Privacy policy

1. INTRODUCTION

1.1. This document defines the policy of ROYAL CAKE LLC (hereinafter referred to as the Company) regarding the processing and use of personal data (hereinafter referred to as PD).

1.2. This Policy has been developed in accordance with the current legislation of the Russian Federation on personal data.

1.3. This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, carried out with the use of automation tools and without use of such funds.

2. PRINCIPLES OF PROCESSING PERSONAL DATA

The processing of personal data is carried out on the basis of the following principles:

1) The processing of personal data is carried out on a legal and fair basis;

2) The processing of personal data is limited to the achievement of specific, predetermined and legal purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed;

3) It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;

4) Only those personal data that meet the purposes of their processing are subject to processing;

5) The content and volume of processed personal data correspond to the stated processing objectives. The processed personal data are not redundant in relation to the stated purposes of processing;

6) When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the stated purposes of their processing is ensured.

7) The storage of personal data is carried out in a form that makes it possible to determine the subject of personal data no longer than the purpose of processing personal data requires, if the storage period for personal data is not established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

8) The company in its activities proceeds from the fact that the subject of personal data provides accurate and reliable information during interaction with the Company and notifies the representatives of the Company about changes in his personal data.

3. USE OF PERSONAL DATA

3.1. The Company processes personal data of customers and customers-visitors to the Company’s online store. For these categories of personal data subjects, the purposes of processing their personal data are determined.

3.2. When using the information posted on the official website of the Company (hereinafter referred to as the Site), the technical means of the Site automatically recognize the network (IP) addresses and domain names of each information user.

3.3. The information and email addresses of persons using the interactive services of the Site and (or) sending emails to the addresses indicated on the Site referred to in clause 3.2, information about which pages of the Site were accessed by information users, and other information (including personal information) information provided by users is stored using the software and hardware of the Site for the following purposes:

  • Information about the users of information accumulated and stored in the technical means of the Site is used solely for the purpose of improving the methods and methods of presenting information on the Site, improving the service of information users, identifying the most visited pages and interactive services of the Site, keeping statistics of visits to the Site.

Also, personal data of personal data subjects are processed in order to sell goods through the Site, or through a store and provide subsequent services, such as delivery of goods, assembly and warranty service.

3.4. The Company processes the following categories of personal data:

  • Data specified in clause 3.3, as well as personal data obtained using various technologies such as cookies, flash cookies and web beacons when visiting the Site;
  • Registration data provided by the buyer on the Site – last name, first name, patronymic, telephone number, delivery address, zip code, e-mail address.

3.5. Outside of the limits specified in clause 3.3, information about information users cannot be used or disclosed in any way. Only persons specially authorized to carry out the work specified in clause 3.3 and warned of responsibility for accidental or deliberate disclosure or unauthorized use of such information have access to such information.

3.6. Any information that is derivative with respect to the information listed in clause 3.2 is presented for subsequent use (distribution) only in a generalized form, without specifying specific network addresses and domain names of information users.

3.7. Sending any electronic messages to the network addresses of information users, as well as posting on the Site hyperlinks to the network addresses of information users and (or) their Internet pages are allowed only if such mailing and (or) posting is expressly provided for by the rules of use of the corresponding interactive service and for such mailing and (or) posting the prior consent of the user of the information was obtained. Correspondence with users of information that is not related to the use of interactive services of the Site or other information sections of the Site is not carried out.

4. TERMS OF PROCESSING OF PERSONAL DATA

4.1. The processing of personal data is carried out in compliance with the principles and rules established by the Federal Law “On Personal Data”. The processing of personal data is allowed in the following cases:

1) The processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;

2) The processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law, for the implementation and implementation of the functions, powers and duties imposed by the legislation of the Russian Federation on the operator;

3) The processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;

4) the processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as for concluding an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor;

5) the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject, if it is impossible to obtain the consent of the personal data subject;

6) the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;

7) the processing of personal data is carried out for statistical or other research purposes, subject to the mandatory depersonalization of personal data. An exception is the processing of personal data in order to promote goods, works, services on the market by making direct contacts with a potential consumer using communication means, as well as for political campaigning;

8) processing of personal data is carried out, access to an unlimited number of persons to which is provided by the subject of personal data, or at his request (hereinafter – personal data made publicly available by the subject of personal data);

9) processing of personal data subject to publication or mandatory disclosure in accordance with federal law.

4.2. The Company may include the personal data of subjects in publicly available sources of personal data, while the Company takes the subject’s written consent to the processing of his personal data.

4.3. The Company can process special categories of personal data related to race, nationality, health status, while the Company undertakes to take the subject’s written consent to the processing of his personal data

4.4. Biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to establish the identity of the subject of personal data) are not processed in the Company.

4.5. The company carries out cross-border transfer of personal data only to the territory of foreign states that provide adequate protection of the rights of subjects of personal data.

4.6. The adoption, on the basis of exclusively automated processing of personal data, of decisions that generate legal consequences in relation to the subject of personal data or otherwise affecting his rights and legitimate interests is not carried out.

4.7. Under the terms of the license to carry out the activities of the Company, there is no prohibition on the transfer of personal data to third parties without the consent in writing of the subject of personal data.

4.8. In the absence of the need for the subject’s written consent to the processing of his personal data, the consent of the subject can be given by the subject of personal data or his representative in any form that allows him to receive the fact of its receipt.

4.9. The company has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person (hereinafter referred to as the operator’s order). At the same time, the Company in the contract obliges the person who processes personal data on behalf of the Company to comply with the principles and rules for processing personal data provided for by this Federal Law.

4.10. If the Company entrusts the processing of personal data to another person, the Company bears responsibility to the subject of personal data for the actions of this person. The person who processes personal data on behalf of the Company is responsible to the Company.

4.11. The company undertakes and obliges other persons who have access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.

5. OBLIGATIONS OF THE COMPANY

In accordance with the requirements of Federal Law No. 152-FZ “On Personal Data”, the Company is obliged to:

  • Provide the subject of personal data, upon his request, with information regarding the processing of his personal data, or legally provide a reasoned refusal containing a link to the provisions of the Federal Law.
  • At the request of the subject of personal data, clarify the processed personal data, block or delete if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing.
  • Maintain a Log for recording requests from subjects of personal data, which should record requests from subjects of personal data for obtaining personal data, as well as the facts of providing personal data for these requests.
  • Notify the subject of personal data about the processing of personal data in the event that the personal data was not received from the subject of personal data. The exceptions are the following cases:
    1. The PD subject is notified of the processing of his PD by the relevant operator;
    2. PD received by the Company on the basis of federal law or in connection with the execution of an agreement to which the PD subject is a party or a beneficiary or guarantor;
    3. PD made by the publicly available PD subject or obtained from a publicly available source;
    4. The company processes PD for statistical or other research purposes, for the implementation of the professional activity of a journalist or scientific, literary or other creative activity, if this does not violate the rights and legitimate interests of the PD subject;
    5. Providing the PD subject with the information contained in the Notification of PD processing violates the rights and legitimate interests of third parties.
  • not exceeding thirty days from the date of receipt of the said review, unless otherwise provided by an agreement between the Company and the subject of personal data. The Company is obliged to notify the subject of personal data about the destruction of personal data.
  • In the event of a request from the subject to stop processing personal data in order to promote goods, works, services on the market, immediately stop processing personal data.
  • Carry out the processing of personal data only with the consent in writing of the subject of personal data, in the cases provided for by the Federal Law.
  • Explain to the subject of personal data the legal consequences of refusing to provide his personal data, if the provision of personal data is mandatory in accordance with Federal Law.
  • Notify the subject of personal data or his representative about all changes concerning the relevant subject of personal data.

6. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

6.1. When processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.

6.2. Ensuring the security of personal data is achieved, in particular:

  • identification of threats to the security of personal data during their processing in personal data information systems;
  • the use of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for the protection of personal data, the implementation of which is ensured by the levels of personal data protection established by the Government of the Russian Federation;
  • the use of the procedure for assessing the compliance of information protection means that have passed in the prescribed manner;
  • assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
  • taking into account machine media of personal data;
  • detection of facts of unauthorized access to personal data and taking measures;
  • restoration of personal data modified or destroyed due to unauthorized access to them;
  • establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
  • control over the measures taken to ensure the security of personal data and the level of security of information systems of personal data.
  • assessment of harm that may be caused to subjects of personal data in case of violation of the legislation of the Russian Federation in the field of personal data, the ratio of this harm and measures taken to ensure compliance with the legislation of the Russian Federation in the field of personal data.