Personal data processing Policy of LLC "TC "CITYTEL",

194044, St. Petersburg, Pirogovskaya emb., 5/2, lit. A.

1.    GENERAL PROVISIONS

1.1.  The following terms are used in this Policy:

- Personal data operator – a legal entity, independently or jointly with other persons, organizing and /or processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Within the framework of this Policy, the operator of personal data is a Limited liability Company "VIBIJI" (LLC "VIBIJI", TIN 7825484852, OGRN 1027809183490, address 194044, St. Petersburg, Pirogovskaya nab., 5/2, lit. A, pom.49-N (Part P. 75) (hereinafter referred to as the Operator).

- The CITYTEL Group website (hereinafter referred to as the Website) is a set of interconnected web pages hosted on the Internet information and telecommunications network at a unique address (URL): https://city-tel.biz.

- Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data). 

Within the framework of this Policy, the subjects of personal data are the Users of the Site 

- The User of the CITYTEL Group Website (hereinafter referred to as the User) is a person who has access to the Website via the Internet and uses the Website.

- Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

- Automated processing of personal data - processing of personal data using computer technology.

- Confidentiality of personal data is a mandatory requirement for the operator or other person who has access to personal data to prevent their dissemination without the consent of the subject of personal data or the presence of other legal grounds.

- Database information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing.

1.2. Purpose of the Policy regarding the processing of personal data of Users:

- This Policy regarding the processing of personal data of Users of the Site defines the terms of collection, objectives, scope, procedure and conditions, terms of processing of personal data of the User, the rights and obligations of the Parties, and also contains information about the requirements for the protection of personal data of the User.

- This Policy establishes the obligations of the Operator for non-disclosure and ensuring the confidentiality of the User's personal data that the User provides when using the Site, its programs and services, and/or when subscribing to the newsletter by e-mail and/or by SMS.

1.3. Using the Site means the User's unconditional consent to this Policy. In case of disagreement with the conditions set out in the Policy, the User must refrain from using the Site, its programs and services offered.

2. METHODS AND PURPOSES OF COLLECTION, VOLUME OF PERSONAL DATA PROCESSED

2.1. Personal data is provided by the User by filling out forms on the Website. 
By submitting personal data, the User consents to their processing by the Operator.
The User decides to provide his personal data and agrees to their processing freely, voluntarily and in his interest. 

2.2. The User, by subscribing to receive the newsletter to the phone and / or email address (e-mail) specified by him during the subscription, gives his consent to provide the personal data specified by him during the subscription to third parties to whom the Operator entrusts the mailing, and to the processing of his personal data by these third parties. The Operator provides the User's personal data to third parties solely for the purposes and amounts necessary to send the User an e-mail newsletter and/or via SMS messages.

2.3. The Operator does not verify the accuracy of the personal data provided by the User, except in cases when such verification is necessary in order for the Operator to fulfill its obligations to the User.

2.4. The personal data allowed to be processed under this Policy includes the information necessary to communicate with the User, provide him with services, send the User newsletters by e-mail and / or SMS messages.
Such personal data includes:

2.4.1. User Name;
2.4.2. User's contact phone number;
2.4.3. e-mail address (e-mail)

The Operator does not process other personal data of the User, special categories of personal data of the User and biometric personal data of the User. 

2.5. The Operator may use the User's personal data for the following purposes:

2.5.1. providing the User with the services offered by the Operator, information about which is posted on the website;

2.5.2. establishing feedback with the User, including sending notifications, requests regarding the use of the Site, the provision of services, processing requests, requests, messages from the User;

2.5.3. sending the newsletter to the User: special offers, promotions, newsletters and other information and information on behalf of the Operator's Website (including through a third party to whom the Operator entrusts the mailing). 

2.5.6. forming a database of Users who have subscribed to the newsletter.

2.6. Processing of the User's personal data that is incompatible with the purposes of collecting personal data is not allowed.

2.7. The Operator processes standard information that is transmitted when the User visits the pages of the site and does not belong to the category of personal and does not allow to determine the identity of the User: 
- standard data automatically received by the server when accessing the Site and subsequent User actions (IP address, browser, Site pages visited by the User, date and time of Site visit);
- information automatically received when accessing the Site using cookies (a small piece of data sent by the web server and stored on the User's computer, which the web client or web browser sends to the web server each time in an HTTP request when trying to open the page of the corresponding site);
The processing of this information is carried out in order to ensure effective Site management and simplify navigation on the Site.
The user has the right to refuse the use of cookies and configure his browser so that it does not store cookies.

3.    PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING

3.1. The processing of the User's personal data by the Operator is carried out only in the ways provided for by law, including by collecting, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, destruction of personal data.

3.2. The Operator processes the User's personal data in a mixed way, both with the use of automation tools and without the use of automation tools.

3.3. The Operator ensures the confidentiality of the User's personal data and is obliged to prevent their transfer to third parties without the User's consent or the presence of other grounds provided for by this Policy or the current legislation of the Russian Federation. 

3.4. In order to send the newsletter to the User by e-mail and/or by SMS messages, the User's personal data may be transferred by the Operator to third parties to whom the Operator entrusts the mailing, and for the processing of his personal data by these third parties. The Operator provides the User's personal data to third parties solely for the purposes and amounts necessary to send the User an e-mail newsletter and/or via SMS messages. Third parties receiving the User's personal data are obliged to comply with the confidentiality regime and ensure the security of personal data.
The User has the right to unsubscribe and receive newsletters at any time by sending a message to the Operator's email address (e-mail) posted on the Site. Upon receiving a message from the User, the Operator undertakes to immediately stop processing his personal data processed for these purposes and ensure its termination by a third party. 

3.5. The Operator has the right to transfer the User's personal data to the bodies of inquiry and investigation, other authorized bodies, on the grounds provided for by the current legislation of the Russian Federation. 

3.6. The Operator does not carry out cross-border transfer of the User's personal data.

3.7. The User's personal data is processed by the Operator using databases located only on the territory of the Russian Federation.  

3.8. The processing of the User's personal data is terminated in the following cases:
- The user has withdrawn his consent to the processing of personal data;
- the purpose of processing the User's personal data has been achieved;
- The user has refused the newsletter by e-mail and/or by SMS messages 
- identification of illegal processing of personal data.

Upon termination of processing of the User's personal data, the Operator is obliged to destroy the User's personal data within the time limits provided for by the current legislation of the Russian Federation and ensure their destruction by a third party.

4.    RIGHTS AND OBLIGATIONS OF THE PARTIES:
4.1.    The User has the right to:
4.1.1. Make a free decision on the provision of their personal data necessary for the use of the Site and consent to their processing.

4.1.2. The User has the right to withdraw his consent to the processing of personal data by sending a message to the Operator's email address (e-mail) posted on the Website. 

4.1.3. The User has the right to receive information from the Operator concerning the processing of his personal data.

4.1.4. The User has the right to require the Operator to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights. 

4.2. The Operator is obliged to:

4.2.1. Use the received personal data and other information exclusively for the purposes specified in Section 2 of this Policy.

4.2.2. To process the User's personal data, as well as to ensure the confidentiality and protection of the processed personal data in accordance with the requirements of the Federal Law of the Russian Federation No. 152-FZ dated 27.07.2006 "On Personal Data" and regulatory legal acts adopted in accordance with it, other regulatory legal acts and the current legislation of the Russian Federation. 

4.2.3. When processing personal data, take the necessary legal, organizational and technical measures to protect the personal data received from the User from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to the personal data received from the User.

4.2.4. To provide the User, at his request, with information concerning the processing of his personal data. 

4.3.  For the purposes of operational interaction between the Operator and the User, the Operator's mailbox (e-mail) is organized on the Site, located on the Site in the "Contacts" section

5.    PERSONAL DATA PROTECTION

5.1.    The Operator takes measures necessary and sufficient to ensure the security of Users' personal data during processing.

5.2.    The Operator takes technical and organizational and legal measures to ensure the protection of the User's personal data during their processing in the information system, from unauthorized or accidental access to them, destruction, modification, copying, distribution, as well as from other illegal actions.

5.3.    The person responsible for organizing the processing of personal data and the list of persons who have access to Users' personal data is approved by the General Director of the Operator. 

5.4.    Persons who have access to the User's personal data must be familiarized with the provisions of the legislation of the Russian Federation on personal data, local acts of the Operator on personal data, including the requirements for the protection of personal data. 

5.5.    Persons who have access to the User's personal data have the right to receive only those personal data that are necessary to perform specific functions and for the purposes for which they are reported. 

5.6.    The Operator has organized a security regime for the premises in which personal data information systems are located, which prevents the possibility of uncontrolled penetration or stay in these premises of persons who do not have the right to access these premises.

5.7.    The Operator ensures the safety of personal data carriers. 

5.8.    The Operator detects the facts of unauthorized access to the User's personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them.

5.9.    The Operator determines the threats to the security of the User's personal data during their processing in personal data information systems.

5.10.    The Operator protects access to information systems of Users' personal data using licensed software products that prevent unauthorized access to them by third parties.

6.    FINAL PROVISIONS.

6.1. The current legislation of the Russian Federation applies to this Policy and the relations between the User and the Operator.
 
6.2. The Operator has the right to make changes to this Policy without the consent and notification of the User. 

6.3. This Policy is valid indefinitely, until it is replaced by a new Policy  

6.4. Changes made by the Operator to this Policy or a new Policy shall aplly from the moment it is posted on the Site, unless otherwise provided in the changes made to this Policy or the new version of the Policy.

6.5. The current Policy is posted on the Internet information and telecommunications network page at:  https://city-tel.biz/https://citytel.group/politika-konfidenczialnosti.