This Personal Data Processing Policy (hereinafter referred to as the Policy) applies to all personal data (hereinafter referred to as data) that PodiAtry NZ (hereinafter referred to as the Operator) may obtain from a personal data subject who is a party to a civil law contract, from an Internet user (hereinafter referred to as the User) during their use of any of PodiAtry NZ’s websites, services, services, programs, products or services, as well as from a personal data subject who has a relationship with the Operator governed by labor law (yes, the User).
Processing of personal data
All personal data should be obtained from the subject himself/herself. If the subject’s personal data can only be obtained from a third party, the subject must be notified or consent must be obtained from him/her.
The operator must inform the subject about the purposes, expected sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid and the procedure for its withdrawal, as well as the consequences of the subject’s refusal to give written consent to obtain it.
Documents containing personal data are created by:
- copying original documents;
- entering information into record forms.
Processing of personal data
Processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his/her personal data;
- in cases when the processing of personal data is necessary for the implementation and fulfillment of the functions, powers and duties assigned by the legislation;
- in cases when processing of personal data is carried out, access to which is granted by the subject of personal data or at his/her request (hereinafter – personal data made publicly available by the subject of personal data).
The purposes of the processing of personal data:
- for communication with the user, in connection with filling out the feedback form on the website, including sending notifications, requests and information regarding the use of the store’s website, processing, coordination of orders and their delivery, execution of agreements and contracts;
- depersonalization of personal data in order to obtain depersonalized statistical data, which are transferred to a third party for research, performance of work or provision of services.
Protection of personal data
- In accordance with the requirements of regulatory documents, the Operator has established a personal data protection system (PDPS) consisting of legal, organizational and technical protection subsystems;
- The legal protection subsystem is a set of legal, organizational, administrative and regulatory documents ensuring the creation, operation and improvement of the SPPS;
- The organizational protection subsystem includes the organization of the NWPA management structure, permitting system, information protection when working with employees, partners and third parties;
- The technical protection subsystem includes a set of technical, program, software and hardware means ensuring the protection of personal data.
Basic rights of the personal data subject and obligations of the Operator
The subject has the right to access his/her personal data and the following information:
- confirmation of the fact of personal data processing by the Operator;
- legal grounds and purposes of personal data processing
- the purposes and methods of personal data processing applied by the Operator;
- the terms of personal data processing, including the terms of their storage;
- appeal against actions or inaction of the Operator.
Obligations of the Operator
The Operator shall:
- when collecting personal data, provide information on the processing of personal data;
- in cases where personal data was not received from the subject of personal data, notify the subject;
- in case of refusal to provide personal data, the subject shall be explained the consequences of such refusal;
- publish or otherwise provide unrestricted access to the document defining its policy on personal data processing, to the information on the implemented requirements to personal data protection;
- take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data;
- provide answers to inquiries and appeals of personal data subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.