GDPR Policy

7. PROCESSING AND PROTECTION OF PERSONAL DATA

7.1. For the purposes of these Terms and Conditions:

(1) "Personal data" means any information relating to an individual, which is identified or can be identified, directly or indirectly, by an identification number or by one or more specific indications relating to its physical, physiological, psychological, mental, economic, cultural or social identity.

(2) "Processing of personal data" is any action or set of actions that may be performed in relation to personal data by automatic or other means, such as collecting, recording, organizing, storing, adapting or modifying, restoring, consulting, using, disclosing by transmission, dissemination, providing, updating or combining, blocking, deleting or destroying.

(3) "Processing purposes" specific, relevant, explicit and legitimate purposes in establishing and implementing the relationships between the parties in connection with due diligence, as well as in other cases provided by law.

7.2. In the event of personal data for which the carrier has not given explicit consent to the processing, being filed with iMS DATA INTELLIGENCE during the implementation of a contract and/or order/request, the latter is obliged to immediately cease processing of personal data, to carry out its elaborated and validated data erasure policies and destroy all copies of documents with indelible data, unless compliance with legal requirements is required to continue processing these data. In the latter case, iMS DATA INTELLIGENCE is obliged to inform the CLIENT about it.

7.3. In fulfilling their obligations under a contract, order or request, both iMS DATA INTELLIGENCE and CLIENT undertake to comply with the relevant GDPR requirements, current applicable European and national legislation, guidelines and documents issued by the respective data protection supervisory authorities, etc.

7.4. Both iMS DATA INTELLIGENCE and CLIENT are obligated:

(1) not to disclose to third parties the processed personal data, except in compliance with the requirements of the law or at the request of a state authority in the cases provided for by the law. In such cases, each party is obliged to notify the other before the disclosure, and when this is impossible, immediately after the disclosure of personal data, unless it is legally entitled to do so, or if the disclosure is made by order of the other party.

(2) to implement all necessary technical and organizational measures taking into account all possible risks to the processing of personal data in order to ensure the security and confidentiality of the processed personal data and to protect the processed personal data against accidental or unlawful processing, destruction, loss, alteration, unauthorized disclosure or access.

7.5. iMS DATA INTELLIGENCE and the CLIENT has full responsibility for fulfilling the obligations to protect personal data in the implementation of any contract signed between them and any request that they are party of, including the implementation of the obligations of persons involved on his part with data processing and/or of the data processor to which the processing has been reassigned.