Operator's Personal Data Processing Policy#

This policy (Policy) defines the general principles, procedures for the Processing of Personal Data, and measures to ensure their security by Web Server, LLC, OGRN 1227700436578 (Operator).

The purpose of the Personal Data Processing Policy is to ensure the legal rights of personal data subjects in accordance with applicable legislation. The Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006, "On Information, Information Technologies, and Information Protection," Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," and other regulatory legal acts of the Russian Federation.

  1. Key Concepts

1.1. Data Center – a specialized organization that provides services for hosting server and network equipment, leasing servers (including virtual ones), which the Operator uses for storing and processing Personal Data.

1.2. Confidentiality of Personal Data – the obligation of individuals who have access to data not to disclose it to third parties and not to distribute it without the consent of the Personal Data Subject, unless otherwise provided by law.

1.3. Client – a legal entity that has the right to use the software Angie PRO, ANIC, and other software products of the Operator, for which the Operator is the Rights Holder, based on relevant contracts that grant the right to use the aforementioned software, and also has the right to receive Services based on the relevant contract.

1.4. Login – the email of the Personal Data Subject provided during Registration on the Sites.

1.5. Processing of Personal Data – any action or set of actions performed with Personal Data using automation tools or without such tools, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction.

1.6. Password — a combination of characters chosen by the Personal Data Subject, which, together with the email, ensures the authentication of the account when using the Sites.

1.7. Personal Data (data) – any information related directly or indirectly to a specific or identifiable individual (Personal Data Subject).

1.8. Personal Information – any information posted on the Sites by the Personal Data Subject about themselves, including personal data such as first name, last name, patronymic, phone number, email address, and information that is automatically transmitted to the Operator during the use of the Sites, including IP address and cookies.

1.9. Profile – sections of the Sites containing the Personal Information of the Personal Data Subject, access to which is provided using the Login and Password.

1.10. Registration – the registration of the Personal Data Subject on the Site by filling out the registration form.

1.11. Sites – websites located on the Internet at addresses support.angie.software (Support Site) and forum.angie.support (Forum Site), and their pages where the collection of Personal Data takes place.

1.12. Support Site - a website located on the Internet at support.angie.software, through which Personal Data Subjects contact the Operator to obtain Services for Clients.

1.13. Forum Site – a website located on the Internet at forum.angie.support, where Profiles of Personal Data Subjects are created for communication with each other.

1.14. Personal Data Subject – an individual to whom the Personal Data processed by the Operator pertains.

1.15. Services – a set of services for technical support, maintenance, and ensuring the operability of software, the exclusive rights to which belong to the Operator, provided to Client employees.

  1. Purposes of Personal Data Processing

2.1. The Operator processes Personal Data to achieve specific, predetermined legal purposes.

2.2. The Operator processes the Personal Data of Personal Data Subjects for the following purposes:

  • providing the opportunity to use the Sites;

  • identifying Personal Data Subjects;

  • establishing feedback with Personal Data Subjects, including sending notifications, providing Services, processing requests and applications from them;

  • improving the quality of the Services provided, optimizing the use of the Sites.

2.3. The Operator takes measures to comply with the requirements of legislation in the field of personal data, does not process data in cases where this is not permitted by law and is not required to achieve the specific goals set by the Operator.

  1. Legal Grounds for Processing Personal Data

3.1. The legal grounds for the Operator's Processing of Personal Data are:

    1. the consent of the Personal Data Subject to the Processing of their data;

    1. a contract in the execution of which the authorized party is the Personal Data Subject.

3.2. Consent to the collection and processing of Personal Data on the Support Site is expressed by entering Personal Data into the relevant interface forms for filling out and confirming their accuracy by clicking on the interface buttons located on the Support Site, labeled "sign in" or "open a new ticket" or "Check Ticket Status."

3.3. Consent to the collection and processing of Personal Data on the Forum Site is expressed by entering Personal Data into the relevant interface forms for filling out and confirming their accuracy by clicking on the interface buttons located on the Forum Site, labeled "sign up" or "Create your account."

  1. Categories of Processed Data and Scope of Processing

4.1. The Operator processes Personal Data in relation to the following Personal Data:

  • first name;

  • last name;

  • patronymic;

  • phone number;

  • email address.

4.2. The Operator ensures that the scope of processed Personal Data corresponds to the stated purposes of Processing. The Operator does not allow the Processing of Personal Data that is incompatible with the purposes of their collection, nor does it process data that is excessive in relation to the stated purposes.

4.3. The Operator does not process data related to special categories as defined by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."

  1. Rights of the Personal Data Subject

5.1. The Personal Data Subject has the right to:

  • receive information regarding the Processing of their Personal Data;

  • access their Personal Data and review it, including the right to receive a free copy of the record containing their Personal Data;

  • request the exclusion or correction of inaccurate or incomplete Personal Data;

  • receive information about the person to whom the data processing is entrusted;

  • receive information about individuals (except for the Operator's employees) who have access to Personal Data or to whom Personal Data may be disclosed based on a contract with the Operator or under the provisions of legislation;

  • receive other information provided by law.

5.2. Information about the existence of Personal Data is provided by the Operator to the Personal Data Subject without information about data relating to other personal data subjects.

5.3. The Personal Data Subject has the right to withdraw their consent to the Processing of Personal Data by the Operator by submitting a statement in any form. In the event of the withdrawal of consent to the Processing of Personal Data by the Personal Data Subject, the Operator has the right to continue the Processing of Personal Data without the consent of the Personal Data Subject if there are grounds provided by the legislation of the Russian Federation.

5.4. In the event of the withdrawal of consent to Processing by the Personal Data Subject, if there are no legal grounds to continue Processing, the Operator ceases Processing (ensures the cessation of Processing by individuals to whom Processing is entrusted by the Operator) and destroys or anonymizes the data (ensures the destruction or anonymization of the data).

  1. Procedure for Responding to Requests from Personal Data Subjects

6.1. A request from a Personal Data Subject regarding the Processing of their Personal Data by the Operator may be sent electronically to the Operator's address: support@angie.software.

6.2. The request must contain:

  • the surname, first name, patronymic of the Personal Data Subject or their representative;

  • the number of the document proving the identity of the Personal Data Subject, as well as that of their representative (if the request is sent by a representative), information about the date of issuance of the specified document and the issuing authority;

  • information confirming the participation of the Personal Data Subject in relations with the Operator, or information otherwise confirming the fact of Processing of Personal Data by the Operator;

  • the signature of the Personal Data Subject or their representative;

  • documents confirming the authority of the representative. The Operator has the right to request additional information to confirm the identity of the person making the request.

6.3. The Operator does not process requests related to the Processing of Personal Data received by phone or by other means, except as expressly stated in this section.

6.4. A written response to the Personal Data Subject (or representative) is sent by the Operator regardless of the results of the request review. The response period to the Subject (or representative) does not exceed 10 (ten) working days from the date of receipt of the request.

6.5. Within a period not exceeding 7 (seven) working days from the date the Personal Data Subject or their representative provides information confirming that the Personal Data is incomplete, inaccurate, or outdated, the Operator makes the necessary changes.

6.6. In case of unlawful Processing of Personal Data, the Operator blocks the unlawfully processed data or ensures their blocking (if the Processing of Personal Data is carried out by another person acting on behalf of the Operator) during the verification of the legality of the data Processing. If the fact of unlawful Processing of data by the Operator or by a person acting on its behalf is confirmed, the Operator, within a period not exceeding 3 (three) working days from the date of such confirmation, terminates the unlawful Processing of data or ensures the termination of unlawful Processing of Personal Data by a person acting on behalf of the Operator.

  1. Procedure and Conditions for Processing Personal Data

7.1. Personal Data Subjects consent to the Processing of their data in the manner described in paragraph 3.2 of the Policy.

7.2. Methods of Processing Personal Data: The Operator processes Personal Data by performing the following actions: collection, systematization, accumulation, storage, clarification (updating, changing), anonymization, blocking, destruction.

7.3. The Operator carries out the Processing of Personal Data using automation tools, as well as without using such tools.

7.4. The Operator may place its Personal Data information systems in a Data Center or cloud computing infrastructure. If the terms of the contract with the Data Center prohibit access by Data Center personnel to the processed data of the Operator, the Operator does not consider placement as entrusting the Data Center with the Processing of Personal Data and does not require the consent of Personal Data Subjects. The contract with the Data Center (provider) in all cases reflects the requirements for the confidentiality and security of processed Personal Data.

7.5. Consent from Subjects for providing their Personal Data is not required when the Operator receives motivated requests from prosecutorial authorities, law enforcement agencies, investigative and inquiry bodies, security agencies, from state labor inspectors, during state supervision and control over compliance with legislation, and other authorities authorized to request such information in accordance with the current legislation of the Russian Federation.

  1. Limitation of the Retention Period for Personal Data

8.1. The Processing of Personal Data of Personal Data Subjects is carried out until at least one of the conditions described below is met:

  • deletion of Profiles of Personal Data Subjects on the Sites;

  • withdrawal by the Personal Data Subject of consent to the Processing of their Personal Data.

8.2. Upon the occurrence of the conditions or one of the conditions specified in paragraph 8.1 of the Policy, the Operator:

  • deletes Personal Data; or

  • anonymizes it so that it is no longer linked to a specific Personal Data Subject.

8.3. The procedure for data deletion:

  • paper information carriers – destruction of carriers in the presence of the person responsible for processing personal data, as well as in the presence of third parties who are employees of the Operator and have access to work with personal data;

  • electronic information carriers – deletion of data from carriers, with the preservation of information about the deletion (log of deletion data).

  1. Ensuring the Security of Personal Data

9.1. The Operator, when Processing data, takes legal, organizational, and technical measures to protect them from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, provision, and other unlawful actions. Security measures for Personal Data are an integral part of the Operator's activities. Data security is achieved by excluding unauthorized, including accidental access to data.

9.2. An organization that has a license for activities in the technical protection of confidential information and other licenses may be involved in selecting and implementing methods and means of protecting Personal Data if the necessity of their presence is established by the legislation of the Russian Federation and is required for the performance of specific works.

9.3. Legal measures taken by the Operator include:

  • developing local acts of the Operator that implement the requirements of Russian legislation, including the Policy.

  • rejecting any methods of Processing Personal Data that do not correspond to the specific purposes and requirements of the legislation defined in the Policy.

9.4. Organizational measures taken by the Operator include:

  • appointing a person responsible for organizing data Processing;

  • restricting the composition of employees of the Operator who have access to Personal Data, organizing a system of access to them;

  • familiarizing employees of the Operator who directly carry out the Processing of Personal Data with the provisions of the legislation of the Russian Federation on Personal Data, including the requirements for the protection of Personal Data;

  • restricting access of outsiders to the Operator's premises, preventing them from being present in rooms where work with Personal Data is carried out and technical means for their Processing are located.

9.5. Technical measures taken by the Operator include:

  • detecting malicious software (using antivirus programs);

  • detecting intrusions into the Operator's Personal Data information system that violate or create prerequisites for violating the requirements for ensuring the security of Personal Data;

  • ensuring authorized access of the Operator's employees to the Personal Data information systems;

  • assessing the effectiveness of the measures taken to ensure data security;

  • using secure network interaction.

  1. Location of Databases

10.1. When collecting Personal Data, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, changing), and extraction of Personal Data of citizens of the Russian Federation using databases located on the territory of the Russian Federation. If the Operator does not have information about the citizenship of the Personal Data Subject, the Operator presumes that data obtained on the territory of the Russian Federation has been obtained from citizens of the Russian Federation.

  1. Technical Information and Cookies

11.1. Cookies – files or fragments of information that can be saved on the computer or other device of a person visiting the Sites. The file can contain various information, such as browser type, operating system, language settings, and other personal page settings, data on the use of the Sites.

11.2. Cookies are used to customize the content of the Sites' pages according to user preferences, optimize the operation of the Sites; files allow recognizing the device and configuring the viewing of the Sites to individual needs; cookies are used to process activity statistics on the Site, help maintain the session after logging into the Sites, which eliminates the need to re-enter the login and password on each page of the Sites.

Cookies are used to identify users of the Sites. Based on them, the Operator analyzes how visitors use the Sites for further improvement of the Sites.

11.3. The Operator collects the following types of cookies:

  • Mandatory cookies are necessary for the operation of the Sites. Some parts of the Sites would not work without these files.

  • Functional cookies are used to determine visitors' preferences and configure the Sites accordingly. Functional cookies allow remembering personal settings of the Sites and storing information provided by visitors and Personal Data Subjects (for example, login, username, language, and other preferences). These functions help make the Sites more user-friendly.

  • Analytical and operational cookies contain information about how the user uses the Sites, allowing to see recurring usage patterns. They analyze errors that occur during the user's use of the Sites. These cookies do not identify individuals, and all information is anonymous.

11.4. A visitor to the Sites can change the settings regarding the list of cookies collected by the respective site at any time in the future.

11.5. Most internet browsers are initially set to automatically accept cookies. Visitors to the Sites can change their settings to block cookies or alert when files of this type are sent to the respective device. There are several ways to manage cookies.

If a visitor to the Sites uses different devices to view and access the Sites (for example, a computer, smartphone, tablet, etc.), they need to ensure that each browser on each device is set according to their preferences for working with cookies. To learn how to manage cookies using the browser or device being used, the visitor to the Sites can refer to the instructions provided by the browser developer or device manufacturer.

  1. Final Provisions

12.1. The Operator ensures unrestricted access to the Policy by placing it on the Internet on the Sites.

12.2. Other rights and obligations of the Operator are determined by the legislation of the Russian Federation in the field of Personal Data.

12.3. The Policy is reviewed as necessary. A mandatory review is conducted in case of changes to the mandatory norms of international law or the legislation of the Russian Federation in the field of Personal Data. When making changes to the Policy, changes in the Operator's information infrastructure and the established practice of applying legislation in the field of data protection in the Russian Federation are taken into account.

12.4. Yandex.Metrica is placed on the Sites, collecting data in accordance with its privacy policy, the text of which is posted on the Internet at the following address: https://yandex.ru/legal/confidential/.

The Operator does not independently collect and process data processed by Yandex.Metrica.

LLC "Web-Server."

OGRN: 1227700436578.

Address: 127015, Russia, Moscow, Vyatskaya St., 27, bld. 7.

Tel.: +7 (495) 120 50 33.

Email: legal@wbsrv.ru.