Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy is prepared in accordance with the requirements of the Personal Data Law and defines the procedure for processing personal data and the security measures taken by ATLANTIS LT (hereinafter referred to as the CLUB REGATTA Operator).
1.1. The Operator considers as its highest priority and a condition for its activity the observance of human and citizen rights and freedoms during the processing of personal data, including the protection of rights to privacy, personal and family secrets.
1.2. This Operator’s Personal Data Processing Policy (hereinafter — the Policy) applies to all information that the Operator may receive about visitors to the website https://clubregatta.eu/.
2. Key Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computing technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except cases when processing is necessary to clarify personal data).
2.3. Website — a set of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address http://clubregatta.eu/.
2.4. Personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.5. Anonymization of personal data — actions as a result of which it is impossible to determine the belonging of personal data to a specific User or other personal data subject without additional information.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.7. Operator — a state body, municipal body, legal entity, or individual who independently or jointly with others organizes and/or carries out the processing of personal data and determines the purposes of personal data processing, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website http://clubregatta.eu/.
2.9. Personal data permitted by the personal data subject for dissemination — personal data whose access is provided to an unlimited number of persons by the subject’s consent given in accordance with the Personal Data Law (hereinafter — personal data permitted for dissemination).
2.10. User — any visitor to the website http://clubregatta.eu/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or making personal data available to an unlimited number of persons, including publication in mass media, placement in information and telecommunication networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — any actions resulting in irreversible destruction of personal data with the impossibility of further recovery of the content in the personal data information system and/or destruction of material carriers of personal data.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data from the personal data subject;
— in case of withdrawal of consent by the personal data subject for processing or request to cease processing, continue processing without consent if there are grounds specified by the Personal Data Law;
— independently determine the set of necessary and sufficient measures to fulfill the obligations stipulated by the Personal Data Law and related regulations, unless otherwise provided by law.
3.2. The Operator is obliged to:
— provide the personal data subject, upon request, with information regarding the processing of their personal data;
— organize processing in accordance with the applicable EU legislation;
— respond to requests and inquiries from personal data subjects and their legal representatives per the Personal Data Law;
— provide necessary information to the authorized personal data protection authority within 10 days of receiving a request;
— publish or otherwise ensure unlimited access to this Personal Data Processing Policy;
— take legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination, or other unlawful actions;
— cease transfer (distribution, provision, access), stop processing, and destroy personal data according to the law;
— fulfill other obligations provided by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
— receive information about the processing of their personal data, except cases stipulated by federal laws. Information is provided in an accessible form and must not contain personal data relating to other subjects unless legal grounds exist;
— require clarification, blocking, or destruction of their personal data if incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for processing purposes;
— impose a prior consent condition when processing data for marketing purposes;
— withdraw consent or request to stop processing;
— appeal unlawful actions or inactions of the Operator in court or to the authorized body;
— exercise other rights established by EU legislation.
4.2. Personal data subjects must:
— provide reliable data;
— inform the Operator about updates or changes.
4.3. Persons who provide inaccurate data or data about others without consent bear responsibility under EU law.
5. Principles of Personal Data Processing
5.1. Processing is lawful and fair.
5.2. Processing is limited to specific, legitimate purposes.
5.3. Databases processed for incompatible purposes must not be merged.
5.4. Only data relevant to the purpose is processed.
5.5. The content and volume of processed data correspond to stated purposes; excessive data processing is prohibited.
5.6. Accuracy, sufficiency, and relevance of data must be ensured; incomplete or inaccurate data must be corrected or deleted.
5.7. Data is stored in a form allowing identification only as long as needed; upon purpose achievement or loss of necessity, data is destroyed or anonymized unless otherwise provided by law.
6. Purposes of Processing Personal Data
  • Purpose: Informing the User by sending emails
  • Personal Data: last name, first name, patronymic; email address; phone numbers
  • Legal Grounds: Law “On Information, Information Technologies, and Protection of Information”
  • Types of processing: collection, recording, systematization, accumulation, storage, destruction, anonymization; sending informational emails
7. Conditions for Personal Data Processing
7.1. Processing is done with the subject’s consent.
7.2. Processing is necessary for purposes under EU international treaties or laws, or for functions imposed by law on the Operator.
7.3. Processing is necessary for justice, execution of court acts or other authorized acts.
7.4. Processing is necessary for contract execution where the subject is a party or beneficiary.
7.5. Processing is necessary for rights and legitimate interests of the Operator or third parties or for public interest without violating rights and freedoms of subjects.
7.6. Processing of publicly accessible personal data with the subject’s consent or request.
7.7. Processing required by law for publication or mandatory disclosure.
8. Procedure for Collection, Storage, Transfer, and Other Processing
Personal data security is ensured by legal, organizational, and technical measures to fully comply with current legislation.
8.1. Operator ensures data safety and prevents unauthorized access.
8.2. User data is never transferred to third parties except as required by law or with consent for contract fulfillment.
8.3. User can update data by notifying Operator at mail@atlantis-sail.com with subject “Personal Data Update”.
8.4. Data is processed only as long as necessary for purposes unless otherwise stipulated. Consent may be withdrawn by notifying Operator at mail@atlantis-sail.com with subject “Withdrawal of Consent”.
8.5. Third-party services collect and process data according to their own policies. Operator is not responsible for their actions.
8.6. Restrictions on transfer or processing do not apply when processing is required for state, public, or other lawful interests per EU legislation.
8.7. Operator ensures confidentiality.
8.8. Data is stored no longer than necessary, unless otherwise required.
8.9. Processing ceases upon purpose achievement, consent withdrawal, or unlawful processing detection.
9. Actions Performed by the Operator with Received Personal Data
9.1. Collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, anonymization, blocking, deletion, and destruction.
9.2. Automated processing with or without transmission over telecommunication networks.
10. Cross-Border Transfer of Personal Data
10.1. Operator must notify the authorized body about intent to transfer personal data cross-border before starting.
10.2. Operator must obtain relevant information from foreign authorities or persons before notification.
11. Confidentiality of Personal Data
Operator and other persons with access must not disclose or distribute personal data without consent unless otherwise provided by law.
12. Final Provisions
12.1. User may request clarifications by contacting Operator at mail@atlantis-sail.com.
12.2. Changes to the policy will be reflected in this document; policy is valid indefinitely until replaced.
12.3. Current version is publicly available at http://clubregatta.eu/privacy.