Privacy Policy

PRIVACY POLICY

Version #1 dated: May 29, 2020

1. GENERAL PROVISIONS

The Privacy Policy (then referred to as the Policy) is published LLC GULT GMBH OGRN 1202000004887, TIN / KPP 2011004057 / 201101001, OKPO 46200744, location: Business address: Russia, 366108 , Chehen Republic, Shelkovskoy region, Shelkovskaya station, 1B Street named after R. Mazhatov, office 17. Postal address: Russia 107370, Moscow, 6 Marshal Rokossovsky Boulevard, building 1A, office 376, tel. : 8 800 500 3223 (then Operator) to inform about the policy implemented by the Operator regarding the processing of personal data of users of the Operator’s website subjects of personal data (then referred to as the User).

1.2. The Policy has been developed and published by the Operator in accordance with local law.

1.3. The policy was developed in order to implement the requirements of the legislation in the field of processing and protection of personal data and is aimed at ensuring the protection of the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.

1.4. The policy contains information subject to disclosure, is a public document and is located at:  https://gult.eu/.

1.5. To keep up to date the documents that define the Operator’s policy regarding the processing of personal data, the Operator has the right to change this Policy at any time by publishing the appropriate changes. This Policy may not be changed except by posting the amended document on the Site.

2. BASIC CONCEPTS

2.1. Automated processing of personal data is the processing of personal data using computer technology.

2.2. Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).

2.3. Personal data information system is a set of personal data contained in databases, and information technologies and technical means that ensure their processing.

2.4. Confidentiality of personal data is the obligation of the Operator and other persons who have gained access to personal data not to disclose to third parties and not to distribute them without the consent of the subject of personal data, unless otherwise provided by federal law.

2.5. Depersonalization of personal data – actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data by a specific User or other subject of personal data.

2.6. Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.7. Personal data operator is independently or dependently with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, their composition to be processed, actions (operations) performed with persons.

2.8. Personal data is any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).

2.9. User is any visitor to the site https://gult.eu/.

2.10. Providing personal data – actions aimed at disclosing personal data to a specific person or a certain circle of persons.

2.11. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or familiarizing with personal data of an unlimited number of persons, including the disclosure of personal data in the media, placement in information and telecommunication networks or providing access to personal data in any other way.

2.12. Site is a set of programs for electronic computers and other information contained in the information system, access to which is provided through the Internet information and telecommunication network and located at: https://gult.eu/. The Site may contain links to other Internet resources. The Operator is not responsible for the confidentiality of information posted by the User on such resources.

2.13. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

2.14. Destruction of personal data – any actions as a result of which personal data is irretrievably destroyed with the impossibility of further restoration of the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

3. USER RIGHTS

3.1. The operator sets as its most important goal and condition for the implementation of its activities the observance of the rights and freedoms of a person and a citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.

3.2. The user has the right:

3.2.1. To receive personal data relating to the User and information regarding their processing;

3.2.2. To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;

3.2.3. To withdraw their consent to the processing of personal data;

3.2.4. To protect their rights and legitimate interests, including compensation for losses and compensation for moral damage in court;

3.2.5. To appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.

4. GROUNDS FOR PROCESSING PERSONAL DATA

4.1 The Operator processes personal data on a legal and fair basis to perform the functions, powers and duties assigned by law, to exercise the rights and legitimate interests of the Operator and the User.

4.2 The Operator receives personal data directly from the User and processes them only with the consent of the User. The Operator receives the User’s personal data if they are filled in and / or sent by the User independently through special forms located on the Site.

5. PROCESSING OF USERS’ PERSONAL DATA

5.1. This Policy establishes the obligations of the Operator for non-disclosure and provision of a regime for protecting the confidentiality of personal data that the User provides when using the Site.

5.2. The Operator processes Users’ personal data in order to comply with local laws, as well as for the following purpose(s):

5.2.1. Conclusion and execution of contracts. 5.2.2. Informing about new goods and services.

5.2.3. Preparation of individual offers.

5.2.4. Conducting advertising activities.

5.2.5. Providing Users with access to special information.

5.2.6. Processing applications on the Operator’s Website.

5.2.7. Publication on the website, in internal directories, address books of the organization.

5.2.8. Carrying out activities in accordance with the constituent documents.

5.3. The Operator processes the personal data of Users with their consent, obtained by putting a special mark ‘tick’ in the field under the personal data collection form posted on the Site.

5.4. Categories of personal data that the Operator collects in order to achieve the goals specified in paragraph 5.2. Policy:

5.4.1. Last Name.

5.4.2. Name.

5.4.3. Middle name.

5.4.4. Date of Birth.

5.4.5. The address of the actual place of residence and registration at the place of residence and (or) at the place of stay.

5.4.6. Contact number.

5.4.7. E-mail address.

5.4.8. The user ID stored in the cookie.

5.5. The Operator does not process special categories of personal data of Users.

5.6. The Operator does not process biometric categories of Users’ personal data.

5.7. This Policy applies only to information processed in the course of using the Site. The Operator does not control and is not responsible for the processing of information by sites and services of third parties, to which Users can follow the links available within the Site. 5.8. The Operator does not verify the accuracy of the personal data provided by the User and is not able to assess its legal capacity. However, the Operator assumes that the User provides reliable and sufficient personal data and keeps them up to date.

6. PROCESSING OF USERS’ PERSONAL DATA USING COOKIES

6.1. Cookies transmitted to Users’ technical devices can be used to provide Users with personalized features of the Site, for personalized advertising that is shown to Users, for statistical and research purposes, and to improve the Site.

6.2. Users are aware that the equipment and software they use to visit sites on the Internet may have the function of prohibiting the operation of cookies (for any sites or for certain sites), as well as deleting previously received cookies.

6.3. The Operator has the right to determine that the provision of certain functions of the Site is possible only if the acceptance and receipt of cookies is allowed by the Users.

6.4. The structure of the cookie file, its content and technical parameters are determined by the Operator and may change without prior notice to Users.

6.5. The counters placed on the site or application of the Site can be used to analyze Users’ cookies, to collect and process statistical information about the use of the Site, as well as to ensure the operation of the Site as a whole or its individual functions in particular. The technical parameters of the operation of the meters are determined by the Operator and may be changed without prior notice to the Users.

7. CONDITIONS FOR PROCESSING PERSONAL DATA OF USERS

7.1. The processing of personal data of Users is limited by the period for achieving the purposes of processing.

7.2. The Operator processes the personal data of Users in an automated way using computer technology, as well as in a non-automated way.

7.3. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

7.4. With regard to the personal data of the Users, their confidentiality is maintained, except in cases where the Users voluntarily provide information about themselves for general access to an unlimited number of persons.

7.5. The Operator has the right to transfer the User’s personal data to third parties in the following cases: 7.5.1. Users have agreed to such actions;

7.5.2. The transfer is necessary for the Users to use certain functions of the Site or for the execution of a certain agreement or contract;

7.5.3. The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law;

7.5.4. Such transfer occurs as part of the sale or other transfer of the business (in whole or in part), while the acquirer transfers all obligations to comply with the terms of this Policy in relation to the personal data received by him;

7.5.5. As a result of the processing of personal data of Users by depersonalization, anonymized statistical data has been obtained, which are transferred to a third party for research, performance of work or provision of services on behalf of the Operator;

7.5.6. Personal data of Users may be transferred to authorized state bodies on the grounds and in the manner established by applicable law.

7.5.7. The Operator takes the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

7.5.8. The Operator, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of personal data.

7.6. When processing personal data of Users, the Operator is guided by:

7.6.1. Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;

7.6.2. Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;

7.6.3. Decree of the Government of the Russian Federation of September 15, 2008 No. 687 “On Approval of the Regulations on the Features of the Processing of Personal Data Carried Out Without the Use of Automation Tools”;

7.6.4. Order of the FSTEC of Russia dated February 18, 2013 No. 21 “On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”;

7.6.5 Order of the Federal Security Service of Russia dated July 10, 2014 No. 378 “On approval of the Composition and content of organizational and technical measures to ensure the security of personal data when they are processed in personal data information systems using cryptographic information protection tools necessary to fulfill the requirements established by the Government of the Russian Federation to the protection of personal data for each of the security levels.

7.6.6. The Operator takes the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

7.6.7. The Operator, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of personal data.

8. MANDATORY RETENTION

8.1. The rights of the Users provided for by this Policy may be limited in accordance with the requirements of the current legislation. In particular, such restrictions may include the obligation of the Operator to keep the information changed or deleted by the Users for the period established by law, and / or transfer such information in accordance with the procedure established by law to a state body.

9. PERSONAL DATA SECURITY INFORMATION

9.1. The operator appoints a person responsible for organizing the processing of personal data to perform duties.

9.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:

9.2.1. Establishes the rules for access to personal data processed in the information system of the Operator, as well as ensures registration and accounting of all actions with them;

9.2.2. Makes an assessment of the harm that may be caused to Users.

9.2.3. Determines threats to the security of personal data during their processing in the information system of the Operator;

9.2.4. Takes organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;

9.2.5. Carries out the detection of facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them;

9.2.6. Evaluates the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator’s information system;

9.2.7. Carries out internal control over the compliance of the processing of personal data with the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Policy, the Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security during processing in the information system Operator.

10. CROSS-BORDER TRANSFER OF PERSONAL DATA

10.1. Before the start of the cross-border transfer of personal data, the operator is obliged to make sure that the foreign state to whose territory the transfer of personal data is supposed to be carried out provides reliable protection of the rights of subjects of personal data.

10.2. Cross-border transfer of personal data on the territory of foreign states that do not meet the above requirements can be carried out only if there is a written consent of the subject of personal data to the cross-border transfer of his personal data and / or execution of an agreement to which the subject of personal data is a party.

11. INFORMATION ABOUT THE OPERATOR

11.1. The database containing personal data of Users – citizens of the Russian Federation, is located on the territory of the Russian Federation.

11.2. In order to exercise their rights and legitimate interests, Users have the right to contact the Operator by sending an email to the Operator at policy@gult.store. The User can always refuse to receive informational messages by sending a letter to the Operator’s e-mail address specified in this paragraph with the note “Refusal of notifications about new products and services and special offers”. In case of detection of inaccuracies in personal data, the User can update them independently by sending a letter to the Operator’s e-mail address specified in this clause marked ‘Updating personal data’.