Policy processing of personal data of Users

This user personal data processing Policy (hereinafter referred to as the Policy) applies to all information, including the User's personal data, that USIES COMPANY LLC (hereinafter referred to as the Operator) may receive during the use of The software owned by the Operator.

1. Terms and definitions

The operator

means the limited liability company "company USIES", OGRN 5077746794186, location address: 115280, Moscow, Leninskaya Sloboda, 19, part of room 21E, room 56-59, organizing and (or) carrying out the processing of Personal Data independently or jointly with Partners, as well as determining the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.

Personal data

means any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

The user

an individual (subject of personal data) who uses the functionality of the Software in any way.

Закон

означает Федеральный закон от 27.07.2006 № 152-ФЗ «О персональных данных».

Software

any software (computer programs, mobile applications, etc.) produced under the trademark "r_keeper", as well as any computer services and Internet resources, the rightholder of which is the Operator.

Processing of Personal data

means any action (operation) or a set of actions (operations) performed with or without the use of automation tools with Personal data, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal data.

Partner

A legal entity or individual entrepreneur who, together with the Operator, provides services to the User in the scope of the functionality of the Software.

The group of Sberbank of Russia

PJSC "Sberbank of Russia" legal entities and individuals, which are subsidiaries and dependent companies (SDCs) PJSC Sberbank. The list of subsidiaries and affiliates of Sberbank is listed on the official website of Sberbank www.sberbank.ru

Delivery Club

LLC " Delivery club "(OGRN 1097746360568 TIN 7705891253, location address 125167, Moscow, Leningradsky Prospekt, house 39 building 80, floor 7 POM \ 1-6, 8, 9)

2. General provisions

1. This Policy defines the rules and principles of Personal data processing, as well as contains information about the measures implemented by the Operator in order to protect Personal data.
2. The operator does not control and is not responsible for the information of third parties posted on the sites to which the User can click on the links available in the Software. On such sites and resources, other Personal data may be collected or requested from the User.
3. This Policy is published by the Operator in compliance with the norms of the current legislation of the Russian Federation, including article 18.1 of the Law.
4. This Policy is subject to revision and updating at least once every 3 (three) years or when legislation changes. The Policy is kept up-to-date by an employee of the information security Department.

3. User's Personal data collected and processed by the Operator

1. The operator collects and processes the following personal data of Users:
   • last name, first name, patronymic;
   • IP address;
   • e-mail;
   • date of birth;
   • the post;
   • place of work;
   • place of work;
   • type of smartphone and its operating system;
   • location city;
   • device type and type of operating system;
   • the cookie data.

4. Purpose of Personal data processing

1. The operator processes only those Personal data that are necessary for the use of the Software or the execution of contracts with the User.
2. The processing of Personal data is carried out for the following purposes:
   • creating accounts, granting access to accounts;
   • communication with the User to send notifications, requests and information related to the operation of the Software, the implementation of agreements with the User, his requests and requests;
   • analysis and research in order to improve the functioning of the Software, including its quality, convenience, as well as the development of new services and services within the Software;
   • personalization of advertising offers based on the information available about the User based on the received metric data (for example, Yandex. Metrica, Google Analytics, etc.);
   • payment for goods and services on the Operator's Internet resources.
   • provision of services by the Operator's Partners.

5. Terms of Personal data Processing and transfer to third parties

1. The processing of personal data of Users is carried out within the period necessary to achieve the goals defined by this Policy, in any legal way, including in Personal data information systems using automation tools or without using such tools.
2. The processing of personal data of Users is allowed only with the consent of the subject of personal data in the manner and to the extent provided for by Law and determined by the purposes Of processing Personal data.
3. The operator has the right to provide the User's Personal data, including entrusting the Processing of Personal data, to the following third parties on the basis of contracts concluded with them:
   • Partners, as well as other contractors, service providers and other third parties who are engaged by the Operator to provide a set of works, services and (or) other actions for the purpose of functioning, improving and performing other actions in relation to the Software.
   • Partners who sell copies of the Software on the basis of a license agreement concluded with the Operator.
   • Delivery Club
   • The group of Sberbank.

Information about the implemented requirements for the protection of personal data

1. The security of Personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary and sufficient to meet the requirements of Federal legislation in the field of personal data protection, identification and prevention of incidents related to unauthorized access to personal data and illegal actions with them.
2. To purposefully create unfavorable conditions and insurmountable obstacles for violators trying to carry out unauthorized access to personal data in order to obtain, modify, block, destroy, infect with malicious program code and perform other unauthorized actions, the Operator applies the following organizational and technical measures:
   • appointment of officials responsible for organizing the processing and ensuring the security of personal data;
   • limitation of the number of employees who process personal data and have access to personal data in the performance of their work duties, regulation of the procedure for granting such access;
   • familiarization of employees with the requirements of the legislation and internal regulatory documents of the Operator on the processing and protection of personal data;
   • ensuring the accounting and storage of material carriers of personal data and establishing the procedure for handling them, aimed at preventing their theft, substitution, unauthorized copying and destruction;
   • identification of security threats to personal data during their processing, formation of private threat models based on them and constant maintenance of their relevance;
   • development of a personal data protection system based on the threat model for the appropriate level of personal data security;
   • regular verification of the readiness and effectiveness of the information security tools used;
   • implementation of a permissive system for user access to information resources, software and hardware for processing and protecting information;
   • password protection of users ' access to the personal data information system;
   • registration and accounting of actions of users of personal data information systems;
   • application of access control tools to communication ports, I / o devices, removable machine media and external storage devices;
   • use of cryptographic information protection tools, if necessary, to ensure the security of personal data when transmitting over open communication channels and storing on machine-based data carriers;
   • implementation of anti-virus control, prevention of introduction of malicious programs and software bookmarks into the corporate network;
   • application of inter-network shielding;
   • detection of intrusions into the Operator's corporate network that violate or create prerequisites for violating the established requirements for ensuring the security of personal data;
   • analysis of the security of information systems of personal data of the Operator using specialized software (security scanners);
   • centralized management of the personal data protection system;
   • backup of information;
   • ensuring the recovery of personal data modified or destroyed as a result of unauthorized access to them;
   • training of employees using information security tools used in personal data information systems, the rules of working with them;
   • accounting of the applied means of information protection, operational and technical documentation to them, machine carriers of personal data;
   • use of information security tools that have passed the procedure for assessing compliance with security requirements in accordance with the established procedure;
   • systematic monitoring of user actions, conducting proceedings on violations of personal data security requirements;
   • placement of technical means of processing personal data within the protected area;
   • organization of access control to the Operator's territory, protection of premises and proper technical means of personal data processing;
   • maintenance of technical means of security, alarm of premises in a state of constant readiness, video surveillance.

6. Final provisions

1. Other rights and obligations of the Operator related to the processing of personal data are determined by Law.
2. Officials of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil and criminal liability in accordance with the procedure established by the legislation and internal regulatory documents of the Operator.
3. You can send an appropriate request within the framework of the implementation of the User's rights in relation to your Personal Data or leave your comments and suggestions regarding the terms of this Policy by sending a message to the email addressrkeeper@rkeeper.ru.