SUMMARY
Effective: From April 18, 2024, until revoked.
This simplified communication aims to provide clear and comprehensive information about data processing. Pre-registration documents available on the website include Terms and Conditions, Privacy Policy / GDPR, and Cookie Regulations.
This communication on data protection adheres to clarity guidelines outlined in the Transparency Guidelines, ensuring thorough information provision alongside additional annexes.
Issued by:
Name: TOKO BOELLE MEDIA Ltd.
Location:
410 Office 7
Whitechapel Road
London
United Kingdom
E1 1DU
Great Britain
Email: tokoboelle@gmail.com
Website: https://emiratesmassage.com and its country-specific versions.
Privacy Contact: For enforcing data rights, contact tokoboelle@gmail.com.
Refer to the communication for data processor details.
By providing personal data, you acknowledge understanding and acceptance of the current version of this data processing communication.
The legal basis for this communication is Regulation (EU) No 2016/679 concerning personal data processing and free data movement, repealing Regulation (EC) No 95/46 (hereinafter referred to as Regulation).
Purpose of the Website:
The website facilitates posting escort-related advertisements, dating partner searches, reviews, and reports for users. It enables registered adult members to access other registered individuals’ data sheets or contact them.
Attention is given to children’s personal data protection. The website’s content may be adult-oriented, intended for adult visitors and users only. If underage or site usage is illegal, refrain from accessing the site.
Our websites are SSL security-certified.
Principles of Personal Data Management:
Personal data is handled lawfully, fairly, transparently, and for specific purposes. It’s collected with consent, stored securely, and for a limited duration.
Purposes of Data Processing:
Fulfilling contractual obligations
Enhancing service efficiency and user experience
Creating and managing accounts
Sending newsletters and advertisements
Meeting legal obligations
Rights Related to Personal Data:
Includes access, rectification, deletion, data portability, objection, and lodging complaints.
Data Protection Availability:
To validate data protection rights, email tokoboelle@gmail.com.
Conclusion:
For comprehensive information on data processing, refer to the full communication available at https://emiratesmassage.com and its subdomains.
Information on Data Processing
INTRODUCTION
This information ensures compliance with EU Regulation 2016/679 (GDPR) regarding data processing principles and rules before using our services.
The webpage https://emiratesmassage.com is an international service with multilingual adaptations.
Its objective is to facilitate escort and dating partner search advertisements. Registered members can access other persons’ data sheets and communicate with them.
By providing personal data, users acknowledge awareness and acceptance of data processing information.
We prioritize protecting clients’ and partners’ personal data, treating it confidentially and implementing security measures.
During registration, users consent to legal personal data use. Unsubscribing from newsletters is possible at any time.
The webpage’s security is SSL certified, and protection of children’s personal data is paramount.
Pre-registration documents include GBC, Data Processing Information, and Cookie Regulations.
CHAPTER I
APPOINTMENT OF THE DATA PROCESSOR
Hereinafter referred to as the service provider or data processor, the designated entity has agreed to adhere to the provisions outlined in this legal notice. The company assumes responsibility for its actions, ensuring compliance with all relevant national regulations and European Union legislation.
The wording of the Data Protection Communication has been crafted in line with the Transparency Guidelines, ensuring comprehensive information provision with accompanying annexes.
This information is provided by the following company, which also serves as the data processor:
Name: TOKO BOELLE MEDIA Ltd.
Headquarters:
410 Office 7
Whitechapel Road
London
United Kingdom
E1 1DU
Great Britain
Email Address: tokoboelle@gmail.com
Website https://emiratesmassage.com
and its country-specific versions.
Privacy Contact: For inquiries regarding your data rights, please contact tokoboelle@gmail.com, and we will assist you.
CHAPTER II
DATA PROCESSORS
A data processor is defined as a natural or legal person, public authority, agency, or other body that manages personal data on behalf of the data controller. While recourse to a data processor does not require prior consent from individuals, informing them is necessary. Hence, we provide the following details:
IT service provider of our company: Responsible for maintaining and managing our website within the company group.
Accounting service provider of our company: Manages accounting and bookkeeping tasks related to taxation obligations within the company group.
Online payment services partner: KESA LTD, 63-66 Hatton Garden, 5th Floor, Suite 23, London, EC1N 8LE. Email: help@kesa.ai.
CHAPTER III
DEFINITIONS USED IN THE INFORMATION DOCUMENT
Handling Personal Data: Refers to any operation or series of operations, whether automated or not, performed on personal data. This includes collection, recording, organization, analysis, storage, alteration, querying, inspection, use, dissemination, publication, transmission, synchronization, connection, restriction, deletion, and destruction.
Personal Data: Any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to identifiers such as name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Special Data: Personal data concerning racial or ethnic origin, nationality, political opinions, religious or philosophical beliefs, membership in trade unions, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, as well as personal data relating to criminal convictions and offenses.
Data Processing: Any operation or set of operations performed on personal data, whether automated or not. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
Controller: A natural or legal person, public authority, agency, or other body that determines the purposes and means of the processing of personal data, either alone or jointly with others. If the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for their nomination may be provided for by Union or Member State law.
Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
Recipient: A natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Consent of the Data Subject: The data subject’s voluntary, specific, informed, and unambiguous indication of their wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.
Data Breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
For further definitions and information, please visit: European Commission – Data Protection Reform
CHAPTER IV
PRINCIPLES OF DATA PROCESSING
Lawfulness, Decent Procedure, and Transparency: Personal data must be handled lawfully, decently, and in a clear and transparent manner for the data subject.
Purpose Limitation: Personal data collection should occur only for a clear and lawful purpose and must not deviate from these purposes. Data collected for general archiving, scientific research, historical research, or statistical purposes are not considered incompatible with these aims.
Data Minimization: Personal data must be relevant and appropriate for the purposes of data processing and should be limited to the necessary amount.
Reliability: Personal data should be reliable and up-to-date. Reasonable measures must be taken to correct or delete unreliable data promptly.
Limited Storage: Personal data should be stored in a manner that allows identification of the subjects only for the duration necessary to fulfill the purposes of data processing. Exceptions may apply as per Article 89(1), which allows for extended storage for general archiving, scientific research, historical research, or statistical purposes, provided that appropriate technical and organizational measures are in place to protect the rights and freedoms of the data subjects.
Integrity and Confidentiality: Personal data must be handled securely, ensuring the integrity and confidentiality of the data through appropriate technical and organizational measures. This includes protection against illegal or unlawful data processing, accidental loss, destruction, or damage.
Accountability: The Controller is responsible for adhering to the principles outlined above and must be able to demonstrate accountability.
CHAPTER V
DIRECTIONS FOR DATA SECURITY
Security Measures: The Organization implements necessary safety, organizational, and technical measures to ensure the highest level of personal data protection and to prevent illegal modifications, destruction, and usage blockage.
SSL Security Certificates: Our websites are secured with SSL security certificates, creating a secure and encrypted channel between clients and servers. This encryption ensures that sensitive information, such as credit card data and account authorization, is transferred securely to prevent data leakage. Transactions are conducted using PIN codes and other encryption methods.
Data Storage: Data collected by us is stored in various locations within our infrastructure, including system logs, backend databases, and analytical systems. When transferring data from the European Economic Area (EEA) to countries like the United States, we adhere to the directives of the European Commission and comply with the individual compliance provisions for each country defined by the Commission.
Third-Party Links: Some of our services may include links to other websites, such as commercial banners or Facebook. As we do not control the data protection principles and practices of these third-party websites, we advise users to review their respective data protection policies to understand how personal data is collected and used. Payments made through our services via credit cards or e-vouchers are handled by third-party providers who fulfill stringent security measures.
Email and Text Message Security: Data transfer via email or text message over the internet is not entirely secure. While we take measures to protect your personal data, we cannot guarantee the safety of data transferred through our services or email. Users are responsible for safeguarding their data, and we recommend using strong passwords and implementing proper technical and organizational measures to protect against loss, theft, unauthorized access, or modifications.
CHAPTER VI
HANDLING PERSONAL DATA
DATA PROCESSING RELATED TO CONTRACTS, TERMS AND CONDITIONS, WEBSITE
Management and Register of Data Related to Contracting Persons, Advertisers
Objective: The company manages data of clients and suppliers for contract conclusion, fulfillment, termination, and advertisement provision.
Processed Personal Data: Name, birth name, date of birth, address, telephone number, email, website, bank account number, client ID, online ID number.
Legal Basis: Contract fulfillment rights.
Addressees: Company employees in customer service, accounting, and data processors.
Duration of Storage: Until withdrawal of consent or up to 5 years after account termination, or 8 years if obligated by law.
Stakeholders Concerned: Website customers, clients, suppliers, advertisers.
Legal Person Clients, Customers, Suppliers, Data Related to Representatives
Objective: Fulfillment of contracts with legal partners, business contacts.
Processed Personal Data: Name, phone number, email, online ID.
Legal Basis: Contract fulfillment.
Addressees: Company employees in customer service, accounting, and data processors.
Duration of Storage: 5 years post-business relationship.
Data Subjects: Business representatives of advertisers, clients, customers.
Data Processing Related to Visitors (Cookies) on the Company’s Website
Objective: Enhance user experience, prevent fraud.
Data Subjects: All visitors.
Addressees: Company’s IT provider and service participants.
Types of Cookies: Session cookies, use-related cookies, performance cookies.
Management of Cookies: Users can adjust browser settings; certain functions may not operate without cookies.
Registration of an Advertiser Profile on the Company’s Website
Objective: Establishing new contacts, providing services, and storage space.
Processed Personal Data: Email, user type, login, IP address, date of registration, automatic entry cookie.
Legal Basis: User consent.
Addressees: Company employees in customer service, marketing, data processing.
Duration of Storage: Until withdrawal of consent or up to 5 years post-account deletion.
Personalized Advertisement Profile Account on the Company’s Website
Objective: Present advertised services.
Processed Personal Data: Various personal details provided by advertisers.
Legal Basis: User consent.
Addressees: Company employees in customer service, marketing, data processing.
Duration of Storage: Until withdrawal of consent or 6 months post-account deletion.
Data Processing Related to Newsletter Services
Objective: Sending newsletters and marketing materials.
Processed Personal Data: Name, email, spoken language, user interests.
Legal Basis: User consent.
Addressees: Company employees in customer service, marketing, data processing.
Duration of Storage: Until withdrawal of consent or service provision.
Automated Decision Making: Data may be used for automated decisions to identify potential business opportunities.
Tracking: Users’ interactions with newsletters are tracked to identify content of interest.
CHAPTER VII
DATA PROCESSING BASED ON LEGAL OBLIGATIONS
Data Processing for Taxation and Accounting Obligations
Objective: Compliance with taxation and accounting obligations as stipulated by law.
Processed Personal Data: Tax number, name, address, tax status, information on economic transactions, signatures, business license number, tax ID number.
Legal Basis: Accounting Act requirements.
Duration of Storage: 8 years post-termination of legal relation.
Addressees: Company employees and data processors handling taxation, accounting, and related tasks.
CHAPTER VIII
SHARING DATA WITH PARTNERS
The Company operates its website globally and shares information internally and with external partners in compliance with regulations and Terms and Conditions.
Data Transfer: Information is transferred to countries such as the United Kingdom, United States, or others for service provision and operational purposes.
Transfer Safeguards: Transfers follow EU Commission model contracts or rely on the EU-USA Privacy Shield framework.
Sharing with Partners: Personal information shared with partners includes name, email, and relevant details for service provision, marketing, or product offerings.
Consent Requirement: Sharing requires user consent, and sharing via hidden tools like VPNs is prohibited.
Partner Restrictions: Partners are strictly forbidden from using data beyond agreed-upon purposes without notice.
Third-Party Services: Contracts with third-party partners are limited to the agreed-upon service scope, prohibiting data use for other purposes.
Third-Party Disclosure: Personal data is not disclosed to third parties like media, observers, or marketing partners except for aggregated, non-personal data for analysis or industry best practices.
CHAPTER IX
INFORMATION ON DATA SUBJECT RIGHTS
Individuals have the right to inquire about how their personal data is managed. They can request corrections, deletions, or withdrawals, except for when data processing is mandatory. Additionally, they can exercise their right to data transfer and objection as outlined in the data registration and contact details provided by the Data processor.
- Right to Preliminary Information: Data subjects have the right to receive preliminary information about the processing of their personal data, as outlined in Regulation articles 13-14.
- Access Rights: Data subjects are entitled to access their personal data, as specified in Regulation article 15.
- Right to Correction: Data subjects have the right to request the correction of their personal data, according to Regulation article 16.
- Right to Deletion (Right to Erasure): Data subjects possess the right to request the deletion or erasure of their personal data, as stated in Regulation article 17.
- Right to Limitation of Data Processing: Data subjects have the right to limit the processing of their personal data, outlined in Regulation article 18.
- Right to Correction or Deletion of Personal Data: Data subjects can request the correction or deletion of their personal data, along with notification obligations related to the limitation of data processing, per Regulation article 19.
- Right to Data Portability: Data subjects have the right to data portability, as described in Regulation article 20.
- Right to Object: Data subjects can object to the processing of their personal data, in accordance with Regulation articles 6(1)(e) or (f) and article 21.
- Automated Decision Making Processes: Data subjects have rights regarding automated decision-making processes, including profile creation, as outlined in Regulation article 22.
- Limitations: There are limitations on these rights, in accordance with articles 12–22 and article 34 of the Regulation.
- Information on Data Protection Incidents: Data subjects have the right to be informed about data protection incidents, as stated in Regulation article 34.
- Right to Make Complaints: Data subjects have the right to make complaints to the supervisory authority, with the right to appeal to a judicial authority, in line with Regulation article 77.
- Right of Appeal to a Supervisory Authority: Data subjects possess the right to appeal to a supervisory authority, as specified in Regulation article 78.
- Right of Appeal to a Judicial Authority: Data subjects have the right to appeal to a judicial authority against the data processor or data processor, according to Regulation article 79.
Communication of Data Subject Rights
The data processor is obligated to ensure that data subjects receive comprehensive information regarding the processing of their personal data, adhering to the guidelines outlined in articles 13 and 14 of the GDPR. Additionally, data subjects have the right to access their personal data and related information, including:
Objectives of data processing.
Categories of personal data involved.
Recipients and categories of recipients informed about or with whom the data will be shared, including third countries and international organizations.
Planned duration of data storage.
Options for correction, deletion, or limitation of data processing, as well as the right to object.
Procedures for appeals and claims to the supervisory authority.
Information on data sources.
Details about automated decision-making, including profile creation and its potential consequences.
The data processor must provide this information promptly, within one month of receiving the request.
Right to Data Correction and Deletion
Data subjects have the right to request the correction of inaccurate personal data and the deletion of data under certain circumstances. These circumstances include situations where:
The data are no longer necessary for the intended purpose.
Consent for data processing has been withdrawn with no alternative legal basis.
The data subject objects to the processing, and there is no legitimate reason for continuing.
Data processing has occurred unlawfully.
Legal requirements dictate data deletion.
However, data deletion may be restricted in cases where it is necessary for:
Exercising freedom of expression and information rights.
Complying with legal obligations or performing tasks in the public interest.
Reasons of public health, historical or statistical research, or legal claims.
Limitation and Withdrawal of Data Processing
Data subjects can request the limitation of data processing under specific conditions, such as disputing the accuracy of the data or objecting to their deletion. In such cases, data processing can only continue with the data subject’s consent or for certain legal purposes.
Data Portability and Objection
Data subjects have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another data controller. They also have the right to object to certain types of data processing, including for direct marketing purposes.
Appeals and Complaints
Data subjects can appeal to the supervisory authority if they believe their data rights have been violated. If unsatisfied with the supervisory authority’s response, they have the right to seek judicial remedy. This includes the right to an effective judicial review of decisions made by the supervisory authority or against the data controller or processor.
Communication of Data Breaches
In the event of a personal data breach posing a risk to individuals’ rights and freedoms, the controller must promptly inform the data subjects without undue delay.
Submission of Data Subject's Request and Controller's Measures
Upon receiving a request from a data subject to exercise their rights, the controller must promptly inform the data subject of the actions taken, without any undue delay and within one month of receiving the request at the latest. However, this period may be extended by two months if necessary, considering the complexity and number of requests. If such an extension is needed, the controller must inform the data subject of the delay and reasons within one month of receiving the request.
If the data subject submits the request electronically, the controller should provide the information electronically if possible, unless otherwise requested by the data subject.
If the controller decides not to take action on the request, they must inform the data subject promptly and no later than one month after receiving the request. This communication should include reasons for not taking action and information on the data subject’s right to lodge a complaint with a supervisory authority or seek judicial remedy.
The data processor is responsible for providing information to the data subject as per Articles 13 and 14 of the Regulation and communicating the data subject’s rights (Articles 15-22 and 34 of the Regulation) free of charge. However, if the data subject’s request is evidently unfounded or excessive, the data processor may refuse to act on the request, considering the administrative costs involved.
If the controller has doubts about the identity of the data subject making the request, they may request additional information to confirm the data subject’s identity.
The controller may refuse to fulfill the request if they can prove that the data processing is justified by compelling legitimate grounds that override the data subject’s interests, rights, and freedoms, or are related to the presentation, exercise, or defense of legal claims.
If the data subject disagrees with the controller’s decision or if the deadline is not met, they have the right to bring the case before the court within 30 days of receiving the decision or the last day of the deadline.
CHAPTER XI
OTHER DISPOSITIONS AND INFORMATION
1. Enforcement proceedings
The fact that the data processing complies with the law, has to be proven by the data controller. The legitimacy of data transmission has to be proven by the data importer. The court is in charge of making a decision at the end of the proceedings. The legal proceedings – based on the choice of the data subject – can be brought to the competent court according to the place of residence or place of stay of the data subject.
2. Communication of a personal data breach to the data subject
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.
The data subject does not need to be informed, if any of the following conditions are met:
the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption;
the controller has taken subsequent measures after the incident which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise;
the information would require a disproportionate effort. In such cases the data subjects concerned should be informed by way of published information or similar measures should be taken to ensure stakeholders in an equally efficient way.
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
3. Compensation and grievance fees
If the controller causes harm by the unlawful processing of data related to the data subject or by breaching the data security regulations, the controller is liable to compensate this breach. If the controller causes harm by the unlawful processing of data related to the data subject or by violating the civil rights of the data subject, the data subject is entitled for a grievance fee from the data controller.
You do not have to compensate for the damage and the grievance fees if the impairment caused by civil rights violation was due to deliberate or seriously obvious negligence of the party concerned.
4. Legal remedies
Privacy Contact: If you wish to enforce your rights related to your data, please email to tokoboelle@gmail.com and we will handle your request.
The data subject is entitled to initiate a legal procedure by the National Authority for Data Protection and Freedom of Information that is competent at the place of residence in case if legal remedy needs to be sought related to the processing of personal data or if there is a direct danger concerning that.
Any data subjects are entitled to turn to the court in case if they wish to seek legal remedy related to their personal data. The judgement at the end of the legal proceedings belongs to the competence of the court. The legal action – according to the choice of the data subject – can be brought to the court that is competent in the place of residence.
5. Modification of the Communication on Data processing
The Data Processor reserves the right to modify the present communication on data processing. After the webpage’s modification has entered into force, the modified communication on data processing shall be accepted.