Privacy Policy

1.This Policy applies to the confidential information and personal data that CALIPTA Limited Liability Company (hereinafter "the Operator") may receive from persons entering into the relations of using the CALIPTA application (hereinafter "the Application" or "the Service") with the Operator, as well as websites owned by the Operator and any programs and services available on them.
2.The rules and requirements stipulated by this Policy for the Application also apply to websites, unless directly stated otherwise in the Policy.
3. The Policy is adopted to protect the rights and legal interests of the citizens who have installed or intend to install the Application, who use or intend to use the website (hereinafter "the Users").
4. Using the Application or the website implies the User's unqualified consent with this Policy and the User's personal data processing terms and conditions stipulated therein; should the User disagree with these terms and conditions, they shall refrain from using the Application and the website.
Confidential information is understood as follows for the purposes of this Policy:
4.1. Personal information that the User provides of their own accord during authorization or use of the Application, including the User's personal data. The Operator visually highlights the information that must be provided. The information not indicated as mandatory is provided at User's discretion.
4.2. The data automatically transmitted to the Service or the website during the use thereof via the software installed on the User's device, including the IP address, the cookie information, the information on the User's device, location, browser (or any other program used to gain access to the Services), time of access, and the requested page address.
4.3. Other information about the User, the collection and/or provision of which is related to using the Service or the website.
5. The Policy is the basis for Operator's organization of processing and protection of personal data from personal data subjects that determines:
- the principles of personal data processing that the Operator is guided by in its activities;
- the legal grounds for personal data processing;
- the purposes of personal data processing, the categories and list of the processed personal data, the categories of personal data subjects whose personal data is processed, the methods and timeframes of personal data processing and storage, and the procedure of its destruction;
- the key actors in the personal data processing and protection management system;
- the fundamentals of organizing the process of personal data processing management;
- the fundamentals of the procedure of considering the messages from personal data subjects on issues of personal data processing;
- measures for ensuring personal data confidentiality and security;
- rights and obligations of the personal data Operator and subjects.
6. The requirements of this Policy are mandatory for all Operator's Workers.
7.By filling in the required field on consent with Personal Data processing, the User thereby gives their consent to processing their personal data and confirms that they agree with the provisions of this Policy. Continuing to use is understood as following any link, switching to a different page, filling in subsequent fields, clicking any button, viewing content, or any other active actions by the User.
8. Personal data processing and protection is guided by the following principles:
8.1. personal data is processed on legal grounds and fairly;
8.2. personal data processing is limited by previously defined and legal purposes of personal data processing; specifically, processing personal data incompatible with the purposes of personal data collection (receipt) is avoided;
8.3. only the personal data that matches the purposes of personal data processing is processed;
8.4. no combination of databases containing personal data that are processed for mutually incompatible purposes is allowed;
8.5. the content and volume of the processed personal data match the declared purposes of personal data processing; specifically, no processing of personal data in excess of the declared purposes of its processing is allowed;
8.6. accuracy of personal data, its sufficiency, and, whenever necessary, currency in relation to the purposes of personal data processing is ensured;
8.7.personal data is stored in the format enabling the establishment of the personal data subject no longer than required by the purposes of its processing, unless a different personal data storage term is stipulated by the legislation of the Russian Federation or a contract where the personal data subject is the beneficiary or the guarantor;
8.8. personal data is destroyed or caused to be destroyed (if personal data is processed by a different person acting on the Operator's instructions) once the purposes of its processing are achieved or when achieving these purposes loses relevance, unless otherwise stipulated by the legislation of the Russian Federation.
9. The legal grounds for personal data processing that authorize personal data processing by the Operator are:
9.1. the consent of the personal data subject for personal data processing taking into account the requirements stipulated by the legislation of the Russian Federation for the respective category of personal data;
9.2. provisions of the legislation of the Russian Federation on handling personal data, including, without limitation, Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data", the Civil Code of the Russian Federation (parts 1–4), the Labor Code of the Russian Federation, Law of the Russian Federation No. 2300-1 dated 07.02.1992 "On Consumer Rights Protection", Decree of the Government of the Russian Federation No. 1119 dated 01.11.2012 "On Approving Requirements to Personal Data Protection During Processing in Personal Data Information Systems";
9.3. Service's user agreement;
9.4.court orders or orders of another authority or official that must be implemented by the Operator in accordance with the provisions of the legislation of the Russian Federation on enforcement proceedings.
10. Personal data of personal data subjects is processed by the Operator for the previously defined purposes. Depending on the specific purposes of personal data processing, such processing may include, among other measures, taking all or some of the following actions (making transactions) with personal data: collection (receipt), recording, systematization, accumulation, storage, correction (updating, modification), retrieval, use, transfer (dissemination, provision, access), anonymization, locking, deletion, and destruction of personal data.
11. The Operator may:
11.1. independently determine the content and list of measures necessary and sufficient to ensure the performance of duties stipulated by the Law "On Personal Data" and other pieces of legislation adopted in relation thereto, unless otherwise stipulated by the Law "On Personal Data" or other federal laws;
11.2. delegate personal data processing to another person with the consent of the personal data subject, unless otherwise stipulated by a federal law, based on the contract signed with this person. The person processing personal data on the Operator's instructions shall comply with the principles and rules of personal data processing stipulated by the Law "On Personal Data".
11.3. should the personal data subject withdraw their consent to personal data processing, the Operator may continue to process such personal data without the consent of the personal data subject subject to the existence of grounds stipulated in the Law "On Personal Data".
12. The Operator shall:
12.1. organize personal data processing in compliance with the requirements of the Law "On Personal Data";
12.2. respond to messages and requests from personal data subjects and their legal representatives in compliance with the requirements of the Law "On Personal Data";
12.3. submit the required information to the competent authority on protection of rights of personal data subjects (hereinafter Roskomnadzor) following this authority's request within 10 business days from receiving such a request.
13. A personal data subject may:
13.1. receive information related to processing of their personal data with the exception of cases stipulated by federal laws. The information shall be provided by the Operator to the personal data subject in an accessible format and shall contain no personal data related to other personal data subjects with the exception of cases when there are legal grounds for disclosing such personal data. The list of information and the procedure of its procurement is stipulated by the Law "On Personal Data".
13.2.demand that the Operator correct the subject's personal data, lock or destroy it in case the personal data is incomplete, outdated, inaccurate, procured illegally, or unnecessary for the declared processing purpose, and also seek legal remedies to protect their rights;
13.3.file a complaint with Roskomnadzor or a lawsuit regarding Operator's unlawful actions or inaction during the subject's personal data processing.
13.4.A personal data subject may exercise their right to procure information related to their personal data processing and the right to correct their personal data, lock, or destroy it by submitting a written request to the Operator or filling in a feedback form. In both cases, such a request shall unambiguously identify the personal data subject, contain a signature and details of the requester's identification document.
14. By using the Service, the subject independently provides their personal data by filling in the corresponding fields. By providing their personal data, the subject confirms that they have read the Policy and agree with it. The subject gives consent to data processing freely, on their own accord and in their own interests. The subject gives consent to personal data processing during registration, having read the text of the Policy.
15. The subject may withdraw their consent to personal data processing at any time according to the procedure stipulated by the Policy.
16. Personal data is only processed to achieve specific, previously defined, and legal purposes. Personal data processing incompatible with the personal data collection purposes is not allowed. Only personal data that matches the purposes of its processing may be processed.
17. The content and volume of the processed personal data shall match the declared processing purposes stipulated in this section. The processed personal data shall not be excessive in relation to the declared purposes of its processing. Personal data is processed by the Operator with the following purposes:
17.1.actually performed key activities in accordance with the Operator's articles of association;
17.2. provision of access to the Service's full functionality;
17.3.information exchange with public authorities and local self-governance bodies;
17.4. entering into and performing under contracts between Users and Partners of the Service posting their offerings on the Service;
17.5. exercising rights and legal interests of the Operator and third parties, specifically on matters related to settling disputes and other conflicts;
17.6. Operator's support of financial transactions on payments for Orders made by the User;
17.7 sending Users informational messages and advertising materials and assessing the efficiency of marketing campaigns;
17.8. compliance with legislative requirements on health and safety, as well as laws on advertising.
18.The Operator processes the following categories and list of customers' personal data:
18.1. full name;
18.2.date of birth;
18.3. gender;
18.4. place of birth;
18.5. citizenship;
18.6.registered address;
18.7.mobile phone number;
18.8. email address;
18.9.details of the identification document and its scanned copy;
18.10.bank details (account number, card number, credit organization details) and information on the remuneration amount and other payments;
18.11. individual taxpayer number;
18.12.contact details;
18.13. picture, voice recording, and video recording;
18.14. information on marital status, financial situation, and occupation;
18.15. information on health, medical history, and medical recommendations.
19. The Subject's personal data is processed at a cloud provider's based on the corresponding agreement between the Operator and the cloud provider to achieve the purposes of subject's Personal Data processing while maintaining the privacy and security of the Personal Data.
20. The Operator implements aggregated processing of customers' personal data for the purposes specified in this section of the Policy and transmits this data via their internal network and via Internet.
21. The list of actions performed by the Operator with personal data includes collection, recording, systematization, accumulation, storage, correction (updating, modification), retrieval, use, transfer (sharing, access), locking, deletion, and destruction.
22.The Operator does not sell user data, that is, does not transfer user data to third parties for the purpose of receiving a monetary income.
23.The Operator takes the necessary organizational and technical measures to protect personal and confidential user data from unlawful or accidental access, destruction, modification, locking, copying, dissemination, and other unlawful actions by third parties.
24.Persons who have, via the Service or otherwise, provided information about another personal data subject to the Operator without the consent of the subject whose personal data was transferred are held liable in accordance with the legislation of the Russian Federation.
25. The processed personal data is subject to destruction upon expiration of the personal data processing term; upon achieving the personal data processing purposes; upon losing the need for achieving the personal data processing purposes; upon receiving a withdrawal of consent to personal data processing; and upon Operator's exclusion from the Unified State Registry of Legal Entities.
26. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, locking, dissemination, and other unauthorized actions, including the following measures:
26.1. determine threats to personal data security during its processing;
26.2.adopt in-house policies and procedures and other documents regulating the relations in personal data processing and protection;
26.3. appoint persons in charge of assuring personal data security in Operator's structural units and information systems;
26.4. create the necessary conditions for handling personal data;
26.5. organize tracking of documents containing personal data;
26.6.organize work with information systems where personal data is processed;
26.7. store personal data in conditions that ensure its integrity and prevent unauthorized access;
26.8. organize training for Operator employees involved in personal data processing.
27. In order to respect the rights and legal interests of the Users, to meet the deadlines of handling incoming messages and/or requests, take high-quality comprehensive measures on User's lawful demand and provide the necessary information upon receiving User's message and/or request, the Operator receives and handles incoming messages and controls such receipt and handling. When considering messages and/or requests, the Operator is guided by provisions of the legislation of the Russian Federation, under which such a request and/or message submitted by a personal data subject shall contain the information stipulated by the legislation of the Russian Federation. The Operator provides information and/or takes other actions in relation to the received messages and/or requests from Users within the scope and deadlines stipulated by the legislation of the Russian Federation. The deadline for answering a subject's message and/or request of information in relation to processing of the subject's personal data, as stipulated by the legislation of the Russian Federation, may be extended based on the stipulated restrictions, whereupon a motivated notice is sent to the User, containing information on the reasons for extending the deadline of providing the requested information. Having received a message and/or request from the User and verified its legitimacy, the Operator provides to the User and/or their Representative authorized to represent the interests of the personal data subject the information specified in the request in the format, in which the corresponding message or request was sent, unless otherwise requested in the message or request; and/or takes other measures, as the case may be, depending on the specific features of the message and/or request. The information provided by the Operator may not contain personal data of other Users with the exception of cases when there are legal grounds for disclosing such personal data. The Operator has the right to refuse to satisfy the User's demands included in the message and/or request by sending the User or its Representative a motivated refusal if the Operator has legal grounds to refuse to satisfy the received demands in accordance with the legislation of the Russian Federation.