Privacy Policy

I. General provisions

This Policy regulates the activities of UXSSR (hereinafter referred to as the “Operator”) in the field of processing and ensuring the individuals’ personal data protection (hereinafter such individuals are referred to as the “Subject”) on the basis of Federal Law No. 152–FZ “On Personal Data” dated 27.07.2006.

The Policy applies to all personal data that can be obtained by the Operator in the course of their activities. 

The policy is based on the requirements of the following laws:

  • Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;
  • Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 “On Approval of requirements for the protection of personal data during their processing in Personal Data information systems”;
  • Order No. 21 of the FSTEC of Russia dated February 18, 2013 “On Approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in Personal Data Information Systems”;
  • Roskomnadzor Order No. 996 dated September 05, 2013 “On Approval of requirements and methods for anonymisation of personal data”;
  • other regulatory legal acts of the Russian Federation and regulatory documents of state executive bodies.

Subjects using the services (hereinafter referred to as “Services”) available through the Operator’s website https://www.uxssr.com (hereinafter referred to as the “Site”), as well as Subjects filling out the feedback form on the site https://www.uxssr.com and providing the Operator with their personal data on the basis of consents to the personal data processing, acknowledge their consent to the processing of personal data in accordance with this Policy. In case of disagreement with this Policy in whole or in part the Subject must refrain from using the Services.

The Operator receives and begins processing the Subject’s personal data from the moment of receiving their consent. Consent to the processing of personal data may be given by the Subject in any form that allows to confirm the fact of obtaining consent, unless otherwise established by federal law: in writing, electronically, orally or otherwise, including by selecting the box “Agree” in electronic form next to the feedback form on the Website, as well as providing Consent implied by conduct when using feedback forms and accepting offers that contain provisions on the personal data processing in accordance with applicable law and posted on the website https://www.uxssr.com. In the absence of the Subject’s consent to the personal data processing, such processing is not carried out.

Consent to the personal data processing may be revoked by the Subject. If the Subject withdraws consent to the personal data processing, the Operator has the right to continue processing personal data without the consent of the Subject on grounds specified by the current legislation.

This Policy may be changed by the Operator. The Operator has the right at any time, at its sole discretion, to make changes to this Policy without prior notification. The updated version of the Policy comes into force from the moment it is posted on https://www.uxssr.com.

II. Concepts used in this Policy:

  • personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
  • personal data operator (operator) – a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
  • processing of personal data – any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among others: collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); anonymisation; blocking; deletion; destruction.
  • automated processing of personal data – processing of personal data using computer technology;
  • dissemination of personal data – actions aimed at disclosure of personal data to an indefinite circle of persons;
  • provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
  • destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
  • personal data information system – sets of personal data contained in databases and information technologies and technical means that ensure their processing;
  • subject of personal data – an individual, directly or indirectly identified or determined on the basis of personal data related to him.

iii. The concept and composition of personal data

For the purposes of this Policy, personal data means any information related directly or indirectly to a certain individual (subject of personal data).

The Operator, in order to carry out its activities and to fulfill its obligations, is entitled to process personal data of individuals provided when submitting an application through the Website, including when the client makes orders, as well as when using services, forms of communication posted on the Website.

Grounds and purposes of personal data processing

The Operator processes personal data to carry out its activities, including to offer and provide services to customers, to send advertising, informational messages and materials.

The Operator collects and stores the personal data of the Subjects in accordance with the consents to the personal data processing received from the Subjects.

The Operator processes personal data only if there is at least one of the following conditions:

  • processing of personal data is carried out with the consent of the personal data subject to the processing of their personal data;
  • the processing of personal data is necessary for the execution of a contract to which the Subject of personal data is a party or beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
  • processing of personal data is necessary to exercise the rights and pursue legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated.

The operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law or the consent of the Subject.

The Operator may process personal data of personal data subjects for the following purposes:

  • to identify the Subject;
  • to offer Operator’s services, including in the form of a commercial offer;
  • o provide information about the services provided by the Operator;
  • to conduct marketing and other research by the Operator;
  • to receive data about visiting the web site https://www.uxssr.com in order to improve the offered service and ensure that using the web site is convenient for visitors;
  • to use web analytics tools to obtain data, as well as to analyze this data in order to improve the quality of the service provided;
  • to promote the Operator’s goods, works and services on the market through direct contact with a potential customer through the means of communication (in accordance with article 15 paragraph 1 of the Federal law No. 152-FZ “On personal data” dated 27.07.2006), including communications by email, SMS and other messages of advertising and informational.

IV. The principles of personal data processing

The processing of personal data by the Operator is carried out on the basis of:

  • legitimacy of the purposes and means of processing personal data;
  • good faith of the Operator as the operator of personal data, which is achieved by meeting the requirements of the legislation of the Russian Federation regarding the processing of personal data;
  • compliance of the composition and volume of the processed personal data, as well as the methods of processing personal data, with the stated purposes of processing;
  • the accuracy and sufficiency, and, if necessary, the relevance of personal data in relation to the stated purposes of their processing;
  • destruction of personal data upon achievement of the purposes of processing in a way that excludes the possibility of their recovery;
  • no combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other.

The Operator’s employees who are allowed to process personal data are obliged to:

  • Know and strictly comply with the provisions of the Russian Federation legislation in the field of personal data and this Policy;
  • Process personal data only as part of their official duties performance;
  • Not to disclose personal data processed by the Operator;
  • Report actions of other persons that may lead to a violation of the provisions of this Policy;
  • Report known facts of violation of the requirements of this Policy to the Operator.

The Operator ensures the security of personal data by carrying out agreed measures aimed at preventing (neutralizing) and eliminating threats to the security of personal data, minimizing possible damage, storing personal data in an encrypted system, regulating the access of Operator employees to personal data. 

V.Terms of personal data processing

The terms of personal data processing are determined based on the purposes of processing in the Operator’s information systems, in accordance with the validity period of the Operator’s contract with the Subject and/or the Subject’s consent to the processing of their personal data.

A condition for the termination of the processing of personal data may be the expiration of the consent of the Subject or the withdrawal of the consent of the Subject to the processing of their personal data, as well as the identification of unlawful processing of personal data.

VI. The circle of persons admitted to the processing of personal data

Only those employees of the Operator who are assigned a corresponding duty in accordance with their official (labor) duties are allowed to process personal data. Access of other employees may be granted only in cases stipulated by law. The operator requires its employees to respect the confidentiality and security of personal data when processing them.

The Operator has the right to transfer personal data to third parties in the following cases:

  • The subject of personal data has explicitly expressed his consent to such actions;
  • The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

At the same time, all obligations to comply with the terms of this Policy in relation to the data received by a third party pass to such third party.

At the reasoned request of the authorized body and in accordance with the current legislation, the subject’s personal data may be transferred without their consent:

  • in connection with the administration of justice to judicial authorities;
  • to the police, the Federal Security Service, the Prosecutor’s Office, the law enforcement and investigative bodies;
  • to other bodies and organizations authorized by the current legislation and applicable regulations in cases established in regulatory legal acts binding on the operator.

VII. Procedure and methods of personal data processing

In the process of providing services and carrying out its activities, the Operator uses automated processing of personal data, including the Bitrix24 CRM system.

Representatives of state authorities (including regulatory, supervisory, law enforcement and other bodies) get access to personal data processed by the Operator, to the extent and in accordance with the procedure established by the Russian Federation legislation.

As part of the processing of personal data, the Subject and the Operator have the following rights.

The subject has the right to:

  • receive information concerning the processing of their personal data in the manner, form and on terms established by the Federal Law “On Personal Data”;
  • demand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable, illegally obtained, not necessary for the stated purpose of processing or used for purposes not previously stated when the Subject provided consent to the processing of personal data;
  • take legal actions to protect their rights;
  • withdraw consent to the processing of personal data.

The operator has the right to:

  • process the Subject’s personal data in accordance with the stated purposes;
  • delegate the processing of personal data to another person with the consent of the Subject.

In case the fact personal data inaccuracy is confirmed or the fact that processing is illegal, personal data shall be updated by the Operator, and in case of illegality, processing must be terminated.

Upon achievement of personal data processing purposes, as well as in the case of the Subject’s consent withdrawal, personal data is subject to destruction, unless otherwise provided by another agreement between the Operator and the Subject.

The Operator is obliged to inform the Subject or their representative about the processing of the Subject’s personal data carried out by the Operator at the request of the latter.

The operator also has other rights and obligations established by the Federal Law “On Personal Data”.

VIII. Processing of data when visiting the Site.

In order to ensure the best operation of the Site, the Operator collects technical data from your device, including information about user actions on the Site, IP address, location data and cookies.

The basis for processing such data is the consent that the Subject expresses by continuing to use the site after notification of the use of cookies.

Cookies are small text files with information about visiting websites that the web browser stores on your device. If the Subject wants to prohibit the use of cookies, the Subject can leave the Site or change the settings of the web browser. Please note that prohibiting the use of cookies may lead to the fact that the functions of the Site may become unavailable or work incorrectly.

IX. Implementation of personal data protection

The Operator’s activity in processing personal data in information systems is inextricably linked with the Operator’s protection of the confidentiality of the information received. All employees of the Operator are obliged to ensure the confidentiality of personal data.

The security of personal data during their processing in information systems by the Operator is ensured by the information security system.

Ensuring the security of the processed personal data is carried out by the Operator within the framework of a single integrated system of organizational, technical and legal measures for the protection of information constituting a trade secret, taking into account the requirements The Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it.

The exchange of personal data in the course of its processing in information systems is carried out through communication channels protected by technical means of information protection.

When processing personal data in the Operator’s information systems, the following is ensured:

  • carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring the data to persons who do not have the right to access such information;
  • timely detection of unauthorized access to personal data;
  • prevention of the impact on the technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
  • the possibility of immediate recovery of personal data modified and destroyed due to unauthorized access to it;
  • constant monitoring of the level of personal data security;
  • appointment of officials responsible for organizing the processing and protection of personal data;
  • limitation of the number of persons who have access to personal data;
  • the Operator’s employees who process personal data know the requirements of the Russian Federation legislation on personal data as well as local acts on personal data processing.