Privacy Policy

Personal data protection and processing policy

1. General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) is drawn up in accordance with the Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data and sets out a system of basic information security principles applied to the processing of personal data in the following organization: Compamy Name Physical IQ FZE LLC, Registration Number 4029, Address A-5803-Flamingo Villas, Ajman, UAE (hereinafter referred to as the Organization), represented by the Manager Roman Mamonov.
1.2. The Policy is subject to change, amendment in the event of new legislative acts and/or changes in existing legislative acts and special regulatory documents on the processing and protection of personal data. The amended version of the Policy comes into force from the moment of its publication or provision of unlimited access in a different way, unless otherwise provided by the amended version of the Policy.
1.3. The Policy applies to personal data received both before and after the entry into force of this Policy.
1.4. The Policy determines general principles, terms and conditions for processing personal data of employees of the Organization and other persons whose personal data is processed by the Organization in order to ensure the protection of the rights and freedoms of man and citizen when processing his personal data.
1.5. The Organization is the Data Controller.
1.6. The Organization can process personal data of the following subjects:

employees of the Organization;
clients of the Organization;
counterparties of the Organization;

2. Introduction
2.1. An important condition for accomplishing the goals of the Organization is ensuring the necessary and sufficient level of information security of personal data.
2.2. The Organization processes personal data on a legal and fair basis.
2.3. The Organization has prepared and implemented documents that establish the procedure for processing and protecting personal data and allow to ensure the protection of personal data processed in the Organization.

3. Personal data processed in the Organization
3.1. Personal data in the Organization is any information relating to a directly or indirectly identified or identifiable individual (Personal Data Subject or User).
3.2. The content of personal data is determined by the purposes of its processing and is documented by the "List of personal data processed in the Organization".
3.3. The Organization processes the following personal data of the User:
3.3.1. general information (full name, date of birth, place of birth, citizenship, education, profession, work experience, passport details, address of residence);
3.3.2. phone number;
3.3.3. e-mail address;
3.3.4. information about the history of using the website of the Organization;
3.3.5. accounts in messengers and social networking sites.
3.3.6. photos, videos provided by the User.
The Organization also collects and processes the following information that is not personal data:
- information about the interests of users (behavioral statistics) on the Organization's website and/or in the mobile application based on the search queries entered by users on the Organization's website and/or in the mobile application as a result of selling and offering the Organization's services in order to provide up-to-date information to users when using the site and/or mobile application, as well as generalize and analyze information about which sections of the site/mobile application are in the highest demand among users;
— processing and storing search queries of users of the site and/or mobile application in order to summarize and create client statistics on the use of sections of the site and/or mobile application.
The Organization automatically receives some types of information in the process of user interaction with the site/mobile application by using the following technologies: web protocols, cookies, web tags, etc.
Processing of special categories of personal data related to race, nationality, political opinions, religious or philosophical beliefs, sexual life is not carried out in the Organization.

Terms and conditions for the processing of personal data in the Organization
3.4. The User gives his consent to the processing of personal data at the moment of acceptance of the Public Offer (in accordance with the conditions set forth in the Public Offer).
3.4.1. The validity period of the User consent is until one of the following moments: termination of the Organization, achieving the purpose of processing personal data, or receiving an application from the User to withdraw consent to the processing of personal data.
3.5. When processing personal data in the Organization, its accuracy, sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data in the Organization, are ensured.
3.6. The processing of personal data includes collection, recording, systematization, accumulation, storage of personal data in the information system, clarification (updating, changing), extraction, use, depersonalization, blocking, deletion, destruction of personal data using automation tools or without using such tools and other actions necessary to achieve the specified purpose of processing, as well as the transfer of personal data to any third parties to whom the Organization transfers the relevant personal data to achieve the above goals, subject to the obligatory condition that these persons ensure the security of the personal data provided above, including cross-border transfers to countries that are parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
3.7. Employees of the Organization (including employees working remotely) have read, understood, and acknowledged in writing the Organization's documents establishing the procedure for processing and protecting personal data, as well as the rights and obligations arising from the processing and protection of personal data.
3.8. Employees of the Organization are prohibited from collecting, processing, and storing personal data that lie beyond the purposes of processing personal data in the Organization, including for the purpose of promoting goods, works, services on the market through direct contacts with a potential consumer.
3.9. Personal data is received by the Organization directly from the personal data subject or from persons who are not personal data subjects, based on the agreement. At the same time, the Organization complies with all requirements for the processing of such data and also ensures the security of the received personal data.
3.10. The processing of personal data in the Organization is carried out in the following ways:

non-automated processing of personal data;
automated processing of personal data with or without transfer of the received information via information and telecommunication networks;
mixed processing of personal data.

4. Rights of subjects of personal data processed in the Organization
4.1. The subject of personal data has the right to receive information regarding the processing of his personal data, including information containing:
— confirmation of the fact of processing personal data by the Organization;
— legal grounds and purposes of personal data processing;
— the purposes and methods used by the Organization for processing personal data;
— the name and location of the Organization, information about persons (excluding employees of the Organization) who have access to personal data or to whom personal data may be disclosed based on the agreement with the Organization or based on the federal law;
— processed personal data regarding the respective subject of personal data and its origin, unless a different procedure for the submission of such data is provided by federal law;
— terms of processing personal data, including the terms of their storage;
— the procedure for exercising the rights provided for by the federal law by the subject of personal data;
— information about the performed or potential cross-border data transfer;
— the title or last name, first name, patronymic name, and address of the person who processes personal data on behalf of the Organization, if the processing is or will be entrusted to such a person;
— other information provided for by federal laws.
4.2. The personal data subject has the right to demand from the Organization a form for requesting information regarding the processing of personal data of the subject. To receive the request form, the subject must email to info@pht.life
4.3. The right of the personal data subject to access his personal data may be limited in accordance with federal laws, including if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties.
4.4. The personal data subject has the right to demand from the Organization the rectification of his personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as take measures provided by law to protect his rights.
4.5. Information regarding the processing of personal data of the subject is provided to him by the Organization in an accessible form and does not contain personal data related to other personal data subjects unless there are legal grounds for disclosing such personal data.
4.6. Information regarding the processing of personal data of the subject is provided to him or his representative by the Organization when applying or upon receiving a request from the personal data subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature.
4.7. If information regarding the processing of the personal data of the subject, as well as the processed personal data, were provided for review by the personal data subject at his request, the personal data subject has the right to apply again to the Organization or send a second request no earlier than thirty days after the initial request or sending the initial request.
4.8. The personal data subject has the right to apply again to the Organization or send a second request in order to obtain information regarding the processing of personal data of the subject, as well as to familiarize himself with the processed personal data before the expiration of thirty days after the initial request if such information and (or) the processed personal data were not provided to him for review in full upon the results of the examination of the initial request. A repeated request, along with information regarding the processing of personal data of the subject, must contain the rationale for sending a repeated request.
4.9. If the personal data subject believes that the Organization is processing his personal data in violation of the requirements of federal law or otherwise violates his rights and freedoms, the personal data subject has the right to appeal against the actions or inaction of the Organization to the authorized body for the protection of the rights of personal data subjects or in court.
4.10. The personal data subject has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damages in court.

5. Fulfillment by the Organization of the obligations of the Data Controller
5.1. The organization fulfills the obligations stipulated for data controllers including:
5.1.1. informs the personal data subject or his representative of information regarding the processing of his personal data, or reasoned refusals to provide such information;
5.1.2. explains to the personal data subject the legal consequences of the refusal to provide his personal data;
5.1.3. makes the necessary changes to personal data, destroys it, notifies the personal data subject or his representative about the changes made and the measures taken, and takes reasonable measures to notify third parties to whom the personal data of this subject was transferred;
5.1.4. notifies the authorized body for the protection of the rights of personal data subjects of its intention to process personal data, in the event of a change in information regarding the processing of personal data of subjects, as well as in the event of termination of the processing of personal data;
5.1.5. informs the authorized body for the protection of the rights of personal data subjects, at the request of this body, the necessary information;
5.1.6. if the purpose of processing personal data is achieved, it ensures the termination of the processing of personal data and its destruction.
5.2. At the request of the authorized body for the protection of the rights of personal data subjects, the Organization is ready to confirm taking measures.

6. Policy amendments
6.1. The Organization has the right to make amendments to the Policy.
6.2. When making amendments, the Policy heading should indicate the date of the last update of the version.
6.3. The amended version of the Policy comes into force from the moment it is published on the Organization's website unless otherwise provided by the amended version of the Policy.
The Organization has the right to carry out, without notifying the authorized body for the protection of the rights of personal data subjects, the processing of personal data:
1) processed in accordance with labor legislation;
2) received by the Organization as a result of concluding an agreement to which the personal data subject is a party if personal data is not distributed and is not provided to third parties without the consent of the personal data subject and is used by the Organization solely to execute the said agreement and to conclude agreements with the personal data subject;
3) regarding members (participants) of a public association or religious organization and processed by the relevant public association or religious organization to achieve the legitimate goals provided for by their constituent documents, provided that personal data will not be distributed or disclosed to third parties without the written consent of personal data subjects;
4) made public by the personal data subject;
5) including only last names, first names, and patronymics of personal data subjects;
6) necessary for a single entry permit of the personal data subject to the territory where the Organization is located or for other similar purposes;
7) included in personal data information systems that, in accordance with federal laws, have the status of state automated information systems, as well as in state personal data information systems created in order to protect state security and public order;
8) processed without the use of automation tools that establish requirements for ensuring the security of personal data during their processing and for observing the rights of personal data subjects.