Privacy Policy

1. This Privacy Policy (hereinafter the “Policy”) is an official document of Nutson Rus Limited Liability Company (OGRN 1217700161491, City of Moscow, Lyusinovskaya Str., House 36, Building 1, 10th Floor, Room 1) (hereinafter the “Company”) that is the controller of your personal data. Any such terms as the “Company”, “we”, “our” or “us” shall refer to the Company and determine the procedure for processing and protecting information on the Users using the Platform (hereinafter the “Information”). This document is posted on the Platform free of charge in accordance with the requirements of Federal Law On Personal Data No. 152-FZ dated July 27, 2006.

2. The purpose of this Policy is to ensure that the Information on the Users, including their personal data, is adequately protected from unauthorized access and disclosure.

3. The relations pertaining to the gathering, recording, systematizing, accumulating, storing, clarifying, extracting, using, transferring (disseminating, providing, accessing), depersonalizing, blocking, deleting, destructing personal data that is carried out with or without the use of automation tools as well as the protection of Information on the Platform Users shall be governed by this Policy and the Agreement as well as by the current legislation of the Russian Federation.

4. The use of the Platform shall be subject to the User’s consent to this Policy and the Agreement. Each time the Platform is accessed and/or actually used, the User agrees with the terms and conditions of this Policy and of the Agreement available at info.nutson.us/en/terms/ (hereinafter in the versions that were in force at the time the Platform was actually used). A number of terms used in the Policy shall have the meaning defined in the Glossary.

5. The current version of the Policy is available to any Internet user by clicking through info.nutson.us/en/privacy.html. This Policy may be amended by the Company. Any amendments to the Policy shall be made by the Company independently and enter into force on the day following the day such amendments are posted. The User shall independently read the amendments made to the Policy. If the User actually uses the Platform after the terms and conditions of this Policy are amended this shall mean that the User agrees with the new terms and conditions.

6. If the User disagrees with the terms and conditions of this Policy, the use of the Platform must be terminated immediately.

7. This document has been developed in accordance with:

  • Constitution of the Russian Federation;
  • Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data;
  • Federal Law On Information, Information Technologies and Information Protection No. 149-FZ dated July 27, 2006;
  • Regulations on Specific Features of Personal Data Processing without the Use of Automation Tools (approved by Decree of the Government of the Russian Federation No. 687 dated September 15, 2008);
  • Decree of the Federal Service for Technical and Export Control of Russia On Approval of Requirements for Protection of Personal Data while Processing it in Personal Data Information Systems No. 1119 dated November 01, 2012; Order of the Federal Service for Technical and Export Control of Russia No. 21 dated February 18, 2013 On Approval of Composition and Content of Organizational and Technical Measures to Ensure the Personal Data Safety while Processing it in Personal Data Information Systems.

8. The definitions used in this Policy and related to the personal data processing shall have the following meaning.

Term

Definition

Automated Personal Data Processing

shall mean personal data processing with the use of computer equipment.

Personal Data Blocking

shall mean suspension of the personal data processing (except when the processing is required to clarify personal data).

Personal Data Information System

shall mean a set of personal data contained in databases and of information technologies and technical aids that ensure its processing.

Information

shall mean data regardless of its form.

Personal Data Confidentiality

shall mean the requirement binding upon the controller or other person who has gained access to the personal data to prevent its dissemination without the consent of the personal data subject or other legal grounds.

Personal Data Depersonalization

shall mean actions that make it impossible to identify personal data in relation to a specific data subject without additional information.

Personal Data Processing

shall mean any action or series of actions taken with the personal data with or without the use of automated or electronic tools, including gathering, recording, systematizing, accumulating, storing, updating, modifying, extracting, using, transferring (disseminating, submitting, providing access to), depersonalizing, blocking, deleting and destructing personal data.

Controller

shall mean a public authority, a municipal authority, a legal entity (including Nutson Rus LLC) or an individual that independently or jointly with other persons arranges for and/or carries out the personal data processing and determines the purpose of personal data processing, the composition of personal data to be processed, the actions (operations) to be taken with the personal data.

Personal Data

shall mean any information that relates to a directly or indirectly identified or identifiable individual (personal data subject).

Personal Data Provision

shall mean disclosure of personal data to a specific person or a specific group of persons.

Personal Data Dissemination

shall mean disclosure of personal data to an undefined group of persons.

Data Subject (including Personal Data Subject)

shall mean the specified individual.

Cross-Border Transfer of Personal Data

shall mean the transfer of personal data to the territory of a foreign state, to a foreign public authority or a foreign individual or legal entity.

Personal Data Destruction

shall mean actions that make it impossible to restore the personal data in the personal data information system and/or result in the disposal of tangible media of personal data.

2. Terms of Using the Platform

2.1 Providing the services for using the Platform (hereinafter the “Platform Services”) and acting reasonably and in good faith, the Company believes that the User:

  • Has all necessary rights that enable him/her to sign up and to use the Platform;
  • Specifies reliable information on himself/herself within the scope required to use the Platform Services;
  • Realizes that the information on himself/herself posted by the User on the Platform may become available to other Users of the Platform and Internet users, may be copied and disseminated by such users;
  • Realizes that some types of information transferred by him/her to other Users may not be deleted by the User himself/herself;
  • Has read this Policy, agrees to it and assumes the rights and obligations specified in it.

2.2 The Company shall not verify the reliability of the received (collected) information on the Users, unless such verification is required in order to fulfill the Company’s obligations to the User, is set forth by the Agreement, this Policy or is enshrined in the current legislation of the Russian Federation.

3. Purposes of Information Processing

The Company shall process the Information on the Users, including their personal data, in order to fulfill the Company’s obligations to the Users regarding the Platform use on the basis of the Agreement.

4. Legal Grounds for Personal Data Processing

4.1 The Company shall process the personal data in the following cases:

  • With the prior consent of the data subject;
  • In accordance with an international treaty or the legislation of the Russian Federation, including the Constitution of the Russian Federation, Federal Law On Information, Information Technologies and Information Protection No. 149-FZ dated July 27, 2006 and other enactments for court and other purposes;
  • For the purposes of an agreement with the data subject or an agreement under which the data subject is a beneficiary or a guarantor, including when the controller exercises its right to assign a claim or a right under such agreement;
  • To protect the rights of the controller or of third parties or for public purposes, if the rights and freedoms of the data subject are not violated;
  • For the purposes of compulsory disclosure or publication of personal data in cases directly provided by law.

5. Nature of the Information on the Users

5.1 The Information processed by the Company shall include:

5.1.1 Credentials that shall be understood as:

  • User data provided by the User to create an account while signing up for the Platform that may include information on themselves when signing up for and/or using the Platform, including your name, age, sex, e-mail address, phone number and language settings;
  • Additional information filled in by the User when editing his/her account while using the Platform;
  • Data additionally provided by the User at the request of the Company for the purpose of fulfilling the Company’s obligations to the User that arise out of the Agreement.

The credentials received by the Company within the scope required and sufficient for their including in the personal data in accordance with the current legislation of the Russian Federation shall be processed by the Company as the personal data upon the terms and conditions of this Policy.

The Company shall process the above data in order to perform the Agreement with the User, in particular, to provide access to the Platform, to control and to administer the Platform, to confirm that the Platform account belongs to the Applicant who has made a request to restore access to the account.

5.1.2 Other data required for the Platform functioning, i.e.:

  • Data on technical aids (devices), technological interaction with the Platform (including the host IP address, type of the User’s operating system, browser type, geographical location*, Internet provider), browser history (including the Content that you have viewed on the Platform), information on your mobile phone provider, time zone, mobile phone, including your device model, screen resolution, operating system and platform, and information on your use of the Platform.
  • * Location Data. When you use the Platform on a mobile device, we may gather information on your location. With your consent, we will gather Global Positioning System (GPS) data and mobile device location information. This is required to comply with the requirements of the local laws of the Russian Federation on the provision of information and on the restriction of access to prohibited information;
  • Information that is automatically obtained when accessing the Platform using bookmarks (cookies) as defined below;
  • Information created by the Users on the Platform outside the account editing section;
  • Information obtained as a result of the User’s actions on the Platform, in particular, information on the addition of any Content;
  • Information obtained as a result of actions of other Users on the Platform;
  • Summarized analytical information on the use of Internet services;
  • Metadata. When a video is uploaded to the Platform (hereinafter the “User Content”), certain metadata related to the User Content is uploaded automatically. As such, metadata describes other data and provides information on your User Content that will not always be visible to other users who view your User Content. Metadata may contain information on how, when and by whom a piece of User Content is created and what format it has. It includes as well such information as your account name which enables other Users to determine that the video is created under your account. The metadata will consist as well of additional data that you choose to include in the video, such as any hashtags you use to tag keywords for videos or Comments.

The Company shall process the above data in order to perform the Agreement with the User, in particular, to provide access to the Platform, to control and to administer the Platform, to improve the operation of and to customize the Platform.

5.2 Special categories of personal data relating to health, political opinions, religious or philosophical views and private life shall not be subject to processing.

5.3 The Company does not intend to process biometric data (in particular, does not use an image to identify the users) and special categories of data and does not process it.

5.4 By posting any information on himself/herself, the User understands that it may be available to an indefinite number of Internet users, subject to the desired level of settings.

6. Principles, Terms and Conditions and Procedure for Personal Data Processing by the Company

6.1 The Company shall gather, record, systematize, accumulate, store, update (correct, modify), extract, use, transfer (disclose, provide access), depersonalize, block, delete and destroy personal data.

6.2 The personal data storage periods shall be determined as follows.

6.2.1 The User’s credentials and other data shall be processed and stored on the territory of the Russian Federation, at that, they shall be stored on electronic media and processed with the use of automated systems only, except when the manual processing of credentials and other data is required in order to meet the legal requirements.

A cross-border transfer may be required to fulfill our contractual and legal obligations. Cross-border transfer of personal data shall be carried out on the territory of foreign states that are parties to the Council of Europe Convention for the Protection of Individuals Rights with regard to Automatic Processing of Personal Data as well as other foreign states that provide adequate protection of rights of personal data subjects in accordance with Federal Law On Personal Data No. 152-FZ dated July 27, 2006. If this is done, the transfer will be protected by the contract that controls the delegation of processing in accordance with a standard that is at least equal to all requirements of the legislation of the Russian Federation, unless otherwise permitted by the legislation of the Russian Federation. The purposes of any cross-border data transfer shall be to ensure the functionality of the Platform that is declared to the User in order to facilitate the provision of this functionality or may include the need to comply with any applicable law when the relevant law permits the data transfer. Any data transferred to any third parties, regardless of whether it is related to the cross-border transfer, will be minimized and depersonalized, as far as this is expedient for protecting individuals and their personal data.

6.2.2 The credentials and other data shall be stored by the Company until the purposes of their processing are achieved, i.e., during the term of the Agreement with the User.

In case the account is deleted, the Company shall store on its electronic media the necessary credentials and other data of the User for the period required and established by the current legislation of the Russian Federation. In case the User deletes his/her personal page independently, he/she shall have the right to restore his/her personal page within 30 days from the time of its deletion.

6.3 We process personal data in a lawful and fair manner.

6.3 We warrant the accuracy, sufficiency and relevance of all personal data that is processed in accordance with all disclosed purposes of data processing.

6.3 The Company shall not disclose or disseminate the personal data to any third parties without the consent of the personal data subject, except as provided for by this Policy.

6.3 The Company shall not make any decisions that create legal implications in relation to the personal data subject or otherwise affect his/her rights and lawful interests, on the basis of automated personal data processing only.

6.3 The Company shall process the personal data manually and using computer equipment. We comply with the requirements for automated and non-automated personal data processing that are established by Federal Law On Personal Data No. 152-FZ dated July 27, 2006 and regulatory legal acts adopted in accordance therewith.

6.3 Termination of Processing of Credentials and Other Data.

Upon achieving the purposes of processing the credentials and other data, the Company shall stop processing the credentials and other data in one of the ways provided for by Federal Law On Personal Data No. 152-FZ dated July 27, 2006. Notwithstanding the foregoing, we may store your Information in a summarized and depersonalized format after you have stopped using the Platform.

6.9 Transfer to Third Parties.

6.9.1 We shall transfer your personal data and other Information to the following third parties:

  • Cloud storage service providers for storing the Information you provide and for disaster recovery services as well as for fulfilling any contract we enter into with you;
  • Analytics and search engine operators who help us optimize and improve the Platform;
  • IT service providers; and
  • Our data processing center and our server hosting providers.

We will transfer your Information to any member, subsidiary, parent or affiliate of our group of companies for the purposes set out above only.

We will transfer your Information to law enforcement authorities, public authorities or other entities if this is required by law or if such transfer is necessary in order to:

  • Fulfill duties, procedures or requests;
  • Ensure the compliance with our Agreement and other agreements, policies and standards, including the procedure to investigate any potential violations of those documents;
  • Identify, prevent or otherwise respond to safety threats, fraud or technical issues;
  • Protect our rights, property or safety and those of our users, third parties or the entire community, as required by law.

7. Cookies

7.1 Cookies are small pieces of data that websites request from the browser used on the User’s computer or mobile device. Cookies are stored locally on the User’s computer or mobile device. Cookies contain the information that enables to determine the User’s preferences, the information on the equipment used, the date and time of the session, etc.

7.2 The Company shall gather and process Cookies in relation to the Users visiting the Platform. Cookies shall be processed by the Company solely for the purpose specified in clause 3 of this Policy, upon the terms and conditions and in the manner determined by this Policy.

7.3 We use the following Cookies:

  • Essential Cookies. These are Cookies that are required to operate the Platform. These include, for example, Cookies that enable you to access secure areas of the Platform.
  • Functional Cookies. These Cookies are used to identify you when you return to the Platform. This enables us to customize the site content for you, to greet you by your name and to remember your preferences (for example, your chosen language or region). These Cookies support the function of logging into the Platform for 90 days.
  • Targeting Cookies. These Cookies record your visit to the Platform, the pages you open and the links you click, including your use of other websites or applications. We will use this information to make the Platform and the advertisements posted on it more relevant to you. To achieve this purpose, we may transfer that information to third parties as well. Our service providers may use the information on your use of our Platform to provide you with targeted advertisements on other websites and other applications.
  • Analytical Cookies. Analytical Cookies are statistical audience measurement systems that we use in relation to our services in order to determine the web pages you visit and how you use the Platform.

7.4 Cookies received by the Company may be processed by Yandex.Metrika web analytics services.

7.5 The User may refuse to have Cookies processed by the services specified in clause 7.4 of this Policy when logging in the Platform. In this case, the Company will use those Cookies that are specified in clause 7.3 of the Policy only.

8. Users’ Rights and Obligations

8.1 The Users shall have the right to:

8.1.1 Provide free gratuitous access to the information on themselves by logging in the User’s account.

8.1.2 Independently modify and correct information on themselves in their account, provided that such modifications and corrections contain up-to-date and reliable information.

8.1.3 Remove information on themselves from their account.

8.1.4 Request that the Company clarifies their credentials, blocks or destroys them if such data is incomplete, outdated, unreliable, unlawfully obtained or is not required for the stated purpose of processing and if it is impossible to take the above actions independently.

8.1.5 Upon request, receive the information on the processing of their credentials from the Company.

8.1.6 Change the settings of the User’s mobile device by disabling the option for processing the User’s location data.

8.1.7 Change the settings of the User’s mobile device by disabling the option for processing the User’s contacts in the phone book of the mobile device.

8.2.8 As the Platform is a universal means of communication and people search and the core function of the Platform is to restore contacts and to keep in touch with the existing and new acquaintances, the following information on the authorized User shall be available to Internet users:

  • User’s nickname;
  • Profile photo;
  • Number of followers, photos, videos of the User.

8.3 The User shall independently determine the terms and conditions and provide access to his/her personal data to the general public, including by signing up and using the standard functionality of the Platform. The Company shall not initiate or influence such choice of the User and shall not aim at obtaining the User’s permission to disseminate his/her personal data. The Company shall process the personal data made by the User available to the general public on the basis of and in accordance with the terms and conditions of the Agreement.

8.4 The Company shall not be liable for the disclosure of the User’s credentials by other Platform Users who have gained access to such data.

8.5 When the credentials (or other user information) are deleted from the User’s account or the account is deleted from the Platform, any information on the User copied by other Users or stored on other Users’ pages shall be saved.

9. Personal Data Confidentiality

9.1 The Company has information security and confidential information management systems that help ensure the security and the confidentiality of the personal data.

9.2 Access to the personal data shall be provided to those persons only who need it to perform their duties.

9.3 The employees are trained in methods and ways of the secure personal data processing.

9.4 The rights, duties and liability of the employees who process the personal data are set out in their employment contracts and/or job descriptions.

10. Updating, Modifying, Deleting and Destroying Personal Data

10.1 Except as provided by law, the Company shall stop to process the personal data in the following cases:

  • Upon the occurrence of conditions under which the personal data processing terminates or upon expiry of the specified period;
  • After the purpose of data processing is achieved or the data processing is not required;
  • At the request of the personal data subject, if the processed personal data is incomplete, outdated, inaccurate, obtained unlawfully or is not required for the stated purpose of processing;
  • In case it is identified that the personal data is processed unlawfully, if it is impossible to ensure the lawfulness of the personal data processing;
  • If the personal data subject revokes his/her consent to the personal data processing or such consent expires (if the personal data is processed solely on the basis of the personal data subject consent); or
  • In case the Company is liquidated.

10.2 If the purpose of the personal data processing is achieved, the Company shall stop to process the personal data and destroy it within thirty (30) days from the date of achieving the purpose of the personal data processing, except when the law requires to process the personal data for a longer period.

10.3 If the personal data subject revokes his/her consent to the processing of his/her personal data, we shall stop processing it within thirty (30) days from the date the revocation is received, except when the law requires to process the personal data for a longer period.

10.4 The Company shall inform the personal data subject or his/her representative on the availability of the personal data related to the subject. At the request of the personal data subject or his/her representative, the Company shall provide him/her with that personal data within thirty (30) days from the date the request is received.

11. Responses to Subjects Requests for Access to Personal Data

11.1 At the request of the personal data subject or his/her representative, the Company shall provide a response whether the personal data related to the relevant personal data subject is available and grant the opportunity to examine that personal data within thirty (30) days from the date the request is received.

11.2 At the request of the personal data subject or his/her representative as well as at the request of the Federal Service for Supervision of Communications, Information Technology, and Mass Media, the Company shall block any unlawful processing of personal data immediately after the request for the investigation period and on an ongoing basis thereafter, if required.

11.3 The Company shall correct, clarify and modify any inaccurate personal data within seven (7) business days after the personal data subject or his/her representative contacts the Federal Service for Supervision of Communications, Information Technology, and Mass Media and provides the necessary documents.

11.4 If any unlawful personal data processing is identified, we will stop the unlawful processing of personal data within three (3) business days.

11.5 Unless otherwise permitted by law, the Company shall inform the personal data subject or his/her representative on any processing of the personal data relating to the personal data subject and, if required, provide a copy of such data within thirty (30) days from the date the request is received.

12. Steps to Ensure the Fulfillment of Obligations of the Personal Data Controller Established by Articles 18.1, 19 of Federal Law On Personal Data No. 152-FZ dated June 27, 2006.

12.1 The Company obtains the personal data directly from the data subjects and their legal representatives. At that, the Company warrants the compliance with the requirements of Federal Law On Personal Data No. 152-FZ dated June 27, 2006.

12.2 In accordance with Federal Law On Personal Data No. 152-FZ dated July 27, 2006 and other enactments based thereon, the Company has taken the following steps:

  • Appointment of a person in charge of the compliance with the law when the personal data is processed;
  • Issue of this document and informing on the processes of processing and ensuring the safety of the personal data as well as the policy and processes aimed at preventing and identifying any violations of the legislation of the Russian Federation;
  • Development and sharing of other documents related to the required safety of the personal data;
  • Taking all necessary legal, organizational and technical measures to ensure the personal data safety;
  • Internal audits to ensure the compliance with the requirements of Federal Law On Personal Data No. 152-FZ dated July 27, 2006;
  • Modeling of threats to the safety of the personal data processed and exercising the necessary control;
  • Development and implementation of data breach response plans;
  • Bringing to the notice of the Company’s employees who process the personal data of the provisions of Federal Law On Personal Data No. 152-FZ dated July 27, 2006; and
  • Taking the legal, organizational and technical measures required to protect the personal data from unauthorized or accidental access thereto, its destruction, modification, blocking, copying, dissemination and from any other unlawful actions in relation to the personal data.

12.3 To authorize access to the Platform, the User’s login (e-mail address or mobile phone number) and password shall be used. The User shall be liable for the integrity of that information. The User may not transfer his/her own login and password to any third parties and shall take steps to ensure their confidentiality.

12.4 In order to ensure more reliable protection of the information on the Users, the Company shall use a system for linking the page to the mobile phone. To implement that system, the User must provide the Company with his/her mobile phone number. As part of the system for linking the page to the mobile phone, if the User loses his/her login or password, he/she can restore access to the page using a recovery code contained in the SMS message that the User receives on his/her mobile phone.

13. Limitation of Company’s Liability

13.1 The Company shall not be liable for actions of any third parties which use of the Internet or the Platform has resulted in obtaining access to the information on the User in accordance with the privacy level chosen by the User and for any consequences of using any information that is available to any Internet user due to the Platform nature. The Company recommends that the Users take a responsible approach to deciding on the scope of information on themselves that is posted on the Platform.

14. User Requests

14.1 The data on the Information, including the User’s personal data, that is processed by the Company in connection with his/her use of the Platform shall be provided to the User or his/her representative upon request.

14.2 Requests shall be sent in writing to the address of the Company location or in any other form provided for by the current legislation of the Russian Federation.

14.3 The User may revoke his/her consent to the processing of his/her personal data by sending a written request to the Company at its location in accordance with the requirements of the current legislation.