Privacy policy

Privacy Policy and the procedure for processing of the personal data of Users of the OneStepDating Service

TERMS AND DEFINITIONS

The basic terms defined below are used for the purposes of applying and interpreting this Policy (unless the Policy explicitly states otherwise). In the text of the Policy, these terms can be indicated with a capital or small letter in the singular or plural, as well as in the form of abbreviations.

Confidentiality of data is a mandatory requirement for the Administration or its authorized persons who have gained access to data to prevent their dissemination without the consent of the subject or other legal basis.

Blocking of personal data is a temporary suspension of processing of the personal data (unless the processing is necessary to clarify personal data).

Information - information (messages, data) regardless of the form of its presentation.

Personal data information system - a set of personal data contained in databases and information technologies and technical means providing their processing. Personal data processing is an action (operation) or a set of actions (operations) with personal data described in this Policy.

Administration - Limited Liability Company "Global Solutions" (Address: 123112, Moscow, Presnenskaya embankment, 12, floor 41, room 4, PSRN: 1207700079740, TIN: 9703009726).

Personal data - any information related to an individual (Personal Data Subject) directly or indirectly determined or being determined.

Site - an Internet resource consisting of a set of computer programs and information posted in them. The site is contained in an information system that ensures availability of the specified information in the Internet at the address (domain name): onestepdating.com, including all levels of the specified domain, both functioning at the date of the User registration and created during the entire period of the domain service life. At the same time, access to the Site is possible both through a browser in the operating system of a personal computer, and through applications for mobile devices.

Mobile application - “OneStepDating” application designed for installation on mobile devices based on Android or iOS operating systems. The owner of the exclusive rights to the Mobile Application Program is the Administration.

Service - the OneStepDating service, which includes functionality of the Site and the Mobile Application used by the User in accordance with the terms of the User Agreement.

Policy - this Policy regarding confidentiality and the procedure of processing of the personal data of the Service Users.

User Agreement - an agreement concluded between the Administration and the User regarding the terms of use of the Service. The terms of the User Agreement are available in the Internet at www.onestepdating.com/terms.

User - an individual who is a party to the User Agreement with the Administration.

Personal Account is the User's account created using a mobile device, in the Mobile application, which is a set of data about the User displayed on his personal page in his profile (User profile), the User's publications on the page, as well as his personal private account, through which he can administer page settings, change information on the page, regulate the procedure of receiving notifications and perform other actions provided by the functionality of the Service.

A questionnaire is a form filled in by the User when completing the registration procedure in the Service, containing a set of data about the User displayed in his Personal account. Filling out the Questionnaire is a voluntary transfer of personal data by the User to the Administration.

Login is a User's unique email address for the entire Service, which, in combination with the Password, serves as the User's identifier.

Password is a set of letters, numbers and special characters, which, in combination with the Login, serves as the User's identifier.

Provision of personal data - actions aimed at disclosing personal data to a certain person or a certain number of persons.

Applicable Law - Law of the Russian Federation.

Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons.

Collection of personal data is a purposeful process of receiving personal data by the Administration directly from Users.

The Personal Data Subject is an individual to whom the personal data relates.

Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

Feedback Forms are web forms posted on the Service and designed to send electronic messages to the Administration.

Storage of personal data is a process that involves holding of personal data in a systematic form at the disposal of the Administration.

GENERAL PROVISIONS

1.1. This Policy sets out the rules of ensuring confidentiality and the procedure of processing of personal data of the Personal Data Subjects (hereinafter also referred to as "Users") by the Administration, when the User visits and uses the Service, registering a Personal Account, filling out the Feedback Form, providing personal data to other Users of the Service, as well as performing other actions provided for by the User Agreement. The processing of the personal data is carried out in the form of collection, storage, clarification and destruction of the personal data in the Information Systems of the Administration.

1.2. The policy was developed in order to ensure protection of the rights and freedoms of citizens when processing their personal data by the Administration, as well as to establish the responsibility of employees of the Administration who have access to personal data for failure to comply with the requirements for processing and protecting the personal data.

1.3. This Policy contains information on the basic principles, goals, procedure and conditions of processing of the personal data, as well as information on the requirements implemented by the Administration for protection of the processed personal data, and is intended to ensure protection of the rights and freedoms of the Personal Data Subjects when processing their personal data by the Administration.

1.4. The current version of this Policy is permanently published on the Website page at www.onestepdating.com in order to provide unlimited access to it.

1.5. This Policy was developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data''. The personal data processing is carried out on the territory of the Russian Federation and in accordance with the legislation of the Russian Federation.

1.6. Use of the Service means the expression by the User of unconditional adherence to the Policy and the specified conditions of processing of the personal data.

BASIC CONDITIONS OF PERSONAL DATA PROCESSING

2.1. The Administration's policy in relation to processing of the Users' personal data in the Service is that the personal data should be processed only in cases established by law, based on the main activities of the Administration and taking into account the balance of interests of the Administration and the personal data subjects. The processing of personal data by the Administration is carried out taking into account the need to ensure protection of the rights and freedoms of the Personal Data Subjects, including protection of the right to privacy, personal and family secrets, based on the following principles:

• Processing of the personal data is carried out by the Administration on a legal and fair basis;

• Processing of the personal data is limited to the achievement of specific, predetermined and legal purposes;

• Processing of the personal data that is incompatible with the purposes of collecting personal data is not allowed;

• It is not allowed to merge databases containing personal data, the processing of which is carried out for the purposes incompatible with each other;

• Only personal data that meet the purposes of the data processing are subject to processing;

• The content and volume of processed personal data corresponds to the stated purposes of processing; redundancy of processed personal data in relation to the declared purposes of their processing is not allowed;

• When processing personal data, the accuracy and sufficiency of personal data is ensured, and, if necessary, relevance in relation to the purposes of the processing of personal data. The Administration takes the necessary measures (or ensures their adoption) to remove or clarify incomplete or inaccurate personal data;

• Personal data storage is carried out in a form that allows determining the Personal Data Subject, no longer than the purpose of the processing of personal data requires, unless a different period of the personal data storage is established by the agreement to which the subject of the personal data is a party, beneficiary or guarantor. The processed personal data is destroyed upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by law.

2.2. The Administration has no right to receive and process personal data of the subjects containing information about race, nationality, political views, religious and philosophical beliefs, health status, except with the written consent of the Personal Data Subject and unless the above data is provided by the User to other Users, as well as if the processing of such personal data is entrusted to the Administration by the legislation of the Russian Federation.

2.3. The transfer (exchange, etc.) of personal data is carried out on the basis of the consent of the Personal Data Subject, including the form of expressing consent through the functionality of the Service or in the form of a document signed with a simple electronic signature, as well as in other cases stipulated by law.

2.4. The transfer of personal data to the government authorities is carried out in accordance with the requirements of the current legislation and this Policy.

2.5. The personal data of the subject may be provided to other persons only with the written permission of the Personal Data Subject, except for the cases of providing the personal data to the Users of the personal data subjects using the Service or when the transfer of personal data without the consent of the subject is allowed by the current legislation of the Russian Federation.

2.6. The User, by registering a Personal Account, filling out the Feedback Form using the Service, by checking the box in the appropriate section, confirms that he has read this Policy and consented to the processing of his personal data.

CATEGORIES OF PERSONAL DATA AND PURPOSES OF THE PERSONAL DATA PROCESSING

3.1. Personal data of Users can be processed through the Service for the following purposes:

• implementation and maintenance of communication between the Users of the Service;

• implementation and maintenance of communication between the Administration and the User;

• promotion of services and sending newsletters, including messages of informational, advertising and other nature to the User's email address;

• registration of the User in the Service;

• use and management of the User's Personal Account;

• registration of the User for participation in events;

• displaying the data of the User's Personal Account in the search results through the functionality of the Service;

• filling in the Feedback Form through the functionality of the Service;

• fulfillment by the Administration of obligations to Users in accordance with the terms of the User Agreement;

• improvement of the quality of service and upgrade of the Service by the Administration;

• administration of justice, if the Administration receives a corresponding request from the authorized bodies;

• implementation of partnership programs with third parties. Specific goals can also be indicated in the Feedback Form filled out by the User. The Administration does not verify the accuracy of the information provided by the User, as well as the User's legal capacity.

3.2. When developing Feedback Forms, the Administration ensures that the content and volume of the processed personal data is consistent with the stated processing objectives.

3.3. The Administration does not process special categories of personal data, in particular those related to race, nationality, criminal record, political views, religious or philosophical beliefs.

3.4. The Administration never collects personal data secretly from Users. The Service can use services for maintaining statistics of visits, determining the level of interest of Users and other similar tools that collect and analyze only anonymized information that is not personal data. The Service can automatically save cookies on the Users' mobile devices (small text files of a technical nature) that do not contain personal data and are not used to identify the User. If the User does not want to save the specified files on his device, he can at any time change the settings of the Mobile application and delete the already saved files using the standard functionality of the Mobile application or the User's mobile device.

3.5. Additionally, technical information means information that is automatically transmitted to the Administration while using the Service by the software installed on the User's mobile device, namely:

3.5.1. Data on the User's activity in the Service, in particular visited pages, the date and time of transitions, etc.;

3.5.2. Information about the mobile device with which the User used the Service: IP-address and type of mobile device, as well as its unique identifier; 3.5.3. Data on interaction with the advertisements of the Administration displayed outside the Service, their number, frequency and depth of viewing.

SCOPE AND LEGAL BASIS FOR PERSONAL DATA PROCESSING.

4.1. The source of collecting personal data: Personal Data Subject.

4.2. The volume of processed personal data of the User: • Name; • Last name; • Gender; • Height; • Date of Birth; • Cell phone number; • Email address; • Approximate location determined by the geolocation of the User's device; • Interests indicated by the User; • Facebook, Google or Vkontakte accounts during the initial registration of the User.

4.3. The legal basis for processing of the personal data by the Administration is a set of legal acts, in pursuance of which and in accordance with which the Administration processes personal data and protects the rights of the personal data subjects.

4.4. The legal grounds for processing of personal data by the Service include the User Agreement, the Articles of Association of the Administration, the User's consent to processing of the personal data, as well as the norms of the legislation of the Russian Federation, including: Article 10 of the Federal Law dated July 27, 2006 No. 149-FZ "On Information, information technology and information protection ”, Art. 18 of the Federal Law dated March 13, 2006 No. 38-FZ "On Advertising", other provisions of regulatory legal acts depending on the specific purposes of processing.

PROCEDURE, TERMS AND CONDITIONS OF PERSONAL DATA PROCESSING

5.1. The processing of personal data in the Service is carried out in the ways with and without the use of the automation tools within the time required to achieve the processing goals. A condition for stopping the processing of Personal Data by the Administration may be the achievement of the goals of the data processing, the withdrawal of the consent of the Personal Data Subject to processing of his personal data, the termination of the Administration's activities, the closure of the Service or a change in its functionality.

5.2. Using the functionality of the Service, the Administration collects, systematizes, accumulates, stores, clarifies (updates, changes), uses, transfers, and destroys the Users' personal data. If necessary, the Administration can carry out cross-border transfer of personal data within the limits established by the Applicable Law. The Administration checks whether the state, to which territory the transfer of personal data is carried out, provides adequate protection of the rights of the subjects of personal data, prior to start of the cross-border transfer of personal data.

5.3. Other operations with personal data, including storage, are carried out without using the Service and are regulated by the internal documents of the Administration.

5.4. In order to carry out communications with Users, the Administration ensures the functioning of the Feedback Forms and the processing of applications received through them. Appeals are not saved in the Service, but are sent to the authorized employees of the Administration for subsequent work. At the same time, the Administration processes only personal data entered by the Users in the corresponding fields of the Feedback Forms. For example, such data can be (depending on the specific Feedback Form): full name; contact details; data contained in the message and documents attached to it, and others. The response to requests of the User is carried out by the employees of the Administration both with and without using the functionality of the Service.

5.5. The functionality of the Service supports mailings to Users. The subject of messages is determined at the choice of the User and may include advertising, reviews of manufacturers of goods and services, news, reference information and other materials. At the discretion of the Administration, mailings can be made with the use of the Users' personal data or without their use, namely:

5.5.1. by decision of the Administration and subject to the consent of the Users, the personal data (for example, full name, contact information, email address and others) can be collected through the appropriate web-based mailing form and used to individualize the mailing list, send targeted advertising and solve other similar problems;

5.5.2. mailing without the use of personal data is made only to the email addresses that the User indicates in the corresponding web form. At the same time, no other information relating directly or indirectly to a specific or identifiable natural person is not requested or collected.

5.6. Using the Service, Users can register for an information or marketing event. For the purposes of registration, full name, contact information, and other personal data can be processed. After sending an application for registration, the User can receive confirmation or refusal to register by email or by phone, specified in the application.

5.7. To use a Personal Account, the User goes through the registration procedure, during which, through the Feedback Form, they inform the Administration of the data specified in the Questionnaire, the Login and Password chosen by the User, and other personal data.

5.8. In all cases, the processing of personal data by the Administration is carried out with the consent of the User, unless otherwise provided by the legislation of the Russian Federation.

5.9. To achieve the stated processing goals, the Administration may disclose personal data to third parties, including its affiliated companies, as well as entrust personal data processing to other persons on the basis of an agreement containing confidentiality conditions and other mandatory provisions prescribed by Applicable Law.

5.10. When collecting personal data, the Administration always assumes the following:

• All personal data belong only to the User who filled out the Feedback Form (it is prohibited to enter personal data of another person);

• The user has reached the age of 18 and has legal capacity;

• The user has provided reliable and up-to-date personal data. The Administration can contact the User and ask him to clarify the personal data before considering the User's message on the merits if there are doubts about fulfillment of the above conditions.

5.11. When collecting personal data, the Administration ensures the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of the citizens of the Russian Federation using databases located on the territory of the Russian Federation.

5.12. Personal data of Users is a confidential information in accordance with the Applicable Law. The Administration takes necessary and sufficient measures to ensure fulfillment of the obligations imposed by the legislation of the Russian Federation in the field of personal data. The Administration takes the following measures aimed at protecting the rights of the Personal Data Subjects:

• appointment by the Administration of a person responsible for arranging processing of personal data;

• the publication by the Administration of documents defining the Administration's policy in relation to the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;

• application of legal, organizational and technical measures to ensure the security of personal data in accordance with the legislation of the Russian Federation in the field of personal data;

• rational placement of the workers' workplaces, which excludes unauthorized use of confidential information;

• determination and regulation of the number of employees who have the right to access personal data;

• implementation of internal control and (or) audit of compliance of the personal data processing with the legislation of the Russian Federation in the field of personal data and the regulatory legal acts adopted in accordance therewith, requirements for personal data protection, the Administration's policy regarding the processing of personal data, local acts of the Administration;

• assessment of the harm that may be caused to the Personal Data Subjects in case of violation of the legislation of the Russian Federation in the field of personal data, the ratio of this harm and measures taken by the Administration aimed at ensuring fulfillment of obligations stipulated by the legislation of the Russian Federation in the field of personal data;

• familiarization of the employees of the Administration, directly carrying out the processing of personal data, with the provisions of the legislation of the Russian Federation in the field of personal data, including the requirements for protection of personal data, documents defining the policy of the Administration in relation to processing of personal data, local acts on processing of personal data, and (or) training of these workers;

• provision of unrestricted access to the document defining the policy regarding the processing of personal data, to information about the requirements for protection of personal data being implemented, including the publication of this Policy on the Administration website.

5.13. Personal data security is achieved by eliminating unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, distribution of personal data, as well as any other unauthorized actions. The Administration should ensure protection of the personal data against unlawful use or loss.

5.14. Ensuring personal data security is achieved by the Administration, in particular by:

• identification of threats to the security of personal data when processing them in personal data information systems;

• the application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data, necessary to meet the requirements for personal data protection, the implementation of which is ensured by the levels of personal data security established by the Government of the Russian Federation;

• application of the information protection means that have passed procedure for assessing the conformity in the established manner;

• evaluating the effectiveness of measures taken to ensure the safety of personal data prior to the commissioning of personal data information systems;

• accounting of machine carriers of personal data;

• detecting facts of unauthorized access to personal data and taking measures;

• restoration of personal data, modified or destroyed due to unauthorized access to them;

• establishing rules for access to personal data processed in personal data information systems, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information systems;

• control over the measures taken to ensure the safety of personal data and the level of protection of the information systems of personal data.

5.15. Confidentiality measures during collection, processing and storage of personal data apply to both paper and electronic (automated) information carriers. The Administration has the right to use technical protection methods and other methods provided for protection of personal data that do not contradict the legislation of the Russian Federation.

5.16. The objects of protection are: documents containing personal data; personal data, as well as technical means (including computer technology, computer storage media, communication and data transmission facilities and systems, technical means for processing alphanumeric, graphic, video and speech information), system-wide, applied, special software, information technologies, as well as information protection means as part of the personal data information systems, in which personal data processing is carried out.

5.17. The Administration hereby publishes information about the requirements for protection of personal data that it implements. As necessary and taking into account the threats relevant to the information systems that ensure the operation of the Service, the Administration fulfills the following requirements (or ensures their fulfillment by the forces of organizations involved under the contract):

• organization of a regime for ensuring the security of the premises in which the information system is located, preventing the possibility of uncontrolled entry or stay in these premises of the persons who do not have the right to access these premises;

• ensuring the safety of personal data carriers;

• approval by the head of the Administration of a document defining the list of persons whose access to the personal data processed in the information systems is necessary for the performance of their official (labor) duties;

• use of the information security tools that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, in the case when the use of such means is necessary to neutralize current threats;

• appointment of an official (employee) responsible for ensuring the security of personal data in the information systems of the Administration.

5.18. The Administration guarantees that the information provided by the User is not combined with statistical data, is not provided to third parties and is not disclosed, except as provided in the Policy.

5.19. The Administration does not sell or transfer information about Users separately. Such information can be transmitted only with partial or complete reorganization of the Administration.

5.20. The Administration takes technical and organizational measures to provide the User with the opportunity to access the information provided by him, edit such information, determine the settings for third-party access to such information.

5.21. The personal data provided by the User is processed until the liquidation (reorganization) of the Administration, or until the User revokes his consent.

PROCEDURE FOR RESPONDING TO REQUESTS OF THE PERSONAL DATA SUBJECTS

6.1. The Administration strives to ensure maximum transparency in the processing of personal data and prompt response to requests and appeals from Users, the Authorized Body for Protection of the Rights of the Subjects of personal data and other government authorities.

6.2. Inquiries, appeals and other messages regarding the inaccuracy of personal data, the illegality of their processing, revocation of consent, access of the Personal Data Subject to his data, as well as on any other issues related to processing and protection of personal data, should be sent through the Feedback Form on the Website or in the Mobile Application.

RIGHTS OF THE PERSONAL DATA SUBJECTS

7.1. The User has the right:

a) to obtain information regarding the processing of his personal data, including access to his personal data and obtain a copy of any record containing his personal data, with the exception of the cases that are required by the legislation of the Russian Federation;

b) to clarify his personal data, to block or to destroy his personal data in the cases established by law. The User can at any time delete or change the information provided by the User by performing the necessary actions by using the feedback form in the Service, and in the absence of such an opportunity, by contacting the Administration via email. At the same time, the User understands that the Administration has the right to continue using such information in the cases permitted by legislation of the Russian Federation. Consent to receive newsletters and advertising materials can be revoked by the User at any time by sending the Administration a notification in the same way.

c) to appeal against the actions of the Administration in the competent authorities;

d) to protect and reimburse legitimate interests, including compensation for moral damage in a judicial or any other procedure established by law;

e) to revoke his consent to processing of his personal data;

f) to exercise other rights granted by the legislation of the Russian Federation in the field of personal data.

7.2. The Administration has the right:

a) to conduct statistical and other research based on anonymized information provided by the User. The Administration has the right to provide access to such research to third parties for the purpose of targeting advertising. The User gives his consent for such research and for receiving targeted advertising by accepting the Policy. The User can refuse such consent at any time by contacting the Administrator through the Feedback Form in the Service. The User can also independently, if there are technical capabilities on the User's device, prohibit the use of the device or software for transmitting information through the Service, and targeting advertising.

b) to provide information about the User to the law enforcement agencies or other governmental authorities as part of a judicial process or as part of an investigation based on a court decision, enforceable request or as part of cooperation, as well as in other cases required by the Russian law.

c) to provide information about the User to third parties to detect and suppress fraudulent activities, to prevent technical problems or security problems.

UPDATE, CORRECTION, REMOVAL AND DESTRUCTION OF PERSONAL DATA

8.1. In case of confirmation of the fact of inaccuracy of personal data or the illegality of their processing, the personal data can be updated by the Administration, or their processing can be terminated by the Administration.

8.2. Upon achievement of the objectives of processing of personal data, as well as in the event that the subject of personal data withdraws his consent to processing, the personal data should be destroyed, except as otherwise established by the Applicable Law.

LIMITATION OF LIABILITY

9.1. The Service is not a publicly available source of personal data. At the same time, in the event that the User performs certain actions, his personal data may become available to an indefinite number of persons, about which the User hereby gives his consent.

9.2. The Administration informs the Users of the Service that this Policy is applicable only to the Service. The Administration does not control and is not responsible for the use of the third-party sites, to which the User can, at his discretion and at his own risk, click on the links posted through the Service by other Users of the Service.

FINAL PROVISIONS

10.1. This Policy becomes effective upon approval, is enacted by the order of the Administration, and shall remain in effect until cancelled or replaced with a new version of the Policy.

10.2. The requirements of this Policy apply to all employees of the Administration who have access to personal data, as well as to all Users of the Service.

10.3. The Administration has the right to unilaterally make changes and/or amendments to this Policy. A new version of the Policy shall become effective upon its publication (posting) on the Website page at www.onestepdating.com, unless otherwise provided by the new version of the Policy. In case of changes affecting the rights of Users, the Administration has the right to send information about these changes to Users via their contact information or notify them of the changes in any other way.