Privacy Policy - RED SOFT

PRIVACY AND DATA PROCESSING POLICY

RED SOFT website
(https://red-soft.com/)

  1. TERMS AND DEFINITIONS

For all types of use in this document, the following capitalized terms shall have the meanings set forth in this section, regardless of whether they appear in the singular or plural.

All capitalized terms not defined in this section shall have the meaning assigned to them in other sections of this document, as well as in other documents governing the use of the Website (as defined below).

  • «The Policy» is this Privacy and Data Processing Policy (as amended and supplemented from time to time).
  • «The Company» («Operator«) is RED SOFT Limited Liability Company (Primary State Registration Number (OGRN): 5147746028216, Taxpayer Identification Number (INN): 9705000373), established under the laws of the Russian Federation and registered at the following address: 121205, Moscow, Skolkovo Innovation Center, Nobel Street, Building 5, Floor 2, Room 4.
  • «The Website» is the Company`s website located on the Internet at: https://red-soft.com/.
  • «The User» is any person who accesses the Website via the Internet and uses the Website for his/her own purposes.
  • «The Applicable Law» is the national and international legal acts applicable to the User`s interaction with the Website, including but not limited to:
    • The Constitution of the Russian Federation;
    • The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (signed in Strasbourg on January 28, 1981);
    • Federal Law No. 149-FZ dated July 27, 2006 «On Information, Information Technologies and Information Protection»;
    • Federal Law No. 152-FZ dated July 27, 2006 «On Personal Data»;
    • Federal Law No. 59-FZ dated May 2, 2006 «On the Procedure for Considering Appeals of Citizens of the Russian Federation»;
    • Decree of the Government of the Russian Federation No. 1119 dated November 1, 2012 «On Approval of the Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems»;
    • Order of the Federal Service for Technical and Export Control of the Russian Federation No. 21 dated February 18, 2013 «On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during Their Processing in Personal Data Information Systems».

The Applicable Law may also include the legislation of foreign states if such acts establish the principle of extraterritorial application: for example, Brazil`s General Data Protection Law (Lei Geral de Proteção de Dados, LGPD) and the European Union`s General Data Protection Regulation (GDPR).

  • «Personal Data» («PD«) are any information relating to an identified or identifiable natural person that qualifies as personal data under the Applicable Law.
  • «A PD Subject» is a natural person who is the subject of Personal Data as defined by the Applicable Law.
  • «PD Processing» is any operation or set of operations performed on Personal Data with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of Personal Data.
  • «Consent to PD Processing» («Consent«) is the User`s (PD Subject`s) freely given, specific, and informed expression of will that authorizes the Operator to process Personal Data under the conditions set forth in the Policy, to the extent and for the purposes authorized by the User. The text of the Consent is always available on the Website at: https://red-soft.com/privacy-policy. The terms of the Consent shall apply, in each specific case, to the purposes indicated by the User when using the functionality of the Website through which the PD is collected. The User specifies the purposes of PD Processing by checking the appropriate boxes in the corresponding interface element.
  • «The IP Address» is a unique network address of a node in a computer network operating under the IP (Internet Protocol).
  • «A Cookie File» is a text file placed by the web server in the memory of the User`s device and used to personalize Website services and enhance User convenience. Cookie files do not contain personal data; they only record User actions.
  1. GENERAL PROVISIONS
    • This Policy has been developed in accordance with the requirements of legal regulations on information protection and defines the procedure for data processing and the measures taken by the Company to ensure data security.
    • The Policy and the relationship between the User and the Company shall be governed by the laws of the Russian Federation. The Company makes every effort to comply with international best practices in data processing and information security.
    • The processing of PD on the Website is carried out in accordance with the Applicable Law.
    • The legal bases for PD Processing obtained from the User via the Website are as follows:
      • Consent to PD Processing;
      • other grounds where consent to PD Processing is not required under the Applicable Law.
    • This Policy applies only to the Processing of PD via the functionality of the Website. The Company does not control and is not responsible for third-party websites that the User may access via links available on the Website.
    • A User who provides the Operator with Consent to Process PD submitted via the Website functionality (including filling out web forms and submitting data to the Company through the Website):
      • confirms that their decision to provide Personal Data to the Company is made independently, and that the Consent to PD Processing is specific, informed, deliberate, and unambiguous;
      • expresses their full and unconditional acceptance of the terms of PD Processing provided in the Policy. If the User does not agree with the terms of the Policy, they must refrain from providing their PD to the Operator via the Website.
    • By providing their Personal Data and giving Consent to PD Processing, the User confirms that he/she is acting voluntarily, of his/her own free will and in his/her own interest, and confirms his/her legal capacity.
    • By providing his/her Personal Data, the User agrees that the Personal Data provided will be processed by the Company both with and without the use of automated means. This Policy applies to all operations performed by the Company on User PD using automation tools.
    • The Company does not verify the accuracy of the PD provided by the User via the Website and assumes that the User provides accurate and sufficient PD and keeps it up to date. The User is fully responsible for the consequences of providing inaccurate or invalid PD or failing to update his/her PD.
    • Personal Data are stored by the Company within the territory of the Russian Federation.
    • The Company collects and stores only the minimum amount of PD necessary for Users to use the Website.
  1. CATEGORIES OF PERSONAL DATA AND PD SUBJECTS BEING PROCESSED
    • The User (PD Subject) provides PD by filling out special web forms available on the Website pages or by other means provided through the Website functionality. Depending on the web form completed by the User, the fields in such a form may require the following information (separately or in any combination):
      • last name, first name;
      • phone number;
      • email address.
    • The Company also takes measures to protect PD automatically transmitted during visits to Website pages, including from Cookie Files:
      • The IP address assigned to the User`s device at the time of visiting the Website;
      • session data obtained.
    • If the Company is unable to associate the information specified in Sections 3.1.-3.2. of the Policy with a Website User (a natural person), the Company will not consider such information to be Personal Data.
    • The Company does not process PD that are classified as special categories of personal data under the Applicable Law.
  1. PURPOSES OF PERSONAL DATA PROCESSING
    • The Company is entitled to process PD for the following purposes:
      • providing information and materials about the Company`s products and services;
      • communicating with the User in connection with his/her use of the Company`s Product (including for technical support purposes);
      • ensuring the functionality and security of the Website, verifying User actions, preventing fraud, cyberattacks, and other unlawful acts, and investigating such incidents.
  1. CONDITIONS FOR PD PROCESSING AND TRANSFER TO THIRD PARTIES
    • User PD shall remain confidential, except where the User voluntarily discloses such data for public access to an unlimited number of persons.
    • PD shall be stored in a form that allows the identification of the PD Subject for no longer than necessary to achieve the purposes of PD Processing as set out in the Policy.
    • The Website may transfer the User’s PD to third parties in the following cases:
      • The User has given consent to such actions, and such consent meets the requirements of specificity, purposefulness, awareness, deliberateness, and unambiguity;
      • The transfer of PD is necessary for the User’s use of a specific service or for the performance of a contract (agreement) with the User;
      • The PD are transferred to a party that has acquired exclusive rights to the Website (in the event of such transfer);
      • The transfer of PD is provided for under the Applicable Law through the established procedure.
    • The Company undertakes to cease PD Processing and destroy such data within the period and under the conditions set by the Applicable Law in the following cases:
      • upon receipt of a relevant written request from the User;
      • if the storage of PD is no longer necessary for the purposes of PD Processing;
      • upon achievement of the purpose of PD Processing.
    • If the User withdraws his/her consent to PD Processing, the Company shall have the right to continue PD Processing without the User`s consent only if there are grounds explicitly provided for by the Applicable Law that permit PD Processing without the PD Subject`s consent.
  1. COMPANY OBLIGATIONS
    • The Company shall:
      • upon request from the PD Subject, provide information regarding the Processing of PD related to the PD Subject, or issue a reasonable refusal to provide such information.
      • ensure the lawfulness of PD Processing.
      • take the necessary and reasonably sufficient measures to fulfill its obligations as a Personal Data operator.
      • upon request from the PD Subject, update, block, or delete PD that are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the declared purpose of processing.
      • in the event of the withdrawal of consent by the PD Subject, cease PD Processing and destroy the data. Exceptions apply where PD Processing may continue in accordance with the Applicable Law.
  1. BASIC RIGHTS OF THE PD SUBJECT
    • The PD Subject has the right to:
      • request and obtain from the Company information regarding the Processing of PD related to him/her;
      • demand that the Company update, block, or delete his/her Personal Data if such PD are incomplete, outdated, inaccurate, unlawfully obtained, or not required for the declared purpose of processing, and take legal measures to protect his/her rights;
      • withdraw his/her consent to PD Processing.
  1. MEASURES TO ENSURE DATA SECURITY DURING PROCESSING
    • The main objective of securing personal data during PD Processing by the Company is to prevent unauthorized access by third parties, as well as to prevent intentional software or technical impacts intended to steal, destroy, or distort personal data during processing.
    • The Company takes necessary and sufficient measures to protect PD from unlawful or accidental access, destruction, modification, blocking, copying, distribution, and any other unauthorized actions by third parties.
    • Data security is ensured, in particular, through:
      • the identification of threats to PD security during processing in information systems;
      • the implementation of organizational and technical measures necessary to ensure PD security during processing in information systems, in accordance with the protection levels established by the Government of the Russian Federation, the implementation of which ensures compliance with such levels;
      • establishing rules for access to PD processed in the information system, and ensuring the registration and logging of all actions performed on PD in the information system;
      • the use of information protection tools that have undergone conformity assessment procedures;
      • assessing the effectiveness of measures taken to ensure PD security before the information system is put into operation;
      • the detection of unauthorized access to PD and taking appropriate measures;
      • monitoring of the implemented PD protection measures and the level of security of information systems;
      • the restoration of PD that have been modified or destroyed as a result of unauthorized access.
    • To maintain adequate PD protection, the Company conducts internal monitoring of the effectiveness of the PD protection system and compliance with the procedure and conditions for PD Processing and protection as required.
    • Internal monitoring includes:
      • monitoring the condition of technical and software tools used as part of the PD protection system;
      • monitoring compliance with PD security requirements (those set forth by legal regulations and internal policies governing PD Processing and protection, as well as requirements stipulated in contracts).
  1. COOKIE FILES
    • The Website recognizes Cookie Files stored in the User’s device memory and may assign unique identifiers to the User’s devices, which the Company may use to create a database of User actions and preferences (such as visit frequency, return patterns, and preferences on the Website).
    • The User may, via a pop-up banner when visiting the Website or through browser settings, allow all Cookie Files integrated into pages, block them, enable use on request, or accept or reject Cookie Files. Cookie management varies depending on the web browser used.
    • By using Cookie technology, the Company does not store or use any specific User data. The Website User may configure his/her web browser to refuse registration of requests to the Website or to display warnings when such registration is attempted. Disabling Cookies may result in the inability to access the Website.
  1. LIABILITY
    • The Company is liable for the intentional disclosure of Personal Data in accordance with the Applicable Law, except in cases provided for in the Policy.
    • In the event of loss or disclosure of Confidential Information, the Company shall not be held liable if such information:
      • became public prior to its loss or disclosure;
      • was obtained from a third party before it was received by the Company;
      • was disclosed with the User`s consent;
      • was obtained by third parties as a result of unauthorized access to Website files.
    • The User is responsible for the legality, accuracy, and reliability of the Personal Data provided in accordance with the Applicable Law.
  1. DISPUTE RESOLUTION
    • If disagreements cannot be resolved through pre-trial procedures, the dispute shall be submitted to a court in accordance with the Applicable Law.
    • The Company reserves the right to amend the Policy at any time without prior notice to the Partner. Amendments shall take effect from the date the updated version of the Policy is published on the Website.
  1. REQUESTS AND INQUIRIES
    • If the User wishes to update his/her Personal Data, block or delete it in cases where the PD is incomplete, outdated, inaccurate, unlawfully obtained, or not required for the declared processing purpose, or if the User wishes to withdraw his/her consent to PD Processing or eliminate unlawful actions by the Company regarding his/her Personal Data, the User must send an official request to the Company at the following address: info@red-soft.ru. The request must include the following information:
      • last name, first name;
      • details of the primary identity document of the User (PD Subject or their representative);
      • information confirming the User`s involvement in a relationship with the Company or other information confirming the fact of the Company`s PD Processing with respect to the User.
    • If the request is submitted electronically, it must be formatted as an electronic document and signed with an enhanced electronic signature.
    • The response time to PD Subject inquiries is determined in accordance with the Applicable Law.
  1. FINAL PROVISIONS
    • The publication date of the Policy shall be the date it is posted on the Website. The Company reserves the right to amend the Policy at any time without the User`s consent. The new version of the Policy shall take effect on the date it is posted on the Website, unless otherwise provided in the new version.
    • All proposals or questions regarding this Privacy Policy should be submitted to the following email address: info@red-soft.ru.