User Agreement

PERSONAL DATA PROCESSING AND PROTECTION POLICY

Publication date of the current version: June 18, 2018

The Personal Data Processing and Protection Policy (hereinafter referred to as the Policy) has been developed by Individual Entrepreneur Vlasova Ksenia Borisovna (hereinafter – the Administrator) in accordance with Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” (hereinafter – the Law) and other regulations in the field of personal data.

The Policy is used in conjunction with the corresponding consent for personal data processing (hereinafter – Consent), available online at: https://momslab.app/ (hereinafter – the Service).

Terms used in the Policy are interpreted in the meanings established by the Agreement.

1. General Provisions

1.1. The Policy establishes the procedure for processing and protecting information about individuals by the Administrator, both with and without the use of automation tools.

1.2. Using the Service implies unconditional agreement with the Policy and the personal data processing terms contained therein. If there is disagreement with the Policy, the use of the Service must be immediately discontinued.

1.3. The Policy applies to all personal data of individuals processed by the Administrator, as well as to processes related to the processing of personal data. These processes may include, but are not limited to: collection, recording, organization, accumulation, storage, clarification (updating, modification), copying, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

1.4. The Administrator publishes the Policy on the Service and provides unlimited access to it to anyone who personally contacts the Administrator.

1.5. The Administrator does not verify the accuracy of the personal data provided by the individual or their legal capacity. The individual guarantees that all data is accurate, up-to-date, and does not violate the laws of the Russian Federation.

1.6. The Administrator is a data controller with respect to the information related to any individual using the Service. (hereinafter referred to as the Data Subject).

2. Purposes of processing personal data

2.1. The Administrator conducts processes related to the processing of personal data for the purposes of:

2.1.1. registration and identification of the User on the Service;

2.1.2. establishment and maintenance of communication with the User;

2.1.3. providing access to the Service and Content;

2.1.4. providing Consultations;

2.1.5. sending informational and other types of messages to the User’s email address;

2.1.6. ensuring the functionality and security of the Service;

2.1.7. complying with the requirements of Russian legislation.

3. List of personal data for which consent is given for processing

3.1. General personal data: surname, first name, middle name, age, email address, phone number, photograph;

3.2. Other information processed by the Administrator: IP address, operating system type, browser type, geographical location, Internet service provider, information about the use of the Service (including information about visited pages), information automatically received when accessing the Service (including using cookies), and other information obtained as a result of User actions.

4. Processing of personal data

4.1. The data subject provides their personal data to the Administration by filling out the forms provided on the Service.

4.2. Automatic collection of information about the data subject occurs using technologies and services: web protocols, “cookie” files, web beacons, which are activated only upon data entry.

4.3. Storage and use of personal data are carried out:

4.3.1. On properly protected electronic media using automated systems, except when non-automated processing of personal data is required in accordance with the legislation of the Russian Federation;

4.3.2. Using a database located in countries ensuring adequate protection of personal data;

4.3.3. No longer than required for the purposes of their processing or for the duration of the consent of the Subject of personal data.

4.4. Transfer of personal data to third parties is carried out to achieve the above-mentioned goals and to fulfill the Administration’s contractual obligations. In this case, third parties are obliged to use personal data exclusively in accordance with the Policy and Offer.

4.5. The Administration does not transfer personal data to third parties without the consent of the Personal Data Subject, except when the transfer is carried out to ensure compliance with the requirements of the legislation of the Russian Federation; for the prevention, suppression of illegal actions of the Personal Data Subject and the protection of the legitimate interests of the Administration and third parties.

4.6. The transfer and destruction of personal data occurs in the following cases:

4.6.1. if there is a threat to the security of the Service;

4.6.2. if the Personal Data Subject violates the terms of the Policy and Agreement;

4.6.3. expiration of the personal data storage period;

4.6.4. upon request of the Personal Data Subject.

4.7. Processed personal data must be destroyed or anonymized immediately after deleting the Personal Data Subject’s account.

5. Rights of the Personal Data Subject

5.1. The Personal Data Subject has the right to obtain information about the processing of personal data, including:

5.1.1. confirmation of the fact of personal data processing;

5.1.2. legal grounds for personal data processing;

5.1.3. purposes and methods applied by the Administrator for personal data processing;

5.1.4. personal data being processed that relates to the corresponding Personal Data Subject, and the source of its receipt, if a different procedure for presenting such data is not provided for by the legislation of the Russian Federation;

5.1.5. periods of personal data processing, including the periods of their storage;

5.1.6. the procedure for exercising the rights provided for by the legislation of the Russian Federation;

5.1.7. information about the performed or intended cross-border data transfer;

5.1.8. information about the persons to whom personal data may be disclosed based on a contract with the Administrator or in accordance with the legislation of the Russian Federation;

5.1.9. name or last name, first name, patronymic, and address of the person processing personal data on behalf of the Administrator, if processing has been assigned or will be assigned to such a person;

5.1.10. other information provided for by the legislation of the Russian Federation.

5.2. The subject of personal data is entitled to receive information specified in the first point of this section, an unlimited number of times, by sending a request to the Administrator in the manner provided in the “Requests of the Personal Data Subject” section.

6. Duties of the Administrator

6.1. In compliance with legal requirements, the Administrator is obliged to:

6.1.1. Provide the subject of personal data with information regarding the processing of their personal data or a justified refusal upon request;

6.1.2. Take necessary and sufficient measures to ensure compliance with the obligations stipulated by law;

6.1.3. At the request of the subject of personal data, clarify, block, or delete processed personal data if they are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the declared purpose of processing;

6.1.4. Ensure the legality of personal data processing. If it is impossible to ensure the legality of personal data processing, the Administrator is obliged to destroy such personal data or ensure its destruction within no more than 10 (Ten) business days from the date of detection of unlawful personal data processing;

6.1.5. In the event that the Subject of personal data withdraws consent for personal data processing, cease processing and destroy it within no more than 30 (Thirty) business days from the date of receipt of the withdrawal, except in cases where processing may be continued in accordance with the law.

7. Information on implemented requirements for personal data protection

7.1. The protection of personal data processed by the Administrator is ensured by implementing legal, organizational, and technical measures necessary and sufficient to comply with personal data protection legislation.

7.2. Legal measures include:

7.2.1. the development of local acts by the Administrator that implement the requirements of Russian legislation (including a Policy on the processing and protection of personal data with its placement on the Service);

7.2.2. refraining from any methods of processing personal data that do not correspond to the purposes previously determined by the Administrator.

7.3. Organizational measures include:

7.3.1. Appointment of a person responsible for organizing the processing of personal data;

7.3.2. Restriction of the Administrator’s staff having access to personal data, and organization of an access permit system to personal data;

7.3.3. Familiarization of the Administrator’s employees with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, with the Administrator’s local acts on personal data processing, and training of these employees.

7.4. Technical measures include:

7.4.1. Identification and authentication of access subjects;

7.4.2. Application of cryptographic protection measures to information containing personal data;

7.4.3. Detection (prevention) of intrusions.

7.5. The Administrator undertakes and obliges third parties, in case they are granted the right to process the personal data of the Data Subject, to observe the confidentiality regime with respect to such personal data and not to use them without the consent of the Data Subject, except in cases provided for by the Policy.

8. Limitation of Policy Scope

8.1. The Policy applies exclusively to the Service and does not apply to other Internet resources.

8.2. The Administrator is not responsible for the actions of third parties who have accessed the Data Subject’s personal data through the fault of the latter.

9. Appeals of the Data Subject

9.1. The Data Subject has the right to send requests to the Administrator, including requests regarding the use of personal data, in written or electronic form.

9.2. The request must contain the following information:

9.2.1. Information about the document, identifying the User;

9.2.2. Information confirming the User’s contractual relationship with the Administrator;

9.2.3. User’s signature.

9.3. The Administrator is obliged to review and send a response to the received request within 30 (thirty) days from the date of receipt of the appeal.

9.4. All correspondence received by the Administrator from the Personal Data Subject (written or electronic form inquiries) is classified as restricted information and is not disclosed without his written consent.

10. Amendments to the Policy

10.1. The Administrator has the right to amend the Policy as necessary. Mandatory review of the Policy is conducted in case of significant changes in international or national legislation in the field of personal data. The new version of the Policy comes into effect from the moment it is posted on the Service.

11. Contact information and details of the Administrator

Individual Entrepreneur Vlasova Ksenia Borisovna

TIN 772853905842

OGRN 317774600122559

Address: 125373, Moscow, Pokhodny passage, estate 3, bldg. 2

Email:[email protected]