1. General provisions


1.1 This Personal Data Processing Policy (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by the Site Administration (hereinafter referred to as the Operator).


1.2 The Policy has been developed in accordance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter — the Federal Law "On Personal Data").


1.3 The Policy contains information subject to disclosure in accordance with Part 1 of Article 14 of the Federal Law "On Personal Data" and is a publicly available document posted on the Operator's website - https://steampay.com/privacy


1.4 Contact details of the operator:


- Email: [email protected]


- Website address: steampay.com


1.5 This Policy applies to all information posted on the website at steampay.com (hereinafter referred to as the Website), information about the User, as well as in relation to the personal data of the Operator's employees, its contractors and other subjects of personal data, information about which is processed by the Operator.


1.6 Any use of the Site means the User's unconditional Consent to this Policy and the terms of processing of his personal data specified therein.


In case of disagreement with these terms, the User must refrain from using the Site and in no case provide the Operator with his personal data.


2. Terms and definitions used


2.1 personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);


2.2 operator - an individual who independently or jointly with other persons organizes and (or) performs the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;


2.3 processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;


2.4 provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons;


2.5 destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;


2.6 blocking of personal data - temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data);


2.7. user – any individual who is on the Site and performs any actions on it, including purchasing goods or receiving services, filling out a feedback form or otherwise entering into a relationship with the Operator (e-mail, etc.). The user is the subject of personal data.


3. Purposes of personal data processing


3. Purposes of personal data processing


3.1 The Operator processes personal data for the following purposes:


5.1. for the execution of the contract, the party to which is either the beneficiary or the guarantor, according to which is the subject of personal data;


5.2. to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;


3.1.3 to achieve the goals stipulated by an international agreement of the Russian Federation or a law, to perform and fulfill the functions, powers and duties assigned to the Operator by the legislation of the Russian Federation.


4. Legal basis of personal data processing


4.1 The legal basis for the processing of personal data is:


4.1.1 The legislation of the Russian Federation in the field of personal data based on the Constitution of the Russian Federation and international treaties of the Russian Federation and consisting of the Federal Law "On Personal Data" and other federal laws defining the cases and features of personal data processing;


4.1.2 Consent to the processing of personal data, which the User provides by accepting this Policy or signing it in writing when concluding contracts with the Operator;


4.1.3 This Policy;


4.1.4. The User Agreement of the Site.


5. Categories of personal data subjects and composition of personal data


5.1 The categories of personal data subjects whose personal data are processed by the Operator include:


5.1.1 individuals who are in labor and civil relations with the Operator;


5.1.2 individuals who are in labor and civil relations with the Operator's counterparties;


5.1.3 personal data subjects who purchase goods or receive services on the Website.


5.2 For all categories of personal data subjects, personal data is processed by the Operator within the framework of legal relations with the Operator regulated by the Civil Code of the Russian Federation and the Labor Code of the Russian Federation


5.3 For all categories of personal data subjects, personal data is processed by the Operator, with the consent of the personal data subjects provided, either in writing or when performing certain actions on the Site, including ordering a callback and (or) sending a message to the Operator's email address specified in clause 1.6. of the Policy.


5.4 The Operator processes the following personal data of personal data subjects:


5.4.1 Surname, first name, patronymic;


5.4.2 Email;


5.4.3. Other information specified by the subject of personal data on the Website;


5.4.4. The data automatically transmitted to the Operator during the visit and use of the Site using the software installed on the User's device is also processed, including: IP address, information from cookies, information about the user's browser (or other program that accesses the site), access time, the address of the requested page, and others..


5.5 The Operator may process other personal data directly necessary to fulfill the purposes of personal data processing and provided by the User.


6. Terms of processing and storage of personal data


6.1 The Operator processes and stores personal data until the operator achieves the goals of personal data processing or until it is no longer necessary to achieve these goals.


7. Information about the processing of personal data


7.1 The Operator processes personal data on a lawful and fair basis in order to perform the functions, powers and duties assigned by law, exercise the rights and legitimate interests of the Operator, Operator employees and third parties.


7.2 The Operator receives personal data directly from the subjects of personal data.


7.3 The Operator processes personal data in automated and non-automated ways, using computer technology and without the use of such means.


7.4 Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.


7.5 Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.


8. Information about the security of personal data


8.1 The Operator appoints a person responsible for organizing the processing of personal data to perform the duties provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.


8.2 The Operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from unlawful actions:


8.2.1 provides unrestricted access to the Policy, a copy of which is posted on the Website;


8.2.2 develops local acts in compliance with the Policy;


8.2.3 familiarizes its employees with the provisions of the legislation on personal data, as well as with the Policy and other local acts that are adopted for its implementation;


8.2.4 allows employees to access personal data processed in the Operator's information system, as well as to their material carriers only for the performance of work duties;


8.2.5 establishes rules for access to personal data processed in the Operator's information system, and also ensures registration and accounting of all actions with them;


8.2.6 assesses the harm that may be caused to personal data subjects in case of violation of the Federal Law "On Personal Data", the ratio of this harm and the measures taken by the Operator aimed at ensuring the fulfillment of obligations provided for by the said federal law;


8.2.7 identifies threats to the security of personal data during their processing in the Operator's information system;


8.2.8 applies organizational and technical measures and uses information protection tools necessary to achieve the established level of personal data security;


8.2.9 detects the facts of unauthorized access to personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them;


8.2.10 assesses the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator's information system;


8.2.11 performs internal control over the compliance of personal data processing with the Federal Law "On Personal Data", regulatory legal acts adopted in accordance with them, personal data protection requirements, Policies and other local acts, including control over the measures taken to ensure the security of personal data and their level of security during processing in the Operator's information system.


9. Rights of personal data subjects


9.1 The subject of personal data has the right to:


9.1.1 receive personal data related to this subject and information related to their processing;


9.1.2 clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;


9.1.3 revoke his consent to the processing of personal data;


9.1.4 protect their rights and legitimate interests, including compensation for damages and compensation for moral damage in court;


9.1.5 appeal the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.


9.2 In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative, including by e-mail.


9.3 The request must contain the information specified in Parts 3, 7 of Article 14 of the Federal Law "On Personal Data" and must be sent to the email address specified in clause 1.6. of the Policy.


10. Final provisions


10.1. The Operator has the right to make changes to this Policy without the User's consent.


10.2. The new version of the Policy comes into force from the moment of its publication on the Website, unless otherwise provided by the new version of the Policy.


10.3. All suggestions or questions regarding this Policy should be sent to the email address specified in clause 1.6. of the Policy.


10.4. The current Policy is posted on the Website page at: https://steampay.com/privacy


10.5. An integral part of this Policy is the Consent to the processing of personal data posted on the Website.


This Policy applies directly and is interrelated with the User Agreement posted on the Site.