User Personal Data Processing and Protection Policy
EFFECTIVE FROM FEBRUARY 1, 2022
Visotsky Consulting Inc. takes the matters of confidentiality and security of information very seriously. Protecting users' personal data is one of our key priorities.
To ensure the rights and freedoms in the field of user personal data protection, this Policy has been developed. It explains the basis, methods, and purposes for processing personal data.
1. Introduction
1.1. This document defines the policy regarding the protection and processing of user personal data (hereinafter referred to as the "Policy").
1.2. This Policy is developed in accordance with applicable legislation.
2. Key Terms Used in This Policy:
Applications - Forms for collecting personal data, placed on the website and intended for electronic submission through the site. Applications on the site are presented in the form of questionnaires containing prompt questions related to the subject of personal data.
Button - A graphic element of the site highlighted in color and containing a contrasting color inscription denoting the programmatically associated action to be performed upon pressing it.
Cookie – Text files placed on the personal data subject's computer (or other device) when visiting the site through a web browser.
Personal Data Processing - Any action (operation) or set of actions performed with or without the use of automation tools on personal data, including collection, recording, organization, storage, clarification (update, change), retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
Personal Data Operator (hereinafter referred to as the Personal Data Operator) - A legal entity that processes personal data and determines the purposes of personal data processing, the composition of personal data to be processed, and actions performed with personal data.
Personal Data Operator - Copyright Holder - Visotsky Consulting Inc., address: 368 9th Ave 6FL, New York, NY 10001.
Personal Data - Any information relating directly or indirectly to a specific or identifiable individual (personal data subject).
Information System User - An employee of the Personal Data Operator who has been granted access to the personal data of the personal data subject.
Website - A collection of texts, graphic elements, design, images, software code, software, photos, and videos, and other intellectual property available on the Internet.
Personal Data Subject (within this document also "User") - An individual who has accessed the website and filled out an application on any of its pages.
Services - Services provided by the Personal Data Operator, information about which is presented on the website
3. Principles of Personal Data Processing
3.1. In processing personal data, the Personal Data Operator adheres to the following principles:
- Personal data is processed with the consent of the personal data subject and until it is revoked by them. The consent for the processing of personal data is considered received by the Personal Data Operator at the moment of the personal data subject's completion of registration on the website using the application placed on the site. Registration on the website is considered complete when the personal data subject clicks the button (that is an element of this application) located below (or to the right) of the last prompt question of the application after filling it out.
- The processing of personal data is limited to achieving specific, predetermined, and legitimate goals. The Personal Data Operator does not process personal data that is incompatible with the purposes of collecting personal data.
- The content and volume of the processed personal data correspond to the declared processing objectives.
- In processing personal data, the Personal Data Operator ensures the accuracy of the personal data, its sufficiency, and, when necessary, its relevance to the purposes of personal data processing. The Personal Data Operator takes necessary measures to delete or clarify incomplete or inaccurate data.
- Personal data processed by the Personal Data Operator must be destroyed upon achieving the processing objectives or if there is no longer a need to achieve these goals.
3.2. The Personal Data Operator does not verify the accuracy of the personal data provided by the personal data subject when filling out applications on the website, nor the actual ownership of the personal data to the specific personal data subject who indicated them as their own when filling out applications on the site. The Personal Data Operator assumes that the personal data subject provides their personal data in their interest without intending to violate the rights and legitimate interests of third parties and the Personal Data Operator or cause them harm.
3.3. The collection, recording, organization, accumulation, storage, clarification (update, change), and retrieval of personal data of personal data subjects are carried out using databases located in the USA.
4. Information Obtained by the Personal Data Operator
4.1. The Personal Data Operator collects, accesses, and uses for purposes specified in the Policy, the personal data of Users, technical, and other information related to the Users.
4.2. Technical information is not personal data; however, the Personal Data Operator uses cookies that allow identifying Users. Cookies are text files accessible to the Personal Data Operator for processing personal data about the Users' activity on the Site, Platform, in the Personal Account, including information about which pages the User visited and the time the User spent on the page, and about the rate at which Customers (Clients) master Service Packages. Users can disable the use of cookies in browser settings.
4.3. Technical information also means the information that is automatically transmitted to the Personal Data Operator during the use of the Site, Platform, and/or Personal Account through the software installed on the User's device, namely:
4.3.1. Data on the User's activity on the Internet, in particular, about visited pages, dates, and times of URL transitions, etc.
4.3.2. Information about the device and browser through which the User accessed the Internet: IP address, and (if the User accesses the Site from a mobile device) the type of device and its unique identifier
4.3.3. Data on interactions with advertisements displayed outside of the resource by the Personal Data Operator, their number, frequency, and depth of viewing.
4.4. By the User's personal data, we mean the information that the User provides to the Personal Data Operator when accessing the Site, Platform, in the Personal Account, during registration and/or authorization on the Site, Platform, and/or in the Personal Account, and using the Site, Platform, Personal Account, Service Packages, filling out the Application Form, including:
4.4.1. Surname, first name, patronymic;
4.4.2. Email address;
4.4.3. Contact phone number;
4.4.4. Messaging accounts;
4.4.5. Links to profiles (pages) on social networks;
4.4.6. Image (photo) of the User;
4.4.7. Other information provided by the User to the Personal Data Operator through the Site, Platform, Application Form, Personal Account, and during the provision of Services within the Service Packages;
4.4.8. Data transmitted automatically depending on the software settings of the User in an anonymized form.
4.4.9. The User acknowledges and accepts the possibility of using software from third parties on the Site, Platform, and/or in the Personal Account of the Operator, as a result of which such parties may receive and transmit the data mentioned in paragraph 4.4.8 in an anonymized form.
4.5. The mentioned third-party software includes:
• User location detection system (city and country) maxmind.com;
• Google Analytics web analytics system;
• Roistat end-to-end business analytics system.
4.6. The composition and terms of collecting anonymized data using third-party software are determined directly by their copyright holders.
4.7. The Personal Data Operator processes the personal data, technical information, and other information of Customers (Clients) for the entire duration of the Agreement concluded between the Customer (Client) and the Personal Data Operator. For other Users who are not Customers (Clients), the processing of personal data is carried out for the entire duration of the use of the Site and other resources of the Personal Data Operator.
5. Personal Data
5.1. Processing of the User's personal data means recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of the User's personal data, which do not fall under special categories for which the Personal Data Operator, according to the current US legislation, requires written consent from the User.
5.2. The User gives consent to the Personal Data Operator to process their personal data provided during registration and/or authorization and use of the Site, Platform, Personal Account, filling out the Application Form, including transferring such personal data to third parties to fulfill the Agreement between the Personal Data Operator and the Customer (Client), and for the purpose of implementing partnership programs with such third parties, even when such a transfer is made outside the US to the territory of other countries (cross-border transfer).
5.3. Personal data processing occurs both with and without automation tools.
5.4. The processing of the User's personal data is carried out by the Personal Data Operator in the US.
5.5. In the information systems of the Personal Data Operator, personal data of the following subjects are processed:
- Employees of the Personal Data Operator;
- Customers (Clients) of the Personal Data Operator;
- Contractors, subcontractors, and other third parties providing services and/or performing work on the order of the Personal Data Operator;
- Participants in events organized by the Personal Data Operator;
- Subscribers to newsletters from the Personal Data Operator;
- Information partners of the Personal Data Operator, invited guests, and hosts of events organized by the Personal Data Operator.
Hereinafter in the text, all the aforementioned subjects are referred to as "Users." The term "Customers (Clients)" is used when referring only to Customers (Clients) and not all Users.
5.6. The scope of this Policy covers all processes of collecting, recording, systematizing, accumulating, storing, refining, extracting, using, transferring (distributing, presenting, accessing), depersonalizing, blocking, deleting, and destroying personal data, carried out both with and without automation tools.
5.7. Using the Site and AXL Platform, Service Packages, and other resources of the Personal Data Operator means the User's unconditional agreement with the Policy and the specified conditions for processing personal data. The User can also express agreement with this Policy by subscribing to newsletters from the Personal Data Operator or by providing the Personal Data Operator with written consent to processing.
6. Purpose of Personal Data Processing
6.1. The information provided by the User is used by the Personal Data Operator solely for the purposes of:
6.1.1. Fulfilling the obligations of the Personal Data Operator towards the Customer (Client) under the Agreement concerning the use of the Site, Platform, Personal Account, Materials, and other Intellectual Property in the process of providing Services;
6.1.2. Establishing and maintaining communication with the User;
6.1.3. Sending informational and other types of messages to the User's email address;
6.1.4. Improving service quality and upgrading the Site, Platform, and Personal Account;
6.1.5. Registering the User on the Site, Platform, and Personal Account and managing the User's account on the Site, Platform, and/or Personal Account;
6.1.6. Carrying out justice in case of a corresponding request to the Personal Data Operator from authorized bodies;
6.1.7. Implementing partnership programs with third parties;
6.1.8. Complying with the legislation in the territory of the Operator.
6.2. The Personal Data Operator does not verify the accuracy of personal data provided by Users nor their legal capacity.
6.3. Personal data of the subject of personal data are processed for the following purposes:
- Enabling the User of the information system to call the personal data subject or send them an electronic message to clarify their intention to purchase the services of the Personal Data Operator, the details of which are presented on the site;
- Concluding an agreement with the personal data subject about providing them with services rendered by the Personal Data Operator, including issuing invoices for payment, sending notifications and information related to the services of the Personal Data Operator to the personal data subject;
- Processing requests and applications from the personal data subject received by the Personal Data Operator;
- Allowing the personal data subject to receive newsletters on recruitment and staff selection issues;
- Developing and adjusting the marketing policy of the Personal Data Operator taking into account the preferences of the personal data subjects based on their location and position held.
7. Composition of Processed Personal Data
7.1. The scope of personal data processed by the Personal Data Operator (may differ in different applications):
Surname, name, patronymic (middle name);
Email address;
Contact phone;
Messaging accounts;
Links to profiles (pages) in social networks;
Image (photo) of the User;
Other information provided by the User to the Personal Data Operator through the Site, Platform, Application Form, Personal Account, and during the provision of Services within the Service Packages.
8. Rights of the Personal Data Operator
8.1. The Personal Data Operator has the right to conduct statistical and other studies based on anonymized personal data provided by the User. The Personal Data Operator is entitled to provide third parties with access to such studies for targeted advertising purposes. The User agrees to such research and to receive targeted advertising by accepting the Policy. The User can withdraw this consent at any time by contacting the Personal Data Operator at the address indicated on the relevant page of the Site.
8.2. The Personal Data Operator is entitled to provide information about Users to law enforcement or other state bodies within the framework of a judicial process or during an investigation based on a court decision, a legally enforceable request, or in cooperation, as well as in other cases provided for by the current legislation on the territory of the Operator.
8.3. The Personal Data Operator may provide information about Users to third parties to identify and prevent fraudulent actions, to address technical malfunctions or security issues.
8.4. The Personal Data Operator is entitled to provide third parties, including other Site and Platform Users, webinar participants, and online and offline participants of the Personal Data Operator's events, with access to personal data about the User if such a transfer is necessary for the Personal Data Operator to fulfill obligations to the Customer (Client) under agreements concluded with the Customer (Client).
8.5. The Operator reserves the right to specify the set of personal information that the User must necessarily provide for using the Site, Platform, and/or Personal Account. If certain information is not marked as mandatory by the Personal Data Operator, its provision or disclosure is at the discretion of the User.
8.6. The Personal Data Operator stores the personal data of data subjects no longer than required by the purposes of processing such data. The storage period of personal data can be stipulated by law or anticipated in the consent provided by the personal data subject to the Personal Data Operator. After the expiration of the storage periods, personal data is subject to destruction or anonymization.
8.7. In accordance with pre-defined objectives and legislative requirements, the Personal Data Operator can transfer personal data to the following categories of third parties:
Subsidiaries and companies within the Personal Data Operator's group;
External contractors;
State or other bodies to comply with legislative requirements.
8.8. The cross-border transfer of personal data to the territory of foreign countries not ensuring an adequate level of protection of personal data subjects' rights is carried out strictly with the subject's consent and/or for the purpose of executing a contract and/or to fulfill legislative requirements.
8.9. To transfer personal data obtained from the EU territory to third parties in countries not providing an adequate level of personal data protection in the context of GDPR, contracts containing "Standard Contractual Clauses" (SCC) approved by the European Commission or the supervisory authority and endorsed by the European Commission, which ensure the protection of rights and freedoms of personal data subjects, are concluded with the corresponding third parties.
8.9. The list of third parties and the personal data transferred to them, as well as copies of the Standard Contractual Clauses used in such contracts, can be requested from the Personal Data Operator.
9. User Rights (Personal Data Subject)
9.1. Every subject whose personal data is processed by the Personal Data Operator has the following rights:
9.2. By posting information about themselves on the Site, Platform, in the Application Form, and in the Personal Account, the User can make it publicly available. In doing so, the User understands that the information might be indexed in search engines and accepts the associated risks of disclosing information related to personal, family, and other secrets.
9.3. The User can at any time delete or modify the information provided by them by taking the necessary actions on the Site, Platform, and in the Personal Account. In the absence of such an opportunity, the User can address the Personal Data Operator at the email address: visotskyinfo.usa@visotsky.com. In doing so, the User understands that the Personal Data Operator may continue to use such personal data in cases permitted by the legislation of the Operator's jurisdiction. The User can revoke the consent to receive newsletters and promotional materials at any time by notifying the Personal Data Operator in the same manner.
9.4. The data subject has the right to request confirmation of the fact that their personal data is being processed. If such processing is taking place, the data subject has the right to access the processed personal data, as well as information about the processing purposes, categories of processed data, actions performed with the data, data recipients, guarantees when transferring data to third parties, processing durations, sources of data acquisition, and the presence of an exclusively automated decision-making process. The data subject also has the right to obtain a list of processed personal data.
9.5. In situations where the Personal Data Operator uses the data subject's consent as the basis for processing their personal data, the data subject has the right to revoke such consent at any moment. Every consent to personal data processing, which the data subject provides to the Personal Data Operator, includes a procedure for its revocation – if the data subject wishes to revoke any of the consents granted to the Personal Data Operator, they can use the procedure directly specified in such consent.
9.6. The data subject has the right to request corrections to their personal data if inaccuracies in the composition of the personal data being processed by the Personal Data Operator are discovered. Considering the processing objectives, the data subject has the right to supplement their personal data, including through the submission of an additional statement.
9.7. The data subject has the right to initiate the restriction of processing all or part of their personal data if one of the following conditions applies:
The accuracy of the personal data is disputed by the data subject (restriction for the period required by the Personal Data Operator to confirm the accuracy of the personal data).
Unlawful processing of personal data is identified, and the data subject objects to the deletion of their personal data, instead requesting the restriction of its use.
The Personal Data Operator no longer needs the personal data for processing purposes, but the data is required by the data subject for the establishment, exercise, or defense of legal claims or in the context of legal proceedings.
The data subject objects to the processing of their personal data (restriction for the period required by the Personal Data Operator to determine whether the legal grounds of the Personal Data Operator for processing personal data override the objections of the data subject).
9.8. The data subject has the right to demand the deletion of their personal data from the systems of the Personal Data Operator and/or other available material sources if one of the following conditions applies:
Personal data is no longer required for the purposes for which it was obtained.
The data subject withdraws their consent, and there is no other legal basis for processing.
The data subject objects to the processing of their personal data, and there are no overriding legitimate grounds for processing.
Personal data is processed unlawfully.
Personal data must be erased to comply with a legal obligation under applicable legislation.
At the time of the collection of personal data, the data subject is a minor under the age of 16 and the personal data was not obtained based on the consent of the legal representative for the provision of services to the minor through distance service channels (information society services).
9.9. The data subject has the right to request a list of their personal data provided to the Personal Data Operator for processing in a structured, commonly used, and machine-readable format and to instruct the Personal Data Operator to transmit their personal data to a third party, provided that the technical capability exists with the Personal Data Operator. In this case, the Personal Data Operator shall not be responsible for the actions of the third party taken with the personal data subsequently.
9.10. The data subject has the right to object to the processing of all or part of their personal data for the purposes specified when providing their personal data to the Personal Data Operator unless the legitimate grounds of the Personal Data Operator for processing prevail over the interests, rights, and freedoms of the data subject or the processing is necessary for the establishment, exercise, or defense of legal claims.
9.11. The data subject has the right to request the restriction of the processing of their personal data for marketing activities of the Personal Data Operator.
9.12. The data subject has the right to lodge a complaint with the supervisory authority if the Personal Data Operator violates their rights in the field of personal data processing in any way.
10. Commencement of Personal Data Processing. Duration of Consent for Data Processing.
10.1. The processing of personal data begins upon the consent of the data subject for the processing of their personal data and continues until the expiration of the data subject's consent for the processing of personal data or until the data subject withdraws their consent for the processing of personal data.
10.2. The duration of the data subject's consent for the processing of personal data is ten (10) years from the commencement of the processing of personal data.
10.3. The data subject's consent for the processing of personal data can be revoked by them at any time based on a personal request submitted to the Personal Data Operator at the following address: support@axl.bbooster.tw. Upon receiving such a request, the processing of the data subject's personal data shall cease immediately, and all personal data of the data subject shall be destroyed.
11. Confidentiality of Personal Data
11.1. The Personal Data Operator undertakes not to disclose to third parties and not to distribute personal data without the consent of the data subjects, unless the obligation to disclose such data by the Personal Data Operator is provided for by applicable legislation.
12. Requirements for Protecting Personal Data Implemented by the Personal Data Operator
12.1. To ensure the protection of personal data of data subjects, the Personal Data Operator takes the following measures:
- Ensures the integrity of the carriers of personal data;
- Implements measures aimed at the identification and authentication of all users of the information system, as well as access objects;
- Determines the list of individuals whose access to personal data of data subjects is necessary for the performance of their job duties;
- Appoints a responsible person for ensuring the security of personal data in the information system;
- Manages user accounts in the information system and implements measures to segregate user access rights;
- Applies antivirus protection to the information system of personal data;
- Organizes periodic checks of the conditions for processing personal data;
- Organizes training in the form of briefings for users of the information system who are provided with permanent or temporary access to the personal data of data subjects.
13. Limitation of Liability
13.1. The Website, Platform, and Personal Account are not publicly accessible sources of personal data. However, in case the User takes certain actions, their personal data may become accessible to an undefined circle of individuals, which the User hereby consents to.
13.2. The User consents to receiving informational newsletters and promotional materials from the Personal Data Operator or from other parties on behalf of the Personal Data Operator, sent to the email address and contact phone number provided by the User during registration on the Website, Platform, and/or in the Personal Account.
13.3. The Personal Data Operator shall not be held responsible for how third parties with whom the User interacts within the usage of the Website, Platform, and/or Personal Account utilize the User's personal data.
14. Measures Taken to Protect User-Provided Personal Data and Guarantees of the Personal Data Operator
14.1. To protect the personal data provided by Users from unlawful or accidental access, destruction, alteration, blocking, copying, dissemination, and other unlawful actions by third parties, the Personal Data Operator takes necessary and sufficient legal, organizational, and technical measures. These measures include:
- Ensuring the integrity of personal data carriers;
- Implementing measures for the identification and authentication of all users of the information system, as well as access objects;
- Determining the list of individuals whose access to personal data of data subjects is necessary for the performance of their job duties;
- Appointing a responsible person for ensuring the security of personal data in the information system;
- Managing user accounts in the information system and implementing measures to segregate user access rights;
- Employing antivirus protection for the information system of personal data;
- Organizing periodic checks of the conditions for processing personal data;
- Organizing training in the form of briefings for users of the information system who are provided with permanent or temporary access to the personal data of data subjects.
14.2. The Personal Data Operator guarantees that the information provided by Users is not combined with statistical data of third parties. The Personal Data Operator maintains its internal statistics using personal data, which is not disclosed to third parties, except as provided in the Privacy Policy.
14.3. The Personal Data Operator does not sell or transfer information about Users separately. Such information may only be transferred in the case of partial or complete reorganization of the Personal Data Operator.
14.4. The Operator takes technical and organizational measures to allow Users to access their provided personal data and to edit such information.
14.5. In case of unlawful processing of personal data conducted by the Personal Data Operator or a person acting on behalf of the Personal Data Operator, the Personal Data Operator shall, within a period not exceeding 3 (three) business days from the date of detection, cease unlawful processing of personal data or ensure the cessation of unlawful processing by the person acting on behalf of the Personal Data Operator. If it is impossible to ensure the legality of personal data processing, the Personal Data Operator shall, within a period not exceeding 10 (ten) business days from the date of detecting unlawful processing, destroy such personal data or ensure their destruction.
15. Notice of Cookie Usage
15.1. This website uses cookies. Cookies are not considered personal data as they contain non-personal information.
15.2. The IP address, domain name, browser type, and operating system used on the data subject's device, as well as the date and time of the data subject's visit to the website, are collected and stored by the Personal Data Operator in a depersonalized form for the purpose of visitor statistics. Collecting this information enables the Personal Data Operator to promptly identify and resolve technical issues with the website's operation.
16. Final Provisions
16.1. The Personal Data Operator reserves the right to make changes to this Policy. It is the User's responsibility to review the current text of the Policy each time they access the Services, Website, Platform, and/or Personal Account.
16.2. The new version of the Policy comes into effect from the moment it is posted on the Website. Continued use of the Services, Website, Platform, and/or Personal Account after the publication of a new version of the Policy implies the User's full acceptance of the Policy and its terms.
16.3. In the event of disagreement with the terms of the Policy, the User should refrain from continuing to use the Services, Website, Platform, and Personal Account.
17. Resolution of Contradictions
17.1. In cases where the agreement between the Personal Data Operator and the Customer (Client) contains provisions regarding the use of the Customer's (Client's) personal data, the provisions of the Policy and the Agreement shall apply insofar as they do not contradict the Policy.