-
GENERAL PROVISIONS
- The personal data privacy policy (hereinafter referred to as the "Policy") is developed in compliance with the Federal Law No. 152-ФЗ dd. 27.07.2006 on Personal Data (hereinafter referred to as the "ФЗ-152").
- This Policy specifies the personal data processing procedure and measures to ensure personal data security at the M13 LLC (hereinafter referred to as the "Operator") to protect the rights and freedoms of the person and citizen when processing his personal data, including protection of privacy rights, personal and family secrets.
- This Policy shall apply to the Operator's websites that collect data and refer to these conditions. The Policy shall not apply to the Operator's websites with their own privacy statements. Nor shall it apply to M13 LLC services and products if they do not refer to these conditions.
- The Policy shall apply to all information (personal data) that the Operator is able to acquire on the User when the latter makes use of the Operator's websites, features, tools, software, products and services (hereinafter the Services) and when the Operator performs agreements and contracts with the User.
-
The legal grounds for the Operator's processing of the personal data shall be:
- Agreements and contracts concluded between the operator and the personal data owner.
- Consent to personal data processing.
- The Operator shall neither control nor be liable for third parties' websites the user may be taken to by links available on the Operator's websites. Third parties' websites may have the privacy policy of their own and any other personal data may be collected or requested from the user.
- The use of Services shall imply the User's unconditional consent to this Policy and its personal information processing conditions as specified herein; if the User disagrees to these conditions the User shall refrain from using the Services.
-
TERMS AND DEFINITIONS
The following main concepts are included in the Policy:
- Personal data means any information that relates, directly or indirectly, to an individual specified or to be specified (personal data owner);
- Operator means a state or municipal authority, a legal entity or an individual that process personal data on its own or jointly with other parties as well as those who specify the personal data processing purposes, the personal data composition to be processed, actions (operations) with personal data;
- Services means the Operator's websites, tools, features, software, products or services;
- User means a legal entity or individual using the tool(s);
- Personal data processing means any action (operation) or the aggregate of actions (operations) with personal data using automation tools or not, including personal data collection, recording, systematization, accumulation, storage, specification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, locking, deletion, erasure;
- Automated personal data processing means personal data processing by means of computer facilities;
- Personal data dissemination means actions aimed at personal data disclosure to an uncertain group of persons;
- Personal data provision means actions aimed at personal data disclosure to a certain person or a certain group of persons;
- Personal data locking means suspension of personal data processing (unless processing is required to specify personal data);
- Personal data destruction means actions resulting in the impossibility to recover the personal data content in the informational personal data system and/or in destruction of tangible media with personal data.
- Personal data anonymization means the actions resulting in impossibility to identify the personal data owner without optional information;
- Information personal data system means the aggregate of personal data in databases and information technologies and technological tools that ensure its processing;
-
USERS' PERSONAL DATA THE OPERATOR RECEIVES AND PROCESSES
The User's personal data shall mean as follows in this Policy:
- The personal data the User provides on itself on its own when getting registered (when creating the user account) or when using the Services. The mandatory information for provision of Services is expressly designated. Other information shall be provided by the user optionally.
- Data that is automatically transferred to Services when they are used via the software installed in the User's device, including: IP address, cookie data, browser information, User's hardware and software technical features, date and time of access to Services, addresses of requested pages and other similar information.
- Other information on the User, processing of which is envisaged in terms and conditions of use of certain Services.
-
PURPOSES OF USER PERSONAL DATA PROCESSING
- The Operator shall collect and keep the personal data the Operator needs to provide Services or to perform agreements and contracts with Users.
- The Policy shall apply to all information (personal data) that the Operator is able to acquire on the User when the latter makes use of the Operator's websites, features, tools, software, products and services (hereinafter the Services) and when the Operator performs agreements and contracts with the User.
-
The Operator shall process the User's personal data for the following purposes:
- to identify the Party when providing Services.
- to provide personalized Services to the User and to perform agreements and contracts.
- to communicate with the User, in particular, by sending notices, inquiries and information on the Service use, on performance of agreements and contracts, and to process the User's inquiries and requests.
- to improve Services, to make their use more convenient, to elaborate new Services.
- to conduct statistical and other research on anonymized data.
-
USERS' PERSONAL DATA PROCESSING CONDITIONS AND THEIR TRANSFER TO THIRD PARTIES
- The User's personal data shall be kept confidential, unless the personal data, to which the User provides access to the unlimited group of persons voluntarily, is processed.
- The Operator shall not process special personal data categories.
- The Operator shall not process biometrical personal data (information that describe physiological and biological features of a human being, based on which the person can be identified).
- The Operator shall not carry out the cross-border personal data transfer.
-
The Operator shall be entitled to transfer the User's personal data to third parties in the following cases:
- The transfer is necessary for the User's making use of a certain Service or for performance of a certain agreement or contract with the User.
- The transfer is necessary to achieve goals, to carry out and perform functions, powers and duties imposed on/ vested in the Operator by Russian law.
- to enable protection of the Operator's or third parties' rights and legitimate interests when the User breaches a contract, this Policy or any other documents containing the conditions of use of some particular Services.
- The Operator shall process personal data using the automation means.
- When collecting personal data, the Operator shall record, systematize, accumulate, store, specify (update, modify), and retrieve data of Russian nationals using databases located in the Russian Federation.
-
MEASURES TAKEN FOR THE PROTECTION OF USERS' PERSONAL DATA
- The Operator takes all required and sufficient organisational and technical measures for protection of the User's personal data from unauthorised or random access, removal, alteration, locking, copying, dissemination as well as other unauthorised actions by third parties.
-
The personal data security is achieved, in particular, by:
- Introduction of provision of Russian personal data law, including the personal data protection requirements, local personal data processing regulations, to the Operator's employees directly involved in personal data processing and/or training of these employees.
- Identification of threats to the personal data safety when processed in information personal data systems.
- Taking organizational and technical efforts to secure personal data when processed in information personal data systems, as necessary for fulfillment of the personal data protection requirements.
- Efficiency assessment of the personal data security effrts before the information personal data system was commissioned.
- Accounting for personal data media.
- Identifying unauthorized access to personal data and taking the appropriate efforts.
- Recovery of the personal data modified or destroyed by unauthorized access to it.
- Establishing the access rules for the personal data processed in the information personal data system and by registration of and accounting for all actions with personal data in the information personal data system.
- Monitoring of the implemented personal data security efforts and the protection level of the information personal data systems.
-
PERSONAL DATA MODIFICATION AND DELETION
- The User may at any time modify (update, supplement) the personal data provided by the User or their portion, by emailing changes to the Operator to spk@m13.ru.
- To have personal data deleted, the User may write the inquiry to the Operator's address as follows: spk@m13.ru. The data removal may entail the impossibility to use certain Operator's Services.
- If the User's data cannot be removed for technical or legal reasons the Operator shall lock the respective data.
-
USER'S RIGHTS AND DUTIES
- The Operator shall take reasonable steps to maintain the precision and to update the personal data available to the Operator and also to delete the outdated and other unreliable or excessive personal data. Nonetheless, the User shall be liable for submission of reliable information and for updating the provided data if there are any changes.
- The User shall be free to acquire information on its personal data processing by the Operator.
- The User shall be at any time entitled to modify (update, supplement, lock, delete) the personal data provided by the User or its part and their privacy parameters by approaching the Operator. Provided that the User's revocation of its consent to personal data processing shall entail removal of its account in the Services and destruction of records containing personal data in the Operator's personal data processing systems, which may prevent from using the Operator's Services.
- To fulfill the provisions of Clause 8.2 and 8.3 of this Policy, the Operator may require that the user's identity be authenticated, by requesting such authentication provision in any format that does not contradict law.
-
PRIVACY POLICY MODIFICATION.
- The Policy shall be approved and introduced by the Operator's CEO.
- The Operator shall be free to modify this Policy. When the Policy is modified the last update date is indicated in the current version. A new Policy version shall take effect upon its posting unless otherwise envisaged in the new Policy version.
- The Policy shall be revised whenever necessary but not less than once in three years of the previous Policy revision. The Policy shall be re-approved if it is modified based on the revision.
Date of placement 10.04.2019