Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy is issued in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), the ePrivacy Directive 2002/58/EC (as implemented in the relevant EU/EEA Member State(s)), and other applicable EU and national data-protection laws. It sets out how we process personal data and the measures we take to ensure the security of personal data taken by Lu Project S.L., NIF B21778725 (hereinafter referred to as the Data Processor).
1.1. The Data Processor sets as its most important goal and condition for the implementation of its activities the observance of the rights and freedoms of individuals and citizens when processing their personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Data Processor policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Data Processor may receive about visitors to the website https://adency.pro.
2. Key Concepts Used in the Policy
2.1. Automated Processing of Personal Data – Processing of personal data using computer technology.
2.2. Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. Website – a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://adency.pro.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Depersonalization of personal data — actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or another subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Data Processor – a state body, municipal body, legal entity or individual that, independently or jointly with other persons, organizes and/or carries out the processing of personal data, determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://adency.pro.
2.9. Personal data permitted for distribution by the subject of personal data are personal data, access to which by an unlimited number of persons is provided by the subject of personal data by giving consent to the processing of personal data permitted for distribution by the subject of personal data in the manner prescribed by the GDPR and applicable data-protection laws (hereinafter referred to as personal data permitted for distribution).
2.10. User – any visitor to the website https://adency.pro.
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, posting on information and telecommunications networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign government body, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data – any actions as a result of which personal data are irrevocably destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and (or) the destruction of tangible media of personal data.
3. Basic Rights and Obligations of the Data Processor
3.1. The Data Processor has the right to:
– receive reliable information and/or documents containing personal data from the personal data subject;
– in the event of the personal data subject’s withdrawal of consent to the processing of personal data, the Data Processor has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the GDPR and applicable data-protection laws;
– independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the GDPR and applicable data-protection laws, unless otherwise provided by the GDPR and applicable data-protection laws.
3.2. The Data Processor is obligated to:
– provide the personal data subject, upon request, with information regarding the processing of their personal data;
– ensure that the processing of personal data is carried out in compliance with the requirements of the General Data Protection Regulation (GDPR) and other applicable data-protection laws;
– respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the GDPR and applicable data-protection laws;
- communicate the necessary information to the authorized body for the protection of the rights of personal data subjects upon request of that body within 30 days of the date of receipt of such request;
- publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
– cease transferring (distributing, providing, accessing) personal data, cease processing, and destroy personal data in the manner and cases stipulated by the GDPR and applicable data-protection laws;
– fulfill other obligations stipulated by the GDPR and applicable data-protection laws.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects have the right to:
– obtain information about the processing of their personal data, in accordance with the rights granted to them under the General Data Protection Regulation (GDPR), except where such disclosure would adversely affect the rights and freedoms of others. Information is provided to the personal data subject by the Data Processor in an accessible form, and they must not contain personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the GDPR and applicable data-protection laws;
– to demand from the Data Processor clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also to take measures provided by law to protect his rights;
- require prior consent when processing personal data for the purpose of promoting goods, works, and services;
- revoke consent to the processing of personal data;
– appeal to the authorized body for the protection of the rights of personal data subjects or in court against the Data Processor’s unlawful actions or inactions in the processing of their personal data;
– Data subjects also have the right to exercise all other rights granted to them under the General Data Protection Regulation (GDPR) and applicable data-protection laws. These include, where applicable, the rights to rectification, erasure, restriction of processing, data portability, and objection to processing.
4.2. Personal data subjects are obligated to:
– provide the Data Processor with accurate information about themselves;
– notify the Data Processor of any clarifications (updates, changes) to their personal data.
4.3. Persons who have provided the Data Processor with false information about themselves or information about another personal data subject without the latter's consent shall be liable in accordance with the General Data Protection Regulation (GDPR) and applicable data-protection laws.
5. The Data Processor may process the following personal data of the User:
5.1. Last name, first name, patronymic.
5.2. Email address.
5.3. Telephone numbers.
5.4. The website also collects and processes anonymized data about visitors (including cookies) using internet statistics services (Google Analytics , Yandex Metrica and others).
5.5. The above data is hereinafter collectively referred to as "Personal Data."
5.6. The Data Processor does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or intimate life.
5.7. The processing of special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a person’s sex life or sexual orientation) is only permitted in accordance with Article 9 of the General Data Protection Regulation (GDPR). Such data may be processed only when one of the lawful grounds set out in Article 9(2) applies and appropriate safeguards are in place.
5.8. Where the processing of personal data is based on the User’s consent, such consent must be given freely, specifically, informedly, and unambiguously, in accordance with Article 6(1)(a) and, where applicable, Article 9(2)(a) of the General Data Protection Regulation (GDPR). Consent for the processing of special categories of personal data or for making personal data publicly available is obtained separately from any other consents. The content and form of consent comply with the requirements of the GDPR and guidance issued by the competent data-protection authorities.
5.8.1 The User provides consent to the processing of personal data permitted for distribution directly to the Data Processor.
5.8.2 The Data Processor is obliged, no later than three working days from the date of receipt of the User's consent, to publish information on the processing conditions, the existence of prohibitions and conditions for the processing of personal data by an unlimited number of persons, permitted for distribution.
5.8.3 The transfer (distribution, provision, access) of personal data permitted for distribution by the subject of personal data must be terminated at any time at the request of the subject of personal data. This requirement must include the last name, first name, patronymic (if any), contact information (phone number, email address or postal address) of the personal data subject, as well as a list of personal data whose processing is subject to termination. The personal data specified in this request may only be processed by the Data Processor to whom it is sent.
5.8.4 Consent to the processing of personal data permitted for distribution shall cease to be valid from the moment the Data Processor receives the request specified in clause 5.8.3 of this Policy regarding the processing of personal data.
6. Principles of Personal Data Processing
6.1. Personal data will be processed lawfully and fairly.
6.2. Personal data will be processed only to achieve specific, predetermined, and legitimate purposes. Processing of personal data that is incompatible with the purposes for which it was collected is prohibited.
6.3. Combining databases containing personal data processed for incompatible purposes is prohibited.
6.4. Only personal data that is relevant to the purposes for which it is processed may be processed.
6.5. The content and volume of processed personal data correspond to the stated processing purposes. Processed personal data may not be excessive in relation to the stated processing purposes.
6.6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data to the purposes of processing the personal data are ensured. The Data Processor takes and/or ensures that necessary measures are taken to delete or clarify incomplete or inaccurate data.
6.7. Personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed, unless a longer retention period is required by applicable law or justified by legitimate interests permitted under the General Data Protection Regulation (GDPR). Once the purposes of processing have been fulfilled, or the personal data are no longer necessary, such data shall be securely deleted or anonymized, unless otherwise required by law.
7. Purposes of Processing Personal Data
7.1. Purpose of Processing the User's Personal Data:
– Informing the User via email;
– Concluding, executing, and terminating civil contracts;
– Providing the User with access to services, information, and/or materials contained on the website https://adency.pro.
7.2. The Data Processor also reserves the right to send the User notifications about new products and services, special offers, and various events. The User can always unsubscribe from receiving informational messages by sending an email to apply@adency.pro with the subject line "Opt-out of notifications about new products, services, and special offers."
7.3. Anonymized data of Users collected using Internet statistics services is used to collect information about Users' actions on the website and to improve the quality of the website and its content.
8. Legal Basis for Processing Personal Data
8.1. The legal bases for processing personal data by the Data Processor are as follows:
– Compliance with legal obligations to which the Data Controller or Data Processor is subject (Article 6(1)(c) GDPR);
– Performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
– Legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the data subject’s rights and freedoms (Article 6(1)(f) GDPR);
– The data subject’s consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) GDPR);
– Processing of special categories of personal data where the data subject has given explicit consent, or where another condition under Article 9(2) GDPR applies;
– Other lawful bases provided by applicable EU and national data-protection laws.
8.2. The Data Processor processes the User's personal data only if it is completed and/or submitted by the User independently through special forms located on the website https://adency.pro or sent to the Data Processor via email. By filling out the relevant forms and/or sending their personal data to the Data Processor, the User expresses their consent to this Policy.
8.3. The Data Processor processes anonymized data about the User if this is permitted in the User’s browser settings (the storage of cookies and the use of JavaScript technology are enabled).
8.4. The subject of personal data independently makes the decision to provide his personal data and gives consent freely, of his own free will and in his own interests.
9. Terms of personal data processing
9.1. Personal data processing is carried out with the consent of the personal data subject to the processing of their personal data.
9.2. The processing of personal data may be necessary for compliance with a legal obligation to which the Data Processor or Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority in accordance with Article 6(1)(c) and (e) of the General Data Protection Regulation (GDPR) and other applicable data-protection laws.
9.3. The processing of personal data may be necessary for the establishment, exercise, or defence of legal claims, for the execution of a judicial decision, or for compliance with other legal obligations arising from applicable law, in accordance with Articles 6(1)(c), 6(1)(e), and, where relevant, Article 9(2)(f) of the General Data Protection Regulation (GDPR).
9.4. The processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party, beneficiary or guarantor as well as for concluding an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor.
9.5. The processing of personal data is necessary for the exercise of the rights and legitimate interests of the Data Processor or third parties or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data.
9.6. The processing of personal data that have been made publicly available by the data subject or at the data subject’s request (hereinafter “publicly available personal data”) may be carried out in accordance with Article 9(2)(e) of the General Data Protection Regulation (GDPR). Personal data that must be published or disclosed by law may also be processed in compliance with Article 6(1)(c) of the GDPR and other applicable legal requirements.
10. Procedure for collecting, storing, transferring, and otherwise processing personal data
The security of personal data processed by the Data Processor is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
10.1. The Data Processor ensures the security of personal data and takes all possible measures to prevent unauthorized persons from accessing personal data.
10.2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to compliance with current legislation or in the event that the subject of the personal data has given consent to the Data Processor to transfer the data to a third party for the fulfillment of obligations under a civil law contract.
10.3. If any inaccuracies are discovered in personal data, the User may update them independently by sending a notification to the Data Processor 's email address apply@adency.pro with the subject "Updating personal data."
10.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless another period is provided for by the agreement or applicable legislation.
The User may revoke their consent to the processing of personal data at any time by sending a notification to the Data Processor via email to the Data Processor 's email address apply@adency.pro with the subject line "Revocation of consent to the processing of personal data."
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by the said entities in accordance with their User Agreement and Privacy Policy. The personal data subject and/or the User are obligated to review the specified documents promptly. The Data Processor is not responsible for the actions of third parties, including the service providers specified in this clause.
10.6. Restrictions imposed by the data subject on the transfer or processing of their personal data do not apply where such processing is necessary for reasons of substantial public interest, for the performance of a task carried out in the public interest or in the exercise of official authority, or where such processing is required by law. These exceptions are applied strictly in accordance with Articles 6(1)(c), 6(1)(e), 9(2)(g), and 23 of the General Data Protection Regulation (GDPR).
10.7. When processing personal data, the Data Processor ensures the confidentiality of personal data.
10.8. The Data Processor shall retain personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed, unless a longer retention period is required by applicable law or by a contract to which the data subject is a party, or is otherwise lawfully justified under the General Data Protection Regulation (GDPR).
10.9. The condition for termination of the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the consent of the subject of personal data or the revocation of consent by the subject of personal data, as well as the detection of unlawful processing of personal data.
11. List of actions performed by the Data Processor with received personal data
11.1. The Data Processor collects, records, systematizes, accumulates, stores, clarifies (updates, changes), retrieves, uses, transfers (distributes, provides, accesses), depersonalizes, blocks, deletes, and destroys personal data.
11.2. The Data Processor carries out automated processing of personal data with or without the receipt and/or transmission of the received information via information and telecommunications networks.
12. Cross-border transfer of personal data
12.1. Before commencing the cross-border transfer of personal data, the Data Processor is obliged to ensure that the foreign state to whose territory the personal data is to be transferred ensures reliable protection of the rights of personal data subjects.
12.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements may be carried out only if there is written consent from the subject of personal data to the cross-border transfer of his personal data and/or the execution of an agreement to which the subject of personal data is a party.
13. Confidentiality of Personal Data
The Data Processor and other persons who have access to personal data are obligated not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by law.
14. Final Provisions
14.1. The User may obtain any clarification on any questions regarding the processing of their personal data by contacting the Data Processor via email at apply@adency.pro.
14.2. This document will reflect any changes to the Data Processor 's personal data processing policy. This policy is valid indefinitely until replaced by a new version.
14.3. The current version of the Policy is publicly available online at https://adency.pro/policy
This Personal Data Processing Policy is issued in accordance with Regulation (EU) 2016/679 (the “General Data Protection Regulation” or “GDPR”), the ePrivacy Directive 2002/58/EC (as implemented in the relevant EU/EEA Member State(s)), and other applicable EU and national data-protection laws. It sets out how we process personal data and the measures we take to ensure the security of personal data taken by Lu Project S.L., NIF B21778725 (hereinafter referred to as the Data Processor).
1.1. The Data Processor sets as its most important goal and condition for the implementation of its activities the observance of the rights and freedoms of individuals and citizens when processing their personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Data Processor policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Data Processor may receive about visitors to the website https://adency.pro.
2. Key Concepts Used in the Policy
2.1. Automated Processing of Personal Data – Processing of personal data using computer technology.
2.2. Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.3. Website – a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://adency.pro.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.5. Depersonalization of personal data — actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or another subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Data Processor – a state body, municipal body, legal entity or individual that, independently or jointly with other persons, organizes and/or carries out the processing of personal data, determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://adency.pro.
2.9. Personal data permitted for distribution by the subject of personal data are personal data, access to which by an unlimited number of persons is provided by the subject of personal data by giving consent to the processing of personal data permitted for distribution by the subject of personal data in the manner prescribed by the GDPR and applicable data-protection laws (hereinafter referred to as personal data permitted for distribution).
2.10. User – any visitor to the website https://adency.pro.
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the publication of personal data in the media, posting on information and telecommunications networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign government body, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data – any actions as a result of which personal data are irrevocably destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and (or) the destruction of tangible media of personal data.
3. Basic Rights and Obligations of the Data Processor
3.1. The Data Processor has the right to:
– receive reliable information and/or documents containing personal data from the personal data subject;
– in the event of the personal data subject’s withdrawal of consent to the processing of personal data, the Data Processor has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the GDPR and applicable data-protection laws;
– independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the GDPR and applicable data-protection laws, unless otherwise provided by the GDPR and applicable data-protection laws.
3.2. The Data Processor is obligated to:
– provide the personal data subject, upon request, with information regarding the processing of their personal data;
– ensure that the processing of personal data is carried out in compliance with the requirements of the General Data Protection Regulation (GDPR) and other applicable data-protection laws;
– respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the GDPR and applicable data-protection laws;
- communicate the necessary information to the authorized body for the protection of the rights of personal data subjects upon request of that body within 30 days of the date of receipt of such request;
- publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
– cease transferring (distributing, providing, accessing) personal data, cease processing, and destroy personal data in the manner and cases stipulated by the GDPR and applicable data-protection laws;
– fulfill other obligations stipulated by the GDPR and applicable data-protection laws.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects have the right to:
– obtain information about the processing of their personal data, in accordance with the rights granted to them under the General Data Protection Regulation (GDPR), except where such disclosure would adversely affect the rights and freedoms of others. Information is provided to the personal data subject by the Data Processor in an accessible form, and they must not contain personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the GDPR and applicable data-protection laws;
– to demand from the Data Processor clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also to take measures provided by law to protect his rights;
- require prior consent when processing personal data for the purpose of promoting goods, works, and services;
- revoke consent to the processing of personal data;
– appeal to the authorized body for the protection of the rights of personal data subjects or in court against the Data Processor’s unlawful actions or inactions in the processing of their personal data;
– Data subjects also have the right to exercise all other rights granted to them under the General Data Protection Regulation (GDPR) and applicable data-protection laws. These include, where applicable, the rights to rectification, erasure, restriction of processing, data portability, and objection to processing.
4.2. Personal data subjects are obligated to:
– provide the Data Processor with accurate information about themselves;
– notify the Data Processor of any clarifications (updates, changes) to their personal data.
4.3. Persons who have provided the Data Processor with false information about themselves or information about another personal data subject without the latter's consent shall be liable in accordance with the General Data Protection Regulation (GDPR) and applicable data-protection laws.
5. The Data Processor may process the following personal data of the User:
5.1. Last name, first name, patronymic.
5.2. Email address.
5.3. Telephone numbers.
5.4. The website also collects and processes anonymized data about visitors (including cookies) using internet statistics services (Google Analytics , Yandex Metrica and others).
5.5. The above data is hereinafter collectively referred to as "Personal Data."
5.6. The Data Processor does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or intimate life.
5.7. The processing of special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, health data, or data concerning a person’s sex life or sexual orientation) is only permitted in accordance with Article 9 of the General Data Protection Regulation (GDPR). Such data may be processed only when one of the lawful grounds set out in Article 9(2) applies and appropriate safeguards are in place.
5.8. Where the processing of personal data is based on the User’s consent, such consent must be given freely, specifically, informedly, and unambiguously, in accordance with Article 6(1)(a) and, where applicable, Article 9(2)(a) of the General Data Protection Regulation (GDPR). Consent for the processing of special categories of personal data or for making personal data publicly available is obtained separately from any other consents. The content and form of consent comply with the requirements of the GDPR and guidance issued by the competent data-protection authorities.
5.8.1 The User provides consent to the processing of personal data permitted for distribution directly to the Data Processor.
5.8.2 The Data Processor is obliged, no later than three working days from the date of receipt of the User's consent, to publish information on the processing conditions, the existence of prohibitions and conditions for the processing of personal data by an unlimited number of persons, permitted for distribution.
5.8.3 The transfer (distribution, provision, access) of personal data permitted for distribution by the subject of personal data must be terminated at any time at the request of the subject of personal data. This requirement must include the last name, first name, patronymic (if any), contact information (phone number, email address or postal address) of the personal data subject, as well as a list of personal data whose processing is subject to termination. The personal data specified in this request may only be processed by the Data Processor to whom it is sent.
5.8.4 Consent to the processing of personal data permitted for distribution shall cease to be valid from the moment the Data Processor receives the request specified in clause 5.8.3 of this Policy regarding the processing of personal data.
6. Principles of Personal Data Processing
6.1. Personal data will be processed lawfully and fairly.
6.2. Personal data will be processed only to achieve specific, predetermined, and legitimate purposes. Processing of personal data that is incompatible with the purposes for which it was collected is prohibited.
6.3. Combining databases containing personal data processed for incompatible purposes is prohibited.
6.4. Only personal data that is relevant to the purposes for which it is processed may be processed.
6.5. The content and volume of processed personal data correspond to the stated processing purposes. Processed personal data may not be excessive in relation to the stated processing purposes.
6.6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data to the purposes of processing the personal data are ensured. The Data Processor takes and/or ensures that necessary measures are taken to delete or clarify incomplete or inaccurate data.
6.7. Personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed, unless a longer retention period is required by applicable law or justified by legitimate interests permitted under the General Data Protection Regulation (GDPR). Once the purposes of processing have been fulfilled, or the personal data are no longer necessary, such data shall be securely deleted or anonymized, unless otherwise required by law.
7. Purposes of Processing Personal Data
7.1. Purpose of Processing the User's Personal Data:
– Informing the User via email;
– Concluding, executing, and terminating civil contracts;
– Providing the User with access to services, information, and/or materials contained on the website https://adency.pro.
7.2. The Data Processor also reserves the right to send the User notifications about new products and services, special offers, and various events. The User can always unsubscribe from receiving informational messages by sending an email to apply@adency.pro with the subject line "Opt-out of notifications about new products, services, and special offers."
7.3. Anonymized data of Users collected using Internet statistics services is used to collect information about Users' actions on the website and to improve the quality of the website and its content.
8. Legal Basis for Processing Personal Data
8.1. The legal bases for processing personal data by the Data Processor are as follows:
– Compliance with legal obligations to which the Data Controller or Data Processor is subject (Article 6(1)(c) GDPR);
– Performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) GDPR);
– Legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the data subject’s rights and freedoms (Article 6(1)(f) GDPR);
– The data subject’s consent to the processing of their personal data for one or more specific purposes (Article 6(1)(a) GDPR);
– Processing of special categories of personal data where the data subject has given explicit consent, or where another condition under Article 9(2) GDPR applies;
– Other lawful bases provided by applicable EU and national data-protection laws.
8.2. The Data Processor processes the User's personal data only if it is completed and/or submitted by the User independently through special forms located on the website https://adency.pro or sent to the Data Processor via email. By filling out the relevant forms and/or sending their personal data to the Data Processor, the User expresses their consent to this Policy.
8.3. The Data Processor processes anonymized data about the User if this is permitted in the User’s browser settings (the storage of cookies and the use of JavaScript technology are enabled).
8.4. The subject of personal data independently makes the decision to provide his personal data and gives consent freely, of his own free will and in his own interests.
9. Terms of personal data processing
9.1. Personal data processing is carried out with the consent of the personal data subject to the processing of their personal data.
9.2. The processing of personal data may be necessary for compliance with a legal obligation to which the Data Processor or Data Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority in accordance with Article 6(1)(c) and (e) of the General Data Protection Regulation (GDPR) and other applicable data-protection laws.
9.3. The processing of personal data may be necessary for the establishment, exercise, or defence of legal claims, for the execution of a judicial decision, or for compliance with other legal obligations arising from applicable law, in accordance with Articles 6(1)(c), 6(1)(e), and, where relevant, Article 9(2)(f) of the General Data Protection Regulation (GDPR).
9.4. The processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party, beneficiary or guarantor as well as for concluding an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor.
9.5. The processing of personal data is necessary for the exercise of the rights and legitimate interests of the Data Processor or third parties or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data.
9.6. The processing of personal data that have been made publicly available by the data subject or at the data subject’s request (hereinafter “publicly available personal data”) may be carried out in accordance with Article 9(2)(e) of the General Data Protection Regulation (GDPR). Personal data that must be published or disclosed by law may also be processed in compliance with Article 6(1)(c) of the GDPR and other applicable legal requirements.
10. Procedure for collecting, storing, transferring, and otherwise processing personal data
The security of personal data processed by the Data Processor is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
10.1. The Data Processor ensures the security of personal data and takes all possible measures to prevent unauthorized persons from accessing personal data.
10.2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to compliance with current legislation or in the event that the subject of the personal data has given consent to the Data Processor to transfer the data to a third party for the fulfillment of obligations under a civil law contract.
10.3. If any inaccuracies are discovered in personal data, the User may update them independently by sending a notification to the Data Processor 's email address apply@adency.pro with the subject "Updating personal data."
10.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless another period is provided for by the agreement or applicable legislation.
The User may revoke their consent to the processing of personal data at any time by sending a notification to the Data Processor via email to the Data Processor 's email address apply@adency.pro with the subject line "Revocation of consent to the processing of personal data."
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by the said entities in accordance with their User Agreement and Privacy Policy. The personal data subject and/or the User are obligated to review the specified documents promptly. The Data Processor is not responsible for the actions of third parties, including the service providers specified in this clause.
10.6. Restrictions imposed by the data subject on the transfer or processing of their personal data do not apply where such processing is necessary for reasons of substantial public interest, for the performance of a task carried out in the public interest or in the exercise of official authority, or where such processing is required by law. These exceptions are applied strictly in accordance with Articles 6(1)(c), 6(1)(e), 9(2)(g), and 23 of the General Data Protection Regulation (GDPR).
10.7. When processing personal data, the Data Processor ensures the confidentiality of personal data.
10.8. The Data Processor shall retain personal data in a form that permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed, unless a longer retention period is required by applicable law or by a contract to which the data subject is a party, or is otherwise lawfully justified under the General Data Protection Regulation (GDPR).
10.9. The condition for termination of the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the consent of the subject of personal data or the revocation of consent by the subject of personal data, as well as the detection of unlawful processing of personal data.
11. List of actions performed by the Data Processor with received personal data
11.1. The Data Processor collects, records, systematizes, accumulates, stores, clarifies (updates, changes), retrieves, uses, transfers (distributes, provides, accesses), depersonalizes, blocks, deletes, and destroys personal data.
11.2. The Data Processor carries out automated processing of personal data with or without the receipt and/or transmission of the received information via information and telecommunications networks.
12. Cross-border transfer of personal data
12.1. Before commencing the cross-border transfer of personal data, the Data Processor is obliged to ensure that the foreign state to whose territory the personal data is to be transferred ensures reliable protection of the rights of personal data subjects.
12.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements may be carried out only if there is written consent from the subject of personal data to the cross-border transfer of his personal data and/or the execution of an agreement to which the subject of personal data is a party.
13. Confidentiality of Personal Data
The Data Processor and other persons who have access to personal data are obligated not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by law.
14. Final Provisions
14.1. The User may obtain any clarification on any questions regarding the processing of their personal data by contacting the Data Processor via email at apply@adency.pro.
14.2. This document will reflect any changes to the Data Processor 's personal data processing policy. This policy is valid indefinitely until replaced by a new version.
14.3. The current version of the Policy is publicly available online at https://adency.pro/policy