Main — Privacy Policy
1. General Provisions
1.1. GBL Robotics LLC (TIN 7715898794, OGRN 1127746004055, registered address: 125212, Moscow, Admirala Makarova St., 2, building 14, floor 1, room II, office 2) has developed this Personal Data Processing Policy in accordance with Russian legislation (Federal Law No. 152-FZ «On Personal Data»). This internal document describes how the company collects, stores, uses and protects the personal data of its clients and employees. The policy establishes rules and procedures aimed at ensuring the security and confidentiality of personal data in accordance with the requirements of the law. This document regulates how GBL Robotics LLC handles the personal information of personal data subjects and guarantees its protection.
1.2. The owner of the website is Limited Liability Company «GBL Robotics» (TIN 7715898794, OGRN 1127746004055, registration address: 125212, Moscow, Admirala Makarova St., 2, building 14, floor 1, room II, office 2).
1.3. The Policy applies to all actions related to the processing of personal data on the Operator’s website https://montycafe.ru/ (hereinafter referred to as the «Site»). Any Personal Data Subject has access to this Policy, including via the Internet.
1.4. This Policy has been created to comply with legal requirements in the field of processing and ensuring the security of personal data. It establishes the key principles and methods used by the Personal Data Operator to organize the processes of processing and protecting the personal information of Personal Data Subjects that meet the definition given in the Personal Data Law.
1.5. This privacy policy document may be updated by the Operator, who reserves the right to make changes to its provisions at its own discretion and at any time. Users are advised to regularly review the current version of this document to be aware of any updates in a timely manner.
1.6. The Policy applies to all personal data received both before and after the entry into force of this Policy.
2. Definitions
2.1. Basic concepts:
• Subject of personal data — an individual who is directly or indirectly determined or determinable using personal data, whose personal data is processed. In the text of this Policy, the terms «User» and «Subject of personal data» are identical;
• Website — a collection of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://montycafe.ru/;
• Personal data operator — a person who independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. For the purposes of this Policy, the Operator, when processing personal data, is the Personal Data Operator, unless otherwise expressly specified in the Policy;
• Personal Data Law — Federal Law of July 27, 2006 No. 152-FZ «On Personal Data»;
• Confidentiality of personal data — protection of personal data from unauthorized and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
• Processing of personal data — any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
• Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;
• Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific number of persons;
• Blocking of personal data — temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
• Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible carriers of personal data are destroyed;
• Depersonalization of personal data — actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
2.2. Other terms are used in this Policy in accordance with the meanings defined by the current legislation of the Russian Federation, unless otherwise expressly stated in the Policy.
3. Categories of personal data subjects and composition of personal data processed
3.1. The personal data operator processes personal data of the following categories of personal data subjects: Clients (authorized representatives of clients) of the Operator and Website Visitors.
3.2. For the purposes of this Policy, personal data shall mean any information directly or indirectly related to the personal data subject, including the User’s Last Name, First Name and Patronymic; User’s email address; User’s phone numbers; Additional information obtained as a result of accessing the website, including information regarding the technical equipment (devices) used, technological interaction with the website (including the host IP address, operating system, browser type, geographic location, Internet provider, data obtained during access to the camera, microphone and similar devices); Information obtained automatically as a result of using cookies.
Personal data also includes information automatically transmitted during a visit to the Website through software installed on the user’s device. These include: IP address, cookie data, web browser information (or other program used to access the Site), technical parameters of the equipment and programs used by the user, date and time of visiting the Site, URL of the requested pages and other similar data.
During the User’s visit to the Site, the Personal Data Processing Operator may collect this technical information. This data is used to maintain the functionality of the Site, improve the quality of services, correct malfunctions and increase the usability for visitors. It is important to note that the Operator does not aim to identify a specific user visiting the Site.
3.3. Cookies are small files, usually consisting of letters and numbers, automatically downloaded and uploaded to the device when the personal data subject accesses the Site. Cookies allow the Site to recognize the device of the personal data subject and display the Site in accordance with the preferences of the personal data subject.
If the user does not want cookies from his device to be used, he has the option to leave this website or adjust the settings of his browser. Information on how to manage cookies in different browsers can be found at the following links: Yandex Browser, Mozilla Firefox, Google Chrome, Safari, Microsoft Internet Explorer.
3.4. Information obtained through cookies does not belong to special categories, is not biometric, as defined by Articles 10 and 11 of the Federal Law on Personal Data, and is processed automatically.
3.5. The basis for processing such technical information from the device of the subject of personal data is consent to the processing of personal data, provided by him by performing implicit actions, namely, by checking the box next to the text «I agree to the processing of personal data» and clicking the send data button in the data collection form on the Site and continuing to use the Site.
4. Purposes and principles of personal data processing
4.1. Personal data are processed by the Operator, including but not limited to, for the following purposes:
• Improving the Operator’s products and services, as well as interacting with the Operator’s clients and contractors
• Implementing the tasks, rights and responsibilities assigned to the Operator in accordance with the laws of the Russian Federation;
• Conducting activities by the Operator as defined by its charter;
• Maintaining personnel records and accounting;
• Concluding and executing contracts within the framework of civil and other relations;
• Identifying users of the Site;
• Ensuring compliance with legislative acts and other regulatory legal acts of the Russian Federation.
4.2 The processing of personal data is carried out by the Operator reasonably and in good faith and based on the following principles:
• Personal data are processed on the basis of legality and fairness.
• The processing of personal data must be limited to the achievement of specific, predetermined and legitimate objectives. Processing of data that is inconsistent with the purposes for which it was collected is not permitted.
• Combining databases with personal data is prohibited if they are processed for incompatible purposes.
• Only personal data that is consistent with the stated purposes will be accepted for processing.
• The content and quantity of the data being processed must correspond to the stated purposes. Excessive processing of data that is not related to these purposes is not permitted.
• When processing personal data, the accuracy, sufficiency and, if necessary, relevance of the data in accordance with the purposes for which they are processed are required. The operator takes all necessary measures to eliminate or correct incomplete or inaccurate data.
• Personal data must be stored in a form that allows identification of the subject for no longer than the time necessary to achieve the purposes of processing, unless otherwise provided by law or contract. The data is destroyed or anonymized upon completion of the purposes of processing or when it is no longer needed, unless otherwise provided by law.
• Personal data are processed based on the compliance of the purposes of processing personal data with the purposes previously defined and declared when collecting personal data, as well as the powers of the Operator;
• Personal data are processed based on the compliance of the volume and nature of the personal data being processed, and the methods of processing personal data with the purposes of processing personal data.
5. Legal basis for processing personal data
5.1. The legal basis for processing personal data is a set of legal acts, pursuant to which and in accordance with which the Operator processes personal data, including, but not limited to:
• The Constitution of the Russian Federation;
• Federal Law No. 152-FZ of July 27, 2006 «On Personal Data»;
• The Civil Code of the Russian Federation;
• Resolution of the Government of the Russian Federation of September 15, 2008 N 687 «On approval of the Regulation on the specifics of processing personal data carried out without the use of automation tools»;
• Resolution of the Government of the Russian Federation of November 1, 2012 N 1119 «On approval of requirements for the protection of personal data when processing them in personal data information systems»;
• Order of the FSTEC of Russia dated February 18, 2013 No. 21 «On approval of the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems»;
• Order of the FSTEC of Russia No. 55, the FSB of Russia No. 86, the Ministry of Information Technologies and Communications of Russia No. 20 dated February 13, 2008 «On approval of the Procedure for the classification of personal data information systems»;
• Charter and local acts of the Operator;
• Other regulatory legal acts governing relations related to the commercial activities of the Operator.
6. Basic rights and obligations of the Operator
6.1. In accordance with the requirements of the Law on Personal Data, the Operator has the right to:
• Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
• receive reliable information and/or documents containing personal data from the personal data subject;
• In the event that the personal data subject revokes consent to the processing of personal data, continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data;
• Entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data stipulated by the Law on Personal Data;
6.2. In accordance with the requirements of the Law on Personal Data, the Operator is obliged to:
• Use the received personal data exclusively for the purposes specified in this Policy;
• Organize and ensure the processing of personal data in accordance with the requirements of the Law on Personal Data;
• Delete the personal data of the personal data subject if the storage period has expired or the personal data subject has revoked consent to their processing;
• Ensure proper secure storage of personal data, do not disclose personal data without the prior written consent of the personal data subject, except for cases stipulated by the legislation of the Russian Federation;
• Block personal data related to the relevant personal data subject, from the moment of the appeal or request of the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects for the verification period in case of detection of inaccurate personal data or illegal actions;
• Respond to appeals and requests of personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
• Notify the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media) at the request of this body of the necessary information within 10 (ten) days from the date of receipt of such request.
7. Basic rights of personal data subjects
7.1. The personal data subject has the right to:
• Withdraw their consent to the processing of personal data;
• Clarification, exclusion or correction by the Operator of incomplete, incorrect, outdated, unreliable, illegally obtained or not necessary for the Operator personal data;
• Access to their personal data processed by the Operator, as well as to information on the legal grounds and purposes of processing personal data;
• Protect their rights and legitimate interests, including compensation for damages and moral damages in court;
• Appeal against the actions or inactions of the Operator in an administrative (to the authorized body for the protection of the rights of personal data subjects) or in court.
7.2. The rights of personal data subjects provided for in clause 7.1. of this Policy may be limited in accordance with the requirements of the legislation of the Russian Federation and (or) in cases where the Operator processes personal data on legal grounds other than the consent of the subject of personal data.
8. Procedure and conditions for processing personal data
8.1. The Operator collects, registers, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distributes, provides, accesses), as well as depersonalizes, blocks, deletes and destroys personal data. The Operator performs manual and automatic processing of personal data with or without the receipt and/or transfer of information via information and telecommunications networks.
8.2. The Operator processes personal data with the consent of personal data subjects to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Russian Federation.
8.3. The Operator processes personal data in accordance with the requirements of the legislation of the Russian Federation in any legal way, including in personal data information systems with or without the use of automation tools.
8.4. When processing personal data, the Operator ensures the accuracy of the personal data, its sufficiency, and, where necessary, relevance in relation to the purposes of processing the personal data. The Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
8.5. Only the Operator’s employees whose job responsibilities include the processing of personal data are allowed to process personal data.
8.6. The Operator has the right to transfer personal data to third parties in the following cases:
• The subject of personal data has expressed consent to such transfer;
• The transfer is made to the Operator’s employees whose job responsibilities include the processing of personal data, for use for the purposes specified in paragraph 4.1. of this Policy;
• The transfer is necessary for the conclusion, execution of contracts and agreements within the framework of labor, civil law and other relations with the Operator;
• The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
8.7. The processing and storage of personal data is carried out by the Operator for no longer than required by the purposes of processing personal data, unless there are legal grounds for further processing.
8.8. Disclosure to third parties and distribution of personal data without the consent of the subject of personal data, unless otherwise provided by federal law, is not permitted.
8.9. Liability for violation of the requirements of the legislation of the Russian Federation and regulatory acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
9. Final Provisions
9.1. The new version of the Policy shall enter into force from the moment it is posted on the Website, unless another effective date is specified in it.
9.2. If the User discovers inaccuracies in their personal data, they can update them independently by sending a notification to the Operator’s email address info@montycafe.ru with the subject «Updating personal data».
The User has the right to revoke consent to the processing of data at any time by sending a notification to the address info@montycafe.ru with the subject «Revocation of consent to the processing of personal data».
9.3. The Operator does not process personal information that reflects ethnic or racial identity, political preferences, religious or philosophical views, health status, details of private life, membership in public organizations, including trade unions.
9.4. Unless otherwise provided by the legislation of the Russian Federation, the Operator shall cease processing personal data (in relation to any of the stated purposes) and destroy them in the following cases:
• liquidation of the Operator;
• reorganization of the Operator, entailing the termination of its activities;
• cessation of legal grounds for processing personal data and/or achievement of the purposes of processing personal data.
9.5. In all other respects that are not directly reflected in the Policy, the Operator is guided by the norms and provisions of the Law on Personal Data.