REGISTER OF ACTIVITIES OF A PERSONAL DATA ADMINISTRATOR

1. Purposes of personal data processing

The administrator processes personal data for the following purposes:

● For the needs of providing the services offered by the company as well as for fulfillment of the contracts concluded by the company with consumers;

● For selection and hiring of employees under employment contracts, as well as for selection of contractors under civil contracts;

● To fulfill its obligations under the Accounting Act;

● To fulfill its obligations under the laws governing the labor and social security obligations of the company as an employer and insurer;

2. Description of categories of subjects and categories of personal data

The administrator processes personal data of the following categories of subjects:

● Customers

○ Name;

○ Email address;

○ Contact phone;

○ Where applicable:

■ Data from an identity document;

■ PIN or other identification number;

■ Address

■ Data for participation in commercial companies; non-profit legal entities and other legal entities.

The personal data of clients are kept for a period of 5 years, as of the moment of concluding a contract with the client, after which they are deleted.

● Users

○ Name;

○ Email address;

○ Phone;

○ Traffic data

User data is kept for no more than 2 years, after which it is deleted.

● Job candidates and employees

○ Name;

○ Email;

○ Phone;

○ Age;

○ Work experience;

○ Health data when administering sick leaves and other documents related to employment.

Data for job candidates are deleted within 1 year of their collection. Data on employees and contractors of a civil contract are kept for a period of 3 years from the termination of the legal relationship with the subject.

3. Categories of recipients to whom the data may be disclosed

The administrator may disclose personal data to third parties in the following cases:

● To lawyers registered in accordance with the Law on Advocacy – for the needs of execution of contracts with clients;

● To state and municipal bodies, when the Law requires it or for the needs of execution of contracts with clients;

● To information service providers used by the administrator acting as processors of personal data.

4. Technical and organizational measures

The controller shall apply the following measures to ensure the security of the processing of personal data:

● pseudonymization and encryption of personal data

Applies to traffic data and user data for direct marketing purposes.

● ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

The personal data collected by the Administrator are processed electronically by personal data processors using servers with the ability to recover deleted information – “backup”.

Date:

Signature: _______________________