- General Provisions
1.2. This Policy shall set forth the procedure for the processing of personal data of users (hereinafter the User) of «Anna-Detective» (hereinafter the Software), rights to which belong to TV-3 Channel (hereinafter the Company). A User, who has installed and uses the Software on a mobile device, shall be understood to have accepted the terms of this Policy.
1.3. The Software is a copyrighted game application available for installation on Android- and iOS-based mobile devices via appropriate stores of mobile applications:
- Google Play (https://play.google.com/store/apps/details?id=ru.gpmrtv.anna.detective.game&hl=ru);
- AppStore (https://itunes.apple.com/ru/app/%D0%B0%D0%BD%D0%BD%D0%B0-%D0%B4%D0%B5%D1%82%D0%B5%D0%BA%D1%82%D0%B8%D0%B2%D1%8A/id1184831514?mt=8).
1.4. The Software is available for free download but the User may purchase additional services within the application.
1.5. This Policy is a public document and its current online version is available at: http://tv3.ru/post/anna-detective-privacy-policy.
The Company may unilaterally amend the Policy. By continuing to use the Software upon such amendment, the User shall be understood to have accepted the amendments made.
1.6. Any proposals and complaints regarding contents and use of the Software, infringement of rights and interests of third parties, and breach of requirements of the applicable laws may be sent to firstname.lastname@example.org
1.7. This Policy shall be regulated and construed in accordance with the Russian laws.
1.8. By accepting the terms of this Policy, the User confirms his or her legal capacity. If the User is below 18 years old (or other lawful age in accordance with the laws of the User’s country) or if the User is not fully legally capable for other reasons, the User shall be required to obtain consent of his or her legal representative. Where the Software is used by such User who is not fully legally capable, it shall be understood that the User obtained such consent when accepting the terms of this Policy.
- Basic Terms
Automated processing of personal data: processing of personal data with the use of computer aids;
Blocking of personal data: temporary discontinuation of the processing of personal data (except in cases where processing is necessary for refinement of personal data);
Personal data information system: a combination of personal data contained in databases and information technologies and hardware ensuring their processing;
Depersonalization of personal data: actions rendering it impossible to identify (without using additional information) the exact personal data subject, to whom personal data pertain;
Personal data processing: any action (operation) or a series of actions (operations) with personal data with or without automation tools, including collection, recording, classification, accumulation, storage, refinement (update, change), extraction, use, communication (disclosure, provision, access), depersonalization, blocking, deletion and destruction of personal data;
Operator: a state authority, a municipal authority, a legal entity or an individual that, independently or jointly with other entities, organizes the processing of and (or) processes personal data and also determines purposes of personal data processing, the composition of personal data subject to processing, and actions (operations) to be carried out with personal data;
Personal data: any information relating, directly or indirectly, to a certain or identifiable individual (the personal data subject);
Provision of personal data: actions aimed at disclosing personal data to a certain person or a certain group of persons;
Disclosure of personal data: actions aimed at disclosing personal data to the general public (communication of personal data) or at making personal data available to the general public for familiarization, including public disclosure of personal data in mass media, publication in data telecommunications networks or granting of access to personal data otherwise;
Trans-border transfer of personal data: communication of personal data to the territory of a foreign state to a foreign public authority, a foreign individual or a foreign legal entity;
Destruction of personal data: actions, which render it impossible to restore the content of personal data in the personal data information system and (or) which destroy the tangible media with personal data;
The Company shall publish or otherwise give unrestricted access to this Personal Data Processing Policy in accordance with Part 2, Article 18.1 of Federal Law 152.
- Principles and Terms of Personal Data Processing
3.1. Principles of Personal Data Processing
Personal data shall be processed in the Company on the basis of the following principles:
• legality and justice;
• restricting personal data processing to achieving specific lawful purposes determined in advance;
• excluding personal data processing that is incompatible with the purposes of personal data collection;
• excluding integration of databases that contain personal data to be processed for purposes incompatible with one another;
• processing only those personal data that serve the purposes of their processing;
• ensuring that the contents and the scope of personal data processed correspond to the stated purposes of their processing;
• excluding processing of personal data excessive against the stated purposes of their processing;
• ensuring accuracy, sufficiency and actuality of personal data against the purposes of personal data processing;
• destroying or depersonalizing personal data upon achieving the purposes of their processing or if it is no longer necessary to achieve such purposes, where the Company is unable to rectify personal data breach, unless otherwise stipulated by the federal law.
3.2 Terms of Personal Data Processing
The Company shall process personal data given at least one of the following criteria:
• personal data are processed upon consent of the personal data subject to the processing of his or her personal data;
• personal data need processing for the purposes stipulated by an international treaty of the Russian Federation or laws, in pursuance of the functions, powers and duties imposed on the operator by the Russian laws;
• personal data need processing for the delivery of justice, execution of a judicial act, an act of other authority or official, subject to enforcement in accordance with the Russian laws on enforcement proceedings;
• personal data need processing in pursuance of a contract/agreement, under which the personal data subject acts as a party or a beneficiary or a guarantor, and/or for the conclusion of a contract/agreement at the initiative of the personal data subject or of a contract/agreement, under which the personal data subject shall act as a beneficiary or a guarantor;
• personal data need processing for the exercise of rights and lawful interests of the operator or third parties or for the achievement of public purposes provided that such does not infringe rights and freedoms of the personal data subject;
• the Company processes personal data, access to which has been granted to the general public by or at request of the personal data subject (hereinafter – publicly available personal data);
• the Company processes personal data subject to publication or mandatory disclosure in accordance with the federal law.
3.3 Confidentiality of Personal Data
The Company and other parties/persons that get access to personal data shall not disclose such data to third parties and/or communicate such data in the absence of the personal data subject’s consent unless otherwise stipulated by the federal law.
3.4 Publicly Available Sources of Personal Data
For information support purposes, the Company may create publicly available sources of personal data of subjects, including directories and reference books. Upon the subject’s written consent, publicly available sources of personal data may include the subject’s surname, name and patronymic, date and place of birth, job title, contact phones, e-mail and other personal data communicated by the personal data subject.
Subject’s data shall be at any time deleted from publicly available sources of personal data upon demand of the subject or by decision of a court or other authorized public authority.
3.5 Special Personal Data Categories
The Company shall be authorized to process special personal data categories concerning ethnicity, national identity, political, religious or philosophical commitments, health condition and private life only if:
• the personal data subject has given written consent to the processing of his or her personal data;
• personal data have been made publicly available by the personal data subject;
• personal data are processed in accordance with the laws on the government social assistance, labour and employment laws, Russian laws on pensions under public pension benefits and retirement pensions;
• personal data need processing for the purpose of protecting life, health or other vital interests of the personal data subject or life, health or other vital interests of other persons, where it is impossible to obtain the personal data subject’s consent;
• personal data are processed for medical and preventive purposes, for the purpose of making a medical diagnosis, providing medical and medical-and-social services provided that personal data are processed by a person professionally engaging in medicine and obligated in accordance with the applicable Russian laws to maintain medical confidentiality;
• personal data need processing for the purpose of establishment or exercise of rights of the personal data subject or third parties as well as for the delivery of justice;
• personal data are processed in accordance with the laws on mandatory types of insurance and/or insurance laws.
Processing of special personal data categories shall be discontinued immediately upon disappearance of reasons, for which such data are processed, unless otherwise stipulated by the federal law.
Personal data on records of conviction may be processed by the Company solely in cases and in the manner to be determined in accordance with the federal laws.
3.6 Delegating Personal Data Processing to a Third Party
The Company may delegate personal data processing to a third party given consent of the personal data subject, unless otherwise stipulated by the federal law, on the basis of a contract/agreement to be concluded with such party. The third party authorized by the Company to process personal data shall abide by the personal data processing principles and rules stipulated in Federal Law 152.
3.7 Trans-Border Transfer of Personal Data
Prior to such transfer, the Company shall make sure that the foreign state, to the territory of which personal data are planned to be transferred, provides adequate protection of rights of personal data subjects.
Trans-border transfer of personal data to territories of foreign states that fail to provide adequate protection of rights of personal data subjects may be allowed only:
• given the personal data subject’s written consent to the trans-border transfer of his or her personal data;
• in pursuance of a contract/agreement, under which the personal data subject acts as a party.
4. Rights of the Personal Data Subject
The personal data subject shall have the right to be provided by the Company with information concerning the processing of the subject’s personal data, unless such right is restricted in accordance with the federal laws. The personal data subject shall have the right to demand that the Company refine, block or destroy his or her personal data if personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of their processing, and to take legally provided measures to protect his or her rights.
Processing of personal data for purposes of promotion of goods, works and services on the market by coming into direct contact with potential consumers with the use of communications facilities and/or for purposes of political agitation may be allowed given the personal data subject’s prior consent. Upon demand of the personal data subject, the Company shall immediately discontinue processing his or her personal data for the foregoing purposes.
It shall be prohibited to make decisions only on the basis of the automated personal data processing if such decisions entail legal consequences with respect to the personal data subject or otherwise involve the subject's rights and lawful interests, except in cases stipulated by the federal laws or where there is the personal data subject’s written consent.
5. Security of Personal Data
Security of personal data processed by the Company shall be ensured through implementation of legal, organizational and technical activities required to be carried out to comply with the requirements of the federal laws regarding personal data protection.
In order to prevent unauthorized access to personal data, the Company shall take the following organizational and technical measures:
• designating officials to be in charge of personal data processing and protection;
• limiting the number of persons granted access to personal data;
• familiarizing subjects with requirements of the federal laws and regulations of the Company regarding personal data processing and protection;
• establishing procedures for accounting, storage and handling of data media;
• identifying threats to security of personal data during their processing, making threat models on their basis;
• using threat models for the purpose of developing a personal data protection system;
• testing the readiness and efficacy of information security facilities;
• controlling User access to information resources and data processing firmware;
• registering and recording actions of Users of personal data information systems;
• using antivirus tools and facilities for recovery of the personal data protection system;
• using, where necessary, firewalling, intrusion detection, vulnerability analysis tools and cryptographic protection facilities;
6. Final Provisions
Other rights and obligations of the Company as the personal data operator shall be stipulated by the applicable Russian laws on personal data.
The Company’s officials who are guilty of breaching regulations on personal data processing and protection shall bear liability according to the procedure stipulated by the applicable Russian laws.