Welcome to https://www.tadgroup.com (the "Website" or the "Internet page"), which is made for the benefit of TAD GROUP LLC, a Delaware Limited Liability Company, with address for correspondence: 5000 Birch str., STE 3000, West Tower, Newport Beach, CA, 92660, phone number: +1 (800) 725-1337.
ADMINISTRATOR OF PERSONAL DATA:
„TAD GROUP“ LLC (hereinafter referred to as "Administrator") is a Delaware Limited Liability Company, with registered office: 300 Delaware Avenue, Suite 210-A, Wilmington, DE 19801, and address for correspondence: 5000 Birch str., STE 3000, West Tower, Newport Beach, CA, 92660, phone number: +1 (800) 725-1337 and web site: https://www.tadgroup.com.
We are not required to have a data protection officer so, please, address any enquiries about our use of your personal data to the contact details in the previous paragraph.
TAD aims to comply with all data protection acts, but of particular relevance for TAD is the European Union General Data Protection Regulation (GDPR) and for its requirements concerning the storage and processing of personal data, our company appoints the relevant authority within the European Union (EU) for all matters concerning data protection under GDPR. Any data Administrator in the EU, which has a place of central administration for the Union, is considered to have this place as a main establishment in the EU, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the Administrator in the EU, in which case that other establishment should be considered to be the main establishment. The criterion for the main establishment should not depend on whether the processing of personal data is carried out at that location. The presence and use of technical means and technologies for processing personal data or processing activities do not, in themselves, constitute a main establishment and are therefore not determining criteria for a main establishment. In cases involving both the Administrator and a processor of data, the competent lead supervisory authority should remain the supervisory authority of the EU Member State where the Administrator has its main establishment, but the supervisory authority of the processor should be considered to be a supervisory authority concerned and that supervisory authority should participate in a cooperation procedure provided for by the Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016. In any case, the supervisory authorities of the EU Member State or Member States where the processor has one or more establishments should not be considered to be supervisory authorities concerned where the draft decision concerns only the Administrator. Where the processing is carried out by a group of undertakings, the main establishment of the controlling undertaking should be considered to be the main establishment of the group of undertakings, except where the purposes and means of processing are determined by another undertaking.
OUR SUPERVISORY AUTHORITY FOR THE EU:
Information Commissioner's Office
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Contact information: +44 303 123 1113; email@example.com; https://ico.org.uk
- personal data collected and processed by the Provider;
- the purposes of processing personal data;
- retention period of personal data;
- mandatory and voluntary nature of the provision of personal data;
- processing of personal data;
- personal data protection;
- recipients or categories of recipients to whom the data may be disclosed;
- rights of natural persons;
- order for exercise of rights;
- right to object;
- buttons, tools, and content from other companies;
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Administrator means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Personal data processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
III. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
3.1 The administrator follows the following principles when processing personal data about individuals:
- Personal data are processed in a lawful, conscientious and transparent manner with respect to the data subject ("lawfulness, good faith and transparency");
- Personal data are collected for specific, explicit, and legitimate purposes and are not further processed in a way incompatible with those purposes;
- Personal data is appropriate, relevant, and limited to what is necessary in relation to the purposes for which it is being processed ("minimize data");
- Personal data are accurate and, if necessary, kept up-to-date ("accuracy");
- Personal data is stored in a form that allows the data subject to be identified for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");
- Personal data is processed in a manner that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures ("integrity and confidentiality").
IV. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR
А. Processing of special categories of personal data ("sensitive data")
4.1 The administrator does not collect or store special categories of personal data such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions, genetic data, biometrics for the sole purpose of identifying an individual, health data or data on the sexual life or sexual orientation of the individual. Individuals should not provide such sensitive data to the Administrator. If the individual deliberately delivers sensitive data to the Administrator, the Administrator undertakes to delete them immediately.
B. Personal data collected directly from natural persons
Personal data collected directly from individuals when natural persons contact the Administrator by phone
- for realizing the legitimate interests of the Administrator that are related to answering the received calls and sending emails in connection with inquiries received by telephone.
- to provide more information about the services offered by the Administrator in connection with the possible conclusion of a contract. The Administrator uses the services of a telephone service provider located in the US.
Personal data collected directly from individuals when natural persons contact the Administrator via the contact form on the web site
4.3 Natural persons provide personal information to the Administrator when they contact the Administrator by sending a message using the contact form of the Administrator's Web site at: https://www.tad.group/contacts. When the person sends a message to the Administrator using the contact form to make a contact, the Administrator collects and processes the name of the individual, e-mail address, telephone number, and other information that the person provides in the sent message. This data is processed for the purpose of communication with the individual and record keeping. Processing of these personal data is necessary:
- to realize the legitimate interests of the Administrator, whose legitimate interests are to respond to the received messages, as well as to keep the received messages.
- to provide more information about the services offered by the Administrator in connection with the possible conclusion of a contract. The Administrator uses the services of an e-mail service provider to store received emails on a server that is located in the US.
C. Personal data of natural persons provided by third parties
4.4 The Administrator does not normally receive personal data from third-party individuals. However, in some cases, if the Administrator has reasonable grounds to suspect that an individual infringes the intellectual property rights and other similar cases, then the Administrator has the right to obtain the personal data of the suspect from public records, such as: register, the Registry for registered trademarks, kept by The Intellectual Property Office and the like. These data may be collected and processed for the purpose of claiming an offense against the offender. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator who have legitimate interests in bringing an action for an offense against the offender as well as on a legal basis.
D. Data collected automatically
4.5 When visiting the web site, the Administrator automatically collects the following data:
- Internet Protocol (IP) address of the device from which the individual accesses the platform (usually used to determine the country or city from which the individual has access to the platform);
- The type of device from which the individual accesses the platform (for example, a computer, a mobile phone, a tablet, etc.);
- Type of operating system;
- Type of browser;
- The specific actions that a physical person takes, including the pages visited, the frequency and duration of visits to the website;
- Date and time of visits.
4.6 When using the collected information, the Administrator does not perform profiling in regard to the individuals.
VI. OBJECTIVES FOR WHICH PERSONAL DATA ARE PROCESSED
6.1 The Administrator collects and processes the personal data of natural persons which are provided directly by them for the following purposes only:
- to provide services that the Administrator offers and identify individuals (future and current clients);
- contacting the individual by email to enable the Administrator to respond to the inquiry by the individual;
- for actions preceding the conclusion of a contract;
- to comply with a statutory obligation of the Personal Data Administrator, in accordance with the applicable law;
- accounting purposes;
- statistical objectives.
6.2 The Administrator collects and processes the personal data of natural persons that are automatically collected for the following purposes:
- Improving website performance and functionality
- Preparing anonymous statistics on how the website was used.
VII. RETENTION PERIOD OF PERSONAL DATA
7.1 The retention period for storage of documents containing personal data, which are not regulated in the US legislation or internal regulations of the Administrator, shall be kept for a period of 5 years after their receipt.
VIII. MANDATORY AND VOLUNTARY NATURE OF THE PROVISION OF PERSONAL DATA
8.1 Personal data required to be provided by individuals shall be consistent with the services offered by the Administrator and are of a mandatory nature. The provision of personal data by individuals is voluntary. If personal data is denied:
- The Administrator won’t be able to provide the requested service or the information about the provided service by the Provider;
- The Administrator won’t be able to receive the e-mail from the User, if the latter does not fill in the needed information in the contact form.
IX. PROCESSING OF PERSONAL DATA
9.1 The Administrator processes the personal data of natural persons by means of a set of actions that can be performed by automatic or non-automatic means.
9.2 The Administrator processes the personal data of natural persons either by himself or by assigning a data processor on behalf of the Administrator acting as the accountant of the company based in the US.
X. PERSONAL DATA PROTECTION
10.1 The Administrator shall take the necessary technical and organizational measures to protect personal data from accidental or unlawful destruction or accidental loss, unauthorized access, alteration or distribution, as well as other illegal forms of processing:
- all personal information that the individual provides to the Administrator is stored on secure and reliable servers and folders;
- when exercising the right of access by the subject of personal data, the Administrator checks the identity of the individual before giving him the requested information.
XI. RECIPIENTS OR CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE DISCLOSED
11.1 The administrator has the right to disclose the processed personal data of the following categories of persons:
- the natural persons to whom the data relate;
- to persons, if stipulated in a normative act, for example state bodies (NRA, Patent Office, Commercial Register, etc.);
- to personal data processors who provide services in favor of the Provider's business activities, such as the Administrator's accountant and courier organizations, which are subject to a confidentiality obligation, and these persons have provided sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing takes place in accordance with the requirements of the Regulation and ensures the protection of the rights of individuals.
11.2 The Provider does not transmit personal data provided by natural persons to third parties.
XII. RIGHTS OF NATURAL PERSONS
Right of access
12.1 The natural person has the right to receive from the Administrator a confirmation that personal data related to him/her is being processed and, if so, to have access to the data - the corresponding categories of personal data.
Right to rectification
12.2 The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
12.3 The natural person has the right to request from the Administrator to delete the personal data related to him/her without undue delay and the Administrator has the obligation to delete personal data without undue delay when any of the above-mentioned grounds in Art. 17 of Regulation (EU) 2016/679.
Right to restriction of processing
12.4 The natural person has the right to require the Administrator to restrict the processing when one of the specified conditions in Art. 18 of Regulation (EU) 2016/679. When a restriction of processing is made, such data are processed, except for their storage, only with the consent of the individual or for the establishment, exercise or protection of legal claims or for the protection of the rights of another individual or for important reasons of public interest for the Union or a Member State. Where the individual has requested a limitation of processing, the Administrator shall inform him / her prior to the revocation of the limitation of processing.
Right to data portability
12.5 The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, the processing is based on consent and/or the processing is carried out by automated means.
Right to object
12.6 The individual has the right, at any time and on grounds related to his/her particular situation, to object to the processing of personal data relating to him/her. According to Article 21 (4) of Regulation (EU) 2016/679, the individual is expressly informed of the existence of the right of objection, which is presented in a clear and separate manner from any other information. In order to fulfil this obligation, more information on the right of objection can be found in the section below, entitled 'Right to object'.
Right to refuse profiling
12.7 The natural person has the right not to be the subject of a decision based solely on automated processing involving profiling which produces legal consequences for the data subject or similarly affects it to a significant extent.
Right to be notified when personal data breach occurs
12.8 Where a personal data breach is likely to pose a high risk to the rights and freedoms of natural persons, the natural person must be informed without undue delay of the breach of personal data security.
Right to judicial and administrative protection
Right to lodge a complaint with a supervisory authority
12.9 A natural person shall have the right to appeal to a supervisor, in particular in the Member State of habitual residence, place of work or place of suspected infringement if the individual considers that the processing of personal data relating to him or her is in breach of the provisions of the Regulation.
Right to effective judicial protection against a supervisory authority
12.10 Every natural or legal person shall have the right to effective judicial protection against a binding decision of a supervisory authority. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
Right to effective judicial protection against an administrator or processor of personal data
12.11 Without prejudice to any available administrative or non-judicial remedies, including the right to appeal to a supervisor, the individual is entitled to effective judicial protection where he considers that his rights under the Regulation have been violated as a result of processing of his or her personal data, which is not in accordance with the Regulation. Proceedings against an administrator or processor of personal data are brought before the courts of the Member State in which the Administrator or the personal data processor has a place of establishment.
Right to compensation for suffered damages
12.12 Any person who has suffered material or non- material damage as a result of a breach of the Regulation is entitled to receive compensation from the Administrator or the processor for the damage suffered. Judicial proceedings in connection with the exercise of the right to compensation are brought before the courts of the Member State in which the Administrator or the personal data processor has a place of establishment.
XIII. ORDER FOR EXERCISE OF RIGHTS
- name, address and other identification data for the individual concerned;
- description of the request;
- signature, date of submission of the request and e-mail address.
13.2 The request is made personally by the natural person. The Administrator files the requests filed by natural person into a separate registry.
13.3 Once the natural person has exercised his right of access to personal data relating to him/her, the Administrator checks the identity of the individual before responding to the request. This is necessary to minimize the risk of unauthorized access to data and identity theft. In the event that the Administrator can not identify the individual from the personal data collected, then the Administrator has the right to request a copy of the documents that identify the natural person (such as an ID card, driver's license, other documents that contain personal data that can identify the natural person).
13.4 The Administrator shall examine the request and provide the individual with information on the action taken in relation to the request within one month of the receiving of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests.
13.5 The Administrator shall inform the natural person of any such extension within one month of receipt of the request, indicating the reasons for the delay. Where a natural person submits a request by electronic means, the information shall, if possible, be provided by electronic means, unless the person has requested otherwise.
13.6 If the Administrator fails to act upon the individual's request, the Administrator shall notify the person without delay and at the latest within one month of receipt of the request for reasons not to act and of the possibility of filing a complaint to a supervisory authority and seeking protection under court order.
13.7 The Administrator undertakes to report any correction, deletion, or limitation of processing to any recipient to whom personal data has been disclosed, unless this is impracticable or requires disproportionate effort. The Administrator shall inform the natural person of these recipients if the person so requests.
XIV. RIGHT TO OBJECT
XV. BUTTONS, TOOLS, AND CONTENT FROM OTHER COMPANIES
XVII. CONTACT INFORMATION
Latest update: 05.11.2018