Privacy Policy
This Personal Data Privacy Policy (hereinafter — the “Policy”) applies to all information that the Site or the Operator receives about the User during the use of the Site (and its subdomains), its programs and its services.
This Policy designates LLC Laima-Lux Rus as the Operator that processes and protects personal data received from Users of the Site in accordance with the requirements of Federal Law No. 152-FZ “On Personal Data” of 27 July 2006 (hereinafter — the “Personal Data Law”).
The Policy applies to all personal data transmitted by the User through the feedback form on the Site and received by the Operator.
The purpose of the Policy is to ensure the proper protection of Users' personal data against unauthorised access and disclosure.
This Policy applies exclusively to the site https://www.laimalux.com/ and its subdomains. The site https://www.laimalux.com/ does not control and is not responsible for third-party websites that the User may access via links available on the Site.
1. Terms and definitions
1.1. The following terms are used in this Policy:
1.1.1. “Site” — a set of interlinked web pages located on the Internet at the unique address (URL) https://www.laimalux.com/ and its subdomains;
1.1.2. “Subdomains” — pages (or sets of pages) located on third-level domains belonging to the Site, as well as other temporary pages displaying the Operator's contact information at the bottom;
1.1.3. “Operator” — Limited Liability Company “Laima-Lux Rus” (LLC Laima-Lux Rus, OGRN: 1027700232999, INN: 7729392180, legal address: 119602, Moscow, Anokhina Akademika St., 38, bldg. 1) and its authorised employees acting on behalf of LLC Laima-Lux Rus who organise and/or carry out the processing of personal data and determine the purposes of processing, the composition of personal data to be processed, the actions (operations) performed with personal data, and who act as the seller when concluding a contract with a Buyer;
1.1.4. “Personal data subject” — a natural person (any User) who owns the personal data and who can be identified by it;
1.1.5. “User” — a person who has access to the Site via the Internet and is able to use information, materials and products of the Site, purchase the Operator's goods placed on the Site, or sell goods through the Site;
1.1.6. “Subscriber” — a User, whether registered or not on the Site, who has given the Operator permission to send informational messages and has subscribed to the newsletter (via the subscription form);
1.1.7. “Buyer” — a User who has concluded a sale-and-purchase agreement with the Operator and acquires through the Site goods placed on the Site;
1.1.8. “Personal data” — any information relating directly or indirectly to a determined or determinable natural person (personal data subject);
1.1.9. “Cookies” — a small piece of data sent by a web server and stored on the User's computer, which the web client or web browser sends to the web server each time in an HTTP request when attempting to open a page of the relevant site. Cookies may be used to provide the User with personalised features of the Site, for personal advertising that may be shown to the User, for statistical and research purposes, and to improve the Site. The provision of certain services is possible only if the User permits the acceptance and receipt of Cookies. The User may disable the use of Cookies in their browser settings. Deletion or blocking of Cookies may affect the user interface of the sites (available to the User as web applications) and make some components of the Site unavailable to the User;
1.1.10. “IP address” — a unique network address of a node in a computer network through which the User accesses the Site;
1.1.11. “Goods” — products sold by the Operator and ordered by the Buyer through the Site, as well as services offered by the Operator on the Site;
1.1.12. “Personal data processing” — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data;
1.1.13. “Automated processing of personal data” — processing of personal data using computer technology;
1.1.14. “Blocking of personal data” — temporary suspension of the processing of personal data (except where processing is necessary to clarify personal data);
1.1.15. “Depersonalisation of personal data” — actions making it impossible, without the use of additional information, to determine to which specific personal data subject the personal data belongs;
1.1.16. “Provision of personal data” — actions aimed at disclosing personal data to a specific person or specific group of persons;
1.1.17. “Distribution of personal data” — actions aimed at disclosing personal data to an indefinite group of persons;
1.1.18. “Cross-border transfer of personal data” — transfer of personal data to the territory of a foreign state, to a foreign state authority, foreign natural person or foreign legal entity;
1.1.19. “Destruction of personal data” — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or as a result of which the physical media of personal data are destroyed;
1.1.20. “Confidentiality of personal data” — a requirement binding on the Operator or any other person who has obtained access to personal data, not to allow its distribution without the consent of the personal data subject or other lawful basis.
2. General provisions
2.1. The User's use of the Site, completion of feedback forms on the Site, as well as the User's purchase of goods, constitutes consent to this Policy and to the conditions for processing the User's personal data.
2.2. In case of disagreement with the provisions of this Policy, the User must immediately cease use of the Site.
2.3. The Operator does not verify the accuracy of the personal data provided by the User.
2.4. When processing personal data, the Operator, acting reasonably and in good faith, considers that the User:
- has all necessary rights enabling them to register (if applicable), use the Site, and place orders and purchase goods;
- acts voluntarily, in their own interests or on the basis of authority;
- provides accurate information to the extent necessary for the provision of services on the Site;
- has read this Policy.
2.5. The Operator identifies the User by the User's expression of consent to the processing of personal data and the receipt of advertising information through ticking the relevant checkbox on the Site. The User's ticking of such a box is regarded as reliable confirmation of consent and enables the Operator to consider the User identified within the framework of providing services.
3. Subject of the Policy
3.1. This Policy establishes the Operator's obligations of non-disclosure and provision of confidentiality protection for the personal data that the User provides at the Operator's request when registering on the Site, when subscribing to an e-mail newsletter, or when placing an order.
3.2. The personal data permitted for processing under this Policy is provided by the User by filling out a form on the Site and includes the following information in any combination:
- surname, first name, patronymic;
- gender;
- contact phone number;
- e-mail address;
- position;
- education information.
The Operator may also request the User's social network profile address.
3.3. The Site protects data that is automatically transmitted when visiting pages:
- information about the device used to access the Site;
- IP address;
- browser information;
- date and time of access;
- information about the location of the device used to access the Site;
- information from cookies;
- referrer (address of the previous page).
3.3.1. Disabling cookies may make it impossible to access parts of the Site that require authorisation.
3.3.2. The Site collects statistics on IP addresses of its Users. This information is used to prevent, detect and resolve technical problems. The Site may also collect and process depersonalised data on Site Users using Internet statistics services (Yandex.Metrica and others).
3.4. Any other personal information not specified above (browsing history, browsers used, operating systems, etc.) is subject to secure storage and non-distribution, except as provided in clause 6.2 of this Policy.
4. Purposes of collecting the User's personal information
4.1. The Operator may use the User's personal data for the following purposes:
4.1.1. Registration of the User on the Site;
4.1.2. Identification of the User registered on the Site for further authorisation as a Buyer, placing orders and other actions;
4.1.3. Providing the User with access to personalised Site data;
4.1.4. Establishing feedback with the User, including sending notifications and requests regarding the use of the Site, the processing of sale-purchase of goods, and the processing of requests and applications from the User;
4.1.5. Providing customer support to the User by the Operator;
4.1.6. Sending the User information about goods offered by the Operator, bonus events, promotions, etc. held by the Operator, as well as advertising and any other promotion of the Operator's goods on the market by direct contact with the User, if the User has given separate consent by ticking the relevant checkbox on Site forms (including at registration);
4.1.7. Performance by the Operator of obligations to sell and/or deliver the goods placed on the Site and selected by the User (Buyer), including through service messages;
4.1.8. Conducting audits and other internal research, including surveys and studies aimed at identifying satisfaction (dissatisfaction) with the Operator's goods, in order to improve their quality.
5. Legal grounds for processing personal data
5.1. The legal basis for the processing of personal data is the set of legal acts in pursuance and in accordance with which the Operator processes personal data, including:
- the Constitution of the Russian Federation;
- the Civil Code of the Russian Federation;
- Federal Law No. 14-FZ of 08.02.1998 “On Limited Liability Companies”;
- Law of the Russian Federation No. 2300-1 of 07.02.1992 “On Protection of Consumer Rights”;
- agreements and contracts concluded between the Operator and the User;
- other regulatory legal acts governing relations connected with the Operator's activities;
- consent to the processing of personal data (in cases not directly provided for by the legislation of the Russian Federation but corresponding to the Operator's powers).
6. Methods and terms of processing personal data
6.1. The processing of the User's personal data is carried out until the Operator ceases its activities or until the personal data subject withdraws consent to the processing of personal data (whichever occurs earlier), by any lawful means, including in personal data information systems with or without the use of automation tools.
6.2. The User agrees that the Operator has the right to transfer personal data to third parties in the following cases:
6.2.1. The User has expressed consent to such actions, including where the User's software settings do not restrict the provision of certain information;
6.2.2. Transfer is necessary for the User's use of the Site's functionality;
6.2.3. Transfer is required in accordance with the purposes of personal data processing (for the purposes of contract performance). In particular, to courier services, postal (including electronic) communications organisations, telecommunications operators, banking organisations exclusively for the purposes of fulfilling an order placed on the Site, including the dispatch and delivery of goods, documentation or e-mail messages, consulting, surveys, promotions, etc.;
6.2.4. Transfer is necessary for the User's use of a specific service or for the performance of a specific agreement or contract with the User;
6.2.5. In connection with the transfer of the Site into possession, use or ownership of such a third party;
6.2.6. To protect the rights and lawful interests of the Operator in connection with violations committed by the User;
6.2.7. The User's personal data may be transferred to authorised state authorities of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
6.3. The Operator takes the necessary organisational and technical measures to protect the User's personal data from unauthorised or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties.
6.4. The Operator, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
6.5. The Operator does not perform cross-border transfer of the User's personal data and stores personal data on the territory of the Russian Federation.
7. Clarification, termination and destruction of personal data
7.1. If the inaccuracy of personal data or the unlawful nature of its processing is confirmed, personal data shall be updated by the Operator, or its processing shall be terminated, as appropriate. The fact of inaccuracy of personal data or unlawfulness of its processing may be established either by the User or by the competent state authorities of the Russian Federation.
7.2. Upon written request from the User or their representative, the Operator is obliged to provide information on the processing of personal data of the specified subject. The request must contain the number of the main identity document of the User and/or their representative, information on the date of issue of such document and the issuing authority, information confirming the User's participation in relations with the Operator (contract number, date of conclusion, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing of personal data by the Operator, and the signature of the User or their representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the User's request does not reflect all necessary information, or the personal data subject does not have access rights to the requested information, a reasoned refusal is sent.
The response to the request of the User or their representative, containing all necessary information in accordance with the requirements of the Personal Data Law, is provided by the Operator within ten working days from the moment of application or receipt of such request. For objective reasons, the Operator may extend the response period by up to five working days.
The response is provided in the form in which the corresponding appeal or request was sent, unless otherwise indicated in the appeal or request.
7.3. The User has the right to demand from the Operator the clarification of their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and to take measures provided for by law to protect their rights.
7.4. The User may at any time change (update, supplement) personal data provided in whole or in part, either independently in the User's personal account on the Site, or by sending the Operator updated personal data via e-mail with a statement to the address: info@laimalux.com from an e-mail address known to the Operator, or in writing to the address specified in clause 1.1.3 of this Policy. When sent on paper, the statement must be signed by the User personally.
The statement must contain:
- the number of the main identity document of the personal data subject or their representative, information on the date of issue and the issuing authority;
- information confirming the participation of the personal data subject in relations with the Operator (contract number, date, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing of personal data by the Operator;
- information subject to change (updating, supplementing) or destruction.
7.5. The User has the right at any time to apply to the Operator with a demand for termination of personal data processing, or to withdraw consent to the processing of personal data, by sending an e-mail with the corresponding statement to: info@laimalux.com from an e-mail address known to the Operator, or in writing to the address specified in clause 1.1.3 of this Policy. When sent on paper, the statement must be signed by the User personally.
The statement must contain:
- the number of the main identity document of the personal data subject or their representative, information on the date of issue and the issuing authority;
- information confirming the participation of the personal data subject in relations with the Operator (contract number, date, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing of personal data by the Operator.
The Operator, within ten working days from the date of receipt of the corresponding demand, terminates the processing of personal data or ensures its termination (if such processing is carried out by a person processing personal data on its behalf), except for the cases provided for in clauses 2–11 of part 1 of article 6, part 2 of article 10 and part 2 of article 11 of the Personal Data Law.
The said period may be extended by the Operator by no more than five working days, subject to sending the User a reasoned notice indicating the reasons for the extension.
7.6. Upon achievement of the purposes of personal data processing, as well as in the event of the User's withdrawal of consent to processing, personal data shall be destroyed within a period not exceeding thirty days from the date of achievement of the processing purpose, unless:
- otherwise provided by a contract to which the User is a party, beneficiary or guarantor;
- the Operator is not entitled to process without the User's consent on the grounds provided by the Personal Data Law or other federal laws;
- otherwise provided by another agreement or contract between the Operator and the User.
7.7. Personal data of personal data subjects is stored no longer than required by the purposes of its processing and is subject to destruction upon achievement of those purposes or loss of the need to achieve them, but no later than thirty days from the moment of termination of processing.
7.8. The destruction of personal data must meet the following requirements:
- it must be as reliable and confidential as possible, excluding the possibility of subsequent recovery;
- destruction must concern only those personal data subject to destruction in connection with the achievement of the purposes of processing, or loss of the need to achieve them;
- it is legally documented as a personal data deletion act;
- it is carried out by a personal data destruction commission.
7.9. Media carrying personal data of subjects are destroyed upon achievement of the purposes of processing or loss of the need to achieve them, by a commission using the following means:
- destruction of personal data stored in personal data information systems is carried out by deleting corresponding values in the database using operating system tools that exclude the possibility of recovering this data;
- destruction of personal data contained on paper media is carried out by shredding into small pieces, excluding the possibility of subsequent recovery of information.
8. Rights and obligations of the parties
8.1. The User has the right to:
8.1.1. Make a free decision on providing their personal data necessary for use of the Site, and give consent to its processing;
8.1.2. Independently update and supplement the provided personal data information if it changes;
8.1.3. Demand termination of personal data processing;
8.1.4. Request and receive from the Operator information regarding the processing of their personal data, if such right is not restricted in accordance with federal laws;
8.1.5. Demand from the Operator the clarification of their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, and take measures provided for by law to protect their rights.
8.2. The Operator is obliged to:
8.2.1. Use the obtained information exclusively for the purposes specified in section 4 of this Policy;
8.2.2. Keep confidential information in secret, not disclose it without the User's prior written permission, and not sell, exchange, publish or otherwise disclose the User's personal data transferred, except as provided in clause 6.3 of this Policy;
8.2.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure usually used for protecting this type of information in existing business practice;
8.2.4. Block personal data related to the relevant User from the moment of application or request of the User, their legal representative or authorised body for the protection of the rights of personal data subjects, for the period of verification, in case of detection of inaccurate personal data or unlawful actions;
8.2.5. Notify the authorised body for the protection of the rights of personal data subjects in the event of unlawful or accidental transfer (provision, distribution, access) of personal data resulting in a violation of the rights of personal data subjects, within the timeframes established by the Personal Data Law:
- about the incident that occurred;
- about the presumed causes that led to the violation of the rights of personal data subjects, and the presumed harm caused to those rights;
- about the measures taken to eliminate the consequences of the incident;
- about the results of the internal investigation of the identified incident,
as well as perform other necessary actions provided for by the current legislation of the Russian Federation on personal data.
8.3. A User that is a legal entity or individual entrepreneur, by transferring the personal data of its employees to ensure interaction with the User for the purpose of receiving the Operator's goods, thereby instructs the Operator to perform the following actions with the personal data of persons in respect of whom such User is the personal data operator: collection, recording, systematisation, accumulation, storage, clarification (updating, modification), use, transfer (provision, access), depersonalisation, blocking, deletion, destruction.
8.4. A User that is a legal entity or individual entrepreneur and has transferred to the Operator the personal data of its employees, certifies and warrants that:
- it has obtained written consents of the personal data subject(s) for processing of their personal data by the personal data operator for the purpose of receiving the Operator's goods;
- the personal data subject(s) have been notified of the name, INN, OGRN, and location of the Operator, as well as of the processing of their personal data by the personal data operator for the purpose of receiving the Operator's goods;
- the validity period of the personal data subject(s)' consents has not expired.
9. Protection of personal data
9.1. The Operator takes the necessary and sufficient organisational and technical measures to protect the User's personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions of third parties.
9.2. To prevent unauthorised access to personal data, the Operator applies, in particular, the following organisational and technical measures:
- appointment of officials responsible for organising the processing and protection of personal data;
- limiting the range of persons who have access to personal data;
- familiarising subjects with the requirements of federal legislation and the Operator's regulatory documents on processing and protection of personal data;
- organising the accounting, storage and handling of information media;
- checking the readiness and effectiveness of the use of information protection tools;
- differentiating user access to information resources and software and hardware information processing tools;
- registration and accounting of user actions in personal data information systems;
- use of antivirus tools and tools for restoring the personal data protection system;
- other organisational and technical measures.
9.3. Prevention of unauthorised access to personal data also depends on the User. The User undertakes to maintain the confidentiality of their account data (e-mail address, unique link to log into the personal account) and is responsible for the security (resistance to guessing) of the password they have chosen. The User undertakes to immediately notify the Operator of any case of unauthorised (not permitted by the User) access to the personal account using the User's account and/or any violation (suspicion of violation) of the confidentiality of their access means. For security reasons, the User must independently securely end the session in their account at the end of each session.
10. Liability of the parties
10.1. The Operator who has failed to fulfil its obligations is liable for losses incurred by the User in connection with the unlawful use of personal data, in accordance with the legislation of the Russian Federation, except for the cases provided for in clauses 6.3 and 10.2 of this Policy.
10.2. In the event of loss or disclosure of confidential information, the Operator is not liable if such confidential information:
- became publicly available before its loss or disclosure;
- was received from a third party before being received by the Operator;
- was disclosed with the lawful consent of the User.
10.3. The User bears full responsibility for compliance with the requirements of the legislation of the Russian Federation, including laws on advertising, on protection of copyright and related rights, on protection of trademarks and service marks, but not limited to the above, including full responsibility for the content and form of materials.
10.4. The User acknowledges that responsibility for any information (including, but not limited to: data files, texts, etc.) to which they may have access as part of the Site lies with the person who provided such information.
10.5. The User agrees that information provided as part of the Site may be subject to intellectual property rights protected and owned by the Operator, its partners or advertisers placing such information on the Site. The User may not modify, rent, loan, sell, distribute or create derivative works based on such content (in whole or in part), except where such actions have been expressly authorised in writing by the owners of such content under the terms of a separate agreement.
10.6. With regard to text materials (articles, publications freely publicly available on the Site), their distribution is permitted provided that a link to the Site is given.
10.7. The Operator is not liable to the User:
10.7.1. For any loss or damage incurred by the User as a result of deletion, failure or inability to save any content and other communication data contained on the Site or transmitted through it;
10.7.2. For any direct or indirect damages arising from: the use or impossibility of use of the Site or its individual services; unauthorised access to the User's communications; statements or behaviour of any third party on the Site;
10.7.3. For any information posted by the User on the Site, including, but not limited to: information protected by copyright, without the express consent of the copyright owner, where such posting is technically possible.
11. Dispute resolution
11.1. Disputes are considered in accordance with and in the manner provided for by the current legislation of the Russian Federation.
11.2. The current legislation of the Russian Federation applies to this Policy and to the relations between the User and the Operator.
12. Other conditions
12.1. Users' personal data is stored on the territory of the Russian Federation.
12.2. This Policy comes into force from the moment of its placement on the Site and is valid indefinitely until replaced by a new version of the Policy, by placing the new version on the Site, unless otherwise provided by the new version.
12.3. The Operator has the right to make changes to this Policy at any time unilaterally without prior notice to the User. Users must independently and regularly consult the Policy to be acquainted with the most current version.
12.4. All proposals or questions regarding this Policy should be sent to: info@laimalux.com.