Privacy Policy

1. General Provisions

This personal data processing policy has been drawn up in accordance with the requirements of the Federal Law dd. 27.07.2006. No. 152-FZ 'On Personal Data' (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data taken by Mastoo, LLC (hereinafter referred to as the Operator).

1.1. The most important goal and condition for the implementation of activity, set by the Operator, is to comply with the rights and freedoms of a person and citizen while processing their personal data, including the protection of the rights to privacy, personal and family secrets.

2. Key Rights and Obligations of the Operator

2.1. The Operator is entitled to:

– obtain reliable information and/or documents containing personal data from Personal Data Subject;

– independently define the contents and list of measures necessary and sufficient to secure the fulfilment of obligations provided by the Personal Data Law and legal acts adopted in compliance with it, if not otherwise provided for by the Personal Data Law or other Federal Laws.

2.2. The Operator is obliged to:

– provide information concerning personal data processing to the Personal Data Subject upon request;

– arrange personal data processing according to procedure established by the Russian legislation in force;

– respond to appeals and requests of Personal Data Subjects and their legal representatives according to the provisions of the Personal Data Law.

– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, change, blocking, copying, provision, distribution of personal data, as well as other illegal actions in respect of personal data;

– terminate the transmission (distribution, provision, access) of personal data, terminate the processing and destroy the personal data according to procedure and in cases provided by the Personal Data Law;

3. Key Rights and Obligations of Personal Data Subjects

3.1. Personal Data Subjects are entitled to:

– obtain information regarding the processing of their personal data, with the exception of cases provided for by federal laws.

– set forth the condition of prior consent to personal data processing for the purpose of promotion on the market of goods, works and services;

– withdraw consent to personal data processing;

3.2. Personal data subjects are obliged to:

– provide reliable personal details to the Operator;

– notify the Operator on clarification (update, change) of their personal data.

4. Transmission (Distribution, Provision, Access)

Transmission of personal data, permitted by the Personal Data Subject for distribution, must be terminated anytime upon request of the Personal Data Subject.

5. Consent to the Processing of Personal Data

Consent to the processing of personal data permitted for distribution shall cease to be effective from the moment when the Operator receives the demand specified in cl. 5.14.3 of this Privacy Policy.

6. Principles for Personal Data Processing

6.1. Personal Data Processing takes place on a legal and fair basis.

6.2. Personal Data Processing is restricted by the achievement of specific and legal purposes set in advance. It is prohibited to carry out Personal Data Processing which is not compliant with the purposes.

6.3. Only personal data that meets the purposes of their processing are subject to processing.

6.4. The content and volume of personal data processed correspond to the stated purposes of processing. Excessive amounts of personal data processed in relation to the stated purposes of their processing are not allowed.

7. Personal Data Subject

The personal data subject makes independent decisions on providing their personal data and gives their consent freely, voluntarily and in their interests.

8. Terms of Personal Data Processing

8.1. Personal Data Processing shall be carried out upon consent to the processing of personal data given by the Personal Data Subject.

9. Procedure for Collection, Storage, Transmission and Other Types of Personal Data Processing

9.1 The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.

9.2. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, expiration of consent given by Personal Data Subject or withdrawal of consent given by Personal Data Subject, as well as detection of unlawful personal data processing.

10. List of Actions Executed by the Operator with Obtained Personal Data

10.1. The operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transmits (distributes, provides, accesses), depersonalizes, blocks, deletes and destroys personal data.

11. Confidentiality of Personal Data

The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the Personal Data Subject, unless otherwise provided by federal law.