St. Petersburg, February 7, 2017

This Policy for processing personal data (hereinafter referred to as the Policy) defines the general principles and procedure for processing personal data of Users of the site www.i-icon.com and measures to ensure their safety in OOO “ICON”.

TERMS AND DEFINITIONS

The Parties shall use the following terms in the following meaning:

a) Data - other data about the User (not included in the concept of Personal Data).

b) Legislation - current legislation of the Russian Federation.

Operator - independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data.

c) Personal Data - any information related directly or indirectly to a certain or determined individual (User).

User - a person who has access to the Website through the Internet and using the Website www.i-icon.com.

d) Provision of personal data - actions aimed at disclosing Personal Data to a certain person or a certain circle of persons.

e) Website - a website located on the Internet, where the User leaves Personal Data.

f) Personal Data Subject - a User (individual) to which the Personal Data refers.

g) Transport Companies - third parties providing courier services.

Other terms used in the Policy shall be interpreted in accordance with the Legislation of the Russian Federation.

1.GENERAL PROVISIONS

1.1. This Policy regarding the processing of Personal Data is developed in accordance with the provisions of Federal Law No. 152-FZ of 27.07.2006 “On Personal Data” (as amended and supplemented), other legislative and regulatory legal acts, and determines the procedure for working with the Personal Data by the Users and (or) transmitted by the Users and requirements to ensure their security.

1.2. The activities to ensure the security of personal data are an integral part of the activities of the Operator.

2.PRINCIPLES OF PROCESSING PERSONAL DATA

2.1. The processing of Personal Data shall be carried out by the Operator in accordance with the following principles:

2.1.1. Legality and fair basis for the processing of Personal Data. The Operator takes all necessary measures to comply with the requirements of the Legislation, does not process Personal Data in cases where this is not permitted by the Legislation, does not use Personal Data to the detriment of the User.

2.1.2. Processing only those Personal Data that meet the previously announced objectives of their processing. Correspondence of the content and amount of processed Personal Data to the stated processing objectives. Preventing the processing of Personal Data that is incompatible with the purposes of collecting Personal Data, as well as redundant in relation to the stated purposes of their processing.

The Operator shall process the Personal Data solely for the purpose of fulfilling the contractual obligations to the User.

2.1.3. Ensuring the accuracy, adequacy and relevance of the Personal Data in relation to the purposes of processing the Personal Data. The Operator shall take all reasonable measures to maintain the relevance of the Personal Data being processed, including but not limited to the implementation of the right of each Entity to obtain for review their Personal Data and to require the Operator to clarify, block or destroy them if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or are not necessary for the above-stated processing purposes.

2.1.4. The Personal Data shall be stored in a form that allows the User to identify the Personal Data no longer than the purpose of processing the Personal Data, unless the period of storage of the Personal Data is established by federal law, a contract to which the User of the Personal Data is a party or beneficiary.

2.1.5. Inadmissibility of combining the databases of the Personal Data Information Systems databases created for incompatible purposes.

3.TERMS OF PERSONAL DATA PROCESSING

3.1. Processing of Personal Data by the Operator shall be allowed in the following cases:

3.1.1. If the User has agreed to process his Personal Data. The consent shall be given by acceptance of the Public Offer placed on the Website or by registration of the Order, in the ways indicated on the Website.

3.1.2. When transmitting the Personal Data of the Personal Data Subject by the User while making an Order on the Site. The User shall guarantee that he has previously obtained consent from the subject for transmitting the Personal Data to the Operator.

3.1.3. The Personal Data shall be subject to publication or mandatory disclosure in accordance with the Legislation.

3.2. The Operator shall not disclose to third parties or distribute the Personal Data without the consent of the User, unless otherwise provided by the Legislation.

3.3. The Operator shall not process the Personal Data relating to special categories connected with race and nationality, political view

religious or philosophical convictions, state of health, intimate life of the Subject of Personal Data, membership of the Subject of Personal Data in public associations, with the exception of cases expressly provided for by the Legislation.

3.4. The Operator shall not carry out the Transboundary Transfer of the User's Personal Data.

4.PERSONAL DATA AND OTHER DATA COLLECTION AND PROCESSING

4.1. The Operator shall collect and store only those Personal Data that are necessary to provide services to the User and to order services through the Website. At the same time, Personal Data may be collected both through the Website and at the Operator's office.

4.2. The Operator shall process the Personal Data for the following purposes:

4.2.1. Implementation of activities provided for by the Charter of the Company, current legislation of the Russian Federation;

4.2.2. Performance of the obligations of the Operator to the User in providing services, including processing of payments, delivery of goods.

4.2.3. Communication with Users, if necessary, including for sending notifications, information and inquiries related to providing of services, as well as processing of applications, requests and applications of Users;

4.2.4. In order to improve the quality of services provided by the Operator;

4.2.5. In order to promote services on the market through direct contacts with the Users;

4.2.6. In order to conduct statistical and other studies on the basis of impersonal personal data.

For the purposes specified in clause 4.2, the Operator processes the following personal data:

Surname, name and patronymic;

E-mail address;

Phone;

The details of the bank card from which payment is made (name of the holder of the bank card, card number, CVV code);

IP address of the User;

Type of the User's browser;

4.4. With respect to the Personal Data and other User Data, their confidentiality shall be kept, except when these data are publicly available.

4.5. The Operator shall have the right to keep an archival copy of the Personal Data and other Data, including after deleting the User's account.

4.6. The Operator shall have the right to transmit the Personal Data and other User Data without the User's consent to the following persons:

4.6.1. State bodies, including the inquiry and investigation bodies, and local self-government bodies on their reasoned request.

4.6.2. Operator's partners in order to fulfill the contractual obligations to the User.

4.6.3. In other cases, expressly provided by the current legislation of the Russian Federation.

4.7. The Operator shall have the right to transfer the Personal Data and other Data to third parties not specified in clause 4.6 of this Policy in the following cases:

4.7.1. The User has expressed his consent to such actions.

4.7.2. The transfer is necessary in the framework of the User's use of the Website or provision of services to the User (including for the purpose of delivery of documents);

4.7.3. The transfer occurs in the framework of sale or other transfer of business (in whole or in part), while all obligations to comply with the terms of this Policy pass to the acquirer.

4.8. The Operator shall perform automated and manual processing of the Personal Data and other Data.

4.9. Access to the Information Systems containing the Personal Data shall be provided by the password system. Passwords shall be set by authorized Operator employees and shall be individually communicated to Operator employees who have access to Personal Data / Data.

4.10. The Operator shall transmit the processed information to the Transport (courier) Companies on the basis of the User's consent (Article 9 of the Federal Law “On Personal Data”).

4.11. The Operator shall not be responsible for the improper handling of the User's personal data carried out by the Transport Companies.

4.12. Upon receipt by the Operator of personal data of a request containing the Personal Data Subject's consent to the processing of Personal Data by the Personal Data Subject, within 30 (thirty) calendar days from the date of receipt it must delete the Personal Data.

5.CHANGING PERSONAL DATA

5.1. The User may at any time modify (update, supplement) the Personal Data by sending a written application to the Operator.

5.2. The User shall have the right to delete the Personal Data / Data at any time. To delete the Personal Data, it is enough to send an email to the email address at icon_info@inbox.ru with a request to delete the Personal Data.

6.CONFIDENTIALITY OF PERSONAL DATA

6.1. The Operator shall ensure the confidentiality of the Personal Data / Data processed by it in accordance with the procedure provided for by the Legislation. The confidentiality shall not be required for:

6.1.1. Personal Data after their depersonalization.

6.1.2. Personal Data, access of an unlimited circle of persons to which is provided by the User or at its request (hereinafter - Personal data made public by the User).

6.1.3. Personal Data subject to publication or mandatory disclosure in accordance with the Legislation.

6.1.4. The Personal Data confidentiality shall not be violated if the Operator provides information to Transport (courier) Companies and other third parties acting on the basis of an agreement with the Operator to fulfill obligations to the User.

7.USER’S CONSENT FOR PERSONAL DATA PROCESSING

7.1. The User shall make a decision to provide its Personal Data to the Operator and agrees to their processing freely, by its own will and in its interest. The consent to processing of the Personal Data must be specific, informed and conscious and provided by the User at the time of its Registration on the Operator's Website, as well as in any form that allows to confirm its receipt, unless otherwise provided by the Legislation.

7.2. Personal Data of the persons entered into contractual obligations with the Operator, contained in unified state registers of legal entities and individual entrepreneurs, shall be public, with the exception of information on the number, date of issue and the body that issued the identity document of the individual. Protecting their confidentiality and consent of Users for processing shall not be required.

7.3. In the case of requests from organizations that do not have the appropriate authority, the Operator must obtain the User's prior consent for the provision of its Personal Data and warn those who receive Personal Data that these data can only be used for the purposes for which they are communicated and also require these individuals to confirm that this rule will be (was) observed.

8.RIGHTS OF PERSONAL DATA SUBJECTS

8.1. The User shall have the right to receive information regarding the processing of its Personal Data / Data. The User shall have the right to require the Operator to verify its Personal Data, blocking or destroying it in the event that the Personal Data is incomplete, obsolete, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and also take legal measures to protect its rights.

8.2. If the User considers that the Operator processes its Personal Data in violation of the requirements of the Legislation or otherwise violates its rights and freedoms, the User shall have the right to appeal against the actions or inaction of the Operator in the authorized body for the protection of the rights of subjects of Personal Data or in court.

8.3. The User shall have the right to protect its rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in the courts.

9.PERSONAL DATA OF THIRD PARTIES USED BY USERS

9.1. Using the Website, the User shall have the right to save the data of third parties for ordering goods.

9.2. The User shall undertake to obtain the preliminary consent of the Personal Data Subject for their use through the Website. The User shall be solely responsible for the absence of such consent.

9.3. The Operator shall undertake to take necessary measures to ensure the safety of the Personal Data of third parties entered by the User.

10.OTHER PROVISIONS

10.1. The Legislation of the Russian Federation shall be applicable to this Policy and the relationship between the User and the Operator arising in connection with the application of the Policy.

10.2. All possible disputes shall be subject to resolution in accordance with the Legislation at the place of registration of the Operator.

Before applying to the court, the User must observe the mandatory pre-trial order and send the relevant claim to the Operator in writing. The period for responding to a claim shall be 30 (thirty) working days.

10.3. If, for one reason or another, one or more of the provisions of the Policy are found to be invalid or unenforceable, this shall not affect the validity or applicability of the remaining provisions of the Privacy Policy.

10.4. The Operator shall have the right at any time to modify this Policy (in whole or in part) unilaterally

10.4. The Operator shall have the right to change this Policy at any time (in whole or in part) unilaterally without prior agreement with the User. All changes shall take effect the next day after posting on the Website.

10.5. The User shall undertake to independently monitor the changes in the Privacy Policy by reviewing the current version.

Updated on September 9, 2018

© ICON design studio 2010–2018