Privacy policy and conditions for the processing of personal data

Edition 1.0

TERMS AND DEFINITIONS

  1. Automated processing of personal data - processing of personal data using computer technology.

  2. Beneficial owner - an individual who directly or indirectly owns more than twenty-five percent of the shares in the authorized capital or placed (minus preferred and redeemed by the company) shares of the counterparty-legal entity, as well as an individual who otherwise exercises control over the counterparty, or in in whose interests the counterparty performs operations with money and (or) other property.

  3. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

  4. Customer - means an individual who buys or has bought goods and / or services of the Seller.

  5. Counterparty - any individual or legal entity with which the PS enters into business relations both on the basis of an agreement and due to actual circumstances ( including , but not limited to , under the Accession Agreement on the PS website).

  6. Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools, with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, as well as the implementation of any other actions in accordance with applicable law. Payment System (hereinafter abbreviated as PS) – 1Payment, carries out the processing of personal data.

  7. Personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data). The personal data processed by the PS include: • surname, name, patronymic of the subject of personal data; • place residence ( region / city ); • specialty / area professional interests ; • number mobile phone ; • e-mail address ( e - mail ); • history of requests and views on the Site and its services (for visitors to the PS Site); • other information (the above list may be reduced or expanded depending on the specific case and the purposes of processing).

  8. Seller - recipient of funds - a legal entity or an individual entrepreneur receiving funds from the Client for goods sold (work performed, services rendered), including via the Internet.

  9. PS Website - means the PS website available at https://1Payment.com, excluding any external resources, references to which may be contained on the website in the form of hyperlinks or in any other form.

  10. Employees - individuals - employees of the PS, who are such both on the basis of employment contracts and as a result of actually established civil labor relations, including the head and members of the PS management bodies. The subject of personal data (hereinafter, abbreviated as the Subject) is an individual, individual entrepreneur, representative, beneficial owner of a legal entity who has concluded a civil law contract with the PS in accordance with the types of activities carried out by the PS; PS employees and employees of PS counterparties; Clients of the Sellers who directly or indirectly use the PS services and provide their personal data to the PS in the process of purchasing goods, works, services of the Seller, visitors and users of the PS website. Other specific terms and abbreviations used in the text of the Policy are used in accordance with the meaning enshrined in the Accession Agreement posted on the PS website, and in their absence in the specified

  11. Agreement - in accordance with the meaning adopted in international law.

I. GENERAL PROVISIONS

  1. 1.1. This Privacy Policy and the conditions for the processing of personal data (hereinafter referred to as the Policy) defines the PS policy regarding the methods of collecting, processing, protecting and storing information about personal data subjects, which the PS and / or its counterparties can receive and process in the course of their activities.

  2. 1.2. This Policy applies to all PS processes within which personal data is received and processed, both with the use of automation tools, including in information and telecommunication networks, and without the use of such tools.

  3. 1.3. The use of the site, PS services means the consent of the subject of personal data with this Policy and the conditions for processing his personal data specified therein.

  4. 1.4. In case of disagreement with the terms of the Policy, you must stop using the site and services of the PS.

  5. 1.5. Collection, processing, storage, clarification (updating, changing), retrieval, etc. personal data is carried out in strict accordance with the requirements of the current legislation of the country whose citizens' data is received and processed by the PS.

  6. 1.6. Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life, PS is not carried out.

  7. 1.7. There is no cross-border transfer of personal data of the PS.

  8. 1.8. The processing of personal data of the PS is carried out in the following ways: • manual treatment personal data ; • automated processing of personal data with or without transmission of the received information via information and telecommunication networks; • mixed treatment personal data .

  9. 1.9. The Policy is valid indefinitely until replaced by a new Policy. The Policy may be amended at any time, the current version is posted on the PS website. The new version of the Policy will be valid from the moment it is published on the PS website.

II . PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA

  1. 2.1. The PS processes only those personal data that are necessary for:

  2. • conclusion of any contracts with the subjects of personal data and their further execution;

  3. • conducting activities of PS ;

  4. • control and improvement of the quality of PS services and services, including those offered on the PS Website

  5. • providing personal data subjects with services and services of the PS, as well as information on the development of the PS of new products and services, including advertising;

  6. • feedback with the subjects of personal data, including the processing of their requests and requests, informing about the work of the PS Site;

  7. • prevention of money laundering and terrorist financing activities by complying with the requirements of international and national legislation and the PS Policy on Combating Money Laundering and “Know Your Customer” posted on the PS website; • prevention of fraud, corruption and other illegal activities;

  8. • conducting personnel work and organizing accounting of PS Employees, regulating labor and other relations directly related to them;

  9. • attraction and selection of candidates for work in PS; • formation of the necessary reporting;

  10. • in order to comply with the requirements of the current legislation of the country whose data is received, processed and stored by the PS.

  11. 2.2. The PS processes personal data of the following categories of personal data subjects: • individuals, customers, users and visitors of the PS website ; • beneficial owners of the legal entity-Seller or other counterparty of the PS with which it has concluded a civil law contract; • PS employees; • individuals who are employees of PS counterparties.

  12. 2.3. The purposes of processing personal data of the PS are: • accounting and interaction with clients and counterparties of PS; • prevention of money laundering and terrorist financing activities • prevention of fraud, corruption and other illegal activities; • implementation of monetary transactions with counterparties; • providing information support to customers, users of the PS website; • coordination and accounting of contracts with counterparties of the PS; • conducting personnel records management and cash settlements with Employees; • data exchange between PS Employees; • authentication of Employees when working with corporate resources.

III . Conditions for the transfer and processing of personal data

  1. 3.1. When organizing the processing of personal data of the PS, the following principles and conditions are observed: • the processing of personal data is carried out on a legal and fair basis; • the processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes; • it is not allowed to combine databases containing personal data; • only those personal data that meet the purposes of their processing are subject to processing; • when processing personal data, the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing personal data are ensured; • the content and scope of the processed personal data correspond to the stated purposes of processing; • personal data is subject to destruction or depersonalization upon achievement of the purposes of processing or in case of loss of the need to achieve these purposes.

  2. 3.2. The processing of personal data is carried out by the PS subject to obtaining the consent of the subject of personal data (hereinafter referred to as the Consent), with the exception of cases established by law when the processing of personal data can be carried out without such Consent.

  3. 3.3. The subject of personal data decides to provide his personal data and gives Consent freely, of his own free will and in his own interest.

  4. 3.4. Consent is given in any form that allows you to confirm the fact of its receipt.

  5. 3.5. The PS in its activities proceeds from the fact that the subject of personal data provides accurate and reliable information and, during interaction with the PS, notifies the representatives of the PS about changes in their personal data.

  6. 3.6. With regard to the personal data of the subject, their confidentiality is ensured. The transfer of personal data to third parties to fulfill contractual obligations is carried out only with the consent of the subject of personal data. In the event of a reorganization, sale or other transfer of the business (in whole or in part) of the PS, all obligations to comply with the terms of this Policy in relation to the personal data received by it are transferred to the acquirer.

  7. 3.7. The PS may entrust the processing of personal data to another person if the following conditions are met: • the consent of the subject has been obtained to entrust the processing of personal data to another person; • the order for the processing of personal data is carried out on the basis of an agreement concluded with this person; • a person who processes personal data on behalf of the PS is obliged to comply with the principles and rules for the processing of personal data and is liable to the PS. The PS is responsible to the subject of personal data for the actions of the authorized person to whom the PS entrusted the processing of personal data.

IV . RIGHTS OF THE SUBJECT TO ACCESS AND CHANGE HIS PERSONAL DATA

  1. 4.1. The subject can view and edit his personal information in his account at any time. To do this, he needs to log in to the site. PS.

  2. 4.2. To ensure compliance with the rights of personal data subjects established by law, the PS has developed and introduced a procedure for working with appeals and requests from personal data subjects, providing personal data subjects with information established by law.

  3. 4.3. This procedure ensures compliance with the following rights of PS subjects:

  4. 4.3.1. the right to receive information regarding the processing of his personal data, incl . containing: • confirmation of the fact of personal data processing; • legal grounds and purposes of personal data processing; • information and methods of personal data processing applied by the PS; • the name and location of the PS, information about persons (with the exception of PS Employees) who have access to personal data or to whom may be disclosed on the basis of an agreement with the PS or on the basis of applicable law; • terms of processing and storage of personal data; • the rights of the subject; • o information about the completed or proposed cross-border data transfer; • the name or surname, name, patronymic and address of the person who processes personal data on behalf of the PS, if the processing is or will be entrusted to such a person; • other information provided for by the current legislation of the country whose citizens' data is received and processed by the PS.

  5. 4.3.2. The right to clarify, block or destroy your personal data that is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purposes of processing. 4.3.3. If the request of the subject of personal data does not contain all the necessary information or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.

  6. 4.4. The subject at any time has the right to send a written application to the PS about the termination of processing (withdraw consent to processing). At the same time, the Subject acknowledges and agrees that from the moment the application for termination of processing (withdrawal of consent to processing) is sent, the use of the services, the PS website becomes impossible or the possibilities of such use are limited.

  7. 4.5. Persons who provided the PS with false information about themselves, or information about another subject of personal data without the consent of the latter, are liable in accordance with applicable law.

V. RESPONSIBILITIES OF THE PS

  1. 4.1. PS must:

  2. • carry out the processing of personal data in compliance with the principles and rules provided for by the current legislation of the country of the subject. Incl . The PS ensures the recording, systematization, accumulation, storage, clarification (updating, changing), extraction, destruction of personal data of citizens of Canada using databases located on the territory of Canada, unless otherwise provided by the requirements of the legislation of Canada;

  3. • not disclose to third parties and not distribute personal data without the consent of the subject of personal data, unless otherwise provided by the current legislation of the country of the subject;

  4. • provide proof of obtaining the consent of the subject of personal data to the processing of his personal data or proof of the existence of grounds according to which such consent is not required;

  5. • in cases provided for by the current legislation of the country of the subject, to process personal data only with the consent in writing of the subject of personal data;

  6. • provide the subject of personal data, at his request, with information related to the processing of his personal data, or, on legal grounds, refuse to provide this information and give a reasoned response in writing, within a period not exceeding thirty days from the date of the request of the subject of personal data or his representative, or from the date of receipt of the request of the subject of personal data or his representative;

  7. • if the provision of personal data is mandatory, explain to the subject of personal data the legal consequences of refusal to provide his personal data;

  8. • take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data. A description of the measures taken is given in Section 6 of this Policy;

  9. • at the request of the subject of personal data, make changes to the processed personal data, or destroy them, if the personal data is incomplete, inaccurate, outdated, illegally obtained or not necessary for the stated purpose of processing within a period not exceeding 7 working days from the date of submission by the subject of personal data or his representative of information confirming the specified facts, as well as notify the subject of personal data or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the personal data of this subject were transferred;

  10. • organize the accounting of appeals and requests of personal data subjects;

  11. • notify the subject of personal data about the processing of personal data in the event that personal data was not received from the subject of personal data. The following cases are an exception:

  12. • the subject of personal data is notified of the processing of his personal data by the PS;

  13. • to which the subject of personal data is a party or beneficiary or guarantor ;

  14. • personal data is made publicly available by the subject of personal data or obtained from a publicly available source;

  15. • The PS processes personal data for statistical or other research purposes, for the professional activities of a journalist or for scientific, literary or other creative activities, if the rights and legitimate interests of the subject of personal data are not violated;

  16. • providing the subject of personal data with the information contained in the notification on the processing of personal data violates the rights and legitimate interests of third parties.

  17. • in case of unlawful processing of personal data or inaccurate personal data, eliminate the identified violations;

  18. • in case of achieving the goals of processing personal data, immediately stop processing personal data and destroy the relevant personal data within a period not exceeding thirty days from the date of achieving the goal of processing personal data, unless otherwise provided by an agreement to which the subject of personal data is a party, beneficiary or guarantor , another agreement between the PS and the subject of personal data, or if the PS is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by the current legislation of the country of the subject;

  19. • in the event that the subject withdraws consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by an agreement between the PS and the subject of personal data. The PS is obliged to notify the subject of personal data about the destruction of personal data;

  20. • in the event of a request from the subject to stop processing personal data in order to promote goods, works, services on the market, immediately stop processing personal data.

VI . MEASURES APPLIED TO PROTECT THE PERSONAL DATA OF SUBJECTS

  1. 6.1. The PS takes the necessary and sufficient organizational and technical measures to protect the personal data of subjects from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties with it.

  2. 6.2. The PS applies the following methods and ways to ensure the security of personal data:

  3. ◦ threats to the security of personal data during their processing in personal data information systems are identified;

  4. ◦ organizational and technical measures are taken to ensure the security of personal data during their processing in personal data information systems, necessary to fulfill the requirements for the protection of personal data;

  5. ◦ passed in the prescribed manner the procedure for assessing the conformity of the means of information protection;

  6. ◦ an assessment was made of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

  7. ◦ records of machine carriers of personal data are kept;

  8. ◦ Organized detection of facts of unauthorized access to personal data and taking action on identified violations;

  9. ◦ restoration of personal data modified or destroyed due to unauthorized access to them;

  10. ◦ rules for access to personal data processed in personal data information systems are established, as well as registration and accounting of all actions performed with personal data in personal action information systems;

  11. ◦ control over the measures taken to ensure the security of personal data and control over the level of protection of personal data processed in personal data information systems.

VII. Use of Cookies

  1. 7.1. a user accesses a website, we or companies hired to track the use of the website may place small data files called " cookies " on the user's computer .

  2. 7.2. The PS sends a "session cookie " to the subject's computer when the subject logs in to their account. This file helps to recognize the subject if he visits several pages on the UA site during one session, so the UA does not need to ask him for a password on each page. After you log out of the browser or close the browser, this cookie will expire and no longer have any effect.

  3. 7.3. The IP also uses longer lasting cookies for other purposes, such as displaying the subject's email address on the login form of the IP, so that the subject does not have to enter a new email address each time they log into their account.

  4. 7.4. The PS encodes subject cookies so that only the PS can interpret the information stored in them. The subject may refuse cookies of the PS if allowed by his browser, but this may interfere with the use of the PS site. The PS may also collect information about the subject's computer or other access device to reduce risk and prevent fraud.

VIII. Contact Information

  1. For all questions regarding this Policy, please contact using the email address: info@1payment.com