sexvideovault Limited policy are comply with the General Data Protection Regulation 2016/679 GDPR
Regulation (EU) 2016/679 (General Data Protection Regulation) replaces Data Protection Directive 95/46. It has direct effect and implies a change in the legislation of the Member States in the field of personal data protection. Its purpose is to protect the “rights and freedoms” of individuals and to ensure that personal data are not processed without their knowledge and, where possible, processed with their consent.
Material scope – GDPR applies to the processing of personal data wholly or in part by automatic means and to the processing of personal data (for example, manually and on paper) by other means, which are part of a personal data record or which are intended to form part of a personal data record.
Territorial scope – The rules of the GDPR will apply to all data controllers established in the EU who process personal data of individuals in the context of their activities. It will also apply to non-EU administrators who process personal data in order to offer goods and services or observe the behavior of data subjects who are resident in the EU.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions and the processing of genetic data, biometrics for unique identifying an individual, data concerning health or data on the sexual life of an individual or sexual orientation.
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
Data subject means any natural person who is the subject of personal data stored by the Controller (Administrator).
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
Main place of establishment – the EU controller’s headquarters will be the place where he takes the basic decisions about the purpose and means of his data processing activities. For personal data processors, its main place of establishment in the EU will be its administrative center.
If the controller is based outside the EU, he must appoint a representative in the jurisdiction where the administrator works to act on behalf of the controller and deal with supervisors. (Article 4 (16) of the GDPR)
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data;
PRINCIPLES OF DATA PROTECTION
All processing of personal data are in accordance with the data protection principles referred to in Article 5 of GDRP (EU) 2016/679. The policies and procedures of sexvideovault Limited aim to ensure compliance with these principles.
Personal data be processed lawfully, in good faith and transparently
Lawfulness – Identify a legal basis before it can process personal data. They are often referred to as “grounds for processing”, such as “consent”.
Fairness – in order for the processing to be in good faith, the data controller must provide certain information to the data subjects as far as is practicable. This applies irrespective of whether personal data is obtained directly from data subjects or from other sources.
Regulation (EU) 2016/679 increases the requirements for what information should be available to data subjects that are covered by the “transparency” requirement.
Personal data may only be collected for specific, explicit and legitimate purposes
Data obtained for specific purposes should not be used for a purpose that differs from those officially announced to the supervisory body as part of the sexvideovault Limited Data Processing (Article 30 GDPR).
Personal data must be adequate, relevant, limited to what is necessary for their processing for the purpose. (Principle of minimum necessary)
Data Protection Officer (DPO) is responsible for ensuring that sexvideovault Limited does not collect information that is not strictly necessary for the purpose for which it was received.
The Data Protection Officer (DPO) will ensure that on an annual basis all data collection methods are reviewed by (internal audit / external experts) to ensure that the collected data continues to be adequate, relevant, are not excessive.
Personal data must be accurate and up-to-date at all times, and the necessary efforts are made to enable deletion or correction immediately (within the framework of possible technical solutions)
The data stored by the data controller should be reviewed and updated as necessary. Data should not be stored in cases where it is unlikely to be accurate.
The Data Protection Officer is responsible for ensuring that all staff are trained in the importance of accurate data collection and maintenance.
It is also the duty of the data subject to declare that the data he transmits for storage by sexvideovault Limited are accurate and up-to-date. Completing a form from the data subject to the administrator will include a statement that the data contained therein is accurate at the filing date.
Employees / employees (clients / others) should be required to notify sexvideovault Limited of any change in circumstances in order to update the records of personal data. Instructions and rules for updating the records are contained (here). The responsibility of sexvideovault Limited is to ensure that any change of circumstances notification is recorded and action is taken.
The Data Protection Officer is responsible for ensuring that appropriate procedures and policies are in place to maintain the accuracy and timeliness of personal data, taking into account the volume of data collected, the speed at which it can change, other relevant factors.
At least annually, the Data Protection Officer will review the storage times of all personal data handled by sexvideovault Limited, referring to the inventory of the data and will identify all data that are no longer required in the context of the registered objective. These data will be reliably destroyed in accordance with the administrator’s procedures and rules.
The Data Protection Officer (DPO) is responsible for complying with data r requests within one month, which can be extended by a further two months If the sexvideovault Limited decides not to comply with the request, the Data Protection Officer must respond to the data subject in order to explain his / her reasons and to inform him / her of the right to complain and the supervisory authority and to seek redress.
The Data Protection Officer is responsible for taking appropriate measures in cases where third party organizations have inaccurate or outdated personal data to inform them that the information is inaccurate or obsolete and is not used to make decisions about individuals to inform the parties concerned; and to forward any correction of personal data to third countries where necessary.
Personal data must be stored in such a form that the data subject can only be identified for as long as is necessary for the processing.
When personal data is retained after the processing date, it will be stored appropriately (minimized, encrypted, aliased) to protect the identity of the data subject in case of data breaches.
Personal data are processed in a way that ensures appropriate security (Article 24, Article 32 of the GDPR)
The Data Protection Officer will carry out an impact assessment (risk assessment) taking into account all circumstances related to data management or processing operations by sexvideovault Limited .
In determining the suitability of the processing, the Data Protection Officer should also examine the extent of any damage or loss that may be caused to individuals (eg staff or customers) if a security breach occurs, as is the case and any likely damage to the reputation of the controller, including a possible loss of customer confidence.
When assessing appropriate technical measures, the Data Protection Officer will consider the following:
Automatic locking of idle workstations in the network;
Removing access rights for USB and other removable storage media;
Antivirus software and firewalls;
Access rights based on roles, including those of assigned temporary staff
Protect devices that leave the organization’s premises, such as laptops or others;
Security of local and wide-area networks;
Enhanced privacy practices such as pseudonymization and anonymization
Identification of appropriate international security standards appropriate for sexvideovault Limited
When assessing the appropriate organizational measures, the Data Protection Officer will consider the following:
Levels of appropriate training in sexvideovault Limited
Measures that take into account staff reliability (for example, appraisal assessments, recommendations, etc.);
Inclusion of data protection in employment contracts;
Identification of disciplinary measures for violations with regard to data processing;
Regularly inspect staff for compliance with relevant security standards;
Control of physical access to electronic and paper-based records;
Store the database paper in lockable wall cabinets;
Restricting the use of portable electronic devices outside the workplace;
Limiting employee use of personal devices in the workplace;
Accepting clear rules for creating and using passwords;
Regular backup of personal data and physical storage of media with copies outside the office;
Imposition of contractual obligations on counterparty organizations to take appropriate security measures when transferring data outside the EU.
These controls are selected based on the identified personal data risks as well as the potential for damage to the data subjects who are being processed.
Compliance with the principle of accountability
Regulation (EU) 2016/679 includes provisions that promote accountability and manageability and complement transparency requirements. The principle of accountability in Art. 5, par. 2 requires the controller to prove that he adheres to the other principles in the GDPR and explicitly states that this is his responsibility.
RIGHTS OF DATA SUBJECTS
Data subjects have the following rights in respect of the processing of data and the data recorded for them:
Make requests to verify that personal data associated with it is being processed and, if so, to access the data, as well as information on who the recipients of that data are.
Request a copy of their personal data from the controller (administrator);
Ask the controller (administrator) to correct personal data when they are inaccurate and when they are no longer up to date;
Require the controller (administrator) to delete personal data (right to be forgotten);
Ask the controller (administrator) to limit the processing of personal data, in which case the data will be stored but not processed;
To object to the processing of his or her personal data;
To object to the processing of personal data relating to him / her for direct marketing purposes.
Appeal to a supervisor if he / she believes that any of the GDPR provisions is violated;
Request and be given personal data in a structured, widely used and machine-readable format (data portability);
Withdraw your consent to the processing of personal data at any time with a separate request addressed to the administrator;
Not subject to automated decisions affecting him to a significant extent without human interference;
Oppose automated profiling, which happens without its consent;
Under consent, sexvideovault Limited understand any free expression, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or a clear confirmation action, which expresses its consent to the processing of the related personal data. The data subject may withdraw his / her consent at any time.
sexvideovault Limited understands “consent” only in cases where the data subject has been fully informed of the planned processing and has expressed his / her consent and without exerting pressure on it. Consent obtained under pressure or on the basis of misleading information will not be a valid basis for the processing of personal data.
Consent cannot be inferred from the absence of a reply to a message to the data subject. There must be active communication between the controller and the subject for consent. The administrator must be able to demonstrate that consent has been received for the processing operations.
4. For specific categories of data, explicit consent in writing to obtain consent to the processing of personal data of data subjects shall be obtained unless there is an alternative legal basis for processing.
5. In most cases, the consent for the processing of personal and special categories of data is routinely obtained from sexvideovault Limited , using standard documents for consent (please specify) when a new client signs a contract or when recruiting new staff, etc.
6. When sexvideovault Limited processes personal data of children, permission must be obtained from parents exercising parenting rights (parents, guardians, etc.). This requirement applies to children under the age of 16 (unless the Member State has provided for a lower age limit, which may not be less than 13 years).
All employees are responsible for ensuring the security in the storage of the data they are responsible for and which sexvideovault Limited, holds and that the data are safely stored and not disclosed under any circumstances of third parties, unless the sexvideovault Limited has given such rights to that third party by entering into a contract / confidentiality clause (please indicate here if you have any such).
All personal data must be accessible only to those who need it and access can only be granted in accordance with established access control rules. All personal data must be treated with the utmost certainty and must be kept:
in a self-contained room with controlled access; and / or in a locked cabinet or in the filing cabinet; and / or
if computerized, password protected in accordance with internal requirements set out in organizational and technical measures to control access to information (eg access control rules); and / or
Stored on portable computer media that are protected in accordance with organizational and technical measures to control access to information.
Establish an organization to ensure that computer screens and terminals cannot be viewed by anyone other than the authorized employees of sexvideovault Limited. All employees are required to be trained and accept the relevant contractual clauses / declaration of compliance with the organizational and technical measures of access as well as the rules for the locking of workstations before being given access to information of any kind.
Paper-based records should not be left where they can be accessed by unauthorized persons and cannot be removed from the designated office premises without explicit permission. As soon as paper documents are no longer required for ongoing customer support work, they must be destroyed in accordance with the established procedure / rules and the relevant protocol.
The processing of personal data “outside the office” represents a potentially greater risk of loss, theft or violation of personal data. The staff must be specifically authorized to process data outside the controller’s premises.
The Information that “Site” Collects
User-provided information: You provide certain personally identifiable information (such as your name and email address) to “Site” when choosing to participate in various activities on the Site such as uploading videos or posting messages.
Cookies Information: When you visit the “Site”, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser. “Site” uses both session cookies and persistent cookies. A persistent cookie remains after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser help file directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the “Site” may not function properly if the ability to accept cookies is disabled.
Log File Information: When you use the “Site”, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, Internet Protocol (“IP”) address, browser type, browser language, referring / exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time of your request, and one or more cookies that may uniquely identify your browser.
The Way “Site” Retains Information
To preserve the integrity of website databases, “Site” Video’s procedure is to retain information submitted by members for an indefinite length of time. By submitting information to “Site”, you are consenting to store that information indefinitely.
The Way “Site” Uses Information
If you submit personally identifiable information to us through the “Site”, then we use your personal information to operate, maintain, and provide to you the features and functionality of the site.
Any personal information or video content that you voluntarily disclose online (on discussion boards, in messages and chat areas, within your public profile page, etc.) becomes publicly available and can be collected and used by others. Your account name (not your email address) is displayed to other users when you upload videos or send messages through the “Site”, and other users can contact you through messages and comments. Any videos that you submit to the “Site” may be redistributed through the Internet and other media channels, and may be viewed by the general public.
We do not use your email address or other personally identifiable information to send commercial or marketing messages without your consent or except as part of a specific program or feature for which you will have the ability to opt-in or opt-out. We may, however, use your email address without further consent for non-marketing or administrative purposes.
When “Site” Discloses Information
We do not share your personally identifiable information (such as name or email address) with other, third-party companies for their commercial or marketing use without your consent or except as part of a specific program or feature for which you will have the ability to opt-in or opt-out.
We may release personally identifiable information and/or non-personally-identifiable information if required to do so by law, or in the good-faith belief that such action is necessary to comply with state and federal laws (such as U.S. Copyright Law) or respond to a court order, subpoena, or search warrant.
Our Commitment to Legal-Age Usage
Protecting children from adult content is especially important. For that reason, “Site” does not knowingly collect or maintain personally identifiable information or non-personally-identifiable information on the “Site” web site from persons under 18 years of age, and no part of our website is directed to persons under 18, or legal age according to state law. If you are under 18 years of age, then please do not use or access the “Site” web site at any time or in any manner. If “Site” learns that personally identifiable information of persons under 18 years of age has been collected, appropriate steps will be taken to delete this information.
In the Event of Merger, Sale, or Bankruptcy
In the event that “Site” is acquired by or merged with a third party entity, we reserve the right, in any of these circumstances, to transfer or assign the information we have collected from our users as part of such merger, acquisition, sale, or other change of control. In the unlikely event of our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your personal information is treated, transferred, or used.