1. General terms
1.1. The Personal Data Processing Policy (hereinafter referred to as the Policy) has been developed to protect Mojo Clients personal data.
1.2. This Policy is the fundamental internal regulatory document of VOCÁBULO INÉDITO UNIPESSOAL LDA (hereinafter referred to as the Company) in the field of processing and ensuring the security of personal data, and was developed in order to implement the requirements of the legislation in the field of processing and ensuring the security of personal data and is aimed at ensuring the protection of human (citizen) rights and freedoms during processing his personal data in the Company.
1.3. This Policy applies to all operations performed by the Operator with personal data using automation tools or without their use.
1.4. The requirements of this Policy apply to all employees of the Company and must be communicated to them under signature.
2. Purposes of personal data processing
2.1. The categories and list of processed personal data (hereinafter – PD), categories of subjects whose PD is processed, methods, terms of processing and storage of PD for each purpose of PD processing are contained in this Policy (Appendix 1), and are updated if they change.
2.2. The procedure for the destruction of PD upon achievement of the purposes of their processing or upon the occurrence of other legal grounds is determined in accordance with the requirements of Clients legislation, therefore it is applicable for all purposes of processing personal data. To ensure the observance of legality in the Company's activities in accordance with the legislation, organizes the preparation of relevant documents.
3. The procedure and conditions for processing personal data
3.1. The processing of personal data (hereinafter – PD) in the Company is carried out on a lawful and fair basis and is limited to achieving specific, predetermined and legitimate goals. Only those PD's that meet the purposes of their processing are subject to processing. The content and volume of PD processed in the Company correspond to the stated processing goals, redundancy of processed PD is not allowed. If necessary, the Company takes measures to eliminate their redundancy in relation to the stated processing purposes.
3.2. When processing PD in the Company, their accuracy, sufficiency and relevance in relation to the purposes of processing are ensured. The Company takes the necessary measures to remove or clarify incomplete or inaccurate PD.
3.3. The storage of PD in the Company is carried out in a form that allows determining the subject of personal data, no longer than the purposes of their processing require, unless the period of storage of personal data is established by federal law or an agreement to which the subject of personal data is a party, beneficiary or guarantor. Processed PD is destroyed upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal laws.
3.4. The Company processes other and publicly available categories of PD of PD subjects, as well as special categories of PD related to the health status of employees, in cases provided for by labor legislation. The Company may process information on the health status of other categories of PD subjects on behalf of counterparties, while the Company's counterparties undertake to obtain written consent from the subjects of PD processing.
3.5. The Company does not process special categories of personal data relating to race and nationality, political views, religious and philosophical beliefs, intimate life, criminal record of the subject of personal data, as well as biometric personal data.
3.6. The subject of personal data decides to provide his personal data and gives Consent freely, of his own free will and in his own interest.
3.7. Consent is given in any form that allows you to confirm the fact of its receipt. In cases provided for by the legislation, consent is given in any form that allows confirming the fact of its receipt, including by performing the actions indicated on the Website. Consent to this Policy means that the subject of personal data provides consent to the processing of his personal data in the ways specified in the Policy.
3.8. The consent to the processing of personal data of the personal data subject comes into force from the date of its acceptance (signing) and is valid for an indefinite period and can be revoked on the basis of a written application of the personal data subject in any form.
3.9. In the course of its activities, the Company may provide and (or) entrust the processing of PD to another person with the consent of the PD subject, unless otherwise provided by federal laws. In this case, a prerequisite for providing and (or) ordering the processing of PD to another person is the obligation of the parties to respect the confidentiality and security of PD during their processing.
3.10. The legal names of such third parties and the addresses of their location are defined in the Privacy Statement, which the PD subject agrees to, or in the consent to the processing of PD, which the PD subject gives, or in another document that defines the conditions for the processing of PD, which the PD subject agrees to.
3.11. The Company does not publish the PD of the subject in publicly available sources without his prior written consent.
3.12. The Company does not distribute the PD of the subject without his prior separate consent to the processing of PD authorized by the subject for distribution.
3.13. The Company does not disclose information about the specific means and methods used to ensure the information security of personal data in order to ensure an appropriate level of PD protection.
4. Measures taken to ensure the security of personal data
4.1. In order to ensure the security of personal data (hereinafter – PD) during their processing, the Company independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by legislation in the field of PD. Such measures include:
4.1.1. appointment of the responsible person for the organization of PD processing;
4.1.2. publication of documents defining the Company's policy regarding the processing of PD, local acts on the processing of PD, defining for each purpose of PD processing the categories and list of processed PD, categories of subjects whose PD is processed, methods, terms of their processing and storage, the procedure for the destruction of PD when achieving the goals of their processing or upon the occurrence of other legitimate grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation, eliminating the consequences of such violations;
4.1.3. application of legal, organizational and technical measures to ensure the safety of PD;
4.1.4. implementation of internal control of compliance of PD processing with the legislation in the field of PD and regulatory legal acts adopted in accordance with it, requirements for the protection of PD, the Company's policy regarding PD processing, local acts of the Company;
4.1.5. assessment of the harm that may be caused to PD subjects in case of violation of legal requirements, the ratio of the specified harm and the security measures taken by the Company;
4.1.6. familiarization of the Company's employees who directly process personal data with the requirements for personal data protection, documents defining the Company's policy regarding personal data processing, local acts on personal data processing, and (or) training of these employees;
4.1.7. other measures to ensure the safety of personal data used by the Company.
4.2. The Company's management is aware of the importance and necessity of ensuring the safety of PD and encourages continuous improvement of the system of protection of personal data processed by the Company.
5. Rights and obligations of personal data subjects
5.1. Personal data subjects (hereinafter referred to as PD) have the right to:
5.1.1. freely, on their own initiative and in their own interests, provide their personal data and consent to their processing;
5.1.2. revoke previously granted consent to the processing of PD, including the distribution of PD;
5.1.3. receive information regarding the processing of their personal data;
5.1.4. to require clarification of the PD in case the PD is incomplete, outdated, unreliable;
5.1.5. to demand the termination of PD processing if PD is illegally obtained, is not necessary for the stated purpose of PD processing or is used for purposes for which there is no legal basis for their processing;
5.1.6. appeal against the actions or inaction of the Company to the authorized body for the protection of the rights of PD subjects and (or) in a pre-trial (judicial) order if it considers that the Company processes its PD in violation of the requirements of legislation;
5.2. PD subjects are obliged to:
5.2.1. provide the Company with reliable information;
5.2.2. inform the Company about changes in their personal data (if possible, using the personal account to make such changes to the personal data and (or) by contacting the Company);
5.2.3. when providing PD of third parties to the Company, notify such third parties about the transfer of their PD to the Company, as well as obtain the necessary consents to transfer PD to the Company;
6. Rights and obligations of the company as an operator of personal data
6.1. The Company has the right to:
6.1.1. to process the PD of the subject in accordance with the stated goals;
6.1.2. require the PD subject to provide reliable PD;
6.1.3. in case of withdrawal of consent to the processing of personal data by the subject, continue processing of his personal data, if the Company has other legal grounds for such processing of personal data;
6.1.4. assign PD processing to another person with the consent of the PD subject;
6.1.5. other rights provided for by the legislation.
6.2. The Company is obliged to:
6.2.1. not disclose or distribute PD without the consent of the PD subject, unless otherwise provided by the legislation;
6.2.2. provide the PD subject or its representative, upon their request, with information, the provision of which is mandatory in accordance with the legislation, and within the time limits determined by such legislation;
6.2.3. provide the PD subject or his representative with the opportunity to get acquainted with the PD subject's processed PD;
6.2.4. explain to the PD subject the legal consequences of refusing to provide PD and (or) consent to their processing;
6.2.5. to prevent, and in case of their detection, eliminate violations of the legislation in the field of processing and ensuring the safety of PD;
6.2.6. perform other duties provided for by the legislation.
7. Responding to requests from personal data subjects
7.1. The subject of personal data (hereinafter referred to as PD) or his representative may contact the Company regarding the processing of PD by sending a written request sent to the Company by registered mail or by e–mail: support@mojo.education (in free form, taking into account the requirements for the content of such an appeal), in the following cases:
7.1.1. obtaining information regarding the processing of his personal data;
7.1.2. clarification of their personal data, if they are incomplete, outdated, inaccurate;
7.1.3. filing a complaint about the illegal processing of personal data and (or) a request to terminate the processing of personal data;
7.1.14. withdrawal of consent to PD processing;
7.1.5. withdrawal of consent to the processing of PD authorized by the PD subject for distribution;
7.2. The requested information is provided to the PD subject or his representative in the form in which the relevant Request was sent, unless otherwise specified in the Request of the PD subject or his representative.
8. Information on the existence of prohibitions and conditions for the processing by an unlimited number of persons of personal data authorized by the subject for distribution.
8.1. VOCÁBULO INÉDITO UNIPESSOAL LDA (hereinafter referred to as the Company) distributes, that is, discloses personal data (hereinafter referred to as PD) to an unlimited number of persons, taking into account the conditions and prohibitions specified below established by the PD subject.
8.2. Categories and list of PD for processing which PD subjects have established conditions and prohibitions, as well as a list of established conditions and prohibitions:
8.2.1. In relation to other categories of personal data, including surname, first name, photo, short and full description of the speaker, review of the Company's product, the following conditions and prohibitions are established:
- processing of the specified PD is allowed only on the Company's websites;
- it is prohibited to copy PD and (or) post them on other websites and (or) information resources.
8.3. Conditions under which the received PD can be transmitted by the Company (PD operator) processing PD only through its internal network, providing access to information only for strictly defined employees, either using information and telecommunication networks, or without transmitting the received PD:
8.3.1. In relation to other categories of PD, including last name, first name, photo, short and full description of the speaker, review of the Company's product, the following conditions are established:
- the processing of these PD is allowed using both the Company's internal network and the Internet information and communication network, by posting PD on the Company's websites.
9. Final regulations
9.1. The Company, as well as its employees, bear civil, administrative and other liability for non-compliance with the principles and conditions of personal data processing, as well as for disclosure or illegal use of personal data.
9.2. This Policy is publicly available and is subject to posting on the official website of the Company. At the same time, it is allowed to provide unrestricted access to the Policy in any other possible way.
