a specific owner without using additional information.
"Use of personal data" are actions (operations) with personal data committed for the purpose of making decisions, transactions or other actions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others persons.
"Publicly available personal data" is personal data access to an unlimited circle of persons to which is granted with the consent of the subject or to which, in accordance with federal laws, the requirement of confidentiality does not apply.
"Confidentiality of personal data" is a requirement for compliance with a person who has access to personal data is a requirement not to allow their dissemination without the consent of the subject or other legal basis.
"Statistics" mean information about the use of the Service, its modules, the website as a whole, collected using Counters, cookies, web beacons, and other similar technologies.
"Cookies", "cookie" is a small piece of data sent by the web server and stored on the device of the user of the website on which the Counter is installed. Cookies contain small chunks of text and are used to store information about browsers. They allow you to store and receive identification information and other information on computers, smartphones, phones, and other devices. The cookie specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purpose, including data stored by browsers or devices, device identifiers, and other software. In this document, all of these technologies are called cookies.
"Web beacons" are images in electronic form (single-pixel (1x1) or empty GIF images). Web beacons can help the Operator recognize certain types of information on the User’s device, for example, cookies, the time and date of viewing the page, and the description of the page where the web beacon is located.
"Counter" is a computer program that uses a piece of code installed on a website that is responsible for analyzing cookies and collecting statistical and personal data from this website. Personal data is collected in anonymized form.

"IP-address" is a number from the numbering resource of a data network built on the basis of the IP protocol (RFC 791), which uniquely identifies a terminal (computer, smartphone, tablet) when providing telematic communication services, including Internet access, other device or means of communication included in the information system and owned by the Visitor.
"Token" is a unique character set that identifies the Visitor in accounts of third-party web services. The token allows an authorized connection to the Service using authorization through third-party web services (for example, social networks).

"Applicable law" is the legislation of the country where the Administration is registered or is a resident. In certain cases, applicable law may mean the legislation of the country where the User resides or is a resident of if such legislation establishes the priority of its rules over the rules of this Agreement.

1.2. All other terms and definitions that appear in the Agreement are interpreted by the Parties in accordance with applicable law, current recommendations (RFC) of international bodies for standardization on the Internet, and using the usual rules for the interpretation of relevant terms that have developed on the Internet.

1.3. Terms and definitions used in this Agreement can be used both in the singular and in the plural, depending on the context, the terms can be spelled both in uppercase and lowercase letters.

1.4. The names of the headings (articles), as well as the design of this document, are intended only for the convenience of using the text of the Agreement and have no literal legal value.

1.5. This policy is developed in accordance with the requirements of applicable law in the field of personal data protection.

1.6. This policy defines the procedure and conditions for the processing of personal data by the Operator, including the procedure for transferring personal data to third parties, the features of manual processing of personal data, the procedure for accessing personal data, the system for protecting personal data, the procedure for organizing internal control and liability for violations in the processing of personal data, and also other issues.

1.7. This policy takes effect from the moment it is approved by the Operator and is valid indefinitely until it is replaced with a new policy.

1.8. The Operator has the right to make changes to this policy without the consent of the Visitor. All changes to the policy are made by the regulatory act of the Operator.

1.9. This policy applies to all processes for the processing of personal data performed using the Service without using automation tools. The Operator does not control and is not responsible for websites owned by third parties to which the Visitor can click on the links posted on the Service.

1.10. This policy is intended to show that the Operator, fulfilling the obligation established by the applicable law to protect the personal data of Visitors during their processing, informs the Visitor in this policy that:

1.10.1. for what purpose and how the Operator collects and processes personal data when the Visitor uses the Operator's Service;

1.10.2. what are the obligations of the Operator as a legal entity making a decision on the goals and methods of processing the personal data of the Visitor;

1.10.3. what are the rights of the Visitor and what tools he/she can use to reduce the amount of processed personal data;

Legal grounds for personal data processing

2.1. The Operator processes the personal data of the Visitor guided by the requirements of the applicable law, as well as other applicable acts in the field of the Operator.

2.2. Processing of the Visitor’s personal data is performed on the basis of and pursuant to the Agreement governing the use of the Service and other agreements or contracts concluded between the Visitor and the Operator.

2.3. Processing of the Visitor’s personal data may also be performed on the basis of his separate consent to such processing, which can also be expressed directly when using the Service by clicking on the appropriate button or by putting an indicator on the corresponding checkbox. The validity period of such consent of the Visitor is indicated in its text.

Purposes for collection of the personal data

3.1. The Operator processes only those personal data that are necessary to use the Service or to execute agreements and contracts with the Visitor, unless the applicable law provides for the mandatory storage of personal information for a period specified by law.

3.2. When processing personal data, the Operator does not combine databases containing personal data, the processing of which is performed for incompatible purposes.

3.3. The operator processes the personal data of the Visitor for the following purposes:

3.3.1. the use of personal data of Visitors who are physical persons using the Service on their own behalf for the purpose of concluding and executing the Agreement or any other contract with the Operator;

3.3.2. the use of personal data of Visitors who are physical persons using the Service on behalf of the physical persons or legal entities they represent for the purpose of concluding and executing the Agreement or any other agreement with the Operator;

3.3.3. conducting statistical and other studies of the use of the Service on the basis of anonymized data;

3.3.4. compliance with mandatory requirements of applicable law.

Volume and categories of personal data being processed, categories of personal data owners

4.1. Personal data authorized for processing in accordance with this policy and provided by Visitors who are physical persons using the Service on their own behalf by filling in the appropriate input fields when using the Service may include the following information:

  • surname, name and middle name;
  • nickname;
  • cell phone number;
  • E-mail address;
  • messenger identifiers;
  • token.

4.2. Personal data authorized for processing in accordance with this policy and provided by Visitors who are physical persons using the Service on behalf of the physical person or legal entity they represent, by filling in the appropriate input fields when using the Service, may include the following information:

  • surname, name and middle name;
  • nickname;
  • cell phone number;
  • E-mail address;
  • messenger identifiers;
  • token.

4.3. Personal data processed in accordance with this policy and automatically transmitted to the Operator in the process of using the Service using the software installed on the Visitor’s device may include the following information:

  • HTTP headers;
  • IP address of the Visitor's device;
  • cookie data;
  • data collected by counters;
  • data collected by web beacons;
  • Visitor’s browser information;
  • technical specifications of the device and software;
  • date and time of access to the Service;
  • addresses of requested pages of the Service website;
  • geographic coordinates of the location of the Visitor.

4.4. In accordance with this policy, the Operator processes the personal data of persons belonging to the following categories of personal data subjects:

4.4.1. physical persons using the Service in accordance with the Agreement on its use on their own behalf;

4.4.2. physical persons using the Service in accordance with the Agreement on its use on behalf of the physical person or legal entity that they represent.

4.5. The operator does not collect special categories of personal data (sensitive personal information) relating to race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, biometric data.

Terms and procedures of personal data processing

5.1. The Operator has the right to process the personal data of the Visitor without notice to the authorized body for the protection of the rights of personal data subjects unless otherwise provided by applicable law.

5.2. The operator processes the Visitor’s personal data using the personal data information system without using automation tools in accordance with applicable laws or other regulatory legal acts that establish the requirements for ensuring the security of personal data during its processing and for observing the rights of personal data subjects. Such actions with personal data as the use, refinement, distribution, destruction of personal data in relation to the Visitor are performed with the direct participation of the Operator's employees in accordance with the features approved by applicable law.

5.3. The Operator processes and stores the Visitor’s personal data for a period determined in accordance with the Agreement on the use of the Service.

5.4. Concerning the personal data of the Visitor, their confidentiality is maintained, except for cases when the Visitor voluntarily provides information about himself for general access to an unlimited circle of persons.

5.5. The operator has the right to transfer the personal data of the Visitor to third parties in the following cases:

5.5.1. the Visitor has consented to such actions, expressed in accordance with the terms of the Agreement on the use of the Service;

5.5.2. the transfer is necessary for the use by the Visitor of certain functionality of the Service (for example, for authorization through accounts on social networks) or for the execution of a specific agreement, contract or transaction with the Visitor;

5.5.3. the transfer is provided for by applicable law as part of the procedure established by such legislation;

5.5.4. in the event of a transfer of rights to the Service, personal data must be transferred to the acquirer at the same time as all obligations to comply with the conditions of this policy are applied to the personal data received by him;

5.5.5. if necessary, to ensure the possibility of protecting the rights and legitimate interests of the Operator or third parties, when the Visitor violates this policy or the Agreement on the use of the Service; 5.5.6. in other cases provided for by applicable law.

5.5.6. in other cases provided for by applicable law

5.6 In case of loss or unauthorized disclosure of personal data, the Operator informs the Visitor of that fact.

5.7. The Operator shall take the necessary organizational and technical measures to protect the Visitor’s personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions of third parties.

5.8. The Operator together with the Visitor takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the Visitor’s personal data.

5.9. The operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by applicable law.

5.10. The Operator stops processing the Visitor’s personal data, the processing of which is performed with their consent, upon the expiration of the Visitor’s consent to their processing or upon withdrawal of the Visitor’s consent to the processing of his personal data, as well as in the event of unlawful processing of personal data or the liquidation of the Operator.

Procedure for collecting personal data by using "cookies", web beacons, and counters

6.1. Cookies transmitted from the Operator to the device of the Visitor and from the Visitor to the Operator can be used by the Operator to achieve the purposes of processing personal data in accordance with the privacy policy and processing of personal data.

6.2. The operator uses different types of cookies in the Service, which serve for different purposes and, depending on them, can be assigned to one of the following categories:

  • "Required", i.e. cookies, which are strictly necessary for the functioning of critical components of the Service, the identification of the technical characteristics of the Visitor’s device and the software used (for example, the browser), as well as authorization and payment by the Visitor;
  • "Analytical", i.e. cookies, which allow the Service to recognize Visitors, calculate their number and collect information about their transactions in the Service, including information about the visited web pages of the Service;
  • "Technical", i.e. cookies, which allow you to collect information about the interaction of Visitors with the Service in order to identify errors and test new features to improve the performance of the Service;
  • "Functional", i.e. cookies, which allow the Visitor to receive certain functions of the Service, interact with the interface of the Service and use its capabilities, record information about the actions taken in the Service and configure the Service in accordance with the needs of the Visitor in order to remember information entered by the Visitor, preserve the preferred language, locations, etc.;
  • "Third-party", i.e. cookies, which collect information about Visitors, traffic sources, visited web pages and advertisements displayed for Visitors, as well as advertisements by which the Visitor made the transition to the advertised web page in order to display advertisements that may be of interest A Visitor based on an analysis of the information collected. The specified cookies are also used for statistical and research purposes.

6.3. The operator does not explicitly request consent for the use of mandatory and technical cookies. If the Visitor does not want his personal data to be collected using the mandatory cookies, he can disable their provision to the Operator in the software (browser) on his device. In this case, the functionality of the Service associated with the mandatory cookies is no longer available to the Visitor, which may lead to a complete stop of operation or incorrect operation of the Service.

6.4. The Operator may use functional, analytical and third-party cookies only with the consent of the Visitor, which is expressed as a general rule by the adoption of the Agreement and the start of the use of the Service. Otherwise, the Visitor has the right to refuse to use such cookies by disconnecting them in the Service settings without harming its functionality.

6.5. The Visitor agrees that his devices and software used to work with the Service, depending on their version and configuration, may or may not have the function of prohibiting operations with cookies, for any for certain sites and applications, as well as the function of deleting previously received cookies (for example, private browser mode).

6.6. The operator has the right to establish a requirement for the Visitor’s device on the mandatory permission to receive and receive cookies in connection with security requirements.

6.7. The Operator uses cookies only for the above purposes, after which the collected data is stored on the Visitor’s device for a period that may depend on the appropriate type of cookies, but not exceeding the time required to achieve their goal, after which they will be automatically deleted from the Visitor’s device.

6.8. The structure of the cookie, its contents and technical parameters are determined by the Operator and are subject to change without prior notice to the Visitor. The Visitor is entitled to receive all the necessary information about the cookies by sending a request to the Operator in the manner prescribed by the privacy policy and the processing of personal data.

6.9. The meters placed by the Operator in the Service can be used by the Operator to analyze cookies and collect personal data about the use of the Service in order to improve the quality of the Service, the level of ease of use, and the improvement of the Service. Technical parameters of the meters are determined by the Operator and are subject to change without prior notice to the Visitor.

6.10. The operator can also use web beacons in conjunction with cookies to collect information about the use of the Service. The Visitor has the right to block web beacons when using the Service by prohibiting the downloading of images in the settings of his software (browser).

Access to personal data

7.1. The right to access the personal data of the Visitor is reserved only to the Operator’s employees, who are allowed by virtue of their duties to work with the personal data of the Visitor on the basis of a list of persons authorized to work with personal data, which is approved by the Operator.

7.2. The list of employees who have access to personal data is maintained by the Operator in an up-to-date state.

7.3. Access to the personal data of the Visitor by third parties who are not employees of the Operator is prohibited without the consent of the Visitor, except for cases established by applicable law.

7.4. The access of the Operator’s employee to the personal data of the Visitor ceases from the date of termination of the employment relationship or from the date the employee loses the right to access the personal data of the Visitor in connection with a change in job duties, position or other circumstances in accordance with the procedure established by the Operator. In the event of termination of employment, all media with the Visitor’s personal data that were at the disposal of the dismissed employee of the Operator are transferred to a higher-ranking employee in the manner established by the Operator.

Updating, correction, deleting and destruction of personal data

8.1. The Visitor may at any time change, update, supplement, or delete the personal data provided to them or part thereof using the Service interface.

8.2. If the Operator independently identifies the fact of incompleteness or inaccuracy of the Visitor’s personal data, the Operator shall take all possible measures to update personal data and make appropriate corrections.

8.3. If it is impossible to update incomplete or inaccurate personal data of the Visitor, the Operator takes measures to delete them.

8.4. If it becomes unlawful for the processing of personal data of the Visitor, their processing by the Operator ceases, and personal data is subject to deletion.

8.5. If the Service interface is inoperative or the Service is not functional for changing, updating, supplementing or deleting the personal data by the Visitor, as well as in any other cases, the Visitor has the right to demand in writing from the Operator the clarification of his personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose.

8.6. The Operator makes the necessary changes to the personal data that are incomplete, inaccurate, or irrelevant in a period not exceeding seven business days from the date the Visitor provides information confirming that the personal data is incomplete, inaccurate, or outdated.

8.7. The Operator destroys the Visitor’s personal data illegally obtained or not necessary for the stated processing purpose within a period not exceeding seven business days from the date the Visitor submits information confirming that such personal data is illegally obtained or is not necessary for the stated processing purpose.

8.8. The Operator notifies the Visitor of the changes made and measures taken and takes reasonable measures to notify third parties to whom the personal data of this Visitor was transferred.

8.9. Visitor's rights to change, update, supplement, or delete personal data may be limited in accordance with the requirements of applicable law. Such restrictions, in particular, may provide for the Operator's obligation to save personal data changed, updated, supplemented, or deleted by the Visitor for a period specified by applicable law and to transfer such personal data in accordance with the established procedure to state authorities.

Responses to visitor's requests for access to personal data

9.1. The Visitor has the right to receive information from the Operator regarding the processing of their personal data, including such containing:

9.1.1. confirmation of the fact of processing personal data by the Operator;

9.1.2. legal grounds and purposes of processing personal data;

9.1.3. goals and methods of processing personal data used by the Operator;

9.1.4. the name and location of the Operator, information about persons (except for the employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;

9.1.5. processed personal data relating to the respective Visitor, the source of their receipt, unless otherwise provided for by federal law;

9.1.6. terms for processing personal data, including periods for their storage;

9.1.7. the procedure for exercising by the Visitor the rights provided for by applicable law;

9.1.8. information on completed or suspected cross-border data transfer;

9.1.9. name or surname, name, middle name, and address of the person who processes personal data on behalf of the operator, if the processing is or will be entrusted to such a person;

9.1.10. other information provided by law.

9.2. The Operator provides free of charge the opportunity to familiarize yourself with the personal data processed and stored in the Operator’s information system when the Visitor contacts within thirty days from the date of receipt of the Visitor’s written request.

9.3. In case of refusal of the Operator to provide information on the availability of personal data about the Visitor or personal data to the Visitor upon his request or upon receipt of a request from the Visitor, the Operator shall provide in writing a reasoned response, which is the basis for such a refusal, within a period not exceeding thirty days from the date of the Visitor's request or from the date of receipt of the Visitor’s request.

Information on the requirements for the protection of personal data and their implementation

10.1. The security of personal data during their processing in the information system is ensured by a personal data protection system that neutralizes current threats determined in accordance with applicable law.

10.2. The personal data protection system used by the Operator includes legal, organizational, technical, and other measures to ensure the security of personal data, determined taking into account current threats to the security of personal data and information technologies used in information systems.

10.3. With regard to personal data in respect of which the Visitor has consented to be processed by third parties, the Operator has the right to attract another person on the basis of the contract to ensure the security of personal data when they are processed in the information system.

10.4. When processing personal data in the information system of the Operator, the latter ensures:

10.4.1. taking measures aimed at preventing unauthorized access to the personal data of the Visitor and/or transferring them to persons who do not have the right to access such information;

10.4.2. timely detection of unauthorized access to personal data;

10.4.3. avoidance of impact on technical means involved in the processing of personal data, as a result of which their functioning may be impaired;

10.4.4. the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;

10.4.5. continuous monitoring of the level of security of personal data.

10.5. In order to comply with security requirements and implement a personal data security system, the Operator has developed a private model of security threats to the personal data information system.

10.6. The Operator has determined the level of security of personal data during their processing in the personal data information system owned by the Operator.

10.7. The operator, on the basis of the level of personal data security determined by him when processing them in the personal data information system without using automation, developed and implemented a set of measures to protect and ensure the security of personal data.

10.8. The operator uses hardware and software for processing and protecting personal data, and also maintains a register of personal data protection means.

10.9. The operator keeps a journal of accounting and storage of removable storage media containing personal data.

10.10. Technical means ensuring the functioning of the personal data information system are located in premises owned by the Operator on the basis of ownership or other property rights (rent, use, etc.).

10.11. All employees of the Operator authorized to work with personal data, as well as those associated with the operation and maintenance of the personal data information system, are familiar with the requirements of this policy, as well as with the Operator’s internal documents regulating the procedure for working with personal data.

10.12. The Operator has organized the process of training employees in the use of personal data protection equipment operated by the Operator. The training is held by employees with constant access to personal data, and employees associated with the operation and maintenance of the personal data information system and personal data protection facilities.

10.13. The internal documents of the Operator established that employees must immediately inform the appropriate official of the Operator about the loss, damage, or shortage of information carriers containing personal data, as well as about attempts to unauthorized disclosure of personal data, its reasons, and conditions.

Consent to personal data processing

11.1. The Visitor decides to provide his personal data and agrees to its processing freely, of his own free will, and in his interest.

11.2. Consent to the processing of personal data provided by the Visitor is specific, informed, and conscious.

11.3. In case of processing the Visitor’s personal data on the basis of and pursuant to the Agreement governing the use of the Service and other agreements or contracts concluded between the Visitor and the Operator using the Service, such processing of the Visitor’s personal data is performed on the basis of such agreements or contracts and does not require separate consent.

11.4. In the case of processing of the Visitor’s personal data on the basis of his separate consent to such processing, expressed directly when using the Service by clicking on the appropriate button or by ticking the indicator of the corresponding checkbox, such consent to the processing of personal data is provided by the Visitor in the form of an electronic document signed a simple electronic signature in accordance with the Agreement governing the use of the Service.

11.5. Consent to the processing of personal data may be revoked by the Visitor in accordance with the procedure established by applicable law.

Final provisions

12.1. The start of the use of the Service by the Visitor means his acceptance of the terms of this policy. If the Visitor disagrees with the terms of this policy, the use of the Service should be immediately terminated.

12.2. This policy and the relationship between the Visitor and the Operator arising in connection with the application of this policy are governed by applicable law.

12.3. This policy is permanently available on the Operator’s website at the following link Privacy.

12.4. All suggestions or questions about this policy, the Visitor is entitled to send to the Operator’s customer support service by sending an electronic message to the email address: [email protected].

Details

Entrlcom Limited

organized and operating under the laws of the Hong Kong

7/F, MW Tower, 111 Bonham Strand, Sheung Wan, Hong Kong