Data Protection Policy

This Policy contains provisions applicable to this website of the Company. The controller and the processor of the personal data of the users on this website is the company Royal Assa N.V. (hereinafter referred to as the «Company» or «We»), whose office is located at Abraham de Veerstraat 9, Willemstad, Curacao.

Personal data subjects are visitors of this website and / or persons who use the functionality of this website (hereinafter referred to as «Users» or «You»). «The Company» and «the User» are together referred to as «Parties», and «the Party» when being mentioned separately. This Policy explains how we use and protect any personal data we collect about this website’s users.

We comply with the principles established by the General Data Protection Regulation (Regulation (EU) 2016/679), namely, personal data:

• are processed legally, honestly, and «transparently» by us;
• are collected for certain, explicit and legitimate purposes and are not processed further in a way that is incompatible with these purposes («purposes limitation»);
• are adequate, appropriate, and limited to what is necessary for the purposes for which they are processed («data minimization»);
• are accurate and, if necessary, updated; every reasonable step should be taken to ensure that personal data which were inaccurate, taking into account the purposes for which they were processed, were erased or corrected without delay («accuracy»);
• are stored in a form that allows identification of users no longer than it is necessary for the purposes for which personal data are processed; («limitation of storage»);
• are processed in a way that provides proper protection of personal data, including protection from unauthorized or illegal processing, as well as from accidental loss, destruction, or damage using appropriate technical or organizational measures («integrity and confidentiality»).

Personal data which are collected and processed by the Company in respect to users: name, surname, patronymic, address of residence and contact information, valid e-mail address, place of residence, relevant payment information, login (username). The company for the purpose of identifying the user’s personality has the right to request a scan copy of his passport. All data which are provided by You must be correct and valid. You are solely responsible for the accuracy, completeness, and correctness of the data which You provide. How we will use Your personal information. We use Your personal data to identify the user’s identity when registering on our website, to identify You for the correctness of making payments from the user to the Company and from the Company to the user. We use Your payment details (such as the name of the cardholder, the credit card number, and the expiration date of the card) for the purpose of providing You with services on our website.

We use Your personal data for such main purposes:

• to provide You with our services;
• to maintain Your account and records;
• to communicate with You in the frame of the provision of our services;
• to provide answers to Your questions and comments;
• to monitor the dynamics and levels of use of our website and the quality of our services;
• to determine the interest in our services;
• to improve the quality of our services and our website;
• to notify You about our special offers and services that may be interesting for You;
• to determine Your experience on our website;
• to receive information from You, including by conducting surveys;
• for the resolution of disputes;
• for charging fees (if there are appropriate grounds);
• to eliminate problems and errors on our website;
• to prevent potentially prohibited or illegal activities;
• to ensure compliance with our Terms & Conditions and all our Policies placed on this website.

Disclosure of your personal data

Your personal data may be disclosed (transferred) by the Company to any of our affiliated companies or any business partners (regardless of their territorial location) for the purposes described above in this Policy. We guarantee that such companies are aware of the correctness of personal data processing according to the General Data Protection Regulation (Regulation (EU) 2016/679), and comply with the provisions of this regulatory enactment. We and the above-mentioned companies may from time to time involve third parties for the processing of Your personal data for the purposes indicated above, provided that such processing will be governed by contractual arrangements in the form prescribed by law. Your personal data may also be disclosed to the appropriate governmental, regulatory, or executive body in case it is prescribed or permitted by law.

Rights and obligations of the Parties

1.1. to ask the Company for correction or erasure of the User’s personal data or to provide the Company with an objection for such processing;

1.2. to provide the User’s personal data being incomplete to the Company (subject to the provision of an additional statement explaining the reasons);

1.3. to set the data processing restriction if one of the following conditions is met:

• the accuracy of personal data is being disputed by You during a period that allows the Company to verify the accuracy of Your personal data;
• processing is illegal, and You oppose the erasure of personal data and instead requires the restriction of their use;
• the Company no longer need Your personal data for processing purposes, but they are required by You to establish, implement or protect Your legal requirements;
• You objected to the processing of Your personal data before checking the legal grounds for processing such data by the Company;

1.4. to request and receive personal data about You (that were provided by You to the Company) in a structured, commonly used, and machine-readable format (by forming the corresponding request) and to transfer this data to another controller without any interference from the Company;

1.5. to be informed whether the Company store information about You;

1.6. to request from the Company the exact purpose (s) of processing Your personal data and information about categories of your personal data that are being processed by the Company;

1.7. to request access to Your personal data which the Company stores;

1.8. to request the estimated period during which Your personal data will be stored by the Company, and if it is not possible, the criteria according to which the period of storage of such data is determined;

1.9. to file the objection with the Office of the Commissioner for Personal Data Protection of Cyprus if You believe that the Company has violated the applicable data protection legislation against You.

2.1. to provide Your accurate and true personal data in full volume, in accordance with the Terms & Conditions placed on this website and this Policy;

2.2. to provide the Company promptly with Your updated personal data by means specified in section «Access, correction, erasure and deletion of data» of this Policy, if any of Your personal data were changed;

2.3. to notify the Company promptly about the fact of an unauthorized receipt of Your personal data by a third party if You become aware of such a fact;

2.4. to notify the Company about any disagreements with any of the purposes of data processing or if You wish the Company to terminate the processing of Your personal data via sending a corresponding message to email [email protected]. The User is fully aware that sending a notice of disagreement with any of the purposes of personal data processing and/ or of intention to stop the processing of his personal data being made by the Company shall be the legal ground for the termination of any relationships between the Parties within the Terms & Conditions placed on this website. You are solely responsible for the veracity, accuracy, and timeliness of Your personal data being provided to the Company.

3.1. to terminate any and all contractual relationships (stipulated by the Terms & Conditions posted on the Company’s website) with You in case of non-provision of Your consent to the Company for processing of Your personal data for the purposes specified in this Policy;

3.2. to amend this Policy unilaterally without receiving any prior approval for such amendments from You.

4.1. The Company is obliged to report any correction or erasure of personal data, or restriction of the processing of the User’s personal data to every third party to whom the User’s personal data have been disclosed by the Company for any of data processing purposes established by this Policy unless this proves impossible or involves a disproportionate effort for the Company;

4.2. to inform You about the recipients of Your personal data (third parties), if a relevant request has been received from You;

4.3. to provide You with Your personal data (being stored by the Company) in a structured, commonly used, and machine-readable format if a relevant request has been filed by You;

4.4. to notify the supervisory authority about a User’s personal data breach not later than in 72 hours after becoming aware of such a fact. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

4.5. to notify immediately the User about the fact of his/her personal data breach if such a breach is likely to result in a high risk to the rights and freedoms of the User. The parties also have all rights and obligations provided by the General Data Protection Regulation. The time period of storing Your personal data by the Company extends for the entire period of the duration of relationships between the parties provided by the Terms & Conditions placed on the Company’s website as well as for the next three years after the termination of the Parties’ relationships (to resolve possible disputable issues).

4.6. Legal protection. The Сompany must comply with the Law on the Processing of Personal Data (Protection of the Individual), no. 138(I)/2001 dated November 23, 2001, as amended; with General Information Protection Regulation (Regulation (EU) 2016/679) and Electronic Communications Privacy Directive (Directive 2002/58 / EC) as amended by Directive 2009/136 / EC.

4.7. Access to, correction, erasure, and deletion of data. If You wish to view any personal data that we store about You or if You want to make any changes to Your personal data or delete them; or if You wish to receive information on how Your personal data are used by the Company, how we ensure the confidentiality of Your personal data, You can submit a request. You must submit such a request to the Company in writing. The request must contain Your name, address, and description of the information which You wish to receive, correct or delete. The request can be submitted by You via e-mail [email protected] or via airmail at the address: Abraham de Veerstraat 9, Willemstad, Curacao.

4.8. In order to maintain confidentiality, when submitting the request, You also need to submit confirmation of Your identity. For this purpose, You need to attach a copy of Your passport to a request.

4.9. We reserve the right to charge reasonable fees for duplicate requests, requests for additional copies of the same data, and / or requests which are considered obviously unreasonable or excessive.

We can also refuse to provide answers on requests which we consider to be obviously unreasonable or excessive. Cookies, tags, and other identifiers («Cookies») Cookies are text files placed on Your computer or mobile device to collect standard internet log information and User’s behavior information. Our website creates Cookies for each session when You visit it.

5.1. to ensure that any selections You make on our website are adequately recorded;

5.2. for analysis of the traffic on our website, so as to allow us to make suitable improvements.

5.3. Please be aware that it is not possible to use this website without Cookies. If additional information about the Company’s use of Cookies is required, please get in touch with us.