1. Introduction

Our team takes your privacy seriously. Maintaining the confidentiality of your personal data is a
core principle of our entire business operations. During the rendering of services, we gather,
collect and possess certain private information/personal data of yours. This is why we would like
to inform you about the following privacy policy that is applicable to you while receiving or
applying for any of our services. Please note that this policy is only applicable to websites directly
maintained by Damask and not to the other entities or persons to whom we might refer through
banners or links within our websites.
2. Terms and definitions

For the purposes of this Regulation, the following terms are used with the following meanings:

Platform — Internet site Damask Trading located on the Internet at: https://damask-
User — A private person who is involved in the functioning of the Platform or using the results
of its functioning.
Personal data — any information relating to the Platform User.
Processing of personal data — actions (operations) with personal data, including collection,
systematization, accumulation, storage, clarification (updating, changing), use, distribution
(including transfer), depersonalization, blocking, destruction of personal data.
Registration (signup) — the process when you provide your data to the Platform in order to
gain access to the full functionality of the system, whether it be additional features or access
to resources that unauthorized Users cannot view or download.
Authentication — the process of verifying the User's data that were provided during
Registration in order to open access to the closed sections of the Platform and to the
additional functionality of the Platform.
Distribution of personal data — actions, that result in the disclosure of Personal Data to
unidentified persons.
Depersonalization of personal data — actions, due to which it is impossible to determine the
ownership of personal data by a specific subject of personal data.
Account — a set of data about the User that was provided during Registration and which are
stored in the Platform database, in order to identify him and provide access to closed
resources of the Platform.
Operator — a legal entity (SIA "Damask"), the state registration of which was carried out in
accordance with the established procedure on the territory of the Republic of Latvia, which
owns the Platform and processes Personal Data, and also determines the purposes and
content of Personal Data processing.
Regulations — the current internal document regulating the work of the Operator in the
processing of Personal Data.
3. The composition of the User's personal data

3.1. Self-provided by the User during Registration:
      1) e-mail.
3.2. Self-provided by the User after Authentication on the Site in the User profile section:
      1) e-mail.
3.3. Automatic collection of data from the User:
      1) IP - address,
      2) cookie data,
      3) Information about browser,
      4) hardware and software specifications,
      5) date and time of access to the Platform,
      6) addresses of requested resources.
3.4. The personal data specified in paragraph 3 (of this document) are processed in order to
identify Users, ensure the execution of the user agreement, provide the User with
personalized services and content, and improve the quality of the service.
3.5. The processing of personal data of Users is carried out with their consent. The User
Registering on the Site in order to gain access to the services, thereby expresses his full
consent in accordance with the Regulation of the European Parliament and of the Council
No. 2016/679 on the protection of individuals regarding the processing of personal data
and the free circulation of such data.
4. Confidentiality of personal data

4.1.The information listed in Article 3 of this Regulation is confidential. The Operator ensures
the confidentiality of personal data - is obliged to prevent their distribution without the
consent of the User, or the presence of another legal basis.
4.2.All confidentiality measures during the collection, processing and storage of the User's
Personal Data may apply to both paper and hardware storages.
4.3.The confidentiality regime of personal data is removed in cases of depersonalization or
their publication in public sources (mass media, the Internet or various public state
5. Rights and responsibilities of the Operator

5.1. The Operator has the right, without the consent of the Site User, to process his personal
data in the following cases:
      5.1.1. federal law regulations that oblige the Operator to provide certain information about
      the Platform User;
      5.1.2. obtaining statistical data;
      5.1.3. protection of life, health or other vital interests of the User of personal data, if                      obtaining the consent of the User of personal data is impossible;
      5.1.4. subject to publication in accordance with federal laws, including personal data of
persons holding public positions, positions of the state civil service and personal data
of candidates for state or municipal positions;
5.2. In order to ensure the rights and freedoms of man and citizen, the Operator and his
employees, when processing the User's personal data, must comply with the following
general requirements:
       5.2.1. The Operator ensures the protection of the User's personal data from their unlawful
       5.2.2. If the Operator, on the basis of an agreement, entrusts the processing of personal               data to a third party, an essential condition of the agreement is the observance of the
       confidentiality and security of this data.
6. Personal data User rights

6.1. The subject of personal data has the right to receive the following information from the
       6.1.1. what personal data the Operator stores related to the respective subject;
       6.1.2. how the Operator uses this data.
6.2. The subject of personal data has the right to demand from the Operator the clarification of
his personal data, their blocking or destruction, if the personal data is incomplete,
outdated, inaccurate, illegally obtained or not necessary for the stated purpose of
processing, as well as take measures provided by law to protect their rights.
6.3. Information about the availability of personal data must be provided to the subject of
personal data by the Operator in an accessible form, and they should not contain personal
data related to other subjects of personal data.
6.4. Access to your personal data is provided to the subject of personal data or his legal
representative by the Operator when applying or upon receipt of a request from the subject
of personal data or his legal representative.
6.5. The request for the provision of personal data must contain the number of the main
document proving the identity of the subject of personal data or his legal representative,
information about the date of issue of the specified document and the authority that issued
it, and a handwritten signature of the subject of personal data or his legal representative.
The request can be sent in electronic form and signed with an electronic digital signature in
accordance with the legislation of the Republic of Latvia.
6.6. The subject of personal data has the right to appeal against the actions or inaction of the
Operator to the authorized body for the protection of the rights of subjects of personal
7. Personal data processing

7.1. The processing of personal data is carried out by the Operator solely to achieve the goals
defined by this Regulation.
7.2. The processing of personal data by the Operator consists in obtaining, systematizing,
accumulating, storing, clarifying (updating, changing), using, distributing, depersonalizing,
blocking, destroying and protecting against unauthorized access.
7.3. The processing of the User's personal data can only be accessed by the Operator's
employees, whose job responsibilities are directly related to access and work with the
User's personal data.
7.4. In the event of a corresponding request from the subject of personal data, the Operator is
obliged to make the necessary changes, destroy or block the relevant personal data upon
the provision by the subject of personal data or his legal representative of information
confirming that the personal data that relate to the relevant subject and processed by the
Operator are incomplete , outdated, inaccurate, illegally obtained or not necessary for the
stated purpose of processing. The Operator is obliged to notify the subject of personal
data or his legal representative and third parties to whom the personal data of this subject
were transferred about the changes made and the measures taken.
8. Transfer of personal data

8.1.The transfer of personal data is carried out by the Operator only if it is necessary to fulfill
the User Agreement or provide the User with certain services with the consent of the User.
8.2.The transfer of personal data to state bodies is carried out within the framework of their
powers in accordance with the applicable legislation of the Republic of Latvia.
9. Storage of personal data

9.1.Personal data will be stored in the database of the Operator.
10. Protection of personal data of Users

10.1. Information containing the User’s personal data is subject to protection.
10.2. The Operator is obliged, when processing Users' personal data, to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.
10.3. The Operator undertakes the overall organization of the protection of personal data of Users.
11. Responsibility for disclosing information

11.1.Employees of the Operator who are guilty of violating the rules governing the receipt,
processing and protection of personal data shall bear disciplinary, administrative, civil or
criminal liability in accordance with the laws of the Republic of Latvia.