Who are we? Our website address: https://choctail.lk. This policy describes how WE process and protect users ‘ personal data. The Policy applies to both registered and unregistered users (“users” or “you”). The policy applies regardless of the device from which you use the site, and regardless of the communication channel through which you access it. By providing us with your personal data, you consent to its processing in accordance with this policy. 1. Definitions Personal data – any information related directly or indirectly to a specific or identifiable individual (the subject of personal data). Processing of personal data – the implementation of any actions or a set of actions in relation to personal data, including the collection, recording, systematization, accumulation, storage, updating and modification, extraction, use, transfer (distribution, provision, access), blocking, deletion and destruction-both with and without the use of automated data processing tools. 2. What data we process We process personal and technical data. You provide us with personal information when: • you register on the Site; * use the Site and services; * subscribe to mailing lists; • participate in events, research, and surveys; * write or call us; * communicate with other users; * exercise your rights and perform your duties on the basis of: • service agreements • terms of delivery and secure payment on the Website * legislation. Your device automatically transmits technical data: information stored in cookies, information about the browser and its settings, the date and time of access to the Site, the addresses of the requested pages, actions on the site or in the application, the technical characteristics of the device, IP address, etc. 3. Why we process the data We process personal and technical data in order to: * provide you with the opportunity to use the company’s Website and services: create a profile, place ads, pay for services, etc.; * ensure the stable operation and security of the Site, improve the user experience, the quality of services and marketing activities of the company; * prevent and prevent violations of the law; * respond to your requests; * perform the duties stipulated by the legislation (for example, for accounting, tax reporting, responding to requests from government agencies); * send marketing messages; * organize your participation in events, research and surveys of the company and our partners; and for other purposes with your consent. 4. Legal grounds for processing We process your personal data: * with your consent; • for the conclusion, execution, modification or termination of the contract ; • to exercise the rights and legitimate interests of the company or third parties, if your rights and freedoms are not violated; • to perform the duties assigned to the company by the legislation. We do not process special categories of personal data. We do not process biometric personal data for identification purposes. 5. Transfer to third parties. Cross-border transfer We may share your personal data or to entrust the processing to a third party. For example, if you ordered a delivery on a Website, we pass your data to the delivery service. We only transfer personal data to countries that provide adequate protection. We will never share your data with spammers. 6. Website-open data source Take responsibility for posting information on the Internet. Your ads, reviews, and the public part of your profile can be viewed by any Internet user by visiting the Site. The purpose for which users post data on the Site is to establish contact with a potential buyer (client, employer) who is interested in concluding a deal on the ad. It is prohibited to process user data for any other purpose. You can’t call users to offer them your services. You can’t copy user data to post and store it on other services. You can’t use open data for scoring. All this is illegal. 7. Security Responsible attitude to personal data is the standard of the company’s work. To protect your personal data, we: * Issued and published a policy on user data on the site. * Appointed a person responsible for organizing the processing of personal data. * We conduct trainings for employees on the topic of personal data. * We regularly check the company’s processes and documents for their compliance with the law. * We assess the risks and harm that we may cause if we violate the law on personal data. Based on the assessment, we select appropriate measures to comply with the law. * We apply legal, organizational and technical measures to ensure the security of personal data. When taking measures to protect personal data, we are based on: * legal requirements; * the established level of personal data security; * current threats identified by the threat model; * the basic set of protection measures established by regulatory legal acts for the appropriate level of protection; * risk-based approach when choosing optimal measures; * priority of the legitimate interests of users. 8. Processing time We stop processing your personal data: • after the expiration of the consent period or upon withdrawal of the consent (if there are no other grounds for processing provided for by law). You give your consent for 5 years from the date of deletion of your profile on the Site. Another term may be provided for in individual cases; • when the processing objectives are achieved or when it is no longer necessary to achieve them (if there are no other grounds for processing provided for by law); • when illegal processing is detected, if it is impossible to ensure legality; • when the company is liquidated. The law requires that we store user information for a year after the profile is deleted. 9. Contact us To ask a question or withdraw your consent to the processing of personal data, please contact the support service. 10. Change of policy We update the policy as needed. Check this page periodically. By continuing to use the Site after the change in the policy, you agree to the changes made to it.