The Data Protection Manager (DPM) of MDAICReal, hereinafter referred to as BIZNIZWEB-SK, proclaims and accepts its responsibility to protect the user’s personal information. This declaration document contains the rules and regulations upon which such information and data are collected and used, and also the reasons for disclosure of such information and data. These rules apply to any personal information collected by MDAICReal.
2. WHAT IS GDPR?
The General Data Protection Regulation (GDPR) is a EU-wide regulation that controls how companies and other organizations handle personal data. It is the most significant initiative on data protection in 20 years and has major implications for any organisation in the world, serving individuals from the European Union.
To give people control over how their data is used and to protect "fundamental rights and freedoms of natural persons", the legislation sets out strict requirements on data handling procedures, transparency, documentation and user consent.
Any organisation must keep record of and monitor personal data processing activities.
As data controller, any organization must keep record of and monitor personal data processing activities. This includes personal data handled within the organisation, but also by third parties – so called data processors.
Data processors can be anything from Software-as-a-Service providers to embedded third party services, tracking and profiling visitors on the organisation’s website.
Both data controllers and processors must be able to account for what kind of data is being processed, the purpose of the processing and to which countries and third parties the data is transmitted.
If personal data is being sent to organisations or jurisdictions beyond the reach of the GDPR or that are not deemed 'adequate' by the GDPR, one must inform the user specifically about this and the risks involved.
All consents must be recorded as evidence that consent has been given.
No processing of sensitive personal data is allowed without a person’s explicit consent. For non-sensitive data, implied consent will do. In either case the consent must be freely given on basis of clear and specific information about data types and purpose – and always before any processing takes place, also known as ‘prior’ consent. All consents must be recorded as evidence that consent has been given.
Individuals now have the "right of data portability", the "right of data access" along with the "right to be forgotten" and can withdraw their consent whenever they want. In such case the data controller must delete the individual’s personal data if it's no longer necessary to the purpose for which it was collected.
In case of a data breach, the company must be able to notify data protection authorities and affected individuals within 72 hours.
Furthermore, GDPR imposes an obligation on public authorities, organisations with more than 250 employees and companies processing sensitive personal data at a large scale to employ or train a data protection officer (DPO). The DPO must take measures to ensure GDPR.
3. COLLECTION OF DATA OR INFORMATION
When browsing on the site, technical non-personal information about the user such as the user’s IP address, address of another transitional site, visiting time of the site, and browser type and language version, may be collected automatically. We may also collect and analyse navigational information such as the address, actions performed at the Site, including jumps to and from inner links, etc.
Pursuant to the rules and regulations of the General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR), the user’s personal data and information is collected only upon prior permission from the user to collect and use certain information within these rules. Giving such permission, the user supplies such data and information voluntarily.
"Personal information" includes:
- Information provided by the user during registration at the website, including the login, full name and e-mail. When user registers as a property owner, potential client or a regular client on the website, MDAICReal collects additional information such as postal address and contact phone number;
- Information provided by the user during sale, purchase, rental and/or service, such as a billing address, bank account details and the credit card number;
- If the user is registered as a property owner, information provided by him/her for payments, including data about the account in a financial institution used for the payments, and also information supplied by the user for personal identification (copy of the passport, driver’s license or another personal identification document).
- Registered users also have an option to provide additional personal information such as address and phone number within their profiles. Each user can control what information is displayed publicly at “Edit profile” page.
MDAICReal never ask users to provide genetic data, biometric data, information revealing racial or ethnic origin of users, their political opinions, religious or philosophical beliefs, trade-union membership, and data concerning their health or sex life or sexual orientation.
Every user has the right to cancel his/her registration, withdrawing submitted personal data and information at any time. However, in this case, some functions and services offered at the website may be degraded and/or made unavailable, in part or in its entirety.
4. USE OF PERSONAL DATA OR INFORMATION
The GDPR defines personal data as "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Online identifiers such as IP addresses now qualify as personal data, unless anonymized.
Pseudonymised personal data is also subject to the GDPR, if it by reverse engineering is possible to identify whose data it is.
We, at MDAICReal, collect and use the user’s personal data or information only for the following purposes:
- Processing of the user's inquiries and operations at the website;
- Creation, management and maintenance of an account;
- Data analysis and statistical research for the purposes of improving offered products and services;
- Customer service;
- Identification of the supplied files as belonging to a certain seller, buyer, client or partner, etc.;
- Provision and display of the content specially chosen in accordance with preferences and interests of the user;
- Payment (e.g. charges, commission, reimbursement from cancelled contract, etc.);
- Maintenance of operation of interactive areas;
- Realization of communication and contacts on matters concerning transactions made by the User;
- Marketing communications for promotion and advertising of MDAICReal’s and third-party products & services;
- Notification about new products and services to the website user;
MDAICReal will ask for user’s consent before using his/her personal data or information for a purpose other than listed in this Policy.
MDAICReal collects personal data or information about its users only and does not require users to provide.
MDAICReal with personal information of any third persons, except for case of sharing the lightbox preview as described below.
MDAICReal has the ability to send communications concerning transactions performed by the user, payment reminders and questions concerning purchase confirmation.
Users are free to select one-click opt-out possibility to unsubscribe from promotional and advertising communications. MDAICReal will not further send promotional and advertising messages once objection is received from a user. This one-click subscription is not available for transactional messages that are generally required. To opt-out of communications connected to transactions, users shall deactivate their accounts.
Our promotional and advertising messages will always be clearly identified as promotional and/or advertising and will always contain both return e-mail address and physical postal address of MDAICReal. This return e-mail address will be capable of receiving user communications for no less than 30 days after the transmission of the original message.
As an international Real Estate Company, personal data or information collected by MDAICReal may be processed and stored in other countries at facilities belonging to MDAICReal and/or legally used by MDAICReal. Supplying MDAICReal with the personal information, users permit its transfer outside the country within the bounds of such use, provided that privacy laws other countries where the information Is transferred may not be as protective as those in users’ jurisdiction.
5. DISCLOSURE OF PERSONAL INFORMATION
Except in situations clearly stated within these rules, MDAICReal does not disclose, sell, lease, lend, rent or make available personal data or information of the user to any third parties.
Users’ personal data or information can be disclosed and shared with partner agencies that render services on behalf of MDAICReal. The services may include money transfer, data storage, reselling licenses, payment processing, etc. These third parties will receive only the information required to provide said specific services; the information will be kept and protected by the same principles and level of protection followed by MDAICReal, and it cannot be used for any other purposes.
Information about users may also be passed and disclosed as a business asset in the case of acquisition, sale or absorption of the company. In the event of this unlikely case, MDAICReal will inform users in accordance with the procedure outlined below.
MDAICReal reserves the right to disclose and pass personal data or information of the user if it is required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Site.
6. ACCESS TO OWN PERSONAL DATA OR INFORMATION
Information indicated by the User at the Site can be reviewed and edited in the section «Main Menu — Profile». Alternatively, users may contact MDAICReal at firstname.lastname@example.org and request a copy of information collected by MDAICReal to be extracted and provided in a readable format. MDAICReal will respond to such request without unreasonable delay.
We will retain users’ information for as long as their accounts are active or as needed to provide services to users.
Users shall contact us at email@example.com in order to cancel his or her account or request that we delete or no longer use their information to provide services. In this case, we will retain and use user’s information only to the extent, necessary to comply with our legal obligations, prevention of fraud, resolution of disputes and performance of our agreements.
The user can allow or forbid the use and acceptance of cookies on his/her computer. If cookies are blocked by the user, it may prevent the User from being able to register or perform other interactive functions of the website, but it will not affect the user’s ability to perform general navigation within the website.
The email information collected for sending light boxes is not stored or used for any other purpose. That information is not shared with any other parties.
8. PROTECTION OF THE USER'S PERSONAL DATA OR INFORMATION
MDAICReal actively monitors and enforces the data or information protection standards during all MDAICReal' activity, consisting mainly of the followings:
- Limitation of the rendered access to information only to those employees who need it for providing services to the User;
- Signature of confidentiality treaties by employees;
- Signature by partners and external companies invited for fulfilment of particular functions of confidentiality treaties and agreements concerning non-use of such information for any unauthorized purposes;
- Encryption of payment data such as credit card number using SSL technology through the use of our third-party payment gateway service providers;
- Storing of the personal information obtained from the User in encrypted form, at protected computers secured from unauthorized access.
Since there is no perfect secure method of protecting information during its storage, processing and transfer into electronic form, MDAICReal does not give the full warranty of its complete safety, despite all efforts made by the company. If information of an account and personal data of the User are protected with a password, safety and nondisclosure of this password are responsibility of the User him/herself.
Users also have a right to lodge a complaint with competent supervisory authorities in countries of their residence or location should users consider that any of their privacy rights may be infringed by MDAICReal.
9. SENDING A LIGHTBOX
If you choose to use our referral service to send a friend a preview of a lightbox, we will ask you for your friend’s email address. We will automatically send your friend a one-time email inviting him or her to visit the Site and view the lightbox. MDAICReal does not store this information, it is for the sole purpose of sending this one-time email.
10. OPEN USER ID
You can log in to our website using sign-in services such as Facebook Connect or an Open User ID. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form. Services like Facebook Connect give you the option to post information about your activities on the website to your profile page to share with others within your network.
11. MINOR USERS
Site, Site content and services are neither intended to be used by minors and persons under age of 18, nor designed and intended to wilfully and knowingly collect, use, or disclose any personal information from minors and persons under age of 18. MDAICReal will immediately remove personal information from children and/or search to obtain a verifiable parental consent for the collection use, or disclosure of personal information from children, once it will come to MDAICReal’s attention that any personal information from children was submitted or collected through the Site.
The User confirms and warrants that he/she has reached the age of 18, has all the sufficient for usage of the Site and is bound by legal obligations sufficient for any liability that can appear as a result of usage of the Site files. The User agrees to bear full responsibility for all cases of the Site usage without distinction, as well as for use of his/her login and password by third parties including minors and persons under age of 18 living with him/her.
The Site pages can contain links to sites, services and functions of third parties, subsidiaries and affiliates that may use and conform to different rules and procedures of confidentiality provision from those stated here. MDAICReal is not responsible for the policy of confidentiality of such resources.
13. SOCIAL MEDIA WIDGETS
Our Site includes Social Media Features, such as the Facebook Like button, and Widgets, such as the Share This button, or interactive mini-programs that run on our Site. These Features may collect your Internet protocol address, which page(s) you are visiting on our Site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing it.
14. CHANGES TO THESE RULES
Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To request removal of your personal information from our blog or community forum, contact us at firstname.lastname@example.org .
16. CONTACT US
Both users and persons who don’t use MDAICReal services shall be free to contact MDAICReal or BIZNIZWEB with any questions, concerns or suggestions regarding our privacy.