I. PERSONAL DATA
1. Personal data provided by the User shall be processed by the Service Provider maintained by the minister in charge of economy, who is the Data Controller within the meaning of the Personal Data Protection Act of 29 August 1997.
2. The scope of the processed personal data shall be determined by the scope of data completed by the User and sent to the Data Controller by means of relevant form. Processing User’s personal data may pertain to his/her first and last name, e-mail address, phone number, workplace and computer IP address.
3. Personal data of Users shall be processed for the following purposes: (a) realization of legal provisions, (b) creation of the Account, provision of services by electronic means, including Newsletter, examination of filed complaints and other actions as specified in the Terms of Service, (c) promotional and commercial actions of the Service Provider.
4. Providing the personal data shall be voluntary, but the lack of consent to process personal data marked as obligatory shall prevent performance of services and agreements by the Service Provider.
5. The legal basis for processing personal data in the case referred to in clause 3(a) shall be the statutory authorization to process data which are essential to act in accordance with the law, whereas in the case referred to in clauses 3(b) and 3(c) it shall be the statutory authorization to process data which are necessary to perform an agreement if a person to whom the data refer is a party to such agreement, or if it is essential for undertaking certain actions prior to conclusion of the agreement upon request of the person to whom the data refer, or a voluntary consent of the User.
6. Personal data of Users may be transferred only for the purpose of performing the agreements for provision of services by electronic means by the Service Provider to a hosting company, a company providing accounting services to the Service Provider and a company providing the system for e-mail marketing (Newsletter). Personal data collected by the Service Provider may also be disclosed to: competent state bodies upon their request on the basis of relevant provisions of law, or other persons and entities – in the cases prescribed in the provisions of law.
8. The User shall have the right to control processing the data which pertain to him/her and are included in databases, in particular the right to:
a) access his/her personal data, complement and correct them by reporting such request to the Service Provider,
b) request temporary or permanent suspension of their processing or their removal if they are incomplete, invalid, inaccurate or if they have been collected in violation of the law or they have become unnecessary to realize the purpose, for which they had been collected,
c) object processing his/her personal data – in the cases prescribed in the legal provisions – and the right to request their removal if they become unnecessary to realize the purpose, for which they have been collected.
9. The provided personal data shall be stored and secured in accordance with the rules prescribed in the applicable legal provisions: the Personal Data Protection Act of 29 June 1997 (Journal of Laws of 2002 No. 101, item 926, as amended), the Act of 18 July 2002 on provision of services by electronic means (Journal of Laws No. 144, item 1204, as amended), the Ordinance of the Minister of Interior and Administration of 29 April 2004 on the documentation of personal data processing, and technological and organizational conditions which shall be met by devices and IT systems used for personal data processing (Journal of Laws No. 100, item 1024).
10. If the Service Provider is advised that the User uses the service provided by electronic means in a way violating the Terms of Service or applicable provisions of law (unauthorized use), then the Service Provider may process the personal data of the User in the scope required for establishing liability of the User.
11. The service may store http enquiries, therefore the files containing web server logs may store certain data, including the IP address of the computer sending the enquiry, the name of User’s station – identification through http protocol, if possible, date and system time of registration on the Platform and receipt of the enquiry, number of bytes sent by the server, the URL address of the site visited by the User before if the User has entered the service through a link, information concerning User’s browser, information concerning errors occurred by realization of the http transaction. Web server logs may be collected for the purpose of proper administration of the Platform. Only persons authorized to administer the IT system shall have access to the data. Files containing web server logs may be analyzed for the purposes of preparing statistics concerning traffic on the Platform and occurring errors. Summary of such details shall not identify the User.
II. INFORMATION SECURITY
1. The Service Provider shall apply technological and organizational means in order to secure processing the personal data corresponding to the threats and category of data to be secured, in particular, through technical and organizational means the Service Provider shall secure data against publishing to unauthorized persons, taking over by an unauthorized person, processing in violation of the law and change, loss, damage or destruction; among others the SSL (Secure Socket Layer) certificates shall be applied. Users’ personal data shall be collected and stored on a secured server, moreover, the data shall be secured by Service Provider’s internal procedures related to processing personal data and information security policy
2. In order to log in to the Account, it shall be necessary to provide relevant username and password. For the purpose of ensuring an appropriate level of security, the password for the Account shall exist on the Platform only in a coded form. Furthermore, registration of and logging in to the Account shall proceed in a secure https connection. Communication between the User’s device and the servers shall be encoded using the SSL protocol.
3. At the same time the Service Provider states that using the Internet and services provided by electronic means may pose specific teleinformatic threats, such as for instance: presence and operation of worms, spyware or malware software, including computer viruses, as well as possibility of being exposed to cracking or phishing (fishing passwords) and other. In order to obtain detailed and professional information related to the security in the Internet, the Service Provider recommends taking advice from entities specializing in such IT services.
13. The Service Provider shall use two types of Cookies: session cookies, which are permanently deleted upon closing the session of the User’s browser and permanent cookies, which remain on the User’s device after closing the session until they are deleted.
14. It is not possible to identify the User on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collecting any personal data.
15. Cookies used on the Platform are safe for the User’s device, in particular they prevent viruses or other software break into to the device.
16. Files generated directly by the Platform may not be read by other Internet services. Third-Party Cookies (i.e. Cookies provided by associates of the Service Provider) may be read by an external server.
17. The User may disable storing Cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Platform.
18. The User shall use own Cookies for the following purposes: authenticating the User on the Platform and preserving User’s session; configuration of the Platform and adjusting the content of pages to User’s preferences, such as: recognizing User’s device, remembering settings set up by the User; Cookies ensuring security of data and use of the Platform; analyses and researches of views; advertisement services.
19. The Service Provider shall use third-party Cookies for the following purposes: preparing statistics (anonymous) for the purposes of optimizing functionality of the Platform, by means of analytic tools such as Google Analytics and Google Adwords; using interactive functions by means of social networks: linkedin.com, plus.google.com, youtube.com, facebook.com and twitter.com, slideshare.net, instagram.com, pinterest.com.
20. The User may individually change Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. The User may also individually delete Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
21. Details concerning Cookies support are available in the settings of a browser used by the User.
In the case of any questions or doubts pertaining to personal data protection and privacy, the User should contact the Service Provider through the following address: firstname.lastname@example.org
This is taken from a third party with which we share the exact similar policies. Big Mongolian will not be responsible for any third party violations.