2. The purpose of this Policy is to ensure that the Information on the Users, including their personal data, is adequately protected from unauthorized access and disclosure.
3. The relations pertaining to the gathering, recording, systematizing, accumulating, storing, clarifying, extracting, using, transferring (disseminating, providing, accessing), depersonalizing, blocking, deleting, destructing personal data that is carried out with or without the use of automation tools as well as the protection of Information on the Platform Users shall be governed by this Policy and the Agreement as well as by the current legislation of the Russian Federation.
4. The use of the Platform shall be subject to the User’s consent to this Policy and the Agreement. Each time the Platform is accessed and/or actually used, the User agrees with the terms and conditions of this Policy and of the Agreement available at info.nutson.us/en/terms/ (hereinafter in the versions that were in force at the time the Platform was actually used). A number of terms used in the Policy shall have the meaning defined in the Glossary.
5. The current version of the Policy is available to any Internet user by clicking through info.nutson.us/en/privacy.html. This Policy may be amended by the Company. Any amendments to the Policy shall be made by the Company independently and enter into force on the day following the day such amendments are posted. The User shall independently read the amendments made to the Policy. If the User actually uses the Platform after the terms and conditions of this Policy are amended this shall mean that the User agrees with the new terms and conditions.
6. If the User disagrees with the terms and conditions of this Policy, the use of the Platform must be terminated immediately.
7. This document has been developed in accordance with:
8. The definitions used in this Policy and related to the personal data processing shall have the following meaning.
Automated Personal Data Processing
shall mean personal data processing with the use of computer equipment.
Personal Data Blocking
shall mean suspension of the personal data processing (except when the processing is required to clarify personal data).
Personal Data Information System
shall mean a set of personal data contained in databases and of information technologies and technical aids that ensure its processing.
shall mean data regardless of its form.
Personal Data Confidentiality
shall mean the requirement binding upon the controller or other person who has gained access to the personal data to prevent its dissemination without the consent of the personal data subject or other legal grounds.
Personal Data Depersonalization
shall mean actions that make it impossible to identify personal data in relation to a specific data subject without additional information.
Personal Data Processing
shall mean any action or series of actions taken with the personal data with or without the use of automated or electronic tools, including gathering, recording, systematizing, accumulating, storing, updating, modifying, extracting, using, transferring (disseminating, submitting, providing access to), depersonalizing, blocking, deleting and destructing personal data.
shall mean a public authority, a municipal authority, a legal entity (including Nutson Rus LLC) or an individual that independently or jointly with other persons arranges for and/or carries out the personal data processing and determines the purpose of personal data processing, the composition of personal data to be processed, the actions (operations) to be taken with the personal data.
shall mean any information that relates to a directly or indirectly identified or identifiable individual (personal data subject).
Personal Data Provision
shall mean disclosure of personal data to a specific person or a specific group of persons.
Personal Data Dissemination
shall mean disclosure of personal data to an undefined group of persons.
Data Subject (including Personal Data Subject)
shall mean the specified individual.
Cross-Border Transfer of Personal Data
shall mean the transfer of personal data to the territory of a foreign state, to a foreign public authority or a foreign individual or legal entity.
Personal Data Destruction
shall mean actions that make it impossible to restore the personal data in the personal data information system and/or result in the disposal of tangible media of personal data.
2. Terms of Using the Platform
2.1 Providing the services for using the Platform (hereinafter the “Platform Services”) and acting reasonably and in good faith, the Company believes that the User:
2.2 The Company shall not verify the reliability of the received (collected) information on the Users, unless such verification is required in order to fulfill the Company’s obligations to the User, is set forth by the Agreement, this Policy or is enshrined in the current legislation of the Russian Federation.
3. Purposes of Information Processing
The Company shall process the Information on the Users, including their personal data, in order to fulfill the Company’s obligations to the Users regarding the Platform use on the basis of the Agreement.
4. Legal Grounds for Personal Data Processing
4.1 The Company shall process the personal data in the following cases:
5. Nature of the Information on the Users
5.1 The Information processed by the Company shall include:
5.1.1 Credentials that shall be understood as:
The credentials received by the Company within the scope required and sufficient for their including in the personal data in accordance with the current legislation of the Russian Federation shall be processed by the Company as the personal data upon the terms and conditions of this Policy.
The Company shall process the above data in order to perform the Agreement with the User, in particular, to provide access to the Platform, to control and to administer the Platform, to confirm that the Platform account belongs to the Applicant who has made a request to restore access to the account.
5.1.2 Other data required for the Platform functioning, i.e.:
The Company shall process the above data in order to perform the Agreement with the User, in particular, to provide access to the Platform, to control and to administer the Platform, to improve the operation of and to customize the Platform.
5.2 Special categories of personal data relating to health, political opinions, religious or philosophical views and private life shall not be subject to processing.
5.3 The Company does not intend to process biometric data (in particular, does not use an image to identify the users) and special categories of data and does not process it.
5.4 By posting any information on himself/herself, the User understands that it may be available to an indefinite number of Internet users, subject to the desired level of settings.
6. Principles, Terms and Conditions and Procedure for Personal Data Processing by the Company
6.1 The Company shall gather, record, systematize, accumulate, store, update (correct, modify), extract, use, transfer (disclose, provide access), depersonalize, block, delete and destroy personal data.
6.2 The personal data storage periods shall be determined as follows.
6.2.1 The User’s credentials and other data shall be processed and stored on the territory of the Russian Federation, at that, they shall be stored on electronic media and processed with the use of automated systems only, except when the manual processing of credentials and other data is required in order to meet the legal requirements.
A cross-border transfer may be required to fulfill our contractual and legal obligations. Cross-border transfer of personal data shall be carried out on the territory of foreign states that are parties to the Council of Europe Convention for the Protection of Individuals Rights with regard to Automatic Processing of Personal Data as well as other foreign states that provide adequate protection of rights of personal data subjects in accordance with Federal Law On Personal Data No. 152-FZ dated July 27, 2006. If this is done, the transfer will be protected by the contract that controls the delegation of processing in accordance with a standard that is at least equal to all requirements of the legislation of the Russian Federation, unless otherwise permitted by the legislation of the Russian Federation. The purposes of any cross-border data transfer shall be to ensure the functionality of the Platform that is declared to the User in order to facilitate the provision of this functionality or may include the need to comply with any applicable law when the relevant law permits the data transfer. Any data transferred to any third parties, regardless of whether it is related to the cross-border transfer, will be minimized and depersonalized, as far as this is expedient for protecting individuals and their personal data.
6.2.2 The credentials and other data shall be stored by the Company until the purposes of their processing are achieved, i.e., during the term of the Agreement with the User.
In case the account is deleted, the Company shall store on its electronic media the necessary credentials and other data of the User for the period required and established by the current legislation of the Russian Federation. In case the User deletes his/her personal page independently, he/she shall have the right to restore his/her personal page within 30 days from the time of its deletion.
6.3 We process personal data in a lawful and fair manner.
6.3 We warrant the accuracy, sufficiency and relevance of all personal data that is processed in accordance with all disclosed purposes of data processing.
6.3 The Company shall not disclose or disseminate the personal data to any third parties without the consent of the personal data subject, except as provided for by this Policy.
6.3 The Company shall not make any decisions that create legal implications in relation to the personal data subject or otherwise affect his/her rights and lawful interests, on the basis of automated personal data processing only.
6.3 The Company shall process the personal data manually and using computer equipment. We comply with the requirements for automated and non-automated personal data processing that are established by Federal Law On Personal Data No. 152-FZ dated July 27, 2006 and regulatory legal acts adopted in accordance therewith.
6.3 Termination of Processing of Credentials and Other Data.
Upon achieving the purposes of processing the credentials and other data, the Company shall stop processing the credentials and other data in one of the ways provided for by Federal Law On Personal Data No. 152-FZ dated July 27, 2006. Notwithstanding the foregoing, we may store your Information in a summarized and depersonalized format after you have stopped using the Platform.
6.9 Transfer to Third Parties.
6.9.1 We shall transfer your personal data and other Information to the following third parties:
We will transfer your Information to any member, subsidiary, parent or affiliate of our group of companies for the purposes set out above only.
We will transfer your Information to law enforcement authorities, public authorities or other entities if this is required by law or if such transfer is necessary in order to:
7.1 Cookies are small pieces of data that websites request from the browser used on the User’s computer or mobile device. Cookies are stored locally on the User’s computer or mobile device. Cookies contain the information that enables to determine the User’s preferences, the information on the equipment used, the date and time of the session, etc.
7.2 The Company shall gather and process Cookies in relation to the Users visiting the Platform. Cookies shall be processed by the Company solely for the purpose specified in clause 3 of this Policy, upon the terms and conditions and in the manner determined by this Policy.
7.3 We use the following Cookies:
7.4 Cookies received by the Company may be processed by Yandex.Metrika web analytics services.
7.5 The User may refuse to have Cookies processed by the services specified in clause 7.4 of this Policy when logging in the Platform. In this case, the Company will use those Cookies that are specified in clause 7.3 of the Policy only.
8. Users’ Rights and Obligations
8.1 The Users shall have the right to:
8.1.1 Provide free gratuitous access to the information on themselves by logging in the User’s account.
8.1.2 Independently modify and correct information on themselves in their account, provided that such modifications and corrections contain up-to-date and reliable information.
8.1.3 Remove information on themselves from their account.
8.1.4 Request that the Company clarifies their credentials, blocks or destroys them if such data is incomplete, outdated, unreliable, unlawfully obtained or is not required for the stated purpose of processing and if it is impossible to take the above actions independently.
8.1.5 Upon request, receive the information on the processing of their credentials from the Company.
8.1.6 Change the settings of the User’s mobile device by disabling the option for processing the User’s location data.
8.1.7 Change the settings of the User’s mobile device by disabling the option for processing the User’s contacts in the phone book of the mobile device.
8.2.8 As the Platform is a universal means of communication and people search and the core function of the Platform is to restore contacts and to keep in touch with the existing and new acquaintances, the following information on the authorized User shall be available to Internet users:
8.3 The User shall independently determine the terms and conditions and provide access to his/her personal data to the general public, including by signing up and using the standard functionality of the Platform. The Company shall not initiate or influence such choice of the User and shall not aim at obtaining the User’s permission to disseminate his/her personal data. The Company shall process the personal data made by the User available to the general public on the basis of and in accordance with the terms and conditions of the Agreement.
8.4 The Company shall not be liable for the disclosure of the User’s credentials by other Platform Users who have gained access to such data.
8.5 When the credentials (or other user information) are deleted from the User’s account or the account is deleted from the Platform, any information on the User copied by other Users or stored on other Users’ pages shall be saved.
9. Personal Data Confidentiality
9.1 The Company has information security and confidential information management systems that help ensure the security and the confidentiality of the personal data.
9.2 Access to the personal data shall be provided to those persons only who need it to perform their duties.
9.3 The employees are trained in methods and ways of the secure personal data processing.
9.4 The rights, duties and liability of the employees who process the personal data are set out in their employment contracts and/or job descriptions.
10. Updating, Modifying, Deleting and Destroying Personal Data
10.1 Except as provided by law, the Company shall stop to process the personal data in the following cases:
10.2 If the purpose of the personal data processing is achieved, the Company shall stop to process the personal data and destroy it within thirty (30) days from the date of achieving the purpose of the personal data processing, except when the law requires to process the personal data for a longer period.
10.3 If the personal data subject revokes his/her consent to the processing of his/her personal data, we shall stop processing it within thirty (30) days from the date the revocation is received, except when the law requires to process the personal data for a longer period.
10.4 The Company shall inform the personal data subject or his/her representative on the availability of the personal data related to the subject. At the request of the personal data subject or his/her representative, the Company shall provide him/her with that personal data within thirty (30) days from the date the request is received.
11. Responses to Subjects Requests for Access to Personal Data
11.1 At the request of the personal data subject or his/her representative, the Company shall provide a response whether the personal data related to the relevant personal data subject is available and grant the opportunity to examine that personal data within thirty (30) days from the date the request is received.
11.2 At the request of the personal data subject or his/her representative as well as at the request of the Federal Service for Supervision of Communications, Information Technology, and Mass Media, the Company shall block any unlawful processing of personal data immediately after the request for the investigation period and on an ongoing basis thereafter, if required.
11.3 The Company shall correct, clarify and modify any inaccurate personal data within seven (7) business days after the personal data subject or his/her representative contacts the Federal Service for Supervision of Communications, Information Technology, and Mass Media and provides the necessary documents.
11.4 If any unlawful personal data processing is identified, we will stop the unlawful processing of personal data within three (3) business days.
11.5 Unless otherwise permitted by law, the Company shall inform the personal data subject or his/her representative on any processing of the personal data relating to the personal data subject and, if required, provide a copy of such data within thirty (30) days from the date the request is received.
12. Steps to Ensure the Fulfillment of Obligations of the Personal Data Controller Established by Articles 18.1, 19 of Federal Law On Personal Data No. 152-FZ dated June 27, 2006.
12.1 The Company obtains the personal data directly from the data subjects and their legal representatives. At that, the Company warrants the compliance with the requirements of Federal Law On Personal Data No. 152-FZ dated June 27, 2006.
12.2 In accordance with Federal Law On Personal Data No. 152-FZ dated July 27, 2006 and other enactments based thereon, the Company has taken the following steps:
12.3 To authorize access to the Platform, the User’s login (e-mail address or mobile phone number) and password shall be used. The User shall be liable for the integrity of that information. The User may not transfer his/her own login and password to any third parties and shall take steps to ensure their confidentiality.
12.4 In order to ensure more reliable protection of the information on the Users, the Company shall use a system for linking the page to the mobile phone. To implement that system, the User must provide the Company with his/her mobile phone number. As part of the system for linking the page to the mobile phone, if the User loses his/her login or password, he/she can restore access to the page using a recovery code contained in the SMS message that the User receives on his/her mobile phone.
13. Limitation of Company’s Liability
13.1 The Company shall not be liable for actions of any third parties which use of the Internet or the Platform has resulted in obtaining access to the information on the User in accordance with the privacy level chosen by the User and for any consequences of using any information that is available to any Internet user due to the Platform nature. The Company recommends that the Users take a responsible approach to deciding on the scope of information on themselves that is posted on the Platform.
14. User Requests
14.1 The data on the Information, including the User’s personal data, that is processed by the Company in connection with his/her use of the Platform shall be provided to the User or his/her representative upon request.
14.2 Requests shall be sent in writing to the address of the Company location or in any other form provided for by the current legislation of the Russian Federation.
14.3 The User may revoke his/her consent to the processing of his/her personal data by sending a written request to the Company at its location in accordance with the requirements of the current legislation.