Operator: Individual Entrepreneur Dombrovsky Alexander Dmitrievich.
This Policy is published in accordance with Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” and sets out the procedure for processing personal data and measures for ensuring personal data security.
Terms Used in the Policy
Automated processing means processing personal data using computing equipment. Blocking means temporary suspension of processing, except where processing is necessary to clarify the data. Service means Exalify software available at https://exalify.ru, https://exalify.ai, https://exalify.com and in the Exalify iOS and Android application. For activity in Russia and services to Russian citizens, the Operator uses https://exalify.ru unless otherwise follows from the circumstances. Personal data information system means the set of databases, information technologies and technical means used for processing. Anonymisation means actions after which it is impossible to determine that personal data belong to a particular User without additional information. Processing means any action with personal data, including collection, recording, systematisation, accumulation, storage, clarification, retrieval, use, transfer, anonymisation, blocking, deletion and destruction. Personal data means any information relating directly or indirectly to an identified or identifiable User. User means any Service visitor who provides personal data to the Operator.
General Provisions
This Policy applies to all information that the Operator may receive about Service visitors. Acceptance of the Policy is the fact of providing personal data to the Operator or other implied actions. Acceptance also constitutes consent to processing of transferred personal data. Consent is given indefinitely until withdrawal unless mandatory Russian law provides otherwise. The User provides data voluntarily, by their own will and in their own interest.
Processed Data
The Operator may process the User's surname, first name and patronymic, email address, social network and messenger identifiers, date of birth or age, and other data voluntarily provided to the Operator. These data, together with technical data, are referred to as personal data in the Policy. The Operator does not process special categories of personal data concerning race, nationality, political opinions, religious or philosophical beliefs or intimate life, and does not process biometric data.
Technical Files
Personal data may be processed for statistical purposes subject to mandatory anonymisation. The Service collects and processes anonymised visitor data, including cookies, using internet statistics services such as Yandex Metrica and others. Such data are used to obtain reliable statistics on User actions, improve Service quality and improve content. The Operator may process technical information such as IP address, browser type, plugins and browser versions, visit data, click statistics, generation statistics, request execution time, device language, User-agent data and loading errors.
Rights and Obligations
The User has the right to receive information about processing of their personal data and to require clarification, blocking or deletion where grounds provided by law exist. The User may withdraw consent at any time. The User must provide accurate information and timely notify changes. Providing false data or third-party data without consent entails liability under Russian law. The Operator processes data within the limits established by law and this Policy, may request and use accurate information necessary for processing, and may process data without consent where permitted by law. The Operator must provide information about processing upon request and ensure open access to this Policy.
Purposes of Processing
Personal data are processed to provide access to Service functionality, including registration verification; prepare, conclude, perform and terminate civil-law contracts; send information messages; promote goods, works and services, including advertising materials where advertising consent has been accepted; analyse User satisfaction, improve service quality and perform statistical analysis; and keep statistical records. The Operator may send notifications about new products, services, special offers and events.
Legal Grounds
Processing is based on the User's consent, necessity for performance or conclusion of a contract involving the User or where the User is a beneficiary or guarantor, and processing of data subject to publication or mandatory disclosure under federal law. A contract with the User may not contain provisions limiting the User's rights and freedoms as a personal data subject.
Processing Principles
Processing is limited to achieving the purposes of processing. Data must not be processed in a manner incompatible with collection purposes, and databases with incompatible purposes must not be combined. Only data corresponding to the processing purposes are processed, and the content and volume of processed data must not be excessive. The Operator processes data only where the User fills in or sends them through Service forms or by email. By doing so, the User consents to the Policy. Anonymised data are processed where permitted by the User's browser or device settings.
Processing Procedure and Security
The Operator performs collection, recording, systematisation, accumulation, storage, clarification, retrieval, use, transfer, anonymisation, blocking, deletion and destruction of personal data. Processing may be automated with or without transmission over telecommunications networks. Security is ensured through legal, organisational and technical measures required by applicable law, including protection against unauthorised or accidental access, destruction, alteration and dissemination. Information collected by third-party services, including payment systems, communication tools and other counterparties, is stored and processed by those parties, and the Operator is not responsible for their actions or omissions.
Transfer to Third Parties
The Operator may transfer personal data to third parties where necessary for use of the Service, contract performance, payment processing, communication, technical support, analytics, advertising mailing, compliance with law, protection of rights and other purposes stated in the Policy. Third parties may include hosting providers, payment services, CRM systems, mailing services, analytics systems, communication providers, contractors and other persons involved in Service operation. The Operator may entrust processing to third parties subject to confidentiality and security obligations.
Cross-Border Transfer
The Operator may carry out cross-border transfer of personal data in accordance with Russian law, including transfer to foreign service providers and infrastructure operators where necessary for Service functioning. Before such transfer, the Operator takes measures required by law, including notification to Roskomnadzor where required and ensuring that personal data of Russian citizens are first collected and stored in databases located in Russia.
Storage, Clarification and Destruction
Personal data are stored no longer than required by the purposes of processing or by law. Data are clarified where necessary. Processing stops and data are destroyed when purposes are achieved, consent is withdrawn, processing is unlawful, or other statutory grounds arise, unless continued processing is required or permitted by law.
User Requests
A User request should contain the User's surname, first name and, if available, patronymic; details confirming participation in relations with the Operator, including INN, SNILS or passport series and number where applicable; the substance of the request; and the User's signature or electronic confirmation where required. The Operator considers requests within the time limits established by Russian law.
Liability
The Operator and the User are liable in accordance with Russian law. The Operator is not liable for losses caused by the User providing inaccurate or incomplete data, failure to update data, unlawful actions of third parties, failures of third-party services or other circumstances outside the Operator's control.
Final Provisions
The Policy is effective indefinitely until a later version is published. The Operator may amend the Policy by publishing a new version in the Service. The current version is available in the Service and applies from the date of publication unless otherwise stated.