Personal data processing policy
(for unlimited access, published in accordance with GDPR)
Date of publication: July 05, 2022 (date of last update)
1. GENERAL PROVISIONS
1.1. This Policy is compiled in accordance with the GDPR, as well as other acts in the field of protection and processing of personal data and applies to all personal data that the Site may receive from the User in connection with the execution of a civil contract concluded with him. The conditions for concluding such an agreement are specified in the User Agreement and the Agreement on the Use of Certificates.
1.2. The following terms and definitions are used in this Policy:
1.2.1. Personal data — any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
1.2.2. Personal data operator (operator) — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data; Within the framework of this Personal Data Processing Policy, the Operator of personal data is FEDEO, družba z omejeno odgovornostjo (abbreviated as FEDEO d.o.o.) (hereinafter referred to as the «Operator» or «Company»)
1.2.3. Personal data processing — any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among others: collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); depersonalization; blocking; deletion; destruction.
1.2.4. Automated processing of personal data — processing of personal data using computer technology;
1.2.5. Dissemination of personal data — actions aimed at disclosure of personal data to an indefinite circle of persons;
1.2.6. Provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
1.2.7. Blocking of personal data — temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data);
1.2.8. Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
1.2.9. Depersonalization of personal data — actions as a result of which it becomes impossible to determine the connection of personal data to a specific personal data subject without the use of additional information;
1.2.10. Personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing;
1.2.11. Cross—border transfer of personal data — the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
1.2.12. The subject of personal data — any identified or identifiable individual whose personal data is processed by the Company, who is a User of the Pokupo.ru platform.
1.2.13. The consent of the subject of personal data (User) — any voluntary, specific, informed and unambiguous expression of the will of the subject of personal data (User), in which the subject of personal data, by means of a statement or a clear affirmative action, gives consent to the processing of their own personal data.
1.3. Rights of the subject of personal data:
1.3.1. The subject of personal data decides on the provision of their personal data and consents to their processing freely, of their own free will and in their own interest. Consent to the processing of personal data may be given by the subject of personal data or their representative in any form that allows confirming the fact of its receipt, unless otherwise established by federal law. The obligation to provide proof of obtaining the consent of the personal data subject to the processing of their personal data or proof of the existence of the grounds specified in FZ-152 is assigned to the Company.
1.3.2. The subject of personal data has the right to receive information concerning the processing of their personal data, unless such right is restricted in accordance with federal laws. The subject of personal data has the right to demand from the Company the clarification of their personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
1.3.3. The processing of personal data for the purpose of promoting goods, works, services on the market by making direct contacts with a potential consumer using means of communication, as well as for the purposes of political agitation is allowed only with the prior consent of the subject of personal data. The specified processing of personal data is considered to be carried out without the prior consent of the personal data subject, unless the Company proves that such consent has been obtained. The Company is obliged to immediately terminate, at the request of the personal data subject, the processing of their personal data for the above purposes.
1.3.4. It is prohibited to make decisions based solely on automated processing of personal data that generate legal consequences with respect to the subject of personal data or otherwise affect their rights and legitimate interests, except in cases provided for by federal laws, or with the written consent of the subject of personal data.
1.3.5. If the personal data subject believes that the Company processes their personal data in violation of the GDPR requirements or otherwise violates their rights and freedoms, the personal data subject has the right to appeal the actions or omissions of the Company to the Authorized Body for the Protection of the Rights of Personal Data subjects or in court. The subject of personal data has the right to protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral damage in court.
2. PURPOSES OF PERSONAL DATA COLLECTION
2.1. The purpose of collecting personal data of the Familami service is solely to fulfill obligations under a civil contract concluded with the licensee under the conditions specified in the licence Agreement.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal grounds for processing personal data are:
- GDPR (General Data Protection Regulation);
- an agreement concluded between the operator and the subject of personal data.
4. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS
4.1. For the purposes of carrying out the activities of FEDEO d.o.o. and the service Familami.com the following personal data from the «General personal data» category are included:
- last name, first name, patronymic;
- year, month, date of birth;
- place of birth;
- registration address and place of residence and e-mail address;
- email address (email);
- phone numbers;
4.2. The categories of personal data subjects include:
- The licensee and its representatives, as well as third parties to whom the licensee provides access to the Familami service
5. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING
5.1. The processing of personal data must be carried out in compliance with the principles and rules provided for by the Federal Law «On Personal Data». Processing of personal data is allowed in the following cases:
5.1.1. the processing of personal data is carried out with the consent of the personal data subject to the processing of their personal data, expressed through actions determined by the System;
5.2. Operators and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
5.3. The Operator is obliged to take measures necessary and sufficient to ensure the fulfillment of the obligations provided for by this Federal Law and regulatory legal acts adopted in accordance with it. The Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by this Federal Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by this Federal Law or other federal laws.
5.4. When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with respect to personal data.
5.5. Ensuring the security of personal data is achieved, in particular:
5.5.1. by identification of threats to the security of personal data during their processing in personal data information systems;
5.5.2. by the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation;
5.5.3. by the use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure;
5.5.4. by assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
5.5.5. by taking into account machine carriers of personal data;
5.5.6. by detection of unauthorized access to personal data and taking measures;
5.5.7. by recovery of personal data modified or destroyed due to unauthorized access to them;
5.5.8. by establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
5.5.9. by controling the measures taken to ensure the security of personal data and the level of security of personal data information systems.
5.6. The condition for the termination of personal data processing may be the achievement of the purposes of personal data processing, the expiration of the consent or revocation of the consent of the personal data subject to the processing of their personal data, as well as the identification of unlawful processing of personal data.
5.7. The term of storage of personal data is determined by the date of termination of the contract concluded with the subject of personal data and the expiration of the statute of limitations for filing claims in accordance with civil law.
5.8. When storing personal data, the personal data operator uses databases located on the territory of the Personal Data Processor, in accordance with GDPR.
6. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
6.1. The User is obliged to provide information about personal data necessary for using the Platform, as well as to update, supplement the provided information about personal data in case of changes in this information.
6.2. Upon achievement of the purposes of personal data processing, as well as in the case of withdrawal by the subject of personal data of consent to their processing, personal data shall be destroyed within a period not exceeding thirty days from the date of achievement of the purpose of personal data processing or receipt by the Operator of the withdrawal of the subject’s consent, if:
6.2.1. nothing else is provided for in the contract to which the personal data subject is a party, beneficiary or guarantor;
6.2.2. the operator is not entitled to process personal data without the consent of the subject on the grounds provided for by GDPR;
6.2.3. nothing else is provided for by another agreement between the operator and the subject of personal data.
6.3. The operator is obliged to inform the subject of personal data or their representative of data about the processing of personal data of such subject carried out by them at the request of the latter.
6.4. The subject of personal data or their legal representative has the right at any time to contact the Operator with the withdrawal of their consent to the processing of personal data by sending a notification to the Company marked «Withdrawal of consent to the processing of personal data» in electronic form to the email address: firstname.lastname@example.org.
6.5. The Operator blocks personal data related to the relevant User from the moment of the request or request of the User or their legal representative or the authorized body for the protection of the rights of personal data subjects for the period of verification in case of identification of false personal data or illegal actions.
7.1. Cookie — for the purposes of the Operator, it is a piece of data sent by a web server Familami.com and stored on the user’s computer, used for user authentication, tracking the status of the user’s access session, collecting general depersonalized statistics about users.
7.2. On Familami.com the following types of cookies are used:
7.2.1. «Mandatory» — necessary for the correct operation of the site. The user does not have the technical ability to use the Familami.com site, without setting these cookies.
7.2.2. «Analytical» — allow you to better understand how users interact with the site to fix problems.
7.3. Mandatory Cookies include:
7.3.1. PHPSESSID — the user session identifier. Required for authorization, storage of the contents of the shopping cart. By itself, it does not store any personal data and is intended only for matching the browser and session files stored on the server;
7.3.2. hide_popup — Cookie saving permission flag;
7.4. Analytical Cookies include:
7.4.1. g_utm_term — the search phrase that the user entered in Google before they received the advertisement;
7.4.2. gclid — user ID in the Google advertising campaign;
7.4.3. ya_utm_term — the search phrase that the user entered in Yandex before they received the advertisement;
7.4.4. yclid — user ID in the Yandex advertising campaign;
7.4.5. utm_campaign — the name of the Google advertising campaign that the user came from;
7.4.6. ya_camp — the name of the Yandex advertising campaign that the user came from;
7.5. In addition, analytical cookies of third-party services are used on the Platform.
7.5.1. _ga и _gid — Cookies set up by Google Analytics
7.5.2. ym* и ya* — Cookies with this prefix are set up by Yandex.Metrica
7.5.3. _fbp — Cookies with this prefix are set up by Facebook
7.6. In addition to cookies, the platform uses Localstorage storage, which stores the settings of the user’s personal account.
7.7. All cookies are used only for official purposes, do not store any personal data and are not transferred to third parties.
7.8. «Marketing» Cookies that allow advertisers to deliver personalized advertising to users are not used on the Platform
7.9.1. Delete or disable certain locally stored data in your browser settings;
7.9.2. Use a browser that can block third-party cookies;
7.9.3. Install a plugin to lock locally stored data. Deleting or blocking Cookies may affect the user interface of the Site and make some of the components of the Site inaccessible to the User.
7.10. Sellers of the Platform have the right and technical ability to install their own cookies on the pages of their stores on the Platform.
7.10.1. The Platform Administrator is not responsible for Cookies installed by Sellers on the pages of their stores.
8. DISPUTE RESOLUTION
8.1. Before going to court with a claim for disputes arising from the relationship between the User and the Operator, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
8.2. The recipient of the claim within 30 calendar days from the date of receipt of the claim notifies the applicant of the claim in writing about the results of the consideration of the claim.
8.3. If an agreement is not reached, the dispute will be referred to the competent court in accordance with the current legislation of the Russian Federation.
9. OTHER CONDITIONS
9.1. The Operator has the right to make changes to this Policy without the User’s consent. The new Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy, and is valid indefinitely until it is replaced by a new version.
9.2. The current Policy is available on the webpage at: https://familami.com/documents/privacy.html
9.3. All suggestions or questions on this Policy, as well as on issues related to the use of the mobile application, should be reported to email@example.com
9.4. In case of disagreement with the provisions of this Policy, the User must stop using the Service and stop using the Company’s services.
10. FEATURES OF PERSONAL DATA PROCESSING WHEN USING THE FAMILAMI.COM MOBILE APPLICATION
10.1. FEDEO d.o.o. created the Familami application. This Service is provided by the Company in accordance with the rates indicated on the website Familami.com and is intended to be used as is.
10.4. For better interaction when using the Application, the Company may require the user to provide certain personal data, including, but not limited to, device tokens. The data requested by the Company will be stored and used as described in this policy.
10.7. The company may hire third-party companies and individuals for the following reasons:
- To optimize the Application;
- To provide the Application on behalf of the Company;
- To provide services related to the Application;
- Or to help analyze how the Application is used.
10.8. The Company warns that third parties have access to Users’ Personal Data in connection with the tasks assigned to them by the Company. However, they are obliged not to disclose or use the data for any other purposes.
10.9. The Company strives to use acceptable means of protecting the Application. But warns that no method of transmission over the Internet or method of electronic storage is 100% safe and reliable.
10.10. The application is intended also for persons under the age of 18. The Company also collects personal data from children under the age of 18 who are representatives of the licensee. A child under the age of 18 provides personal data with the consent of the licensee and under their control. If the Company becomes aware that a person under the age of 18 has provided personal data without the consent of their parents or guardians, the Company undertakes to immediately delete this data.
10.11. The mobile application stores and processes personal data provided by users to provide access to the Application.
10.12. The user is solely responsible for the security of their phone and access to the application.
10.13. The user is not recommended to jailbreak or root their phone, which is the process of removing software restrictions and restrictions imposed by the official operating system of the device used. As this may make the user’s phone vulnerable to malware/viruses/malware, compromise the phone’s security features, and may also cause the Application to not work properly or not work at all.