Privacy Policy for Personal Data Processing and Protection

These Privacy Policy Regulations (the “Regulations”) are an official document of Individual Entrepreneur Ivan Sergeevich Kostyuk that define the procedure for processing and protecting information about individuals (“Users”) who use features, information, services, programs (including loyalty programs), and products of the online store available at swok.am (the “Website”).
The purpose of this Privacy Policy is to ensure protection of human and civil rights and freedoms when processing personal data, including protection of the rights to privacy, personal and family secrets from unauthorized access or disclosure.
Activities related to processing of personal data and information about users of the Website and the Application are governed by these Regulations, other official documents of the Company, and the applicable legislation of the Russian Federation.
1. General Provisions
As part of her main activities, Individual Entrepreneur Ivan Sergeevich Kostyuk (Primary State Registration Number of Individual Entrepreneur (OGRNIP): 99.1355922, Taxpayer Identification Number (INN): 49811361 (the “Company”) processes personal data of various categories of personal data subjects using personal data information systems on the Company’s Website.
For the purposes of this Policy, personal data means any information provided through the Company’s Website and Application.
The purpose of personal data processing is to fulfill the Company’s obligations to Users with respect to use of the Website, the Application, and their services.
Personal data of users is processed based on the personal data subject’s consent to the processing of their personal data.
2. Personal Data Collection
The Company collects information through the Website and the Application in two ways:
• Personal data provided by users:
The Company collects personal data that is entered into data fields on the Company’s Website and in the Company’s Application by the users themselves or by other persons on their behalf.
The Company collects information/data, including:
— full name,
— date of birth;
— sex, marital status;
— address;
— phone number;
— email address;
• Passive collection of personal data about the current connection in terms of statistical information:
The Company’s Website and Application may collect statistical data about the user, including:
— pages visited;
— number of page visits;
— duration of user session;
— entry points (third-party websites from which the user navigates to the Company’s Website);
— exit points (links on the Company’s Website and in the Company’s Application through which the user navigates to third-party websites);
— user’s country;
— user’s region;
— user’s Internet service provider (ISP);
— user’s web browser;
— user’s system languages;
— user’s operating system (OS);
— user’s screen resolution;
— number of colors of the user’s screen.
The data can be obtained using various methods, for example, cookies, web beacons, etc. The Company may use third-party web services to organize the collection of statistical personal data; third-party web services provide storage of the received data on their own servers. The Company is not responsible for the localization of servers of third-party web services. The Company does not compare the information that is directly provided by the user and allows identifying the personal data subject against the statistical personal data obtained during application of such passive methods of information collection.
The purpose of personal data collection is the Company’s fulfillment of its obligations to deliver orders to visitors.
3. Storage and Use of Personal Data
3.1. Personal data of Users is stored exclusively on electronic media and processed using automated systems, except for cases when non-automated processing of personal data is necessary in connection with the fulfillment of the requirements of the law.
3.2. The personal data being collected is used to fulfill orders of Website visitors or Application Users as well as to send the User notifications about new products, special offers, and various events. They also help the Company improve the quality of service. A User may at any time unsubscribe by informing the Company via the feedback contacts (by email or phone) as well as by making changes to the User’s profile on the Website or in the Application.
3.3. Personal data may also be used for the Company’s internal purposes such as auditing, data analysis, and various research to improve the Company’s products, services, and customer communications.
3.4. If you enter into a sweepstake, contest, or similar promotion the Company reserves the right to use the personal data provided by the User to administer those programs.
3.5. The Company also collects non-personal data — data in a form that does not permit direct association with any specific individual. The Company may collect, use, transfer, and disclose non-personal information for any purpose. If non-personal information is combined with personal information the combined information will be treated as personal information for as long as it remains combined.
3.6. Personal data of Users is not transferred to any third parties except as expressly provided for in these Regulations.
3.7. Personal data of Users is processed without any limitation of time, in any lawful way, including in personal data information systems with or without the use of automation tools.
3.8. The User agrees that the Company may transfer personal data to third parties, in particular, to courier services, postal organizations, telecommunication operators, etc., only for the purposes specified in the “Personal Data Collection” section hereof.
3.9. If the user so requests or consents, the User’s personal data may be transferred to third parties contracted by the operator, subject to such parties assuming obligations to ensure confidentiality of the information received, particularly when using applications.
3.10. The applications used by Users on the Website are posted and supported by third parties (developers) who act independently of the operator and do not act for or on behalf of the operator. Users should independently acquaint themselves with the terms of service and the personal data protection policy of such third parties (developers) before using the relevant applications.
3.11. Personal data of Users may be transferred to authorized state bodies of the Russian Federation at the request of such bodies only on the grounds and in the manner established by the legislation of the Russian Federation.
3.12. The operator blocks personal data related to the relevant User from the time of application or request of the User or their legal representative or the authorized body for the protection of personal data subjects’ rights for the duration of the inquiry if any false personal data or illegal actions are identified.
4. Disclosure to Third Parties
4.1 At times the Company may make certain personal information and data available to strategic partners that work with the Company to provide products and services, or that help the Company sell goods and services to customers. We share with third parties the minimum amount of personal data required only to perform the required service or to conduct the required transaction.
4.2. Personal information will only be shared by the Company to provide or improve our products and services as well as to carry out any related communications. Such information will not be shared with third parties for their marketing purposes.
4.3. If we need to use your personal data for any other purpose, we will request your consent to the processing of your personal data.
4.4. Service Providers
The Company shares personal data/information with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivery, other types of customer service, assessing your interest in our products and services, and conducting customer research or service satisfaction surveys. These companies are obligated to protect your information wherever they are located.
4.5. Others
It may be necessary — by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence — for the Company to disclose your personal data. We may also disclose your personal data/information if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
4.6. The Company may also disclose your personal data/information if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect the Company’s operations or users. Additionally, in the event of a reorganization, merger, or sale the Company may transfer any and all personal information we collect to the relevant third party.
4.7. The user’s personal data is destroyed if:
— the operator deletes information posted by the User as well as the User’s personal page in cases established by the sales contract (offer);
— the personal data subject revokes their consent to the processing of personal data.
4.8. Cookies and Other Technologies
4.8.1. The Website, interactive services and applications, email messages, and any other communications made on the Company’s behalf may use “cookies” and other technologies such as pixel tags and web beacons. These technologies help us better understand user behavior, tell us which parts of our Website people have visited, and facilitate and measure the effectiveness of advertisements and web searches. We treat information collected by cookies and other technologies as non-personal information.
4.8.2. The goal in these cases is to make your experience with the Company more convenient and personal. A user can disable cookies in the settings of their web browser or mobile device but after disabling cookies some functions of the Website may become unavailable.
4.8.3. As is true of most websites, we gather some information automatically and store it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data. We use this information to understand and analyze trends, to administer the Website, to learn about user behavior on the Website, and to gather demographic information about our user base as a whole. The Company may use this information in its marketing purposes.
4.8.4. In some email messages, the Company uses a “click-through URL” linked to information on the Company’s Website. When customers click one of these URLs, their requests are registered separately before the customer arrives at the destination page on our Website. The Company tracks this click-through data to determine interest in particular topics and measure the effectiveness of customer communications.
4.8.5. Pixel tags enable us to send email messages in a format customers can read, and they tell us whether mail has been opened. This information is used to reduce or eliminate messages sent to customers.
5. Principles and Conditions of Personal Data Processing
5.1. Personal data processing is carried out in the Company on a lawful and fair basis and is limited to the achievement of specific, predetermined, and lawful goals, including in accordance with the Terms of Service.
5.2. Processing is carried out only with respect to the personal data that meets the processing purposes. The content and volume of personal data processed in the Company correspond to the stated purposes of processing; processing of excess personal data is not allowed.
5.3. When processing personal data, the Company ensures the accuracy of personal data, its sufficiency and, if necessary, relevance in relation to the purposes of personal data processing. The Company takes (or arranges for the taking of) the necessary measures to remove or clarify incomplete or inaccurate personal data.
5.4. In the course of its activities, the Company may provide and/or entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided for by the legislation of the Russian Federation on personal data. However, a mandatory condition for providing and/or entrusting the processing personal data to another person is the parties’ obligation to maintain confidentiality and ensure the security of personal data during its processing.
5.5. The timing of personal data processing is determined in accordance with the purposes for which it was collected.
6. Rights of Personal Data Subject
6.1. The personal data subject has the right (unless otherwise provided for by law) to:
• demand the clarification of their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, was obtained illegally or is not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
• demand a list of their personal data processed by the Company and the source from which the personal data was obtained;
• receive information on the timing of processing of their personal data, including the timing of its storage;
• demand the notification of all persons who were previously provided with incorrect or incomplete personal data of all exclusions, corrections, or additions made to the personal data;
• appeal against unlawful actions or omissions in the processing of their personal data in the authorized body for the protection of personal data subjects’ rights or in court;
• protection of their rights and lawful interests, including compensation for losses and/or compensation for moral damage in court.
6.2. If you have any questions about the nature of application, use, modification, or deletion of your personal data that you provided, or if you wish to ask the Company to stop any further processing of your personal data, please contact us via the phone number specified on the Website or in the Application.
Please note that the personal data operator is not responsible for inaccurate information provided by the personal data subject.
7. Implementation of Personal Data Protection Requirements
7.1. In order to maintain business reputation and ensure compliance with the requirements of federal legislation, the Company counts among its most important tasks the assurance of legitimacy of personal data processing in the Company’s business processes and providing an appropriate level of security of personal data processed in the Company.
7.2 The Company requires other persons who have gained access to personal data not to disclose the personal data to third parties and not to distribute the personal data without the consent of the personal data subject, unless otherwise provided for by federal law.
7.3 In order to ensure the security of personal data during its processing, the Company takes necessary and sufficient legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from any other illegal actions with its respect.
7.4. The Company ensures that all measures for organizational and technical protection of personal data implemented by it are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.
7.5. In order to ensure adequate protection of personal data, the Company assesses the harm that can be caused to personal data subjects in the event of a violation of the security of their personal data, and also determines the current threats to the security of personal data during its processing in personal data information systems.
7.6. In accordance with the currently identified threats, the Company applies necessary and sufficient legal, organizational, and technical measures to ensure the security of personal data, including the use of information protection tools, detection of unauthorized access to personal data and taking measures, restoration of personal data, restriction of access to personal data, registration and accounting for actions with personal data, as well as monitoring and evaluation of effectiveness of measures used to ensure the security of personal data.
7.7. The Company’s management is aware of the importance and need to ensure the security of personal data and encourages the continuous improvement of the system for protection of personal data processed as part of the Company’s core activities.
7.8. The Company has appointed persons responsible for the arrangement of processing and ensuring the security of personal data.
7.9. Each new employee of the Company directly processing personal data acquaints themselves with the requirements of the legislation of the Russian Federation on processing and ensuring the security of personal data, this Policy, and other local regulations of the Company on processing and ensuring the security of personal data and undertakes to comply with them.