The "Privacy Policy" (hereinafter referred to as the Policy) is a document defining the procedure for processing, systematization and disclosure of information provided by Users of the Application to the Contractor, including personal information of Users, as well as information about the requirements for the protection of personal information being implemented.
The Policy is an integral part of the License Agreement with the users of the mobile application "Mission: save the New Year" - a document whose text is located at the url: http://project4961537.tilda.ws (hereinafter referred to as the License Agreement).
1. General provisions
1.1. The terms and definitions used in the License Agreement are applicable according to the text of the Policy.
1.2. The processing of the User's personal data is carried out in any legal way, including in personal data information systems with or without the use of automation tools. The processing of personal data by the User is carried out in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", as well as the General Data Protection Regulation (GDPR) of the European Union.
1.3. By registering in the Application, the User gives his consent to the collection, storage and processing of his personal information obtained during the registration and use of the Application, as well as consent to the processing of personal data of a minor using the Site whose parent (or legal representative) is the User. Such consent does not set deadlines for data processing. In accordance with Part 2 of Article 6 of the Federal Law of July 27 , 2006 No. 152-FZ "On Personal Data" the processing of personal data of Users is carried out for the purpose of fulfilling this Agreement. Personal information of Users is not subject to dissemination, except in cases provided for by the legislation of the Russian Federation. The User has the right to fully or partially withdraw his consent to the collection, storage and processing of his personal data at any time by sending a corresponding written application to the Contractor at the intellegent.games@gmail.com. In this case, all information received from the User (including Account Information) is deleted from the Contractor's client base within 30 (Thirty) business days from the date of receipt of the application by the Contract.
1.4. The Contractor does not process special categories of personal data, any such data may be requested by the Contractor only in an impersonal form and only to provide appropriate benefits to Users of the Site. Anyway, by registering on the Website or in the Application, taking into account the provisions on the use of a simple electronic signature contained in the License Agreement with the User, the subject of personal data (including the parent or legal representative of the subject) is recognized as having consented to the processing of his personal data (data of a minor, whose parent or legal representative he is) in writing.
1.5. If the User has not reached the age of 16, consent to the processing of his data must be given or approved by a person with parental responsibility for the child. If the parents and/or legal representatives of a minor have become aware that he, without their consent, left personal data on the Website and/or in the Application, they should contact the Contractor or the data protection inspector appointed by the Contractor with an application for the deletion of the minor's data. The deletion of all personal data of a minor will be carried out within the shortest possible time from the moment of receipt of the relevant application from parents and/or legal representatives. The User also understands and agrees that the Contractor does not have the technical ability to accurately determine the age of the User. Therefore, it is assumed that registration on the Website and / or in the Application as a User is made by a person who has reached the age of 16, or the legal representative of a minor, otherwise this fact is recognized as a violation of the Policy, the Contractor has the right to delete the Account and all data of such a User without explanation and any compensation. By registering the child's data in the personal account in the Application, the legal representative gives consent to the processing of the child's personal data by the Contractor.
1.6. The above-mentioned age for which the obligation to obtain parental consent for data processing is established is common for EU countries. EU Member States may legislate for a lower age for these purposes, provided that such age is not below 13 years. If the Contractor reveals that a different age has been set for a particular EU country, and parental consent has not been obtained, then the Contractor will be guided by the legislation of the User's country when making a decision to delete data and Account. In any case, the Contractor shall take reasonable measures to ensure in such cases that consent has been given or approved by a person with parental responsibility for the child, taking into account the technical capabilities available to the Contractor.
1.7. Personal information (also referred to as Account Information) means personal information uploaded by the User during the registration procedure in the Application or after it, which includes:
* User's email address;
* the name or pseudonym of the minor in whose interests the User uses the Application;
1.8. The storage period of any personal information may not exceed the period of use of the Application by the User, which is determined by the period of existence of the User's Account in the Application. When personal data is processed solely for statistical purposes, it may be stored for a longer period than the period of use of the Application, taking into account the application of appropriate technical and organizational measures to protect the rights and freedoms of the User.
1.9. Any personal information uploaded by the User in the Application is perceived by the Contractor "as is" and is not subject to preliminary verification for reliability. The burden of responsibility for the accuracy of the information provided in the Application is borne by the User personally.
1.10. The information in the Application is placed at the User's choice in Russian or English. It is allowed to use letters of the Latin alphabet in aliases.1.11. The information disclosed in the Application must be available to Users around the clock for review without charging or other restrictions.
1.12. The Contractor has the right to change (correct) the information disclosed or previously provided by the User if he has reason to believe that such information is unreliable.
1.13. When disclosing or providing information, the Contractor complies with the confidentiality requirements established in Article 7 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", and measures to ensure the security of personal data during their processing, established by Article 19 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
1.14. The Contractor also has the right to collect and carry out automated processing of the following User information:
* the status of support for various application programming interfaces and/or application programming interfaces (in particular, those related to the HTML 5 hypertext markup language);
* information about the operating system, region, user device, etc. for transmission to the analytics system in a generalized form.
1.15. Communication with the Contractor, as the operator of User data processing, on any issues of personal data processing within the framework of the Policy is carried out at the email address: intellegent.games@gmail.com. Responses to user requests are provided without undue delay within 1 (one) month after receiving the request. This period can be extended for another 2 (two) months, if necessary, taking into account the complexity and number of requests. The User will be informed of any such extension within 1 (one) month after receiving this request, together with an indication of the reasons for this delay.
2. Purpose of data processing
2.1. The processing of personal information is based on the principles of legality and fairness; processing only such information that meets the purposes of its processing; compliance of the content and volume of the processed information with the stated purposes of processing.
2.2. The processing of personal information is carried out in order to fulfill the obligations of the Contractor under the License Agreement with the User, i.e. to ensure the full functioning of the Application, compliance of the Application with the goals stated in the preamble of the License Agreement, including the User gives his consent to the processing of his personal data in order to promote the Application, Content Objects, goods and services by the Contractor.
2.3. The processing of information about the User's e-mail is carried out for the purposes of:
2.3.1. Sending information to the User, in particular, notifications about changes in the operation of the Application, update notifications, information about discounts and promotions, reports on the use of the Application, on Tasks performed.
2.4. Information about the e-mail of Visitors (unauthorized Internet users) is processed in order to provide them with the following Site Services:
2.4.1. Invitations, i.e. sending offers to third parties to familiarize themselves with the Application;
2.4.2. Contacting the technical support service of the Application, feedback from the Contractor.
2.5. Information about the name (alias) The User and the minor person in whose interests the User uses the Site is processed for the purpose of identifying the User in the Application, personalizing the provision of Application Services.
2.6. The processed personal information should not be redundant in relation to the stated purposes of its processing.
2.7. The User has the right not to provide the data that he does not consider it necessary to provide for the specified purposes.
3. Basic rights of the personal data subject
3.1. The User has the right to receive confirmation from the Contractor as to whether his personal data is being processed, so he has the right to access personal data. This right is realized by providing the User with an Account.
3.2. The User can obtain information about the purpose of personal data processing, about the relevant categories of personal data being processed, about the recipients to whom personal data has been or will be disclosed, about the estimated period during which personal data will be stored, by carefully reading the relevant sections of the Policy.
3.3. The User has the right to require the Contractor to delete his personal data, restrict their processing or object to processing.
3.4. In case of a violation of the Policy, the User has the right to file a complaint with the supervisory authority. In particular, EU citizens can contact the independent body of the European Union for the protection of personal data – The European Data Protection Supervisor (EDPS), Email: edps@edps.europa.eu, Website: www.edps.europa.eu . Citizens of the Russian Federation can file a similar complaint with Roskomnadzor (more details: https://pd.rkn.gov.ru/public-recourses/).
3.5. The User has the right to send an e-mail request to the Contractor to provide a copy of the personal data being processed. Such a copy is provided within 30 (Thirty) calendar days from the date of receipt of the request in the form of an electronic file sent by e-mail to the User. For any additional copies requested by the User, the Contractor charges an acceptable fee depending on administrative costs. The amount of the fee is reported in the response to the request for an additional copy.
3.6. The User has the right to demand from the Contractor, without undue delay, the correction of inaccurate personal data, and also has the right to supplement his personal data by submitting an application to the Contractor.
3.7. Personal data is deleted without undue delay at the request of the User.
4. Transfer and deletion of data
4.1. The User agrees that when filling out the registration form in the Application, adding information to his account (Account), as well as elsewhere in the process of using the Application, such information becomes publicly available, and the User does not object to such publication.
4.2. The Contractor transfers the User's personal information in cases directly provided for by the legislation of the Russian Federation and international agreements, and for EU citizens, the main document regulating the processing of their data is the GDPR.
4.3. The provision of Users' personal information at the request of state bodies (local self-government bodies) is carried out in accordance with the procedure provided for by the legislation of the Russian Federation.
4.4. The information posted in the Application by the User is stored for the entire period of use of the Application, and if the User account is deleted, for a period determined by the Contractor, but not more than 30 (Thirty) days from the date of deletion of the corresponding account. At the request of the User sent to the Contractor, personal information about the User is subject to deletion within 30 (Thirty) days from the date of receipt of such a statement by the Contractor.
5. Ensuring data processing security5.1. The Contractor takes technical and organizational and legal measures to ensure the protection of the User's personal information from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.
5.2. In order to ensure the security of personal information, the Contractor carries out the following activities:
* identify threats to the security of personal information when it is processed in the Application;
* organizational and technical measures are applied to ensure the security of personal information when they are processed in the Application;
* information security tools that have passed the conformity assessment procedure in accordance with the established procedure are used;
* the effectiveness of measures taken to ensure the security of personal information is being evaluated;
* procedures are adopted to identify the facts of unauthorized access to personal information;
* personal information modified or destroyed due to unauthorized access to it is being restored;
* rules for access to personal information processed in the Application are established, as well as registration and accounting of all actions performed with personal information in the Application is provided.;
* constant monitoring of the measures taken to ensure the security of personal information is carried out.
5.3. The Contractor is not responsible for the actions of third parties who have gained access to the User's personal information as a result of unauthorized access to the Application.
6. Data Storage Policy
6.1. The storage of personal data is carried out in accordance with the consent of the User during the period specified in the Policy.
6.2. The storage of personal data is carried out no longer than the purposes of their processing require. The processed Personal Data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals (for example, deletion of the Account by the User).
6.3. Storage of personal data, the purposes of processing of which are different, is carried out separately within the information system of the Contractor or, subject to storage on tangible media, within the official duties of the relevant division of the Contractor.
6.4. An employee of the Contractor who has access to personal data in connection with the performance of work duties ensures the storage of information containing personal data, excluding access to them by third parties. In the absence of an employee, there are no documents containing personal data at his workplace. When going on vacation, business trip and other cases of prolonged absence of an employee at the workplace, he transfers documents and other media containing personal data to the person to whom the local act of the Contractor will be entrusted with the performance of such work duties. If such a person is not appointed, then documents and other media containing personal data of Users are transferred to another employee who has access to personal data at the direction of the head of the relevant structural subdivision of the Contractor.
6.5. Upon dismissal of an employee who has access to personal data, documents and other media containing personal data are transferred to another employee who has access to personal data at the direction of the head of the structural unit.
6.6. In accordance with paragraph 7 of Part 4 of Article 16 of Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", all Personal Data of users - citizens of the Russian Federation are stored on a server located on the territory of the Russian Federation. This rule applies only to the Personal Data of citizens of the Russian Federation.
7. Backup Policy
7.1. The Contractor provides backup of personal data in its architecture in order to prevent loss of information in case of hardware failures; software; hardware failures; operating system and application software failures; malware infection; unintentional destruction of information, user errors; intentional destruction of information, etc.
7.2. Backup creates the possibility of moving personal data from one Contractor's workstation to another, thus removing the dependence of the integrity of personal data on a specific workstation and/or a specific room.
7.3. Information of the following main categories is subject to backup:
* personal data of Users;
* information needed to restore the Application's servers and database management systems;
• User accounts of the Application;
* information of automated systems of the Contractor's architecture, including databases.
7.4. All media containing a backup copy of the data is assigned the "Trade Secret" label, thus, all backup information is confidential and protected by the Contractor in accordance with applicable law.
7.5. The Contractor appoints a responsible person from among the employees for the backup of personal data.
7.6. The main tasks of the person responsible for backup are:
* backup and recovery planning;
* establishment of the life cycle and calendar of operations;
* daily review of backup process logs;
* backup database protection;
* daily determination of the backup time window;
* creation and support of open reports, open problem reports;
* consultations with vendors and backup software vendors;
* development of the backup system;
* monitoring of backup tasks;
* preparing crash and success reports;
* analysis and resolution of problems;
* manipulation of backups and library management;
* architecture performance analysis;
* review and analysis of the backup methodology;
* planning the development of architecture, defining daily, weekly and monthly tasks.
• the person responsible for backup has the right to make proposals and demand the termination of the processing of personal data in cases of violation of the established technology of information backup or disruption of the functioning of the backup system.
7.7. Backup of personal data is performed with the following frequency: 1 time per month.
8. Incident Response Policy
8.1. An incident of personal data information security is any unforeseen or undesirable event that may disrupt the activity or information security of the Contractor's architecture and lead to leakage of personal data and/or violation of the Policy.
8.2. The following can serve as a source of information about an information security incident:
* messages from employees, Users, contractors of the Contractor sent to him in the form of e-mail messages, memos, letters, statements, etc.
* notifications/messages of the supervisory authority in the field of personal data processing.
* data obtained by the Contractor based on the analysis of logs of information systems, personal data protection systems.
8.3. The Contractor's employee, who has received information about the incident, registers the incident in the electronic incident management system, assigning it a serial number, recording the date of the incident and its essence. The database of information security incidents is updated as incidents arrive.
8.4. The User whose rights are affected as a result of the incident is notified of the incident by e-mail, as soon as possible, but no later than 30 (Thirty) calendar days from the date of the incident. At the same time, all possible measures are taken to reduce or prevent further damage to the User's rights.
8.5. The analysis of incidents during which the Contractor:
* collects and analyzes all data about the circumstances of the incident (emails, log files of information systems, statements of Users and employees of the Contractor, etc.);
* determines to what extent the leakage of personal data took place, the circumstances accompanying the leak;
* identifies persons guilty of violating prescribed measures for the protection of personal data;
* establishes the causes and conditions that contributed to the violation.
• at the end of the incident analysis, draws up a report to the Contractor's management.
8.6. After the end of the analysis of the incident, the Contractor decides on the punishment of the perpetrators.
9. Payment Processing Policy
9.1. The User's personal data is required by the Contractor, including for processing and receiving payments as part of fulfilling obligations under the License Agreement with the user of the Mission Application: Save the New Year", challenging the payment, determining the right for the User to obtain a license to use the Application.
9.2. The Contractor does not collect, store and process the data of bank cards and/or electronic wallets of the User. The Contractor is convinced that the services of Payment agents, through which the User pays for the Contractor's services, provide reliable protection of personal information. The User undertakes to familiarize himself with the data usage policy of these services on their websites.
10. Final provisions
10.1. The Policy is a publicly available document, its current version is always located on the Website at the link http://project4961537.tilda.ws
10.2. Control over the fulfillment of the requirements of the Policy is carried out by the Contractor – the person responsible for ensuring the security of personal information.
10.3. All disagreements and disputes arising in connection with the use of the User's personal information are resolved in accordance with the procedure provided for in the License Agreement with the User.
11. Installing the mobile application "Mission: Save Christmas", you automatically consent to the processing of personal data. It also confirms that you have read the Privacy Policy.
