Policy Statement on Emotional Rating users' personal data processing and protection

1. Joint guidelines

1.1. Present Policy Statement on Emotional Rating users’ personal data processing and protection are developed in order to comply with GDPR.

1.2. Present Policy Statement is an official document which sets forth the arrangements for data processing and protection for individuals who use services, information and programs of Emotional Rating positioned the domain EmotionalRating.com (i.e. Emotional Rating users).

1.3. The purpose of Policy Statement is privacy assurance and personal Emotional Rating users’ data protection; assurance of users’ rights during data processing; allocation of responsibility of employees and officials who have access to Emotional Rating users' personal data for violation of rules related to personal data processing and protection.

1.4. Policy Statement sets forth rights and responsibilities of managers and employees, data use rules for work-related purposes, coordination arrangements for Emotional Rating users’ data collecting, documenting, storage and destruction.

1.5. Policy Statement effective date and amendment.

1.5.1. Present Policy Statement shall be effective after being signed by CEO and remain in force without limit of time until it is replaced by new Policy Statement.

1.5.2. All amendments are communicated to all employees by publicating on the site.

1.6. All Company employees must be acknowledged with Policy Statement against receipt.

1.7. Emotional Rating users’ personal data is confidential information.

2. General definitions

2.1. For the purposes of present Policy Statement we use the following general definitions:

  • Emotional Rating users’ personal data is information used for person’s identity including his / her first name, last name, patronymic name, date of birth, place of birth, address and other information required to get services connected with Emotional Rating.
  • Personal data processing includes collection, systematization, storage, keeping, updating, editing, using, transferring, sharing, depersonalisation, blocking, removing, destruction.
  • Privacy of personal data is statutory requirement for parties who have access to Emotional Rating users’ personal data. They may not transfer data without the consent of user or other legal cause.
  • Personal data transfers includes actions directed to Emotional Rating users’ personal data transfers to certain group of persons, or familiarization with personal data of unlimited group of persons including Emotional Rating users’ personal data publication in mass media, publication in information and telecommunications networks, or providing access to Emotional Rating users’ personal data by other means.
  • Personal data use includes manipulations with data performed by officials who make decisions or take other actions having legal implications for Emotional Rating users, or involving their rights and rights of third parties in another way.
  • Personal data blocking is interruption of Emotional Rating users’ personal data collection, systematization, storage, using, transferring, sharing.
  • Personal data destruction includes actions which resulted in impossibility to restore Emotional Rating users’ personal data, or which resulted in destructing physical storage media.
  • Personal data depersonalization includes actions which resulted in impossibility to match data and users who own this data.
  • Generally accessible personal data is personal data with access to unlimited group of persons given with the consent from Emotional Rating users, or personal data privacy requirements do not apply to according to law.
  • Data is any information in different formats.
  • Documented information is data stored in physical storage media with attributes or physical storage media itself.

3. Personal data definition and scope

3.1. Personal data definition. Emotional Rating users’ personal data is information required in order to provide services for users when they use Emotional Rating and directed to particular user.

3.2. The scope of personal data is data provided by Emotional Rating users by completing forms, profile settings and other sources on the site, in particular:

  • First name, last name, patronymic name;
  • Date and place of birth;
  • Postal addresses почтовые адреса (domicile and for contacts);
  • Citizenship;
  • Primary ID; issuance date and place of issue;
  • Phone numbers;
  • Fax numbers;
  • E-mails;
  • Personal site link or social links;
  • Billing details (current account details, bank account details).

3.3. Emotional Rating users’ personal data also includes user data collected by Emotional Rating functionality and processed by computing capacity of the service, in particular:

  • Nickname (login);
  • IP address, user searches, visited web page addresses, thematics of Company’s site content;
  • User ID hash-coded or coded by other modifications of Emotional Rating;
  • Geographical address of network connection point;
  • Information which does not help to identify user exactly but provides general idea of what ads to show.

3.4. Personal data also includes additional data provided by user on demand of Emotional Rating with intent to satisfy and discharge obligations towards user.

3.5. Company has a right to request a copy of document of identification or other document containing first name, last name, photo, and other data necessary and sufficient for user identification with intent to prevent from abusive practice and infringement of third-party rights.

3.6. Emotional Rating user must keep his / her personal data and other information current.

4. Personal data receiving, collecting, processing and protection

4.1. Personal data is provided by Emotional Rating user by completing forms, profile settings, making a contract or an offer, sending a letter from user to Company.

4.2. Emotional Rating user must provide accurate personal data and notify changes without undue delay. Company has a right to check the veracity of data demanding on a copy of document of identification.

4.3. Company shall not receive and process Emotional Rating user data about his / her ethnicity, nationality, political views, religious and philosophical views, state of health, intimate life due to GDPR regulations.

4.4. Emotional Rating users’ personal data processing is performed with intent to be in compliance with law and to provide personal security.

4.5. Emotional Rating user agrees to personal data processing by completing forms on site and in mobile apps so that to accept Terms & Conditions https://emotionalrating.com/p/terms due to GDPR regulations in terms of Privacy Policy https://emotionalrating.com/p/privacy-policy.

4.6. User’s consent on personal data processing is not obligatory in the following cases:

  1. Personal data processing is performed under terms of Service Agreement related to Emotional Rating using;
  2. Personal data processing is performed on statistical and other scientific purposes with using depersonalized data;
  3. For user life and health protection and other vital interests when it’s impossible to request user’s consent.

4.7. Arrangements for personal data processing, transfers and storage. With intent to enforce human and civil rights Company employees and officials must comply with the following general regulations:

4.7.1. Company defines volume and content of processed personal data due to GDPR regulations.

4.7.2. Personal data protection from abusive practice or loss is performed by Company at its expense.

4.7.3. In all the circumstances user’s waiver of right of privacy is void.

5. Personal data communication and storage

5.1.1. Withhold Emotional Rating users’ personal data from third parties without written consent from user except in cases when it is necessary for preventing danger to user’s health or life, in cases captured in legislation throughout the EU, and in cases listed in Privacy Policy https://emotionalrating.com/p/privacy-policy.

5.1.2. Warn third parties who receive Emotional Rating users’ personal data that it may be used only on purposes for what it is communicated, and claim that this regulation must be satisfied. Third parties who receive Emotional Rating users’ personal data must comply with privacy. This regulation does not apply to Emotional Rating users’ personal data communication in cases captured in legislation throughout the EU.

5.1.3. Communicate Emotional Rating users’ personal data within Company due to Policy Statement.

5.1.4. Permit access to Emotional Rating users’ personal data only for designated authorities as required for performing specific functions.

5.1.5. Register requests and communication of Emotional Rating users’ personal data in Registration Log of requested format.

5.2. Emotional Rating users’ personal data storage and use.

5.2.1. Emotional Rating users’ personal data is processed and stored by automation facilities in local computers.

Emotional Rating users’ personal data is stored in local computers in system protected from viruses and local and global network security threats, with authorized access.

5.2.2. Emotional Rating users’ personal data is processed and communicated for storage in both physical and electronic media.

5.2.3. Emotional Rating users’ personal data in physical media is stored in folders in safe. Emotional Rating users’ personal data in electronic media is stored in local computer networks. Access to users’ personal data bases is password-protected. Chief Executive Officer set passwords and communicate them individually among employees who need access to Emotional Rating users’ personal data.

Reference: Emotional Rating users’ personal data storage in accounting office and other departments working with personal data is performed through except access for third parties.

5.2.4. Employees provided with access to Emotional Rating users’ personal data for work-related purposes (СEO, CTO, programmer, chief editor, technical support department) provide personal data storage with except access for third parties.

In absence employees must not keep Emotional Rating users’ personal data in physical media in the workplace.

For vacation leave, business trip or other durial absence form the workplace employee must delegate document storage and media to other employee according with internal regulations.

Reference: if such employee is not appointed, documents and media are delegated to other employee having access to Emotional Rating users’ personal data on direction of unit manager.

In case of removal of such employee documents and media are delegated to other employee having access to Emotional Rating users’ personal data on direction of unit manager.

6. Access to personal data

6.1. Access for employees.

6.1.1. Access to Emotional Rating users’ personal data is given to the following not specifically authorized employees to the extent that they use data for work-related purposes:

  • CEO, CTO;
  • Technical support department; development department;
  • Unit managers and their departments.

6.1.2. Designated authorities have access only to personal data which is necessary for performing functions.

6.1.3. Without authorized access employees are not permitted to have access to Emotional Rating users’ personal data.

6.1.4. Access registration procedure includes:

  • Acknowledgement of employee against receipt with Policy Statement and with other internal regulations (for example, orders, instructions);
  • Written obligation of employee about complying with personal data privacy and data processing regulations in a form prescribed by Company.

6.1.5. Personal data communication within Company is performed only by employees having access to Emotional Rating users’ personal data.

6.1.6. Employees are permitted to copy and abstract Emotional Rating users’ personal data only for work-related purposes on direction of unit manager.

6.2. Access for external organisations and third parties.

6.2.2. Access to Emotional Rating users’ personal data is given to third parties for purposes listed in Privacy Policy https://emotionalrating.com/p/privacy-policy with consent of Emotional Rating user. This consent is made through completing forms on site or in mobile apps. This means that user accepts Terms & Conditions and agrees on personal data processing due to GDPR regulations.

6.2.3. Emotional Rating users’ personal data communication is not permitted for commercial purposes without the written consent from user. Emotional Rating users’ personal data processing for promotion of products and services by direct contact with prospects through means of communication is permitted only with advance consent of user.

6.2.4. Employees who transfer Emotional Rating users’ personal data to third parties must take act of acceptance-transfer of documents or other physical media containing personal data.

Act of acceptance-transfer must be made in a form prescribed by Company and must contain notification about responsibility to use personal data only for purposes for which it is transferred.

Transferring of documents and other physical media containing Emotional Rating users’ personal data is performed only to the extent in place:

  • Confidentiality Agreement, or privacy note in contract with third party including clauses of personal data protection;
  • Request from third party including cause of access to Emotional Rating users’ personal data, list of information, purpose of use, name and job of individual who is appointed to get personal data.

For arrangements of Emotional Rating users’ personal data transfers specially trained employee and unit manager are responsible.

6.2.5. Emotional Rating users’ personal data is transferred to user’s agent including lawyer in order to comply with law and Policy Statement to the extent in place:

  • Attested POA of Emotional Rating user’s agent;
  • User’s statement written in the presence of Company employee or notarised.

POAs and statements are documents of management and record keeping.

6.2.6. Emotional Rating users’ personal data is transferred to public authorities in order to comply with law and Policy Statement.

6.2.7. Emotional Rating users’ personal data is transferred to relatives and family members only with written consent of user except as otherwise personal data transfers is permitted without written consent by law throughout the EU.

6.2.8. Documents containing Emotional Rating users’ personal data is transferred through federal postal organization in compliance of privacy.

Documents containing Emotional Rating users’ personal data are enclosed with cover letter attached. The envelope contains note of  confidentiality of contents and responsibility for illegal disclosure. Then the envelope with cover letter is enclosed in other envelope with postal details for recorded delivery.

6.3. Emotional Rating user has a right to:

6.3.1. Get full information about his / her personal data processing.

6.3.2. Free access to his / her personal data including copying any note containing personal data save in exceptional cases with compliance to law.

6.3.3. Claim to make data more exact and correct, exclude if it is inaccurate, illegally received or unnecessary for Company.

6.3.4. Ask for:

  • Report of who has or may have access to personal data;
  • List of processing personal data and its source;
  • Period of processing and storage;
  • Report of legal consequences for user resulted from his / her personal data processing.

6.3.5. Claim to notificate all persons who were informed of inaccurate or incomplete personal data, about exclusions, corrections and additions.

6.3.6. Lodge a complaint about wrong acts or negative acts of Company related to personal data processing and protection to authorized agency of protection of the rights of subjects of personal data or in legal form.

7. Personal data protection

7.1. Personal data protection from abusive practice or loss is performed by Company at its expense.

7.2. Overall organization of Emotional Rating users’ personal data protection is performed by CEO.

7.3. CEO provides:

  • Acknowledgement of employee against receipt with Policy Statement;
  • Written obligation of employee about complying with personal data privacy and data processing regulations (except persons defined in 6.1.1 Policy Statement);
  • Overall control over observance of Emotional Rating users’ personal data protection.

7.4. Organization and control of Emotional Rating users’ personal data protection in business and support units where employees have access to personal data, is performed by unit managers.

7.5. The following are liable for protection:

  • Emotional Rating users’ personal data;
  • Documents containing Emotional Rating users’ personal data;
  • Emotional Rating users’ personal data in electronic media.

7.6. Personal data in databases is protected from unauthorized access, corruption, destruction or other wrong acts through access rights differentiation with accounts and passwords for authorization.

7.7. In order to provide Emotional Rating users’ personal data security and privacy all functions related to personal data maintenance and storage must be performed only by employees in accordance with employment duties defined in job description.

7.8. Responses to written requests of other organisations and agencies within their competences are given in a written form prescribed by Company and to the extent so that not to disclose extra confidential information.

When Emotional Rating users’ personal data is transferred to third parties including Emotional Rating user’s agents in compliance with Policy Statement, it is limited to the extent enough to perform functions by third parties.

7.9. Emotional Rating users’ personal data transfers via phone, fax, e-mail is forbidden without written consent of user.

8. Final clauses

8.1. Persons guilty of a violation of Emotional Rating users’ personal data receiving, processing and protecting bear financial, disciplinary, administrative, civil and criminal liability as set forth by law.

8.2. Emotional Rating users’ personal data disclosure to third parties and to employees without right to access, public disclosure, loss of documents or media containing Emotional Rating users’ personal data, other non-compliance with Policy Statement and failures to perform duties of personal data protection and processing according with internal regulations, contribute to admonition or dismission liable to disciplinary action.

8.3. Employees having access to Emotional Rating users’ personal data who commits disciplinary action bear the full financial liability in case of causing damage to Company.

8.4. Employees having access to Emotional Rating users’ personal data guilty of disclosure or personal data misuse for their own ends without consent of user that contribute to major damage, bear criminal liability.