December eighteenth, two thousand and twentieth year.
This policy defines Revieweek™ (hereinafter the "Operator") policy in relation to personal data processing and contains information about the requirements for personal data protection implemented by the Operator. The present policy is valid in relation to all personal data processed by means of the Service which the Operator receives or can receive from the User. The present policy is an integral part of the Operator's internal document defining the general policy of the Operator in relation to processing of personal data and disclosing general data about the requirements to protection of personal data realized by the Operator.
1. GENERAL PROVISIONS.
1.1 The following terms and definitions shall have the following meaning for the purposes of this policy:
"Personal Data" - any information relating directly or indirectly to an identified or identifiable natural person ("personal data subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by reference to an identifier, such as name, surname, patronymic (if any), identification number, individual tax number, bank details, year, month, date and place of birth, address, email address, telephone number, family, social, property gender In addition, personal data for the purposes of this policy also includes information about the User, the processing of which is stipulated by the Agreement governing the use of the Service. Personal data refers to information of a confidential nature.
"Operator" - Revieweek™, carries out the processing of personal data, as well as determines the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
"User" - any physical person (subject of personal data), including acting on behalf and in the interests of the legal entity, which can provide the Operator with its personal data in the process of using the Service, independently or through the represented legal entity, which expressed its consent to the conditions set forth in the Agreement either by signing it or by performing the conclusive actions specified in it, aimed at using the Service. The User in the context of this policy also means the persons whose personal data is processed by the Operator on behalf of the User of the Service contained in the Agreement.
"Service", "Personal data information system", "Information system" - called Revieweek™, software for providing services (exchange of information between the Administration and Users about manufacturers, performers, importers, sellers, owners of information aggregators, organizations authorized by the manufacturer (seller) or individual entrepreneurs authorized by the manufacturer (seller), their goods, services and works, advertising and search for goods, works and services), access to which the Administration temporarily provides the User at
Online reviews | Revieweek (revieweek.com). Is a complex object, the creation of which is organized by the Administration. Designed to work on computers, smartphones, tablets and other devices of the User, designed for different platforms. It includes the User's personal account, the Site Online reviews | Revieweek (revieweek.com), databases, software codes, know-how, algorithms, design elements, fonts, logos, as well as text, graphics and other materials, information, texts, graphic elements, images, photos, audio and video materials and other results of intellectual activity. Exclusive rights to the Service and any of its components belong to the Operator as the right holder or the licensee on the basis of the law, contract or other transaction.
"Agreement" - license agreement, user agreement, other transaction between the User and the Operator, regulating the order of using the Service and containing the User's instruction to the Operator to process personal data, concluded by signing it or by performing the conclusive actions specified in it, aimed at using the Service.
"Processing of personal data" - actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
"Automated processing of personal data" - processing of personal data by means of computer technology.
"Non-automated processing of personal data", "Processing of personal data without the use of automation" - processing of personal data contained in the information system of personal data or extracted from such a system in cases where such actions with personal data as use, clarification, distribution, destruction of personal data in respect of each of the subjects of personal data is carried out with the direct participation of an individual.
"Dissemination of personal data" - actions aimed at disclosing personal data to an undetermined number of people.
"Provision of personal data" - actions aimed at transferring personal data to a certain person or a certain circle of people.
"Blocking personal data" - temporary termination of processing of personal data (except when processing is necessary to clarify personal data).
"Destruction of personal data" - actions that make it impossible to restore the content of personal data in the information system of personal data and (or) result in the destruction of tangible media of personal data.
"De-identification of personal data" - actions, as a result of which it is impossible, without the use of additional information, to determine whether the personal data belongs to a particular subject.
"Use of personal data" - actions (operations) with personal data carried out for the purpose of making decisions, transactions or other actions that have legal consequences with respect to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others.
"Publicly available personal data" - personal data to which access is granted to the general public with the consent of the subject or which, in accordance with federal laws, are not subject to the requirement of confidentiality.
"Confidentiality of personal data" - mandatory for compliance by the person who obtained access to personal data, the requirement to prevent its dissemination without the consent of the subject or other legitimate grounds.
"Statistics" - information about the use of the Service, as well as about the User's viewing of certain elements of the Service (web pages, frames, content, etc.) collected through the use of Counters, cookies, beacons and other similar technologies.
"Cookies", "cookies" - a small piece of data sent by a web server and stored on the User's device. Cookies contain small pieces of text and are used to store information about how browsers work. They allow you to store and retrieve identification information and other information on computers, smartphones, phones, and other devices. Cookie specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purpose, including data stored by browsers or devices, identifiers associated with devices, and other software. All of these technologies are referred to in this policy as "cookies.
"Web Beacons" - images in electronic form (one-pixel (1×1) or blank GIF images). Web beacons can help the Operator recognize certain types of information on the User's device, such as cookies, time and date of page view, and the description of the page where the web beacon is placed.
"Counter" - part of the Service, a computer program that uses a piece of code responsible for analyzing cookies, collecting statistical and personal data of Users. Personal data is collected in an impersonal form.
"IP address" - number from the numbering resource of the data network based on the IP protocol (RFC 791), which uniquely identifies the subscriber terminal (computer, smartphone, tablet, other device) or communication equipment included in the information system and belonging to the User when providing telematic communication services, including access to the Internet.
"HTTP header" - a line in an HTTP message containing a colon-separated name-value pair. The HTTP header format follows the general ARPA network text message header format described in RFC 822.
"Token" - a unique set of characters that identifies the User in accounts of third-party services. The token allows an authorized connection to the Service using authorization through third-party services (for example, Microsoft Authenticator, Google Authorization, social networks, Google Play, Apple AppStore, and others).
1.2 All other terms and definitions appearing in the text of this Policy shall be interpreted by the Parties in accordance with the laws of the country of residence, current recommendations (RFC) of international standardization bodies on the Internet and established in the Internet common rules of interpretation of the relevant terms.
1.3 The terms and definitions used in this policy may be used in singular or plural, depending on the context, and the terms may be spelled either capital or small letters.
1.4 The titles of the headings (articles) as well as the construction of the policy are intended solely for the convenience of using the text of the policy and have no literal legal meaning.
1.5 This policy is developed in accordance with the laws of international law.
1.6 This policy defines the procedure and conditions of personal data processing by the Operator, including the procedure of transfer of personal data to third parties, features of non-automated processing of personal data, procedure of access to personal data, personal data protection system, procedure of internal control organization and responsibility for violations in processing of personal data, as well as other issues.
1.7. This policy shall take effect upon approval by the Operator and shall remain in effect indefinitely until replaced by a new policy.
1.8 The Operator has the right to make changes to this policy without the User's consent. All changes in the policy shall be made by an order of the Operator.
1.9 This Policy applies to all personal data processing carried out through the Service without the use of automation tools. The Operator does not control and is not responsible for services belonging to third parties, to which the User can go through the links placed in the Service.
2. LEGAL BASIS FOR PROCESSING OF PERSONAL DATA.
2.1 The Operator processes the User's personal data in accordance with the normative legal acts in the specified field of the Operator's activity.
2.2 Processing of the User's personal data is performed on the basis of and in accordance with the Agreement, regulating the order of using the Service, and other transactions, agreements or contracts concluded between the User and the Operator.
2.3 Processing of personal data of the User can be carried out also on the basis of its separate consent to such processing which can be expressed including directly at use of the Service by pressing the corresponding button or by putting a mark of the indicator of the corresponding check-box. The period of validity of such consent of the User is specified in its text.
3. PURPOSES OF COLLECTING PERSONAL DATA.
3.1 The operator carries out processing only those personal data which are necessary for using the Service or performing transactions, agreements and contracts with the User, except for cases when the legislation provides obligatory storage of personal information during the term defined by the law.
3.2 When processing personal data, the Operator shall not combine databases containing personal data that are being processed for incompatible purposes.
3.3 The operator processes the User's personal data for the following purposes:
- 3.3.1. to use the personal data of Users, who are individuals using the Service on their own behalf, for the purposes of concluding and executing the Agreement or any other transaction with the Operator;
- 3.3.2. to use the personal data of the Users, who are individuals using the Service on behalf of the represented individual or legal entity, for the purposes of conclusion and execution of the Agreement or any other transaction with the Operator;
- 3.3.3. conducting statistical and other research on the use of the Service on the basis of anonymized data;
- 3.3.4. compliance with mandatory legal requirements.
4. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS.
4.1 Personal data, allowed to be processed in accordance with this policy and provided by Users - individuals using the Service on their own behalf by filling in the appropriate input fields when using the Service, may include the following information:
- 4.1.1. surname, first name, patronymic (if there is a patronymic);
- 4.1.2. address;
- 4.1.3. the number of the main identity document, information about the date of issue of the document and the authority that issued it;
- 4.1.4. last name, first name, patronymic (if any), address of the User's representative, number of the main document certifying his identity, information about the date of issue of the said document and the issuing authority, details of the power of attorney or other document confirming the authority of this representative; the User may also provide information about his representative.
- 4.1.5. e-mail address;
- 4.1.6. cell phone number;
- 4.1.7. login and password to enter the Service;
- 4.1.8. data of social networks through which the User logs in to the Service;
- 4.1.9. token;
- 4.1.10. HTTP headers;
- 4.1.11. The IP address of the device;
- 4.1.12. cookie data;
- 4.1.13. Data collected by meters;
- 4.1.14. data obtained with web beacons;
- 4.1.15. information about the browser;
- 4.1.16. technical characteristics of the device and software;
- 4.1.17. technical data on the operation of the Service, including dates and times of use and access;
- 4.1.18. addresses of the requested pages of the Service;
- 4.1.19. geolocation data.
4.2 Personal data allowed to be processed in accordance with this policy and provided by Users - individuals using the Service on behalf of the represented individual or legal entity by filling in the appropriate input fields when using the Service, may include the following information:
- 4.2.1. surname, first name, patronymic (if there is a patronymic);
- 4.2.2. address;
- 4.2.3. the number of the main document certifying his identity, information about the date of issue of the said document and the authority that issued it;
- 4.2.4. details of the power of attorney or other document confirming the User's authority;
- 4.2.5. e-mail address;
- 4.2.6. cell phone number;
- 4.2.7. login and password to enter the Service;
- 4.2.8. data of social networks through which the User logs in to the Service;
- 4.2.9. token;
- 4.2.10. HTTP headers;
- 4.2.11. The IP address of the device;
- 4.2.12. cookie data;
- 4.2.13. data collected by meters;
- 4.2.14. data from web beacons;
- 4.2.15. information about the browser;
- 4.2.16. technical characteristics of the device and software;
- 4.2.17. technical data on the operation of the Service, including dates and times of use and access;
- 4.2.18. addresses of the requested pages of the Service;
- 4.2.19. geolocation data.
4.3 Personal data processed in accordance with this policy and automatically transmitted to the Operator in the process of using the Service by means of the software installed on the User's device may include the following information:
- 4.3.1. token;
- 4.3.2. HTTP headers;
- 4.3.3. device IP address;
- 4.3.4. cookie data;
- 4.3.5. data collected by meters;
- 4.3.6. data from web beacons;
- 4.3.7. information about the browser;
- 4.3.8. technical characteristics of the device and software;
- 4.3.9. technical data on the operation of the Service, including dates and times of use and access to the Service;
- 4.3.10. addresses of the requested pages of the Service;
- 4.3.11. geolocation data.
4.4 In accordance with this policy, the Operator shall process personal data of the following categories of personal data subjects:
- 4.4.1. individuals using the Service on the basis of a transaction on their own behalf;
- 4.4.2. individuals who use the Service on the basis of a transaction on behalf of the individual or legal entity they represent.
5. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING.
5.1 The operator has the right to process the User's personal data without notifying the authorized body for the protection of the rights of subjects of personal data.
5.2 The operator carries out processing of personal data of the User by means of information system of personal data without use of means of automation in accordance with normative legal acts, establishing requirements to security of personal data during their processing and to observance of rights of subjects of personal data. Such actions with personal data as use, clarification, distribution, destruction of personal data in relation to the User are carried out with the direct participation of the Operator's employees.
5.3 The Operator processes and stores the User's personal data for the period determined by the relevant transaction with the User and the law.
5.4 The User's personal data is kept confidential, except when the User voluntarily provides information about himself for general access to an unlimited number of people.
5.5 The operator has the right to transfer the User's personal data to third parties in the following cases:
- 5.5.1. the user has made a written request to the Operator for such a transfer;
- 5.5.2. there is the User's consent to such actions, expressed in accordance with the terms of the transaction;
- 5.5.3. the transfer is necessary for the User to use a certain functionality of the Service (for example, for authorization through accounts in social networks) or to perform a certain agreement, contract or transaction with the User;
- 5.5.4. the transfer is provided by law or other applicable law in the framework of the procedure established by law;
- 5.5.5. in case of transfer of rights to the Service, the transfer of personal data to the acquirer is required simultaneously with the transfer of all obligations to comply with the terms of this policy in relation to personal data obtained by him;
- 5.5.6. when it is necessary to protect the rights and legitimate interests of the Operator or third parties when the User violates this Policy or the Agreement on the Use of the Service;
- 5.5.7. in other cases provided by law.
5.6 In case of loss or unauthorized disclosure of personal data, the Operator informs the User about this fact.
5.7 The Operator takes necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.8. The Operator together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User's personal data.
5.9 The operator has the right to transfer personal data to bodies of inquiry and investigation and other authorized bodies on the grounds stipulated by applicable law.
5.10. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), and extracts personal data of Users.
5.11. The Operator stops processing personal data of Users, which are processed with their consent, when the User's consent to their processing expires or when the User withdraws their consent to the processing of their personal data, as well as in case of detection of unlawful processing of personal data or liquidation of the Operator.
6. ACCESS TO PERSONAL DATA.
6.1 The right of access to the User's personal data is granted only to the Operator's employees, admitted by virtue of their official duties to work with the User's personal data on the basis of the list of persons, admitted to work with personal data, which is approved by the Operator.
6.2 The operator keeps up-to-date the list of employees who have received access to personal data.
6.3 Access to the User's personal data by third parties, who are not the Operator's employees, is prohibited without the User's consent, except in cases stipulated by law.
6.4 Access of Operator's employee to the User's personal data stops from the date of termination of labor relations or from the date when the employee loses the right to access the User's personal data due to change of job duties, position or other circumstances in accordance with the procedure established by the Operator. In case of termination of labor relations, all media with the User's personal data, which were at the disposal of the dismissed Operator employee, shall be transferred to the superior employee in accordance with the procedure established by the Operator.
7. UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA.
7.1 The User may at any time change, update, supplement or delete the personal data or any part thereof provided by him through the interface of the Service.
7.2 In case the Operator independently reveals the fact of incompleteness or inaccuracy of the User's personal data, the Operator shall take all possible measures to update the personal data and make appropriate corrections.
7.3 If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete them.
7.4 If it is revealed that the processing of the User's personal data is unlawful, the Operator stops processing the User's personal data, and the personal data is subject to deletion.
7.5 In the situation of the Service interface malfunctioning or the lack of Service functionality to change, update, supplement or delete personal data by the User, as well as in any other cases the User is entitled to demand in writing from the Operator the specification of his personal data, their blocking or destruction on the grounds that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the declared processing purpose.
7.6 The operator makes the necessary changes to the personal data, which are incomplete, inaccurate or irrelevant, within a period not exceeding seven working days from the date of submission by the User of information confirming that the personal data is incomplete, inaccurate or irrelevant.
7.7 The Operator destroys the User's personal data illegally obtained or not necessary for the stated processing purpose within a period not exceeding seven working days from the day the User submits information confirming that such personal data is illegally obtained or not necessary for the stated processing purpose.
7.8. The Operator notifies the User about the changes made and measures taken and takes reasonable steps to notify third parties to which this User's personal data has been transferred.
7.9 The User's rights to change, update, supplement or delete personal data may be limited in accordance with legal requirements. Such restrictions, in particular, may stipulate the obligation of the Operator to retain the personal data changed, updated, supplemented or deleted by the User for a period specified by law and transfer such personal data to state authorities in accordance with the established procedure.
8. RESPONSES TO USER REQUESTS FOR ACCESS TO PERSONAL DATA.
8.1 The User has the right to receive information from the Operator regarding the processing of his personal data, including information containing:
- 8.1.1. confirmation of the processing of personal data by the Operator;
- 8.1.2. legal basis and purpose of personal data processing;
- 8.1.3. the purposes and methods of personal data processing used by the Operator;
- 8.1.4. the name and location of the Operator, information about persons (other than the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- 8.1.5. processed personal data relating to the relevant User, the source of their receipt, unless another procedure for presentation of such data is stipulated by federal law;
- 8.1.6. terms of processing of personal data, including the terms of their storage;
- 8.1.7. the procedure for exercising the User's rights under the Personal Data Law;
- 8.1.8. information about cross-border transfer of data that has taken place or is expected to take place;
- 8.1.9. the name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if processing is or will be assigned to such person;
- 8.1.10. other information stipulated by law.
8.2. The Operator provides free of charge an opportunity to become familiar with the processed and stored in the Operator's information system personal data upon the User's application within thirty calendar days from the date of receipt of the User's written request.
8.3 If the Operator refuses to provide information about the availability of personal data about the User or personal data to the User upon receipt of the User's request, the Operator shall provide in writing a reasoned response, which is the basis for such refusal, within thirty calendar days from the date of receipt of the User's request.
9. INFORMATION ABOUT THE IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA.
9.1 The security of personal data during its processing in the information system is ensured by a personal data protection system that neutralizes current threats.
9.2 The operator applies a system of personal data protection, including legal, organizational, technical and other measures to ensure the security of personal data, defined taking into account the current security threats to personal data and information technology used in information systems.
9.3 For personal data in respect of which the User's consent to its processing by third parties has been given, the Operator may contractually engage another person to ensure the security of such personal data during its processing in the information system.
9.4 When processing personal data in its information system, the Operator shall ensure:
- 9.4.1. carrying out activities aimed at preventing unauthorized access to the User's personal information and/or transferring it to persons who are not entitled to access such information;
- 9.4.2. timely detection of unauthorized access to personal data;
- 9.4.3. preventing interference with technical means involved in the processing of personal data, which may result in the disruption of their functioning;
- 9.4.4. the possibility of immediate recovery of personal data modified or destroyed as a result of unauthorized access;
- 9.4.5. continuous control over the level of security of personal data.
9.5 In order to comply with the security requirements and implementation of the personal data security system, the Operator has developed a private model of security threats to the personal data information system.
9.6 The Operator has determined the level of protection of personal data when it is processed in the information system of personal data owned by the Operator.
9.7. The operator has drawn up an act of determining the level of protection of personal data during its processing in the information system of personal data.
9.8 Based on the act of determining the level of protection of personal data during its processing in the information system of personal data without the use of automation means, the operator has developed and implemented a set of measures to protect and ensure the security of personal data.
9.9 The operator uses technical means and software for processing and protection of personal data, as well as maintains a log of personal data protection means.
9.10. The Operator shall keep a log of accounting and storage of removable media containing personal data.
9.11. The technical means ensuring the functioning of the personal data information system shall be located in the premises belonging to the Operator by right of ownership or other proprietary right (lease, gratuitous use, etc.).
9.12. All of the Operator's employees admitted to work with personal data, as well as those involved in the operation and maintenance of the information system of personal data, are familiar with the requirements of this policy and with the Operator's internal documents regulating the procedure for working with personal data.
9.13. The Operator has organized training for employees on how to use personal data protection tools operated by the Operator. Employees with permanent access to personal data and employees associated with the operation and maintenance of the personal data information system and personal data protection tools are trained.
9.14. The Operator's internal documents stipulate that employees must immediately report to an appropriate official of the Operator about the loss, damage or shortage of data carriers containing personal data, as well as about attempts of unauthorized disclosure of personal data, its causes and conditions.
10. CONSENT TO THE PROCESSING OF PERSONAL DATA.
10.1 The user decides to provide his personal data and gives consent to its processing freely, at his own free will and in his own interest.
10.2 The consent to the processing of personal data provided by the User is specific, informed and conscious.
10.3 In case of processing of the User's personal data on the basis and pursuant to the Agreement, regulating the order of using the Service, and other transactions, agreements or contracts concluded between the User and the Operator using the Service, such processing of the User's personal data does not require a separate consent.
10.4 In the case of processing of personal data of the User on the basis of its individual consent to such processing, expressed directly when using the Service by pressing the appropriate button or by ticking the appropriate checkbox indicator, such consent to the processing of personal data is provided by the User in the form of an electronic document signed by a simple electronic signature in accordance with the Agreement governing the order of use of the Service.
10.5 Consent to the processing of personal data may be withdrawn by the User in accordance with the procedure established by law.
11. FINAL PROVISIONS.
11.1 When the User starts using the Service, it means that the User agrees to the terms of this policy. If the User does not agree to the terms of this policy, use of the Service must be immediately terminated.
11.2 The law of the country of residence shall apply to this policy and to the relations between the User and the Operator arising from the application of this policy.
11.3 This policy is permanently publicly available at the following link: https://revieweek.com/privacy-policy/.
11.4 Any suggestions or questions about this policy may be sent by the User to the Operator's User Support Team by sending an email to the address: [email protected].
12. Communication with the Administration
Email address: [email protected].