Important Information for Controller
Justification for Processing Personal Data
    In general, when carrying out the operation, the controller should have unambiguous consent from the data subject, with the exception of the following:
  1. for the performance of a contract or contracts or in order to take steps at the request of the data subject prior to entering into a contract (the data subject is a party of the contract);
  2. for compliance with a legal obligation;
  3. for the protection of the data subject incapable of indicating unambiguous consent;
  4. for the performance of a task carried out in the public interest or in the exercise of official authority;
  5. priority of its own interests over the rights, freedom and guarantees of the data subject.
Please pay special attention: The processing of sensitive data is prohibited unless regulated in exceptional cases. A controller should not process someone’s personal data related to suspicion of illegal activities, criminal and administrative offences, without complying with legal provisions.
Timely Implementation of the obligation of notification and application for authorization
    As regulated by law, it is obligatory to notify the Office for Personal Data Protection and apply for authorization for personal data processing in certain areas. For details, please read “Notification” and “Authorization”.