Appendix No1 to the website user agreement / "Website”
Privacy policy
The "Privacy Policy" determines how the personal data of a user, who registered on the website “User” and accepted the Agreement, is processed, protected, systematized, disclosed and deleted. The Privacy Policy is established to regulate the rules of receiving marketing and promotional e-mail from the website by the user.
The Privacy Policy is an integral part of the Agreement. Users' personal data are controlled and processed by Innovate Change SIA (Address: Bukultu iela 11, Rīga, LV-1005. Registration number 40203059170). Innovate Change SIA is the legal entity registered under the laws of the Republic of Latvia.
Warning!
You must not use the website if you are a minor, i.e. under the age of 18 for New Zealand citizens. The operator does not have the technical opportunity to define the User's age in the absence of data directly indicating this. If you are a parent or a legal representative of that person, you should immediately contact the Operator and request removal of the data and / or the account of a person under age to learn that he or she was registered on the web site and transferred the personal data or you do not agree with the procession of the data.
General conditions
1.1 The terms and definitions used in the Agreement are applicable in the text of the Privacy Policy.
1.2 By registering on the website and using the website with his account, the user expressly accepts the privacy policy and the conditions of processing personal data. In case the user does not agree with the conditions, he must stop using the website and delete the account.
1.3 The user can contact the Operator about any personal data processing issues within the Privacy Policy via e-mail: request@innovatechange.co.nz. The data protection inspector acts and performs his tasks independently. Users can contact the data protection inspector about any issues, related to the processing of their personal data and the realization of their rights in accordance with the current legislature. Answers must be provided without unjustified delays within 1 (one) month after receiving the application. This date can be extended up to 2 (two) months if necessary, considering the difficulty and the number of applications. The User will be informed about any prolongation and reasons within 1 (one) month after receiving the request.
1.4 As mentioned in the introduction to the Agreement, the website is designed for people with adult capacity. Persons under the age of 18 (for EU citizens) should not use the website. If the parents or legal representatives find out that this person provided the personal data to the website, they must apply to the Operator with the request to delete the data of the minor person. The operator will delete all personal data of the minor person in the shortest possible time after receiving the request.
1.5 Personal data is the information uploaded to the website by the user in the process of registration, account administration, the use of the website that allows to identify the user directly or indirectly as a natural person.
1.6 By uploading personal data and authorizing on the website with his login, the user expressly agrees to the processing of all personal data informed in the process of using the website both at the request of the operator and by user report.
1.7 For any contact with the operator about the processing of personal data issues, the user must use the e-mail address specified when registering. In case of loss, the User must inform the Operator.
1.8 The operator has the right to take any available action to confirm the data provided by the user on the website and /or in the process of use. In the event that the personal data and / or information specified by the User is invalid for any reason, the Operator has the right, but is not obliged to disregard it and / or delete it immediately.
1.9 All personal data provided by the User are accepted by the Operator "as is" and are not subject to mandatory preliminary verification. The user is responsible for the reliability of the personal data that falls on the user.
1.10 In case the Operator discloses personal data or provides personal data to third parties, the Operator must comply with the requirements of respecting the law and confidentiality.
1.11 The processing of personal data in accordance with the Policy consists of actions (operations) as the collection, receipt, recording, systematization, accumulation, storage, definition (update, change), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.12 The processing of personal data is carried out in any lawful manner, including with the Operator's personal data information systems with the use of an automation system and without using such a system. The processing of personal data provided by the User is carried out in accordance with the General Data Protection Regulation, GDPR.
1.13 The User must use only his own personal data. If third parties have complaints to the Operator about the illegal use of personal data that does not belong to the User, the User must resolve the argument on his own and at his own expense. The User is also obliged to compensate the Operator for the additional costs and losses that the Operator had due to the violation of this clause by the User.
2. General rights of the subject of personal data.
2.1. The user has the right to receive confirmation from the Operator about whether personal data is being processed or not, therefore, the user has the right to have access to personal data. The right is realized by giving the user access to the account on the website, where he can determine this fact.
2.2. The user can obtain the information for the purpose of processing the personal data, in the period while the data is being processed by reading cuiVegas Palm and certain parts of the Privacy Policy.
2.3. The user has the right to demand from the Operator a deletion of the personal data uploaded by him/her and to limit their processing or object to the processing.
2.4. In case of exposure of the violation of the Privacy Policy, the User has the right to file a complaint with a supervisory body. Specifically, EU citizens can file a complaint with the EU's independent personal data protection authority: the Data Protection Supervisor (EDPS), e-mail: [email protected] , website: www.edps.dollarpa.eu .
2.5. The user has the right to send the query to the operator by e-mail request@innovatechange.co.nz to receive a copy of the user's personal data being processed. This copy is granted within 30 (thirty) calendar days from the moment of receiving an electronic file sent from the user's e-mail. The operator charges an acceptable fee for granting additional copies, requested by the User. The user is informed about the amount of the charge in response to the additional copy query. The amount of the charge depends on administrative expenses.
2.6 The user has the right to require the Operator to correct inaccurate personal data without undue delay. The user also has the right to supplement the personal information in his account in "My Profile" on his own.
2.7 The operator deletes personal data without undue delay upon receipt of an inquiry from the User. The user can also delete his personal data by pressing a certain button on the account.
2.8. The user agrees to the processing of personal data, including for direct marketing purposes. However, the User has the right to object to the processing of personal data for the purposes of such marketing at any time. The user can realize this right by pressing the "Unsubscribe" button in his account.
3. Personal data processed
3.1. The operator receives and processes the following mandatory personal data:
3.1.1. The user's e-mail address that is necessary to register on the website; storage time - for the entire period of use of the website.
3.1.2. User login, which is also necessary for registration and additional authorization on the website; storage time - for the entire period of using the website.
3.1.3. User password that is necessary for registration on the website and for further authorization; storage time - for the entire period of use of the website.
3.1.4. Information from social networks that is in the public domain in case the user uses the "Log in with social network account" function by registration.
3.2. The operator receives and processes the following personal data and user information that are specified in the User's will:
3.2.1. Data that the User can specify in "About Me" after authorization with his own username and password in "My Profile" on the website; storage time - for the entire period of using the website.
3.2.2. Information about the user's choice of a bookmaker from those presented on the website; This information is used only for the formation of the rating; storage time - for the entire period of use of the website.
3.2.3. Comments of users on different parts of the website (blogs, news, contests, individual page of bookmakers, betting center, a tip from an expert or a capper, etc.); storage time - for the entire period of operation of the website.
3.2.4. The user's cookies that are necessary for the operation of statistical services, which monitor the user's behavior on the website for a personalized and comfortable use of the website. The analysis of anonymous cookie data allows the Operator to understand the way the User interacts with different pages / parts / modules of the website so that the Operator can improve it; storage time: 1 (one) year from the moment the data was left on the website. The operator uses the following cookies: sessionid - used for the storage of user session data on the website; csrftoken - used for protection against external CSRF attacks; other users' cookies (including _ga, _gid, _gat, AMP_TOKEN, _gac_
3.3. When personal data is processed only for statistical purposes, it may be stored for a longer period than the one mentioned above, taking into account the implementation of certain technical and organizational measures for the protection of User rights and freedoms.
3.4. Privacy is maintained for all personal data of the User regardless of whether they are processed by the Operator or by third parties based on the respective agreements with the Operator. Exceptional cases are when the User decides to publish his data in the public domain on his own (for example, in comments).
3.5. In case the website is sold, a new owner must continue to observe the conditions of the Privacy Policy.
3.6. The processing of personal data is carried out in any legal manner, including with the Operator's personal data information systems with the use of an automation system and without using such a system. The processing of personal data provided by the User is carried out in accordance with the General Data Protection Regulation (GDPR) of the Dollarpea Union.
4. Purpose of data processing. Informative mail.
4.1. The processing of personal data is based on:
- principles of legitimacy and justice;
- process only the information that serves the purposes of its processing;
- compliance of the content and volume of the processed information with the established processing purposes.
4.2. In general, the processing of personal data is carried out for the purpose of maintaining the full functioning of the website, creating a user account on the website, additional authorization on the website, collecting statistical information, necessary for the operator to modify the website, improving its consumer properties.
4.3. The user's personal data may also be used to send emails for direct marketing purposes. The user has the right to refuse the processing at any time by using a respective reject button on his own account or by following the link in a letter "Refuse mail". Until the User rejects, he is considered an accepted person processing his personal data for the purpose of this clause.
4.4. When registering, the user can choose on his own whether he wants to receive the mail, by marking "Receive the most interesting from our website in his e-mail" on the registration page.
4.5. After registration on the website in case of initial rejection of the shipment. The user can change his decision and subscribe by sending by mail in his account in "My Profile" by pressing the "edit" button and checking the box in the interface that appears. Therefore, advertising and informational mailing are carried out by claim and / or direct and obvious acceptance of the User only, which is confirmed by the User on his own by double acceptance of the subscription (optional double technology) of an electronic letter received directly at an Address of the user specified by registration or in account in "My Profile".
4.6. In the event that the User wants to clarify the personal data if they are incomplete, inaccurate, outdated or if he wants to withdraw acceptance of the processing of personal data, he can do so by pressing the button (following the link) "Update data" or "Unsubscribe" respectively in any of the letters or should send an official request to the Operator by e-mail to request@innovatechange.co.nz. with the topic "Clarify personal data" or "Stop processing personal data". You must specify the e-mail address and a claim in the letter. When the User declines to process personal data, he also refuses to receive the shipment to his e-mail address specified by the registration.
4.7. The operator uses the data provided by the user for the following purposes:
4.7.1. Send advertising messages to the e-mail of the User you specified by registration and subscription;
4.7.2. Promotion of their services or bookmaker services-partners;
4.7.3. Evaluation and analysis of the work of the operator's systems;
4.7.4. Inform the user about events, bonuses and special offers of bookmakers by mail.
4.8. The operator also has the right to use the user's personal data for purposes that do not contradict the current legislation of the Republic of Latvia.
4.9. The user agrees that the personal data, processed by the Operator, are not excessive for the stated processing purposes.
5. Data storage policy
5.1. The storage of personal data is carried out in accordance with the User's acceptance within the period established in the Privacy Policy.
5.2. Personal data are stored no longer than necessary for their processing. The processed personal data must be deleted or depersonalized after the purpose of the processing is achieved or in case of loss of the need to achieve such purpose (for example, if the User's account is deleted).
5.3. Personal data with different processing requirements or purposes must be stored separately within the Operator's information system or, if stored on physical devices, within the service requirements of a certain department of the Operator.
5.4. The operator's staff member who has access to personal data due to his charges must store the information containing personal data accurately in order to prevent access by third parties. In the event that the staff member is absent, there should be no documents containing personal data at his place of work. When going on vacation, business trip or in any other case when a staff member is absent for a long period, he must transfer documents and other storage devices containing personal data to a person in charge of the local service. act of the operator. In the event that this person is not named, documents and other storage devices must be transferred to another member of staff who has access to personal data by the head of the specific department of the Operator.
5.5. Upon separation from the service of a staff member who has access to personal data, his documents and other storage devices containing personal data must be transferred to another staff member who has access to personal data by the head of the department with notification of data protection. inspector.
6. Transfer and deletion of data.
6.1 The personal data added by the user may be in the public domain. However, the operator does not transfer the data to third parties.
6.2. The operator may transfer the User's personal data in case it is expressly indicated by the acting legislature of the Republic of Latvia in light of the data transfer limitations defined by GDPR for EU citizens.
6.3. The provision of the User's personal data at the request of the state services of the Republic of Latvia (or local authorities) is carried out in accordance with the legislature of the Republic of Latvia in case a User is a citizen of the Republic of Latvia. The provision of the User's personal data at the request of the state services of the Republic of Latvia (or local authorities) is carried out in accordance with the GDPR in case a User is an EU citizen.
6.4. The operator transfers the User's data to his staff so that they can perform their tasks. The operator's staff may maintain a list of data recordings and perform other actions for the purpose of full operation of the website.
6.5. The user's personal data must be deleted as soon as technically possible upon receipt of the user's request, sent to the operator by e-mail.
6.6. The personal data and / or information provided by the user by registering on the website and using the website must be deleted by the Operator immediately and irrevocably in cases where the data and / or information:
6.6.1. It contains calls for mass riots, extremist actions, participation in organized mass (public) events with violation of the established order;
6.6.2. Provided for the purpose of carrying out a criminal offense; disclosure of information containing a state secret or a secret specially protected by law; dissemination of material containing public calls for terrorist actions or public justification of terrorism; contains other extremist materials and materials advocating pornography, the cult of violence; contains materials with obscene language;
6.6.3. Are unreliable or contradict publicly available information;
6.6.4. It contains information about the private life of a citizen;
6.6.5. Contradicts the requirements of the law on referendum of the Republic of Latvia and the law on elections of the Republic of Latvia;
6.6.6. Violates the legitimate rights and interests of citizens and organizations, including the attack on the honor, dignity and business reputation of citizens, the business reputation of organizations;
6.6.7. It is spread for the purpose of concealing or falsifying socially significant information, spreading inherently false information under the guise of truthful messages;
6.6.8. It is disseminated for the purpose of defaming a citizen or certain categories of citizens based on their gender, age, race or nationality, language, religion, profession, residence and place of work or political opinion;
6.6.9. Contains pornography, including pornographic images and/or advertising of participation of underage persons as performers in the events of a pornographic nature.
6.6.10. It contains information on forms, methods of development, manufacture and use of narcotics, psychotropic substances and their precursors; places where one can acquire such narcotics, substances and their precursors; forms and places of cultivation of narcotic plants.
6.6.11. It contains information about the forms of suicide and calls for suicide.
6.7. The operator and his representatives have the right to delete personal data and / or information that violates the Privacy Policy in the event that such a violation is recognized, they also have the right to ban the offender's account. Mandatory verification of User data for compliance with the Privacy Policy is not provided. The operator has the right but is not obliged to delete the user's personal data and information that violates the Privacy Policy.
6.8. The operator also deletes personal data without undue delay in the event that one of the following reasons may apply:
6.8.1. Personal data is no longer necessary for the purposes, which were the reasons for its collection and processing;
6.8.2. The user recalled the acceptance that was the basis for processing the data;
6.8.3. The personal data was processed incorrectly.
6.9. In the event that the Operator has correctly made the personal data publicly available and in the event that it is obliged to delete the personal data in accordance with the Privacy Policy, the Operator, taking into account the technological possibility and the implementation costs, is obliged to inform the third parties processing the personal data. data, that the User demanded to remove any links to personal data or prohibited their copying and replication.
7. Backup policy
7.1. The operator guarantees the backup of personal data in the architecture to prevent the loss of information due to machinery failures; software failures; hardware failures; Operating system and applied operating system failures; malware attacks; unintentional destruction of information, user errors; intentional destruction of information, etc.
7.2. Backup creates the opportunity to transfer personal data from one Operator's workstation to another, thereby eliminating the dependence on the integrity of personal data at a certain workstation and/or a certain location.
7.3. The backup is kept on an operator's server.
7.4. Information from the following basic categories will be supported:
7.4.1. Personal data of the user
7.4.2. The information that is necessary for the website servers and database management systems are retrieved;
7.4.3. Accounts of website users;
7.4.4. Information from the automated systems of the Operator's architecture, including databases.
7.5. All data storage devices containing data backup should be classified as "Trade Secret", therefore all backup information is confidential and protected by the Operator according to the current legislation.
7.6. The operator appoints a person responsible for the personnel in charge of the backup of personal data. The work of the responsible person is controlled by a data protection inspector.
7.7. The main tasks of the person responsible for the backup are:
7.7.1. Backup and recovery planning;
7.7.2. Establishment of the life cycle and schedule of operations;
7.7.3. Daily review of the backup process records;
7.7.4. Backup database protection;
7.7.5. Daily determination of the backup time window;
7.7.6. Creation and support of open reports, open issue reports;
7.7.7. Consultations with suppliers and suppliers of backup software;
7.7.8. Development of the backup system;
7.7.9. Follow-up of tasks in the field of backup;
7.7.10. Preparation of failure reports and successful completion;
7.7.11. Analysis and problem solving;
7.7.12. Backup manipulations and library management
7.7.13. Architecture output analysis;
7.7.14. Review and analysis of backup methods;
7.7.15. Planning the development of architecture, determination of daily, weekly and monthly tasks.
7.8. The person responsible for the backup has the right to make proposals and demand the termination of the processing of personal data in case of violation of the established technology of information backup or malfunction of the means of the backup system.
7.9. The backup of personal data is carried out periodically: once a week
7.10. Control over the results of the backup of personal data is carried out by a personal data inspector within 10 (ten) working days from the moment of the implementation of the procedures.
7.11. In case of detecting an error in the backup system, the person responsible for the backup should inform the data protection inspector as soon as possible.
7.12. The backup check is carried out selectively at least 1 (once) a month.
8. Responses to the incident policy.
8.1. The information security incident of personal data is an unforeseen or unwanted event that may disrupt the operation or information security of the Operator's architecture and lead to a leak of personal data and/or a violation of the Privacy Policy.
8.2. The source of the information about the information security incident may be as follows:
8.2.1. Messages from staff, users, operator's counterparts, sent it as an e-mail message, a service note, a letter, a request, etc.
8.2.2. Notifications / messages from the supervisory authority for the processing of personal data.
8.2.3. Data obtained by the Operator after the analysis of records of information systems, records of personal data protection systems.
8.3. The operator's staff member who receives the information about an incident must inform a data protection inspector who records the incident in the electronic incident management system by assigning a sequence number and the date of registration of the incident and its essence. The information security incident database is updated as incidents occur.
8.4. The user whose rights are violated as a result of an incident is informed about the incident by e-mail as soon as possible but no later than 30 (thirty) calendar days from the moment the incident occurred. During this period, all possible measures are taken to lessen or terminate further damage to the User's rights.
8.5. The incident analysis is carried out by a data protection inspector who in each incident:
8.5.1. Collects and analyzes all data on the circumstances of the incident (emails, log files of information systems, testimonials of staff members of Users and Operators, etc.);
8.5.2. Determines the volume of the personal data leak, the circumstances of the leak;
8.5.3. Determines the persons guilty of violation of the events prescribed for the protection of personal data;
8.5.4. Determine the reasons and conditions that contributed to the violation.
8.5.5. Upon completion of the analysis, he submits a report to the operator's board.
8.6. After completing the analysis and receiving the report of the data protection inspector, the operator decides how to punish the culprit.
9. Data protection policy.
9.1. The operator takes legal technical and organizational measures to protect the User's personal data from illegal or accidental access, destruction, change, blocking, copying, dissemination or other illegal actions.
9.2. Access to the website is carried out through the protected HTTPS protocol (encrypted). The website software continues to prevent unauthorized access to the information and/or transfer the information to persons who do not have the right of access.
9.3. The user's account password is stored as a hash password.
9.4. The operator performs the following activities to protect personal data:
9.4.1. Determines the threats to the security of personal data when data is processed on the website;
9.4.2. Takes all available technical and organizational measures to protect the security of personal data when data is processed on the website;
9.4.3. Appoints persons from the Operator's staff who are responsible for the processing of the User's personal data;
9.4.4. Information security means that you completed the compliance procedure in accordance with the established procedure;
9.4.5. Analyzes the effectiveness of personal data security measures;
9.4.6. Takes measures to detect unauthorized access to personal data;
9.4.7. Retrieves personal data that was modified or destroyed after unauthorized access;
9.4.8. Determines the rules of access to personal data that the Operator processes, maintains the registration process and the registration of all actions with personal data on the website;
9.4.9. It uses only certified software licensed on the operator's workstations that are involved in the processing of personal data;
9.4.10. Limits access at the technical and organizational level to the operator's workstations involved in the processing of personal data;
9.4.11. Constantly monitors the measures taken to ensure the security of personal data.
9.5. The operator is not responsible for the actions of third parties who gained access to the user's personal data as a result of unauthorized access to the operator's website and/or software or due to other illegal actions, taken by third parties, when the operator could not foresee or prevent them.
10. Privacy policy
10.1 Cookies are small files or parts of a file that are stored on a computer or mobile device of an Internet user "User", who visited the website. They consist of letters and numbers and are stored in a browser that is used to browse the Internet. The files allow information about the User's behavior on the Internet to be saved and may contain User identification data, their personalized settings and browsing history.
10.2 By accepting the user agreement and the privacy policy of the website, the user gives unconditional consent to the copyright owner to use cookies. Visiting the website by the user with a browser that receives cookies is considered an acceptance by the user of the fact that the copyright owner may use cookies.
10.3 Cookies cannot be used to transfer malware or launch programs. When the user visits the website, a cookie file is sent to his browser and saved on the hard drive of a user's computer.
10.4 The user can block cookies in the settings of the browser used to visit the website on their own.
10.5 By using the user's cookies, the website obtains the following information: IP address, address of the website that the user used to go to the website, information about the pages visited on the website and other technical data. All collected data is used only for the following purposes:
- traffic analysis and traffic source on the website, which is necessary to improve the website and make it more comfortable for users.
- Access monitoring to ensure the security of the website and detect potentially dangerous accesses.
10.6 All data is necessary for statistics and anonymous. If the user does not agree with the use of cookies on the website, he can block this function in the settings of his browser.
10.7 The user must follow the following steps to disable access to cookies in the most popular browsers:
10.7.1. Microsoft Internet Explorer 6.0., 7.0, 8.0: choose 'Tools” in the top corner of the browser or choose "Internet Options“, then choose ”Privacy". You need to choose the necessary settings, then press the “Apply” button, then “OK / OK”.
10.7.2. Mozilla Firefox: in the browser menu you need to choose "Parameters", then go to "Privacy" and in the menu that appears choose "Individual history settings". Then you need to choose the necessary settings and press "OK / OK".
10.7.3. Google Chrome - in the browser menu (upper right corner) you need to choose "Settings", set the necessary settings, and then press "OK".
10.7.4. Safari - in the "Settings" panel you need to choose "Privacy", set the necessary parameters, and then press "OK".
11. Final clauses
11.1 The Privacy Policy is a document in the public domain, its current version is always available on the pages of the website: / privacy-policy/
11.2 The operator has the right to change the text of the Privacy Policy unilaterally and without prior notification to the User. In this case, posting a new version of the Privacy Policy on the pages of the website is considered an appropriate notification of the User. The user is responsible for timely viewing a new version of the Privacy Policy.
11.3 In the event that arguments occur during the use of the User's personal data, these must be resolved before the trial in accordance with the current legislative order of the order of the Republic of Latvia. A complaint about the processing of personal data must be answered within 30 (thirty) calendar days from the moment it was received. In the event that the argument is not resolved before the trial, it must be tried at the Riga Arbitration Court (No. 40003756873).
11.4 The "cookie policy" is an integral part of the Privacy Policy and its appendix.
Operator data
Innovate Change
e-mail address: info@innovatechange.co.nz