Personal data processing policy
1. General provisions
1.1. This personal data processing policy (hereinafter - the "Policy") has been adopted by Enex Limited Liability Company (12A, Tsyolkovskogo str., Penza, Russian Federation, 440028; OGRN (Primary State Registration Number) 1195835004540, INN (Taxpayer Identification Number) 5835131764) (hereinafter – the "Company"). The Policy applies to any personal data within the meaning of applicable law that the Company may obtain through the website https://enex.market/en/.
1.2. This Policy has been adopted by the Company in accordance with the requirements of the Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data". When processing personal data obtained through the website https://enex.market/en/ from citizens of the European Union, the Company complies with the requirements of the General Data Protection Regulation (GDPR) of the European Union. According to GDPR, the Company is a controller.
1.3. Terms used in the Policy:
Platform - the website https://enex.market/en/, including all levels of this domain.
Personal Data - any information relating directly or indirectly to the identified or identifiable User of the website https://enex.market/en/.
Personal Data Processing - any action (operation) or a set of actions (operations) performed by the Company with the personal data obtained, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Confidentiality of Personal Data – a mandatory requirement for the Company or other person having access to personal data to prevent its dissemination without the consent of the personal data subject (User) or the presence of other legal grounds.
Product – inventory items, information about which is presented on the Platform.
Order – a Buyer's request made on the Platform for the purchase of the selected Product, as well as a request for the provision of services for the organization of delivery of such a Product.
User – an individual who has access to the Platform via the Internet and uses the Platform's services.
The User can be:
- a person who is registered on the Platform as a buyer;
- a person who is indicated as a Representative of a legal entity or an individual entrepreneur when registering on the Platform;
- a person who is not registered and (or) not authorized on the Platform, but who uses the Platform's services.
Representative – an individual whose data is indicated when registering a legal entity or an individual entrepreneur on the Platform in order to organize interaction (feedback) with such a legal entity/an individual entrepreneur.
Cookies – a small piece of data sent by the web server and stored on the User's computer, which the web client or web browser sends to the web server in an HTTP request each time when trying to open a Platform page.
IP address – a unique network address of a node in a computer network built using the IP protocol.
1.4. The Policy sets out the principles of personal data processing by the Company, the Company's obligations when processing personal data, the purposes and grounds for the personal data collection by the Company, the categories of personal data processed by the Company, the procedure and conditions for the personal data processing, as well as measures to ensure the confidentiality of personal data.
1.5. The Policy is publicly available on the Platform.
1.6. The Policy's provisions are observed by the Company, including its employees, as well as affiliates.
1.7. By registering on the Platform or using the Platform's services that allow collecting the personal data, the User consents to the processing of his/her personal data in the manner and under the terms and conditions described in this Policy and stipulated by the applicable law.
1.8. The Platform use means the User's unconditional consent to the provisions of this Policy. If the User does not agree with the provisions of this Policy, he/she shall refrain from using the Platform.
2. Factual and legal grounds for the personal data processing by the Company
2.1. The actual basis for the personal data processing by the Company is the Company's business activities, including the provision of intermediary and information services through the Platform, as well as any other commercial and non-commercial interaction of the Company with legal entities and individuals, state and municipal authorities.
2.2. The legal grounds for the personal data processing by the Company are the provisions of the Constitution of the Russian Federation, the Civil Code, the Federal Law No. 59-FZ dated 02.05.2006 "On the Procedure for Considering Appeals of Citizens of the Russian Federation", and other acts of applicable legislation.
3. The Company's personal data processing principles
3.1. The personal data processing is carried out exclusively with the User's consent.
3.2. When processing personal data, the Company complies with the requirements of applicable legislation.
3.3. The personal data may be processed only for the purposes specified in this Policy. These goals shall be described clearly and concretely.
3.4. Only those personal data meeting the purposes defined in this Policy are subject to processing. The processing of personal data incompatible with the specified purposes is not allowed.
3.5. Personal data is not disclosed to third parties and is not distributed without the User's consent, except for the cases stipulated by the applicable law.
3.6. The personal data processed shall be accurate and reliable.
3.7. The Company processes personal data in a manner that properly ensures its confidentiality and helps prevent its damage, loss or destruction.
3.8. The principles provided for by the current legislation regarding the personal data processing, but not specified in this Policy, are subject to compliance by the Company.
4. Purposes of the personal data processing by the Company
4.1. The Company processes the Users' personal data for the following purposes:
4.1.1. to create a User account on the Platform and to provide the User with access to the personal account and other Platform services that require identification;
4.1.2. to conclude contracts with the Users on the Platform and to perform such contracts;
4.1.3. to organize information interaction between the Users and the Company, including feedback, clarification of order execution details, distribution of information materials;
4.1.4. to organize information interaction between the Users, as well as to clarify the features and properties of the Goods from the manufacturers, to send a request to the manufacturers for the purchase of Goods;
4.1.5. to identify the Users in bonus and loyalty programs available on the Platform;
4.1.6. to fulfill the conditions of bonus and loyalty programs available on the Platform;
4.1.7. to provide the Users with information and advertising materials (with the Users' consent);
4.1.8. to confirm the accuracy and completeness of personal data provided by the Users;
4.1.9. to conduct static and other studies aimed at improving the Platform's operation (such studies are conducted on the basis of depersonalized data);
4.1.10. to provide the Users with the client and technical support in case of problems related to the Platform use.
5. Personal data processed by the Company
5.1. The Company may receive the following personal data from the Users who register/log in to the Platform as buyers: surname, first name, patronymic, phone number, email address, country of location, delivery address, electronic data (IP address, cookies, access time to the Platform).
5.2. The Company may collect the following personal data of the Representatives: surname, first name, patronymic, phone number, email address, electronic data (IP address, cookies, access time to the Platform).
5.3. The Company may receive the following personal data from the unregistered/unauthorized Users:
· email address (if the User subscribes to the Platform's newsletter);
· first name and phone number (if the User orders a callback);
· electronic data (IP address, cookies, access time to the Platform).
5.4. The Company does not process personal data related to race, nationality, political views, religious, philosophical and other beliefs, health status, personal life, membership in public associations, including trade unions, biometric data.
5.5. When paying for Orders using bank cards, all transactions take place on the banks' side using the special protected modes. No confidential information about bank cards, except for notification of the payment made, is transmitted to the Company.
6. The Company's policy regarding cookies.
6.2. Cookies are used to facilitate the Platform use: to optimize and personalize the ways of providing services, to analyze and research services in order to improve them, as well as to display advertising.
6.3. The platform uses two types of cookies – "session cookies" and "persistent cookies". Session cookies are temporary files that remain on the device until the User leaves the Platform. Persistent cookies remain on the device for a long time or until the User manually deletes them (the time during which the cookie file remains on the User's device depends on the duration or "expiration date" of a particular file).
6.4. Disabling cookies may result in the inability to access some of the Platform's services.
6.5. The Users can control browsers by configuring them to reject certain types of cookies or to show when cookies are sent.
7. Conditions, procedure and terms of the personal data processing
7.1. Before starting the User's personal data processing, the Company takes the necessary measures to familiarize the User with this Policy and obtain the User's consent to the processing of his/her personal data in accordance with the terms and conditions of the Policy.
7.2. The User's consent to the processing of his/her personal data received by the Company when registering the User on the Platform means the User's consent to the processing of his/her personal data under the terms and conditions of the Policy in the future when using the Platform's services.
7.3. The Company assumes that by registering on the Platform as a Representative, the User transfers his/her own personal data to the Company. If, when entering data in relation to a Representative, the User transfers personal data to a third party, the User shall independently obtain consent from this person to transfer his/her personal data to the Company and process them in accordance with the terms and conditions of this Policy.
7.4. The personal data processing is carried out by the Company both with and without the use of automation tools. The totality of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, as well as destruction of personal data.
7.5. Confidentiality is maintained with respect to personal data throughout the entire period of its processing. The Company ensures the personal data protection from unauthorized access and does not allow its dissemination, except for the following cases:
- the personal data transfer is expressly stipulated by law (for example, personal data shall be provided at the request of authorized authorities);
- personal data is made publicly available by the User;
- personal data was transferred to third parties with the User's consent, in cases, in the manner and under the terms and conditions stipulated in this Policy.
7.6. In order to fulfill the Order, the Company has the right to transfer the User's personal data to the seller from whom the User ordered the Product, as well as to delivery, courier services, postal organizations. The personal data is transferred to the extent necessary to fulfill the Order.
7.7. The Company does not verify the accuracy of the personal data provided by Users. At the same time, the Company assumes that the Users provide reliable and sufficient personal data, as well as update them in a timely manner.
7.8. The Company does not process personal data of minors. If the Company receives the personal data of a minor, the Company will immediately take measures to destroy it.
7.9. The terms of personal data processing (storage) are determined based on the purposes of the personal data processing, unless another period of processing (storage) is established by the applicable law. The personal data processed is subject to destruction upon achievement of the processing purposes or in case of loss of the need to achieve these purposes.
7.10. Unless otherwise required by law or agreement with the User, emails and documents that the User stores in the Platform's systems (services) will be stored as long as the User has an account on the Platform (the User can delete the specified documents and emails at any time).
8. Personal data protection
8.1. When processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unlawful and (or) unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data.
8.2. In particular, such measures include:
8.2.1. the appointment of a person responsible for organizing the personal data processing, and a person responsible for ensuring data security;
8.2.2. development and approval of local acts on the personal data processing and protection;
8.2.3. application of legal, organizational and technical measures to ensure the personal data security;
8.2.4. control over the measures taken to ensure the personal data security and the level of security of the personal data information systems;
8.2.5. compliance with the conditions that exclude unauthorized access to material carriers of personal data and ensure the personal data safety;
8.2.6. familiarization of the Company's employees directly engaged in the personal data processing with the provisions of the legislation on personal data, including the requirements for the protection of personal data, local acts on the processing and protection of personal data, and training of the Company's employees.
8.3. Cross-border transfer of the Users' personal data is not allowed.
9. The Users' basic rights in connection with the processing of their personal data by the Company
9.1. The User has the right to receive information concerning the processing of his/her personal data, including: confirmation of the fact of the personal data processing by the Company; legal grounds and purposes of the personal data processing; methods of the personal data processing; name and location of the Company, information about persons having access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Company; list of processed personal data related to the relevant User; terms of the personal data processing, including the terms of their storage; other information stipulated by law.
9.2. The User has the right to require the Company to clarify his/her personal data, block or destroy it, if the personal data is outdated, inaccurate, illegally obtained, or is not necessary for the stated processing purpose.
9.3. The User has the right to withdraw his/her consent to the data processing at any time.
9.4. The User has the right to exercise other rights stipulated by the legislation.
10. Basic rights and obligations of the Company
10.1. The Company shall:
10.1.1. prior to the personal data processing, familiarize the Users with the provisions of this Policy;
10.1.2. in case of refusal to provide personal data, explain to the User the consequences of such refusal;
10.1.3. at the User's request, clarify, block or delete the personal data processed, if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated processing purpose, within a period not exceeding seven business days from the receipt date of the relevant User's request;
10.1.4. provide unrestricted access to this Policy by publishing the current version of the Policy on the Platform;
10.1.5. take the necessary measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with respect to personal data;
10.1.6. if the purpose of the personal data processing is achieved, immediately terminate the personal data processing and destroy the relevant personal data, unless otherwise provided by agreement between the User and the Company or the requirements of the law;
10.1.7. if the User withdraws his/her consent to the processing of his/her personal data, stop processing personal data and destroy it within a period not exceeding thirty days from the receipt date of the said notification of withdrawal. The Company shall notify the User of the personal data destruction;
10.1.8. give answers to the User's requests.
10.2. The Company shall have the right to:
· receive reliable information and/or documents containing personal data from the User;
· if the User withdraws consent to the personal data processing, the Company has the right to continue the personal data processing without the consent of the personal data subject, if there are grounds specified in the Law "On Personal Data";
· independently determine the composition and a list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by law.
11.1. In case of non-fulfillment of obligations stipulated by the Policy, the Company shall be liable for losses incurred by the User in connection with the misuse of personal data, in accordance with the legislation of the Russian Federation.
11.2. If the User transfers personal data of third parties to the Company without obtaining the appropriate permission, the User shall be responsible for such actions.
11.3. If the User provides false personal data, he/she shall bear the risk of adverse consequences resulting from the provision of false data.
12. The procedure for obtaining clarifications on the personal data processing
12.1. The User can send requests on the personal data processing. Mailing address for sending requests: 12A, Tsyolkovskogo str., Penza, Russian Federation, 440028; email address for sending requests: email@example.com.
13. Policy change, additional provisions
13.1. The Policy is valid indefinitely until it is replaced by a new version. The Company has the right to make changes to the Policy at any time. The new version of the Policy is posted on the Platform and comes into force from the moment of such posting.
13.2. The Company recommends that Users monitor the Policy changes by reviewing its current version. If significant changes are made to the Policy, the Company may organize an appropriate newsletter to the Users.
13.3. In everything else that is not directly reflected in this Policy, the Company shall be guided by the norms of applicable legislation.