POLICY FOR THE PROTECTION OF CONFIDENTIAL INFORMATION
1. GENERAL PROVISIONS REGARDING THE PROCESSING OF PERSONAL DATA
1.1. This document defines the policy of AlphaDegree AC Trading LLC, UAE, Dubai, Al Mararr Area, Sultan Bld, office 302, Email: admin@alphadegree.ae (hereinafter referred to as the “Provider”) regarding the processing of personal data (hereinafter “Personal Data” or “PD”) and describes the measures implemented to protect PD. This Privacy Policy (hereinafter the “Policy”) applies to all information, including personal data as defined by applicable law, that the Provider may obtain about You (hereinafter the “User”) during your use of any websites, software, products, and/or services provided by the Provider, information about which you can find on the Provider’s websites, as well as during the performance of agreements and contracts concluded with the User.
1.2. The Provider independently processes PD, determines the purposes of PD processing, the scope of PD to be processed, the actions (operations) performed with PD, and in certain cases entrusts PD processing to third parties.
1.3. When processing PD, the Provider adheres to the following principles:
- processing is carried out lawfully and fairly;
- processing is limited to specific, predetermined, and lawful purposes;
- processing incompatible with the purposes for which PD were collected is not permitted;
- merging databases containing PD processed for incompatible purposes is not allowed;
- only PD necessary to fulfill the stated purposes are processed;
- the content and volume of processed PD correspond to the declared processing purposes;
- accuracy, sufficiency, and, where necessary, relevance of PD are ensured in relation to the processing purposes.
1.4. Based on this Policy, the Provider develops internal regulatory documents establishing procedures for PD processing and protection.
1.1. This document defines the policy of AlphaDegree AC Trading LLC, UAE, Dubai, Al Mararr Area, Sultan Bld, office 302, Email: admin@alphadegree.ae (hereinafter referred to as the “Provider”) regarding the processing of personal data (hereinafter “Personal Data” or “PD”) and describes the measures implemented to protect PD. This Privacy Policy (hereinafter the “Policy”) applies to all information, including personal data as defined by applicable law, that the Provider may obtain about You (hereinafter the “User”) during your use of any websites, software, products, and/or services provided by the Provider, information about which you can find on the Provider’s websites, as well as during the performance of agreements and contracts concluded with the User.
1.2. The Provider independently processes PD, determines the purposes of PD processing, the scope of PD to be processed, the actions (operations) performed with PD, and in certain cases entrusts PD processing to third parties.
1.3. When processing PD, the Provider adheres to the following principles:
- processing is carried out lawfully and fairly;
- processing is limited to specific, predetermined, and lawful purposes;
- processing incompatible with the purposes for which PD were collected is not permitted;
- merging databases containing PD processed for incompatible purposes is not allowed;
- only PD necessary to fulfill the stated purposes are processed;
- the content and volume of processed PD correspond to the declared processing purposes;
- accuracy, sufficiency, and, where necessary, relevance of PD are ensured in relation to the processing purposes.
1.4. Based on this Policy, the Provider develops internal regulatory documents establishing procedures for PD processing and protection.
2. TERMS AND DEFINITIONS
2.1. Personal Data – any information relating to an identified or identifiable natural person (data subject).
2.2. Operator (of personal data) – a state body, municipal body, legal or natural person that independently or jointly with others organizes and/or carries out PD processing and determines the purposes of PD processing, the scope of PD to be processed, and the actions (operations) performed with PD.
2.3. Processing of personal data – any action (operation) or set of actions (operations) performed with or without automation tools on PD, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (dissemination, provision, access), anonymization, blocking, deletion, and destruction of PD.
2.4. Automated PD processing – PD processing using computing equipment.
2.5. Dissemination of PD – actions aimed at disclosing PD to an indefinite group of persons.
2.6. Provision of PD – actions aimed at disclosing PD to a specific person or group.
2.7. Blocking of PD – temporary suspension of PD processing (except when processing is needed to clarify PD).
2.8. Destruction of PD – actions rendering it impossible to restore PD content in the information system and/or destroying physical PD carriers.
2.9. Personal data information system – a set of PD contained in databases and the information technologies and technical means ensuring their processing.
2.10. Cross-border transfer of personal data – Personal information we collect may be transferred to and stored in countries outside the European Union.
2.1. Personal Data – any information relating to an identified or identifiable natural person (data subject).
2.2. Operator (of personal data) – a state body, municipal body, legal or natural person that independently or jointly with others organizes and/or carries out PD processing and determines the purposes of PD processing, the scope of PD to be processed, and the actions (operations) performed with PD.
2.3. Processing of personal data – any action (operation) or set of actions (operations) performed with or without automation tools on PD, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (dissemination, provision, access), anonymization, blocking, deletion, and destruction of PD.
2.4. Automated PD processing – PD processing using computing equipment.
2.5. Dissemination of PD – actions aimed at disclosing PD to an indefinite group of persons.
2.6. Provision of PD – actions aimed at disclosing PD to a specific person or group.
2.7. Blocking of PD – temporary suspension of PD processing (except when processing is needed to clarify PD).
2.8. Destruction of PD – actions rendering it impossible to restore PD content in the information system and/or destroying physical PD carriers.
2.9. Personal data information system – a set of PD contained in databases and the information technologies and technical means ensuring their processing.
2.10. Cross-border transfer of personal data – Personal information we collect may be transferred to and stored in countries outside the European Union.
3. PURPOSES OF INFORMATION PROCESSING
3.1. Protection of the User’s Personal Data is extremely important to the Provider. Therefore, when you use the Provider’s websites and services, your Personal Information is protected and processed in strict compliance with applicable law.
3.2. The Provider processes PD for the following purposes:
- user registration on the website;
- provision of technical support services;
- organization and execution of advertising and marketing campaigns for consumers;
- fulfillment of obligations stipulated by current legislation.
3.3. To achieve these purposes, the Provider performs the following operations with PD: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (provision, access), anonymization, blocking, deletion, and destruction.
3.4. Types of User Personal Data processed by the Provider:
3.4.1. The Provider does not verify Personal Data provided by Users except as stipulated in the user agreement or terms of specific services, and cannot assess their accuracy or whether the User has sufficient legal capacity to provide such data. However, the Provider assumes that the User provides accurate and sufficient Personal Information and updates it promptly.
The Provider may collect the following categories of Personal Data during the use of websites and services:
(I) Personal Data provided by the User during registration (account creation), such as: name, phone number, address, profile photo;
(II) electronic data (HTTP headers, IP address, cookies, web beacons/pixel tags, browser identifier, hardware and software information);
(III) date and time of access to websites and/or services;
(IV) information on User activity while using websites and/or services;
(V) geolocation information;
(VI) other information about the User necessary for processing in accordance with the terms governing the use of specific Provider websites and services.
The Provider also uses cookies and web beacons (including pixel tags) to collect Personal Information and link it to the User’s device and web browser.
The Provider does not collect data for the purpose of creating a user “profile” that could significantly affect your rights and freedoms under applicable law.
3.1. Protection of the User’s Personal Data is extremely important to the Provider. Therefore, when you use the Provider’s websites and services, your Personal Information is protected and processed in strict compliance with applicable law.
3.2. The Provider processes PD for the following purposes:
- user registration on the website;
- provision of technical support services;
- organization and execution of advertising and marketing campaigns for consumers;
- fulfillment of obligations stipulated by current legislation.
3.3. To achieve these purposes, the Provider performs the following operations with PD: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (provision, access), anonymization, blocking, deletion, and destruction.
3.4. Types of User Personal Data processed by the Provider:
3.4.1. The Provider does not verify Personal Data provided by Users except as stipulated in the user agreement or terms of specific services, and cannot assess their accuracy or whether the User has sufficient legal capacity to provide such data. However, the Provider assumes that the User provides accurate and sufficient Personal Information and updates it promptly.
The Provider may collect the following categories of Personal Data during the use of websites and services:
(I) Personal Data provided by the User during registration (account creation), such as: name, phone number, address, profile photo;
(II) electronic data (HTTP headers, IP address, cookies, web beacons/pixel tags, browser identifier, hardware and software information);
(III) date and time of access to websites and/or services;
(IV) information on User activity while using websites and/or services;
(V) geolocation information;
(VI) other information about the User necessary for processing in accordance with the terms governing the use of specific Provider websites and services.
The Provider also uses cookies and web beacons (including pixel tags) to collect Personal Information and link it to the User’s device and web browser.
The Provider does not collect data for the purpose of creating a user “profile” that could significantly affect your rights and freedoms under applicable law.
4. COLLECTION AND PROCESSING OF PERSONAL DATA
4.1. The Provider obtains processed PD from:
- directly from the data subject;
- from a person who is not the data subject;
- from publicly available sources.
4.2. The Provider processes PD exclusively on lawful grounds, in accordance with Article 6(1)(a) of GDPR and Section 25(1) of TTDSG.
4.3. PD collection from a third party is carried out under the following grounds:
- to achieve purposes established by law or to perform functions, powers, and obligations imposed by law on the Provider;
- to perform a contract to which the data subject is a party, beneficiary, or guarantor, or to conclude a contract at the data subject’s initiative or one in which the data subject will be a beneficiary or guarantor;
- to pursue the legitimate rights and interests of the Provider or third parties, provided that the rights and freedoms of the data subject are not violated;
- PD have been made publicly accessible by the data subject or at their request;
- PD are subject to publication or mandatory disclosure under law.
4.4. The Provider processes PD both with and without automation tools.
4.5. To achieve the stated purposes, the Provider processes PD of individuals who have signed employment contracts (employees) with the Provider, their relatives, former employees, job applicants, contractors, subcontractors, other parties to civil-law contracts, authorized representatives of counterparties, contact persons of counterparties, customers (consumers of products presented on the website), and their authorized representatives.
4.6. The Provider does not carry out actions aimed at disclosing PD to an indefinite group of persons (i.e., does not disseminate PD).
4.7. The Provider does not disclose or provide PD to third parties without the data subject’s consent obtained in the form required by law.
4.8. To fulfill statutory functions, powers, and obligations, and to achieve its corporate and contractual objectives, the Provider discloses part of the processed PD to:
- law enforcement and other authorized bodies (upon official request);
- courier, transport, and logistics companies delivering products;
- call centers conducting customer satisfaction surveys;
- authorized service centers providing warranty and non-warranty repairs;
- agencies organizing marketing campaigns, promotions, and contests.
4.9. The Provider does not process special categories of PD concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health, intimate life, or criminal records.
4.10. The Provider does not process biometric PD.
4.11. The Provider’s databases containing citizens’ PD are located within the EU.
4.12. The Provider does not make decisions producing legal consequences for the data subject or otherwise affecting their rights and legitimate interests based solely on automated PD processing.
4.13. The Provider may process PD for direct marketing only upon prior consent from the data subject.
4.1. The Provider obtains processed PD from:
- directly from the data subject;
- from a person who is not the data subject;
- from publicly available sources.
4.2. The Provider processes PD exclusively on lawful grounds, in accordance with Article 6(1)(a) of GDPR and Section 25(1) of TTDSG.
4.3. PD collection from a third party is carried out under the following grounds:
- to achieve purposes established by law or to perform functions, powers, and obligations imposed by law on the Provider;
- to perform a contract to which the data subject is a party, beneficiary, or guarantor, or to conclude a contract at the data subject’s initiative or one in which the data subject will be a beneficiary or guarantor;
- to pursue the legitimate rights and interests of the Provider or third parties, provided that the rights and freedoms of the data subject are not violated;
- PD have been made publicly accessible by the data subject or at their request;
- PD are subject to publication or mandatory disclosure under law.
4.4. The Provider processes PD both with and without automation tools.
4.5. To achieve the stated purposes, the Provider processes PD of individuals who have signed employment contracts (employees) with the Provider, their relatives, former employees, job applicants, contractors, subcontractors, other parties to civil-law contracts, authorized representatives of counterparties, contact persons of counterparties, customers (consumers of products presented on the website), and their authorized representatives.
4.6. The Provider does not carry out actions aimed at disclosing PD to an indefinite group of persons (i.e., does not disseminate PD).
4.7. The Provider does not disclose or provide PD to third parties without the data subject’s consent obtained in the form required by law.
4.8. To fulfill statutory functions, powers, and obligations, and to achieve its corporate and contractual objectives, the Provider discloses part of the processed PD to:
- law enforcement and other authorized bodies (upon official request);
- courier, transport, and logistics companies delivering products;
- call centers conducting customer satisfaction surveys;
- authorized service centers providing warranty and non-warranty repairs;
- agencies organizing marketing campaigns, promotions, and contests.
4.9. The Provider does not process special categories of PD concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, health, intimate life, or criminal records.
4.10. The Provider does not process biometric PD.
4.11. The Provider’s databases containing citizens’ PD are located within the EU.
4.12. The Provider does not make decisions producing legal consequences for the data subject or otherwise affecting their rights and legitimate interests based solely on automated PD processing.
4.13. The Provider may process PD for direct marketing only upon prior consent from the data subject.
5. INFORMATION STORAGE
5.1. PD processing by the Provider lasts no longer than necessary to fulfill the processing purposes.
5.2. The Provider stores PD for the period required under Article 6(1)(a) of GDPR and Section 25(1) of TTDSG.
5.3. Upon achieving the processing purposes, if these purposes are no longer necessary, or upon expiration of the storage period, the processed PD are destroyed.
5.1. PD processing by the Provider lasts no longer than necessary to fulfill the processing purposes.
5.2. The Provider stores PD for the period required under Article 6(1)(a) of GDPR and Section 25(1) of TTDSG.
5.3. Upon achieving the processing purposes, if these purposes are no longer necessary, or upon expiration of the storage period, the processed PD are destroyed.
6. INFORMATION SECURITY
6.1. The Provider implements necessary legal, organizational, and technical measures to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, or other unlawful actions.
6.2. The Provider appoints responsible personnel by order to organize PD processing and ensure PD security.
6.3. The Provider maintains a list of persons whose access to PD in information systems is necessary to perform their job duties.
6.4. The Provider implements measures for accounting and safeguarding PD storage media.
6.5. The Provider assesses potential harm to data subjects and regularly analyzes threats to PD security during processing.
6.6. Where required by law, the Provider uses information security tools that have undergone official conformity assessment.
6.7. New PD information systems are commissioned only after evaluating the effectiveness of security measures.
6.8. The Provider’s PD protection system includes:
- physical security of premises housing PD information system equipment;
- software and hardware security tools (firewalls, antivirus, intrusion detection, backup systems, access controls, audit logs);
- organizational measures approved by management, including: access rules, activity logging, PD recovery procedures, media inventory, staff training, and security audits.
6.1. The Provider implements necessary legal, organizational, and technical measures to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, or other unlawful actions.
6.2. The Provider appoints responsible personnel by order to organize PD processing and ensure PD security.
6.3. The Provider maintains a list of persons whose access to PD in information systems is necessary to perform their job duties.
6.4. The Provider implements measures for accounting and safeguarding PD storage media.
6.5. The Provider assesses potential harm to data subjects and regularly analyzes threats to PD security during processing.
6.6. Where required by law, the Provider uses information security tools that have undergone official conformity assessment.
6.7. New PD information systems are commissioned only after evaluating the effectiveness of security measures.
6.8. The Provider’s PD protection system includes:
- physical security of premises housing PD information system equipment;
- software and hardware security tools (firewalls, antivirus, intrusion detection, backup systems, access controls, audit logs);
- organizational measures approved by management, including: access rules, activity logging, PD recovery procedures, media inventory, staff training, and security audits.
7. DISCLOSURE OF INFORMATION
7.1. The Provider has submitted a Notification on PD processing to the authorized data protection authority.
7.2. Exercise of data subject rights is carried out via requests sent to AlphaDegree AC Trading LLC at:
- Postal address: UAE, Dubai, Al Mararr Area, Sultan Bld, office 302;
- Email: admin@alphadegree.ae
7.1. The Provider has submitted a Notification on PD processing to the authorized data protection authority.
7.2. Exercise of data subject rights is carried out via requests sent to AlphaDegree AC Trading LLC at:
- Postal address: UAE, Dubai, Al Mararr Area, Sultan Bld, office 302;
- Email: admin@alphadegree.ae