Personal Data Processing Policy
Effective date of this version of the Policy: February 11, 2021
1. GENERAL PROVISIONS
about the Internet user (hereinafter – "User").
1.2. The Policy applies exclusively to the Company's Website. The Company does not control and is not responsible for the Internet websites and services of third parties which the User can access using the links available on the Company's Website, including information about the User processed by third parties.
1.3 Prior to using the Website, the User must read the terms of the Policy. Using the Website is possible only with unconditional agreement with all the terms of the Policy. Using the Website means the User's unconditional consent to the Policy terms, including the terms of provision and processing of the User's personal data. If you disagree with the Policy terms, or if you do not understand the Policy, you must refrain from using the Website.
1.4. The Company reserves the right to unilaterally amend the Policy at any time without prior notice to the User. Changes made to the Policy come into force from the date the new version of the Policy is posted on the Website.
2.1 Automated processing of personal data – the processing of personal data with the use of computer technology;
2.2. Blocking of personal data - a temporary suspension of personal data processing (unless the processing is necessary to clarify personal data);
2.3. Website - a set of graphic and information materials, as well as computer programs and databases, ensuring their availability on the Internet at the http://gefest.ai/
2.4. Personal data information system - a set of personal data contained in databases, and information technologies and technical means ensuring their processing;
2.5. Depersonalization of personal data - actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or another subject of personal data;
2.6. Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.7. Personal data - any information relating directly or indirectly to a specific or identifiable User;
2.8. User - any visitor to the http://gefest.ai/
2.9. Provision of personal data - actions aimed at disclosing personal data to a certain person or a certain set of persons;
2.10. Distribution of personal data - any actions aimed an disclosing personal data to an indefinite set of persons (transfer of personal data) or at acquaintance with the personal data of an unlimited number of persons, including the disclosure of personal data in the media, posting on information and telecommunication networks or providing access to personal data in any other way;
2.11. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or foreign legal entity;
2.12. Destruction of personal data - any actions as a result of which personal data are destroyed irrevocably with the impossibility of further data restoration in the personal data information system and (or) physical storage media of personal data are destroyed.
3. RECEIVING AND PROCESSING OF THE USER'S PERSONAL DATA
3.1. Within the Policy, the User's personal data means:
3.1.1. Personal data that the User provides about himself/herself when filling out:
126.96.36.199. Form "The Want to know more?":
• the User's name, surname, patronymic,
• the User's contact telephone number,
• the User's e-mail address,
188.8.131.52. The contact form:
• the User's name, surname, patronymic,
• the User's e-mail address,
• the User's contact telephone number,
• information about the Company the User represents.
3.1.2. Data that are automatically transmitted to the Company in the process of using the Website with the use of software installed on the User's device, including the IP address, information from cookies (text files stored in the User's browser), information about the User's browser (or another program providing access to the Website), access time, address of the requested page, including:
184.108.40.206. When browsing the Company's Website, the following anonymized statistical data about the User is automatically collected (from cookies), including:
• the type of action performed on the Website (click, mouseover, etc.);
• action data and time;
• page URL;
• ClientID (browser id by cookie file);
• screen resolution;
• class of HTML-element clicked;
• data about the information viewed by the User in the Website interface;
• data on the facts of filling out forms/appeals on the Website, including errors when filling them out;
• other data from cookies according to the Website settings, necessary for the Company to improve the Website functionality.
220.127.116.11. By using the Website, the User agrees that the Company can use statistical data and cookies for their post-processing by systems like Google Analytics, Google Firebase, Appmetrica, Yandex.Metrica and can be transferred to a third party for research, work or providing services to the Company. The User can independently manage the cookies by changing the settings of the browser operating on his equipment. Changes to user settings, as a result of which cookies will be blocked, may lead to the inaccessibility of certain components of the Website.
3.2. The Company does not verify the personal information provided by the User when using the Website, and does not exercise control over the User's legal capacity. At the same time, the Company assumes that the User provides reliable and sufficient personal information about himself and maintains such information up to date.
4. PURPOSES OF PERSONAL DATA PROCESSING
4.1. The Company collects and stores only those User's personal data that are necessary to enable the use of the Company's Website or the execution of agreements with the User, except for cases when the legislation provides for the mandatory collection and storage of certain personal data of the User. The storage of personal data is carried out no longer than it is required by the processing purpose, except for cases when the storage period for such User's personal data is not established by law and/or an agreement between the User and the Company.
4.2. The Company uses the User's personal data for the following purposes:
4.2.1. providing the User with the opportunity to use the Company's Website and perform actions provided by the Website functionality;
4.2.2. the User identification who filled out the contact forms, establishing feedback with the User, including sending notifications, requests regarding the topic of the User's appeal, providing the User with information;
4.2.3. communication with the User, including sending notifications, requests and information regarding the use of the Website;
4.2.4. improving the quality of the Company's Website, user-friendliness;
4.2.5. conducting statistical and other studies based on anonymized data.
5. THE PROCEDURE FOR PERSONAL DATA PROCESSING AND TRANSFERRING THEM TO THIRD PARTIES
5.1. The storage and processing of the User's data are performed in accordance with the On Personal Data federal law and other regulations which govern relations in the field of data security. Data storage and processing are carried out within the Russian Federation.
5.2. The Company processes the User's personal data in accordance with the Policy and the Company's internal documents. In accordance with the legislation requirements, the Company may be obliged to process/store the User's personal data obtained when using the Website. Such processing/storage is performed by the Company in cases, on the grounds and within the time limits established by applicable legislation.
5.3. With regard to the User's personal data, the Company ensures their confidentiality.
5.4. The Company has the right to transfer the User's personal data to third parties in the following cases:
5.4.1. The User has expressed his consent to the commission of such actions by the Company;
5.4.2. The transfer takes place as part of the sale or other transfer of the business (in whole or in part), while all obligations to comply with the Policy terms in relation to the User's personal data received are transferred to the acquirer.
5.4.3. The transfer is provided for by Russian or other applicable legislation under the procedure established by law.
5.4.4. In order to ensure the possibility of protecting the rights and legitimate interests of the Company or third parties in cases when the Company has sufficient grounds to believe that the User is violating the requirements of the applicable law.
5.5. The Company does not place Personal data on public resources on the Internet, since such placement does not meet the purposes of collecting and processing Personal data. Under no circumstances will the Company be liable for the consequences of Personal data sharing by the User about himself and (or) other individuals for public access to an unlimited number of persons, including by posting this information on public resources on the Internet, including, the Website's public pages.
6. CHANGING AND DELETING THE USER'S PERSONAL DATA AND PROVIDING ACCESS TO THEM
6.1. Changing and deleting the User's personal data
6.1.1. Within the limits established by applicable legislation, the User has the right to revoke any of his consent that was previously granted by him, or to submit his objections on legal grounds regarding the processing of his personal data. If the User wishes to delete Personal data from the Company's servers, he must send a corresponding request to the Company by sending an e-mail to the email@example.com e-mail address. The Company deletes Personal data within 30 (calendar) days from the date of receiving the User's request.
6.1.2. The Company, within the limits established by applicable legislation, informs about the change or destruction of the User's personal data to each recipient to whom such personal information has been disclosed, unless this turns out to be impossible or requires a disproportionate effort.
6.2. The right to access the User's personal data
6.2.1. In accordance with applicable legislation, the User has the right to request information from the Company regarding:
• the purposes of processing the User's personal data;
• categories of the processed personal data of the User;
• categories of recipients to whom the User's personal data have been or will be transferred;
• storage period or criteria for its determination, as well as other information regarding the User's personal data.
6.2.2. Unless otherwise implemented in the interface of the Company's Website, the information (its copy) specified in clause
6.2.1 of the Policy may be provided by the Company in writing or using other means of communication.
6.2.3. If the Company has reason to doubt the identity of the User submitting the request in accordance with clause
6.2.1 of the Policy, the Company has the right to request additional information necessary to confirm the identity of such User.
6.2.4. Examination of the request for the provision of information (its copies) specified in clause
6.2.1 of the Policy is carried out by the Company within 30 (thirty) calendar days from the date of receiving the request from the User.
7. MEASURES TAKEN TO PROTECT THE USER'S PERSONAL DATA
7.1. The Company protects and processes the User's data in accordance with applicable law.
7.2. When processing personal data, the Company ensures their security and takes the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of the User's personal data, as well as from other illegal actions, by establishing the confidentiality regime and control over its compliance in relation to such data, as well as through the introduction of additional protection measures that implement the requirements of the applicable law, standards and internal organizational and administrative documents of the Company. At the same time, the User understands and agrees that the Internet cannot provide absolute protection of information from the threats that exist in it. The User hereby gives his unconditional and irrevocable consent to the Company to determine the sufficient level of Personal data protection, the methods and place (territory) of their storage, allowed in accordance with applicable law.
7.3. If the User becomes aware of any violation of the requirements of this Policy and (or) the applicable law in relation to Personal data (including, without limitation, the rules for the collection, processing, transfer, storage, distribution of Personal data), the User must notify the Company by sending an e-mail to firstname.lastname@example.org e-mail address of the Company.
8. FINAL PROVISIONS
8.1. The User can receive any clarifications on issues of interest regarding the processing of his personal data by contacting the Operator via e-mail - email@example.com.
8.2. This document will reflect any changes in the personal data processing policy by the Operator. The Policy is valid indefinitely until it is replaced by a new version.
8.3. The current version of the Policy is freely available on the Internet at http://gefest.ai/en/privacy