PRIVACY POLICY

Policy regarding the processing of personal data on the website devby.io (hereinafter referred to as the Policy).

CHAPTER 1 GENERAL PROVISIONS

1.1. This Policy determines how devby.io (Data Controller), collects, processes and discloses personal information through its websites and other online products and services that fall under this Policy (hereinafter referred to as the Services) or when Data Processor otherwise interact with Company.

1.2. The privacy of Data Processor is important to us. This Policy outlines how the Company collects, process, manages the personal data what Company collects from Data Processor use of a Services of the Company or websites, through the interaction of Data Processor with the Company on social media or other dealings between Data Controller and Data Processor. When doing that the Company act as data controller in accordance with the principles contained in The General Data Protection Regulation (hereinafter referred to as GDPR) (EU) 2016/679.

1.3. The following terms are used in this Policy:

1.3.1. Services — any services, products, programs, events, services of the Company.

1.3.2. Sites — devby.io, dev.by and other sites owned by the Company, as well as subdomains of these sites.

1.4. This Policy applies to all operations performed by the Data Controller with personal data using automation tools or without their use.

1.5. This Policy comes into force from the moment it is published on the Sites.

CHAPTER 2 CATEGORIES OF PERSONAL DATA SUBJECTS AND SCOPE OF PERSONAL DATA PROCESSED

2.1. The Data Controller processes personal data that may be obtained from the following Data processor:

2.1.1. members of the Company and affiliates of the Company;

2.1.2. employees of the Company, former employees, candidates for vacant positions;

2.1.3. contractors and customers of the Company who are individuals;

2.1.4. representatives and/or employees of counterparties and clients of the Company who are

2.1.5. legal entities or individual entrepreneurs;

2.1.6. visitors to the Sites, Services of the Company;

2.1.7. persons who provided the Company with personal data by subscribing to the newsletter, when sending feedback, comments, by filling out questionnaires during promotional and other events held by the Company;

2.1.8. persons who provided personal data to the Company in another way.

2.2. The Data Controller processes the following personal data of the Data Processor:

2.2.1. Identity data includes full name or its parts, username or similar identifier, marital status, title, date and place of birth, nationality, gender, information from identity document (s), employment status and related information, pictures/pictures (including biometric information such as a visual image of the face) or other document (s) Company may request from time to time.

2.2.2. Contact data includes residential address, e-mail address, Linked In profile and telephone number.

2.2.3. Economic and appropriateness data includes employment status, work experience.

2.2.4. Technical data includes internet protocol (IP) address, login data, data from cookies, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices Data Processor use to access the Services.

2.2.5. Communication data includes communication between Data Processor and Company, including chats, call recordings and emails, history of requests and views on the Sites and Services of the Company.

2.2.6. Profile data includes username and password, Data Processor’s interests, preferences, feedback and survey responses.

2.2.7. Usage data includes information about how Data Processor get access to the Data Controller’s Services and use it.

CHAPTER 3 PURPOSE OF COLLECTING PERSONAL DATA

3.1. The Company as a data controller may only use clients’ personal data if there is a lawful basis for such use. The most common lawful bases used by Company are:

3.1.1. consent: in some cases, the Company may process clients’ personal data only if the Company obtain clients’ prior consent;

3.1.2. performance of a contract: the Company will require clients’ personal data to be able to offer the Services in accordance with the contract terms between the Company and clients;

3.1.3. compliance with a legal obligation: due to the nature of the Services the Company provide, the laws applicable to the Company’s activities require to collect and store certain data about clients;

3.1.4. legitimate interests: sometimes the Company rely on legitimate interests to process clients’ data (e.g. to improve the Services) and the Company will do so except where such interests are overridden by clients’ interests or fundamental rights and freedoms.

Below is a table describing how the Company may use clients’ personal data and which of the legal bases are used by the Company to ensure lawful data processing:

Purpose/Activity Type of data Lawful basis for processing
  To create the account. Identity data
Contact data
Technical data
Performance of a contract when the Company  provides its Services to clients.
To verify the identity, carry out checks that the Company is required to conduct by applicable laws and regulations. Identity data
Contact data
Technical data
Communication data
Compliance with legal obligations under applicable law.
  To provide customer support Identity data
Contact data
Technical data
Performance of a contract when the Company  provides its Services to clients.
To send a service notifications related to your use the Services Contact data
Communication data
Performance of a contract when we provide our Services to you
To send you updates and marketing communication as well as to deliver relevant content to you, including ads, suggestions, personalized offers and recommendations Identity data
Contact data Technical data
Profile data
Usage data
Consent or our legitimate interests to improve our Services
To perform data analytics with respect to our Services for improvement purposes Technical data
Usage data
Our legitimate interests to improve  our Services
To manage and protect our business and website including system maintenance Identity data
Technical data
Our legitimate interests to improve our Services and protect personal data and the Services; Performance of a contract when we provide our Services to you
To help us improve our Services by completing a survey,  feedback or review. Identity data
Profile data
Consent

CHAPTER 4 BASIC RIGHTS AND OBLIGATIONS OF THE DATA CONTROLLER AND DATA PROCESSOR

4.1. The Data Controller has the right to:

4.1.1. receive from the Data Processor reliable information and/or documents containing personal data;

4.1.2. request from the Data Processor information about the relevance and reliability of the provided personal data;

4.1.3. refuse the Data Processor to satisfy the requirements to stop the processing of its personal data and/or delete them if there are grounds for processing provided for by GDPR, including if they are necessary for the stated purposes of their processing.

4.2. The Data Controller is obliged to:

4.2.1. process personal data in the manner prescribed by GDPR;

4.2.2. ensure the protection of personal data in the process of their processing;

4.2.3. take measures to ensure the accuracy of the personal data processed by it, make changes to personal data that are incomplete, outdated or inaccurate;

4.2.4. consider statements of the Data Processor on the processing of personal data and give reasoned answers to them;

4.2.5. provide the Data Processor with information about it’s personal data, about their provision to third parties;

4.2.6. stop processing personal data, as well as delete or block them in the absence of grounds for their processing, as well as at the request of the Data Processor;

4.2.7. perform other duties stipulated by GDPR.

4.3. The Data Processor has the right to:

4.3.1. receive information regarding the processing by the Data Controller of its personal data;

4.3.2. amend own personal data if the personal data is incomplete, outdated or inaccurate;

4.3.3. withdraw its consent to the processing of personal data;

4.3.4. receive information about the provision of its personal data to third parties;

4.3.5. stop processing its personal data, including its deletion, if there are no grounds for its processing;

4.3.6. appeal against the actions/inactions and decisions of the Data Controller related to the processing of its personal data to the authorized body for the protection of the rights of Data Processor in the manner prescribed by law;

4.3.7. exercise other rights provided for by GDPR.

4.4. The Data Processor is obliged to:

4.4.1. provide the Data Controller with only reliable information about yourself;

4.4.2. provide the Data Controller with documents containing personal data to the extent necessary for the purpose of their processing if necessary;

4.4.3. inform the Data Controller about changes in their personal data.

4.5. A Data Processor, who has provided the Data Controller with incomplete, outdated, inaccurate information about oneself, or information about another Data Processor without the consent of the latter, is liable in accordance with GDPR.

CHAPTER 5 PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA

5.1. The basis for the processing of personal data is the consent of the Data Processor, with the exception of cases established by GDPR, when the processing of personal data is carried out without obtaining such consent. Until the Company receives consent to the processing of personal data by the Data Processor (agreement with this Policy), the Company does not process the personal data of such Data Processor.

5.2. The consent of the Data Processor is a free, unambiguous, informed expression of its will, through which he authorizes the processing of its personal data. Refusal to give consent to the processing of personal data gives the Data Controller the right to refuse the Data Processor to provide access to the Sites and Services of the Company.

5.3. The processing of personal data by the Data Controller includes the following actions with personal data: collection, systematization, storage, modification, using, depersonalization, blocking, distribution, provision, deletion and other actions, in accordance with GDPR.

5.4. The ways of processing personal data by the Data Controller: non-automated processing of personal data; automated processing of personal data with the transfer of the information received via information and telecommunication networks or without such transfer; mixed processing of personal data.

5.5. The storage of personal data is carried out in a form that allows to determine the Data Processor for a period not longer than required by the purposes of processing personal data, except when the period of storage of personal data is established by GDPR, an agreement concluded (concluded) with the Data Processor, in order to perform the actions established by that agreement.

5.6. The condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the expiration of the period for processing personal data, the withdrawal of the consent of the Data Processor to the processing of its personal data, as well as the identification of unlawful processing of personal data.

5.7. When processing personal data, the Data Controller takes the necessary legal, organizational and technical measures to ensure the protection of personal data from unauthorized or accidental access to them, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other illegal actions in relation to personal data.

CHAPTER 6 MECHANISM FOR EXERCISING THE RIGHTS OF THE PERSONAL DATA SUBJECT

6.1. A Data Processor has the right to withdraw its consent to the processing of its personal data by submitting a written application to the Data Controller in the following order:

6.1.1. To verify the fact that the Data Processor is indeed the owner of an account on the Company’s Services, he is obliged to send from the its email address to which the account in the Company’s Services is registered a scanned application (or photo) to withdraw consent to the processing of its personal data;

6.1.2. The Data Processor sends an application in writing form, by registered mail. Also, a Data Processor has the right to submit an application in the form of an electronic document. The application must contain:

6.1.2.1. first name, last name (patronymic is necessary) of the Data Processor;

6.1.2.2. address of the place of residence (place of stay);

6.1.2.3. statement of the essence of the requirement;

6.1.2.4. personal signature or electronic digital signature.

6.1.3. The Data Controller, within 15 days after receiving the application from a Data Processor, stops processing its personal data (if there are no grounds for processing, in accordance with GDPR), deletes them, if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including their blocking, and notifies about it the Data Processor within the same period.

6.2. The Data Processor has the right to obtain information from the Data Controller regarding the processing of its personal data by submitting an application to the Data Controller in the manner provided for in clause 6.1. of this Policy. The Data Controller within 5 working days after receiving the application from Data Processor:

6.2.1. provides the Data Processor with relevant information;

6.2.2. notifies the Data Processor about the reasons for refusal to provide such information.

6.3. The Data Processor has the right to require from the Data Controller to make changes to their personal data if they are incomplete, outdated or inaccurate, by submitting an application to the Data Controller in the manner provided for in clause 6.l of this Policy, with documents attached (duly certified copies) confirming the need for such changes. The Data Controller, within 15 days after receiving the application, makes changes to personal data and notifies the Data Processor about it or notifies the reasons for refusal to make changes.

6.4. The Data Processor has the right to receive information from the Data Controller about the provision of its personal data to third parties once a calendar year free of charge, by submitting an application to the Data Controller in the manner provided for in clause 6.l of this Policy. The Data Controller, within 15 days after receiving the application, provides the Data Processor with information about what personal data of this Data Processor and to whom were provided during the year preceding the date of filing the application, or notifies it of the reasons for refusing to provide such information.

6.5. The Data Processor has the right to demand from the Data Controller to stop processing its personal data, including their deletion, in the absence of grounds for processing, by submitting an application to the Data Controller in the manner provided for in clause 6.1 of this Policy. The Data Controller, within 15 days after receiving the application, stops processing personal data (if there are no grounds for processing, in accordance with the law), deletes them, if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including their blocking, and notifies the Data Processor within the same period.

CHAPTER 7 COOKIES

7.1. The Company may use cookies for various purposes when clients get the access or use the Services of the Company. 

CHAPTER 8 CROSS-BORDER DATA TRANSFER

8.1. The Company carries out cross-border transfer of personal data exclusively for newsletters. The mechanism for opting out of receiving such mailings is provided in the profile of the personal account of the Data Processor on the websites of the Company’s Services or in the letter of the mailing itself.

8.2. According to Article 32 of GDPR, a Data Controller shall be obliged to take appropriate organisational and technical measures to ensure protection of data against accidental or unlawful destruction, alteration, disclosure, collection or any other form of unlawful use, and accidental or unlawful loss. A Data Controller shall be obliged to ensure registration of all operations performed in relation to electronic data. When processing non-electronic data, a data controller shall be obliged to register all operations with respect to disclosure and/or alteration of data. Measures taken to ensure data security must be adequate to the risks related to processing of data.

8.3. By agreeing to this Policy, the Data Processor gives their consent to the implementation of cross-border transfer of personal data.

CHAPTER 9 FINAL PROVISIONS

9.1. Issues related to the processing of personal data that are not enshrined in this Policy are governed by GDPR.

9.2. In case that any provision of the Policy is found to be contrary to the law, the remaining provisions corresponding to the law will remain in force and effect, and any invalid provision will be considered removed/modified to the extent necessary to ensure its compliance with the law.

9.3. The Data Controller has the right, at its discretion, to change and (or) supplement the terms of this Policy without prior and (or) subsequent notification of the Data Processor. The current version of the Policy is permanently available at: https://devby.io/pages/privacy-policy.

9.4. Communication with the representative of the Company on any issues is carried out via e-mail [email protected].