1. TERMS AND DEFINITIONS
1.1. Data (User Data) – User personal data, as well as other user information.
1.2. User – an individual accessing the Service via the Internet.
1.3. Provider (Operator) – legal entity providing the Service to Users: International Public Foundation for the Development of Physical Culture and Sports “SAMBO” (OGRN 1117800014199, address: 197342, St. Petersburg, 61 Vyborgskaya Embankment, Office 406).
1.4. Service – «Sambo.live» audio visual service.
2. POLICY APPLICATION
2.1. By accessing and using the Service, a User implicitly agrees to this Policy and the terms of Data processing by the Provider specified therein. If a User does not agree with these terms, use of the Service should be terminated.
2.2. The Policy may be modified by the Provider. The amended Policy shall be published at the Service resource. By using the Service following the Policy modification, a User agrees to the changed terms of their Data processing.
3. TERMS AND OBJECTIVES OF DATA PROCESSING
3.1. The Provider processes User Data for the purpose of providing the Service, such as:
3.1.1. providing certain Service capabilities;
3.1.2. personalizing the Provider's offers, including the generation of recommendations for the video content that are more relevant to the User;
3.1.3. sending out private user messages;
3.1.4. receiving requests from Users and providing responses to these requests;
3.1.5. carrying out statistical and other research of the Service use;
3.1.6. promoting the Service, products and/or services offered by the Provider and its partners;
3.1.7. fulfilling the obligations assigned to the Provider by applicable laws;
3.1.8. improving the Service quality and ease of use, increasing its efficiency and maintaining its operation;
3.1.9. preventing and detecting fraud and/or illegal use of the Service.
For this purpose, the Operator processes the following Data: first name, last name; e-mail address; phone number; country of location; user's language; cookies.
3.2. Pursuant to the purposes specified in Clause 3.1 of this Policy, the following processing conditions apply:
3.2.1. The Provider does not process biometric and special categories of personal User Data. The personal data processed by the Provider falls under other categories of personal data.
3.2.2. Methods of Data processing are: collection, recording, systematization, accumulation, storage, clarification (updating, modifying), extraction, use, transfer (provision, access), anonymization, blocking, removal and destruction.
3.2.3. Data processing and storage duration: until the purpose of processing is achieved, until the expiration of the consent or until the withdrawal of consent (if there are no other reasons for processing such Data), depending on which event occurs first.
3.2.4. Once a User accepts the Mailing Rules, the Data may be processed to promote the Service, products and/or services offered of the Provider and its partners.
3.3. The Provider shall ensure recording, systematization, accumulation, storage, clarification (updating, modifying), retrieving personal User Data by using databases located on the territory of the Russian Federation.
4. DATA PROCESSING GROUNDS
4.1. The legal grounds for processing Data by the Provider are as follows, including, but not limited to:
4.1.1. The user consent;
4.1.2. The fulfilment, as well as conclusion of the User Agreement or other agreements with a User;
4.1.3. The exercise of the rights and legitimate interests of the Provider or third parties, unless the user rights and freedoms are violated;
4.1.4. The need for data processing in order to perform creative activities, provided that the user rights and legitimate interests are not violated;
4.1.5. The data processing for statistical or other research purposes, subject to mandatory Data anonymization;
4.1.6. The need for data processing in order to achieve the purposes stipulated by applicable laws, as well as the fulfilment of the obligations imposed on the Provider by such laws.
5. USER RIGHTS
5.1. A user is entitled to:
5.1.1. receive information respecting the processing of their Data;
5.1.2. require the Provider to clarify their Data, block or destroy it if it is incomplete, outdated, inaccurate, illegally obtained or is unnecessary for the stated purpose of processing;
5.1.3. revoke consent to the processing of their Data by submitting a written application to the Provider;
5.1.4. take measures stipulated by the laws of the Russian Federation to protect their rights;
5.2. Users have the right to delete their Account and the Data transferred to the Provider by submitting a corresponding request from their email address to the Provider's support service: firstname.lastname@example.org.
6.2. Cookies and other pieces of data may be processed using metric software, such as Rambler/Top-100, Yandex.Metrica, AppMetrica, SberVisor, Google Analytics, Pixel Vk, Top.Mail.Ru.
7. DATA ELIMINATION PROCEDURES
7.1. Regarding the User Data processed by the Provider for the purposes specified in Clause 3.1 of this Policy, a uniform procedure for their elimination applies pursuant to the laws of the Russian Federation.
7.2. The data is subject to elimination by the Provider, for instance, if the purpose of processing has been accomplished or the User revokes consent to their processing (and there are no other grounds for processing such Data), or the fact of their illegitimate processing is revealed.
7.3. If the purpose of data processing has been accomplished, the Provider ceases processing it and destroys it within a time period not exceeding 30 days from the date of accomplishing the purpose of data processing. If a User revokes consent to the processing of their Data, the Provider ceases processing it and, if storing the Data is no longer required for the purpose of processing, destroys it within a time period not exceeding 30 days from the date of the revocation receipt.
7.4. If a case of illegitimate processing of user personal data carried out by the Provider is ascertained, the Provider ceases such processing, within a time period not exceeding 3 business days from the date of detection. If it is impossible to ensure the legitimacy of such processing, the Provider eliminates such Data within a period not exceeding 10 business days from the date of detection of illegitimate data processing. In this case, the Provider notifies the User about the elimination of violations or the removal of their Data.
8. INFORMATION ON IMPLEMENTED SECURITY REQUIREMENTS
8.1. The Provider shall ensure the privacy of user personal data.
8.2. The Provider ensures the security of user personal data by means of the implementation of legal, institutional and technical measures.
8.2.1. Legal measures taken by the Provider include:
22.214.171.124. publishing documents defining the Operator’s policy with regard to the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and identifying violations of the laws of the Russian Federation, eliminating the consequences of such violations.
8.2.2. Institutional measures taken by the Provider include:
126.96.36.199. granting unrestricted access to the Policy and other information respecting the implemented requirements aimed at ensuring the personal data security;
188.8.131.52. actualization of in-house control and (or) audit of compliance of the processing of personal data with the Federal Law dated 27 July 2006 No. 152-FZ “On Personal Data” (Act) and the regulatory legal acts adopted pursuant to it, requirements for the protection of personal data, the Provider’s policy regarding processing of personal data, local acts of the Provider;
184.108.40.206. assessment of the harm that may be inflicted on the personal data subjects in case of violation of the Law, the relationship between this harm and the measures taken by the Provider aimed at ensuring the fulfilment of the obligations stipulated by the Law;
220.127.116.11. familiarization of the Provider's employees directly engaged in the processing of personal data with the provisions of the applicable laws of the Russian Federation on personal data, including requirements for the personal data security, documentation defining the Provider's policy regarding the processing of personal data, local acts on the processing of personal data, and/or instruction of these employees;
18.104.22.168. appointment of an officer in charge of arranging the personal data processing;
22.214.171.124. appointment of an officer in charge of ensuring the security of personal data in personal data information systems (PDIS);
126.96.36.199. endorsement by the Head of the Provider of a document specifying the list of employees whose access to personal data processed in the PDIS is required to perform their official duties;
188.8.131.52. ensuring the data storage security;
184.108.40.206. personal data hardware storage inventory;
220.127.116.11. identification of threats to the personal data security in the course of their processing within PDIS;
18.104.22.168. arrangement of a controlled zone, within which the stationary data processing hardware and means of data security, along with means of ensuring their operation, are permanently situated;
22.214.171.124. organization of a security mode for the premises where the PDIS is located, preventing the possibility of uncontrolled entry or stay in these premises by persons who have no access to these premises.
8.2.3. Technical measures taken by the Provider include:
126.96.36.199. using data protection tools that have passed the procedure for assessing compliance with the requirements of the laws of the Russian Federation in the area of information security, in cases where the use of such tools is required to eliminate the relevant threats;
188.8.131.52. assessing the efficiency of actions taken to ensure the personal data security prior to putting the PDIS into operation;
184.108.40.206. specifying the rules for access to personal data processed with the PDIS, as well as ensuring registration and logging of all actions performed with personal data within the PDIS;
220.127.116.11. detecting facts of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of hacker attacks on PDIS and to respond to computer incidents occurring in them;
18.104.22.168. restoring personal data modified or destroyed due to unauthorized access to it; monitoring the actions taken to ensure the personal data security and the PDIS security level.
9.1. Users are liable for the legitimacy of provision, relevance and accuracy of their personal and third-party data that they submit to the Provider.
9.2. The Provider considers requests related to the Policy, including requests from Users regarding the use of their Data at: email@example.com or sent to the address: 197342, St. Petersburg, 61 Vyborgskaya Embankment, Office 406.