Privacy Policy

This Privacy Policy (or the Policy) is a document that determines the policy regarding the processing of personal information, including personal data of Users of software products of JSC RACURS.

1.         General Provisions

1.1.      This Policy of JSC RACURS (hereinafter referred to as the Policy) in relation to personal data processing has been developed pursuant to the requirements of para 2, Part 1, Art. 18.1 of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of man and citizen during his personal data processing, including protection of rights to privacy, personal and family private life.

1.2.      The Policy applies to all personal data processed by JSC RACURS (hereinafter referred to as the Processor, JSC RACURS).

1.3.      The Policy applies to relations in the field of personal data processing that have arisen for the Processor both before and after the approval of this Policy.

1.4.      In pursuance of the requirements of Part 2, Art. 18.1 of the Law on Personal Data, this Policy is published in free access on the Processor's website in the ­information and telecommunication network Internet.

1.5.      Key terms used in the Policy: personal data means any information relating, directly or indirectly, to a specific or identifiable natural person (personal data subject);

personal data processor (processor) means a state body, a municipal body, a legal entity or an individual, organizing and (or) carrying out independently or jointly with other persons the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, the actions (operations) performed with personal data;

personal data processing means any action (operation) or a set of actions (operations) with personal data performed using automated equipment or without its use. Personal data processing includes, but is not limited to:

•          Collection;

•          Record;

•          Systematization;

•          Accumulation;

•          Storage;

•          Refinement (update, change);

•          Retrieval;

•          Use;

•          Transfer (distribution, provision, access);

•          Depersonalization;

•          Blocking;

•          Deletion;

•          Destruction;

automated personal data processing means personal data processing using computer technology;

distribution of personal data means actions aimed at disclosure of personal data to general public;

provision of personal data means actions aimed at disclosure of personal data to a certain person or a certain range of persons; blocking of personal data means temporary cessation of personal data processing (except for the situations when the processing is necessary to confirm personal data);

destruction of personal data means actions entailing to impossibility to restore the content of personal data in the personal data information system and (or) resulting in destruction of material media bearing the personal data;

depersonalization of personal data means actions entailing to impossibility to determine the ownership of personal data by a particular personal data subject without the use of additional information;

personal data information system means a set of personal data contained in personal details databases and ensuring its processing using information technologies and technical aids;

cross-border transfer of personal data means personal data transfer to the territory of a foreign state to a government authority of a foreign state, a foreign individual or a foreign legal entity.

1.6.      This Policy is an integral part of the End User License Agreement for the use of PHOTOMOD products, as well as the Non-Exclusive License Agreement, if it is expressly provided in their terms.

1.7.      Hereafter, the Policy uses the terms defined in the End User License Agreement, as well as in the Non-Exclusive Software License Agreement on the territory of Russia, unless otherwise provided by this Policy or follows from its essence. In other circumstances, the term used in the Policy shall be interpreted in accordance with the applicable laws of the Russian Federation.

1.8.      Any use of the products of JSC Racurs means the User's unconditional consent with this Policy and the terms of processing of his/her personal data included therein. In case of disagreement with these terms, the User must refrain from using the products.

1.9.      JSC Racurs has contractual relations with third-party providers of external services which may have access to the User's Personal Data. In particular, JSC RACURS uses external services of third-party organizations to provide hosting and mailing automation services. The agreements of JSC Racurs with the relevant third-party organizations include the terms with a guarantee of

confidentiality and security of Users' personal data transmitted to them.

2.         What Personal Data we collect

2.1.      User's Personal Data (or Personal Data) means in this Policy the following information, including personal data provided by the User to JSC Racurs during registration or mandatory authorization: e-mail address, company name, individual's full name, phone number, PHOTOMOD key serial number, login and password for access to Personal Account;

2.2.      Categories of personal data subjects: the processor's customers/contractors, their representatives, as well as the processor's employees;

2.3.      JSC Racurs performs verification of provided Personal Data when registering the user of PHOTOMOD products and does not verify the accuracy of Personal Data in case of registration of a user for downloading freeware programs believing that the User acts in good faith, prudently and makes all necessary efforts to maintain such information up to date.

2.4.      JSC Racurs does not make Users' profiles on the basis of personal data collected.

2.5.      The User has the right at any time to request a copy of his/her personal data processed by JSC Racurs, using the appropriate technical functionality or by making an appropriate request to JSC Racurs at info@racurs.ru.

3.         Legal grounds for personal data processing

3.1.      Legal grounds for personal data processing are a set of regulatory legal acts, in pursuance whereof and subject whereto the Processor processes personal data, including: The Constitution of the Russian Federation;

•          The Civil Code of the Russian Federation;

•          The Labour Code of the Russian Federation;

•          The Tax Code of the Russian Federation;

•          Federal Law dated 08.02.1998 No. 14-FZ "On Limited Liability Companies";

•          Federal Law dated 06.12.2011 No. 402-FZ "On Accounting";

•          Federal Law dated 15.12.2001 No. 167-FZ "About Obligatory Pension Insurance in the Russian Federation";

•          Other statutory legal acts regulating relations associated with the Processor's activity.

3.2.      Legal grounds for personal data processing also include:

•          Charter of JSC Raсurs;

•          Agreements entered into between the Operator and personal data subjects;

•          Consent of personal data subjects to their personal data processing

4.         How we handle the Personal Data collected

4.1.      JSC Raсurs processes Personal Data only to the extent required to achieve the specific purposes referred to herein.

4.2.      The User acknowledges and agrees that JSC Raсurs can process Personal Data for the following purposes:

•          Execution of agreements for the use of PHOTOMOD software;

•          User identification in the framework of performance of obligations under the current agreements;

•          The performance of the obligations under the existing agreements, including the provision of access to the User to the "Personal Account" service;

•          Communication with the User, including sending notices, requests and information regarding the use of the software, in particular, the notices about changes in the User Agreement, Agreements and Policies of JSC Raсurs, regarding changes in the terms and forms of payment, technical functionality, occurrence of new versions

4.3.      Personal data is processed by the Processor in accordance with the requirements of the laws of the Russian Federation.

4.4.      Personal data is processed with the consent of personal data subjects to their personal data processing, as well as without it in cases provided for by the laws of the Russian Federation.

4.5.      The Processor performs both automated and non-automated personal data processing.

4.6.      The Processor's employees whose duties include personal data processing are allowed to process personal data.

4.7.      Personal data processing is carried out by:

•          Obtaining personal data directly from personal data subjects in oral and written form;

•          Obtaining personal data from public sources;

•          Entering personal data into the Processor's logs, registers and information systems;

•          Using other methods of personal data processing.

4.8.      Disclosure to third parties and distribution of personal data without the consent of the personal data subject is not permitted, unless otherwise provided by federal law.

4.9.      Using the PHOTOMOD software, the User, in accordance with Part 1, Art. 18 of the Federal Law "On Advertising" and Part 1, Article 15 of the Federal Law "On Personal Data", gives his/her consent to receiving advertising messages and to his/her personal data processing in order to promote the services of JSC Raсurs.

4.10.    The User has the right to refuse at any time to receive advertising messages by using the appropriate technical functionality (by clicking on the link "Unsubscribe from Mailings"), or by making a relevant request to JSC Racurs at info@racurs.ru.

5.         How we store and protect Personal Data

5.1.      The Processor takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access thereto, destruction, modification, blocking, distribution and other unauthorized actions, including, but not limited to:

•          Identifies threats to security of personal data during its processing;

•          Adopts local regulations and other documents regulating relations in the field of personal data processing and protection;

•          Appoints persons responsible for ensuring the security of personal data in the Processor's business units and information systems;

•          Creates the necessary conditions for personal data handling;

•          Organizes registration of documents containing personal data;

•          Organizes work with information systems in which personal data is processed;

•          Stores personal data in the conditions whereunder its safety is ensured and unauthorized access to it is excluded;

•          Organizes training of the Processor's employees engaged in personal data processing.

5.2.      The Processor is obliged to take measures necessary and sufficient to ensure the fulfillment of the obligations provided by the Federal Law on Personal Data and the regulatory legal acts adopted in accordance therewith, including:

•          Appointment by the processor being a legal entity responsible for the organization of personal data processing;

•          Publication by the processor being a legal entity of documents determining the processor's policy regarding the personal data processing, bylaws on the issues of personal data processing, as well as bylaws establishing the procedures aimed at preventing and identifying violations of the laws of the Russian Federation, eliminating the consequences of such violations;

•          Application of legal, organizational and technical measures to ensure the security of personal data in accordance with Article 19 of the Federal Law on Personal Data;

•          Administration of internal control and (or) audit of compliance of personal data processing with the federal laws and regulatory legal acts adopted in accordance therewith, requirements for personal data protection, the processor's policy regarding the personal data processing, the processor's bylaws;

•          Assessment of harm which may be caused to personal data subjects in case of violation of the federal laws, the ratio of such harm and measures taken by the processor to ensure the fulfillment of obligations under the federal laws;

•          Familiarization of the processor's employees directly engaged in personal data processing with the provisions of the laws of the Russian Federation on personal data, including the requirements for the protection of personal data, the documents determining the processor's policy regarding personal data processing, bylaws on personal data processing and (or) training of the above employees.

5.3.      Storage and processing of Personal Data is carried out in accordance with internal rules and regulations. When processing the User's personal data, JSC Racurs is guided by Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006.

5.4.      With respect to Personal Data, its confidentiality is maintained, except in cases of voluntary provision by the User of information about him-/herself for public access to general public. When using PHOTOMOD software products, the User agrees that a certain part of his/her Personal Data becomes publicly available (the name of the organization in the "Users" section of the website of JSC Racurs).

5.5.      JSC RACURS stores Personal Data in the territory of the Russian Federation. By transferring personal data to JSC Racurs, the Users residing in foreign states acknowledge and agree that their Personal Data will be processed and protected in accordance with the requirements of the laws of the Russian Federation on personal data, which may differ from the laws of the User's country of residence.

5.6.      The Processor will store personal data in a form that allows to determine the personal data subject no longer than required by the purpose of personal data processing, if the period of personal data storage is not established by the federal law or agreement.

6.         In which circumstances we transfer Personal Data to third parties

6.1.      The User acknowledges and agrees that JSC Racurs is entitled to transfer Personal Data to third parties in the following circumstances:

•          The User has expressed his/her consent to such actions;

•          The transfer is required in case of the use by JSC Racurs of mailing automation services provided by third parties;

•          At a reasoned request of the court or another competent state body within the procedure established by law;

•          In case of sale by JSC Racurs of its business or separate parts of it to third parties;

•          To protect the rights and legitimate interests of JSC Racurs and third parties in cases when the User violates the User Agreement, this Policy and/or Agreements on the use of products of JSC Racurs;

•          To achieve other legitimate commercial goals or to fulfill other legal obligations of JSC Racurs.

6.2.      JSC Racurs does not sell the User's Personal Data to advertisers, data brokers or other third parties.

7.         Processing of Personal Data using Cookies and counters

7.1.      JSC Racurs and external service providers may use cookie files and similar technologies on the website. Cookies are small data files that are stored on the User's devices and used to recognize returning Users. Each cookie file expires after a certain period of time, depending on its purpose. Cookies transferred to the User's devices and received from the User's devices can be used to facilitate the User's authorization process when re-visiting individual pages of the website or when navigating between different pages ("pass-through authorization"), for statistical and research purposes, as well as to improve the performance and usability of the website of JSC Racurs.

7.2.      The User understands that the equipment and software used by him/her to visit websites may have the function of prohibiting operations with cookies (for any websites or for certain websites), as well as the function of deletion of previously received cookies.

7.3.      JSC Racurs has the right to establish that access to individual pages or their use is possible only if acceptance and receipt of cookies is allowed by the User.

7.4.      The structure of a cookie file, its content and technical parameters are determined by JSC Racurs and are subject to change without prior notice to the User.

7.5.      Counters of JSC Racurs on the website pages may be used to analyze User's cookies, to collect and process statistical information about the use of the website and to ensure efficiency of the website in general. Technical parameters of counters operation are determined by JSC Racurs and are subject to change without prior notice to the User.

8.         How to change or delete Personal Data

8.1.      Confirmation of the fact of personal data processing by the Processor, the legal grounds and purposes of personal data processing, as well as other information referred to in Part 7, Art. 14 of the Law on Personal Data are provided by the Processor to the personal data subject or his/her representative when receiving an application or request from the personal data subject or his/her representative.

The data provided does not include personal data relating to other personal data subjects, except in cases where there are legal grounds for the disclosure of such personal data.

8.2.      The request must contain:

•          The number of the main identity document of the personal data subject or his/her representative, information on the date of the document issue and the issuing authority;

•          Data confirming participation of the personal data subject in relations with the Processor (agreement number, agreement date, conditional verbal designation and (or) other information), or information otherwise confirming the processing of personal data by the Processor;

•          Signature of the personal data subject or his/her representative.

The request can be sent in the form of an electronic document and signed by a digital signature in accordance with the laws of the Russian Federation.

If the application (request) of the personal data subject does not contain, in accordance with the requirements of the Law on Personal Data, all the necessary information or if the personal data subject does not have any rights of access to the requested information, then a reasoned refusal is sent to him/her.

The right of the personal data subject to access to his/her personal data may be restricted in accordance with Part 8, Article 14 of the Law on Personal Data, including if access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.

8.3.      In case of identifying inaccurate personal data when receiving an application of the personal data subject or his representative or at their request, or at the request

of Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media), the Processor shall block personal data related to this personal data subject from the moment of such request or receipt of such request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.

8.4.      In case if the fact of inaccuracy of personal data is confirmed, the Processor, on the basis of the data provided by the personal data subject or his representative, or Roskomnadzor, or other necessary documents, confirms personal data within seven business days from the date of submission of such data and removes blocking of personal data.

8.5.      In case of identifying illegal processing of personal data when the personal data subject or his representative, or Roskomnadzor send an application (request), the Processor blocks illegally processed personal data relating to this personal data subject from the moment of receipt of such application or request.

8.6.      The User has the right at any time to independently edit in his/her personal account the Personal Data provided by him/her during registration or authorization.

8.7.      Destruction of Personal Data occurs when:

•          The purpose of personal data processing has been achieved;

•          The User deletes data from his/her account;

•          JSC Racurs deletes the User's account at his/her request;

•          JSC Racurs deletes the User's account in other situations provided for by the User Agreement, as well as Agreements on the Use of Products of JSC Racurs;

•          Expiry or withdrawal by the User of his/her consent to processing of his/her personal data if its storage is no longer required for the purposes of personal data processing.

8.8.      JSC Racurs ensures destruction of Personal Data within:

•          Six (6) months from the date of editing or deletion of data or User account, unless a different term is established by federal laws;

•          Thirty (30) days from the date of withdrawal by the User of his/her consent to the processing of his/her personal data if its storage is no longer required for the purposes of personal data processing.

8.9.      In order to improve the performance and ease of use of the website, JSC Racurs has the right to store log files with impersonal data on the actions performed by the User in the framework of using the Services during Three (3) years from the date of their performance.

9.         Changes to the Privacy Policy

9.1.      This Policy may be amended and/or supplemented by JSC Racurs unilaterally without any special notice. The current version of the Policy is available on the Internet at http://racurs.ru/privacy.php. JSC Racurs recommends that Users regularly check this Policy for amendments and/or supplements. Continued use of the website by the User after making amendments and/or supplements to this Policy means acceptance by the User and his/her consent with such amendments and/or supplements.

10.       Feedback

10.1.    All questions, applications and requests related to the implementation of this Policy and processing of Users' personal data by JSC Racurs shall be sent by e-mail address info@racurs.ru or to the postal address: JSC Racurs, Yaroslavskaya Str., 13A, office 15, Moscow, Russia, 129366