- GENERAL PROVISIONS
1.1. This Policy on the Processing of Personal Data (hereinafter referred to as the “Policy”) is a document establishing the relationship between individuals — subjects of personal data (hereinafter referred to as the “User” or “You”) and “DE KORP” LLC, OGRN 1267700048440, INN 9703238677, registered address: 12 Presnenskaya Embankment, Premises 8N, Presnensky Municipal District, Moscow 123112, Russian Federation (hereinafter referred to as the “Operator” or the “Company”), regarding the processing of personal data.
1.2. The Policy has been developed in accordance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the “Federal Law on Personal Data”).
1.3. The Policy contains information subject to disclosure in accordance with Part 1, Article 14 of the Federal Law “On Personal Data”, is a publicly available document, and is located at: [website address to be specified].
1.4. The Company has the right to amend this Policy at any time by publishing the relevant amendments. This Policy may not be amended otherwise than through publication of the amended document on the Company’s Website. The relations arising between the User and the Company in connection with the application of this Policy shall be governed by the laws of the Russian Federation.
2.
BASIC TERMS2.1. Personal data means any information relating directly or indirectly to an identified or identifiable individual (personal data subject).
2.2. Processing of personal data means any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.3. Personal Data Operator means “DE KORP” LLC, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data subject to processing, and the actions (operations) performed with Users’ personal data.
2.4. Confidentiality of personal data means the obligation of the Operator and other persons who have gained access to personal data not to disclose or distribute such data to third parties without the consent of the personal data subject, unless otherwise provided by federal laws.
2.5. Website means the internet resource located at: [website address to be specified], owned by the Company. The Company does not permit any modifications to the content of this Website. The Company’s Website may contain links to other websites, and in such cases the Company shall not be responsible for the confidentiality of information on other resources.
2.6. Personal Account means a special section of the Website provided to the User for access to additional Website functionality.
2.7. Depersonalization of personal data means a form of processing in which all identifiers capable of identifying a specific individual are removed or masked from the information. As a result of such actions, identification of the subject without access to additional services becomes impossible.
2.8. “Yandex Metrica” means a free service provided by Yandex for collecting and analyzing website traffic data. It helps website owners, marketers, and analysts track user behavior, advertising effectiveness, and other key website indicators.
2.9. “Yandex.Webmaster” means a free and effective service for search engine optimization. Yandex.Webmaster identifies technical errors, shows the attractiveness level of pages for users, helps correct violations, and improves search promotion.
3.
USERS’ RIGHTS3.1. Users have the right:
3.1.1. To receive personal data relating to such User and information concerning the processing thereof;
3.1.2. To request clarification, blocking, or destruction of their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the declared purpose of processing;
3.1.3. To withdraw their consent to the processing of personal data;
3.1.4. To protect their rights and legitimate interests, including compensation for losses and moral damages in court;
3.1.5. To appeal actions or omissions of the Company to the authorized body for the protection of personal data subjects’ rights or in court.
4.
GROUNDS FOR PROCESSING PERSONAL DATA4.1. The Company processes personal data on a lawful basis for the performance of functions, powers, and obligations imposed by law, as well as for exercising the rights and legitimate interests of the Company and the Users.
4.2. The Company receives personal data directly from Users and processes such data exclusively with the Users’ consent. The Company receives Users’ personal data through the Website.
4.3. Databases containing personal data of Users who are citizens of the Russian Federation are located within the territory of the Russian Federation.
5.
PROCESSING OF USERS’ PERSONAL DATA5.1. This Policy establishes the Company’s obligations regarding non-disclosure and ensuring the protection regime for confidentiality of personal data provided by the User while using the Website.
5.2. The Company processes Users’ personal data for the purposes of compliance with Russian legislation, as well as for:
5.2.1. Conclusion and performance of contracts;
5.2.2. Informing about new products and services;
5.2.3. Preparation of individual offers;
5.2.4. Conducting advertising activities;
5.2.5. Providing Users with access to special information;
5.2.6. Processing applications submitted on the Company’s Website;
5.2.7. Publication on the Website, in internal directories and address books of the organization;
5.2.8. Distribution of informational notifications;
5.2.9. Providing feedback;
5.2.10. Carrying out activities in accordance with the constituent documents.
5.3. The Company processes Users’ personal data with their consent expressed by ticking the consent checkbox under the personal data collection form placed on the Website.
5.4. Categories of personal data collected by the Company to achieve the purposes specified in Clause 5.2 of the Policy:
5.4.1. Surname;
5.4.2. First name;
5.4.3. Patronymic;
5.4.4. Date, month, and year of birth;
5.4.5. Gender;
5.4.6. Contact phone number;
5.4.7. Email address;
5.4.8. Bank card details;
5.4.9. Region;
5.4.10. IP address;
5.4.11. Cookies;
5.4.12. User identifier stored in cookies;
5.4.13. Source of access to the Company’s Website;
5.4.14. Information regarding search or advertising requests.
5.5. The Company does not process special categories of Users’ personal data.
5.6. The Company does not process biometric categories of Users’ personal data.
5.7. While processing personal data, the Company uses web analytics services “Yandex Metrica” and “Yandex.Webmaster”.
5.8. This Policy applies only to information processed while using the Website. The Company does not control and shall not be responsible for information processing by third-party websites and services to which Users may access through links available within the Website.
5.9. The Company does not verify the accuracy of personal data provided by the User and is unable to assess its relevance. However, the Company assumes that Users provide accurate and sufficient personal data and keep it up to date.
6.
PROCESSING OF USERS’ PERSONAL DATA THROUGH COOKIES6.1. Cookies transmitted by the Company to Users’ technical devices may be used to provide Users with personalized Website functions, personalized advertising displayed to Users, statistical and research purposes, and improvement of the Website.
6.2. Users acknowledge that the equipment and software they use to visit websites on the Internet may include functionality prohibiting operations with cookies (for all or specific websites), as well as deleting previously received cookies.
6.3. The Company has the right to establish that certain Website functions may only be available provided that acceptance and receipt of cookies are permitted by Users.
6.4. The structure of a cookie, its content, and technical parameters are determined by the Company and may be changed without prior notice to Users.
6.5. Counters placed on the Website or within Website applications may be used to analyze Users’ cookies, collect and process statistical information regarding Website usage, and ensure the operation of the Website as a whole or its individual functions in particular. Technical parameters of counters are determined by the Company and may be changed without prior notice to Users.
7.
CONDITIONS FOR PROCESSING USERS’ PERSONAL DATA7.1. Processing of Users’ personal data is limited to the period necessary to achieve the purposes of processing.
7.2. The Company processes Users’ personal data in an automated manner using computer technology.
7.3. To assess website traffic, analyze user behavior, and provide customer feedback, the Company uses web analytics services “Yandex Metrica” and “Yandex.Webmaster”.
7.4. Personal data processing actions include collection, recording, systematization, accumulation, storage, extraction, use, depersonalization, blocking, destruction, and deletion.
7.5. Users’ personal data remains confidential, except where Users voluntarily provide information about themselves for access by an unlimited number of persons.
7.6. The Company has the right to transfer Users’ personal data to third parties in the following cases:
7.6.1. Users have expressed consent to such actions;
7.6.2. The transfer is necessary for Users to use certain Website functions or for the execution of a particular agreement or contract;
7.6.3. The transfer is required under Russian or other applicable legislation within the procedure established by law;
7.6.4. Such transfer occurs as part of a sale or other transfer of business (in whole or in part), while all obligations regarding compliance with the terms of this Policy in relation to received personal data are transferred to the acquirer;
7.6.5. As a result of processing Users’ personal data through depersonalization, anonymized statistical data has been obtained and transferred to a third party for research, performance of work, or provision of services on behalf of the Company;
7.6.6. Users’ personal data may be transferred to authorized state authorities of the Russian Federation on the grounds and in the manner established by the current legislation of the Russian Federation.
7.7. While processing Users’ personal data, the Company is guided by:
7.7.1. Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”;
7.7.2. Resolution of the Government of the Russian Federation No. 687 dated September 15, 2008 “On Approval of the Regulation on Peculiarities of Personal Data Processing Carried Out Without the Use of Automation Tools”;
7.7.3. Order of the Federal Service for Technical and Export Control of Russia No. 21 dated February 18, 2013 “On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems”;
7.7.4. Order of the Federal Security Service of Russia No. 378 dated July 10, 2014 “On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems Using Cryptographic Information Protection Means Necessary to Fulfill the Requirements Established by the Government of the Russian Federation for Each Security Level”;
7.7.5. The Company takes necessary organizational and technical measures to protect Users’ personal data against unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as against other unlawful actions of third parties;
7.7.6. The Company together with the User takes all necessary measures to prevent losses or other negative consequences caused by loss or disclosure of personal data.
8.
MANDATORY DATA STORAGE8.1. Users’ rights provided by this Policy may be restricted in accordance with applicable legislation requirements. In particular, such restrictions may provide for the Company’s obligation to retain information modified or deleted by Users for the period established by law and/or transfer such information to a state authority in accordance with the legally established procedure.
9.
INFORMATION ON ENSURING SECURITY OF PERSONAL DATA9.1. The Company appoints a person responsible for organizing the processing of personal data in order to fulfill obligations provided for by the Federal Law “On Personal Data” and adopted regulatory legal acts.
9.2. The Company applies a set of legal, organizational, and technical measures to ensure the security of personal data, confidentiality of personal data, and protection against unlawful actions:
9.2.1. Establishes rules for access to personal data processed in the Company’s information system and ensures registration and accounting of all actions performed with such data;
9.2.2. Assesses harm that may be caused to Users in the event of violation of the Federal Law “On Personal Data”;
9.2.3. Identifies threats to personal data security during processing in the Company’s information system;
9.2.4. Applies organizational and technical measures and uses information protection tools necessary to achieve the established level of personal data security;
9.2.5. Detects unauthorized access to personal data and takes response measures, including restoration of personal data modified or destroyed as a result of unauthorized access;
9.2.6. Assesses effectiveness of measures taken to ensure personal data security before commissioning the Company’s information system;
9.2.7. Exercises internal control over compliance of personal data processing with the Federal Law “On Personal Data”, adopted regulatory legal acts, personal data protection requirements, the Policy, Regulations, and other local acts, including control over measures taken to ensure personal data security and their security level during processing in the Company’s information system.
10.
INFORMATION ABOUT THE OPERATOR10.1. The database containing personal data of Users who are citizens of the Russian Federation is located within the territory of the Russian Federation.
10.2. In order to exercise their rights and legitimate interests, Users have the right to contact the Operator or submit a request personally or through a representative to the address specified in Clause 1.1 of the Policy or through the feedback form. The request must contain the information specified in Part 3, Article 14 of the Federal Law “On Personal Data”.
