PRIVACY POLICY

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the Policy) has been drawn up in accordance with the requirements of the Federal Law of June 27, 2006 No. 152-FZ «On Personal Data» (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data taken by “Dimeco” Limited Liability Company (legal address: office 17, floor 6, building 3, house 1, Timiryazevskaya Str., 127422, Moscow, INN (Taxpayer Identification Number) 7713426475, OGRN (Primary State Registration Number) 5167746498882) (hereinafter referred to as the Operator).

1.2. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms when processing personal data, including the protection of the right to privacy, personal and family secrets.

1.3. This Policy of the Operator applies to the processing of personal data obtained as a result of the User’s interaction with the website located at: https://dimeco.io/.

2. Central concepts used in the Policy

Automated processing of personal data is the processing of personal data using computer technology.

Blocking of personal data is the temporary cessation of the personal data processing (except in cases where processing is necessary to clarify the personal data).

Website is a collection of graphic and informational materials, as well as computer programs and databases, making them available online at the address https://dimeco.io/.

A personal data information system is a collection of personal data contained in databases and the information technologies and technical means that support its processing.

Anonymization of personal data refers to actions that make it impossible to determine the attribution of personal data to a specific User or other personal data subject without the use of additional information.

Personal data processing is any action (operation) or set of actions (operations) performed with or without automated means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

Operator is a legal entity that, independently or jointly with other persons, organizes and/or carries out the personal data processing, and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.

Personal data is any information relating directly or indirectly to a specific or identifiable User of the website https://dimeco.io/.

 

Personal data permitted for distribution by the personal data subject means personal data access to which was granted by the subject of personal data to the general public by giving consent to the processing of personal data, permitted by the personal data subject for distribution in the manner prescribed by the Personal Data Law (hereinafter referred to as personal data permitted for distribution).

User is any visitor to the website https://dimeco.io/ who is the subject of personal data.

Provision of personal data refers to actions aimed at disclosing personal data to a specific individual or a group of individuals.

Distribution of personal data refers to any actions aimed at disclosing personal data to an indefinite number of individuals (transferring personal data) or making personal data available to an indefinite number of individuals, including disclosing personal data in the media, posting it on information and telecommunications networks, or providing access to personal data in any other way.

Cross-border transfer of personal data is the transfer of personal data to a foreign government agency, foreign individual, or foreign legal entity.

Destruction of personal data is any action that results in the irreversible destruction of personal data, making it impossible to restore the contents of personal data in a personal data information system, and/or the destruction of physical media containing the personal data.

3. Basic rights and obligations of the Operator

3.1. The Operator has the right:

• to receive reliable information and/or documents containing personal data from the User;
• if the User revokes consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the User if there are grounds specified in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of the Personal Data Law;
• independently to determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Operator is obliged:

• to provide the personal data subject, upon request, with information regarding the processing of his/her personal data;
• to organize the processing of personal data in accordance with the procedure established by the current legislation of the Russian Federation;
• to respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
• to provide the authorized body for the protection of the rights of personal data subjects, upon request of such body, with the necessary information within 10 (ten) business days from the date of receipt of such request;
• to publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
• to take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other illegal actions in relation to personal data;
• to cease the transfer (distribution, provision, or access) of personal data, to cease the processing, and to destroy personal data in the manner and cases stipulated by the Personal Data Law;
• if it is established that unauthorized or accidental transfer (provision, distribution, or access) of personal data has resulted in a violation of Users’ rights, to notify the authorized body of the incident within 24 (twenty-four) hours of the discovery of such an incident and to take other measures in connection with the identified incident within the timeframes established by law;
• to fulfill other obligations stipulated by the Personal Data Law.

4. Basic rights and obligations of Users

4.1. The User has the right:

• to receive information regarding the processing of his/her personal data, except in cases stipulated by federal laws. Information is provided to the User by the Operator in an accessible form, and it must not contain personal data related to other subjects of personal data, except in cases where there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
• to demand from the Operator to clarify his/her personal data, to block it or to destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also to take measures provided by law to protect his/her rights;
• to require prior consent when processing personal data for the purpose of promoting goods, works, and services on the market;
• to revoke the consent to the processing of personal data;
• to appeal to the authorized body for the protection of the rights of personal data subjects or in court against the Operator’s unlawful actions or inaction when processing his/her personal data;
• to exercise other rights provided for by the legislation of the Russian Federation.

4.2. The User is obliged:

• to provide the Operator with accurate information about himself/herself;
• to inform the Operator about any changes to his/her personal data.

5. Principles of personal data processing

5.1. The processing of personal data is carried out on a lawful and fair basis.

5.2. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Personal data processing which is not compatible with the purposes for which it was collected is prohibited.

5.3. It is not permitted to combine databases containing personal data that are processed for purposes that are incompatible with each other.

5.4. Only personal data that corresponds to the purposes of its processing is subject to the processing.

5.5. The content and volume of personal data being processed correspond to the stated processing purposes. The personal data being processed is not excessive in relation to the stated processing purposes.

5.6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data to the purposes of processing are ensured. The Operator takes the necessary measures to delete or clarify incomplete or inaccurate data.

5.7. Personal data is stored in a form that allows identification of the data subject for no longer than required for the purposes of processing the personal data, unless the storage period is established by federal law or an agreement to which the data subject is a party, beneficiary, or guarantor. Personal data being processed is destroyed or anonymized upon the achievement of the processing purposes or when these purposes are no longer necessary, unless otherwise provided by federal law.

6. Purposes of personal data processing

6.1. Purpose of processing the User’s personal data:

• informing the User by sending emails;
• providing the User with access to services, information, and/or materials contained on the website https://dimeco.io/.

6.2. The Operator also reserves the right to send the User notifications about new products and services, special offers, and various events. The User can always opt out of receiving informational messages by sending the Operator an email to info@dimeco.io with the subject line «Opt-out of notifications about new products and services and special offers.»

6.3. Anonymized data of Users, collected using Internet statistics services, is used to collect information about Users’ actions on the website, to improve the quality of the website and its content.

7. Legal grounds for processing personal data

7.1. The Operator processes the User’s personal data only if the User completes and/or submits it independently through special forms located on the website https://dimeco.io/. By completing the relevant forms and/or submitting his/her personal data to the Operator, the User consents to this Policy.

7.2. The Operator processes anonymized data about the User if this is permitted in the User’s browser settings (the saving of cookies and the use of JavaScript technology are enabled).

8. The procedure for collecting, storing, transferring and other types of processing personal data

8.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized persons from accessing personal data.

8.2. The User’s personal data will never, under any circumstances, be transferred to third parties, except in cases related to compliance with the current legislation of the Russian Federation.

8.3. If any inaccuracies are discovered in personal data, the User may update them independently by sending a notification to the Operator’s email address info@dimeco.io with the subject line «Updating personal data.»

8.4. The processing period for personal data is unlimited. The User may revoke his/her consent to the processing of personal data at any time by sending a notification to the Operator via email at info@dimeco.io with the subject line «Revocation of consent to the personal data processing.»

9. Cross-border transfer of personal data

9.1. Before commencing the cross-border transfer of personal data, the Operator is obliged to ensure that the foreign state to whose territory the personal data is to be transferred ensures reliable protection of the rights of personal data subjects.

9.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements may be carried out only if there is written consent from the subject of personal data to the cross-border transfer of his/her personal data and/or execution of an agreement to which the subject of personal data is a party.

10. Final Provisions

10.1. The User may obtain any clarification on any questions of interest regarding the processing of his/her personal data by contacting the Operator via email at info@dimeco.io.

10.2. This document will reflect any changes to the Operator’s personal data processing policy. This policy is valid indefinitely until replaced by a new version.

10.3. The current version of the Policy is publicly available on the Internet at  https://dimeco.io/policy-en/