1. Application area
The Policy governs the processing of personal data in the Company’s applications – WiseRep.
2. Definitions used
Company – Wise Technologies Limited Liability Company, which organizes and processes personal data of Users, Operator of personal data of WiseRep Users, developer of WiseRep.
WiseRep – mobile and web applications developed by the Company.
User – an individual (subject of personal data), whose personal data is processed by the Company through WiseRep.
Subject of personal data – an individual in respect of whom personal data is processed.
Personal data – any information relating to an identified individual and (or) an identifiable individual.
Individual who can be identified, – a person who can be identified directly or indirectly, in particular through his surname, first name, patronymic, date of birth, identification number or through one or more characteristics characteristic of his physical, psychological, mental, economic, cultural or social identity.
Operator– a state body, a legal entity of the Republic of Belarus, another organization, an individual, including an individual entrepreneur (hereinafter, unless otherwise specified, an individual), independently or jointly with other specified persons organizing and (or) carrying out the processing of personal data.
Co-operator – An operator who organizes and/or processes personal data of Users together with the Company.
Processing of personal data – any action or set of actions performed with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data data.
Special personal data – personal data relating to race or nationality, political views, membership in trade unions, religious or other beliefs, health or sexuality, exposure to administrative or criminal liability, as well as biometric and genetic personal data.
Depersonalization of personal data – actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data.
Providing personal data – actions aimed at familiarizing with the personal data of an indefinite number of persons.
Dissemination of personal data – actions aimed at familiarizing with the personal data of an indefinite number of persons.
Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state.
Blocking personal data – termination of access to personal data without deleting it.
Deleting personal data – actions as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data, and (or) as a result of which material media of personal data are destroyed.
Authorized person – a state body, a legal entity of the Republic of Belarus, another organization, an individual who, in accordance with an act of legislation, a decision of a state body that is an operator, or on the basis of an agreement with an operator, processes personal data on behalf of the operator or in his interests.
3. General provisions
The Company processes Users' personal data solely in accordance with the requirements of applicable law.
This Policy defines what personal data of Users the Company can process, for what purposes, and also establishes the procedure for processing personal data and the rights of Users in connection with such processing.
When processing received personal data, the Company acts as an Operator.
The Company performs all actions to process Users’ personal data only with their consent. The Company may process Users’ personal data without their consent only in cases provided for by law.
The Company processes Users' personal data only for the purposes specified in this Policy. The company does not allow the processing of personal data in a manner incompatible with the specified purposes. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
In the event that there is a need to process User data for other purposes, the Company must request their consent, except in cases where, according to applicable law, such consent is not required.
The Company does not intend to collect personal data other than on the condition that it is voluntarily provided by Users. If the User does not agree with any provision of this Policy or does not want his personal information to be processed by the Company, the User may not provide personal data to the Company. At the same time, the User will not be able to use WiseRep functions, the functioning of which requires the User’s personal data.
The Company guarantees that it processes only those personal data of Users that are necessary for the high-quality fulfillment of the processing purposes specified in this Policy and other purposes for which the User’s consent has been obtained or for which such consent is not required in accordance with the law.
The Company takes all reasonable measures to ensure that the collected personal data of Users is constantly kept up to date. If personal data is identified that is inaccurate for processing for the stated purposes, such personal data is either clarified or deleted.
The Company processes Users' personal data only in a manner that ensures their security, including protection from unauthorized or illegal processing. To achieve this, the Company may use appropriate technical and organizational measures.
The Company is always ready to provide Users with information regarding the processing of their personal data in cases and in the manner determined by the legislation of the Republic of Belarus on the protection of personal data.
The Company may entrust the processing of personal data to Authorized Persons. At the same time, Authorized Persons will be required to comply with all measures to ensure the protection of personal data and process Users’ personal data only for the purposes and only in the ways described in this Policy.
The Company may entrust the processing of Users’ personal data to the following Authorized Persons:
Wise Technologies LLC;
If the Company decides to entrust the processing of Users’ personal data to other Authorized Persons than those listed above, the Company is obliged to amend this Policy by indicating in the Policy the data of such Authorized Persons.
4. Legal grounds, purposes of processing personal data and list of processed personal data
The Company processes personal data of Users based on their consent for identification in WiseRep. For this purpose, WiseRep processes the following data, which is provided by the User independently:
surname, first name, patronymic (if any);
The Company processes Users’ personal data based on their consent to ensure the correct operation of the WiseRep functionality. For this purpose, WiseRep processes the following data, which is collected automatically:
time/date of work start and end;
time/date of photographs;
GPS sensor status;
status of setting up the location of the device over the network;
Internet connection status;
a list of software installed on the personal data subject’s device to check for the presence of software for changing geolocation and obtaining super-user rights;
obtaining information about the receipt of the device during work in Wiserep;
information about time and time zone settings;
logs of actions in WiseRep and battery status.
If the Company receives consent to process Users’ personal data for purposes other than those listed in the Policy, it indicates such purposes when obtaining the User’s consent to process his personal data.
If it is necessary to change the initially stated purposes of processing personal data, the operator is obliged to obtain the User's consent to process his personal data in accordance with the changed purposes of processing personal data in the absence of other grounds for such processing provided for by applicable law and (or) this Policy.
Along with the User's consent, the Company requests permission from Users for WiseRep applications to the User's personal data provided by the User's device. WiseRep requests only those permissions that are necessary to operate the functions and services that WiseRep already has, and uses them only for the purposes for which the User has consented. If in the future the Company needs to use them for other purposes, the Company obtains the user's explicit consent to do so.
WiseRep requests permissions and uses APIs that access personal data in accordance with the Google Play and Apple Store Developer Policies.
Other grounds for processing.
The Company also has the right to process Users’ personal data on other grounds provided for by applicable law. If there are such grounds, the Company indicates them in this Policy.
The Company does not place the User’s personal data in publicly available sources.
The Company assumes that the information provided by the User is reliable and sufficient. The company does not verify the accuracy of the personal information provided.
WiseRep does not process special categories of personal data relating to race or nationality, political views, membership in trade unions, religious and other beliefs, health or sexuality, or bringing to administrative or criminal liability.
5. Basic rights of Users in the field of personal data protection
Right to withdraw consent
Right to information The user has the right to withdraw his consent to the processing of his personal data at any time by submitting an application to the Company without giving reasons. In this case, the withdrawal of consent does not affect the legality of the processing of his personal data carried out before such withdrawal.
Right to review
The user has the right to obtain free information about his personal data processed by the Company on the basis of an application submitted to the Company, except in cases provided for by applicable law.
Right to clarification
The user has the right to demand from the Company clarification of his personal data processed by him in cases where they are incomplete, outdated or inaccurate, by submitting an application to the Company attaching documents or certified copies of such documents that confirm the need to make such changes.
The right to receive information about the provision of the User’s personal data to third parties
The user has the right to demand from the Company information about the provision of his personal data to third parties once a calendar year free of charge on the basis of an application for a period of time equal to one year preceding the date of submission of the application, except for cases provided for by law.
The right to demand termination of processing of the User’s personal data
The user has the right to demand that the Company stop processing his personal data if it is not necessary for the stated purpose of its collection or there are no other grounds for its processing provided for by law. To exercise this right, the User submits an application to the Company, which is reviewed by it to assess the need for personal data for the stated purpose of their processing.
Right to restriction of processing
The User has the right to request that the Company limit processing if the User disputes the accuracy of personal data, for a period allowing the controller to verify the accuracy of personal data; if the processing is illegal and the User objects to the deletion of personal data and instead demands that their use be limited; if the Company no longer needs personal data for processing, but the User needs it to assert, exercise or contest legal claims and claims; if the data subject has lodged an objection to processing – until the relevant check is completed.
Right to appeal
The user has the right to appeal the actions of the Company that violate his rights when processing personal data in the manner prescribed by applicable law.
6. The procedure for exercising the User’s rights in the field of personal data protection and communication with the Company
In order to exercise their rights, the User must submit an application in writing or in the form of an electronic document to the Company.
In the application, the User must indicate the following:
a) your last name, first name, patronymic (if any);
b) address of residence;
c) date of birth;
d) the User’s identification number, and in its absence, the number of the identity document (only in cases where the data processing was not carried out on the basis of the User’s consent);
e) the essence of the User’s requirement;
f) the User’s signature (personal or electronic).
The user can also indicate in the application the form in which he wishes to receive a response. In the absence of such an indication, the response to the application is sent to the User in a form corresponding to the application form.
The Company will definitely consider the User’s application and respond to it within the time frame and manner established by applicable law.
7. Access to personal data of Users
Company employees who, due to their official duties, constantly work with the personal data of Users, receive access to them for the duration of their performance of the relevant official duties.
The Company has established a permitting procedure for access to personal data. The Company's employees are provided with access to work with personal data solely to the extent and extent necessary for them to perform their official duties.
Temporary or one-time permission to work with personal data due to official needs can be obtained by an employee of the Company in agreement with the management of the Company.
Access to personal data of third parties who are not employees of the Company without the consent of the subject of personal data is prohibited, except in cases established by applicable law. In this case, access to personal data is carried out in the manner prescribed by applicable law and with the knowledge of the Company’s management.
An employee of the Company’s access to personal data is terminated from the date of termination of the employment relationship, or the date of change in the employee’s job responsibilities and/or exclusion of the employee from the list of persons entitled to access personal data. In the event of dismissal, all media containing personal data that, in accordance with job responsibilities, were at the employee’s disposal during work, must be transferred to the relevant official.
8. List of actions with personal data and the procedure for their processing
The company collects, systematizes, stores, changes, uses, depersonalizes, blocks, distributes, provides and deletes personal data in accordance with these Rules and applicable law.
The Company processes personal data in a mixed way: with and without the use of automation tools.
The Company stores the personal data of Users that it collects in a form that allows the User to be identified for the period necessary to fulfill the purposes of processing, unless a longer storage period is required or permitted by law.
The Company does not distribute Users' personal data.
The Company provides personal data of Users at the request of persons to whom the Company is obliged to provide personal data of Users in accordance with applicable law, Authorized Persons, if any, as well as Co-operators, if any. Co-operators, in turn, obtain separate consent from the User for the processing of personal data, and also comply with all other obligations regarding the processing of Users’ personal data.
The Company processes Users’ personal data in a secure manner, including using modern encryption methods. The Company does not sell the processed personal data of Users.
WiseRep does not use Users' personal data to display advertising.
Features of processing data about the User's location.
WiseRep uses data protected by location permissions only to operate features and services that already work in WiseRep. The User can view these functions on the WiseRep page in the application store, as well as on the Company’s website.
WiseRep does not use location data for advertising.
WiseRep may request access to and permission to actively use coarse location data only for the purpose specified when WiseRep requests consent to grant permission. In particular, so that the User can make visits and use the filter of clients by distance. WiseRep accesses location information in active mode (while the application is being used) if the use of this data is necessary to perform an action initiated by the User in the application, and stops immediately after that action is completed.
WiseRep requests access to accurate location data and permission to use in the background to ensure the correct operation of the Background Location function of the WiseRep application to confirm the veracity of the employee’s collection of information while carrying out work on the assignment (questionnaires, photo reports) on a visit when checking the report by the manager, which is one of the main purposes of the WiseRep application. These features cannot work without location data running in the background.
Features of processing information about files and folders on the device.
WiseRep requests access to device storage to ensure the correct operation of the Storage feature, which stores user work in the WiseRep application, which is one of the main purposes of the WiseRep application.
If necessary, cross-border transfer of personal data to the territory of foreign states is carried out only if the appropriate level of protection of the rights of personal data subjects is ensured in these states.
Cross-border transfer of personal data to the territory of foreign states that do not provide an adequate level of protection of the rights of personal data subjects can be carried out if there are legal grounds under applicable law; in the absence of these grounds, such transfer can only be carried out on the basis of the User’s consent. At the same time, the Company undertakes to inform the User about the relevant risks when obtaining such consent.
9. Basic requirements for the protection of personal data in the Company
When processing personal data in the Company, the following is ensured:
A. carrying out measures aimed at preventing unauthorized access to personal data and/or their transfer to persons who do not have the right to access such information;
b. timely detection of facts of unauthorized access to personal data;
V. preventing influence on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
d. the possibility of immediate restoration of personal data modified or destroyed due to unauthorized access to it;
d. constant control over ensuring the level of security of personal data.
e. identification of current threats to the security of the User’s personal data during their processing in information systems;
and. assessment of the harm that may be caused in the event of a violation of the security of the User’s personal data;
h. notification of Users about facts of unauthorized access to their personal data immediately after their discovery;
And. familiarization of the Company's employees and other persons directly involved in the processing of Users' personal data with the provisions of applicable legislation on personal data, including requirements for the protection of personal data, documents defining the Company's policy regarding the processing of Users' personal data and (or) training of these employees and other persons;
j. establishing the procedure for access to personal data of Users processed by the Company;
l. technical and cryptographic protection of personal data, control of their security.
The company takes all necessary legal, organizational, technical and other measures to ensure the security of personal data. The company uses technical means and software to process and protect personal data.
All persons authorized to work with personal data, as well as those associated with the operation and technical support of WiseRep, must be familiar with the requirements of the Policy and applicable law.
Company employees are obliged to immediately notify the relevant Company official of the loss or shortage of personal data carriers, as well as the causes and conditions of a possible leak of personal data. If unauthorized persons attempt to obtain from an employee personal data processed by the Company, the employee is obliged to immediately notify the relevant Company official.
10. Termination of processing of personal data
The Company stops processing the User’s personal data:
A. if the User withdraws such consent and there are no legal grounds for processing the personal data of such User;
b. upon expiration of the User’s consent to the processing of personal data;
V. at the User’s request, if there are no grounds for processing;
d. if the personal data being processed is illegally obtained, unreliable or is not necessary for the stated purpose of processing;
d. upon the occurrence of conditions for termination of the processing of personal data or upon expiration of the established deadlines;
e. upon achievement of the purposes of their processing or in case of loss of the need to achieve these purposes;
and. in case of detection of unlawful processing of personal data, if it is impossible to ensure the legality of processing;
h. in case of liquidation of the Company.
Termination of processing of Users’ personal data is carried out by deleting or depersonalizing personal data, if this is permitted by the material medium, or can be done in a way that precludes further processing of this personal data (blocking).
Company employees are responsible for failure to ensure the confidentiality of personal data and failure to comply with the rights and freedoms of personal data subjects in relation to their personal data, including the rights to privacy, personal and family secrets.
The Company's employees bear personal responsibility for failure to comply with the requirements for processing and ensuring the security of personal data in accordance with applicable law.
A Company employee may be held liable in the following cases:
a. intentional or careless disclosure of personal data;
b. loss of material media of personal data;
c. violation of the requirements of these Regulations and other regulatory documents of the Company regarding issues of access and work with personal data.
In cases of violation of the established procedure for processing and ensuring the security of personal data, unauthorized access to personal data, disclosure of personal data and causing material or other damage to the Company, other employees, clients and contractors, the perpetrators bear civil, criminal, administrative, disciplinary and other penalties provided for by applicable law. responsibility.
12. Company information
For all questions related to the processing of personal data by the Company, you can contact the following details:
Limited Liability Company "Wise Technologies"
Legal address: 220002, Republic of Belarus, Minsk, st. Kropotkina 44-2, office 407G
Company email address: firstname.lastname@example.org
Privacy Contact: Technical Support email@example.com