Privacy  Policy
that concerns processing of personal data of the visitors
of the St.Petersburg Card official website petersburgcard.com

1. General Terms

1.1. This Policy on the processing of personal data (hereinafter referred to as the "Policy") has been prepared in accordance with Cl. 2 Part 1, Art. 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FL from July 27, 2006 (hereinafter referred to as the "Law") and defines the position of legal entity: LLC Guest card (OGRN: 1107847292277, INN: 7841431791, address of registration: 191014, (Hereinafter referred to as the "Company") and concerns the processing and protection of personal data (hereinafter referred to as the "Data"), compliance with the rights and / freedoms of each person and, in particular, the right to privacy, personal and family secrets.

2. Application scope

2.1. This Policy applies to the Data received both before and after the implementation of this Policy.

2.2. Realizing the importance and value of the Data, and also caring about observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company provides reliable data protection.

2.3. This Policy applies to all information posted on the website: petersburgcard.com (hereinafter referred to as the Site) about the User as he/she is using the Site, its services, programs and products.

2.4. Using of the Site services means the unconditional consent of the User to this Policy and the terms of processing of his personal information specified therein; In case of disagreement with these conditions, the User should not using the services.

3. Definitions

3.1. The Data means any information relating to a directly or indirectly defined or defining individual, i.e. such information, in particular, includes: a surname, name, e-mail, phone number, location, as well as other data that are automatically transferred to the Site services as they are used with the software installed on the user's device, including the IP-address , cookie data, information about the User's browser (or other program  providing services), technical characteristics of the equipment and software used by the User, date and time of accessing services, address of the requested pages and related information.

3.2.The Data processing means any action (operation) or set of actions (operations) with the Data, performed with the use of automatic facilities and / or without using such means. Such actions (operations) include collection, recording, systematization, accumulation, storage, updating (modification), extraction, using, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction.

3.3. The Data security means safety from unauthorized and / or unsanctioned access, destruction, modification, blocking, copying, provision, dissemination of the Data, as well as from other illegal actions concerning the Data.

3.4. This Privacy Policy applies only to the "Guest Card" LLC website: petersburgcard.com.

3.5. The Company is not responsible for the third parties websites, which the User may visit clicking the links available on the Site petersburgcard.com.

  1. Legal basis and purpose of the Data processing
    4.1. The processing and providing of data security in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Legislation of the Russian Federation, the Labor Code of the Russian Federation, acts and other defining cases and peculiarities of processing the Data of federal laws of the Russian Federation, guidelines and methodological documents of FSTEC of Russia and the FSB of Russia.
    4.2. Subjects of the Data processed by the Company are:
    Customers - consumers, visitors and users of the site petersburgcard.com owned by the Company, who use the Site petersburgcard.com with the purpose of ordering with subsequent delivery to the customer, recipients of services, participants of bonus loyalty programs.
    4.3. The Company carries out processing of the Data of subjects for the following purposes:
    4.3.1. Exercise of the functions, powers and duties assigned to the Company in accordance with federal laws, including but not limited to: the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, Federal Law No. 152-FL from July 27, 2006 «On personal data», the Federal Law No. 14-FL from February 8, 1998 «On Limited Liability Companies», Federal Law No. 2300-1 from of February 7, 1992 «On Protection of Consumer Rights», Federal Law No. 129-FL «On Accounting» from November 21, 1996.
    4.3.2. To participants of bonus loyalty programs:
    - fulfillment of obligations under loyalty programs by the Company.
    4.3.3. To customers - consumers:
    - providing information about the Company,
    - providing information on goods/services and special offers;
    - analysis of quality of the services provided by the Company and improving the quality of services for the Company's customers;
    - informing about the status of the order;
    - execution of the contract, incl. contract of sale, incl. contract made via the Site, providing paid services; providing services, as well as registration of services provided to consumers for mutual settlements;
    - delivery of the ordered goods to the client, who made the order on the Site, return of the goods.

5. Principles and conditions for the Data processing.

5.1. When processing the Data, the Company adheres to the following principles:

- The Data processing is carried out on a legal and fair basis;

- The Data is not disclosed to third parties and does not distribute without the consent of the subject of the Data, except for cases requiring disclosure of the Data at the request of authorized state bodies, legal proceedings;

- Identification of specific legitimate objectives before processing (including collection) of the Data;

- Only the Data that are necessary and sufficient for the stated purpose of the treatment are collected; unification of databases containing the Data, processing of which is carried out for purposes incompatible with each other, is not allowed;

- The Data processing is restricted to the achievement of specific, predefined and legitimate purposes;

- The processed Data are subject to destruction or depersonalization upon achievement of processing purposes or in case there is no need to achieve these goals, unless otherwise provided by federal law.

5.2. The Company may include the Data of the entities in the publicly available Data sources, while the Company takes the written consent of the subject to process his/her Data, or by expressing consent through the form of the site (checkbox) by clicking which the subject of personal data agrees.

5.3. The Company does not process the Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.

5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person on the basis of which it is possible to establish his identity and which are used by the operator to identify the subject Data) are not processed in the Company.

5.5. The company provides cross-border data transmission. The Company confirms that the foreign state in the territory of which the transfer of personal data is carried out provides adequate protection of the rights of personal data subjects in accordance with the level of security defined by the Council of Europe Convention on the Protection of Individuals with regard to automated processing of personal data.

5.6. In cases stipulated by the legislation of the Russian Federation, the Company is entitled to transfer Data to third parties (the Federal Tax Service, the State Pension Fund and other state bodies) in cases provided for by the legislation of the Russian Federation.

5.7. The Company has the right to entrust processing the Data Subjects to third parties with the consent of the Data subject on the basis of a contract concluded with these persons, including with the consent of the user agreement and the policy of processing personal data posted on the site.

5.8. Persons processing data on the basis of a contract concluded with the Company (operator's instructions), undertake to comply with the principles and rules for data processing and protection provided for by the Law. For each third person, the contract specifies a list of actions (operations) with the Data that will be performed by the third person performing the Data processing, processing purposes, establishes the duty of such person to maintain confidentiality and ensure the data security during processing, specifies the requirements for protection of the Data being processed in accordance with the Law.

5.9. In order to comply with the requirements of the current legislation of the Russian Federation and its contractual obligations, the Data processing in the Company is carried out with or without the use of automation. The set of processing operations includes collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.

5.10. The Company prohibits the adoption on the basis of an exclusively automated processing of the Data of the decisions generating legal consequences with respect to the Data subject or otherwise affecting his rights and legitimate interests, except as provided for by the legislation of the Russian Federation.

6. Rights and obligations of the Data subjects and  the Company in terms of the Data processing

6.1. The entity, whose data is processed by the Company has the right:

6.1.1. receive from the Company:

- confirmation of the fact of the Data processing and information about the presence of the data related to the relevant data subject;

- information on the legal grounds and purposes of the Data processing; information on the methods used by the Company to process the Data;

- information on the name and location of the Company;

- information on persons (with the exception of employees of the Company), who have access to the Data or who may disclose the Data on the basis of an agreement with the Company or on the basis of a federal law;

- the list of data processed pertaining to the Data subject and information on the source of their receipt, unless another procedure for providing such Data is provided for by federal law;

- information on the processing time of the Data, including the time of their storage;

- information on the procedure for the subject of the Data to exercise the rights provided for in the Law; name (name and surname) and address of the person carrying out the Data processing on behalf of the Company;

- other information provided for by the Law or other regulatory legal acts of the Russian Federation;

6.1.2. to demand from the Company:

- clarification of his/her Data, its blocking or destruction in case that the Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of the processing;

- withdraw your consent to process the Data at any time; to demand the elimination of illegal actions of the Company with respect to his/her Data;

- to appeal against the actions or inaction of the Company to the Federal Service for Supervision in the Sphere of Communication, Information Technology and Mass Communications (Roskomnadzor) or in court if the Data subject believes that the Company is processing his/her Data in violation of the requirements of the Law or otherwise violates it rights and freedoms;

- protection of their rights and legitimate interests, including compensation for damages and / or compensation for moral harm in the courts.

6.2. The Company is obliged in the course of data processing:

- to provide the Data subject, upon his/her request, information regarding the processing of his personal data, or legal basis for refusing within thirty days from the date of receipt of the request of the Data subject or his representative;

- to explain to the Data subject the legal consequences of refusing to provide the Data if the Data is mandatory in accordance with the federal law;

- before the processing of the Data (if the Data was received not from the Data subject), provide the Data subject with the following information, except for the cases provided for by Part 4 of Article 18 of the Law:

1) the name or surname, name, patronymic and address of the Company or its representative;

2) the purpose of the Data processing and its legal basis;

3) prospective users of the Data;

4) the rights of the Data subjects established by law;

5) the source of the Data.

- take the necessary legal, organizational and technical measures or ensure their acceptance for the protection of the Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of the Data, as well as from other illegal actions with respect to the Data;

- publish on the Internet and provide unrestricted access using the Internet to a document that defines its policy regarding the processing of the Data, to information about the current requirements for the Data protection;

- to provide the Data subjects and / or their legal representatives with the free of charge opportunity to get acquainted with the Data when handling the relevant request within 30 days from the date of receipt of such request;

- to block unlawfully processed Data relating to the Data subject or to ensure their blocking (if data processing is performed by another person acting on behalf of the Company) from the time of application or receipt of the request for the verification period, in case of unlawful processing of the Data when the Data subject is accessed or his representative, or at the request of the Data subject or his representative or authorized body for the protection of the rights of subjects of personal data;

- clarify the Data or ensure their clarification (if the Data processing is performed by another person acting on behalf of the Company) within 7 working days from the date of submission of information and to remove the Data blocking in case of confirmation of the fact of Data inaccuracy on the basis of information submitted by the Data subject or his representative ;

- stop illegal processing of the Data or ensure that the Data is not illegally processed by a person acting on behalf of the Company in the event that the Data is processed illegally by the Company or a person acting on the basis of an agreement with the Company within a period not exceeding 3 business days from the date of such disclosure;

- Terminate the processing of the Data or ensure its termination (if data processing is performed by another person acting under the contract with the Company) and destroy the Data or ensure their destruction (if the Data processing is performed by another person acting under the agreement with the Company) upon the achievement of the Data processing objective, if the other is not provided by the contract, the party of which, the beneficiary or guarantor is the subject of the Data, in case of the achievement of the purpose of processing the Data;

- stop the processing of Data or ensure its termination and destroy the Data or ensure their destruction in  case when the Data subject withdraws consent to process the Data if the Company is not entitled to process the Data without the consent of the Data subject;

 - maintain a register of records of requests of personal data subjects, in which the requests of the Data subjects for receiving the Data should be recorded, as well as the facts of providing Data for these requests.

- The Company has the right to transfer the User's personal information to third parties in the following cases:

1) The User has consented to such actions;

2) The transfer is necessary for the User to use a certain service or for the performance of a certain agreement or contract with the User.

3) The transfer is provided by Russian or other applicable legislation within the framework of the procedure established by law.

In case of the sale of the Company's website to the site's purchaser, all obligations to comply with the terms of this Policy in relation to personal information received by it are transferred.

7. Data Protection Requirements

7.1. The processing of the personal data of Users is carried out in accordance with the Federal Law from July 27, 2006 N 152-FL «On Personal Data» (hereinafter - the Law).

Processing the Data, the Company shall take the necessary legal, organizational and technical measures to protect the Data from unauthorized and / or unauthorized access to, data destruction, modification, blocking, copying, provision, dissemination, and other unlawful activities concerning the Data.

7.2. Such measures in accordance with the Law, in particular, include:

- Appointment of the person responsible for organizing the processing of the Data and the person responsible for ensuring data security;

- development and approval of local acts on the Data processing and protection;

- application of legal, organizational and technical measures to ensure the security of the Data:

- identification of threats to the Data security when processing them in personal data information systems;

- the use of organizational and technical measures to ensure the security of the Data in processing them in personal data information systems necessary to fulfill the Data protection requirements, the implementation of which is ensured by the Data security levels established by the Government of the Russian Federation;

- application of information protection means, passed in the established procedure of conformity assessment;

- evaluation of the effectiveness of measures taken to ensure the security of the Data before putting into operation the personal data information system;

- registration of computer data carriers, if data storage is carried out on machine carriers;

- detection of facts of unauthorized access to the Data and taking measures to prevent similar incidents in the future;

- the Data recovery, modified or destroyed due to unauthorized access to them;

- establishment of rules for accessing the Data processed in the personal data information system, as well as ensuring registration and recording of all actions performed with the Data in the personal data information system;

- control over the measures taken to ensure the Data security and the level of security of information systems of personal data;

- an assessment of the harm that may be caused to the Data subjects in case of violation of the requirements of the Law, the ratio of the harm and measures taken by the Company aimed at ensuring the fulfillment of the duties provided for by the Law;

- compliance with conditions that preclude unauthorized access to the material data carriers and ensure the safety of the Data;

- familiarize employees of the Company directly processing the Data with the provisions of the legislation of the Russian Federation on Data, including requirements for data protection, local acts on data processing and protection, and training of Company employees.

8. Terms of the Data processing (storage)

8.1. Terms of the Data processing (storage) are determined on the basis of the Data processing purposes, in accordance with the term of the agreement with the Data subject, the requirements of federal laws, the Data operators' requirements for the Data processing by the Company, the basic rules of the archives of organizations, the limitation period.

8.2. The Data, which processing (storage) period has expired must be destroyed, unless otherwise stipulated by federal law. The Data storage after the termination of their processing is allowed only after their depersonalization.

9. Obtaining clarifications on the processing of Data

9.1. Persons, whose Data is processed by the Company may receive clarification on the processing of their Data by contacting the Company personally or by sending a written request to the Company's address: 191014, St. Petersburg, ul. Artillery, house number 1, pom. 26-H.

9.2. If you send an official request to the Company in the text of the request, you must specify:

- the last name, first name, patronymic of the Data subject or his representative;

- number of the main document certifying the identity of the Data subject or his/her representative, information on the date of issue of the specified document and the issuing body;

- information confirming the existence of the relationship between the subject and the Company; information for feedback in order to send the Company a response to the request;

- the signature of the Data subject (or his/her representative). If the request is sent in electronic form, then it must be issued in the form of an electronic document and signed by an electronic signature in accordance with the legislation of the Russian Federation.

10. Features of processing and protecting of the Data collected by the Company via the Internet

10.1. The Company processes the Data received from the users of the Site: petersburgcard.com (hereinafter referred to as the Site), as well as incoming:

- to the phone of the Company: +7 (812) 604-00-42,

- to the Company's e-mail address: info@petersburgcard.com,

- through the Company's feedback form at: petersburgcard.com/feedback.

10.2. Data collection

There are two main ways in which the Company receives the Data via the Internet:

10.2.1. Providing the Data (self-data input by the Data subjects):

- Surname,

- name,

- Email,

- phone number.

10.2.2. Provision of the Data by the Data Entities by entering the Company's phone number: +7 (812) 604-00-42, to the Company's e-mail address: info@petersburgcard.com, via the Company's feedback form at petersburgcard.com/feedback.

10.3. Automatically collected information

The company can collect and process information that is not personal data:

- location,

- ip address,

- information about the interests of users on the Site on the basis of the entered search requests of the users of the Site about the goods being sold and offered for sale by the Company with the purpose of providing up-to-date information to the Company's customers when using the Site, as well as generalizing and analyzing information about which sections of the Site and goods are most in demand at the Company's customers;

- processing and storing search requests of the users of the Site in order to generalize and create client statistics about the use of sections of the Site.

The company automatically receives some types of information obtained during the interaction of users with the Site, e-mail correspondence, etc. It is about technologies and services, such as web protocols, cookies, web markers, as well as applications and tools specified by the third side.

At the same time, web markers, cookies and other monitoring technologies do not allow automatic data retrieval. If the User of the Site, at his own discretion, provides his data, for example, when filling out the feedback form or sending an e-mail, then only the processes of automatic collection of detailed information for the convenience of using the websites and / or for improving interaction with users are launched.

10.4. Data usage

The Company shall have the right to use the Data provided in accordance with the stated purposes of their collection, subject to the consent of the Data subject, if such consent is required in accordance with the requirements of the Russian Federation legislation in the field of the Data.

Obtained data in a generalized and impersonal form can be used to better understand the needs of customers of goods and services implemented by the Company and improve the quality of service.

10.5. Data transfer

The Company may entrust the processing of the Data to third parties only with the consent of the Data subject. Also the Data can be transferred to third parties in the following cases:

1) As a response to legitimate requests of authorized state bodies, in accordance with laws, court decisions, etc.

2) The data can not be transferred to third parties for marketing, commercial and other similar purposes, except for cases of obtaining the preliminary consent of the data subject.

10.6. The site contains links to other web resources, where there may be useful and interesting information for the users of the Site. In this case, this Policy does not apply to such sites. Users following links to other sites are advised to familiarize themselves with the policies on processing Data posted on such sites.

10.7. The User of the Site may at any time withdraw his consent to the processing of the Data by sending a message by calling the Company's telephone number: +7 (812) 604-00-42, to the Company's e-mail address: info@petersburgcard.com, via the Company's feedback form at: petersburgcard.com/feedback, or by sending a written notice to the address of the Company: 191014, St. Petersburg, ul. Artillery, house number 1, pom. 26-H. After receiving such a message, processing of the User Data will be terminated and his/her Data will be deleted, unless processing can be continued in accordance with the law. Final provisions This Policy is a local normative act of the Company. This Policy is public. The general availability of this Policy is provided by publication on the Company's Site. This Policy may be revised in any of the following cases:

- with the modification of the legislation of the Russian Federation in the field of processing and protection of personal data;

- in cases of receipt of instructions from competent state bodies to eliminate inconsistencies affecting the scope of the Policy;

- by decision of the Company's management;

- when changing the purposes and terms of data processing;

- at change of organizational structure, structure of information and / or telecommunication systems (or introduction of new);

- when applying new technologies for data processing and protection (including transmission, storage);

- if there is a need to change the data processing process related to the Company's activities.

In the event of failure to comply with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Russian Federation. Control over the implementation of the requirements of this Policy is carried out by persons responsible for organizing the processing of the Data of the Company, as well as for the security of personal data.

10.8. With the loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.

10.9. The Administration of the Site takes necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

10.10. The Administration of the Site together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.

11. Responsibility

11.1. The Company (Administration of the Site), which has not fulfilled its obligations, is responsible for losses incurred by the User in connection with the misuse of personal data, in accordance with the legislation of the Russian Federation.

11.2. In case of loss or disclosure of confidential information, the Company (the Site Administration) is not responsible if this confidential information:

- Became public before its loss or disclosure.

- Was received from a third party until it was received by the Site Administration.

- Was disclosed with the consent of the User.

12. Settlement of disputes

12.1. Before applying to the court with a claim for disputes arising from the relationship between the Site User and the Site Administration, it is mandatory to file a claim (a written proposal for the voluntary settlement of the dispute).

12.2. The receiver of the claim shall notify the applicant by writing within 30 (thirty) calendar days from the date of receipt of the claim about the results of the examination of the claim.

12.3. If the agreement is not reached, the dispute will be referred to the court in accordance with the current legislation of the Russian Federation.

This Privacy Policy and the relationship between the User and the Site Administration shall be governed by the current legislation of the Russian Federation.

13. Additional conditions

13.1. The Site Administration has the right to make changes to this Privacy Policy without the consent of the User.

13.2. The new Privacy Policy starts working from the moment it is posted on the Site, unless otherwise provided for in the new edition of the Privacy Policy.

13.3. Any suggestions or questions about this Privacy Policy should be reported to info@petersburgcard.com.

13.4. The current Privacy Policy is available on petersburgcard.com.

13.5. This Privacy Policy is an integral part of the User Agreement, which can be found at petersburgcard.com.

 

 

 

Top