Policy in the sphere of personal data processing

  1. General provisions

LLC “Direct Investment Fund” (TIN 1655138019, address: 25/39 office 1502, Parizhskoy Kommuny St., Kazan, 420021,) (hereinafter referred to as the “Company” or “We”) within the scope of its main activity processes different category of personal data subjects using personal data information systems including the following corporate Internet sites: dif24.ru and ooodif.ru.

The Company acts as the operator of personal data in accordance with the current legislation of the Russian Federation. The Company organizes and implements personal data processing in compliance with the requirements of the Federal Law No 152-FZ “On personal data” dated July 27, 2006 and other normative legal acts adopted thereunder.

With the purpose of the given Policy, personal information shall be understood as any information provided through the corporate Internet websites and (or) collected with the use of such Internet sites, relating to identified natural person (personal data subject), either directly or indirectly, for the limited audience which has an access to personal data.

The effect of this Policy is applicable to all the processes of personal data collection, recording, systematization, accumulation, storage, specification, extraction, use, transfer (distribution, granting and access), depersonalization, blocking, deletion and destruction carried out on sites dif24.ru and ooodif.ru through automation means.

Personal data processing is an implementation of any activities or their set in respect of  Your personal data including collection, recording, systematization, accumulation, storage, update and alteration, extraction, use, transfer (distribution, granting and access), depersonalization, blocking, deletion and destruction either through application or non-application of automated personal data processing the systems.

Automated personal data processing is the processing of personal data with the aid of computer technology.

  1. Personal data collection

The Company carries out acquisition of information through Internet sites in the following ways:

  • Personal data provided by users:

The Company acquires personal data which is entered into the data field on Internet sites by the users themselves or other persons upon the users’ assignment.

  • Passive acquisition of personal data concerning current connections in part of statistical information:

Statistical data of the user may be collected on the Company’s Internet sites, including the following:

— the user’s ID assigned by the Site;

— page visits;

—number of page visits;

— information of the site pages navigation;

— user’s session duration;

— entry points (external sites used by the user to go to the Website following the link);

— exit point (the Site links used by the user for clicking to external sites);

— user's country;

— user's region;

— time zone set on the user's gadget;

—user's provider;

—user's browser;

— the canvas fingerprint;

— available fonts of the browser;

— the browser plugins installed;

—WebGL browser parameters;

—type of media gadgets available in the browser;

—ActiveX;

—list of languages supported on the user's gadget;

— user’s processor architecture;

— user’s OS;

— display settings (resolution, color depth, parameters of page arrangement on the screen);

— information on automation means use at the Site access.

The Company may collect information on the use of ports in respect of the registered users’ gadgets to identify suspicious activity and the users' personal account protection. The data can be obtained by various methods such as cookies, file web beacons, etc. The Company may also use the external Internet services to organize the collection of statistical personal data; herewith such services provide data storage on their own servers. The Company shall not be responsible for localization of servers on such external Internet services.

The Company shall not compare information, which is provided by its users self-facilitated,  and, which makes possible to identity the personal data, with the statistical personal data received through application of such passive data collection methods.

  1. Objectives of personal data processing

The Company is processing Your personal data solely with the view of the purposes they have been provided for, including the following:

  • communication with You when You contact us;
  • execution of powers and duties imposed on the Company by the legislation of the Russian Federation;
  • other purposes upon Your consent.

We process technical data for the following:

- functioning and security of our sites ensuring;

- quality of our sites improvement.

We do not allocate Your personal data in publicly available sources. We do not make decisions that may generate any legal consequences for You or otherwise affect Your rights and legitimate interests on the grounds of exclusively automated personal data processing.

  1. Personal data processing principles and conditions

Processing of personal data in the Company is carried out legally and on a fair basis solely with the view of achieving timely specified, explicit and legitimate objectives. Only personal data meeting the purposes of their processing are subject to be treated. Content and scope of personal data shall be in compliance with the declared objectives of processing, since the excess of the processed data shall not be permitted.

The Company ensures the accuracy of personal data processing, its sufficiency and relevance, if necessary, towards the objectives of their processing. The Company takes all reasonable measures (ensures their implementation) on incomplete or inaccurate personal data elimination or specification.

In the course of its activity, the Company may provide and (or) outsource personal data processing to another entity with the consent of the personal data subject unless otherwise has been provided by the RF legislation concerning personal data. Hence, the obligatory condition of personal data provision and (or) their processing delegation to another entity shall be the parties’ commitment to maintain confidentiality and ensure security thereof.

The terms of personal data processing are determined by the purposes such data were collected for.

  1. The rights of personal data subject

The subject of personal data takes the decision of his/her personal data provision and gives the consent to their processing at the own free will and for the own benefit. Consent to personal data processing of may be given by a personal data subject or the representative in any form making possible to confirm its receipt, unless otherwise has been provided by the Federal Law.

The subject of personal data possesses the right (unless otherwise has been provided by the Federal Law):

  • to demand personal data specification, its blocking or elimination in case it is incomplete, outdated, false, obtained illegally or not necessary for the declared purposes of their processing, as well as to take all legally provided measures for his/her rights protection;
  • to demand the list of the personal data being processed by the Company and the source of their acquisition;
  • to obtain information on the terms of personal data processing, including terms of their storage;
  • to require notification of all persons who have been previously informed of incorrect or incomplete personal data, as well as of all exceptions, corrections or additions made therein;
  • to appeal to the authorized body for the protection of the personal data subject rights or to a court against illegal actions or negligence in the course of personal data processing;
  • to protect his/her rights and legitimate interests including the right to claim losses and (or) compensation for moral damage in a judicial proceeding.

In case of any questions concerning your personal data application, modification or deletion or in case of Your wish to unsubscribe from their further processing by the Company, please contact us by the Company’s postal address or e-mail: hr@dif24.ru.

Please note that the personal data operator shall not be responsible for inaccurate information provided by the personal data subject.

  1. Implementation of requirements for personal data protection

For ensuring the safety of  Your personal data during its processing, we accept all necessary and sufficient measures for legal, organizational and technical protection against unauthorized or accidental access thereto, its elimination, alteration, blocking, copying, provision, allocation as well as against other illegal actions in respect thereof.

The Company and other persons having an access to personal data shall undertake not to disclose to any third parties and not to disseminate such data without the consent of the personal data subject, unless otherwise has been provided by the Federal Law.

The Company shall appoint persons responsible for personal data processing and its security and has limited the number of employees having access thereto.

Each new Company’s employee directly involved in personal data processing shall study the Russian Federation legislation requirements for personal data handling and security, the current Policy provisions, as well as with other local acts in force, and shall be liable to observe them.

  1. Termination of personal data processing

We terminate processing of Your personal data in case of the following:

  • upon occurrence of conditions for personal data processing termination or upon expiration of fixed terms thereof;
  • upon reaching the objectives of their processing or in case of necessity expiration for these purposes achievement;
  • upon Your request, provided the personal data being processed has been acquired illegally or is not necessary for the declared purposes of their processing; 
  • in case of detection of personal data illegal processing and provided it is not possible to ensure the legitimacy of processing;
  • upon expiration of Your consent to personal data processing or in case of Your consent withdrawal, unless other legal grounds have been stipulated by the legislation of the Russian Federation.
  • in case of the Company’s dissolution.
  1. Cookies

We use “cookies”. Cookies are small text files, which are placed on the hard drives of Your gadgets during application of different sites and designed to assist You in user interface customization to meet Your preferences.

Most browsers allow you to opt out of receiving cookies and delete them from the hard disk of the gadget.

  1. Links to external websites

The Company sites may contain links to external sites and services out of our control. We shall not be responsible for the security or confidentiality of any information collected by the external sites or services.

 

  1. Policy alterations

We can update our Policy, if necessary. We encourage You to regularly review the relevance of this Policy. However, You express Your compliance with these alterations by using our sites after the Policy has been changed.