POLICY ON CONFIDENTIAL DATA PROCESSING

This policy governs the procedure for collection and processing by the limited liability company Makar Offroad (OGRN [Primary State Registration Number]: 1176658041812, INN [Taxpayer Identification Number]: 6686094201, hereinafter referred to as the “Operator”) of personal data of individuals using automation tools via the Internet.

General Provisions

1. For the purposes of this document, the following terms are used.

1.1. Personal data shall mean any information relating directly or indirectly to a specific or definable individual (subject of personal data).

1.2. Operator, Makar Offroad LLC, shall mean a party that independently organizes and (or) performs the processing of personal data, as well as defines the purposes of the processing of personal data, the content of personal data to be processed, actions (operations) performed with personal data.

1.3. Client shall mean an individual using the Website.

1.4. Website shall mean a set of programs for computers and other information contained in the information system, access to which is provided via the Internet by domain names and (or) network addresses allowing to identify the Internet websites. The Website address is http://makaroffroad.ru.

1.5. Personal data processing shall mean any action (operation) or a set of actions (operations) performed with or without the use of the automation tools, involving personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, granting access), depersonalization, blocking, deletion, destruction of personal data.

1.6. Automated processing of personal data shall mean the processing of personal data by means of computer technology.

1.7. Provision of personal data shall mean the actions aimed at disclosing personal data to a specific person or a specific group of persons.

1.8. Blocking of personal data shall mean the temporary suspension of the processing of personal data (except in cases where the processing is necessary for clarification of personal data).

1.9. Destruction of personal data shall mean the actions making it impossible to restore the content of personal data in the personal data information system and (or) destroying the physical media of personal data.

1.10. Personal data information system shall mean a set of personal data contained in the databases and information technologies and technical tools ensuring its processing.

1.11. Cookies shall mean pieces of data sent by the website and stored on a computer, mobile phone or another device from which the Client visits the website, and used to store data about the Client’s actions on the website.

2. By submitting a request to the Operator through the Website, the Client agrees to the terms and conditions of this policy, as well as gives consent to the Operator to process his/her personal data in cases where the provisions of applicable law require such consent.

3. Personal data shall be processed only on a legal and fair basis. This privacy policy is defined according to the current legislation of the Russian Federation, including the following laws and regulations of the Russian Federation: the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Federal Law of July 27th, 2006, No. 152-FZ “On Personal Data”, the Federal Law of February 7th, 1992, No. 2300-1 “On Protection of Consumers’ Rights”.

Personal data

3. During the processing of personal data, the Client shall be entitled to:

3.1 Receive information related to the processing of his/her personal data, also containing:

3.1.1. Confirmation of the fact of the processing of personal data;

3.1.2. Legal basis and purposes of the processing of personal data;

3.1.3. Purposes and methods of the processing of personal data;

3.1.4. Information about the name and location of the person processing personal data, information about the persons (except for the employees of the Operator) that have access to personal data or to that personal data may be disclosed under a contract with the Operator or under applicable law;

3.1.5. Personal data being processed relating to the respective subject of personal data, the source of its receipt, unless otherwise provided by applicable law;

3.1.6. Time limits for the processing of personal data, including the time limits for its storage;

3.1.7. Procedure for the exercise by the Client of the rights provided by applicable law;

3.1.8. Information on the performed or intended cross-border data transfer;

3.1.9. Name or last name, first name, middle name, and address of the person processing personal data on behalf of the Operator, in case the processing is or will be entrusted to such a person;

3.1.10. Other information provided by applicable law;

3.2. Require the Operator to clarify his/her personal data, to block it or to destroy it in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of the processing, as well as to take legal measures to protect his/her rights;

3.3. Appeal the actions or omissions of the Operator to the authorized body for the protection of the rights of subjects of personal data, or in court, in case the Client believes that the Operator processes personal data in violation of the requirements of applicable law or otherwise violates his/her rights and freedoms;

3.4. Protect his/her rights and legitimate interests, including the right to reimbursement for losses and (or) compensation for moral damage in court.

4. During the processing of personal data, the Operator shall be obliged to:

4.1. Provide the Client with the following information at his/her request:

4.1.1. Confirmation of the fact of the processing of personal data;

4.1.2. Legal basis and purposes of the processing of personal data;

4.1.3. Purposes and methods of the processing of personal data;

4.1.4. Its name and location, information about the persons (except for employees) that have access to personal data or to that personal data may be disclosed under a contract or federal law;

4.1.5. The Client’s personal data being processed and the source of its receipt, unless otherwise provided by applicable law;

4.1.6. Time limits for the processing of personal data, including the time limits for its storage;

4.1.7. Procedure for the exercise by the Client of the rights provided by applicable law;

4.1.8. Information on the performed or intended cross-border data transfer;

4.1.9. Name or last name, first name, middle name, and address of the person processing personal data on behalf of the Operator, in case the processing is or will be entrusted to such a person;

4.1.10. Other information provided by applicable law.

4.2. Ensure the adoption of measures for the prevention of unauthorized access to the Client’s personal data.

4.3. Publish or otherwise provide unrestricted access to the document defining the policy regarding the processing of personal data, as well as to the information about the requirements being implemented for the protection of personal data.

5. The purpose of collecting and processing the Client’s personal data is:

5.1. Receiving by the Client information, news about goods, services, events, campaigns, promotional offers and (or) consulting on purchase of goods, services presented on the Website, the use by the Client of services available on the Website, including but not limited to, private messaging service, in order to conclude the corresponding contract;

5.2. The data provided may be used for marketing programs, statistical research, promotion of goods, services through direct contact with the Client, as well as notifications, including technical, advertising notifications, current offers and promotions of the Operator, by various means of communication, including, but not limited to, mailing, e-mail, telephone, fax, Internet. The Client may at any time refuse to receive notifications sending the request/demand according to the procedure provided by this privacy policy.

6. The Client’s personal data shall be stored on electronic media and processed using automated personal data processing systems.

7. The Operator collects and processes the following personal data of the Client:

7.1. Last name, first name, middle name;

7.2. Subscriber telephone number;

7.3. E-mail address;

7.4. Request history;

7.5. The Operator also obtains data that is automatically transmitted during browsing when visiting the website, including:

7.5.1. IP address;

7.5.2. information from cookies;

7.5.3. information about the browser (or another program that accesses ad impression);

7.5.4. access time;

7.5.5. referrer (address of the previous page).

8. The Client’s personal data shall be destroyed by the Operator in the following cases:

8.1. Upon the expiry of three years from the Client’s last request to the Operator;

8.2. In case of withdrawal by the Client of consent to the processing of his/her personal data.

9. Destruction of the Client’s personal data shall be carried out without the possibility of its subsequent restoration.

10. Access to the Client’s personal data shall be granted to persons directly related to the work with the Client in accordance with Section 5 of this privacy policy. In other cases the Operator shall not disclose the Client’s personal data, nor shall it provide access to it to third parties without the Client’s prior consent, except for cases when personal data is provided at the request of authorized state bodies in accordance with applicable law.

11. The Operator shall implement the following measures for the prevention of unauthorized access to the Client’s personal data:

11.1. It shall appoint the employees responsible for the organization of the processing of personal data;

11.2. It shall implement organizational and technical measures to ensure the security of the Client’s personal data, namely:

11.2.1. It shall identify security threats to personal data in the course of its processing in the personal data information systems;

11.2.2. It shall organize a security regime for the premises in which the information system is housed, which impedes the possibility of uncontrolled entry or occupancy of the premises by persons lacking the right to access such premises;

11.2.3. It shall ensure the safety of personal data storage media;

11.2.4. It shall approve the list of persons having access to personal data as necessary for them to perform official (job) duties;

11.2.5. It shall use means of information protection necessary to prevent unauthorized access to personal data;

11.2.6. It shall assess the effectiveness of measures taken to ensure the security of personal data;

11.2.7. It shall ensure the detection of unauthorized access to personal data and take appropriate measures;

11.2.8. It shall recover personal data modified or destroyed due to unauthorized access (if there is a technical capability of such recovery);

11.2.9. It shall establish rules for access to personal data being processed in the personal data information system;

11.2.10. It shall monitor the measures implemented to ensure the security of personal data and the security level of the personal data information systems.

12. The Client shall be entitled to require the Operator to clarify (update) his/her personal data, to block or to destroy it, if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose, and also to withdraw his/her consent to the processing of personal data by filing appropriate request to the Operator and (or) demand in writing by registered mail with notification of delivery or personal service at the address of the Operator. The specified request/demand shall include the number of the main identifying document of the Client or his/her representative, the date of issue of the specified document and the name of the issuing authority, the address of the Client’s place of residence, information confirming the Client’s relationship with the Operator (contract number, date of the contract, conditional verbal designation and (or) other information), or information that otherwise confirms the fact of the processing of personal data of the Client, request to clarify, block or destroy the Client’s personal data, or notice of withdrawal of consent to the processing of personal data, signature of the Client or his/her representative. The Operator shall be obliged to give a reasoned reply on the merits of the Client’s request/demand within thirty (30) calendar days from the date of its receipt.

Cookies

13. The Operator can use the following types of cookies.

13.1. Strictly necessary cookies. These cookies are required to browse through the Website and use the services requested. Cookies of this type are used during the Client’s registration and logging into the system. Without them, the services requested by the Client become unavailable. These cookies are primary and can be either permanent or temporary. Without this type of cookies, the Website doesn’t run properly.

13.2. Performance cookies. These cookies collect statistical information about the use of the Website. These cookies do not receive personal information of the Client. All information collected by these cookies is statistical and anonymous. The purposes of the use of these cookies:

13.2.1. Obtaining website usage statistics;

13.2.2. Evaluation of the effectiveness of advertising campaigns. These cookies can be either permanent or temporary, and can also be classified as first-party and third-party cookies.

13.3. Functionality cookies. This type of cookies is used to remember information provided by the Client (such as user name, language or location area). These cookies use anonymous information and do not track browsing activity of the Client on other websites. The purposes of the use of these cookies:

13.3.1. Storing of data on any service previously provided to the Client, if at all;

13.3.2. Improving the quality of interaction with the Website as a whole by remembering the preferences chosen by the Client. These cookies can be either permanent or temporary, and can also be classified as first-party and third-party cookies.

13.4. Advertising cookies. This type of cookies is used to limit the number of times you see an advertisement and to evaluate the effectiveness of advertising campaigns. Advertising cookies are used to manage advertising materials throughout the Website. Advertising cookies are placed by third parties, for example, by advertisers and their agents. They can be both permanent and temporary. These cookies are connected with advertisements on the website, provided by third-party companies.

14. Cookies can be blocked or deleted and their effect can also be limited in the settings of the browser used by the Client.

Miscellaneous

15. The Operator reserves the right to amend this privacy policy without any prior notice. Amendments shall come into force from the moment of their posting on the Website.

16. All disputes arising shall be resolved by means of negotiations. In case of failure to reach agreement, the dispute shall be referred to the competent court in accordance with the current legislation of the Russian Federation. Place of litigation shall be the city of Kurgan.