Срочная доставка

по межгороду!

Доставка по городу!

Межгород

Аккумуляторы
Аккумуляторы

Data Protection and Privacy Shield Online

Data Protection and Privacy Shield Online

EU data protection law ensures that your personal information is protected whenever it's collected—whether you buy something on the web, apply for a job, or request a bank loan. These laws apply to all organizations and businesses (private and state-owned) operating in the EU, and those based outside of the EU who sell products or services to residents of the EU (such as Facebook or Amazon) when they process or collect individuals' personal data within the EU. To learn more about data protection in online games, see our full policy.

It does not matter what form your data is in—electronically within a computer system or on paper in an arranged file—whenever information that can be used to directly or indirectly identify you is stored or processed, your right to privacy has to be safeguarded.

When Is Data Processing Permitted?

The EU's General Data Protection Regulation (GDPR) defines situations where a business or entity is permitted to gather or reuse your personal information:

  • Contractual obligation: For example, when you buy commodities or services online or enter into an employment contract.
  • Legal requirement: When there is a requirement from law to process the data, for example, when your employer must send payroll information to social security administrators.
  • Important interests: When processing is required to protect your life.
  • Public interest: Usually pertains to municipalities, hospitals, and schools.
  • Legitimate interests: As for instance when your bank verifies your eligibility for a high-interest savings account from your data.

In all other cases, the organization or business will need to obtain your consent first before gathering or reusing your personal data.

Consent for Data Processing

Where consent is required, you must give a clear, affirmative action—e.g., signing a form stating that you consent, clicking "yes" on an internet page. Simply opting out (i.e., marking a box not to receive marketing emails) is not enough; you must opt in.

Before you consent, you must be aware of:

  • Who is processing your data and how to get in touch with them (including their Data Protection Officer, if they have one)
  • Why your data will be processed
  • How long your details are stored
  • Any third parties that your details will be passed on to
  • Your rights to having your information protected (access, correction, erasure, complaints, and withdrawing consent)

All of this details must be explained simply and clearly. 

Right to Withdraw Consent and Object

If you have previously provided consent, you are able to withdraw at any time by contacting the organisation's data controller. When this is withdrawn, the organisation is no longer able to process your personal data.

If processing is on legitimate interest or on the performance of a task in the public interest, you have the right to object. In some situations—e.g., when research or statistics are being prepared by public authorities—public interest might override your right to object.

For direct marketing by email, consent is always required in advance. Even if you are already a customer, you should be able to opt out at any time, and the organization must cease to use your details for marketing immediately.

Examples and Special Rules

Case study: Opting out of direct marketing

After he bought concert tickets online, Anatolios began receiving unsolicited promotional emails. He asked them to desist, and they immediately removed him from their list.

Rules applicable to children

Children using online services (social media, music downloading, games) typically need parental consent up to age 16 (as early as 13 in some EU countries). Adequate verification (e.g., a verification email to parents) must be conducted.

  • Access, Rectification, Portability, and Erasure
  • Access: You have the right to use a free copy of your personal data in a readily readable form within a month.
  • Rectification: If your data is inaccurate or incomplete, you can ask it to be rectified.
  • Portability: You can request your data to be sent back to you or even to another service directly, where technically possible.
  • Erasure (Right to be Forgotten): You can ask your data to be erased if it is no longer being processed or no longer required, or processed unlawfully. This includes asking search engines to remove links to pages with your name if it is not correct, not pertinent, or excessive. Companies also must inform other websites that are utilizing your information about your request for deletion.

Case study: Correcting personal data

Alison got a mortgage and accidentally filled in the wrong birthdate. When the quote for her insurance proved to be extremely high, she noticed the error, got it altered by her bank, and then was presented with a revised, accurate insurance quotation.

Conclusion

The EU's data protection laws provide citizens with strong and straightforward rights regarding what happens to their personal information when it is gathered, stored, used, and shared — on and off line. Organisations must obtain the clear consent of their customers to process their personal data unless they fall under a valid ground such as a contract, legal necessity, or legitimate interest. An individual has the right to access, correct, transfer, or delete their data and object to processing in certain situations, such as direct marketing.

These shields are all-encompassing, for example, as when implemented in the scenario of online gaming, where users have the tendency to trade confidential data. In order to learn more about such rights and how they affect digital entertainment, see this data protection in online games webpage.