Privacy Policy

Personal Data Processing Policy

1. General Provisions

This Personal Data Processing Policy has been drawn up in compliance with Federal Law No. 152-FZ “On Personal Data” dated 27 July 2006 (hereinafter referred to as the Personal Data Law). The Personal Data Processing Policy determines the procedure for processing personal data and measures taken by BC+ (hereinafter referred to as the Operator) to ensure personal data security.

1.1. The Operator sees respect of human rights and freedoms in processing their personal data, including protection of the right to privacy and personal or family secrets, as its most important goal and precondition for any of its activities.

1.2. The Operator’s Personal Data Processing Policy (hereinafter referred to as the Policy) applies to any and all information that the Operator can receive about users of the website https://bc-plus.ru.

2. Basic Terms Used in the Policy

2.1. Automated Personal Data Processing means processing personal data using computer technology.

2.2. Personal Data Blocking means temporary suspension of personal data processing (except for cases when such processing is required to verify personal data).

2.3. Website means a set of graphic and information materials, as well as computer programmes and databases that ensure availability thereof on the Internet at https://bc-plus.ru.

2.4. Personal Data Information System means a set of personal data contained in databases, including information technologies and technical means that ensure processing thereof.

2.5. Personal Data Depersonalisation means actions that make it impossible to attribute personal data to a specific User or another personal data subject with no additional information required.

2.6. Personal Data Processing means any action (operation) or a set of actions (operations) performed with personal data with or without automation tools, including personal data collection, recording, systematisation, accumulation, storage, verification (updating or changing), extraction, use, transfer (distribution, provision, or access), depersonalisation, blocking, deletion, or removal.

2.7. Operator means government body, municipal body, legal entity, or individual that is arranging or carrying out personal data processing, either independently or in cooperation with other entities, and also determining the personal data processing purposes, scope, and actions (operations) performed with the personal data.

2.8. Personal Data means any information relating directly or indirectly to a specific or identifiable User of the website https://bc-plus.ru.

2.9. Personal Data Authorised by the Personal Data Subject for Distribution means personal data accessible by an unlimited number of persons through authorisation by the personal data subject, who has given a consent to processing the personal data and permitted distribution thereof in the manner stipulated by the Personal Data Law (hereinafter referred to as the Personal Data Allowed for Distribution).

2.10. User means any user of the website https://bc-plus.ru.

2.11. Personal Data Provision means actions aimed at disclosing personal data to a certain person or a certain group of persons.

2.12. Personal Data Distribution means any actions aimed at disclosing personal data to an indefinite number of persons (personal data transfer) or familiarising with the personal data by an unlimited number of persons, including disclosure in the media, posting in information and telecommunication networks, or providing access to the personal data in any other way.

2.13. Trans-Border Personal Data Transfer means transfer of personal data to the territory of a foreign state, to a government body of a foreign sate, foreign individual, or foreign legal entity.

2.14. Personal Data Destruction means any actions that make it impossible to recover the personal data content in the personal data information system or cause destruction of the physical media where the personal data are stored.

3. Basic Rights and Obligations of the Operator

3.1. The Operator may:

– Receive from the Personal Data Subject reliable information or documents containing Personal Data;

– Where the Personal Data Subject withdraws their consent to Personal Data Processing, the Operator may continue processing the Personal Data without the Personal Data Subject’s consent, subject to there being grounds under the Personal Data Law;

– Independently determine the list and composition of the measures required and sufficient to ensure fulfilment of the obligations provided for by the Personal Data Law and regulations adopted in accordance therewith, unless otherwise stipulated by the Personal Data Law or other federal laws.

3.2. The Operator shall:

– At the Personal Data Subject’s request, provide them with information regarding processing of their Personal Data;

– Organise Personal Data Processing in the manner stipulated by the current legislation of the Russian Federation;

– Respond to enquiries and requests from Personal Data Subjects and their legal representatives in compliance with the Personal Data Law;

– At the request of an authorised body for protection of rights of Personal Data Subjects, provide this body with requested information within 30 days of receipt of the request;

– Publish or otherwise provide unrestricted access to this Personal Data Processing Policy;

– Take legal, administrative, and technical precautions to protect Personal Data from any unauthorised or accidental access thereto, purging, modifying, blocking, copying, disclosing, disseminating, or any other undue actions with respect to the Personal Data;

– Stop any transfer (distribution, provision, or access to) and processing of Personal Data and destroy the Personal Data in the manner and cases stipulated by the Personal Data Law;

– Perform any other duties stipulated by the Personal Data Law.

4. Basic Rights and Obligations of Personal Data Subjects

4.1. Personal Data Subjects may:

– Receive information regarding processing of their Personal Data, except as otherwise provided by federal laws. The Operator shall provide information to the Personal Data Subject in an accessible form. That information shall not contain Personal Data concerning other Personal Data Subjects unless there are legal grounds for disclosing such Personal Data. The list of information and the procedure for obtaining the same is established by the Personal Data Law;

– Demand that the Operator rectifies, blocks, or deletes their Personal Data, if the Personal Data are incomplete, out of date, inaccurate, illegitimate, or are not required for the stated purpose of processing, as well as take legal action to protect their rights;

– Put forward the condition that a prior consent is required when processing Personal Data in order to promote goods, works, and services on the market;

– Withdraw consent to Personal Data Processing;

– Appeal to an authorised body for protection of rights of Personal Data Subjects or appeal in court against illegal actions or omission committed by the Operator when processing their Personal Data;

– Exercise any other rights provided for by the legislation of the Russian Federation.

4.2. Personal Data Subjects shall:

– Provide the Operator with reliable Personal Data;

– Inform the Operator about rectification (updating or changing) of their Personal Data.

4.3. Persons who have provided the Operator with inaccurate Personal Data or information about another Personal Data Subject without the consent of the latter shall be held liable in compliance with the legislation of the Russian Federation.

5. The Operator May Process the Following Personal Data of the User

5.1. Full name.

5.2. E-mail address.

5.3. Telephone numbers.

5.4. Depersonalised data about users (including cookies) are also collected and processed on the website using Internet statistics services (Yandex Metrika, Google Analytics, and others).

5.5. The above data are hereinafter collectively referred to as Personal Data.

5.6. The Operator shall not process sensitive Personal Data concerning race, ethnicity, political views, religious or philosophical beliefs, or private life.

5.7. It is allowed to process Personal Data Allowed for Distribution which is included in the special categories of Personal Data specified in the Personal Data Law, Part 1 of Art. 10, subject to restrictions and conditions provided for in Art. 10.1 of the Personal Data Law.

5.8. The User’s consent to processing of Personal Data Allowed for Distribution shall be issued separately from other consents to processing of their Personal Data. In this case, the conditions provided for in Art. 10.1 of the Personal Data Law must be met. Requirements for the content of such consent are established by the authorised body for protection of rights of Personal Data Subjects.

5.8.1 The User shall provide consent to processing the Personal Data Allowed for Distribution to the Operator directly.

5.8.2 The Operator shall, no later than three business days of receipt of the said consent from the User, publish information on the terms of processing and existence of restrictions and conditions for processing the Personal Data Allowed for Distribution by an unlimited number of persons.

5.8.3 Any transfer (distribution, provision, or access) of Personal Data authorised by the Personal Data Subject for distribution may be terminated at any time at the request of the Personal Data Subject. This request shall contain the Personal Data Subject’s last name, first name, patronymic (if any), and contact information (telephone number, e-mail address, or postal address), as well as a list of the Personal Data, processing of which is subject to termination. The Personal Data specified in the request may only be processed by the Operator to whom the request was sent.

5.8.4 The consent to processing of Personal Data Allowed for Distribution shall be terminated from the moment the Operator receives the request specified in Clause 5.8.3 of this Policy regarding the Personal Data Processing.

6. Principles of Personal Data Processing

6.1. Personal Data Processing shall be carried out lawfully and equitably.

6.2. Processing of Personal Data shall be restricted to specific, predefined, and legitimate purposes. No Personal Data Processing that is incompatible with the purposes of collecting Personal Data shall be allowed.

6.3. It is not allowed to combine databases containing Personal Data processed for incompatible purposes.

6.4. Personal Data shall be processed only if they serve their processing purposes.

6.5. Content and scope of the Personal Data processed shall meet the processing purposes stated. No personal data shall be processed in excess of the processing purposes stated.

6.6. When processing Personal Data, it shall be ensured that the Personal Data processed are accurate, sufficient and, if applicable, relevant to the Personal Data Processing purposes. The Operator shall take the necessary measures or ensure taking thereof to remove or rectify incomplete or inaccurate data.

6.7. Personal Data shall be stored in a form that enables identification of the Personal Data Subject for a period only as long as is necessary for the Personal Data Processing purposes, unless the Personal Data Storage period is set in the Federal Law or agreement involving the Personal Data Subject as a party, beneficiary, or guarantor. The Personal Data processed shall be destroyed or depersonalised upon achieving the processing purposes or where there is no longer a need in achieving these purposes, unless otherwise stipulated by the federal law.

7. Personal Data Processing Purposes

7.1. Purpose of processing the User’s Personal Data:

– Informing the User by e-mail.

7.2. The Operator may also notify the User of new products and services, special offers, and various events. The User can always unsubscribe from informational messages by sending an e-mail to the Operator at office@bc-plus.ru, marked “Unsubscribe from notifications about new products, services, and special offers”.

7.3. Depersonalised data of Users, which are collected using Internet statistics services, serve to collect information about the Users’ actions on the website and improve quality of the website and its content.

8. Legal Grounds for Personal Data Processing

8.1. There are the following legal grounds for Personal Data Processing by the Operator:

– List the legal acts governing relations pertaining to your activities (e.g., if your activities are related to information technology, in particular creation of websites, then here you can indicate Federal Law N 149-FZ “On Information, Information Technologies, and Information Protection” dated 27 July 2006);

– Statutory documents of the Operator;

– Agreements signed between the Operator and the personal data subject;

– Federal laws and other regulations in the field of Personal Data protection;

– Users’ consent to processing their Personal Data or their Personal Data Allowed for Distribution.

8.2. The Operator shall process the User’s Personal Data only if they are provided and/or sent by the User independently through special forms available on the website https://bc-plus.ru, or sent to the Operator by e-mail. By filling in the relevant forms and/or sending their Personal Data to the Operator, the User expresses their acceptance of this Policy.

8.3. The Operator shall process depersonalised data of the User if it is allowed in the User’s browser settings (saving cookies and using JavaScript technology is enabled).

8.4. A Personal Data Subject shall make an independent decision as to whether they agree to provide Personal Data, and shall provide their consent in their free will and volition.

9. Terms of Personal Data Processing

9.1. Personal Data shall be processed with the consent of the Personal Data Subject.

9.2. Personal Data Processing is required for the purposes provided for by the treaty or law of the Russian Federation, to perform the Operator’s responsibilities, powers, and duties under the legislation of the Russian Federation.

9.3. Personal Data Processing is required for administration of justice and enforcement of a judgement or a regulation of another body or official, to be implemented in accordance with the enforcement laws of the Russian Federation.

9.4. Personal Data Processing is required to perform an agreement with the Personal Data Subject acting either as a party, beneficiary, or surety, and to sign the agreement initiated by the Personal Data Subject or agreement under which the Personal Data Subject will act as a beneficiary or surety.

9.5. Personal Data Processing is required to exercise the rights and legal interests of the Operator or third parties, or for public interest purposes, provided that it does not violate the rights and freedoms of the Personal Data Subject.

9.6. Personal Data Processing is carried out if the access thereto by an unlimited number of persons is granted by or at the request of the Personal Data Subject (hereinafter referred to as Publicly Available Personal Data).

9.7. Processing involves Personal Data which is subject to publication or mandatory disclosure in accordance with the federal law.

10. Procedure for Collecting, Storing, Transferring, and Other Processing of Personal Data

Security of the Personal Data processed by the Operator is ensured through implementation of legal, organisational, and technical measures, which are necessary to fully comply with the current legislation in the field of Personal Data Protection.

10.1. The Operator shall ensure safety of Personal Data and take all possible measures to exclude unauthorised access thereto.

10.2. The User’s Personal Data shall never, under any circumstances, be transferred to third parties, except in cases related to compliance with the current legislation, or where the Personal Data Subject gives their consent to the Operator to transfer the data to a third party in order to fulfil the obligations under a civil law contract.

10.3. In case of inaccuracies in Personal Data, the User may update them independently by sending the Operator notice to the Operator’s e-mail address office@bc-plus.ru, marked “Personal data update”.

10.4. The Personal Data Processing term is determined by achievement of the purposes for which the Personal Data are collected, unless a different period is provided by the contract or applicable law.
The User may at any time withdraw their consent to Personal Data Processing by sending the Operator notice by e-mail to the Operator’s e-mail address office@bc-plus.ru, marked “Withdrawal of consent to personal data processing”.

10.5. All information that is collected by third-party services, including payment systems, means of communication, and other service providers, shall be stored and processed by these persons (Operators) in compliance with their User Agreement and Privacy Policy. The Personal Data Subject and/or the User shall independently familiarise themselves with the specified documents in a timely manner. The Operator shall not be liable for actions of third parties, including those of the service providers specified in this clause.

10.6. The restrictions set by the Personal Data Subject on the transfer (except for granting access) and processing or terms of processing (except for obtaining access) of Personal Data Allowed for Distribution shall not apply in cases of processing Personal Data in state or other public interests determined by the legislation of the Russian Federation.

10.7. When processing Personal Data, the Operator shall ensure confidentiality thereof.

10.8. The Operator shall store Personal Data in a form that enables identification of the Personal Data Subject for a period only as long as is necessary for the Personal Data Processing purposes, unless the Personal Data storage period is set in the Federal Law or agreement involving the Personal Data Subject as a party, beneficiary, or guarantor.

10.9. Personal Data Processing may be terminated upon achievement of the purposes of the Personal Data Processing, expiry of the consent of the Personal Data Subject, or withdrawal of the consent by the Personal Data Subject, as well as upon identification of unauthorised processing of the Personal Data.

11. List of Actions Performed by the Operator with Personal Data Received

11.1. The Operator may collect, record, systematise, accumulate, store, rectify (update or change), retrieve, use, transfer (distribute, provide, or give access to), carry out a cross-border transfer, depersonalise, block, delete, or destruct Personal Data.

11.2. The Operator carries out automated processing of Personal Data with or without receipt of information or transmission thereof via information and telecommunication networks.

12. Cross-Border Personal Data Transfer

12.1. Before the start of a cross-border transfer of Personal Data, the Operator must make sure that the foreign state, to the territory of which the transfer of the Personal Data is intended, provides reliable protection of the rights of Personal Data Subjects.

12.2. A cross-border transfer of Personal Data on the territory of foreign states that do not meet the above requirements can be carried out only if there is a written consent of the Personal Data Subject to the cross-border transfer of their Personal Data and/or execution of an agreement with the Personal Data Subject.

13. Confidentiality of Personal Data

The Operator and other persons who have access to Personal Data shall not disclose or otherwise distribute the Personal Data to third parties without consent of the Personal Data Subject, unless otherwise stipulated by the federal law.

14. Final Provisions

14.1. The User may receive any clarifications on issues of interest regarding processing of their Personal Data by contacting the Operator by e-mail office@bc-plus.ru.

14.2. Any changes in the Operator’s Personal Data Processing Policy will be reflected herein. The Policy is valid indefinitely until it is replaced by a new version.

14.3. The current version of the Policy is freely available on the Internet at https://bc-plus.ru/privacy/.