Log in

Privacy Policy of visitors' personal data

1. General Provisions

1.1. This Privacy Policy establishes the procedure for collecting, protecting, storing, processing, and transferring the personal data of website and mobile application users. It applies to all information that the website and mobile application administration may receive about users while they use the Website and the Mobile Application. This Privacy Policy does not apply to other websites and does not govern third-party websites. The website administration is not responsible for third-party websites that users may access through links available on the website.

1.2. The following terms are used in this Privacy Policy:

Website and mobile application administration means employees of KVELL LLC authorized to manage the Website and the Mobile Application, determine the composition of users' personal data, the purposes of collecting personal data, and the processing and storage of such data.

Personal data means a user's full name, email, phone number, address, as well as any other information provided by the website and mobile application user relating to a directly or indirectly identified or identifiable natural person (personal data subject), which by itself or in combination with other information available to the Website and the mobile application makes it possible to identify the user's identity.

Data transmitted automatically depending on software settings includes information such as the user's full name, email, phone number, and address.

All data specified by the user when using the Website and the mobile application is deemed data made available for dissemination unless the user explicitly indicates otherwise in the settings of the Website and the mobile application.

Users' personal data on the website and mobile application is confidential information and may not be used by the website and mobile application administration or any other person for personal purposes.

Website user means an individual (visitor of the Website and the mobile application) who voluntarily provides the necessary personal data when registering or using the functions of the Website and the mobile application.

Website and Mobile Application: https://kvell.group or https://kvell.ru and all their subdomains.

1.3. The purposes of processing users' personal data on the website and mobile application are: identifying user actions on the Website and in the mobile application, interacting with the user in connection with use of the Website and the mobile application, analyzing and optimizing the operation of the Website and the mobile application based on user actions, offering third-party services to the user, and corresponding with the user in cases where the user submits a request requiring a response. Data provided by the user in different sections of the Website and the mobile application may also be processed for the purposes specified in the rules governing those sections of the Website and the mobile application.

1.4. The website and mobile application administration provides users with free access to their personal data, including the right to obtain copies of any record containing their personal data, except in cases provided for by applicable law.

1.5. The website and mobile application administration develops measures to protect the personal data of website and mobile application users.

2. Storage, Processing, and Transfer of Personal Data of Website and Mobile Application Users

2.1. Users' personal data on the website and mobile application is processed solely for the purposes specified in clause 1.3 of this Privacy Policy.

2.2. Users' personal data is stored electronically in the personal data information system of the website and mobile application, as well as in archived database backups of the website and mobile application. When storing users' personal data, organizational and technical measures are observed to ensure its safety and prevent unauthorized access. Only authorized employees of the website and mobile application administration who are admitted to work with users' personal data may access such data.

2.3. Personal data on the website and in the mobile application is processed by automated means.

2.4. The website and mobile application administration may transfer users' personal data to third parties only if this is necessary to prevent threats to their life and health, as well as in cases established by law.

2.5. The website and mobile application administration must provide users' personal data only to authorized persons and only to the extent necessary for them to perform their job duties, in accordance with this Privacy Policy and the laws of the Russian Federation.

2.6. When transferring users' personal data, the website and mobile application administration warns recipients that this data may be used only for the purposes for which it was disclosed and requires written confirmation from those recipients that this condition will be observed.

2.7. Consent to the processing of personal data permitted by the personal data subject for dissemination is formalized separately from other consents to process that subject's personal data. The operator must ensure that the personal data subject can determine the list of personal data for each category of personal data specified in the consent to processing personal data permitted for dissemination.

2.8. In consent to the processing of personal data permitted for dissemination, the personal data subject may establish prohibitions on the transfer (except granting access to) such personal data by the operator to an unlimited circle of persons, as well as prohibitions on processing or conditions for processing (except obtaining access to) such personal data by an unlimited circle of persons. By providing the website and mobile application administration with their data, including personal data, the user thereby consents to the dissemination of such data unless the user separately specifies at the time of submission that the data is not provided for dissemination.

2.9. Transfer (dissemination, provision, access) of personal data permitted by the personal data subject for dissemination must be terminated at any time upon the subject's request. The personal data specified in such a request may thereafter be processed only by the operator.

2.10. Other rights, obligations, and actions of the website and mobile application administration responsible for processing users' personal data are determined by the employer.

2.11. All information about the transfer of users' personal data is recorded to monitor the lawfulness of use of such information by the persons who received it.

2.12. In order to improve service quality and ensure the possibility of legal protection, the website and mobile application administration may store log files of actions performed by users while using the Website and the mobile application.

3. Rights and Obligations of the Website and Mobile Application Administration

3.1. The website and mobile application administration has the right to establish requirements for the composition of users' personal data that must be provided in order to use the Website and the mobile application.

3.2. The website and mobile application administration does not verify the accuracy of personal data provided by users, assuming that users act in good faith and keep their personal data up to date.

3.3. The website and mobile application administration is not responsible for users' voluntary transfer of their contact details, password, or login to third parties.

3.4. The website and mobile application administration may not request or process users' personal data relating to their political, religious, or other beliefs and private life.

3.5. The website and mobile application administration must, at its own expense, ensure protection of users' personal data from unlawful use or loss in accordance with the laws of the Russian Federation.

3.6. The website and mobile application administration independently determines the composition and list of measures necessary and sufficient to fulfill obligations established by law. Such measures may include, in particular:

1) appointing a person responsible for organizing personal data processing;

2) issuing documents defining the policy on personal data processing, local regulations on personal data processing issues, and local regulations establishing procedures aimed at preventing and detecting violations of Russian Federation law and eliminating the consequences of such violations;

3) applying legal, organizational, and technical measures to ensure the security of personal data;

4) conducting internal control and/or audits of compliance of personal data processing with the law, personal data protection requirements, and this policy;

5) assessing the harm that may be caused to personal data subjects in the event of a legal violation, and correlating that harm with the measures taken by the website to ensure fulfillment of obligations established by law;

6) familiarizing employees directly involved in personal data processing with the provisions of Russian Federation law on personal data, including personal data protection requirements, documents defining the Website and mobile application's policy regarding personal data processing, local regulations on personal data processing issues, and/or training such employees.

4. Users' Rights to Protect Their Personal Data

4.1. In order to protect their personal data stored on the website and in the mobile application, users have the right to:

— receive complete information about their personal data and its processing, storage, and transfer;

— appoint representatives to protect their personal data;

— demand deletion or correction of inaccurate or incomplete personal data, as well as data processed in violation of this Policy and the laws of the Russian Federation;

— require the website and mobile application administration to notify all persons to whom inaccurate or incomplete personal data of users had previously been disclosed about any deletions, corrections, or additions made thereto.

If the website and mobile application administration refuses to delete or correct users' personal data, users may submit to the website administration a written statement of disagreement with appropriate justification.

4.2. Users have the right to independently limit the collection of information by third parties by using the standard privacy settings of the internet browser they use to work with the website, and may at any time change, delete, or supplement the personal data they have provided.

4.3. If users believe that processing of their personal data is carried out in violation of legal requirements or otherwise violates their rights and freedoms, they may appeal actions or omissions of the website and mobile application administration to the authorized body for protection of personal data subjects' rights or in court.

4.4. Users may at any time independently edit in their personal account the personal data they provided during registration or authorization.

5. Procedure for Destruction and Blocking of Personal Data

5.1. If inaccurate personal data is discovered upon a user's request, the website and mobile application administration must block personal data relating to those users from the moment of such request for the duration of the verification period, provided that such blocking does not violate the rights and legitimate interests of the users or third parties.

5.2. If the inaccuracy of personal data is confirmed, the website and mobile application administration, based on information provided by users or other necessary documents, must update the personal data within 30 business days from the date such information is provided and lift the block on the personal data.

5.3. If unlawful processing of personal data by the website and mobile application is discovered, the website and mobile application administration must terminate such unlawful processing within 30 business days from the date of discovery.

5.4. If it is impossible to ensure lawful processing of personal data, the website and mobile application administration must destroy such personal data within 30 business days from the date unlawful processing is discovered.

5.5. The website and mobile application administration must notify users of the elimination of violations or destruction of personal data.

5.6. If the purpose of personal data processing has been achieved, the website and mobile application administration must terminate processing of personal data and destroy the personal data within 30 days from the date the purpose of processing was achieved.

5.7. If users withdraw consent to the processing of their personal data, the website and mobile application administration must stop processing it and, if retaining the personal data is no longer required for the purposes of processing, destroy the personal data within 30 days from the date the withdrawal is received.

5.8. If it is impossible to destroy personal data within the period specified in clauses 5.3–5.7 of this Privacy Policy, the website and mobile application administration blocks such personal data and ensures its destruction within no more than 12 months, unless a different period is established by federal law.

6. Changes to the Privacy Policy

6.1. This Privacy Policy may be amended or terminated by the website and mobile application administration unilaterally without prior notice to the user. The new version of the Privacy Policy takes effect from the moment it is posted on the website and in the mobile application.

6.2. The current version of the Privacy Policy is available on the website and in the mobile application on the Internet at: https://kvell.group/privacy-policy.