Privacy Policy

Collection of Personal Data

The purpose of this security policy is to ensure the appropriate level of protection for the personal data of the data subjects, by properly implementing national legislation regarding data protection and communication confidentiality.

Principles of Personal Data Processing

  • Lawfulness: The processing of personal data is carried out in good faith and is based on and in accordance with legal provisions.
  • Well-defined purpose: Any processing of personal data is carried out for well-defined, explicit, and legitimate purposes, adequate, relevant, and not excessive in relation to the purpose for which they are collected and subsequently processed.
  • Information: Through this information, individuals are made aware that their personal data will be processed.
  • Storage: Personal data is not stored for a period longer than necessary to achieve the purposes for which it was collected.
  • Protection of data subjects: The processing of personal data will be carried out by authorized personnel within the company Primecraft LLC or by other authorized persons in accordance with the law.
  • Security: The technical and organizational measures for the security of personal data are established to protect personal data against accidental or unlawful destruction, loss, modification, disclosure, or unauthorized access.

The Requirements for Ensuring the Security of Personal Data

The following categories of personal data processing operations present special risks to the rights and freedoms of individuals:

  1. The adaptation, modification, disclosure through transmission, dissemination, or in any other way, of personal data related to racial or ethnic origin, political, religious beliefs, membership in a political party or religious organization, personal data regarding health or private life, as well as personal data referring to criminal convictions, coercive measures, disciplinary or contravention sanctions.
  2. The processing of genetic, biometric data, and data that allow the geographical location of individuals through electronic communication networks.
  3. The processing of personal data by electronic means, with the purpose of evaluating aspects of personality, such as professional competence, credibility, behavior, etc.
  4. The processing of personal data by electronic means within record-keeping systems, aimed at analyzing solvency, economic-financial status, actions likely to attract disciplinary, contravention, or criminal responsibility of individuals.
  5. The processing of personal data of minors for commercial purposes (direct marketing activities).
  6. The processing of personal data mentioned in subpoints 1) and 2) of this annex, as well as the personal data of minors collected through the Internet or electronic messaging.

Purpose of Collecting Personal Data

"Hasmett" processes the personal data of its clients and other individuals who are connected to or contact it, which are provided to it through browsing the website sykors.com, for the purpose of issuing and delivering purchased insurance policies.

Personal data (identity data, address, personal identification number, phone number, age, or any other similar data that has been provided) may be processed and used by "Hasmett" both for the purposes of issuing and delivering the insurance policies ordered on the company's website, and for the purpose of creating databases and using them in future actions and activities of the operator.

"Hasmett" will not disclose any of your data (personal information or optional information) to any third party without your consent, except when we have a good faith belief that the law requires us to do so, or when it is necessary to protect the rights or property of our company.

Audit of Security in Information Systems of Personal Data

  • The registration of user login/logout attempts is performed (the date and time of the login/logout attempt are recorded; user ID; the result of the login/logout attempt – successful or failed).
  • The registration of attempts to gain access for applications and processes intended for processing personal data is performed.
  • The registration of attempts to start/end the working session of application programs and processes intended for processing personal data, the registration of changes to user access rights, and the status of access objects is performed.
  • The registration of changes to the user's access rights (competencies) and the status of access objects is performed.
  • The registration of the exit from the system of information containing personal data (electronic documents, data, etc.), the registration of changes to the access rights of the subjects, and the status of access objects is performed.