Last updated 27.02.2023
- General provisions
- Principles of personal data processing
- Scope and categories of data processed, purposes of collection
- The procedure and conditions for processing, storing personal data
- Special categories of personal data
- Consent of the subject of personal data to the processing of his personal data
- Rights of the subject of personal data
- Deleting data
- Transfer of information
- Legal grounds for the processing of personal data
- Limitation of this Policy
1. General provisions
1.1. This document (hereinafter referred to as the “Policy”) is an official document defining the policy of KiberPAY (hereinafter also referred to as the “Company”) regarding the collection and processing of personal information of individuals, users of the Company’s Services.
1.2. This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in the Company in order to protect the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
By accepting this Policy, the Subject (User) agrees toprocessing their personal data in order to use the Company’s Services. ATotherwise, the person must refrain from any use of the ServicesCompanies.
1.3. The following basic concepts and terms are used in the Policy:
− user -individuals (including representatives of legal entities) who have the opportunity to visually familiarize themselves with the information posted on the websitehttps://cyberpay.com/information, persons using the services of the company, as well as customers of the Company;
− subject (of personal data) –a natural person who is directly or indirectly identified or determined using personal data, sending their own personal data to the Company in order to gain access to the functionality of the Company’s Service;
– processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
– automated processing of personal data – processing of personal data using computer technology;
– dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
– provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
– blocking of personal data – temporary suspension of the processing of personal data (except when processing is necessary to clarify personal data);
– destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
– depersonalization of personal data – actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
– personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
− cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
− user agreement – the Agreement posted on the Company’s website, concluded between the Company and the subject, regulating the relationship between the Company and the subject on the use of the Internet resource https://kiberpay.com/;
− services of the Company – a software package owned by the Company, which includes a WEB – interface located on the Internet;
client–– a legal entity, an individual entrepreneur, as well as an individual engaged in private practice in accordance with the procedure established by the legislation of the Russian Federation, who has concluded or intends to conclude a service agreement with the Company;
client representative– an individual whose personal data is transferred to the Company, who is a member of the Client’s management bodies; being the owner/founder/shareholder/participant of the Client; acting on behalf of the Client on the basis of a power of attorney / specified in the card with samples of signatures and seals of the Client;
dissemination of personal data– actions aimed at disclosing personal data to an indefinite circle of persons;
TSP– A trade and service company that sells goods and provides services to an indefinite circle of people.
1.4. This Policy is an open and public document. Its current version is available on the Internet at: https://kiberpay.com/.The Company has the right to make changes to this Policy. When changes are made, the heading of the Policy indicates the date of the last revision of the revision. The Company does not collect any information about the individual who reads this Policy.
2. Principles of personal data processing.
2.1. The Company processes personal data on the basis of the following principles:
− legitimacy and fairness;
– limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
− preventing the processing of personal data that is incompatible with the purposes of collecting personal data;
− preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
− processing only those personal data that meet the purposes of their processing;
− compliance of the content and scope of the processed personal data with the stated purposes of processing;
− preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
− ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
– destruction or depersonalization of personal data upon reaching the goals of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate the committed violations of personal data, unless otherwise provided by federal law.
3. Scope and categories of data processed, purposes of collection
3.1. Personal data permitted for processing under this Policy is provided by the subject of personal data (obtained by the Company in an automated mode), as well as by his legal representative, by filling out registration and other forms on the Company’s website, sending by the subject to the Company information and documents containing personal data of the subject, the latter making payments for the services provided to the Company, the performance by the subject of financial transactions (transactions) on the Merchant’s website by filling out the Company’s payment form on the Internet, as well as within the framework of an agreement between the Company and a legal entity (Merchant, Client).
3.2. In accordance with this Policy, the Company guarantees the protection of the personal data of the subject collected in an automated mode, as well as sent by the subject to the email firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, owned by the Company.
3.3. Personal data provided by the subject and / or received by the Company in an automated mode include:
− address Email;
− room phone;
− IP address.
In order to perform the function of a payment subagent, the company receives from individuals the data of a bank card, with the help of which payment for goods/works/services of the merchant is carried out, namely:
− Number bank card.
− Address Email.
− Name bank card holder.
3.4. The Company has the right to process information about an individual obtained as a result of the exchange of information with third parties who are the Company’s clients and involve the Company in the provision of processing services. By accepting this information, the Company does not assume that this information was obtained legally, and its transfer to the Company was carried out with the permission of an individual.
3.5. The Company does not have the ability to verify the legal capacity of an individual, and also does not verify the information provided by an individual. The Company assumes that an individual has provided sufficient, true and up-to-date information about himself.
4. The procedure and conditions for processing, storing personal data
4.1. The company processes personal data in the presence of at least one of the following conditions:
− processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
− processing of personal data is carried out with the consent of the legal representative of the subject of personal data for the processing of personal data;
− the processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
− the processing of personal data is necessary to exercise the rights and ensure the legitimate interests of the Company or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
– processing of personal data is carried out, access to which is granted to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as publicly available personal data);
4.2 The obligations of the Company to ensure the confidentiality of personal data are paramount in the processing of the latter. The Company undertakes not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
5. Special categories of personal data
5.1. The Company does not process personal data relating to race, nationality, political views, religious philosophical beliefs, health status, intimate life of the subject of personal data.
6. Consent of the subject of personal data to the processing of his personal data
6.1. The subject of personal data decides to provide his personal data and agrees to their processing freely, by his own will and in his own interest. Consent to the processing of personal data is provided by the subject of personal data or his legal representative in writing by performing actions in the registration form of the Company (putting the appropriate “check-box”, “tick”) associated with the registration of the subject in the system for using the Company’s Service, as well as by entering the bank card details in the payment form.
6.2. The Company proceeds from the fact that the subject provides reliable personal data and independently ensures the relevance of the information provided.
6.3. The Company has the right to verify the provided personal data. If there are irremovable doubts about the reliability and / or relevance of the personal data provided, the Company has the right to refuse the subject access to the Service, including the personalized functionality of the Company’s Service.
7. Rights of the subject of personal data
7.1. The subject of personal data has the right to receive information from the Company regarding the processing of his personal data or the personal data of his minor children, unless such right is restricted in accordance with federal laws.
7.2. The subject of personal data has the right to demand from the Company the clarification of his personal data or the personal data of his minor children, their blocking or destruction in cases provided for by contractual relations with the Company, as well as in cases where personal data is incomplete, outdated, inaccurate, illegally obtained or not are necessary for the stated purpose of processing, as well as to take legal measures to protect their rights. To exercise the above rights, the subject sends to the Company’s email address email@example.com.
7.3. The subject of personal data has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.
7.4. The security of personal data processed by the Company is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation in the field of personal data protection. To prevent unauthorized access to personal data, the Company applies the following organizational and technical measures:
− appointment of officials responsible for organizing the processing and protection of personal data;
− restriction of the composition of persons having access to personal data;
− familiarization of the subjects with the requirements of federal legislation and regulatory documents of the Company on the processing and protection of personal data;
− organization of accounting, storage and circulation of information carriers;
− determination of threats to the security of personal data during their processing, the formation of threat models based on them, including during automated data processing
− development of a personal data protection system based on the threat model, including in automated data processing;
− checking the readiness and effectiveness of the use of information security tools, including in automated data processing;
− delimitation of user access to information resources, personalization and accounting of access of the Company’s employees to software and hardware for information processing;
− registration and accounting of actions of users of personal data information systems;
− use of anti-virus tools and means of restoring the personal data protection system;
− application, where necessary, of firewalls, intrusion detection, security analysis and cryptographic information protection;
− organization of access control to the territory of the Company, protection of premises with technical means for processing personal data.
7.5. The Company is not responsible for the websites and software of third parties, to which the subject can go through the links available when using the Company’s Service.
7.6. The Company takes all necessary and sufficient organizational and technical measures to protect information about an individual from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from illegal actions of third parties. All information collected by the company is stored in an encrypted, depersonalized form in full compliance with the International Payment Card Industry Data Security Standard (PCI DSS).
8. Deleting data
8.1. If you wish to revoke your consent to us using your data to provide you with access to the Company’s services, you can send a request to delete personal data by e-mail firstname.lastname@example.org. After fulfilling your request to delete personal data, we will completely and irrevocably anonymize your personal data. Please note that in the event of a request to delete personal data, the following rules apply:
– we have the right to partially retain your personal data within the legitimate interests of our business, including to combat fraud and improve security;
– we have the right to store and use your personal data to the extent necessary to comply with legal requirements;
– information that you have shared with others (for example, reviews, forum posts) may remain publicly available even after your data is deleted, and your attribution will be removed. Some copies of your information may remain in our database without any possibility of personal identification;
– due to the implementation of a system of protection against accidental or intentional damage or loss of data, backup copies of your personal data will be deleted with a certain delay.
9. Transfer of information
9.1. The Company has the right to transfer information about an individual to third parties in the following cases:
− physical the person has given their consent to such actions;
− transfer of information to third parties is necessary for the proper performance by the Company of the functions of a payment subagent;
− transfer of information to the Company’s partners, including affiliates, within the framework of joint projects;
− the transfer of information to third parties is necessary for the proper performance by the Company of an agreement or contract with this individual;
− transfer of information to third parties that support the services of the Company to the extent necessary for the implementation of such technical support;
− the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law;
– the transfer takes place as part of the sale or other transfer of business, and all obligations to comply with the terms of this Policy are transferred to the acquirer;
− in order to ensure the possibility of protecting the rights and legitimate interests of the Company or third parties in cases where the Company has reasonable grounds to believe that an individual violates the requirements of applicable law.
9.2. The Company has the right to distribute and / or provide third parties with access to information about an individual without any restrictions after processing the relevant information, which resulted in the deletion of information that allows identifying the identity of an individual (depersonalization of information), as well as after statistical processing of this information.
9.3. The Company has the right to use information about an individual for the purposes of analyzing the interests and preferences of its audience, adapting the Company’s services according to the results obtained from the above analysis, as well as for the purposes of advertising on the Internet to the extent necessary to display it to the target audience.
10.2. Cookies may be used for various purposes. They may be required for the normal operation of the website. For example, without cookies, a website will not be able to remember that you are logged in or that you have completed a contact form. Such cookies are called strictly necessary.
10.3. Cookies neededto analyze the use and improvement of the Company Services, as well as to count the number of visitors. The Company associates website usage statistics and other reports with specific individuals. These cookies are called analytical cookies.
10.4. Social media cookies are used to integrate social media with the website so that the user can use the “Like” and “Share” features on their favorite social network.
An important area of use for cookies is online advertising. With their help, websites display only the most useful and interesting ads for the user. These cookies are called advertising cookies.
10.5. Deleting or blocking cookies may affect the user experience and some parts of this website may become unavailable. The user can find information on how to disable cookies or change browser cookie settings by clicking on the following links:
− Google Chrome:hhttps://support.google.com/chrome/answer/95647?hl=en&hlrm=en
− Internet explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
− safari: https://support.apple.com/en-us/HT201265
− Firefox: https://support.mozilla.org/ru/kb/vklyuchenie-i-otklyuchenie-kukov-ispolzuemyh-web-s
More information about changing your browser settings to block or filter cookies is available on the resource.http://www.aboutcookies.org/orhttp://www.cookiecentral.com/faq/.
10.6. The Company may also use technologies to track whether a user has read, opened or forwarded certain messages sent by the Company to the user’s email. The purpose of using these technologies is to make communication tools more useful and attractive to the user.
10.7. In the event that the user does not wish the Company to know whether the user has read certain e-mails, the user should unsubscribe. In this case, the Company will not be able to send emails to the user without an activated tracking service. The user can also cancel the subscription by following the instructions that the Company will send him in an electronic message.
By using the Company’s Service, the user agrees toThe Company may place cookies on the user’s computer or otherwisedevice. However, the user has the ability to manage cookies.
11. Legal grounds for the processing of personal data
11.1. The relations discussed in this Policy related to the collection, storage, protection, processing, dissemination and protection of information about individuals are regulated in accordance with the current legislation of the Russian Federation. The legal basis for the processing of personal data is:
statutory documents of the Company;
contracts concluded between the Company and the subject of personal data;
consent to the processing of personal data. The application to them of the norms of foreign law is possible only in cases provided for by the legislation of the Russian Federation and international agreements valid for the Russian Federation.
payment system rules.
other norms of the legislation of the Russian Federation.
11.2. If the user uses the Company Services in the European Economic Area, in accordance with local law, he has certain rights in relation to personal information. In accordance with these rights, the user can: access his personal information, correct the information stored by the Company, erase personal information, restrict the Company’s use of the user’s personal information, receive personal information in the established electronic format and forward it to third parties (right to data portability) file a complaint with your local data protection authority.
12. Limitation of this Policy
12.1. The Company is not responsible for the actions of third parties using the Company’s services in their activities, and strongly recommends that an individual not provide their own personal data to third parties without sufficient grounds. In the case of joint partnership projects of the Company with third parties, the official documents of these projects must indicate how information about an individual is protected, including information about who processes and stores this information. The Company is not responsible for non-compliance by third parties with the requirements of the current legislation.
Company name: VIPOLE LTD
Activity: Software development
VAT (required) BG 205169650