- The person and data of the Data Controller
Data of the Data Controller:
Name: Moltoperation Ltd.
Registered seat: International House 24 Holborn Viaduct, City Of London, London, England, EC1A 2BN
Company registration number: 12055181
Central e-mail address: firstname.lastname@example.org
Company registry kept by: Companies House
Contact details concerning data protection/data processing:
(hereinafter: Data Controller).
Data of hosting service provider:
Name: SiteGround Hosting Ltd.
Registered seat: 3rd Floor, 11-12 St. James's Square London SW1Y 4LB
Company registration number: 09348602
- Definition of terms
Personal Data: any information relating to an identified or identifiable natural person (hereinafter: Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Anonymous information collected without enabling personal identification and which cannot be linked to natural persons as well as demographic data collected without being linked to the personal data of identifiable persons, thereby preventing connection to a natural person, shall not qualify as personal data;
Sensitive Data: means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data and biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
Data Processing: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Data Transfer: means making data accessible to a third party;
Publication: means making data accessible to anyone;
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for the Data Controller's nomination may be provided for by Union or Member State law;
Data processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller; erasure of data means rendering data unrecognisable by making it unrecoverable; automated data file means any set of data undergoing automatic processing;
Automatic processing: includes the following operations if carried out in whole or in part by automated means: storage of data, carrying out of logical or arithmetical operations on those data, their alteration, erasure, retrieval or dissemination.
III. Principles of Data Processing
Data Controller shall manage the personal data provided to the Data Controller by the registering natural persons (hereinafter: Registrants) on the website nonmono.org (hereinafter: Website) in accordance with the provisions of this Policy.
Guaranteed rights of the Data Subject
Each person has the right to
a.) receive information on his/her data and the data processing (right of access by the Data Subject),
b.) The Data Subject shall have the right to obtain from the Data Controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data; (b) the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the Data Subject for the establishment, exercise or defense of legal claims; (d) the Data Subject has objected to processing pursuant to relevant legislation pending the verification whether the legitimate grounds of the controller override those of the Data Subject.
c.) establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file;
d.) obtain at reasonable intervals and without excessive delay or expense, confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form;
e.) have such data rectified or deleted in substantiated cases, without delay (right to be forgotten). The Controller shall communicate any rectification or deletion of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Data Controller shall inform the Data Subject about the recipients if the Data Subject requests it;
f.) receive, in the case of automated processing in consent-based processing, the personal data concerning him or her, which he or she has provided to Moltoperation Ltd, in a structured, commonly used and machine-readable format and shall have the right to transfer these data to another Data Controller. The exercise of this right shall not violate the right to be forgotten and shall not adversely affect the rights and freedoms of others;
g.) not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, except in the cases under Article 22 of the GDPR (automated decision-making);
h.) obtain legal remedy if a request for information or, where appropriate, communication, rectification or erasure as referred to by relevant legislation is not complied with. At the Data Subject's request, the Data Controller shall provide information on the data managed by it and those processed by the Data Processor on its behalf, the purpose, legal basis, duration of data processing, the name and address (registered seat) of the Data Processor and its activities linked to data processing, furthermore, on who and for what purpose receives or have received data. The Data controller shall provide the requested information in writing in intelligible form at the earliest possible time upon receipt of data subject's request, but within no later than 30 days. In case of any violation of its rights, the Data Subject may lodge a formal complaint against the Data Controller in a court of law. The Data Controller is liable to pay compensation for any damage caused to another person by its unlawful handling of data relating to Data Subject or by breaching the requirements of technical data protection. The Data controller is also liable to pay compensation to Data Subject for any damage caused by its data processor. The Data controller is exempt from liability if it can prove that the damage was the result of an unavoidable cause outside the scope of data processing. No compensation shall be paid if the damage was caused by the injured party's deliberate or grossly negligent conduct.
- The legal basis, purpose, scope and duration of data processing according to the type of processed data
a.) Data processed for providing online dating Service
a.1.) Definition of the purpose of Data Processing
This purpose of data processing includes the following:
- Potential use of the data for statistical purposes in an anonymised manner;
- Sending information messages to the Registrants' e-mail address
a.2.) The scope of processed data
"Mandatory" personal data:
- E-mail address. Purpose of data processing: Keeping contact with the Registrant: sending information messages and notifications;
- Year of birth Purpose of data processing: Defining the age of the Registrant in order to filter out the registering persons aged under 18.
- First name. Purpose of data processing: To personalize our messages
'Optional' sensitive data:
- Sexual identity. Purpose of data processing: In order to send the appropriate invitations to events and services for the Registrant.
- Type of the profile (gender and/or whether he/she is looking for a partner as a couple ), Purpose of data processing: In order to send the appropriate invitations to events and services for the Registrant.
'Mandatory' technical data:
- IP address.Purpose of data processing: Execution of a technical operation.
- Cookie identifier.Purpose of data processing: Storage of status and use of further services (Google).
- Date and time of registration.Purpose of data processing: Documenting the acceptance of the GTC and registration on the website.
- Type and version of the browser and the operating system(based on User Agent HTTP Header). Purpose of data processing: Anonymous statistics; in the case of a customer service notification it may contain information to solve the problem.
a.3.) Legal basis of Data Processing
The consent of the Data Subject under point c) of paragraph (1) of article 6 of the GDPR.
'The advertiser, the advertising service provider or the publisher of the advertisement shall keep a register of the personal data of the persons submitting a declaration of consent to them, in the scope specified in the consent. The data relating to the recipient of the advertisement, recorded in these register, may only be processed in compliance with the provisions of the declaration of consent, until the consent is withdrawn, and they may only be transferred to a third party with the prior consent of the person concerned.'
Data processing is based on your consent. You are obliged to provide personal data if you would like to receive newsletters from us. Failure to provide data results in us not being able to send you newsletters.
a.4.) Duration of Data Processing and Data Storage
The consent can be withdrawn, the Registrant can unsubscribe from information messages by clicking on the link 'unsubscribe' at the footer of the sent messages.
The duration of data processing, deadline for deleting the data: the data processing continues until the declaration of consent is withdrawn, that is, until unsubscribing (in the case of a consent belonging to a registered account we not only delete the fact of subscription but also the data so that you stop receiving newsletters.) You can unsubscribe from newsletters by clicking on the 'unsubscribe' link in the footer of the sent messages, or you can request unsubscription via our customer service page too.
a.5.) Scope of Data Subjects
All Registrants registering on the Website.
b.) Data processed for customer relations and complaint management
b.1.) Definition of the purpose of Data Processing
The purpose of the communication may include: notification of complaints, question or remark related to the service, technical problem.
b.2.) The scope of processed data
Mandatory personal data
- E-mail address. Purpose of data processing: Keeping contact and sending response message
- Topic of the request, subject of the request, description of the request.Purpose of data processing: Interpreting the customer service notification
Mandatory technical data
- IP address. Purpose of data processing: Execution of a technical operation
- Date and time of notification.Purpose of data processing: The order of responses is managed according to the date and time of the notification
- Type and version of the browser and the operating system (based on User Agent HTTP Header).Purpose of data processing: in the case of a customer service notification it may contain information to solve the problem
- Technical status.Purpose of data processing: Managing the customer service notification: handled or unhandled
b.3.) Legal basis of Data Processing
The consent of the Data Subject, under point c) of paragraph (1) of article 6 of the GDPR. The Data Subject is obliged to provide personal data so that we can respond to the message. Failure to provide data results in us not being able to accommodate the request.
b.4.) Duration of Data Processing and Data Storage, how can the consent be withdrawn?
Customer service notification data are retained for 1 year. The visitor can request at any time the deletion of the data relating to the notification on the customer service page.
b.5.) Scope of Data Subjects
The visitor submitting a notification on the customer service platform on the Website.
- Data processing and data security principles
a.) Data Controller and, within its own scope of activities, Data Processor shall ensure the security of the data, and adopt technical and organisational measures and design procedural policies as may be necessary to enforce the provisions of the Data Protection Act as well as other data and confidentiality regulations. Data shall be protected especially against unauthorised access, alteration, publication, or erasure, as well as against damage or destruction.
b.) When the Registrants are on the Website, they can usually do so without revealing their identity or providing any kind of personal data. When providing name and e-mail address the Registrant have the possibility not to provide their real name but to use an alias instead.
c.) Data Controller shall, without fail, adhere to the basic principles, guarantee arrangements and restrictions stipulated under Basic Principles when recording, registering and processing data, and it shall keep Data Subject informed of its activities by e-mail, at Data Subject's request.
d.) As a general principle, whenever the Data Controller asks its visitors or Registrants to provide personal information, they are free to decide whether they want to provide the requested information after having read and interpreted the required written information.
The Data Controller always makes it clear which information fields must be provided on a mandatory basis, for what purpose and under which conditions. The term 'mandatory' in this case does not refer to the mandatory nature of providing the requested data, but indicates that these are fields without the completion of which the registration will not be successful, in other words, leaving certain fields blank or not completing them properly may lead to the rejection of the registration.
Whereas Moltoperation Ltd. does not offer any services intended for individuals aged under 18, it hereby represents and warrants that it does not collect or process personal data on individuals aged under 18.
e.) The Data Controller's all members, senior officers as well as employees (if applicable) are entitled to the access the data processed by the Data Controller. The requirement to provide information on data processing is also deemed fulfilled when a legal regulation provides for the recording of data by transfer from an already existing data processing pool or by linking existing databases.
f.) The Data Controller shall take all necessary measures to ensure the security of the personal data provided by the Registrants to the Data Controller, both during the course of network communication (i.e. online data processing) and during the course of data storage and safekeeping (i.e. offline data processing).
g.) The Data Controller shall ensure that Registrants can access, correct and supplement their own personal data through the same communication channels and by using the same means through which they previously shared their personal data with us.
The Data Subject may request from the Data Controller access to the personal data relating to him/her, rectification, deletion of such data, and the restriction of the processing thereof. Furthermore, the data subject may object to the processing of such personal data, and he/she has to right to data portability and to withdraw the consent at any time.
h.) If any Registrant asks the Data Controller to delete his/her personal data from its own system, this request will be accommodated by the Data Controller without delay.
i.) Whenever the Data Controller intends to use the provided data for purposes other than the purpose of the original data recording, it shall inform the Registrant of those purposes, and obtain his/her prior express consent. Furthermore, the Data Controller shall ensure that the Registrant may opt to prohibit such use.
j.) Without authorisation from the Registrant or arising from the effective legal regulations, under no circumstances shall the Data Controller transfer to third parties any personal data provided by the Registrant/visitor. If the Data Controller is requested by any competent authority to provide any personal data in the manner prescribed by the applicable legal regulations, the Data Controller will hand over the requested and available information in accordance with its statutory obligation.
k.) The Data Controller may apply automated decision-making (profiling) when developing discount subscription offers. We offer discount packages on the basis of the time that has passed since registration or the expiration of the previous subscription and based on the Registrants' sex.
VII. Within this framework, Data Controller shall apply the following rules during the course of data collecting
a.) Data suitable for contacting individual Registrants
The Data Controller shall use data suitable for contacting individual Registrant (e.g. e-mail addresses) exclusively for purposes preliminarily approved by the Registrant, and it shall, under no circumstances, disclose them to third parties without the Registrants' prior written consent, except where otherwise stipulated by applicable laws.
b.) Data suitable for physically contacting Registrants
The Data Controller shall use the Data exclusively for the purposes preliminarily approved by the Registrant, and it shall not disclose them to third parties, except where otherwise stipulated by applicable laws.
In some cases, the Data Controller's Services may include references (links) to the websites of other service providers. The Data Controller shall not accept liability for the data and information protection practices of such service providers.
VIII. Governing law, information, legal remedy
This Data Processing Policy and any issues relating to data protection shall be governed by the law of the United Kingdom, and any legal disputes arising in any data protection context shall fall under the jurisdiction of courts in the United Kingdom, and the courts in the United Kingdom according to the Data Controller's registered seat shall have exclusive competence.
At the Registrants' request, the Data Controller shall provide information on the Registrants' data processed by it, on the purpose, legal basis and duration of the data processing, on the data processor's name, address (registered seat) and his/her data processing activities, and who and for what purpose receive or have received the data. Information may be requested at email@example.com.
Registrants can enforce their right of access, deletion, modification relating to their personal data, restriction of processing, data portability, and they can also object to the data processing at the address firstname.lastname@example.org.
Should the Registrant has any reason to believe that we have breached their personal data protection rights, they may file a claim with a court, or may seek assistance at the Information Commissioner's Office (https://ico.org.uk/). The court shall settle such cases in expeditious procedures. The action falls under the jurisdiction of the court. The action may also be initiated at the court according to the address or place of residence of the Registrant (Data Subject), at the choice of the Registrant (Data Subject).