1. General Provisions
This Privacy Policy is prepared in accordance with the requirements of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable legislation and defines the procedure for processing personal data and measures taken to ensure the security of personal data by DevaKama (hereinafter referred to as the "Controller").
1.1. The Controller considers the protection of personal data and respect for the rights and freedoms of individuals as a top priority in its activities.
1.2. This Policy applies to all information that the Controller may obtain about visitors to the website https://devakama.store.
2. Key Concepts Used in This Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of the processing of personal data (except when processing is necessary to clarify personal data).
2.3. Website — a set of graphic and informational materials, as well as software and databases that provide access to them via the Internet at https://devakama.store.
2.4. Information system of personal data — a set of personal data contained in databases and the information technology and technical tools that ensure their processing.
2.5. Anonymization of personal data — actions that make it impossible to determine the personal data belonging to a specific user without additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed using automation tools or manually with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
2.7. Controller — a state or municipal authority, legal entity, or individual that independently or jointly with others organizes and/or carries out the processing of personal data and determines the purposes, content, and actions performed with personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable individual visiting the website.
2.9. Personal data permitted for disclosure — personal data for which the data subject has given consent for distribution to an unlimited number of persons in accordance with GDPR or applicable law.
2.10. User — any visitor to the website https://devakama.store.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an unspecified circle of persons, including publication in mass media, placement in information and telecommunication networks, or granting access by other means.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign country to a foreign government authority, individual, or legal entity.
2.14. Destruction of personal data — any actions that result in the irreversible destruction of personal data, making further recovery impossible.
3. Rights and Obligations of the Controller
3.1. The Controller has the right to:
- Receive accurate information and/or documents containing personal data from the data subject;
- Continue processing personal data even after withdrawal of consent if there are legal grounds under GDPR;
- Independently determine the measures necessary to comply with GDPR and other applicable legislation.
3.2. The Controller is obliged to:
- Provide the data subject with information regarding the processing of their personal data upon request;
- Organize personal data processing in accordance with applicable legislation;
- Respond to requests of data subjects and their legal representatives;
- Notify the relevant supervisory authority upon request within the legally required timeframe;
- Ensure unrestricted access to this Privacy Policy;
- Take legal, organizational, and technical measures to protect personal data against unauthorized access, destruction, alteration, blocking, copying, distribution, or other unlawful actions;
- Stop processing and destroy personal data when legally required.
4. Rights and Obligations of Data Subjects
4.1. Data subjects have the right to:
- Receive information regarding the processing of their personal data, unless otherwise provided by law;
- Request the correction, blocking, or deletion of personal data if they are incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the stated purpose;
- Withdraw consent to processing;
- Lodge complaints with the relevant supervisory authority or court against unlawful processing;
- Exercise other rights provided under GDPR.
4.2. Data subjects must provide accurate information and notify the Controller of any updates to their personal data.
5. Principles of Personal Data Processing
- Lawfulness, fairness, and transparency;
- Purpose limitation and data minimization;
- Accuracy and, if necessary, updating of personal data;
- Limitation of storage duration to the period required for processing purposes;
- Protection against unauthorized or unlawful processing, accidental loss, destruction, or damage.
6. Purposes and Types of Processed Data
Purpose: Informing the User via email newsletters
Personal data collected:
- Full name
- Email address
- Phone number
- Date and place of birth
Legal basis: Statutory documents of the Controller
Types of processing: Collection, recording, systematization, storage, deletion, and anonymization
7. Conditions for Processing Personal Data
- With consent of the data subject;
- To fulfill obligations under EU or national law;
- For execution of contracts involving the data subject;
- To protect legitimate interests of the Controller or third parties, without infringing data subject rights;
- Publicly available data or data subject-requested disclosure;
- Data required to be published by law.
8. Collection, Storage, Transfer, and Security of Personal Data
The Controller ensures the security of personal data through legal, organizational, and technical measures to prevent unauthorized access, destruction, or disclosure.
8.1. Personal data is stored securely, and access by unauthorized persons is prevented.
8.2. Personal data of the User is never, under any circumstances, shared with third parties without consent, except as required by law.
9. Final Provisions
This Policy may be updated by the Controller. The current version is always available at https://devakama.store.
