Privacy policy

Collection of information, its protection and use.
list_alt

print

Last revised: 12/21/2019

The current version is available at: https://startmoney.xyz/privacy_policy

 

- 1 -

- General Provisions -

1.1. This StartMoney project privacy policy is developed, implemented and valid with respect to information, including personal data, in the understanding of the applicable law (hereinafter referred to as "Personal Data") that the StartMoney project can receive about Personal Data Entities in the process of use. any sites, programs, products, services of the StartMoney project (hereinafter collectively referred to as the Services), information about which you can find on the WEB resource https://startmoney.xyz/ and other sites belonging to the StartMoney project (hereinafter referred to as) jointly referred to as WEB -LAS), as well as during the execution of the StartMoney project of any agreements and contracts concluded with the subject of personal data in connection with the Services.
1.2. To ensure the use of the WEB resource by the Subjects of personal data, Personal data is collected and used by the StartMoney project and the WEB resource software (more about collecting information here).

- 2 -

- Basic concepts used in the Privacy Policy -

  • Personal data - any information directly or indirectly related to a specific or determined individual (subject of personal data).
  • Personal data subject (Subject) - a directly or indirectly determined or determined natural person whose personal data is processed.
  • Personal data operator (Operator) - the StartMoney project, which independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data .
  • Processing personal data (Processing) - any action (operation) or a set of actions (operations) with personal data provided for by law, committed with or without automation.
  • Automated processing of personal data - processing of personal data using computer technology.
  • Distribution of personal data - actions aimed at the disclosure of personal data to an indefinite circle of persons.
  • Providing personal data - actions aimed at the disclosure of personal data to a specific person or a certain circle of persons.
  • Blocking of personal data - temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).
  • Destruction of personal data - actions, as a result of which it becomes impossible to restore the contents of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
  • Anonymization of personal data - actions that make it impossible without the use of additional information to determine whether personal data belongs to a particular subject of personal data.
  • Personal data information system - a set of personal data contained in databases and providing information processing of information technologies and technical means.
  • Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to a foreign state body, foreign individual or foreign legal entity.

- 3 -

- Rights and obligations of the Personal Data Operator -

3.1. The personal data operator is obliged:
3.1.1. Upon written request of the Personal Data Subject, provide the Personal Data Subject with information on the processing of his Personal Data in accordance with clause 4.1.1. of this Policy in an accessible form. The information provided should not contain Personal Data relating to other Subjects of personal data, unless there are legal grounds for the provision of such personal data.
3.1.2. Upon a written application of the Personal Data Subject, specify, block or destroy the personal data of the Subject in the event that the Personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take legal measures to protect the rights of the Personal Data Subjects .
3.1.3. The Operator is obliged to immediately terminate, upon the written request of the Personal Data Subject, the processing of his Personal Data for the purposes specified in clause 3.2.2. of this Policy.
3.1.4. If the provision of Personal Data is mandatory for the Personal Data Subject in accordance with the legislation, the Operator is obliged to explain to the Subject the legal consequences of the refusal to provide the Operator with its Personal Data.
3.1.5. If the Personal Data is not received from the Personal Data Subject, the Operator, with the exception of cases provided for in clause 3.1.6. Politicians, prior to the processing of such personal data, is obliged to provide the Personal Information Subject with the following information:

  • - name or surname, name, and address of the Operator or its representative;
  • - the purpose of the processing of Personal Data and its legal basis;
  • - prospective users of Personal Data;
  • - the rights of the subject of personal data established by law;
  • - source of personal data.
3.1.6. The operator is relieved of the obligation to provide the Personal Data Subject with the information provided for in clause 3.1.5. Policies in cases where:
  • - The personal data subject is notified of the processing of his personal data by the relevant operator;
  • - Personal data is received by the Operator on the basis of law or in connection with the execution of an agreement to which either the beneficiary or guarantor is a personal data subject;
  • - Personal data is made publicly available by the Subject of personal data or obtained from a public source;
  • - Providing the Subject with personal data with the information provided for in clause 3.1.6. Policies that violate the rights and legitimate interests of third parties.
3.1.7. When collecting Personal data, including through the information and telecommunication network Internet, the Operator provides the processing of personal data using the databases available for the StartMoney project.

3.2. The personal data operator has the right:
3.2.1. Process the Personal Data of the Personal Data Subject for the purposes and on the conditions specified by the legislation, this Policy, the local regulatory acts of the Operator governing the processing of Personal Data.
3.2.2. Require the Subject of personal data to comply with the legislation, the conditions of this Policy, the local regulatory acts of the Operator governing the processing of Personal Data, the Rules and other Documents governing the processing of Personal Data.

- 4 -

- Rights and obligations of the Subject (s) of personal data -

4.1. The subject of personal data has the right to receive information regarding the processing of his personal data, including containing:

  • - Confirmation of the fact of the processing of personal data by the Operator;
  • - Legal grounds and goals of the processing of personal data;
  • - The purpose and methods used by the operator to process personal data;
  • - The name and location of the Operator, information on persons (except for the employees of the Operator) who have access to personal data or to whom the Personal data may be disclosed on the basis of an agreement with the Operator or on the basis of law;
  • - Processed Personal Data relating to the relevant Subject of Personal Data, the source of its receipt, unless otherwise provided by law for the presentation of such data;
  • - Сроки Обработки персональных данных, в том числе сроки их хранения;
  • - The procedure for the implementation by the Subject of personal data of rights;
  • - Information on completed or proposed cross-border data transfer;
4.2. The subject of personal data is obliged:
  • - Comply with personal data laws;
  • - Observe the requirements of the Operator to comply with the procedure for processing Personal data and protecting confidential information;
  • - Provide the Operator with reliable and relevant Personal Data;
  • - Timely update the provided Personal data as soon as possible after receiving information about their change. (The operator is not responsible for the consequences of not providing reliable or current data of the subject).

- 5 -

- Procedure for providing the Subject with personal data with information regarding the processing of his personal data -

5.1. Information specified in clause 4.1. Policies are provided to the Subject of personal data or its representative by the Operator when referring to information sources published on the web resource https://startmoney.xyz and available in the public domain, not limited to acquaintance or upon receipt of a written notice. request from the subject of personal data or his representative through feedback through the ticket system.
5.2. The request must contain the information requested by the Operator, the identity of the Personal Data Subject or his representative, confirming the participation of the Personal Data Subject in relations with the Operator, such information may be (contract number - contract, date of conclusion of the contract - contract, conditional mark and (or) other information ), or information confirming the fact that the Operator has processed personal data, the signature of the Personal Data Subject or his representative.
5.3. The operator has the right to refuse the personal data subject to fulfill the request that does not meet the conditions stipulated by the Policy. Such a refusal must be motivated by the Operator.
5.4. The right of the Personal Data Subject to access his Personal Data may be limited in accordance with the law, including if:

  • - The processing of Personal Data is carried out in accordance with the legislation on counteracting the legalization (laundering) of proceeds from crime and the financing of terrorism.
  • - If access to Personal Data, taking into account his Personal Data, violates the rights and legitimate interests of third parties.

- 6 -

- Personal Data Collection Objectives -

6.1. The operator processes Personal data only if:
6.1.1. Processing is necessary to fulfill the Operator's contractual obligations to the Personal Data Subjects, including to ensure the operation of Web Resources and Services;
6.1.2. Processing is necessary to fulfill the obligations of the Operator established by law;
6.2. For certain purposes (the functioning of certain web resources and services), the Operator may request a separate consent to the processing of personal data.

6.3. Considering the conditions set forth in clause 6.1.1., In particular, the purposes of the processing of personal data are (may be):
6.3.1. Providing Subjects access to WEB resources and / or Operator Services;
6.3.2. Providing Subjects access to an account with the Operator;
6.3.3. Communication with the Subjects to send them notifications, requests and information related to the operation of WEB resources and Services, fulfill agreements, agreements and contracts of the Operator with the Subjects, process requests and applications of the Subjects;
6.3.4. Providing advertising and offers, taking into account Personal information about the Subject, available to the Operator;
6.3.5. Improving the usability of WEB resources and Services, including for the provision of more personalized WEB resources and Services, as well as for improving other products, applications and Operator Services;
6.3.6. Creation of new products, utilities and offers of the Operator;
6.3.7. Protection of the rights of Subjects and the rights of the Operator.

6.4. The processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. The operator does not process personal data incompatible with the purposes of collecting personal data.
6.5. The legal basis for the processing of personal data is the totality of legal acts, in accordance with which and in accordance with which the Operator carries out its statutory activities, and at the same time, the processing of personal data:

  • - Laws and normative legal acts adopted on their basis governing relations related to the activities of the Operator;
  • - Statutory documents of the Operator;
  • - Contracts, agreements and contracts concluded between the Operator and the Personal Data Subject;
  • - Consent to the processing of personal data of the Personal Data Subject.

- 7 -

- Categories of processed personal data, categories of subjects of personal data -

7.1. When processing, the Operator identifies the following categories of Personal Data Subjects:
7.1.1. Visitors
– Internet users who visit the web resource https://startmoney.xyz, but do not perform registration or authorization actions on the web resource.
7.1.2.– Customers;– Representatives of Clients - Representatives / employees, authorized representatives of clients;– According to the affiliate program:

  • Representatives;
  • Partners;
  • Branches;
– Investors;
7.1.2.1. For categories in which the Operator processes the following Personal Data:
- Personal data provided by the Subject during registration (account creation), if necessary, last name, first name, phone number, address, email address, date of birth;
- electronic data (HTTP headers, IP address, cookies, web beacons, pixel tags, browser ID information, hardware and software information);
- date and time of access to WEB resources and / or Services;
- information about activity while using WEB resources and / or Services;
- geolocation information;
- other information about the Subject necessary for processing in accordance with the conditions governing the use of specific WEB resources or Operator Services;
- information on the Subjects that the Operator receives from partners and counterparties in accordance with the terms of agreements concluded between the Subject and the relevant Partner, and agreements concluded between the Operator and the partner.
Also, in relation to these categories, if necessary, the Operator may require the following Personal data for processing:
- employer's name;
- position or status;
- passport data;
- accounts of instant messengers and communication services;
- income statements.
7.2. The operator may not check the data provided, but request the data should be received in accordance with the requirements of the operator. The operator cannot judge their accuracy, and also has sufficient legal capacity to provide personal data. Nevertheless, the Operator proceeds from the fact that it provides reliable and sufficient Personal data, and also updates them in a timely manner.
7.3. The Operator may check the Personal data provided by the Subjects, if necessary to prevent fraud, to prevent unauthorized access to the Personal data or accounts of the Personal Data Subject, in cases of requirements and statements of the authorities, if there are legal grounds for this in case of conflict and / or conflicting situations.

- 8 -

- The procedure and conditions for the processing of personal data -

8.1. List of actions performed by the Operator with the Personal data of the Subjects:

  • collection;
  • record;
  • systematization;
  • accumulation;
  • storage;
  • clarification (update, change);
  • extraction;
  • use;
  • blocking;
  • removal;
  • destruction.
8.2. In most cases, Personal Data is processed automatically without access to it by any of the Operator's employees. If such access is needed, then it can be granted only to those employees of the Operator who need it to perform their tasks. To protect and ensure the confidentiality of data, all employees must comply with internal rules and procedures regarding the processing of Personal Data. They must also follow all technical and organizational security measures in place to protect confidential information.
8.2.1. In most cases, Personal Data is processed automatically without access to it by any of the Operator's employees. If such access is needed, then it can be granted only to those employees of the Operator who need it to perform their tasks. To protect and ensure the confidentiality of data, all employees must comply with internal rules and procedures regarding the processing of Personal Data. They must also follow all technical and organizational security measures in place to protect confidential information.
8.3. Personal Data Processing Terms
8.3.1. The operator stores the personal data of the subject for as long as necessary to achieve the purpose for which it was collected, or to comply with the requirements of legislation and regulations.
8.3.2. The termination of the processing of personal data may be:
  • - achievement of personal data processing goals;
  • - termination of the contract between the Subject and the Operator;
  • - expiration of the consent of the Personal Data Subject to the Processing of his personal data;
  • - revocation of the consent of the Personal Data Subject to the Processing of his personal data;
  • - Identification of unlawful processing of personal data.
8.4. Third party engagement
8.4.1. The operator provides Personal data at the request of credit organizations that transfer funds of personal data subjects, as well as recipients of funds for transfers (more).
8.4.3. The operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds provided for by applicable law (more).
8.5. Compliance with the confidentiality requirements of Personal Data.
8.5.1. The operator is obliged to publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information on implemented requirements for the protection of personal data. An operator collecting personal data using information and telecommunication networks is obliged to publish in the information and telecommunication network a document defining its policy regarding the processing of personal data, as well as information on the requirements for the protection of personal data that are being introduced, as well as providing access to the specified document using the appropriate information and telecommunications network.
8.5.2. When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or to ensure their adoption to protect personal data from illegal or accidental access to them, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other illegal actions regarding personal data:
  • - traffic encryption;
  • - user authentication;
  • - Compliance of the Operator infrastructure with the PCI DSS standard.
8.6. Updating, correction, deletion and destruction of personal data, responses to requests from subjects for access to personal data
8.6.1. In case of confirmation of the inaccuracy of the personal data or the illegality of its processing, the Personal data must be updated by the Operator, and Processing must be stopped.
8.6.2. Upon achievement of the goals of the Processing of personal data, as well as in the event that the Subject withdraws personal data consent to their processing, Personal data must be destroyed if:
  • - otherwise is not provided for by the contract, the beneficiary or guarantor of which is the subject of personal data;
  • - The Operator is not entitled to carry out Processing without the consent of the Subject of personal data on the grounds provided by law;
  • - otherwise, no other agreement is provided between the Operator and the Personal Data Subject.
8.7. Obligations of the Operator to eliminate violations of the law committed during the processing of personal data, to clarify, block and destroy personal data.
8.7.1. In the event that an illegal Processing of personal data is detected when the Personal Data Subject or his representative contacts or at the request of the Personal Data Subject or his representative or the authorized body for the protection of the rights of Personal Data Subjects, the Operator is obliged to block the illegally processed personal data relating to this Personal Data Subject, or ensure their blocking (if the processing of personal data is performed by another person acting on behalf of Ope Ator) from the moment of such processing ki or training period said verification request. If inaccurate Personal Data is discovered during the appeal of the Personal Data Subject or his representative, either at their request or at the request of the authorized body for the protection of the rights of the subjects of Personal Data, the Operator is obliged to block the personaldata related to this Personal Data Item, or to ensure their blocking (if the processing of personal data is carried out by another person acting on behalf of the Operator) from the moment of such an appeal or receipt of the specified request for verification, the period if the blocking of personal data does not violate the rights and legitimate interests Personal data subject or third parties.
8.7.2. If the fact of inaccuracy of the Personal Data is confirmed, the Operator on the basis of information provided by the Personal Data Subject or his representative or the authorized body for the protection of the rights of Personal Data Subjects, or other necessary documents. must clarify or provide personal data (if the processing of personal data is carried out by another person acting on behalf of the Operator) within seven working days from the date of provision of such information and remove the blocking of personal data x.
8.7.3. In the event that illegal processing of personal data is carried out by the Operator or by a person acting on behalf of the Operator, the Operator is obliged to stop the illegal processing of personal data or to ensure the termination of the illegal processing of personal data. by a person acting on behalf of the Operator, for a period not exceeding three business days from the date of identification. Operator. In the event that it is impossible to ensure the legitimacy of the Processing of personal data, the Operator must destroy such personal data within a period not exceeding ten business days from the date of detection of the unlawful Processing of personal datadata or to ensure their destruction. The Operator is obliged to notify the Personal Data Subject or his representative about the elimination of the violations committed or about the destruction of Personal Data, and if the appeal of the Personal Data Subject or his representative or the request of the authorized body for the protection of the rights of Personal Data Subjects was sent by the authorized body for the protection of the rights of Personal Subjects data, also the specified authority.
8.7.4. If the goal of Processing Personal Data is achieved, the Operator is obliged to stop Processing Personal Data or to ensure its termination (if the Processing of Personal Data is carried out by another person acting on behalf of the Operator) and to destroy Personal Data or to ensure their destruction (if Processing Personal Data is carried out by another person acting on on behalf of the Operator) within a period not exceeding thirty days from the date of achieving the goal of Processing Personal Data, unless otherwise provided by the contract, with of which, the beneficiary or guarantor of which is the Personal Data Subject, another agreement between the Operator and the Personal Data Subject, or if the Operator is not entitled to process Personal data without the consent of the Personal Data Subject on the grounds provided by law or other legal norms.
8.7.5. In case of withdrawal by the Subject of personal data of consent to the processing of his personal data, the Operator is obliged to stop processing it or to ensure the termination of such processing (if the processing of personal data is carried out by another person acting). on behalf of the Operator) and if the storage of Personal Data is no longer required for the Processing of personal data, the destruction of personal data or ensuring their destruction (if the processing of personal data is carried out by another person acting on behalf of) for a period not exceeding thirty days from the date of receipt of the said response , unless otherwise specifiedprovided for by an agreement in which the Personal Data Subject is the beneficiary or guarantor, another agreement between the Operator and the Personal Data Subject, or if the Operator does not have the right to process Personal Data without the consent of the Personal Data Subject on the grounds provided by law or other legal norms.
8.7.6. If it is impossible to destroy the Personal Data within the time period specified in paragraphs. 8.7.3., 8.7.4. and 8.7.5. In accordance with the rules, the Operator blocks such personal data or ensures its blocking (if the Processing of personal data is carried out by another person acting on behalf of the Operator) and ensures the destruction of Personal data for no more than six months, unless otherwise provided by law.

- 9 -

- Final provisions -

9. Final Provisions of the Policy
9.1. How the subject of personal data can exercise his rights. If the Subject of personal data is not satisfied with the way the Operator processes its Personal data, the Subject can inform the Operator about this using the feedback form at: https://startmoney.xyz/support , The operator will consider the claim, question or suggestion.
9.2. This Policy is subject to change. The Operator has the right to make changes at its discretion, including, but not limited to, in cases where the corresponding changes are associated with changes in the applicable law, as well as when the corresponding changes are associated with changes in the operation of WEB resources and Services.
9.2.1. The Operator agrees not to make significant changes, not to impose an additional burden or restriction on the rights of the Subjects established by this Policy without a corresponding notification of the Subjects that can be displayed on a web resource (for example, through a pop-up window). or banner) before such changes take effect, or can be sent to entities through the provided communication channels.

print