Personal data processing policy

  1. General Provisions
    1. The present Privacy Policy (hereinafter — "Policy") has been developed in accordance with the requirements of paragraph 2 part 1 of article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter — "Personal Data Law"), in order to ensure protection of the rights and freedoms of a person and a citizen in the processing of his personal data, including protection of the rights to privacy of a private life, personal and family secrets.
    2. The present Policy is applicable to the following categories of Data Subjects, which the Operator (hereinafter — "Data Subjects") processes:
      • Counterparties of the Operator (natural persons).
      • Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
      • Clients of the Operator.
      • Users of the Operator's Website.
    3. Basic concepts used in the Policy:

      Processing of Personal Data — LLC "Langame PR", OGRN 1217700493889, INN/KPP 9719019720/771901001, 107023, Moscow, Bolshaya Semyonovskaya St, 15, floor 3, room №301, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data

      Personal Data Operator — any action (operation) or set of actions (operations) with personal data, performed using automation tools or without using such tools. Processing of personal data includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction

      Automated Processing of Personal Data — processing of personal data using computer technology

      Distribution of Personal Data — actions aimed at disclosing personal data to an indefinite circle of persons

      Provision of Personal Data — actions aimed at disclosing personal data to a specific person or a specific circle of persons

      Blocking of Personal Data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data)

      Destruction of Personal Data — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and (or) resulting in the destruction of tangible media of personal data

      Depersonalization of Personal Data — actions resulting in the impossibility of determining the ownership of personal data to a specific data subject without the use of additional information

      Personal Data Information System — a set of personal data contained in databases and ensuring their processing by information technologies and technical means

      Cross-Border Transfer of Personal Data — transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity

      Website — a set of programs for electronic computers and other information contained in the information system, access to which is provided via the information and telecommunication network internet and located at: https://langame.ru/

      Website Services (Services) — functions of the Website that allow Data Subjects to receive services from the Operator

      Purpose of Personal Data Processing — providing access to Services, information and/or materials contained on the Website, providing Data Subjects with the opportunity to use all the functions of the Website developed for the provision of services, informing Data Subjects by sending emails; fulfilling obligations within the framework of civil-law relations between the Operator and Data Subjects during the use of the Services by the latter

      By registering on the Site, the Data Subject consents to the processing of his personal data in accordance with this Policy.

    4. Basic rights and obligations of the Operator.
      1. The Operator has the right:
        • to independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations, provided for in the Personal Data Law and other legal acts adopted in accordance with it, if other than that provided for in the Personal Data Law or other federal laws;
        • to delegate the processing of personal data to another person with the consent of the Data Subject, if other than that provided for in the Personal Data Law, on the basis of a contract concluded with this person.
        • in case of revocation by the Data Subject of his consent to the processing of personal data, the Operator may continue the processing of personal data without the consent of the Data Subject provided that there are grounds for this provided for in the Personal Data Law.
      2. The Operator must:
        • organize the processing of personal data in accordance with the requirements of the Personal Data Law;
        • respond to requests and inquiries of Data Subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
        • report to the authorized body for the protection of the rights of Data Subjects (hereinafter — "Roskomnadzor") upon request of this body necessary information within 10 working days from the date of receipt of such a request.
    5. Basic rights of Data Subjects. The Data Subject has the right:
      • to receive information concerning the processing of his personal data, except in cases provided for in federal laws.
      • to require the Operator to clarify his personal data, their blocking or destruction in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the declared purpose of processing, and to take measures provided for by law to protect his rights;
      • to appeal to Roskomnadzor or to a judicial body in case of unlawful actions or inaction of the Operator in the processing of his personal data.

      The Data Subject may exercise his rights to receive information concerning the processing of his personal data, as well as his rights to clarify his personal data, their blocking or destruction, by contacting the Operator with the corresponding request to the address: 107023, Moscow, Bolshaya Semyonovskaya St, 15, floor 3, room №301 or by contacting the Operator with the corresponding request by email pg@langame.ru. In both cases, the request must be submitted in accordance with the requirements of article 6.1. of this Policy.

    6. The Operator is responsible for the implementation of the requirements of the present Policy, as well as for the violation of the requirements of the present Policy by the Operator in the field of processing and protection of personal data in accordance with the legislation of the Russian Federation.
    7. Responsibility for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
  2. Legal Basis for the Processing of Personal Data
    1. The legal basis for the processing of personal data is the set of legal acts, in accordance with which and in the course of which the Operator carries out the processing of personal data, including:
      • Constitution of the Russian Federation;
      • Civil Code of the Russian Federation;
      • Tax Code of the Russian Federation;
      • Federal Law of December 6, 2011 No. 402-FZ "On Accounting",
      • other legal acts regulating relations related to the activities of the Operator.
    2. The legal basis for the processing of personal data also includes:
      • Operator's Charter;
      • contracts concluded with the Data Subject;
      • consent of the Data Subject to the processing of personal data.
  3. Purposes, Volume and Order of Processing of Personal Data
    1. Processing of personal data is limited to achieving specific, pre-determined and lawful purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed. Only personal data that correspond to the purposes of their processing should be processed.
    2. The content and volume of personal data processed should correspond to the declared purposes of processing, provided for in this section. Personal data processed should not be excessive in relation to the declared purposes of their processing.
    3. On the basis of the present Policy, the Operator may process personal data of the following categories of Data Subjects:
      • Counterparties of the Operator (natural persons).
      • Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
      • Clients of the Operator.
      • Users of the Operator's Website.
    4. The Operator may process the following personal data in relation to each of the categories of Data Subjects:
      1. Counterparties of the Operator (natural persons):
        1. The Operator processes personal data of Counterparties (natural persons) with the following purposes:
          • Conclusion and execution of contracts.
          • Carrying out activities in accordance with the articles of association.
        2. In the above-mentioned purposes, the Operator processes the following categories of personal data of Counterparties (natural persons):
          • Surname, name, patronymic.
          • Contact phone number.
          • Email address.
        3. The Operator does not process biometric personal data of Counterparties (natural persons) (information that characterizes physical and biological characteristics of a person, on the basis of which his identity can be established) and special categories of personal data of Counterparties (natural persons).
        4. The Operator does not process special categories of personal data of Counterparties (natural persons).
        5. The Operator carries out automated processing of personal data of Counterparties (natural persons).
        6. The list of actions for processing personal data of Counterparties (natural persons) — collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
        7. It is not allowed to disclose third parties and distribute personal data without the consent of the Counterparty, unless otherwise provided by federal law.
        8. The Operator does not carry out cross-border transfer of personal data of Counterparties (natural persons).
      2. Representatives (employees) of the Operator's (legal entities and individual entrepreneurs):
        1. The Operator processes personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs) with the following purposes:
          • Carrying out contracts with Counterparties.
          • Preparing commercial offers.
          • Carrying out activities in accordance with the articles of association.
        2. In the above-mentioned purposes, the Operator processes the following categories of personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs):
          • Surname, name, patronymic.
          • Contact phone number.
          • Email address.
        3. The Operator does not process biometric personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs) (information that characterizes physical and biological characteristics of a person, on the basis of which his identity can be established) and special categories of personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
        4. The Operator does not process special categories of personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
        5. The Operator carries out automated processing of personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
        6. The list of actions for processing personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs) — collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
        7. It is not allowed to disclose third parties and distribute personal data without the consent of the Representative, unless otherwise provided by federal law.
        8. The Operator does not carry out cross-border transfer of personal data of Representatives (employees) of the Operator's (legal entities and individual entrepreneurs).
      3. Clients of the Operator:
        1. The Operator processes personal data of Clients with the following purposes:
          • Conclusion and execution of contracts.
          • Organization of participation in a loyalty program.
          • Direction of messages of advertising and informational nature about goods and services.
          • Carrying out activities in accordance with the articles of association.
        2. In the above-mentioned purposes, the Operator processes the following categories of personal data of Clients:
          • Surname, name, patronymic.
          • Passport data.
          • Contact phone number.
          • Email address.
          • Gender.
          • Accounting data for entering the personal account: login and password.
        3. The Operator does not process biometric personal data of Clients (information that characterizes physical and biological characteristics of a person, on the basis of which his identity can be established) and special categories of personal data of Clients.
        4. The Operator does not process special categories of personal data of Clients.
        5. The Operator carries out automated processing of personal data of Clients.
        6. The list of actions for processing personal data of Clients — collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
        7. It is not allowed to disclose third parties and distribute personal data without the consent of the Client, unless otherwise provided by federal law.
        8. The Operator does not carry out cross-border transfer of personal data of Clients.
      4. Users of the Operator's Website:
        1. The Operator processes personal data of Users with the following purposes:
          • Processing of requests on the Site.
          • Direction of messages of advertising and informational nature about goods and services.
          • Preparing commercial offers.
          • Carrying out activities in accordance with the articles of association.
          • Ensuring the uninterrupted operation of the Site.
          • Improving the user experience.
          • Maintaining statistics of visits to the Site.
          • Forming the profile of the Data Subject.
          • Targeting goods and services in accordance with the interests of the Data Subject.
          • Carrying out activities in accordance with the articles of association.
        2. In the above-mentioned purposes, the Operator processes the following categories of personal data of Users:
          • Surname, name, patronymic.
          • Contact phone number.
          • Email address.
          • Accounting data for entering the personal account: login and password.
          • Date and time of visit to the Site.
          • Cookies files.
          • Data collected on the Site via web site visitor statistics aggregators.
        3. The Operator does not process biometric personal data of Users (information that characterizes physical and biological characteristics of a person, on the basis of which his identity can be established) and special categories of personal data of Users.
        4. The Operator does not process special categories of personal data of Users.
        5. The Operator carries out automated processing of personal data of Users.
        6. The list of actions for processing personal data of Users — collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
        7. It is not allowed to disclose third parties and distribute personal data without the consent of the User, unless otherwise provided by federal law.
        8. The Operator does not carry out cross-border transfer of personal data of Users.
  4. Principles and Conditions for the Processing of Personal Data
    1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and based on the following principles
      • legality and fairness;
      • limitation of the processing of personal data to achieving specific, pre-determined and lawful purposes;
      • preventing the processing of personal data that is incompatible with the purposes of collecting personal data;
      • preventing the union of databases containing personal data, the processing of which is carried out in the purposes that are incompatible with each other;
      • processing only those personal data that correspond to the purposes of their processing;
      • the correspondence of the content and volume of the processed personal data to the declared purposes of processing;
      • preventing the processing of excessive personal data in relation to the declared purposes of their processing;
      • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
      • destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these purposes, in case of impossibility of eliminating the Operator's violations of personal data, if other than that provided for by federal law.
    2. The processing of personal data is carried out with the consent of the Data Subject to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.
    3. Personal data processing is carried out by employees of the Operator, whose duties include personal data processing.
    4. Personal data processing is carried out by:
      • obtaining personal data in oral and written form directly from Data Subjects;
      • obtaining personal data from publicly available sources;
      • entering personal data into journals, registers and information systems of the Operator;
      • using other methods of processing personal data.
    5. Persons who have provided the Operator with information about another Data Subject, including through the Site, without the consent of the subject whose personal data have been provided, are responsible for compliance with the legislation of the Russian Federation.
    6. The transfer of personal data to the bodies of pre-trial investigation, the Federal Tax Service, the Pension Fund of the Russian Federation and other authorized bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
    7. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, distribution, and other unauthorized actions, including:
      • identifying threats to the security of personal data during processing;
      • adopting local regulations and other documents governing relations in the field of processing and protection of personal data;
      • appointing persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
      • creating the necessary conditions for working with personal data;
      • organizing the accounting of documents containing personal data;
      • organizing work with information systems in which personal data is processed;
      • storing personal data in conditions that ensure their safety and prevent unauthorized access;
      • organizing training for employees of the Operator who process personal data.
    8. The Operator stores personal data in a form that allows identifying the data subject, no longer than required by the purposes of processing personal data, unless the storage period is established by federal law or contract.
    9. When collecting personal data, including through the information and telecommunications network Internet, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
    10. The information banner that appears on the Site informs the visitor of the Site about the processing of cookies and user data. The aforementioned personal data is processed by the Operator to ensure the stable operation of the Site, improve user experience, enhance the methods and ways of presenting information on the Site, maintain statistics on Site visits, identify the most visited pages of the Site, compile profiles, and target products according to the interests of the Site visitor.

      The visitor of the Site has the right to provide his consent to the processing of the aforementioned personal data, continuing to use the Site, or refusing to provide such consent, disabling the processing of cookies and the collection of user data in the browser settings, or leaving the Site.

      Despite the fact that most browsers automatically accept cookies, the visitor of the Site may configure his browser in such a way that only the visitor of the Site decides whether to accept or block the cookie file (the visitor of the Site should refer to the menu "Tools" or "Settings" of the browser used by the visitor of the Site). The visitor of the Site can delete the cookie files from his device at any time. It should be remembered that if the visitor of the Site does not accept cookies, some functions of the Site may be lost.

      More detailed information about managing cookies can be found in the browser help file or on specialized websites.

  5. Updating, correcting, deleting, and destroying personal data, responses to requests from subjects for access to personal data
    1. Confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data, as well as other information specified in part 7 of article 14 of the Law on Personal Data, shall be provided by the Operator to the data subject or their representative upon request or upon receipt of a request from the data subject or their representative within 10 (ten) working days from the date of receipt of the request. The provided information does not include personal data related to other data subjects, except in cases where there are legal grounds for disclosing such personal data.

      The request must contain:

      • the number of the main document confirming the identity of the data subject or their representative, information about the date of issuance of the specified document and the issuing authority;
      • information confirming the participation of the data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing personal data by the Operator;
      • the signature of the data subject or their representative.

      The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

      If the request (inquiry) of the data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the rights to access the requested information, a reasoned refusal shall be sent to them.

      The right of the data subject to access their personal data may be restricted in accordance with part 8 of article 14 of the Law on Personal Data, including if access of the data subject to their personal data violates the rights and legitimate interests of third parties.

    2. In case of identifying inaccurate personal data upon request of the data subject or their representative or at their request or at the request of Roskomnadzor, the Operator shall block the personal data related to this data subject from the moment of such request or receipt of the specified request for the duration of the verification, provided that blocking the personal data does not violate the rights and legitimate interests of the data subject or third parties.

      If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the data subject or their representative or Roskomnadzor, or other necessary documents, shall clarify the personal data within seven working days from the date of submission of such information and remove the blocking of personal data.

    3. In case of identifying unlawful processing of personal data upon request of the data subject or their representative or at their request or at the request of Roskomnadzor, the Operator shall block the unlawful processing of personal data related to this data subject from the moment of such request or receipt of the specified request.
    4. Upon achievement of the purposes of processing personal data, as well as in case of revocation of the data subject's consent to the processing of their personal data, personal data shall be destroyed if:
      • otherwise provided for in the contract, the party of which is the data subject;
      • the Operator is not entitled to process without the consent of the data subject on the basis of the Law on Personal Data or other federal laws;
      • otherwise provided for in another agreement between the Operator and the data subject.
  6. Final Provisions
    1. The Operator has the right to send the Data Subject messages of an advertising and informational nature via email, SMS, and push notifications only with the prior consent to receive advertising in accordance with part 1 of article 18 of the Federal Law of March 13, 2006 No. 38-FZ "On Advertising". Consent to receive advertising messages from the Operator via email, SMS, and push notifications is provided in writing or electronically by checking the appropriate box on the Site.

      The Data Subject has the right to refuse to receive advertising messages by following the appropriate link in the emails received from the Operator, sending a notification of refusal to receive advertising messages to the support service at the Operator's location: 107023, Moscow, Bolshaya Semyonovskaya St., 15, floor 3, office 301, or by contacting the Operator with the appropriate request via email pg@langame.ru.

    2. In accordance with the requirements of part 2 of article 18.1 of the Law on Personal Data, this Policy is published (and regularly updated) in free access in the information and telecommunications network "Internet" on the Site at: https://langame.global/policy.