POLICY REGARDING THE PROCESSING OF PERSONAL DATA
1. GENERAL PROVISIONS
Policy regarding the processing of personal data
The Policy defines the rules of the V R T X GLOBAL NETWORK SERVICES L.L.C (hereinafter referred to as the Operator) in relation to the processing of personal data and discloses information about the implemented measures to ensure the security of personal data from the Operator in order to protect the human and civil rights and freedoms in relation to the processing of personal data.
The provisions of the Policy are fundamental and basic for the arranging of the processing of personal data by the Operator and development of Operator’s internal local acts regulating the processing and protection of personal data.
Operator recognizes his obligation to keep sensitive information secure and has created this privacy and security statement to share and explain the current information management practices.
Operator
V R T X GLOBAL NETWORK SERVICES L.L.C
Address: 211 office, SUNSHINE 2, Naif, Dubai, UAE.
Requests of personal data subjects regarding the processing of their personal data shall be accepted by the Operator at the Operator's address.
Commercial license № 1083151.
The subjects of personal data can send their request, signed with an enhanced qualified electronic signature, as well as any other information, materials and other notifications in relation to the processing of personal data, to the e-mail address: hello@vertex.network.
Website
The official Internet portal of the Operator is https://vertexcgi.com/
The Policy is a document, available to everybody. To ensure unrestricted access, the Policy is published on the Website.
Automated processing of personal data
processing of personal data by computer.
Blocking of personal data
temporary termination of personal data processing (except situations when processing is necessary to clarify personal data).
Personal Data Information System
the assemblage of personal data contained in databases and information technologies and technical means that ensure their processing.
Depersonalization of personal data
Actions, resulted in impossibility to determine the ownership of personal data to a specific personal data subject without the use of additional information.
Processing of personal data
any action (operation) or set of actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, performed with or without the use of automation tools.
Operator (Controller)
a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
Personal data
any information relating directly or indirectly to a specific or identifiable person (subject of personal data).
Personal data authorized by the subject of personal data for distribution
personal data, which the subject of personal data allowed to disturb to an unlimited number of persons.
Personal data provision
actions aimed at disclosing personal data to a certain person or a certain circle of persons.
Dissemination of personal data
actions aimed at disclosure of personal data to an indefinite circle of persons (transfer of personal data) or giving the access to the personal data to an unlimited circle of persons, including the publication of personal data in the media, placement in information and telecommunications networks or providing access to personal data in any other way.
Cross-border transfer of personal data
transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
Destruction of personal data
Actions, resulted in impossibility to restore the content of personal data in the personal data information system and (or) destroying the material carriers of personal data.
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of Personal Data processing:
2.1.1. personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data is being processed (“lawfulness, fairness and transparency”);
2.1.2. there must be specific purposes for processing the data and the company / organization must indicate those purposes to individuals when collecting their personal data. A company/organization can’t simply collect personal data for undefined purposes (“purpose limitation”);
2.1.3. the company / organization must collect and process only the personal data that is necessary to fulfil that purpose (“data minimization”);
2.1.4. the company / organization must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it is processed, and correct it if not (“accuracy”);
2.1.5. the company / organization can’t further use the personal data for other purposes that aren’t compatible with the original purpose;
2.1.6. the company / organization must ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (“storage limitation”);
2.1.7. the company / organization must install appropriate technical and organizational safeguards that ensure the security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (“integrity and confidentiality”).
2.2. Terms of Personal Data processing
The Operator shall process personal data in the presence of at least one of the following conditions:
2.2.1. the processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
2.2.2. the processing of personal data is necessary to achieve the goals stipulated by an international agreement or applicable law, for the implementation and fulfillment of the functions, powers and duties assigned to the Operator by the applicable law;
2.2.3. the processing of personal data is necessary for the course of justice, the execution of a judicial act, an act of another body or official subject to execution in accordance with the applicable law on enforcement proceedings;
2.2.4. the processing of personal data is necessary for the execution of a contract to which either the beneficiary or the guarantor is the subject of personal data, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
2.2.5. the processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
2.2.6. processing of publicly available personal data, that is, personal data, to which the subject of personal data provide access to an unlimited number of persons;
2.2.7. processing of personal data subject to publication or mandatory disclosure in accordance with the applicable law.
2.3. Confidentiality of personal data
The Operator and other persons who have gained access to personal data shall not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
2.4. Special categories of personal data
The Operator shall not process the special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, intimate life.
2.5. Biometric personal data
The Operator shall not process the biometric personal data – any information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity.
2.6. Assignment of personal data processing to another person
Unless otherwise provided by applicable law, the Operator may entrust the processing of personal data to another person (Processor) on the basis of a contract concluded with this person, with the consent of the subject of personal data. The person processing personal data on behalf of the Operator shall be obliged to comply with the principles and rules of personal data processing provided for by the applicable law and the Policy.
2.7. Cross-border transfer of personal data
2.7.1. The Operator makes sure that the foreign state to whose territory the transfer of personal data is supposed to be carried out ensures adequate protection of the rights of personal data subjects, or takes measures to ensure proper protection of personal data during their cross-border transfer by his own, before the start of such transfer.
2.7.2. Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:
3. LEGAL STATUS
3.1. The subject of personal data shall have the right to:
3.1.1. receive information concerning the processing of his personal data in the manner, form and terms established by the applicable law;
3.1.2. demand for clarification of personal data, their blocking or destruction;
3.1.3. take legal measures to protect his rights;
3.1.4. withdraw his consent to the processing of personal data;
3.1.5. exercise other rights provided for by the applicable law.
2. The Operator shall have the right to:
3.2.1. process the personal data in accordance with the stated purpose. The purpose of personal data processing shall be established in the consent of the personal data subject to the processing of his personal data;
3.2.2. require the subject of personal data to provide reliable personal data necessary for the performance of the contract, identification of the subject of personal data, as well as in other cases provided for by the applicable law;
3.2.3. restrict the access of the personal data subject to his personal data if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties, as well as in other cases provided for by the applicable law;
3.2.4. process publicly available personal data;
3.2.5. process personal data subject to publication or mandatory disclosure in accordance with the applicable law;
3.2.6. entrust the processing of personal data to another person / entity with the consent of the personal data subject on the need-to-know basis;
3.2.7. exercise other rights provided for by the applicable law.
4. PURPOSES OF PERSONAL DATA PROCESSING AND LIST OF PROCESSES PERSONAL DATA
4.1. The Operator processes personal data of subjects (including, but not limited to, users of the Operator's website, potential and actual customers of the Operator) in order to conduct its activities.
1. GENERAL PROVISIONS
Policy regarding the processing of personal data
The Policy defines the rules of the V R T X GLOBAL NETWORK SERVICES L.L.C (hereinafter referred to as the Operator) in relation to the processing of personal data and discloses information about the implemented measures to ensure the security of personal data from the Operator in order to protect the human and civil rights and freedoms in relation to the processing of personal data.
The provisions of the Policy are fundamental and basic for the arranging of the processing of personal data by the Operator and development of Operator’s internal local acts regulating the processing and protection of personal data.
Operator recognizes his obligation to keep sensitive information secure and has created this privacy and security statement to share and explain the current information management practices.
Operator
V R T X GLOBAL NETWORK SERVICES L.L.C
Address: 211 office, SUNSHINE 2, Naif, Dubai, UAE.
Requests of personal data subjects regarding the processing of their personal data shall be accepted by the Operator at the Operator's address.
Commercial license № 1083151.
The subjects of personal data can send their request, signed with an enhanced qualified electronic signature, as well as any other information, materials and other notifications in relation to the processing of personal data, to the e-mail address: hello@vertex.network.
Website
The official Internet portal of the Operator is https://vertexcgi.com/
The Policy is a document, available to everybody. To ensure unrestricted access, the Policy is published on the Website.
Automated processing of personal data
processing of personal data by computer.
Blocking of personal data
temporary termination of personal data processing (except situations when processing is necessary to clarify personal data).
Personal Data Information System
the assemblage of personal data contained in databases and information technologies and technical means that ensure their processing.
Depersonalization of personal data
Actions, resulted in impossibility to determine the ownership of personal data to a specific personal data subject without the use of additional information.
Processing of personal data
any action (operation) or set of actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, performed with or without the use of automation tools.
Operator (Controller)
a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
Personal data
any information relating directly or indirectly to a specific or identifiable person (subject of personal data).
Personal data authorized by the subject of personal data for distribution
personal data, which the subject of personal data allowed to disturb to an unlimited number of persons.
Personal data provision
actions aimed at disclosing personal data to a certain person or a certain circle of persons.
Dissemination of personal data
actions aimed at disclosure of personal data to an indefinite circle of persons (transfer of personal data) or giving the access to the personal data to an unlimited circle of persons, including the publication of personal data in the media, placement in information and telecommunications networks or providing access to personal data in any other way.
Cross-border transfer of personal data
transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
Destruction of personal data
Actions, resulted in impossibility to restore the content of personal data in the personal data information system and (or) destroying the material carriers of personal data.
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of Personal Data processing:
2.1.1. personal data must be processed in a lawful and transparent manner, ensuring fairness towards the individuals whose personal data is being processed (“lawfulness, fairness and transparency”);
2.1.2. there must be specific purposes for processing the data and the company / organization must indicate those purposes to individuals when collecting their personal data. A company/organization can’t simply collect personal data for undefined purposes (“purpose limitation”);
2.1.3. the company / organization must collect and process only the personal data that is necessary to fulfil that purpose (“data minimization”);
2.1.4. the company / organization must ensure the personal data is accurate and up-to-date, having regard to the purposes for which it is processed, and correct it if not (“accuracy”);
2.1.5. the company / organization can’t further use the personal data for other purposes that aren’t compatible with the original purpose;
2.1.6. the company / organization must ensure that personal data is stored for no longer than necessary for the purposes for which it was collected (“storage limitation”);
2.1.7. the company / organization must install appropriate technical and organizational safeguards that ensure the security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technology (“integrity and confidentiality”).
2.2. Terms of Personal Data processing
The Operator shall process personal data in the presence of at least one of the following conditions:
2.2.1. the processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
2.2.2. the processing of personal data is necessary to achieve the goals stipulated by an international agreement or applicable law, for the implementation and fulfillment of the functions, powers and duties assigned to the Operator by the applicable law;
2.2.3. the processing of personal data is necessary for the course of justice, the execution of a judicial act, an act of another body or official subject to execution in accordance with the applicable law on enforcement proceedings;
2.2.4. the processing of personal data is necessary for the execution of a contract to which either the beneficiary or the guarantor is the subject of personal data, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
2.2.5. the processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
2.2.6. processing of publicly available personal data, that is, personal data, to which the subject of personal data provide access to an unlimited number of persons;
2.2.7. processing of personal data subject to publication or mandatory disclosure in accordance with the applicable law.
2.3. Confidentiality of personal data
The Operator and other persons who have gained access to personal data shall not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
2.4. Special categories of personal data
The Operator shall not process the special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, intimate life.
2.5. Biometric personal data
The Operator shall not process the biometric personal data – any information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity.
2.6. Assignment of personal data processing to another person
Unless otherwise provided by applicable law, the Operator may entrust the processing of personal data to another person (Processor) on the basis of a contract concluded with this person, with the consent of the subject of personal data. The person processing personal data on behalf of the Operator shall be obliged to comply with the principles and rules of personal data processing provided for by the applicable law and the Policy.
2.7. Cross-border transfer of personal data
2.7.1. The Operator makes sure that the foreign state to whose territory the transfer of personal data is supposed to be carried out ensures adequate protection of the rights of personal data subjects, or takes measures to ensure proper protection of personal data during their cross-border transfer by his own, before the start of such transfer.
2.7.2. Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:
- the personal data subject has given written consent to the cross-border transfer of his personal data;
- execution of the contract, if the subject of personal data is a party of such contract.
3. LEGAL STATUS
3.1. The subject of personal data shall have the right to:
3.1.1. receive information concerning the processing of his personal data in the manner, form and terms established by the applicable law;
3.1.2. demand for clarification of personal data, their blocking or destruction;
3.1.3. take legal measures to protect his rights;
3.1.4. withdraw his consent to the processing of personal data;
3.1.5. exercise other rights provided for by the applicable law.
2. The Operator shall have the right to:
3.2.1. process the personal data in accordance with the stated purpose. The purpose of personal data processing shall be established in the consent of the personal data subject to the processing of his personal data;
3.2.2. require the subject of personal data to provide reliable personal data necessary for the performance of the contract, identification of the subject of personal data, as well as in other cases provided for by the applicable law;
3.2.3. restrict the access of the personal data subject to his personal data if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties, as well as in other cases provided for by the applicable law;
3.2.4. process publicly available personal data;
3.2.5. process personal data subject to publication or mandatory disclosure in accordance with the applicable law;
3.2.6. entrust the processing of personal data to another person / entity with the consent of the personal data subject on the need-to-know basis;
3.2.7. exercise other rights provided for by the applicable law.
4. PURPOSES OF PERSONAL DATA PROCESSING AND LIST OF PROCESSES PERSONAL DATA
4.1. The Operator processes personal data of subjects (including, but not limited to, users of the Operator's website, potential and actual customers of the Operator) in order to conduct its activities.
5. ENSURING THE OPERATOR'S OBLIGATIONS FULFILLMENT. MEASURES FOR THE PROTECTION OF PERSONAL DATA
5.1. The security of personal data processed by the Operator shall be ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of applicable law, concerning the personal data protection.
5.2. The Operator shall apply the following organizational and technical measures are to prevent unauthorized access to personal data:
5.2.1. appointment of the person responsible for the organization of personal data processing in the cases provided for by applicable law;
5.2.2. appointment of the person responsible for ensuring the security of personal data and the exclusion of unauthorized access to personal data in the cases provided for by applicable law;
5.2.3. appointment of a person responsible for ensuring the security of personal data in information systems;
5.2.4. limitation of the number of persons allowed to process personal data on need-to-know basis;
5.2.5. give to the subjects access to the requirements of regulatory documents of the Operator, concerning the processing and protection of personal data;
5.2.6. arranging of accounting, storage and handling of media containing information with personal data;
5.2.7. identification of threats to the security of personal data during their processing, the formation of threat models based on them;
5.2.8. development of a personal data protection system based on the threat model;
5.2.9. checking the readiness and effectiveness of the information security tools;
5.2.10. differentiation of users' access to information resources, hardware and software for information processing;
5.2.11. registration and accounting of actions of users in personal data information systems;
5.2.12. use of anti-virus tools and personal data protection system recovery tools;
5.2.13. the use of means of inter-network shielding, intrusion detection, security analysis and cryptographic protection of information (if necessary);
5.2.14. arranging the access control to the Operator's territory, protection of premises with technical means of personal data processing.
6. TERMINATION OF PERSONAL DATA PROCESSING
Time limits for Personal Data processing
during the period for which consent to the processing of personal data is provided
Revocation of consent to the processing of personal data
The subject may revoke this consent, may be sent in the form of a corresponding written application to hello@vertex.network. The application must contain the full name, phone number and e-mail address of the applicant, as well as the date of the application and the applicant's handwritten signature.
Updating of personal data
The subject’s request to exclude or correct (improve) incorrect or incomplete personal data may be sent in the form of a corresponding written application to hello@vertex.network. The application must contain the full name, phone number and e-mail address of the applicant, as well as the date of the application and the applicant's handwritten signature
7. FINAL
7.1. Other rights and obligations of the Operator in connection with the processing of personal data are determined by applicable law.
7.2. The Policy shall be valid from the moment of its approval by the Manager of V R T X GLOBAL NETWORK SERVICES L.L.C.
7.3. The person responsible for monitoring the implementation of the Policy shall be the Manager of V R T X GLOBAL NETWORK SERVICES L.L.C..
7.4. The handling of all personal information by the Operator is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates.
5.1. The security of personal data processed by the Operator shall be ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of applicable law, concerning the personal data protection.
5.2. The Operator shall apply the following organizational and technical measures are to prevent unauthorized access to personal data:
5.2.1. appointment of the person responsible for the organization of personal data processing in the cases provided for by applicable law;
5.2.2. appointment of the person responsible for ensuring the security of personal data and the exclusion of unauthorized access to personal data in the cases provided for by applicable law;
5.2.3. appointment of a person responsible for ensuring the security of personal data in information systems;
5.2.4. limitation of the number of persons allowed to process personal data on need-to-know basis;
5.2.5. give to the subjects access to the requirements of regulatory documents of the Operator, concerning the processing and protection of personal data;
5.2.6. arranging of accounting, storage and handling of media containing information with personal data;
5.2.7. identification of threats to the security of personal data during their processing, the formation of threat models based on them;
5.2.8. development of a personal data protection system based on the threat model;
5.2.9. checking the readiness and effectiveness of the information security tools;
5.2.10. differentiation of users' access to information resources, hardware and software for information processing;
5.2.11. registration and accounting of actions of users in personal data information systems;
5.2.12. use of anti-virus tools and personal data protection system recovery tools;
5.2.13. the use of means of inter-network shielding, intrusion detection, security analysis and cryptographic protection of information (if necessary);
5.2.14. arranging the access control to the Operator's territory, protection of premises with technical means of personal data processing.
6. TERMINATION OF PERSONAL DATA PROCESSING
Time limits for Personal Data processing
during the period for which consent to the processing of personal data is provided
Revocation of consent to the processing of personal data
The subject may revoke this consent, may be sent in the form of a corresponding written application to hello@vertex.network. The application must contain the full name, phone number and e-mail address of the applicant, as well as the date of the application and the applicant's handwritten signature.
Updating of personal data
The subject’s request to exclude or correct (improve) incorrect or incomplete personal data may be sent in the form of a corresponding written application to hello@vertex.network. The application must contain the full name, phone number and e-mail address of the applicant, as well as the date of the application and the applicant's handwritten signature
7. FINAL
7.1. Other rights and obligations of the Operator in connection with the processing of personal data are determined by applicable law.
7.2. The Policy shall be valid from the moment of its approval by the Manager of V R T X GLOBAL NETWORK SERVICES L.L.C.
7.3. The person responsible for monitoring the implementation of the Policy shall be the Manager of V R T X GLOBAL NETWORK SERVICES L.L.C..
7.4. The handling of all personal information by the Operator is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates.