(revised on 15.08.2019)
1. General Provisions
1.2. This Policy was adopted by the Company in accordance with the requirements of the Federal Law No. 152-FZ “On personal data” dated July 27, 2006. When processing personal data obtained through the website https://enex.market/ from citizens of the European Union, the Company complies with the requirements of the General Data Protection Regulation (GDPR) of the European Union. In terms of GDPR, the Company acts as the controller.
1.3. Terms used in the Policy:
“Platform” means the website https://enex.market/, including all levels of this domain.
“Processing of personal data” means any action (operation) or a set of actions (operations) performed by the Company with the obtained personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
“Privacy of personal data” means a binding requirement for the Company or another person who has gained access to personal data to comply with the requirement not to allow dissemination of data without the consent of the personal data subject (User) or presence of other legal grounds.
“Goods” means inventory items, information about which is presented on the Platform and intended for sale through the Platform.
“Order” means a request for the purchase of the Goods selected on the Platform, executed through the functions of the Platform, including a request for the purchase of services for organizing the delivery of the Goods.
“User” means an individual who has access to the Platform through the Internet and uses the services of the Platform.
The user may be:
- - a person who is registered on the Platform as a buyer;
- - a person who is registered on the Platform as a responsible person when registering on the Platform of a legal entity or an individual entrepreneur;
- - a person who is not registered and/or not authorized on the Platform and using the services of the Platform.
“Responsible person” means an individual whose data are specified during registration on the Platform of a legal entity or individual entrepreneur in order to arrange interaction (feedback) with such a legal entity / individual entrepreneur.
“Personal Account” means a personal section of the User on the Platform, created during the registration of the User on the Platform, containing the User’s data and intended for the arrangement of interaction between the User and the Platform.
“Cookies” means a small piece of data sent by the web server and stored on computer of the User, which the web client or web browser sends to the web server each time through an HTTP request when attempted to open the Platform page.
“IP address” means a unique network address of a node in a computer network built under IP protocol.
1.4. The Policy establishes the principles for the processing of personal data by the Company, the obligations of the Company in processing personal data, the purposes and grounds for collecting personal data by the Company, the categories of personal data processed by the Company, the procedure and conditions for processing personal data, measures to ensure the privacy of personal data.
1.5. The Policy is publicly available and posted on the Platform in the public domain.
1.6. The provisions of the Policy are observed by the Company, including its employees, representatives, as well as affiliates.
1.7. By registering on the Platform or using the services of the Platform that allow to collect personal data, the User, through the relevant platform functionality, agrees to the processing of his/her personal data in the manner and on conditions described in this Policy and provided for by applicable legislation.
1.8. Use of the Platform means that the User unconditionally agrees with the provisions of this Policy. If the User does not agree with the provisions of this Policy, he should refrain from using the Platform.
2. Actual and legal grounds for the processing of personal data by the Company
2.1. The actual grounds for the processing of personal data by the Company is the implementation of business activities by the Company, including the rendering of intermediary and information services through the Platform, as well as any other commercial and non-commercial interaction of the Company with legal entities and individuals, state and municipal authorities.
2.2. The legal grounds for the processing of personal data by the Company are the provisions of the Constitution of the Russian Federation, the Civil Code, Federal Law N 59-ФЗ “On the procedure for handling appeals of citizens of the Russian Federation” dated 02.05.2006, as well as other acts of applicable legislation.
3. The principles of the company in the processing of personal data
3.1. The processing of personal data is performed exclusively with the consent of the User.
3.2. When processing personal data, the Company complies with the requirements of applicable legislation.
3.3. The processing of personal data is performed only for the purposes specified in this Policy. These objectives should be described clearly and in concrete terms.
3.4. Only those personal data that complies with the purposes defined in this Policy are subject to processing. Processing of personal data that does not comply with the specified purposes is not allowed.
3.5. Personal data is not disclosed to third parties and is not disseminated without the consent of the User, except in cases provided for by applicable legislation.
3.6. Processed personal data must be accurate and reliable.
3.7. The Company processes personal data in a manner that properly ensures its privacy and helps to prevent its damage, loss or destruction.
3.8. The principles that are provided for by applicable legislation regarding the processing of personal data, but not specified in this Policy, are subject to compliance by the Company.
4. Purposes of processing personal data by the Company
4.1. The Company processes personal data of users for the following purposes:
4.1.1. to create a Personal Account of the User on the Platform and provide the User with access to the Personal Account and other services of the Platform that require identification;
4.1.2. to conclude agreements with the Users on the Platform and to perform such agreements;
4.1.3. to arrange information interaction between Users and the Company, including for feedback, clarification of details of performing the Orders, distribution of information materials;
4.1.4. to arrange information interaction between Users, including for clarifying with manufacturers the characteristics and properties of the Goods, sending manufacturers a request to purchase the Goods;
4.1.5. to identify Users in bonus programs and loyalty programs that take place on the Platform;
4.1.6. to fulfill the conditions of bonus programs and loyalty programs that take place on the Platform;
4.1.7. to provide advertising materials to Users (with the consent of the Users);
4.1.8. to confirm the reliability and completeness of personal data provided by Users;
4.1.9. to perform other static studies aimed at improving the Platform (such studies are performed on the basis of anonymized data)
4.1.10. to provide Customers with customer and technical support in case of problems associated with the use of the Platform.
5. Personal data processed by the Company
5.1. From Users who register/authorize on the Platform as buyers, the Company may collect the following personal data: last name, first name, middle name, phone number, e-mail address, country of location, delivery address, electronic data (IP address, cookies, time of access to the Platform).
5.2. The Company may collect the following personal data of the Responsible persons: last name, first name, middle name, phone number, e-mail address, electronic data (IP address, cookies, time of access to the Platform).
5.3. From unregistered/unauthorized Users, the Company may collect the following personal data:
- e-mail address (if the User subscribes to the Platform newsletter);
- first name and phone number (if the User request a callback);
- electronic data (IP address, cookies, time of access to the Platform).
5.4. The Company does not process personal data regarding race, nationality, political views, religious, philosophical and other beliefs, health condition, personal life, membership in public associations, including labor unions, biometric data.
5.5. When paying for Orders using bank cards, all operations are performed on the side of banks under special protected modes. No private information on bank cards is transmitted, except for a notification of a payment made in favor of the Company.
6. Company policy regarding cookies.
6.2. Cookies are used to facilitate the use of the Platform, namely: to optimize and personalize the methods of rendering services, to analyze and study services in order of their improvement, as well as to display advertisements.
6.3. The Platform uses two types of cookie files: “session cookies” and “persistent cookies”. Session cookies are temporary files that remain on the device until the User leaves the Platform. Persistent cookies remain on the device for a long time or until the user manually deletes them (duration of storing the cookie file on the device of User will depend on the duration or “validity term” of the particular file).
6.4. Disabling cookies may result in inability to access certain services of the Platform.
6.5. Users can control browsers by setting them to reject certain types of cookie files or to notify when cookies are sent.
7. Conditions, procedure and terms for processing personal data
7.1. Before starting to process personal data of the User, the Company takes the necessary measures to familiarize the User with this Policy and obtain consent of the User to processing his/her personal data in accordance with the conditions of the Policy.
7.2. Consent of the User to processing his/her personal data obtained by the Company upon registration of the User on the Platform means consent of the User to processing his/her personal data under conditions of the Policy in the future when using Platform services.
7.3. The Company proceeds from the fact that, when registering on the Platform as a responsible person, the User transfers to the Company his/her own personal data. If, when entering data related to the responsible person, the User transfers the personal data of a third party, the User must independently obtain from this person consent to the transfer of his/her personal data to the Company and processing such data in accordance with the conditions of this Policy.
7.4. Processing of personal data is performed by the Company both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion and destruction of personal data.
7.5. With regard to personal data, privacy is maintained throughout the entire term of its processing. The Company protects personal data from unauthorized access and does not allow its dissemination, except for the following cases:
- - transfer of personal data is expressly provided for by legislation (e.g., personal data should be provided at the request of authorized authorities);
- - personal data is made available to the public by the User;
- - personal data was transferred to third parties with User’s consent, in cases, in the manner and on conditions provided for by this Policy.
7.6. The Company has the right to transfer personal data of buyers to manufacturers, as well as delivery services, courier services, postal organizations in order to perform Orders. In this case, cross-border transfer of personal data is allowed for performance of Orders (in particular, transfer to sellers registered outside the Russian Federation).
7.7. The Company does not verify the reliability of personal data provided by Users. At the same time, the Company proceeds from the fact that Users provide reliable and sufficient personal data, as well as update such data timely.
7.8. The Company does not process personal data of minors. If the Company receives personal data of a minor, the Company will immediately take measures to destroy such data.
7.9. The terms for processing (storing) personal data are determined based on the purposes of processing personal data, unless a different term for processing (storing) is established by applicable legislation. Processed personal data is subject to destruction upon achievement of the processing purposes or in case there is no further need to achieve these purposes.
7.10. Unless otherwise required by legislation or by agreement with the User, e-mails and documents that the User stores in the systems (services) of the Platform will be stored as long as the User has a Personal Account on the Platform (the User can delete these documents and letters at any moment).
8. Protection of personal data
8.1. When processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unlawful and/or unauthorized access, destruction, changes, blocking, copying, provision, dissemination, as well as from other unlawful actions in relation to personal data.
8.2. Such measures include, but are not limited to:
8.2.1. appointment of a person responsible for organizing the processing of personal data and a person responsible for ensuring data security; 8.2.2. development and approval of local acts on processing and protection of personal data;
8.2.3. application of legal, organizational and technical measures to ensure security of personal data;
8.2.4. control over measures taken to ensure security of personal data and the security level of personal data information systems;
8.2.5. compliance with conditions that exclude unauthorized access to physical media with personal data and ensure safety of personal data;
8.2.6. familiarization of employees of the Company directly involved in the processing of personal data with provisions of legislation on personal data, including with requirements for protection of personal data, local acts on processing and protection of personal data, as well as performing training of employees of the Company.
9. The rights of Users related to processing of their personal data by the Company
9.1. The User has the right to obtain information regarding processing of his/her personal data, including information containing:
- confirmation of the fact of processing of personal data by the Company;
- legal grounds and purposes of processing personal data;
- methods of processing personal data;
- name and location of the Company, information on persons who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Company;
- a list of processed personal data related to the relevant User;
- terms for processing personal data, including terms for their storage;
- other information required for by legislation.
9.2. The User has the right to demand from the Company to clarify, block or destroy his/her personal data if the personal data is outdated, inaccurate, unlawfully obtained, or is not necessary for the stated processing purpose.
9.3. The User has the right to withdraw his/her consent to the processing of data at any time.
10. Obligations of the Company
10.1. The Company is obliged:
10.1.1. to familiarize Users with the provisions of this Policy prior to processing Personal Data;
10.1.2. in case of refusal to provide personal data, explain to the User the consequences of such a refusal;
10.1.3. to clarify, block or delete the processed personal data at the request of the User if it is incomplete, outdated, inaccurate, unlawfully obtained or is not necessary for the stated processing purpose, within a term not exceeding seven business days from the date of receipt of the corresponding request from the User;
10.1.4. provide unlimited access to this Policy by publishing the current version of the Policy on the Platform;
10.1.5. take the necessary measures to protect personal data from unlawful or accidental access, destruction, making changes, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to personal data;
10.1.6. if the purpose of processing personal data is achieved, immediately terminate the processing of personal data and destroy corresponding personal data, unless otherwise provided by an agreement between the User and the Company or the requirements of the legislation;
10.1.7. if the User withdraws consent to processing of his/her personal data, to stop processing personal data and destroy personal data within a term not exceeding thirty days from the date of receipt of the said withdrawal. The Company shall notify the User of the destruction of personal data;
10.1.8. to give answers to requests and appeals from Users, their representatives and the authorized body for the protection of rights of personal data subjects.
11. Responsibility of parties
11.1. In the event of failure to fulfill the obligations provided for by this Policy, the Company shall be liable for losses incurred by the User in relation to unlawful use of personal data, in accordance with the legislation of the Russian Federation.
11.2. If the User transfers personal data of third parties to the Company without obtaining their permission, then User is responsible for such actions.
11.3. If the User provides unreliable personal data, he bears the risk of adverse consequences resulting from provision of inaccurate data.
12. Procedure for obtaining clarifications regarding the processing of personal data
12.1. Persons whose personal data are processed by the Company may send requests regarding processing of their data. Postal address for sending requests: 440028, Russian Federation, Penza, Tsiolkovskogo Street, 12A; E-mail address for sending requests: firstname.lastname@example.org.
12.2. Persons whose personal data are processed by the Company may personally contact the Company regarding processing of their data.
13. Changes in the Policy, additional provisions
13.1. The Company has the right to make changes to the Policy at any time at its discretion. The new revision of the Policy is posted on the Platform and comes into force from the moment of such posting.
13.2. The Company recommends that Users monitor changes to the Policy by reviewing its current revision. In the event of significant changes to the Policy, the Company may arrange the relevant newsletter to Users.
13.3. In all other respects, which are not directly reflected in this Policy, the Company undertakes to be guided by applicable legislation governing the processing of personal data.