©2024 All Rights Reserved by StakeSoft
StakeSoft Ltd. Conducts business in the field of software development, computer technologies and services.
StakeSoft Ltd. aims to inform persons with the present Confidentiality and personal data protection Policy regarding:
StakeSoft Ltd. processes personal data provided by employees, clients, customers, suppliers, contractors and other individuals to whom the data relate in connection with the provision of services from the scope of its activities, as well as for the preparation and signing of contracts.
StakeSoft Ltd. also processes personal data which has not been received by the individual to whom they relate, but are provided by a third party in connection with a specific service, and the person who provided this data to StakeSoft Ltd. undertakes:
Personal data is stored for a period necessary for the purposes for which it was collected or for a period established in a regulation.
In cases when the subject of personal data has given consent for direct marketing, the personal data is stored until the same unsubscribes or requests to be unsubscribed.
4.1. StakeSoft Ltd. processes personal data via a set of actions which could be performed by automatic or other non-automatic means, such as collecting, recording, organizing, storing, adapting or modifying, restoring, consulting, usage, disclosure via transmitting, distributing, providing, updating or combining, blocking, deletion and destruction.
StakeSoft Ltd. processes personal data independently or by delegation to data processors, and determines in a written contract the objectives and scope of obligations assigned by the Administrator to the data processor, at the presence of a relevant legal basis in accordance with the requirements of GDPR / PDPA. Processors on behalf of StakeSoft Ltd. are, for example, the employees of the Administrator, whose rights and obligations in connection with the processing of personal data of individuals are duly regulated in internal acts of the Administrator.
Processors are also third parties outside of the Administrator’s structure, who have been delegated to process personal data on behalf of the Administrator.
4.2. The processing actions mentioned are carried out in compliance with the following principles:
4.3. In connection with the fulfillment of statutory obligations and pre-contractual and contractual relations, in carrying out its activities, StakeSoft Ltd. processes personal data of its employees, customers and third parties for the following purposes:
- administration of labor relations: personal data of job applicants and employees in connection with an existing employment relationship (data processing is most often due to the implementation of statutory obligations of the personal data Administrator arising from the specific requirements of the legislation governing its activity, financial and accounting activity, pension, health and social security activity, human resources management activity, automatic exchange of information in the field of taxation, etc).;
- administration of contractual relations: personal data of persons prior to a service contract and current customers (including where explicit consent has been given or processing is necessary to fulfill obligations under a contract to which the data subject is a party, as well as for actions prior to signing a contract and undertaken at the request of the person).
- for the purposes of development of our business - to develop new products and services that we can offer to our customers, to develop marketing and advertising activities, to study the requirements of our customers in order to form new products that we can we offer them. This way we strive to expand our market share, increase the quality of our services and your satisfaction as our customers.
5.1. Categories of personal data, which StakeSoft Ltd. processes to conduct its business:
5.2. The personal data being processed are structured in the following registers:
6.1 The right to information
Each data subject has the right to request information about the type of personal data processed by StakeSoft Ltd., which affect him personally. This information should be provided regardless of where the personal data are processed. The data subject may make any such request for information to an employee of the Administrator StakeSoft Ltd. The designated official must assist the subject by providing him, if possible, with the personal data processed for him in the format he wishes, which should be structured in a widely used and adapted format for machine reading. The data subject has the right to information for the purposes of processing his personal data, which is provided to him during the collection of his personal data and in the subsequent change of the purposes of processing.
6.2 A request for correction
If the personal data stored are incorrect or incomplete, the data subject may request that they be corrected. The data subjects are responsible for providing correct personal data to the Administrator. In addition, the data subject should inform the Administrator of any relevant changes to his / her personal data (such as changes in the address or name of the subject).
6.3 Usage restriction
At any time during the processing of personal data, the data subject may request that the Administrator restricts the use of his personal data for a part or all of the purposes of the processing for which the subject has given his consent
6.4 Refusal of a request for information, correction or restriction of the processing of personal data
If the request for information, correction or restriction of processing is refused, the data subject will be informed of the reason for the refusal. The refusal is made in the form of the request submitted by the subject and should be motivated.
6.5 Right to be deleted ("right to be forgotten")Each person has the right to request from the Administrator the deletion of the personal data related to him, and the Administrator has the obligation to delete them without undue delay. In exercising this right by the data subject, the Administrator shall indicate to the subject how the deletion will affect the relationship between them in the future.
6.6. Right to objectEvery data subject has the right to object to the processing of personal data concerning him or her. The Administrator shall terminate the processing of personal data, unless he proves that there are grounds for continuing the processing.
6.7. Withdrawal of consent for personal data processing
The subject of personal data has the right to withdraw his consent to the processing of his personal data at any time with a separate request addressed to the Administrator. The administrator indicates to the subject how the deletion will affect the relationship between them in the future.
6.8. Questions and complaints / legal remedies
In cases where the personal data subject believes that the Administrator violates the applicable regulations, he has the right to contact the Administrator to clarify the issue. Of course, he has the right to lodge a complaint with the Personal Data Protection Commission and a regulatory body within the EU. Applications for access to information or for correction are submitted personally by the personal data subject or by a person expressly authorized by him, through a notarized power of attorney. An application may also be submitted electronically, in accordance with the Electronic Document and Electronic Signature Act. The administrator responds to the request within 14 days of its submission. If a longer period is objectively necessary - in order to collect all the requested data and this seriously complicates our work, this period can be extended to 30 days. With his decision the Administrator gives or denies access and / or the information requested by the applicant, but always explains his answer.
6.9. The right to consent to the processing of one’s personal data
The Administrator accepts the presence of "consent" only in cases where the data subject has been fully informed about the planned processing and has expressed his consent without being pressured. Consent obtained through pressure or on the basis of misleading information is not a valid basis for the processing of personal data.
Consent cannot be inferred from the lack of response to a message to the data subject. There must be active communication between the Administrator and the subject in order for consent to be present. The administrator should be able to prove that consent has been obtained for the processing activities. In most cases, consent to the processing of personal data is routinely obtained by the Administrator, using standard consent documents, for example, when a new customer signs a contract or during the recruitment of new staff.
6.10. Right to representation
The data subject may authorize another person to exercise the rights under pt. 6.1. to pt. 6.9. of current policy. The authorization should be explicit and notarized in writing. In each exercise of the rights of the data subject, the proxy is obliged to present a copy of his power of attorney to the Administrator or to the processor of personal data on behalf of the Administrator.
StakeSoft Ltd. ensures the security of personal data in accordance with the principles set out in the GDPR / PDPA by taking appropriate and sufficient administrative, technical and organizational measures to protect data from loss, theft, misuse as well as unauthorized access, disclosure, alteration or destruction.
7.1. Admissibility of data processing
The processing of personal data is permissible only if the data subject has agreed to it, if there is a legal obligation to process data, when signing or completing a contract, when necessary to protect the vital interests of the individual or the legitimate interest of the Administrator, provided that it does not contradict the legitimate interests of the individual. The admissibility of the processing of personal data is a prerequisite for the transfer of personal data.
Consent must be declared in writing or based on other legally permissible means, and the data subject must be informed in advance of the purpose of the processing and the possibility of transferring personal data to third parties. When included in other declarations, the obtaining of consent is emphasized so that it is clear to the data subject.
7.2. Intended purpose
Personal data may only be collected for the purposes listed exhaustively and may not be processed for purposes other than those intended. The purpose of data collection and processing must be complied with by the Administrator in additional processing and storage of such data. Changes to the purpose are permissible only with the consent of the data subject or if permitted by the local law of the country where the personal data were obtained.
7.3. Data saving
The processing of personal data must be necessary for the intended purpose. The possibilities available for the anonymization or introduction of pseudonymisation for personal data must be used at an early stage, as far as possible and cost-effective for the intended protective purpose.
7.4. Data quality
Personal data must be factually accurate and, as far as necessary, up-to-date. The Administrator shall take appropriate and reasonable measures to correct or delete incorrect or incomplete data.
7.5. Data security
The data administrator implements appropriate technical and organizational measures to ensure the necessary data security. These measures relate in particular to computers (servers and workstations), networks and communication links and applications, which are incorporated into the IT security management system. Appropriate measures are taken to protect this data from accidental erasure, unauthorized erasure or loss. Full information is provided in Directive (EU) 2016/1148 of the European Parliament and of the Council dated 6 July 2016 on the measures for a high overall level of security for networks and information systems in the Union.
7.6. Confidentiality of data processing
Only authorized personnel who have undertaken to comply with the requirements of data confidentiality have the right to participate in the processing of personal data. Employees are prohibited from using such data for personal purposes or providing it to unauthorized companies and third parties. Unauthorized in this context also means the use of personal data by employees who do not need access to such data in order to perform their official duties. The obligation of confidentiality continues to apply even after termination of employment / civil / official legal relations with the Administrator.
StakeSoft Ltd. uses administrative and technical measures to protect personal data it processes through its employees or provides for processing to third parties - personal data processors. These measures are as follows:
8.1. All employees of the Administrator are responsible for ensuring the security of the storage of the data they process, as well as for ensuring that the data is stored securely and not disclosed under any circumstances to third parties, unless the Administrator has granted such rights to these third parties on the basis of a written contract or a confidentiality clause;
8.2. In order to ensure adequate protection of the personal data processed by the Administrator, all necessary organizational and technical measures provided for in the applicable legislation, as well as good practices and technologies for the purpose of data protection shall be applied. The information is stored on a separate domain and in a database, and only persons working on the specific transaction have access to the information, respectively they have grounds for access to the information. Access is gained by entering a username and a password, with technological possibility provided for tracking the access sessions. The Administrator has at his disposal physical, electronic and procedural means of protection that comply with his legal obligations regarding the protection of personal data that he processes.
8.3. In order to ensure sufficient protection of the processed personal data, StakeSoft Ltd. uses the following technical measures (virus protection, firewall, an option for encryption / coding);
8.4. The administrator introduces measures guaranteeing the protection of personal information against accidental destruction or loss;
8.5. The Administrator establishes procedures for restoring the availability of personal data following a physical or technical incident. In order to fulfill these obligations, the Administrator provides the necessary technical means (servers, a computer network, cloud space), for which the protective measures under point 8.3 of this section are taken.
9.1. The Аdministrator introduces the following measures for restricting access to physical data carriers- (for example, locks with a high level of protection installed on the doors of the Administrator's office, as well as on the doors providing access to the building in which the office is located; locking of the cabinets where the paper carriers of the created registers are located);
9.2. The Administrator introduces a "clean desk" policy. Paper records should not be left out within reach of unauthorized persons and should not be removed from designated protected areas without express permission. As soon as paper documents are no longer needed for the ongoing work on personal data processing, they should be archived in the appropriate way, and if there is no need to archive them, they should be destroyed;
9.3. Personal data may be deleted or destroyed. Paper records with expired processing terms should be shredded and disposed of as "confidential waste". The data on the hard disks of unused personal computers must be deleted or the disks destroyed according to the established procedures;
9.4. Personal data processing outside the sites of the Administrator is carried out in accordance with the relevant procedural rules and is permissible with the express written consent of the direct supervisor of the processor or the Administrator.
10.1. StakeSoft Ltd. does not store personal data in a form that allows the identification of subjects for a period longer than necessary for the processing for which the consent of the data subject is given and in view of the purposes for which it was collected. Storage of personal data for a longer period is permissible without the explicit consent of the data subject, if provided for in a regulation of domestic law or European Union law;
10.2. The Administrator may store data for a longer period than necessary to carry out the processing for which consent has been given and in cases where personal data will be processed for archiving purposes in the public interest, scientific or historical research and for statistical purposes, and only in the implementation of appropriate technical and organizational measures to guarantee the rights and freedoms of the data subject;
10.3. The storage period for of each category of personal data, located in a separate register, is determined in a procedure adopted by the Administrator (Procedure for storage and destruction of data). This procedure specifies the criteria used to determine the retention period, including any legal obligations imposed on the Administrator with regard to data storage.
10.4. The procedure for storage and destruction of data, as well as the rules for destruction of information on physical carriers shall apply in all cases.
10.4. The procedure for storage and destruction of data, as well as the rules for destruction of information on physical carriers shall apply in all cases.
Personal data must be destroyed securely, in accordance with the principle of guaranteeing an adequate level of security. Compliance with the procedure is mandatory in order to guarantee protection against unauthorized or unlawful processing and against accidental loss, destruction or damage of data, by applying appropriate technical or organizational measures.
12.1. The Administrator of personal data has the right to disclose the personal data being processed only to the following exhaustively listed categories of persons:а). individuals, to whom the data relates; б). persons for whom the right of access is provided for in a regulation or в). persons for whom the right derives by virtue of a contract;
12.3. The Administrator shares the received personal data with his branches, companies within his group and joint partners on the basis of an explicit written instruction or a written contract. These persons may use the information for the purposes described in the present Policy for the protection of personal data. When the express consent of the data subject has been granted, the same may be shared with third parties on the basis of a written contract, for their own purposes, such as offering products and services that may be of interest to the data subject;
12.4. The Administrator shares personal data with competent authorities / persons in order to organize the protection of his legal rights and interests in initiating injunction, arbitration, non- contentious, claims and other proceedings;
12.5. The Administrator shall disclose personal data of subjects whose personal data it processes when required to do so by law, a regulation, an international treaty or an European Union law act, or in connection with legal proceedings, in response to a request by public authorities, ( for example, law enforcement or investigative bodies), or in a case of serious and unlawful infringement upon the legitimate rights and interests of legal entities.
Taking into account the regulation for protection of personal data of individuals as well as the enhanced personal data protection measures introduced by PDPA, StakeSoft Ltd. recognizes the need for initial and subsequent training of its staff, whose responsibilities include the processing of personal data of individuals on behalf of the Administrator. The initial and subsequent training sessions are aimed at informing the employees about the established rules and procedures for the observance of this Policy and the applicable legislation in the field of personal data protection, as well as other issues related to personal data protection and privacy.
Employee and staff training sessions aim inform them of the already existing or emerging requirements for personal data protection, as well as the measures taken by the Administrator in accordance with them.
14.1. The present Policy has been adopted with a Decision № 1 dated 03.06.2022 of StakeSoft Ltd. and it becomes effective on 04.06.2022.
14.2. Personal data subjects may access the present policy at the Administrator’s office, located in Suite 3, 1 Earlsfort Centre, Lower Hatch St, Dublin 2 as well as on the Administrator’s website ………………..
14.3. In order to implement the most current protection measures and to comply with applicable law, the Administrator will regularly update the present personal data protection Policy. We invite you to regularly review the current version of this personal data protection Policy, to be constantly informed about how the Administrator cares for the protection of personal data collected by him.
3. The contact person on issues related to personal data protection at StakeSoft Ltd.is: