加工...
Privacy Policy
隐私政策
此文本是机器翻译的。 显示原创?

加工...

Overview

Data protection is of highest priority for us here at {{site_name}}. The use of our website is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection policy, we would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. Name and Address of the controller Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

  • BUSINESS NAME : My Gem Pty Ltd
  • ADDRESS : 23 Surfers Avenue
  • POSTAL CODE & CITY : Mermaid Waters, 4218
  • COUNTRY : Australia
  • PHONE :  +61 418 151 227
  • CONTACT EMAIL :  opals@hotmail.com

Definitions

This data protection declaration is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable to the general public, as well as to our customers and business partners. To ensure this, we would like to first explain the terminology used. In this data protection declaration, we use the following terms: 

a.) Personal data Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

b.) Data subject Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing. 

c.) Processing Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. 

d.) Restriction of processing Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future. 

e.) Profiling Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. 

f.) Pseudonymisation Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. 

g.) Controller or controller responsible for the processing Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

h.) Processor Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. 

i.) Recipient Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. 

j.) Third party Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 

k.) Consent Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Cookies

Our website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimized with the user in mind. Cookies allow us, as previously mentioned, to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. The website user that uses cookies, e.g. does not have to enter access data each time the website is accessed, because this is taken over by the website, and the cookie is thus stored on the user’s computer system. Another example is the cookie of a shopping cart in an online shop. The online store remembers the articles that a customer has placed in the virtual shopping cart via a cookie. The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Collection of general data and information

Our website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

Special protection of children’s personal data

Children merit specific protection with regard to their personal data, as they may be less aware of the risks, consequences and safeguards concerned and their rights in relation to the processing of personal data. Such specific protection should, in particular, apply to the use of personal data of children for the purposes of marketing or creating personality or user profiles and the collection of personal data with regard to children when using services offered directly to a child. The consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child.

Rights of the data subject

a.) Right of confirmation Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact any employee of the controller. 

b.) Right of access Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  1. the purposes of the processing;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  5. the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. where the personal data are not collected from the data subject, any available information as to their source;
  8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller. 

c.) Right to rectification Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller. 

d.) Right to erasure (Right to be forgotten) Each data subject shall have the right granted by the European legislator to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. The data subject withdraws consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.
  3. The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
  4. The personal data have been unlawfully processed.
  5. The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

If one of the aforementioned reasons applies, and a data subject wishes to request the erasure of personal data stored by us, he or she may, at any time, contact any employee of the controller. An employee shall promptly ensure that the erasure request is complied with immediately. Contact can be made by opening a support ticket.

Where the controller has made personal data public and is obliged pursuant to Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is not required. An employee will arrange the necessary measures in individual cases. 

e.) Right of restriction of processing Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies: The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data. The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. The data subject has objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. If one of the aforementioned conditions is met, and a data subject wishes to request the restriction of the processing of personal data stored us, he or she may at any time contact any employee of the controller. The employee will arrange the restriction of the processing. 

f.) Right to data portability Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

In order to assert the right to data portability, the data subject may at any time contact any employee. 

g.) Right to object Each data subject shall have the right granted by the European legislator to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

If we process personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. In order to exercise the right to object, the data subject may contact any employee. In addition, the data subject is free in the context of the use of information society services, and notwithstanding Directive 2002/58/EC, to use his or her right to object by automated means using technical specifications. 

h.) Automated individual decision-making, including profiling Each data subject shall have the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s explicit consent, we shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee. i.) Right to withdraw data protection consent Each data subject shall have the right granted by the European legislator to withdraw his or her consent to processing of his or her personal data at any time.

If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee.

Legal basis for the processing

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR).

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

The legitimate interests pursued by the controller or by a third party

Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favour of the well-being of all our employees and the shareholders.

Period for which the personal data will be stored

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data.

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee.

The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.

Payment Method: Data protection provisions about the use of PayPal as a payment processor

On this website, the controller has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an email address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. If the data subject chooses “PayPal” as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing. The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order. The transmission of the data is aimed at payment processing and fraud prevention. The controller will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the controller for the processing of the data will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks. PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfill contractual obligations or for data to be processed in the order. The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing. The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Registration on our website

The data subject has the possibility to register on the website of the controller with the indication of personal data. Which personal data are transmitted to the controller is determined by the respective input mask used for the registration. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller, and for his own purposes. The controller may request transfer to one or more processors (e.g. a parcel service) that also uses personal data for an internal purpose which is attributable to the controller. By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the controller. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the data controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations. The entirety of the controller’s employees are available to the data subject in this respect as contact persons.

Newsletter Subscription

On our website, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.

We inform our customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid email address and (2) the data subject registers for the newsletter shipping. A confirmation email will be sent to the email address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation email is used to prove whether the owner of the email address as the data subject is authorized to receive the newsletter.

During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the email address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.

The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by email, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.

Newsletter Tracking

Our newsletters contain tracking pixels. A tracking pixel is a miniature graphic embedded in such emails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may see if and when an email was opened by a data subject, and which links in the email were called up by data subjects.

Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. This personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke their declaration of consent to receive newsletters.

After a revocation, these personal data will be deleted by the controller. We automatically regard a withdrawal from the receipt of the newsletter as a revocation.

Contact possibility via the website

Our website contains information that enables a quick electronic contact to our enterprise. If a data subject contacts the controller by email, support ticket or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

Comments function in the blog on the website

We offer users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in blog posts. Blog posts may usually be commented by third parties.

If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user’s (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement.

This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the aim of the defense of the data controller.

This Privacy Policy is effective from 25th May 2018.

概述

在Gem Rock Auctions ,数据保护是我们的首要任务。无需任何个人数据指示即可使用我们的网站;但是,如果数据主体想通过我们的网站使用特殊的企业服务,则可能需要处理个人数据。如果需要处理个人数据且此类处理没有法定依据,我们通常会征得数据主体的同意。

个人数据的处理,例如数据主体的姓名、地址、电子邮件地址或电话号码,应始终符合通用数据保护条例 (GDPR),并符合适用的国家特定数据保护条例给我们。通过本数据保护政策,我们希望将我们收集、使用和处理的个人数据的性质、范围和目的告知公众。此外,通过本数据保护声明,数据主体被告知他们有权享有的权利。

作为控制者,我们实施了多项技术和组织措施,以确保对通过本网站处理的个人数据进行最全面的保护。但是,基于 Internet 的数据传输原则上可能存在安全漏洞,因此可能无法保证绝对的保护。控制者的名称和地址 就《通用数据保护条例》(GDPR)、适用于欧盟成员国的其他数据保护法以及与数据保护相关的其他规定而言,控制者是:

  • 公司名称:My Gem Pty Ltd
  • 地址 : 23 冲浪者大道
  • 邮政编码和城市:美人鱼水域,4218
  • 国家 : 澳大利亚
  • 电话:+61 418 151 227
  • 联系邮箱:opals@hotmail.com

定义

本数据保护声明基于欧洲立法者采用的通用数据保护条例 (GDPR) 的条款。我们的数据保护声明应为公众以及我们的客户和业务合作伙伴清晰易懂。为了确保这一点,我们想首先解释所使用的术语。在本数据保护声明中,我们使用以下术语:

a.) 个人数据个人数据是指与已识别或可识别的自然人(“数据主体”)相关的任何信息。可识别的自然人是指可以直接或间接识别的人,特别是通过参考诸如姓名、身份证号、位置数据、在线标识符或特定于身体、生理、该自然人的遗传、心理、经济、文化或社会身份。

b.) 数据主体数据主体是任何已识别或可识别的自然人,其个人数据由负责处理的控制者处理。

c.) 处理处理是对个人数据或个人数据集执行的任何操作或一组操作,无论是否通过自动方式,例如收集、记录、组织、结构化、存储、改编或更改、检索、咨询、使用、通过传输、传播或以其他方式提供的披露、对齐或组合、限制、删除或破坏。

d.) 处理限制 处理限制是对存储的个人数据的标记,目的是限制将来对其进行处理。

e.) 剖析剖析是指任何形式的个人数据自动处理,包括使用个人数据来评估与自然人有关的某些个人方面,特别是分析或预测与该自然人的工作表现、经济状况有关的方面,健康、个人偏好、兴趣、可靠性、行为、位置或运动。

f.) 假名化 假名化是以这样一种方式处理个人数据,即在不使用附加信息的情况下,个人数据不能再归属于特定数据主体,前提是此类附加信息单独保存并受技术和确保个人数据不属于已识别或可识别的自然人的组织措施。

g.) 控制者或负责处理的控制者 负责处理的控制者或控制者是自然人或法人、公共当局、机构或其他实体,其单独或与他人共同确定处理个人数据的目的和方式;如果此类处理的目的和方式由联盟或成员国法律确定,则控制者或其提名的具体标准可能由联盟或成员国法律规定。

h.) 处理者 处理者是代表控制者处理个人数据的自然人或法人、公共机构、机构或其他机构。

i.) 接收方 接收方是向其披露个人数据的自然人或法人、公共机构、机构或其他机构,无论是否为第三方。但是,根据欧盟或成员国法律可能在特定调查框架内接收个人数据的公共当局不应被视为接收者;这些公共机构对这些数据的处理应根据处理目的遵守适用的数据保护规则。

j.) 第三方第三方是除数据主体、控制者、处理者以及在控制者或处理者的直接授权下被授权处理个人数据的个人之外的自然人或法人、公共机构、机构或团体。

k.) 同意数据主体的同意是对数据主体意愿的任何自由、具体、知情和明确的指示,通过声明或明确的肯定行动,他或她表示同意处理相关的个人数据给他或她。

饼干

我们的网站使用 cookie。 Cookie 是通过 Internet 浏览器存储在计算机系统中的文本文件。

许多 Internet 站点和服务器都使用 cookie。许多 cookie 都包含一个 cookie ID。 cookie ID 是 cookie 的唯一标识符。它由一个字符串组成,通过该字符串可以将 Internet 页面和服务器分配给存储 cookie 的特定 Internet 浏览器。这允许访问的 Internet 站点和服务器将数据主体的单个浏览器与包含其他 cookie 的其他 Internet 浏览器区分开来。可以使用唯一的 cookie ID 识别和识别特定的 Internet 浏览器。

通过使用 cookie,我们可以为本网站的用户提供更人性化的服务,这是没有 cookie 设置所无法实现的。

通过 cookie,我们网站上的信息和优惠可以在考虑用户的情况下进行优化。如前所述,Cookie 使我们能够识别我们的网站用户。这种认可的目的是让用户更容易使用我们的网站。例如,使用 cookie 的网站用户不必在每次访问网站时都输入访问数据,因为这是由网站接管的,因此 cookie 存储在用户的计算机系统中。另一个例子是在线商店中购物车的 cookie。在线商店通过 cookie 记住客户在虚拟购物车中放置的商品。数据主体可以随时通过我们的网站通过所使用的互联网浏览器的相应设置来阻止设置 cookie,因此可以永久拒绝设置 cookie。此外,已设置的 cookie 可随时通过 Internet 浏览器或其他软件程序删除。这在所有流行的 Internet 浏览器中都是可能的。如果数据主体在使用的互联网浏览器中禁用 cookie 设置,则并非我们网站的所有功能都可以完全使用。

一般数据和信息的收集

当数据主体或自动系统调用网站时,我们的网站会收集一系列一般数据和信息。这些一般数据和信息存储在服务器日志文件中。收集的可能是(1)使用的浏览器类型和版本,(2)访问系统使用的操作系统,(3)访问系统到达我们网站的网站(所谓的引用者),(4)子- 网站,(5) 访问互联网站点的日期和时间,(6) 互联网协议地址(IP 地址),(7) 访问系统的互联网服务提供商,以及 (8) 任何其他类似数据和在我们的信息技术系统受到攻击时可能使用的信息。

在使用这些一般数据和信息时,我们不会就数据主体得出任何结论。相反,需要这些信息来 (1) 正确提供我们网站的内容,(2) 优化我们网站的内容及其广告,(3) 确保我们的信息技术系统和网站技术的长期可行性,以及 (4) 向执法当局提供在发生网络攻击时进行刑事起诉所需的信息。因此,我们对匿名收集的数据和信息进行统计分析,旨在提高我们企业的数据保护和数据安全性,并确保对我们处理的个人数据提供最佳保护水平。服务器日志文件的匿名数据与数据主体提供的所有个人数据分开存储。

儿童个人资料的特别保护

儿童在其个人数据方面应得到特殊保护,因为他们可能不太了解相关风险、后果和保障措施以及与处理个人数据相关的权利。此类特定保护尤其应适用于将儿童个人数据用于营销或创建个性或用户档案的目的,以及在使用直接向儿童提供的服务时收集有关儿童的个人数据。在直接向儿童提供预防或咨询服务的情况下,不需要父母责任人的同意。

数据主体的权利

a.) 确认权每个数据主体均有权获得欧洲立法者授予的权利,以从控制者处获得有关其个人数据是否正在处理的确认。如果数据主体希望利用此确认权,他或她可以随时联系控制者的任何员工。

b.) 访问权每个数据主体均有权获得欧洲立法者授予的权利,以从控制者处获取有关其随时存储的个人数据的免费信息以及该信息的副本。此外,欧洲指令和法规允许数据主体访问以下信息:

  1. 处理的目的;
  2. 有关个人资料的类别;
  3. 已经或将要向其披露个人数据的接收者或接收者类别,特别是第三国或国际组织的接收者;
  4. 在可能的情况下,个人数据将被存储的预期期限,或者,如果不可能,用于确定该期限的标准;
  5. 是否有权要求控制者更正或删除个人数据,或限制处理与数据主体有关的个人数据,或反对此类处理;
  6. 是否有权向监管机构提出投诉;
  7. 如果个人数据不是从数据主体那里收集的,则有关其来源的任何可用信息;
  8. GDPR 第 22 条第 1 款和第 4 款中提到的自动化决策(包括分析)的存在,以及至少在这些情况下,有关所涉及的逻辑的有意义的信息,以及重要性和预期后果对数据主体的此类处理。

此外,数据主体有权获得有关个人数据是否被转移到第三国或国际组织的信息。在这种情况下,数据主体应有权被告知与传输有关的适当保护措施。

如果数据主体希望利用此访问权,他或她可以随时联系控制者的任何员工。

c.) 更正权每个数据主体都应有权获得欧洲立法者的授权,以便及时从控制者处获得更正与其有关的不准确个人数据。考虑到处理的目的,数据主体有权完成不完整的个人数据,包括通过提供补充声明的方式。

如果数据主体希望行使此纠正权,他或她可以随时联系控制者的任何员工。

d.) 删除权(被遗忘权)每个数据主体都应有权获得欧洲立法者的授权,以便从控制者处获得有关他或她的个人数据的删除,不得无故拖延,并且控制者有义务在以下理由之一适用的情况下,只要不需要进行处理,就立即删除个人数据:

  1. 就收集或以其他方式处理的目的而言,不再需要个人数据。
  2. 数据主体根据 GDPR 第 6 条第 1 款第 (a) 项或 GDPR 第 9 条第 2 款第 (a) 项撤回同意,并且没有其他法律依据用于处理。
  3. 数据主体根据 GDPR 第 21 条第 1 款反对处理,并且没有压倒一切的合法理由进行处理,或者数据主体根据 GDPR 第 21 条第 2 款反对处理。
  4. 个人数据已被非法处理。
  5. 必须删除个人数据以遵守控制者所遵守的联盟或成员国法律中的法律义务。
  6. 个人数据的收集与 GDPR 第 8 条第 1 款所述的信息社会服务的提供有关。

如果上述原因之一适用,并且数据主体希望请求删除我们存储的个人数据,他或她可以随时联系控制者的任何员工。员工应立即确保立即遵守删除请求。可以通过打开支持票进行联系。

如果控制者公开了个人数据并根据第 17 条第 1 款有义务删除个人数据,则控制者在考虑可用技术和实施成本的情况下,应采取包括技术措施在内的合理步骤,通知其他人处理数据主体已要求此类控制者删除这些个人数据的任何链接、复制或复制的个人数据的控制者,只要不需要处理。员工将在个别情况下安排必要的措施。

e.) 处理限制权每个数据主体均有权获得欧洲立法者授予的权利,在以下情况之一适用的情况下从控制者处获得处理限制: 个人数据的准确性受到数据主体的质疑,因为使控制者能够验证个人数据准确性的期限。处理是非法的,数据主体反对删除个人数据,而是要求限制其使用。控制者不再需要个人数据来进行处理,但数据主体需要它们来建立、行使或捍卫法律主张。数据主体反对根据 GDPR 第 21 条第 1 款进行处理,等待核实控制者的合法理由是否高于数据主体的合法理由。如果满足上述条件之一,并且数据主体希望请求限制对我们存储的个人数据的处理,他或她可以随时联系控制者的任何员工。员工将安排处理的限制。

f.) 数据可移植性权利每个数据主体都应有权获得欧洲立法者授予的权利,以接收以结构化、常用和机器可读格式提供给控制者的有关他或她的个人数据。他或她有权将这些数据传输给另一个控制者,而不会受到提供个人数据的控制者的阻碍,只要处理是基于第 6 条第 1 款 (a) 点的同意。 GDPR 或 GDPR 第 9(2) 条 (a) 点,或根据 GDPR 第 6(1) 条 (b) 点签订的合同,并且处理是通过自动化方式进行的,只要该处理对于执行为公共利益或行使授予控制者的官方权力而执行的任务不是必需的。

此外,在根据 GDPR 第 20 条第 1 款行使其数据可移植性的权利时,数据主体有权将个人数据从一个控制者直接传输到另一个控制者,在技术上可行且这样做不可行的情况下对他人的权利和自由产生不利影响。

为了维护数据可移植性的权利,数据主体可以随时联系任何员工。

g.) 反对权每个数据主体都应有权由欧洲立法者授予,基于与他或她的特定情况有关的理由,在任何时候反对处理有关他或她的个人数据,这是基于点GDPR 第 6 条第 1 款的 (e) 或 (f)。这也适用于基于这些规定的分析。

如果出现异议,我们将不再处理个人数据,除非我们能够证明有令人信服的合法理由进行处理,这些处理凌驾于数据主体的利益、权利和自由之上,或者用于建立、行使或捍卫法律主张。

如果我们出于直接营销目的处理个人数据,则数据主体有权随时反对为此类营销处理与其有关的个人数据。这适用于与此类直接营销相关的分析。如果数据主体反对出于直接营销目的进行处理,我们将不再出于这些目的处理个人数据。

此外,数据主体有权基于与其特定情况有关的理由,反对出于科学或历史研究目的或根据第 89 条第 1 款的统计目的处理与其有关的个人数据。 GDPR,除非出于公共利益的原因执行某项任务需要处理。为了行使反对权,数据主体可以联系任何员工。此外,尽管有 2002/58/EC 指令,在使用信息社会服务的情况下,数据主体可以自由使用他或她使用技术规范通过自动方式反对的权利。

h.) 自动化的个人决策,包括分析每个数据主体应有权由欧洲立法者授予不受仅基于自动处理(包括分析)的决定的约束,这会对他或她产生法律效力,或类似只要决定 (1) 不是数据主体与数据控制者之间签订或履行合同所必需的,或 (2) 未经联盟或成员国授权,则对他或她产生重大影响控制者所遵守的法律,并且还规定了保护数据主体的权利和自由以及合法利益的适当措施,或者(3)不是基于数据主体的明确同意。

如果决定 (1) 是数据主体与数据控制者之间签订或履行合同所必需的,或 (2) 是基于数据主体的明确同意,我们将采取适当措施保护数据主体数据主体的权利和自由以及合法利益,至少是获得控制者人为干预、表达其观点并对决定提出异议的权利。

如果数据主体希望行使有关自动个人决策的权利,他或她可以随时联系任何员工。 i.) 撤回数据保护同意的权利 每个数据主体均有权在任何时候获得欧洲立法者授予的撤回对处理其个人数据的同意。

如果数据主体希望行使撤回同意的权利,他或她可以随时联系任何员工。

处理的法律依据

艺术。 6(1)点亮。 GDPR 作为处理操作的法律依据,我们为特定处理目的获得同意。如果个人数据的处理对于履行数据主体作为一方的合同是必要的,例如,当处理操作对于供应商品或提供任何其他服务是必要的时,处理是根据第 6(1) 条点燃。 b GDPR。这同样适用于执行合同前措施所必需的此类处理操作,例如在查询我们的产品或服务的情况下。我们公司是否承担需要处理个人数据的法律义务,例如为了履行纳税义务,处理基于 Art. 6(1)点亮。 c GDPR。在极少数情况下,可能需要处理个人数据以保护数据主体或其他自然人的切身利益。例如,如果访客在我们公司受伤,并且必须将他的姓名、年龄、健康保险数据或其他重要信息传递给医生、医院或其他第三方,就会出现这种情况。然后处理将基于Art。 6(1)点亮。 d GDPR。最后,处理操作可以基于第 6(1) 条。 f GDPR。本法律依据适用于上述任何法律依据未涵盖的处理操作,如果出于本公司或第三方追求的合法利益的目的需要进行处理,除非此类利益被利益凌驾于利益之上或需要保护个人数据的数据主体的基本权利和自由。这种处理操作是特别允许的,因为它们已被欧洲立法者特别提及。他认为,如果数据主体是控制者的客户,则可以假定其具有合法利益(GDPR 第 47 句第 2 句)。

常规擦除和阻止个人数据

数据控制者应仅在达到存储目的所必需的期限内处理和存储数据主体的个人数据,或在欧洲立法者或其他立法者在其所遵守的法律或法规中授予的期限内至。如果存储目的不适用,或者如果欧洲立法者或其他主管立法者规定的存储期限届满,则个人数据将根据法律要求定期被阻止或删除。

控制者或第三方所追求的合法利益

个人数据的处理基于第 6(1) 条。 f GDPR 我们的合法利益是为了我们所有员工和股东的福祉而开展业务。

个人数据的存储期限

用于确定个人数据存储期限的标准是各自的法定保留期限。在该期限届满后,只要不再需要履行合同或启动合同,相应的数据就会被例行删除。

作为法定或合同要求提供个人数据;签订合同所需的要求;数据主体提供个人数据的义务;未能提供此类数据的可能后果。

我们澄清,个人数据的提供部分是法律要求的(例如税收法规),也可能是合同规定的结果(例如合同伙伴的信息)。有时可能需要签订合同,要求数据主体向我们提供个人数据,这些数据随后必须由我们处理。例如,当我们公司与他或她签订合同时,数据主体有义务向我们提供个人数据。不提供个人资料会导致无法与资料当事人订立合约。在数据主体提供个人数据之前,数据主体必须联系任何员工。

员工向数据主体阐明提供个人数据是否是法律或合同要求或合同订立所必需的,是否有义务提供个人数据以及不提供个人数据的后果数据。

支付方式:关于使用 PayPal 作为支付处理器的数据保护条款

在本网站上,控制器集成了 PayPal 的组件。 PayPal 是一家在线支付服务提供商。付款通过 PayPal 帐户处理,这些帐户代表虚拟私人或企业帐户。当用户没有 PayPal 账户时,PayPal 还能够通过信用卡处理虚拟支付。 PayPal 帐户是通过电子邮件地址管理的,这就是没有经典帐号的原因。 PayPal 可以触发向第三方进行在线支付或接收付款。 PayPal 还接受受托人功能并提供买家保护服务。 PayPal 的欧洲运营公司是 PayPal (Europe) S.à.rl & Cie. SCA, 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg。如果数据主体在订购过程中在网上商店中选择“PayPal”作为支付选项,我们会自动将数据主体的数据传输给 PayPal。通过选择此支付选项,数据主体同意传输支付处理所需的个人数据。传输到 PayPal 的个人数据通常是名字、姓氏、地址、电子邮件地址、IP 地址、电话号码、手机号码或支付处理所需的其他数据。采购合同的处理还需要与相应订单相关的此类个人数据。数据的传输旨在支付处理和防止欺诈。控制者会将个人数据传输到 PayPal,尤其是在传输过程中获得合法权益的情况下。 PayPal 与数据处理控制方之间交换的个人数据将由 PayPal 传输给经济信用机构。此传输用于身份和信誉检查。如有必要,PayPal 将在履行合同义务或在订单中处理数据所必需的范围内将个人数据传递给关联公司和服务提供商或分包商。数据主体可以随时从 PayPal 撤销对处理个人数据的同意。撤销不会对必须根据(合同)支付处理进行处理、使用或传输的个人数据产生任何影响。可在https://www.paypal.com/us/webapps/mpp/ua/privacy-full下检索 PayPal 的适用数据保护条款。

在我们的网站上注册

数据主体可以在控制者的网站上注册并显示个人数据。将哪些个人数据传输给控制者取决于用于注册的相应输入掩码。数据主体输入的个人数据是专门为控制者内部使用和他自己的目的而收集和存储的。控制者可以请求将个人数据转移到一个或多个处理者(例如包裹服务),该处理者也将个人数据用于属于控制者的内部目的。通过在控制者的网站上进行注册,IP 地址(由互联网服务提供商 (ISP) 分配并由数据主体使用)也将被存储注册日期和时间。这些数据的存储是在这样的背景下进行的,即这是防止滥用我们的服务的唯一方法,并且在必要时可以调查所犯的罪行。就目前而言,这些数据的存储对于保护控制器是必要的。这些数据不会传递给第三方,除非有法定义务传递数据,或者如果转移服务于刑事起诉的目的。

数据主体的注册,以及个人数据的自愿指示,旨在使控制者能够提供数据主体的内容或服务,这些内容或服务因相关事项的性质而只能提供给注册用户。注册人可以随时更改注册期间指定的个人数据,或将其从控制者的数据库中完全删除。

数据控制者应随时根据要求向每个数据主体提供信息,以说明存储了哪些有关数据主体的个人数据。此外,在没有法定存储义务的情况下,数据控制者应根据数据主体的要求或指示更正或删除个人数据。在这方面,数据主体可以作为联系人使用所有控制者的员工。

通讯订阅

在我们的网站上,用户有机会订阅我们企业的时事通讯。用于此目的的输入掩码决定了传输哪些个人数据,以及何时从控制器订购时事通讯。

我们通过时事通讯定期通知我们的客户和业务合作伙伴有关企业优惠的信息。只有在 (1) 数据主体拥有有效的电子邮件地址和 (2) 数据主体注册发送时事通讯时,数据主体才能收到企业的时事通讯。出于法律原因,在双重选择程序中,将向数据主体首次注册的电子邮件地址发送一封确认电子邮件,以便发送通讯。此确认电子邮件用于证明作为数据主体的电子邮件地址的所有者是否有权接收时事通讯。

在注册时事通讯期间,我们还会存储由互联网服务提供商 (ISP) 分配并由数据主体在注册时使用的计算机系统的 IP 地址,以及注册的日期和时间。为了了解以后(可能)滥用数据主体的电子邮件地址,有必要收集这些数据,因此它有助于控制者的法律保护。

作为时事通讯注册的一部分收集的个人数据将仅用于发送我们的时事通讯。此外,可以通过电子邮件通知时事通讯的订阅者,只要这对于时事通讯服务的运营或相关注册是必要的,因为在修改时事通讯报价的情况下可能是这种情况,或者技术环境发生变化的事件。时事通讯服务收集的个人数据不会转让给第三方。数据主体可随时终止订阅我们的时事通讯。数据主体为发送时事通讯而对存储个人数据的同意可随时撤销。出于撤销同意的目的,每个通讯中都有相应的链接。也可以随时直接在控制者的网站上取消订阅时事通讯,或以其他方式将其传达给控制者。

通讯跟踪

我们的时事通讯包含跟踪像素。跟踪像素是嵌入在此类电子邮件中的微型图形,以 HTML 格式发送以启用日志文件记录和分析。这允许对在线营销活动的成功或失败进行统计分析。根据嵌入的跟踪像素,我们可以查看电子邮件是否以及何时被数据主体打开,以及电子邮件中的哪些链接被数据主体调用。

在通讯中包含的跟踪像素中收集的此类个人数据由控制器存储和分析,以优化通讯的发送,以及使未来通讯的内容更好地适应数据主体的利益。这些个人数据不会传递给第三方。数据主体有权随时撤销其同意接收新闻通讯的声明。

撤销后,控制者将删除这些个人数据。我们自动将取消收到时事通讯视为撤销。

通过网站联系的可能性

我们的网站包含可以快速与我们的企业进行电子联系的信息。如果数据主体通过电子邮件、支持票或通过联系表格联系控制者,则数据主体传输的个人数据将被自动存储。数据主体自愿向数据控制者传输的此类个人数据被存储用于处理或联系数据主体。不会将此个人数据传输给第三方。

网站博客中的评论功能

我们为用户提供了在控制者网站上的博客上对个人博客贡献发表个人评论的可能性。博客是基于网络的、可公开访问的门户,一个或多个称为博主或网络博主的人可以通过该门户发布文章或在博客帖子中写下想法。博客文章通常可能会被第三方评论。

如果数据主体在本网站发布的博客上发表评论,则数据主体发表的评论以及评论日期和数据主体选择的用户(化名)信息也会被存储和发布.此外,互联网服务提供商 (ISP) 分配给数据主体的 IP 地址也会被记录下来。 IP 地址的存储是出于安全原因,以及数据主体侵犯第三方权利或通过给定评论发布非法内容的情况。因此,这些个人数据的存储符合数据控制者的自身利益,以便在发生侵权时他可以开脱。

收集到的个人数据不会传递给第三方,除非法律要求此类转移或用于保护数据控制者的目的。

本隐私政策自 2018 年 5 月 25 日起生效。

此文本是机器翻译的。 显示原创?

本文是否有帮助?

7人们认为这篇文章很有帮助

还有问题吗?