Mixy

Policy on handling personal data and meeting data protection requirements

1. GENERAL PROVISIONS AND DEFINITIONS OF TERMS

1.1. This document defines the policy of LLC Loveplanet (hereinafter "the Company") with regard to processing personal data and meeting the requirements of personal data protection (hereinafter "the Policy"), in accordance with the requirements of Art. 18.1 of Federal Law No. 152-F3 "On personal data" of 27.07.2006.

1.2 The present Policy makes use of the following basic concepts:

2. PRINCIPLES FOR PROCESSING OF PERSONAL DATA IN THE COMPANY:

2.1. Processing of personal data takes place on a just and lawful basis;

2.2. Processing of personal data is restricted to accomplishing specific, predefined, and lawful objectives. Processing of personal data that is incompatible with the purposes for which personal data has been gathered is not permitted;

2.3. Combining databases containing personal data that are being processed for mutually incompatible purposes is not permitted;

2.4. Only personal data that answer the purposes for which they are to be processed may be processed;

2.5. The contents and volume of personal data to be processed correspond to the declared purposes of processing them and do not exceed such declared purposes;

2.6. When personal data are processed, the consistency, adequacy, and where necessary the accuracy of personal data are ensured in relation to the purposes for which personal data are processed. Necessary measures are taken to remove or correct incomplete or inaccurate data;

2.7. Personal data are stored in a form making it possible to identify the subject of the personal data no longer than is required for the purposes for which the personal data are being processed, if the period of storage of personal data is not laid down by federal law or by an agreement to which the subject of the personal data is a party or of which he is a beneficiary or guarantor. When the purposes for which personal data are being processed have been accomplished, or if it is no longer necessary to accomplish these purposes, the personal data are to be destroyed or anonymized, unless federal law provides otherwise;

2.8. When personal data are gathered, including by way of the information and telecommunications network known as the Internet, personal data pertaining to citizens of the Russian Federation are recorded, systematized, accumulated, corrected (updated, amended), and extracted using databases located within the Russian Federation.

3. THE LEGAL BASIS OF THE PROCESSING OF PERSONAL DATA:

Personal data are processed within the Company in accordance with Federal law No. 152-F3 "On personal data" of 27 July 2006, Art. 53 of Federal law No. 126-F3 "On communications" of 07.07.2003, the Labor Code of the Russian Federation, Order No. 1119 "On establishing requirements for the protection of personal data during their processing in personal data processing systems" of the Russian Federation Government dated 01.11.2012, Order No. 687 "On establishing a Norm on the peculiarities of processing personal data without the use of automated devices" of the Russian Federation Government dated 15 September 2008, and other legal instruments in the field of personal data protection

4. PURPOSES OF THE PROCESSING OF PERSONAL DATA:

4.1. The Company gathers, stores, and processes only those personal data that are necessary to provide services and to realize its activities, and also to ensure the rights and lawful interests of third parties on condition that the rights of the subject of the personal data are not thereby violated

4.2. Personal data pertaining to the subject of the personal data may be processed by the Company for the following purposes:

4.2.1. To identify the subject of the personal data;

4.2.2. To communicate with the subject of the personal data when necessary, including to provide notifications, queries, and information related to the provision of services, and also to process queries and requests from the subject of the personal data;

4.2.3. For statistical and other research on the basis of anonymized data.

4.3. The Company does not process special categories of personal data relating to race, ethnicity, political views, religious beliefs, or state of health, or biometric personal data.

5. WHAT CONSTITUTES PERSONAL DATA:

5.1. Personal data pertaining to a subject of personal data who is an employee of the Company comprise information that the Company needs in connection with the creation, amendment, and termination of labor relations.

5.2. Personal data pertaining to a subject of personal data who is a counterparty to an agreement of a civil character comprise information that the Company needs in connection with the creation, amendment, and termination of an agreement of a civil character with the given subject of personal data.

5.3. Personal data pertaining to a subject of personal data who is a client of the Company comprise information that the Company needs to fulfil its obligations within the framework of a contractual relationship with the subject of personal data (client of the Company) and to fulfil the requirements of Russian Federation law in the field of personal data protection.

6. PROCESSING PERSONAL DATA:

6.1. Processing of personal data pertaining to subjects of personal data held by the Company is carried out in order to ensure compliance with the laws and other normative legal instruments of the Russian Federation, to train subjects of personal data who are employees of the Company, to ensure the personal safety of subjects of personal data, and to monitor the quantity and quality of the Company's work while ensuring its property is protected.

6.2. Processing of personal data is carried out by the Company with the agreement of subjects of personal data, both with and without the use of automated devices.

6.3. The Company does not provide and does not disclose information constituting personal data pertaining to subjects of personal data to any third party without agreement in writing from the subject of the personal data, except in cases where doing so is necessary to warn of a threat to life or health or cases laid down by current Russian Federation law in the field of personal data protection.

6.4. On request, with explanation, from a competent authority, and exclusively within the framework of compliance with current law, a subject's personal data may be passed without his agreement:

6.5. In the event that agreement to the processing of personal data is obtained from a representative of the subject of the personal data, the Company shall verify such representative's authority to give agreement on behalf of the subject of the personal data.

6.6. In the event that the subject of the personal data withdraws agreement to the processing of personal data, the Company has the right to continue processing the personal data without the subject's agreement if there is a reason to do so specified in current law.

6.7. The means and periods for the storage of documents containing personal data pertaining to subjects of personal data are legally regulated in accordance with the 'List of typical management archive documents created in the course of the activity of state and local government bodies, with periods for their storage', No. 558, approved by the Russian Ministry of Culture on 25.08.2010.

6.8. The destruction of documents containing personal data is carried out by any means that makes it impossible for third parties to become aware of the contents of the material that is being destroyed and that makes it impossible to recover the text.

7. PRIVACY OF PERSONAL DATA

7.1. Information relating to personal data that has become known in connection with labor relations, or fulfilment of the terms of a civil contract to which the subject of the personal data is a party, or in connection with the provision of services by the Company, is private information and is protected by current Russian Federation law.

7.2. Persons obtaining access to personal data that are being professed have signed a commitment not to divulge private information and have also been warned of possible disciplinary, administrative, civil. and criminal liability in the event that they violate the norms and requirements of current Russian Federation law in the field of personal data protection.

7.3. Persons obtaining access to personal data that are being processed do not have the right to convey personal data pertaining to the subject of the personal data to a third party except in cases where this is necessary to warn of a threat to the life or health of the subject of the personal data or in cases laid down in Russian Federation law.

7.4. Persons obtaining access to personal data promise not to convey personal data for commercial purposes without the agreement in writing of the subject of the personal data. Processing personal data pertaining to subjects of personal data for the purpose of promoting goods, work, or services on the market through establishing direct contact with the potential consumer by way of communication channels is permitted only with the potential consumer's prior agreement.

8. THE RIGHTS OF SUBJECTS OF PERSONAL DATA

8.1. A subject of personal data has the right to receive information relating to the processing of his personal data, including:

8.1.1. confirmation of the fact that his personal data have been processed by the Company;

8.1.2. the legal basis for and purpose of the processing of his personal data;

8.1.3. the purposes of the processing of his personal data and the means of processing employed by the Company;

8.1.4. the name and location of the Company, information about persons (except employees of the Company) who have access to personal data or to whom personal data may be divulged on the basis of an agreement with the Company or of Russian Federation federal law;

8.1.5. the personal data pertaining to the subject of the personal data that are being processed, and their source, if provision is not made for another regime for providing such data in Russian Federation federal law;

8.1.6. the periods for which personal data will be processed, including the periods for which they will be stored;

8.1.7. the procedure for realizing the rights of the subject of the personal data as provided for in Federal law No. 152-F3 'On personal data' of 27 July 2006;

8.1.8. information about actual or proposed cross-border transfer of data;

8.1.9. the name or the full name of any person who has processed the personal data on the Company's instructions, if the Company has or will instruct any such person to process the data;

8.1.10. other information provided for in Federal law No. 152-F3 'On personal data' of 27 July 2006 or other federal laws of the Russian Federation.

8.2. A subject of personal data has the right to request the Company to correct, block, or destroy his personal data in the event that the personal data are incomplete, outdated, inaccurate, unlawfully obtained, or not needed for the declared purpose of processing, and also to take lawful measures to protect his rights.

8.3. If a subject of personal data believes that the Company is processing his personal data in violation of Federal law No. 152-F3 'On personal data' of 27 July 2006, or is otherwise violating his rights and freedoms, the subject of the personal data has the right to complain about the Company's actions or inaction to the body empowered to protect the rights of subjects of personal data (Roskomnadzor, the Federal Inspection Service for Communications Technology and Mass Communication) or to the courts.

8.4. A subject of personal data has the right to protect his rights and lawful interests, including the right to reimbursement of losses and/or compensation for moral damage, through the courts.

8.5. Other rights defined in chapter 3 of Federal law No. 152-F3 'On personal data' of 27 July 2006.

9. MEASURES AIMED AT ENSURING THE COMPANY FULFILS ITS OBLIGATIONS UNDER ART. 18.1 AND 19 OF FEDERAL LAW NO. 152-F3 'ON PERSONAL DATA' OF 27 JULY 2006:

9.1. The legal, organizational, and technological measures provided for by the relevant normative legal instruments to ensure the security of personal data during their processing in the Company's personal data information systems are taken.

9.2. When personal data are processed without the use of automated devices, the requirements of Order No. 687 'On establishing Rules on the peculiarities of personal data processing without the use of automated devices' of the Government of the Russian Federation, 15 September 2008, are met.

9.3. Company employees directly engaged in personal data processing are made aware of the provisions of Russian Federation law concerning personal data (including the requirements of personal data protection) and with local instruments on personal data processing questions.

9.4. The Company is liable for breaches of its obligations to ensure the security and privacy of personal data when they are processed, in accordance with Russian Federation law.

9.5. To ensure unlimited access to the Company's Policy with regard to personal data processing and to information about measures taken to protect personal data, the text of the present Policy is published on the Company's official website https://mixyco.com/