1.2 This Policy applies to personal data received both before and after the approval of this Policy.
1.4 By registering using Digiboo's services, the User expresses their consent to the terms of this Policy.
1.5 If the User does not agree with the terms of this Policy, the use of the Website and its services or applications cannot be started by the User, or if it is started, it must be immediately terminated.
1.6 This Policy is a publicly available document, which declares the conceptual basis of the operator's activities in processing and protection of personal data.
2. Personal data processed by the operator
2.1 For the purposes of this Policy, personal data means:
2.1.1. Personal data received by the Operator for the execution of the agreement, a party to which, or a beneficiary or guarantor, under which the subject of personal data is.
2.1.2. Personal data received by the Operator in connection with the implementation of labor relations.
The terms and conditions for the termination of the processing and storage of the subject's personal data shall be determined in the manner prescribed by the laws of the Russian Federation. 2.3.
2.3 If the User withdraws their consent to the processing of their personal data, the Operator shall cease the processing or ensure the cessation of such processing and, if the preservation of personal data is no longer required for the purposes of personal data processing, destroy the personal data or ensure their destruction within a period not exceeding thirty days from the date of receipt of the specified withdrawal, unless otherwise provided by the contract, a party to which, the beneficiary or guarantor under which is the User.
2.4 The User provides the Operator with his personal data, including, but not limited to: Full name, telephone number, e-mail address, location address, gender, date of birth, details of electronic means of payment.
2.5 At the request of the Operator the User can be offered to give the additional data necessary for the Operator to fulfill his obligations to the User, which arise from the contract. The Operator has the right to request the User to provide a photo or scanned copy of his identification document as well as other additional information which, at the Operator's discretion, is considered necessary and sufficient for the identification of the User as well as for providing the security of the User's personal data, and also for excluding any possible attempts of abuse, violation of third parties' rights, for security measures of third parties' financial and property interests, etc.
2.6. the Operator uses "cookies" technology. "Cookies" do not contain confidential information and are not transferred to third parties. It also receives information about the IP address of the visitor of the https://www.digiboo.net website. This information is not used to identify the visitor and is not transferable to third parties.
2.7 The Operator can record telephone conversations with the User. In accordance with point 4 of article 16 of the Federal Law "On Information, Information Technologies and Information Security" the Operator is obliged to prevent the attempts of unauthorized access to the information and/or its transfer to persons who are not directly related to the execution of orders, detect and suppress such facts in time.
The User realizes that the Operator has the right not to inform the User about some information and circumstances connected with the operative investigation activities of the law enforcement bodies, both concerning the User and the third parties if the mentioned information and circumstances can constitute the secrecy within the investigation. 2.7.1.
2.8. The Operator can process the information obtained as a result of the User's activity on the site (posting of photos, including scans or photocopies of any documents, adding of video records, reviews and so on). For the purposes of executing agreements with the User, in cases where the latter is directly or indirectly a beneficiary or guarantor, processing of personal data may be carried out without the User's consent for those personal data that have been voluntarily received from the User, including agreements/contracts concluded between Digiboo and the User under click-wrap agreements technology such as signing an agreement by checking a box in the special field quadruple the User's consent. Checking a box means full agreement without any exceptions to all conditions of agreements, rules, policies, contracts, which are provided to the User for review and reading before putting a check mark in the special box.
2.8.1 By ticking the special box when entering into a click-wrap-agreement the User indicates the User's explicit and expressed consent to all conditions of the Operator, as a free expression of will and the User's ability to refuse the conditions in case of disagreement. In the absence of the User's consent, no agreement will be entered into, due to the fact that under no circumstances does Digiboo use the technology of pre-checked boxes on its forms.
2.9 The Operator acts reasonably and in good faith in believing that the User has all necessary rights (legal capacity, legal capability, including the ability to purchase goods and services with age restrictions or those requiring special permission from the User) allowing them to register and use the Site and services, as well as the Digiboo application, and believes that the User provides accurate information about themselves in the amounts necessary for registration and further use of the site and its services
2.9.1 The User understands that by posting reviews and comments, and photographs thereto, which by their nature and context are addressed to an indefinite number of individuals (Moderators of communities (groups, pages, etc.), other Users, Digiboo Website visitors, etc.) are made available for public viewing, copying and further distribution. Accordingly, such information should be reported and published by the User with particular selectivity at their discretion. The operator is not responsible for any moral or material harm that may be caused to the User by third parties as a result of any influence on the User with the use of their personal data published by the User himself on the site and its services, or in the Digiboo application.
3. Purposes of collecting, processing and storing personal data and the legal basis for processing personal data
3.1 The operator collects, processes and stores the personal data of the subject of personal data for the purposes of:
3.1.1 Performance of the contract. At the same time, in accordance with paragraph 5 of Part. The processing of personal data necessary to perform the contract, a party to which or a beneficiary or guarantor, under which the subject of personal data is a subject of personal data, as well as to enter into an agreement on the initiative of the subject of personal data or the contract under which the subject of personal data will be a beneficiary or guarantor, is carried out without the consent of the subject of personal data.
3.1.2. Implementation of the employment relationship.
3.1.3 Performing and exercising the functions, powers and duties imposed on the Operator by the legislation of the Russian Federation on the basis of and in accordance with Articles. 23, 24 of the Constitution of the Russian Federation; Federal Law "On Personal Data"; Federal Law "On Information, Information Technology and Information Protection" and other requirements of the legislation of the Russian Federation in the field of processing and protection of personal data.
3.2 The collection of personal data of the User is carried out on the Site when registering, as well as in the future, when the User inputs additional information about themselves on their own initiative with the tools of the Site.
3.3 Personal data of Users is stored only on electronic media.
3.4 Processing of personal data is based on the principles of:
a) the legitimacy of the purposes and methods of processing personal data;
b) good faith;
c) Compliance of the personal data processing objectives with the objectives predetermined and stated when collecting personal data, as well as with the Operator's authority;
d) compliance of the volume and nature of the processed personal data, the methods of personal data processing with the personal data processing objectives;
e) inadmissibility of aggregation of databases containing personal data, created for incompatible purposes.
4. Terms of processing of personal data and its transfer to third parties
4.1 The Operator processes personal data with and without the use of automated means.
4.2 The Operator has the right to transfer the personal data of the subject of personal data to third parties in the following cases:
4.2.1. The subject of personal data has explicitly expressed his or her consent to such actions.
4.2.2 The transfer is stipulated by the applicable laws of the Russian Federation in the framework of the established procedure
4.3 When processing the personal data of the subject of personal data, the Operator is guided by the Federal Law "On Personal Data", other requirements of Russian Federation legislation in the field of processing and protection of personal data, and this Policy.
4.4 Transborder transfer of personal data in foreign countries that do not meet the above requirements may be carried out only if the consent in writing of the personal data subject for the transborder transfer of his/her personal data and/or performance of the contract, to which the personal data subject is a party.
4.5. The User agrees that the Operator has the right to share his personal data with partners (for example, legal entities and individuals who use the Digiboo website, or organizations carrying out settlements between the User and the Website, or between the User and the Seller, or between the User and a Partner) and other third parties exclusively for the purpose of fulfilling an order or other action/instruction initiated by the User, executed on the Digiboo website while using the Personal Account. Such actions shall be carried out when, without the transfer of the User's personal data, there is no other technical possibility to carry out a transaction initiated by the User, or other operation that is presented for implementation at the choice and discretion of the User, within the framework of legal relations in which the User is directly or indirectly a beneficiary, or when legal relations arose due to the fact that the User was a beneficiary.
5. Rights of the subject of personal data
5.1 The subject of personal data has the right to receive information relating to the processing of their personal data, including containing:
5.1.1 Confirmation of the fact of processing of personal data by the Operator.
5.1.2 Legal basis and purpose of processing of personal data.
5.1.3 Methods of personal data processing used by the Operator.
5.1.4. Name and location of the Operator, information about persons (excluding the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law.
5.1.5. Processed personal data pertaining to the relevant personal data subject, the source of such data, unless other procedure for providing such data is provided by federal law.
5.1.6. terms of processing of personal data, including the terms of their storage.
5.1.7. Procedure for exercising by the subject of personal data the rights provided by this Federal Law.
5.1.8. Information about implemented or suspected cross-border data transfer.
5.1.9 Name or surname, first name, patronymic and address of the person processing the personal data on behalf of the operator, if processing is or will be assigned to such person.
5.2 The information relating to the processing of personal data of the subject of personal data, provided to the subject of personal data shall not contain personal data relating to other subjects of personal data, unless there are legitimate grounds for the disclosure of such personal data.
5.3 In accordance with the paragraph 3 of the Article 14 of the Federal Law "On Personal Data", the information relating to the processing of personal data on the subject of personal data may be provided to the subject of personal data, or his/her legal representative, by contacting or receiving the request of the subject of personal data or his/her legal representative.
5.3.1 The request must contain the number of the personal data subject's or his/her representative's main identification document, information about the date of issue of the said document and the issuing authority, information confirming the personal data subject's participation in contractual relations with the Operator (contract number, contract conclusion date, conventional word mark and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator, the signature of the personal data subject or his/her representative.
5.3.2 The request may be sent in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation.
5.4 The subject of personal data has the right to request the Operator to clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take statutory measures to protect his rights.
6. Information about implemented requirements to protection of personal data
6.1 The most important condition for realization of the Operator's goals is ensuring the necessary and sufficient level of security of information systems of personal data, observance of confidentiality, integrity and availability of processed personal data and preservation of data carriers, containing personal data at all stages of work with them.
6.2 The User, registered on the Site, receives individual identification by entering an SMS with an access code, sent by the Operator to the contact number indicated in the Personal profile. The User's individual identification allows to avoid unauthorized actions of third parties on behalf of the User and provides access to additional services. Passing the access code by the User to third parties is prohibited. The User is responsible for all possible negative consequences, in case of transferring the access code as well as the Personal Area credentials to third parties.
6.3 The Operator uses modern encryption technologies, which ensure the protection of personal information in certain areas of the Operator's websites during transmission via the Internet. The presence of encryption may be indicated by https in the browser URL or by the image of a closed lock or solid key in the browser window. These indications can be absent in mobile services, which use encryption technologies.
6.4 In order to protect payment card information, the Operator's payment partner uses secure networks, encryption or other protection of cardholder data, including physical and technical access control, monitoring and testing of security systems, and other information protection methods.
6.5 The conditions and regime of protection of information referred to personal data established at the Operator enable the protection of processed personal data.
6.6 In accordance with the applicable laws of the Russian Federation, the Operator has developed and put into effect a set of organizational, administrative, functional and planning documents regulating and ensuring the security of processed personal data.
6.7 The security regime for processing and handling of personal data was introduced, as well as the security regime for the premises where personal data carriers are processed and stored.
6.8 A person responsible for organization of personal data processing, administrators of personal data information systems and security administrator of personal data information systems were appointed, their responsibilities were defined and instructions for information security were developed.
6.9 The circle of persons entitled to process personal data was determined, instructions to users on personal data handling, anti-virus protection, and actions in crisis situations were developed.
6.10. Requirements for personnel and the degree of employees' responsibility for the security of personal data were determined.
6.11 Employees engaged in personal data processing were familiarized with provisions of the Russian Federation legislation on personal data security and requirements for personal data protection, documents determining the Operator's policy on personal data processing, local acts on personal data processing. The above employees shall be periodically trained in the rules of personal data processing.
6.12. Necessary and sufficient technical measures are taken to ensure security of personal data from accidental or unauthorized access, destruction, modification, blocking access and other unauthorized actions: 6.9.1 A system of access delimitation has been introduced.
6.12.2 Protection against unauthorized access to automated workplaces, information networks and personal data bases is established.
6.12.3 Protection against malicious software and mathematical influence is installed.
6.12.4 Information and databases are regularly backed up.
6.12.5. Information is transmitted over public networks using cryptographic protection of information.
6.13. The system of control over the processing of personal data and its security is organized. Checks of compliance of personal data protection system, audit of personal data protection level in personal data information systems, functioning of information protection means, identification of changes in personal data processing and protection mode are planned.
6.14. The access to the User's personal profile may be limited by the Operator in cases when the Operator becomes aware of the information that in the personal profile the transactions have been carried out or may be carried out with the use of payment means of third parties without their knowledge, or information that the User has compromised the personal data to enter the personal profile by persons who may cause harm to an indefinite range of third parties, or the User himself, in particular if there is a threat of theft of third parties' money b
6.15. The Operator doesn't bear responsibility for the harm which can be caused by the User to the third parties.
7. Access to the Policy
8. Updating and Approval of the Policy
8.1 The Policy shall be approved and put into effect by an administrative document signed by the Head of the Operator.
8.2 The Operator has the right to amend this Policy. When changes are made, the name of the Policy shall specify the date of the last update of the revision. The new version of the Policy comes into effect from the moment it is posted on the Operator's website, unless otherwise stipulated by the new version of the Policy.
8.3. This Policy and the relations between the subject of personal data and the Operator shall be governed by the applicable laws of the Russian Federation.
8.4. The current version of the Policy is valid indefinitely until it is replaced by a new version.