Privacy Policy

KEY TERMS

The main terms used in this Privacy Policy:

1.1. Automated processing of personal data – processing of personal data using computing technology.

1.2. Blocking of personal data – a temporary suspension of personal data processing (except in cases where processing is necessary for clarification of personal data).

1.3. Personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

1.4. Confidentiality of personal data – an obligatory requirement for the Personal Data Operator (hereinafter referred to as the “PDO”) or any other person who has gained access to personal data to prevent their dissemination without the consent of the personal data subject or other legal basis.

1.5. Depersonalization (anonymization) of personal data – actions that make it impossible, without the use of additional information, to determine the ownership of personal data by a specific personal data subject.

1.6. Processing of personal data any action (operation) or a set of actions (operations) carried out by the PDO, with or without the use of automation tools, on personal data, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, usage, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.

1.7. Personal Data Processing Operator (PDO) – Limited Liability Company “AP Trade” (OGRN: 1022701404340, INN: 783450001, legal address: 680015, Khabarovsk, Suvorova St. 82A, Letter S, S1, actual location: 680030, Khabarovsk, Pavlovicha St. 13, Letter T, T1), which independently or jointly with other parties organizes and/or carries out the processing of personal data, and also determines the purposes of personal data processing, the composition of personal data to be processed, the actions (operations) performed on personal data.

1.8. Personal data – any information relating directly or indirectly to an identified or identifiable natural person (personal data subject).

1.9. Personal data permitted by the personal data subject for dissemination – personal data to which an unlimited number of persons has been granted access by the User (the personal data subject) by giving consent to the processing of personal data permitted for dissemination, in the manner prescribed by the current legislation of the Russian Federation.

1.10. Privacy Policy this document with all amendments and additions, posted on the Internet at

1.11. User a personal data subject, a legally capable individual who uses the Website in his/her own interest. In this Privacy Policy, the User is also referred to as the personal data subject.

1.12. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

1.13. Website – a collection of graphical and informational materials, as well as software and databases, ensuring their availability on the Internet at https://ap-logistics.ru/, including subdomains.

1.14. Dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons.

1.15. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state, to a foreign state authority, or to a foreign individual or foreign legal entity.

1.16. Destruction of personal data – actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or resulting in the destruction of the physical media of personal data.

1.17. Cookies – a small piece of data sent by a web server and stored on the User’s device used to access the Website. The web client or web browser sends it to the web server each time it attempts to open a page of the corresponding website via an HTTPS request.

1.18. Personal Data Subject – a legally capable individual using the Website in his/her own interest.

1.19. IP Address – a unique network address of a node in a computer network built according to the IP protocol.


GENERAL PROVISIONS

2.1. This Privacy Policy defines the goals, content, and procedure for processing personal data, the measures aimed at protecting personal data, as well as the procedures aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of personal data. This Privacy Policy establishes the obligations of the PDO regarding the processing of personal data, their protection, including ensuring the confidentiality regime of personal data provided to the PDO.

2.2. This Privacy Policy defines the policy of the PDO, as the operator carrying out the processing of personal data, regarding the processing and protection of personal data. The processing of personal data by the PDO is carried out in compliance with the principles and conditions stipulated by this Privacy Policy and the legislation of the Russian Federation in the field of personal data. The Operator considers its most important goal and condition for carrying out its activities to be the observance of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrets.

2.3. This Privacy Policy applies only to information obtained in the course of using the Website and within the framework of the PDO’s contractual obligations.

2.4. The User decides to provide his/her personal data and consents to its processing freely, of his/her own will, and in his/her own interest. Consent to the processing of personal data must be specific, subject-related, informed, conscious, and unambiguous. The PDO does not verify the accuracy of the personal data provided by the User.

2.5. Using the Website implies consent to this Privacy Policy and the conditions for processing personal data.

2.6. By accepting this Privacy Policy, the User thereby consents to the PDO processing his/her personal data specified in Section 3 of this Privacy Policy, including collection, recording, accumulation, storage, updating (modification), extraction, usage, transfer to third parties (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data for the purposes specified in Section 3.

2.7. The personal data subject, by refusing to grant consent for the PDO to process his/her personal data for the purposes specified in Section 3, understands that he/she will not be able to use all the features of the Website and its services, and the use of the Website will be available in a limited mode.

2.8. A personal data subject who has provided personal data that does not fully meet the requirements of the relevant section of the Website or is inaccurate will not be able to use all the features of the Website and its services, including receiving certain services provided through the Website, and the use of the Website will be available in a limited mode.

2.9. PDO Rights:

- collect personal data via forms on the Website;

- provide access to the Website;

- carry out the collection, recording, accumulation, storage, updating (modification), extraction, usage, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data;

- transfer personal data to third parties on the basis of contracts concluded for the purposes specified in Section 3 of this Privacy Policy;

- entrust the processing of personal data to another person with the User’s consent, unless otherwise provided by federal law, on the basis of a contract concluded with that person (hereinafter referred to as the PDO’s assignment). The person processing personal data on behalf of the PDO is obliged to comply with the principles and rules for processing personal data provided by the current legislation of the Russian Federation, maintain the confidentiality of personal data, and take the necessary measures to ensure compliance with the obligations provided by the current legislation of the Russian Federation. The PDO’s assignment must define the list of personal data, the list of actions (operations) with personal data that will be carried out by the person processing the personal data, the purposes of their processing, and must establish the obligation of such a person to maintain the confidentiality of personal data and comply with the requirements of current Russian legislation.

- in the event that the User withdraws consent to the processing of personal data, the PDO has the right to continue processing personal data without the User’s consent if there are grounds specified by current legislation;

- refuse the User’s repeated request for information regarding his/her personal data processed by the PDO, in accordance with the conditions of the federal law, by providing a reasoned response;

- carry out the dissemination of personal data if there is a separate consent to the dissemination of personal data.

2.10. PDO Obligations:

- Use the obtained personal data solely for the purposes specified in Section 3 of this Privacy Policy.

- Provide the User with information related to his/her personal data upon receipt of the appropriate request or inquiry.

- In the event of loss or disclosure of confidential information, the PDO is not liable if such confidential information:

- became public domain prior to its loss or disclosure;

- was obtained from a third party before it was received by the PDO;

- was disclosed with the User’s consent.

- Inform the personal data subject or his/her representative about the processing of the personal data of such subject by the PDO upon request.

- Not disclose to third parties or disseminate personal data without the User’s consent, unless otherwise provided by law.

- Upon receiving a request or inquiry from the User, provide him/her with the data and information specified in the request/inquiry in an accessible form, without disclosing personal data related to other personal data subjects, except when there are legal grounds for disclosing such personal data.

- Explain to the User the procedure for making a decision solely based on the automated processing of his/her personal data and the possible legal consequences of such a decision, provide an opportunity for the User to object to such a decision, and explain the procedure for the User to protect his/her rights and legitimate interests. The PDO is obliged to consider the objection specified in this paragraph within thirty days from the date of its receipt and inform the personal data subject about the results of considering such an objection.

- Explain to the User the legal consequences of refusing to provide his/her personal data and/or to consent to its processing if, according to federal law, the provision of personal data and/or obtaining the PDO’s consent to process personal data is mandatory.

- When collecting personal data, including via the information and telecommunication network “Internet,” the PDO is obliged to ensure the recording, systematization, accumulation, storage, updating (modification), extraction of the personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation, except in cases provided by current Russian legislation.

- The PDO is obliged to ensure the reliable protection of personal data, their confidentiality.

2.11. User Rights:

- The User has the right to request that the PDO clarify his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, obtained unlawfully, or are not necessary for the declared purpose of processing, by sending a request to the email address 3pl@aptrade.ru (Appendices No. 1, 2, 3 to this Privacy Policy).

- The User has the right to request information about the measures taken by the PDO to protect personal data.

- The User has the right to send a request to the PDO regarding his/her personal data processed by the PDO, by sending an inquiry (Appendix No. 4 to this Privacy Policy) to the PDO via email 3pl@aptrade.ru.

- The User has the right to send a repeated request to the PDO regarding his/her personal data processed by the PDO no earlier than 30 (thirty) days after the initial request or sending the initial inquiry, unless a shorter period is established by federal law.

- The User has the right to resend a request to the PDO or send him a repeated request for the purpose of obtaining information about his/her personal data processed by the PDO, as well as for the purpose of reviewing the personal data being processed before the expiration of 30 (thirty) days if such information and (or) processed personal data were not provided to him/her for review in full following the initial inquiry. The repeated request must include a justification for sending the repeated request.

- The User has the right to send the PDO a withdrawal of consent to the processing of personal data, consent to the dissemination of personal data.

- The User has the right to protect his/her rights and legitimate interests, including claiming damages and/or compensation for moral harm in court.

- The User has the right to appeal the actions or inaction of the PDO to the authorized body for the protection of the rights of personal data subjects or to a court of law.

2.12. User Obligations:

- Comply with the requirements specified in Clause 1.11 of this Privacy Policy;

- Provide accurate personal data.

2.13. Databases containing information with personal data of citizens of the Russian Federation are located in the territory of the Russian Federation.

2.14. The PDO processes personal data on a lawful and fair basis to fulfill the functions, powers, and obligations assigned by law, as well as to exercise the rights and legitimate interests of the PDO and other persons. The transfer (dissemination, provision) and use of personal data is carried out only in cases and in the manner provided by federal laws, with the consent of the personal data subject, if so determined by the current legislation.

2.15. The PDO obtains personal data directly from the personal data subject, except in cases when personal data are transferred under contractual relations.

2.16. The PDO processes the User’s personal data with his/her consent, provided either in written form (in the necessary cases in accordance with the current legislation of the Russian Federation) or by performing conclusive actions.

2.17. The principles of personal data processing established by this Privacy Policy:

2.17.1. The processing of personal data must be carried out on a lawful and fair basis.

2.17.2. The processing of personal data must be limited to achieving specific, pre-defined, and lawful purposes. The processing of personal data that is incompatible with the purposes of personal data collection is not allowed. The processing of excessive personal data in relation to the stated purposes of processing is not allowed.

2.17.3. The merging of databases containing personal data, the processing of which is carried out for purposes incompatible with each other, is not permitted.

2.17.4. Only those personal data that meet the purposes of their processing are subject to processing.

2.17.5. The content and scope of the personal data being processed must correspond to the stated purposes of processing. The personal data processed must not be excessive in relation to the stated purposes of their processing.

2.17.6. The accuracy, sufficiency, and, where necessary, relevance of personal data must be ensured during processing, in relation to the purposes of personal data processing. The PDO must take the necessary measures or ensure that they are taken to delete or update incomplete or inaccurate data.

2.17.7. Personal data must be stored in a form that allows the identification of the personal data subject no longer than is required by the purposes of processing personal data, unless a retention period for personal data is established by federal law or an agreement to which the personal data subject is a party, beneficiary, or guarantor. The personal data processed are subject to destruction or depersonalization upon achieving the purposes of processing or in the event there is no longer a need to achieve these purposes, unless otherwise provided by federal law.

2.17.8. Before starting the cross-border transfer of personal data, the PDO must ensure that the foreign state to whose territory the cross-border transfer of personal data is carried out provides adequate protection of the rights of personal data subjects.

2.17.9. The PDO does not control and is not responsible for the processing of information by third-party websites accessible via links on the Website.


PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA. THE SCOPE AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS

3.1. The PDO collects and processes personal data for the following purposes:

3.1.1. Providing the User with the opportunity to create a personal account on the Website https://ap-logistics.ru/. To do this, the User completes the registration form on the Website and provides the following personal data:

- email address;

- last name, first name, patronymic (if applicable);

- login and password (if they contain personal data)

3.1.2. Sending newsletters to those Users who filled out the registration form on the Website and expressed their consent to receive information about news of the Website, the PDO, and its partners, including advertising. In the subscription form on the Website, the User enters his/her email address.

To receive the newsletter, the User provides the following personal data:

- email address;

- name.

3.1.3. Providing the User with feedback, including sending notices, requests, and information related to the use of the Websites, execution of agreements and contracts, as well as processing requests and applications from the User, responding to the User’s comments on the Website, responding to messages, calls, letters from the User, handling the User’s claims – the PDO collects the following personal data:

- email address (when receiving a letter from the User at the PDO’s address);

- phone number (when the PDO receives a message or call from the User);

- last name, first name, patronymic (if applicable);

- address for sending a response to a letter, inquiry;

- passport data, if required by current legislation;

- other personal data that the User leaves or communicates to the PDO during communication at his/her own discretion.

3.1.4. In order to provide logistics services to the User, the PDO collects the following personal data:

  • last name, first name, patronymic (if applicable),
  • email address,
  • phone number,
  • information about the place of work

3.1.5.  For the purposes of conducting marketing research, for targeting using the Website’s software, the PDO collects anonymized statistical data that do not identify the User as a personal data subject.

3.2. The PDO processes personal data of the following categories of personal data subjects: Website Users, Service Recipients.

PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA

4.1. The PDO collects and processes the following types of information:

- information that the User consciously provides to the PDO during the use of the Website;

- technical information automatically collected by the Website’s software during the User’s visit.

4.2. The technical information automatically collected by the Website’s software during the User’s visit includes:

  • IP address;
  • information from cookies;
  • browser information;
  • information about the type of device (mobile or PC);
  • access time;
  • other technical and statistical information collected by the Website’s software.

Technical information also includes analytical data without identification of the personal data subject, obtained through the use of web analytics services on the Website. This information is used solely for internal and external marketing purposes – to analyze website visit trends and improve the Website’s service.

4.3. The Website implements a user identification technology based on the use of cookies. On the device used by the User to access the Website, cookies may be stored, which will then be used to collect statistical data, specifically about website traffic, as well as automatically fill out fields in the forms on the Website. The PDO may use and disclose information about the use of the Website, for example, to determine the degree of use of the Website, improve its content, explain the usefulness of the Website, and expand the functionality of the Website. By accepting this Privacy Policy, the User consents to the PDO transferring the technical data specified in Clause 4.2, collected from the Website, via the Internet. Anonymized User data collected by Internet statistics services is used to collect information about User actions on the site and to improve the quality of the Website and its content.

4.4. The PDO does not store personal data in cookies. The PDO uses the information recorded in cookies, which do not identify individual Users, to analyze trends, administer the Website, determine User movements on the Website, and collect demographic information about the overall group of Users.

4.5. If the User does not want the PDO to collect technical information about him/her using cookies, the User is required to stop using the Website or prohibit the saving of cookies on his/her device used to access the Website by configuring the browser accordingly. In this case, it should be noted that the Website’s services that use this technology may not be available.

4.6. The User confirms his/her consent to the collection and processing of personal data by completing the registration form on the Website, by completing the comment form under an article on the Website, by ticking the checkbox located after the relevant form, and by clicking the button under that form on the Website. The User confirms his/her consent to the dissemination of personal data by providing the PDO with a written consent to the dissemination of personal data.

4.7. Consent to the processing of personal data provided when submitting a claim or statement to the PDO is granted by completing the form provided by the PDO.The User is required to send the completed and signed consent form together with the text of the claim or statement.

4.8. The PDO performs the following actions (operations) or a set of actions (operations) with personal data, with or without the use of automation tools: collection, recording, systematization, accumulation, storage, updating (modification), extraction, usage, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.

4.9. The PDO processes personal data in the following ways:

  • using automated means of personal data processing (the Website’s software). The address for storing personal data is the servers at the PDO’s actual location;
  • without the use of automated means of personal data processing (personal data is processed manually by the PDO). The address for storing personal data is the PDO’s actual location.

4.10. The transfer of the User’s personal data to third parties (if necessary) is carried out with the User’s consent for the purposes specified in Section 3.

4.11. The PDO guarantees that it never provides personal data to third parties, except in cases where:

  • this is expressly required by law (for example, upon a written request from a court or law enforcement agencies);
  • the User has consented to the transfer of personal data;
  • the transfer is necessary for the conclusion and/or execution of contracts between the PDO and the User;
  • the transfer takes place as part of the sale or other transfer of the Website or the business;
  • the transfer occurs as part of moving the personal data database from one service to another under the PDO’s contractual obligations;
  • it is required to provide user support services or to assist in protecting and securing the PDO’s systems.

4.12. The User’s personal data may be transferred to authorized state bodies of the Russian Federation, investigative and inquiry bodies, and other authorized bodies only on the basis and in the manner prescribed by the current legislation of the Russian Federation.


LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA

5.1. The PDO processes personal data on the following legal grounds:

  • Constitution of the Russian Federation;
  • Civil Code of the Russian Federation;
  • Law No. 2300-1 of 07.02.1992 “On Consumer Rights Protection”;
  • Federal Law No. 59-FZ of 02.05.2006 “On the Procedure for Considering Appeals by Citizens of the Russian Federation”;
  • Federal Law No. 149-FZ of 27.07.2006 “On Information, Information Technologies, and Information Protection”;
  • Federal Law No. 63-FZ of 06.04.2011 “On Electronic Signature”;
  • Federal Law No. 152-FZ of 27.07.2006 “On Personal Data”;
  • Decree of the Government of the Russian Federation No. 1119 of 01.11.2012 “On Approving Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems”;
  • Decree of the Government of the Russian Federation No. 687 of 15.09.2008 “On Approving the Regulation on Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools”;
  • contracts concluded between the PDO and third parties for the purposes specified in Section 3;
  • internal local documents of the PDO;
  • consent to the processing of personal data (in cases not directly provided for by the legislation of the Russian Federation, but corresponding to the powers of the PDO).

MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

6.1. The PDO protects the User’s personal data by applying generally accepted security methods to safeguard information from loss, unauthorized or accidental access, distortion, and unauthorized dissemination, destruction, alteration, blocking, copying, as well as any other unlawful actions with personal data by third parties. Security is achieved through software network protection, access verification procedures, the use of cryptographic means of information protection, compliance with the Privacy Policy, as well as other internal documents that regulate the rules for processing personal data by the PDO.

6.2. If personal data is lost or disclosed, the PDO is obliged to inform the User thereof.

6.3. The PDO, together with the User, takes all necessary legal, organizational, and technical measures to prevent losses or other adverse consequences caused by the loss or disclosure of the User’s personal data.

6.4. Personal data is kept confidential by the PDO, except in cases where the User has voluntarily made the information publicly accessible in messages, comments on the Website.

6.5. Ensuring the security of personal data processed in the PDO’s personal data information systems is achieved by preventing unauthorized, including accidental, access to personal data, as well as by taking the following measures to ensure security:

6.5.1. identifying threats to the security of personal data during their processing in the PDO’s personal data information systems;

6.5.2. applying organizational and technical measures to ensure the security of personal data during their processing in the PDO’s personal data information systems that are necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation;

6.5.3. applying procedures for assessing the conformity of information protection tools, carried out in the established manner;

6.5.4. evaluating the effectiveness of the measures taken to ensure the security of personal data before putting the personal data information system into operation;

6.5.5. accounting for the physical media containing personal data;

6.5.6. detecting unauthorized access to personal data and taking measures;

6.5.7. restoring personal data that has been modified or deleted, destroyed as a result of unauthorized access to them;

6.5.8. establishing rules for access to personal data processed in the PDO’s personal data information systems, as well as ensuring the recording and tracking of all actions performed on personal data in the PDO’s personal data information systems;

6.5.9. controlling the measures taken to ensure the security of personal data and the levels of protection of personal data information systems.

6.6. Measures aimed at ensuring the PDO’s fulfillment of the obligations established by the current legislation in the field of personal data. The PDO is obliged to take the measures necessary and sufficient to ensure the fulfillment of the obligations provided by the current Russian legislation. The PDO independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of these obligations. Such measures include, in particular:

1) the appointment by the PDO’s manager of a person responsible for organizing the processing of personal data.

2) the issuance by the PDO of documents defining the PDO’s policy regarding the processing of personal data, this Privacy Policy, local regulations on personal data processing issues, which define for each purpose of personal data processing the categories and list of personal data being processed, categories of data subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for destroying personal data upon achieving the purposes of their processing or upon other legal grounds, as well as local regulations that establish procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations.

3) applying legal, organizational, and technical measures to ensure the security of personal data.

4) conducting internal control and/or an audit of compliance with the processing of personal data with the law and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the PDO’s policy regarding personal data processing, this Privacy Policy, and the PDO’s local regulations;

5) assessing the harm that may be caused to personal data subjects in the event of a violation of the law, the correlation of that harm and the measures taken by the PDO to ensure compliance with the obligations established by law;

6) familiarizing employees of the PDO who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, the documents defining the PDO’s policy regarding the processing of personal data, this Privacy Policy, local regulations on personal data processing issues, and/or training such employees.

7) publishing the Privacy Policy on the Website to ensure unrestricted access to it.


PERSONAL DATA PROCESSING PERIODS

7.1. The processing of personal data provided by the User on the Website is carried out from the moment the completed form is sent on the Website until the Website ceases operations, until the consent sent to the PDO is revoked, or until the personal account on the Website is deleted.

7.2. Unless otherwise provided by other clauses of this Privacy Policy or the current legislation of the Russian Federation, the condition for terminating personal data processing is the achievement of the purposes of personal data processing, the expiration of the consent period, or the withdrawal of consent to the processing of personal data, the detection of unlawful personal data processing, receipt by the PDO of a request to destroy personal data.

7.3. The transfer (dissemination, provision, access) of personal data authorized for dissemination must be terminated at any time at the request of the User.

7.4. The User has the right to contact the PDO with a demand to stop the transfer (dissemination, provision, access) of his/her personal data, previously authorized for dissemination, in the event of non-compliance with the provisions of current legislation, or to submit such a demand to a court. The PDO is obliged to stop the transfer (dissemination, provision, access) of personal data within 3 (three) business days from the date of receipt of the demand or within the time specified in a court decision that has entered into legal force. If such a period is not specified in the court’s decision, then within 3 (three) business days from the moment the court’s decision comes into legal force.

7.5. The User independently determines the period of the newsletter subscription and unsubscribes by clicking the unsubscribe link included in each email received or by sending a request to the PDO in free form to the email address 3pl@aptrade.ru with a note “Unsubscribe.”


UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA, RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA

8.1. In the event of confirmation of the inaccuracy of personal data or the unlawfulness of their processing, the personal data must be updated by the PDO, and the processing must be terminated accordingly.

8.2. The User’s personal data provided on the Website, which are stored by the PDO and processed by it, may be deleted/depersonalized upon request to the PDO. To do this, the User must send a letter (Appendix No. 3 to this Privacy Policy) to the PDO at the address 3pl@aptrade.ru. In this case, the User will not be able to use some of the functionality of the Website. The request processing time is 10 (ten) business days.

8.3. Upon achieving the purposes of personal data processing, the PDO terminates the processing of personal data (or ensures its termination if the processing of personal data is carried out by another person acting on behalf of the PDO) and destroys personal data (or ensures their destruction if the processing of personal data is carried out by another person acting on behalf of the PDO) within a period not exceeding 30 (thirty) days from the date of achieving the purpose of the processing, if:

  • otherwise not provided by a contract in which the User is a party, beneficiary, or guarantor;
  • the PDO does not have the right to process personal data without the User’s consent on the grounds provided by the Federal Law “On Personal Data” or other federal laws;
  • otherwise not provided by another agreement between the PDO and the User.

If it is not possible to destroy personal data within the period specified in this paragraph, the PDO blocks such personal data or ensures their blocking (if the processing of personal data is carried out by another person acting on behalf of the PDO) and ensures the destruction of personal data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.4. Upon receipt by the PDO of the withdrawal of consent to the processing of personal data, the PDO terminates the processing of personal data (or ensures its termination if the processing of personal data is carried out by another person acting on behalf of the PDO) and, if the retention of personal data is no longer required for the purposes of personal data processing, destroys personal data (or ensures their destruction if the processing of personal data is carried out by another person acting on behalf of the PDO) within a period not exceeding 30 (thirty) days from the date of receipt of such a withdrawal, if:

  • otherwise not provided by a contract in which the User is a party, beneficiary, or guarantor;
  • the PDO does not have the right to process personal data without the User’s consent on the grounds provided by the Federal Law “On Personal Data” or other federal laws;
  • otherwise not provided by another agreement between the PDO and the User.

If it is not possible to destroy personal data within the period specified in this paragraph, the PDO blocks such personal data or ensures their blocking (if the processing of personal data is carried out by another person acting on behalf of the PDO) and ensures the destruction of personal data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.5. If a request is received by the PDO demanding the termination of personal data processing, the PDO is obliged, within a period not exceeding 10 (ten) business days from the date of receipt of the relevant demand, to stop processing or ensure the cessation of such processing (if such processing is carried out by a person processing personal data), except in cases provided by current Russian legislation. This period may be extended, but not more than by 5 (five) business days, if the PDO sends the personal data subject a reasoned notice indicating the reasons for extending the period for providing the requested information. If it is not possible to destroy personal data within the period specified in this paragraph, the PDO blocks such personal data or ensures their blocking (if the processing of personal data is carried out by another person acting on behalf of the PDO) and ensures the destruction of personal data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.6. The PDO blocks personal data in the event of detecting unlawful personal data processing or detecting inaccurate personal data from the time of receiving a request or inquiry from the User (Appendix No. 1 to this Privacy Policy) or his/her legal representative, or from the authorized body for the protection of the rights of personal data subjects, for the duration of the inspection. If it is not possible to destroy personal data within the period specified in this paragraph, the PDO blocks such personal data or ensures their blocking (if the processing of personal data is carried out by another person acting on behalf of the PDO) and ensures the destruction of personal data within a period not exceeding 6 (six) months, unless a different period is established by federal laws.

8.7. The PDO updates, corrects, and clarifies personal data within 7 (seven) business days from the time of a request or inquiry from the personal data subject (Appendix No. 2 to this Privacy Policy) or his/her legal representative, or from the authorized body for the protection of the rights of personal data subjects, in the event that personal data are found to be incomplete, inaccurate, or outdated.

8.8. The PDO deletes and destroys the User’s personal data within 7 (seven) business days from the date of a request or inquiry from the personal data subject (Appendix No. 3 to this Privacy Policy) or his/her legal representative, or from the authorized body for the protection of the rights of personal data subjects, in the event that information is received confirming that the personal data was obtained unlawfully or is not necessary for the declared purpose of processing. In doing so, the PDO notifies the personal data subject or his/her representative about the changes made and the measures taken, and takes reasonable measures to inform third parties to whom this subject’s personal data were transferred.

8.9. In the event that unlawful personal data processing is detected, carried out by the PDO or by a person acting on behalf of the PDO, the PDO, within a period not exceeding 3 (three) business days from the date of detection, is obliged to terminate the unlawful processing of personal data or ensure the termination of the unlawful processing of personal data by the person acting on behalf of the PDO. If it is impossible to ensure lawful processing of personal data, the PDO, within a period not exceeding 10 (ten) business days from the date of detecting unlawful processing of personal data, is obliged to destroy such personal data or ensure their destruction. The PDO is obliged to inform the personal data subject or his/her representative, or the authorized body for the protection of the rights of personal data subjects, about the rectification of the violations or the destruction of personal data.

8.10. The PDO responds to requests from Users, their representatives, and the authorized body for the protection of the rights of personal data subjects regarding personal data within 10 (ten) business days from the date of the request or the receipt of the PDO’s inquiry. This period may be extended, but not more than by 5 (five) business days, if the PDO sends the personal data subject a reasoned notice indicating the reasons for extending the period for providing the requested information.

8.11. In the event that it is established that personal data have been unlawfully or accidentally transferred (provided, disseminated, accessed), resulting in a violation of the User’s rights, the PDO is obliged, from the moment such an incident is identified, to notify the authorized body for the protection of the rights of personal data subjects:

1) within 24 (twenty-four) hours, about the incident that occurred, the alleged reasons that led to the violation of the personal data subjects’ rights, the alleged harm caused to the personal data subjects’ rights, the measures taken to eliminate the consequences of the incident, and also provide information about the person authorized by the PDO to interact with the authorized body for the protection of the rights of personal data subjects regarding the identified incident;

2) within 72 (seventy-two) hours, about the results of the internal investigation of the identified incident, and also provide information about the persons whose actions caused the identified incident (if any).


FINAL PROVISIONS

9.1. The PDO has the right to make any amendments and additions to this Privacy Policy at any time at its discretion.

9.2. Amendments and additions come into force from the moment this Privacy Policy with amendments and additions is posted on the Website. By continuing to use the Website after the new edition of the Privacy Policy is published, the User thereby confirms that he/she accepts it.