Tilda Publishing
PERSONAL DATA PROCESSING POLICY

Date of posting on the Website 06/04/ 2018

This Personal Data Processing Policy (hereinafter referred to as the Policy) defines the general principles and the procedure for processing the Personal Data of Users of the Website and the Program and measures to ensure its safety in Limited Liability Company "SURETLY".


TERMS AND DEFINITIONS

The parties use the following terms in the meaning indicated below:

a) Data means other data about the User (not included in the concept of the Personal Data).

b) Legislation means the applicable legislation of the Russian Federation.

c) Operator means "SURETLY" LLC, independently or jointly with other persons organizing and (or) carrying out the Personal Data processing, as well as defining the purposes of the Personal Data processing, the content of the Personal Data to be processed, the actions (operations) performed with the Personal Data.

d) Personal Data means any information related to the directly or indirectly defined or definable individual (User).

e) User means a person who has access to the Website, the Program through the Internet.

f) Provision of Personal Data means actions aimed at disclosure of the Personal Data to a certain person or a certain group of persons;

g) Program means a computer program available in the form of a mobile application. The Program is installed on the Licensee's device by downloading from the AppStore or GooglePlay.

h) Website means a website owned by the Operator and located on the Internet at https://suretly.com.

i) Personal Data Owner means the User (an individual) to which the Personal Data refers.

Other terms are used in accordance with the License Agreement posted on the Website at https://suretly.com



1. GENERAL PROVISIONS

1.1. This Policy regarding the Personal Data processing is developed in accordance with the provisions of Federal Law No. 152-FZ dd. July 27, 2006 "On Personal Data" (as amended), other legislative and regulatory legal acts, and determines the procedure for working with the Personal Data of Users and (or) transmitted by Users and requirements to ensure its security.

1.2. Activities to ensure the security of the Personal Data are an integral part of the Operator's activities.



2. PERSONAL DATA PROCESSING PRINCIPLES

2.1. The Personal Data shall be processed by the Operator in accordance with the following principles:

1. Legality and fair basis for the Personal Data processing. The Operator takes all necessary measures to comply with the requirements of the Legislation, does not process the Personal Data in cases where this is not allowed by the Legislation, does not use the Personal Data to detriment of the User.

2. Processing only that Personal Data which meets the previously announced purposes of its processing. Conformity of the content and volume of the processed Personal Data to the stated processing purposes. Preventing processing the Personal Data incompatible with the purposes of Personal Data collecting, as well as excessive in relation to the stated purposes of its processing.

The Operator processes the Personal Data solely for the purpose of fulfilling the contractual obligations towards the User.

3. Ensuring the accuracy, adequacy and relevance of the Personal Data in relation to the purposes of the Personal Data processing. The Operator shall take all reasonable measures to maintain the relevance of the Personal Data being processed, including but not limited to the implementation of the right of each Owner to receive its Personal Data for review and to require the Operator to clarify, block or destroy it in case the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purposes.

4. Storage of the Personal Data in a form allowing to identify the User of the Personal Data, but not longer than it is required by the Personal Data processing purposes, unless the period of storage of the Personal data is established by the federal law, an agreement to which the User of the Personal Data is a party or beneficiary.

5. Inadmissibility of combining the Personal Data Information System Databases created for incompatible purposes.



3. PERSONAL DATA PROCESSING CONDITIONS

3.1. Personal Data processing by the Operator is allowed in the following cases:

3.1.1. In the presence of the User's consent to process its Personal Data. The consent shall be given by activation of the check-box "I have read and agreed with the terms of the License Agreement and the Personal Data Processing Policy" or by signing the documents with the Lender.

3.1.2. Personal Data is subject to publication or mandatory disclosure in accordance with the Legislation.

3.2. The Operator shall not disclose to third parties or distribute the Personal Data without the consent of the User, unless otherwise provided by the Legislation.

3.3. The Operator does not process the Personal Data relating to special categories and relating to race and nationality, political views, religious or philosophical beliefs, health status, intimate life of the Personal Data Owner, the Personal Data Owner's membership in public associations, except as expressly provided by the Legislation.

3.4. The Operator carries out the cross-border transfer of the User's Personal Data to the United States of America and Kazakhstan.

3.5. By providing Users with the opportunity to use the Website, the Program, the Operator, acting reasonably and in good faith, believes that the User:

3.5.1. Has all the necessary rights that allow it to register and authorize on the Website, in the Program and use it.

3.5.2. Recognizes that information on the Website, in the Program, placed by the User about itself, in particular its surname, name, location at a certain point in time, is or may be accessible by other Users of the Website, the Program and Users of the Internet, may be copied and distributed by such Users.

3.5.3. Recognizes that certain types of information transferred to other Users cannot be deleted by the User itself.

3.6. The Operator does not check the reliability of the received (collected) information about the Users, except for the cases when such verification is necessary for the purpose of complying with the provisions of the current applicable law and/or obligations towards the User.



4. PERSONAL DATA AND OTHER DATA COLLECTION AND PROCESSING

4.1. The Operator collects and stores only that Personal Data which is necessary for providing services to the User, for sending information and advertising materials to the User through the Website, the Program. With regard to the abovementioned, Personal Data can be collected both through the Website, the Program, and at the Operator's office.

4.2. The Operator processes the Personal Data for the purpose of:

4.2.1. Performance of activities provided for by the Articles of Association of the Company, current legislation of the Russian Federation, performance of contractual obligations towards the User.

4.2.2. Distribution of materials of information and advertising nature to the User.

4.2.3. For communication with Users, if necessary, including for sending notifications, information and requests related to the provision of services, as well as for processing applications, requests and applications of Users.

4.2.4. Improvement of the quality of services provided by the Operator.

4.2.5. Promotion of services in the market through direct contacts with Users.

4.2.6. Conducting statistical and other studies on the basis of anonymized personal data.

4.3. The Operator processes the following Personal Data:

4.3.1.

a) name;

b) surname;

c) e-mail address;

d) phone;

e) passport details;

f) date of birth;

g) place of work:

h) IP-address;

i) bank card details;

j) photo;

k) family status;

l) INN (Taxpayer Identification Number);

m) SNILS (Insurance Number of Individual Ledger Account).

4.3.2. Data, additionally provided by the User at the request of the Operator sent to the User in case of necessity, for example for the purpose of suppressing violation of rights and legitimate interests of third parties. The Operator is entitled, in particular, to request from the User a copy of the identity document or other document containing the User's name, surname, photo, as well as other additional information that, at the Operator's discretion, will be necessary and sufficient to identify such User and will exclude abuses and violations of the rights of third parties.

4.4. For the purposes specified in paragraphs 4.2.1-4.2.6 of the Agreement, the Operator processes the following other information/data:

4.4.1. Standard technical and other data automatically received by the Operator when the User accesses the Website, the Program and subsequent actions of the User on the Website, in the Program (location at a certain point in time, the IP address, the type of the operating system of the User's device, the sections of the Website visited by the User).

4.4.2. Information additionally posted by Users on the Website, in the Program, including photos, comments, other information about themselves.

4.4.3. Information obtained as a result of the User's actions on the Website, in the Program.

4.4.4. Information obtained as a result of the other Users' actions on the Website, in the Program.

4.5. Confidentiality of the Personal Data and other User Data shall be preserved, except when this data is publicly available.

4.6. The Operator has the right to keep an archive copy of the Personal Data and other Data, including after the User's account has been deleted.

4.7. The Operator has the right to transmit the Personal Data and other User Data to the following persons without the User's consent:

4.7.1. State bodies, including the bodies of inquiry and investigation, and local self-government bodies on their reasoned request.

4.7.2. To the Operator's Partners for the purpose of fulfilling the contractual obligations towards the User.

4.7.3. In other cases stipulated by the applicable legislation of the Russian Federation.

4.8. The Operator has the right to transfer the Personal Data and other Data to third parties not specified in clause 4.7 of this Policy in the following cases:

4.8.1. The User expressed its consent to such actions.

4.8.2. The transfer is necessary in the framework of the User's use of the Website, the Program.

4.8.3. Transfer occurs in the framework of a sale or other transfer of business (in whole or in part), while all obligations to comply with the terms of this Policy pass to the purchaser.

4.9. The Operator automatically and manually processes the Personal Data and other Data.

4.10. Access to information systems containing the Personal Data is provided by a password system. Passwords are set by the Operator's authorized employees and are individually communicated to the Operator's employees who have access to the Personal Data/Data.

4.11. Upon receipt by the Personal Data Operator of a request containing Personal Data Owner's withdrawal of the consent to process the Personal Data, the Operator shall, within 30 (thirty) calendar days from the date of receipt thereof, delete the Personal Data.

Personal Data of the User is deleted from the Website, from the Program when the Operator deletes information placed by the User, as well as the User's Online Account upon the User's request or on its own initiative in cases provided for by the License Agreement. After the User's Personal Data is deleted from the Website, the Program the Operator stores it on its electronic media during the period established by the legislation of the Russian Federation.

4.12. The Operator is not liable for the disclosure of the User's Personal Data by other Users of the Website, the Program and users of the Internet, who have access to such data. The Operator recommends Users to take a responsible approach to the issue of the amount of information about themselves posted on the Website, the Program.



5. CHANGE OF THE PERSONAL DATA

5.1. The User may at any time change (update, supplement) the Personal Data, information about itself in its Online Account on the Website, in the Program provided that such changes and corrections contain up-to-date and reliable information, by sending a written application to the Operator or making changes in its Online Account on the Website, in the Program.

5.2. The User has the right to delete at any time the Personal Data / Data.



6. CONFIDENTIALITY OF PERSONAL DATA

6.1. The Operator ensures the confidentiality of the Personal Data / Data processed by it in accordance with the procedure provided for by the Legislation. Confidentiality is not required for:

6.1.1. Personal Data after its depersonalization.

6.1.2. Personal Data, to which the User gives access to an unlimited circle of persons or at its request (hereinafter - the Personal Data made public by the User).

6.1.3. Personal Data subject to publication or mandatory disclosure in accordance with the Legislation.

6.1.4. It is not a violation of the confidentiality of the Personal Data when the Operator provides information to third parties acting on the basis of a contract with the Operator to fulfill obligations towards the User.



7. USER'S CONSENT TO PERSONAL DATA PROCESSING

7.1. The User makes a decision to provide its Personal Data to the Operator and agrees to its processing freely, by its own will and in its interest. Consent to the Personal Data processing must be specific, informed and conscious and provided by the User during its registration on the Website, in the Operator's Application or during acceptance of the agreement with the Operator, as well as in any form confirming its receipt, unless otherwise provided by the Legislation.

7.2. Personal Data of persons entered into contractual obligations with the Operator, contained in unified state registers of legal entities and individual entrepreneurs, are public and generally available, with the exception of information on the number, date of issue and the body that issued the identity document of the individual. Protection of its confidentiality and consent of Users for processing are not required.

7.3. In case of requests from organizations that do not have the appropriate authority, the Operator must obtain the User's prior consent for disclosure of its Personal Data and warn those who receive the Personal Data that this data can only be used for the purposes for which they are communicated and also require these persons to confirm that this rule will be (was) observed.



8. RIGHTS OF THE PERSONAL DATA OWNERS

8.1. The User has the right to receive information regarding its Personal Data/Data processing. The User has the right to require the Operator to specify its Personal Data, block or destroy it in case the Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and to take legal measures to protect its rights.

8.2. If the User considers that the Operator processes its Personal Data in violation of the requirements of the Legislation or otherwise violates its rights and freedoms, the User has the right to appeal against the actions or inaction of the Operator in the authorized body on the protection of the Rights of the Personal Data Owners or in the courts.

8.3. The User has the right to protect its rights and legitimate interests, including compensation for damages and (or) compensation for moral damage in the courts.



9. THIRD PARTY PERSONAL DATA USED BY USERS

9.1. While using the Website, the Program, the User has the right to enter data of the third parties to receive the distribution of materials of an advertising and information nature.

9.2. The User undertakes to obtain the prior consent of the Personal Data Owner for its use through the Website, the Program. The User is solely responsible for the absence of such consent.

9.3. The Operator undertakes to take the necessary actions to ensure safety of the Personal Data of third parties entered by the User.

10. OTHER PROVISIONS

10.1. The law of the Russian Federation is applicable to this Policy and the relationship between the User and the Operator arising in connection with the application of the Policy.

10.2. All possible disputes are subject to resolution in accordance with the Legislation at the place of registration of the Operator. Before applying to the court, the User must observe the mandatory pre-trial procedure and send the relevant claim to the Operator in writing. The term for response to the claim is 30 (thirty) working days.

10.3. If, for one reason or another, one or more of the provisions of the Policy are found to be invalid or unenforceable, this does not affect the validity or applicability of the remaining provisions of the Privacy Policy.

10.4. The Operator has the right to amend unilaterally this Policy at any time (in whole or in part) without prior agreement with the User. All amendments take effect on the next day after posting on the Website.

10.5. The User undertakes to monitor independently the changes in the Privacy Policy by reviewing the current version.



11. CONTACT INFORMATION OF THE OPERATOR

"SURETLY" LLC

INN (Taxpayer Identification Number): 5407966196

KPP (Taxpayer Record Validity Code): 540701001

OGRN (Primary State Registration Number): 1135476107348

Location: Novosibirsk, ul. Chaplygina, 47, 3rd floor, office 3

Mailing address in the Russian Federation (with the post code): 630099, Novosibirsk, ul. Chaplygina, 47, 3rd floor, office 3

E-mail: ev@suretly.com

Made on
Tilda