2.1. This Policy applies to Data collected both before and after entering into effect of this Policy.
2.2. Realizing the importance and value of the Data, and also taking care of the observance of the constitutional rights of citizens of the Republic of Azerbaijan and citizens of other States, the Administration provides reliable Data protection.
3.1. Data means any information relating directly or indirectly to an identified or identifiable natural person (citizen), such as surname, name, patronymic, registration address/mailing, email, phone number.
3.2. Data processing refers to any action (operation) or set of actions (operations) with the Data committed through the use of automation and/or without the use of such funds. Such actions (operations) include collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, usage, transfer (distribution, granting, and access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security refers to Data protection from illegal and/or unauthorized access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions in relation Data.
4.1. Processing and security of Data in the Administration are carried out in accordance with the requirements of the Constitution, the Law, the Labor Code of the Republic of Azerbaijan, regulations, and other defining cases and features of processing of laws of the Azerbaijan Republic, the guiding and methodological documents of the Ministry of Communications and High Technologies of the Azerbaijan Republic, State Agency on Standardization, Metrology and Patents of the Republic of Azerbaijan, the State Customs Committee of the Republic of Azerbaijan, Legislation of the Republic of Azerbaijan on State Secret, State Register of Public Information Resources & Personal Data Information Systems, Prosecutor General’s Office of the Republic of Azerbaijan, Interior Ministry, Ministry of National Security and Ministry of Defense of the Republic of Azerbaijan.
4.2. The subjects of administrative Data processing are:
Customers, Azershow.biz website visitors, who may order any available services of Presenters on the Website http:// azershow.biz/
4.3. Administration carries out the processing of Data subjects for the following purposes: Exercising the administrative power, duty or function, entrusted to it by the Legislation of the Azerbaijan Republic in accordance with state laws, including, but not limited to: :
• The Civil Code of the Republic of Azerbaijan;
• The Tax Code of the Republic of Azerbaijan;
• The Labor Code of the Republic of Azerbaijan;
• The Family code of the Azerbaijan Republic;
• The law "On Entrepreneurial activity «of the republic of Azerbaijan dated 15.12.1992. № 406;
• The low ‘’On Individual Accounting in State Social Insurance System” dated 27.14.2011. № 221-IIQ;
• The law "On personal data" dated 11.05.2010. № 998-IIIQ;
• The law ‘’On military duty and military service" dated 23.12.2011. № 274-IVQ;
• The low ‘’ On preparedness Activity and Mobilization in Azerbaijan Republic’’ dated 10.06.2005. №923-IIQ;
• The law ‘’On state registration and the state register of legal entities’’ dated 12.12.2003. №560-IIQ;
• The law ‘’On protection of consumer rights’’ dated 19.09.1995. № 1113;
• The law ‘’On accounting’’ dated 29.07.2004. №716-IIГ;
• The low ‘’On Protection of health of population’’ dated 26.06.1997. №360-IQ;
• The low ‘’On mandatory medical insurance’’ dated 24.06.2011. № 165-IVQ;
• The low ‘’On medical consumers insurance’’ dated 28.10.1999. №725-IQ.
4.3.1. Providing information on products/services, current promotions and special offers;
4.3.2. Customer service quality analysis and improving.;
4.3.3.The execution of the contract, including contracts of purchase and sale, as well as remote contracts on the Website; paid services; provision and accounting of paid services, a system of mutual settlements.
5. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING.
5.1. When the data is being the administration adheres to the following principles: processed, website administration the administration adheres to the following principles:
• Data processing is carried out by website administration on a lawful, honest and fair base;
• Data shall not be disclosed or accessible to third parties or disseminated without the consent of the Data subjects, except the cases in which disclosure is required by the authorized state bodies or in cases for trial.
• Administration Collect only Data that are necessary and sufficient for the Data processing;
• Integrating the databases containing the Data, processing of which is carried out for the uncoordinated purposes is not allowed; personal data must be collected for specified, explicit and legitimate purposes.
• The processed personal data shall be destroyed or depersonalization for achieving the purposes of processing or if it is no longer required to achieve these purposes, unless otherwise provided by State law.
5.2. Administration may put Data of subjects in public Data sources. Administration takes a written subject's consent for processing his Data, or by the expression of consent via checkbox form, clicking which the data subject agrees the Data.
5.3. The administration does not process Data on racial and ethnic origin, political opinions, religious and philosophical or other beliefs, trade union membership, health and sexual life.
5.4. Biological Data (biometrics, medical, physiological characteristics) of a person, on the base of which is possible to identify the person/Data subject are not processed by Azershow.biz Administration.
5.5. The administration is implementing the cross-border transfer of data. The administration confirms that cross-border transmission of personal data in the territory of foreign states must be provided by adequate protection of the rights of Personal Data in accordance with the security level defined by the Council of Europe Convention on the protection of individuals with regard to the Processing of Personal Data..
5.6. In the cases stipulated by the Legislation of the Republic of Azerbaijan, the administration has the right to transfer information to third parties: the Ministry of taxes of Azerbaijan Republic, State Social Protection Fund of Azerbaijan Republic and other State organs.
5.7. The administration may entrust the processing of Data to third parties under the condition that Personal data is processed with the consent of the Data subject and the parties with Site Usage Agreement including consent to the processing of Data.
5.8. The person carrying out the Data processing on the basis of the contract concluded with the Administration (instructions to operator), must abide to the principles and rules of processing and protection of Data stipulated by the Law. The list of actions (operations) with the Data that is to be performed by a third party must be fixed and determinate. The third person is obliged to respect the confidentiality and ensure the security of Data during processing, define a goal of processing and requirements for protection of the Data processed in accordance with the Law.
5.9. In order to fulfill the requirements of the current Legislation of the Republic of Azerbaijan website Administration process Data and fulfill its contractual obligations with the use of automated means or without using such means. A set of processing operations includes the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Personal Data.
5.10. A decision, which produces legal effects concerning a person or which significantly, affects his rights and legal interests may not be based solely on the automated processing of data and prohibited, except cases envisaged by the Legislation of the Republic of Azerbaijan.
6. RIGHTS AND OBLIGATIONS IN PROCESSING OF PERSONAL DATA
FOR DATA SUBJECTS AND ADMINISTRATION
6.1. The subject whose Data are processed by the Administration, has the right:
- to receive from the Administration:
• specify the processing of Data and information on the availability of Data relating to the Data subject;
• specify the purpose for which personal data are to be processed;
• specify the means and manner of personal data processing;
• specify the information about the name and location of Administration;
• specify the data of person (except the Administration) person who has obtained access to personal data based on a contract with the Administration or in accordance with the Law of the Republic of Azerbaijan.
• specify a list of data processing relating to the Data subject, the sources of its receipts and any other requested information, unless a different procedure for the presentation of such Data is envisaged by the Law of the Republic of Azerbaijan.
• specify Data processing time and storage terms;
• specify the information about the exercise of rights stipulated by the Legislation;
• specify the surname, name and address of the person carrying out the processing of personal data on behalf of the operator;
• specify other information provided by the Law or other existing legislative acts of the Republic of Azerbaijan;
- demand from Administration to:
• refine the Data, provide Data blocking or destruction data blocking or annihilation in case of personal data are incomplete, outdated, inaccurate, illegally obtained or inessential for processing purpose.;
• revoke your consent to transfer your data for data processing at any time;
• eliminate unlawful administrative actions in accordance with this Act;
• file an appeal against actions /inactions of Administration with The Ministry of Transport, Communications and High Technologies or appeal to court if the Data subject considers that the Administration violates the Law or his rights and freedoms
• protect his violated rights and legitimate interests; claim for compensation for moral harm /or compensation appeal to court.
6.2. The Administration shall be obliged to:
• provide the data subject with any information concerning the processing of Personal Data, or refuse data processing within 30 days of receipt of Data subject’s or his representative’s request;
• explain to Data subject the legal consequences of failing to provide information if the provision of Data is mandatory in accordance the Law;
• before Data processing (if data have not been obtained directly from the data subject), the Administration shall provide the data subject with the following information, except for the cases defined in the Law paragraph 9.12 Chapter IV:
1)Administrator/ Representative name, surname, patronymic and address;
2)the purpose for which personal data are to be processed;
3)potential Data users;
4)rights of data subjects established by law;
• take all the necessary organizational and technical measures required for protecting personal data against unlawful or accidental access, destruction, deletion, alteration, blocking, copying, provision, dissemination, distribution, unauthorized or unlawful storage, processing, or disclosure and other unlawful actions;
• publish on the Internet and provide unlimited Internet to this document that define Data processing policy and Data Protection information;
• provide Data subjects and/or their representatives free-of-charge opportunity to become familiar with the available Data within 30 days from the date of receipt of such request;
• implement the blocking of unlawful processed Data relating to the Data subject, or to maintain the blocking (if Data processing is done by another person acting on behalf of the Administration) of treatment or request for verification period, in case of detection of unlawful processing of Data at the address of the Data subject or his representative or upon request of the Data subject or his representative or the authorized body for the protection of the rights of subjects of personal data;
• clarify the information or to provide clarification (if Data processing is done by another person acting on behalf of the Administration) within 7 working days from the date of submission of the information and remove the block of Data in the event of confirmation of inaccurate Data on the basis of the information submitted by the Data subject or his representative;
• stop illegal processing of Data or to ensure an end to unlawful processing of Data by a person acting on behalf of the Administration, in case of detection of unlawful processing of Data carried out by the Administration or by a person acting under contract with the Administration in a period not exceeding 3 working days from the date of this detection;
• stop processing Data or ensure its termination (if Data processing is done by another person acting under contract with the Administration) and to destroy information or to ensure their destruction (if Data processing is done by another person acting under contract with the Administration) to achieve the purpose of Data processing, unless otherwise provided by the contract, which a party, beneficiary or guarantor of which is the Data subject, in the case of achieving the purpose of Data processing;
• stop processing Data or ensure its termination and to destroy the Data or to ensure their destruction in case of withdrawal by Data subject consent to the processing of Data, if the Property is not entitled to process Data without the consent of the Data subject;
• maintain a register of complaints of Personal Data subjects, which should contain the requests of Data subjects to receive Data and facts and provide the Data for these queries.
7. DATA PROTECTION REQUIREMENTS
7.1. The administration processing of Data shall take the necessary legal, organizational and technical measures to protect the Data from unlawful and/or unauthorized access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions in relation to these.
7.2. The measures should be taken in accordance with Law are:
• appoint a person responsible for organization of personal data processing and protection;
• development and approval of local acts concerning the processing and protection of Data;
• application of legal, organizational and technical measures to ensure Data security;
• definition of threats to Data security during processing personal data information systems;
• application of organizational and technical measures to ensure Data security during processing Data necessary to meet the requirements for Data protection, the execution of which envisaged by the Law of the Republic of Azerbaijan;
• application of information security measures that have passed the procedure of conformity assessment in the prescribed manner;
• assessment of the measures effectiveness taken to ensure Data security prior to information system commissioning of the of personal data;
• accounting of machine media Data, if the Data is stored on machine-readable medium;
• detecting unauthorized access to Data and taking measures to prevent similar incidents in the future;
• recovering Data modified or destructed due to unauthorized access;
• defining rules for Data access, ensuring of registration and all actions performed on electronic data.
• контроль за принимаемыми мерами по обеспечению безопасности Данных и уровнем защищенности информационных систем персональных данных;
• monitoring of the measures taken to ensure Data security and level for personal data protection;
• estimating of the harm that may be caused to the Data subjects in all cases of violation of requirements of the Law; taking measures aimed at ensuring the Law, prescribed by the Legislation of the Republic of Azerbaijan;
• ensuring of measures avoiding unauthorized access to the Data storage and providing Data security;
• awareness of Administration carrying out Data processing about Legislation of the Republic of Azerbaijan concerning the Data protection acts; training program for Administrative staff.
8. DATA PROCESSING AND STORAGE
8.1. The processing time (storage) of Data are determined depending on the purpose of Data processing, in accordance with the term of the contract with the Data subject, the requirements of the national Law on behalf of which the Administration carries out Data processing; it also depends on archives organizations, basic rules of work and period of limitation;
8.2. after the date of expiry Data shall be data shall be eliminated, unless otherwise stipulated by the Law. After termination or end of processing Data storage is allowed only after anonymisation.
9. CLARIFICATIONS ON THE DATA PROCESSING
9.1. Person whose Data is processed by the Administration, can seek clarification on the handling of his Data by applying at Administration or sending a written request to this address below: Mohammed Hadi street, 62, apt. 32, Baku, Azerbaijan, AZ 1129.
9.2. in case of sending a formal request to the Administration please specify:
• Data subject’s or his representative’s name, surname, patronymic;
• personal ID number of the Data subject or his representative, date of issue, name of the issuing authority;
• Information confirming the relationship between Data subject and the Administration;
• feedback information
• Data subject’ or his representative’s signature. If the request is sent electronically, it must be the form of an electronic document and signed with an electronic signature in accordance with the Legislation of the Republic of Azerbaijan.
10. PROCESSING AND PROTECTION FEATURES OF DATA COLLECTED BY THE ADMINISTRATION OVER THE INTERNET
10.1. Administration processes the Data received from users of the Website via resources: http://azershow.biz/ (together referred to as the "Website"), to Administration phone: +994 50 739 87 79, or Administration E-mail address: firstname.lastname@example.org.
10.2. Data collection
There are two main ways that are used by the Administration to obtain Data via the Internet:
via the Internet:
10.2.1. the provision of Data (independent data entry):
• Registered address/correspondence;
• E-mail address;
• mobile and/or fixed phone number(s).
10.2.2. Data sent by Data subjects to Administration phone: +994 50 739 87 79,
or via Administration E-mail address: email@example.com;
10.3. Information automatically collected and stored
- Administration may collect and process information, which is not personal data:
information about the users’ interests, based on the search queries of Website (proposed services and goods); compilation and analysis of the information in order to find out what services and products are most-in-demand.
- Query processing and storage, collecting and creating client usage statistics in order to check most-in-demand categories of the Website.
Administration automatically receives certain types of information obtained in the process of user interaction with the Website, E-mail communications, etc. I.e., technologies and services, such as web protocols, cookies, web marks, applications and tools.
However, the web mark, cookies and other monitoring technologies do not provide the ability to obtain Data automatically. If the user provides his Data, for example, when filling out feedback forms or sending E-mails, then the information collecting processes run automatically.
10.4. Use Of Data
The administration has the right to use the provided Data in accordance with the stated purpose of collection and only with the consent of the Data subject if such consent is required in accordance with the requirements of the Legislation of the Republic of Azerbaijan.
The obtained Data, generalized and depersonalized, can be used to better understanding or customers’ needs of goods and services and Improving service quality and .
10.5. Data Transfer
The administration may entrust the processing of Data to third parties only with the consent of the Data subject. In addition, Data can be transferred to third parties in the following cases:
a)in response to lawful inquiries of the authorized state bodies in accordance with the laws, court decisions, etc.
б) Data shall not be disclosed to third parties for marketing, commercial and other similar purposes, except obtaining prior consent of the Data subject.
10.6. The site contains links to other web resources, where user may find the useful and interesting information. The effect of this Policy does not apply to such other sites. When passing on links to other sites, users should read the policies on Data processing placed on these sites.
10.7. The Website user may at any time revoke his consent to Data processing by sending a message or by calling phone Administration: +994507398779, or by sending letter Administration E-mail address: firstname.lastname@example.org or by giving written notice to the Administration address : Mohammed Hadi street, 62, apt. 32, Baku, Azerbaijan, AZ 1129. After receiving this message, subject Data processing will be terminated and its Data will be deleted, except for cases when the processing may be continued in accordance with the Law. Final Policy provisions is a local normative act of the Administration. This Policy is publicly available. Public availability of this Policy is provided by the publication on the Administration Website. This Policy may be revised in any of the following cases:
• changing of the Legislation of the Republic of Azerbaijan in the field of personal data processing and protection;
• receipting of orders from competent state bodies on elimination of disparities affecting the scope of the Policy;
• administrative decision;
• changing of the purpose and deadlines of Data processing;
• changing of organizational structure, information and/or telecommunications system (or introduction of the new one);
• usage of new technologies of Data processing and protection, including transmission, storage;
• the need for change Data processing related to the activities of the Administration. In case of default of the provisions of this Policy, the Administration and its employees shall be liable in accordance with the current Legislation of the Republic of Azerbaijan. Execution Control of requirements of the present Policy is made by the persons responsible for the organization of Data processing, as well as for the personal data security.