This policy has been drawn up in accordance with Part 2 of Article 18.1 of the Federal Law No. 152-FZ “On Personal Data” dated 27.07.2006, and the Regulation of the European Parliament and the Council (EU) No. 2016/679 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) dated April 27, 2016, as well as the California Consumer Privacy Act (CCPA) and defines the policy of Bothelp LLC (hereinafter referred to as the Operator) regarding the processing of personal data and contains information about the requirements for the protection of personal data implemented by the Operator. This policy applies to all personal data processed through the Service which the Operator receives or can receive from the User.
1.1. The following terms and definitions for the purposes of this policy have the following meanings:
1.2. All other terms and definitions found in the text of this policy are interpreted by the Parties in accordance with applicable law, current recommendations (RFC) of international standardization bodies on the Internet, and the usual rules for the interpretation of relevant terms on the Internet.
1.3. Terms and definitions used in this Agreement can be used both in the singular and in the plural, depending on the context, the terms can be spelled both in uppercase and lowercase letters.
1.4. The names of the headings (articles), as well as the design of this document, are intended only for the convenience of using the text of the Agreement and have no literal legal value.
1.5. This policy has been developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ “On Information, Information Technologies and Information Protection” dated July 27, 2006, Federal Law No. 152-FZ “On Personal data” dated July 27, 2006, and other federal laws. For Users located in the European Union, this policy also takes into account the mandatory requirements of the Regulation of the European Parliament and of the Council (EU) No. 2016/679 “On the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)” dated April 27, 2016, (GDPR), as well as the California Consumer Privacy Act (CCRA).
1.6. This policy defines the procedure and conditions for the processing of personal data by the Operator, including the procedure for transferring personal data to third parties, the features of manual processing of personal data, the procedure for accessing personal data, the system for protecting personal data, the procedure for organizing internal control and liability for violations in the processing of personal data, and also other issues.
1.7. This policy takes effect from the moment it is approved by the Operator and is valid indefinitely until it is replaced with a new policy.
1.8. The Operator has the right to make changes to this policy without the consent of the User. All changes to the policy are made by the regulatory act of the Operator.
1.9. This policy applies to all stages of the personal data processing performed using the Service without using automation tools. The Operator does not control and is not responsible for websites owned by third parties which the User can access by clicking on the links posted on the Service.
2.1. The Operator’s processing of the User’s personal data is guided by the following documents:
2.2. The User’s personal data is processed on the basis and in pursuance of the Agreement governing the use of the Service, and other transactions, agreements, or contracts concluded between the User and the Operator or based on the User’s separate consent to such processing.
2.3. The User’s personal data is processed by the Operator only if the User reached the age of 16. In case the User is under 16 years old, then the obligatory consent of the legal representatives of the User is required, otherwise the Operator upon detecting a discrepancy in age with the required one shall remove the User from the Service.
3.1. The Operator processes only the personal data necessary for using the Service or executing transactions, agreements, and contracts with the User, except for cases when the legal norms of the Russian Federation, the European Union, or the United States of America provide for the mandatory storage of personal information for a period specified by law.
3.2. When processing personal data, the Operator does not combine databases containing personal data which is to be processed for incompatible purposes.
3.3. The Operator processes the personal data of the User for the following purposes:
4.1. The Operator can receive the User’s personal data from various sources, in particular:
4.2. The Operator processes personal data necessary for the execution of the Agreement or another transaction with the User.
4.3. Personal data allowed to be processed in accordance with this policy and provided by Users who are physical persons using the Service by filling in the appropriate input fields when using the Service may include the following information:
4.4. Personal data processed in accordance with this policy and automatically transferred to the Operator in the process of using the Service including the software installed on the User’s device may include the following information:
4.5. In accordance with this policy, the Operator processes the personal data of persons belonging to the following categories of personal data owners:
4.6. Certain categories of personal data of Users using the Service both on their own behalf and on behalf of an individual they represent are processed with the following features:
4.7. How we use information. We may use the personal information you provide to us for the following purposes:
5.1. The Operator has the right to process the personal data of the User without notice to the authorized body for the protection of the rights of personal data subjects in accordance with Part 2 of Article 22 (Clauses 2 and 8) of the Federal Law “On Personal Data”.
5.2. The Operator processes the User’s personal data using the personal data information system without using automation tools in accordance with the laws, statutes, codes, rules, regulations, and requirements of the Russian Federation that establish requirements for ensuring the security of personal data during its processing and for observing the rights of personal data subjects. Such actions with personal data as the use, refinement, distribution, destruction of personal data of the User are performed with the direct participation of the Operator’s employees in accordance with the features approved by the Decree No. 687 of the Government of the Russian Federation dated September 15, 2008.
5.3. The Operator processes and stores the User’s personal data for a period determined in accordance with the Agreement on the use of the Service, or about which the Operator informed the User upon receipt of the User’s consent to the processing of the personal data in another way (in a check-box, an SMS message, in email, etc.).
5.4. Concerning the personal data of the User, its confidentiality is maintained, except for cases when the User voluntarily provides information about himself/herself for general access to an unlimited circle of persons.
5.5. The Operator has the right to transfer the User’s personal data to third parties using modern methods of connection encryption via the secure HTTPS protocol in the following cases:
5.6. The Processors can be:
5.7. In the event personal data of a User located in the EU is leaked, the Operator without undue delay and if possible no later than 72 hours after he/she becomes aware of this, notifies the competent supervisory EU authority about the leak of personal data, except in cases when this leak of personal data is unlikely to turn into risks for the rights and freedoms of individuals.
5.8. The Operator shall take the necessary organizational and technical measures in order to protect the User’s personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties. In particular, all processed data is transferred using modern methods of connection encryption via the secure HTTPS protocol.
5.9. In case a violation of personal data protection can create a high degree of risk for the rights and freedoms of individuals, the Operator notifies the User about the leakage of personal data without unreasonable delay. A communication to the data subject is not required if any of the following conditions are met: (a) The Operator has taken appropriate technical and organizational protective measures to personal data affected by the leak, including measures that display personal data in an incomprehensible form for any person who does not have the right to access it, including cryptographic protection; (b) the Operator has taken subsequent measures to ensure that the high risk to the rights and freedoms of data subjects is no longer able to get realized; (c) a disproportionate effort is required. In this case, instead, a communication is made to the public or a similar measure is taken by which the data subjects are equally informed.
5.10. The Operator shall take the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions of third parties.
5.11. The Operator together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User’s personal data.
5.12. The Operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by laws, statutes, codes, rules, regulations, and requirements.
5.13. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), extracts personal data of Users who are citizens of the Russian Federation using databases located on the territory of the Russian Federation.
5.14. The Operator stops processing the personal data of the Users (which is processed with their consent) upon expiration of the User’s consent to the processing or upon withdrawal of the User’s consent to the processing of the personal data, as well as in the event of unlawful processing of personal data or the liquidation of the Operator.
6.1. The right to access the personal data of the User is reserved only to the Operator’s and/or the Processor’s employees who are allowed by their work duties to work with the User’s personal data based on a list of persons authorized to work with personal data which is approved by the Operator and/or the Processor.
6.2. The list of employees who have access to personal data shall be maintained by the Operator and/or the Processor in an up-to-date state.
6.3. It’s prohibited for third parties who are not employees of the Operator and/or the Processor to access the personal data of the User without the consent of the User, except for cases established by laws, statutes, codes, rules, regulations, and requirements.
6.4. The access of the Operator’s and/or the Processor’s employee to the personal data of the User ceases from the date of termination of the employment relationship or from the date the employee loses the right to access the personal data of the User in connection with changed job duties, position or other circumstances in accordance with the procedure established by the Operator and/or the Processor. In the event of termination of employment, all media with the User’s personal data that were at the disposal of the dismissed employee of the Operator and/or the Processor are transferred to a higher-ranking employee in the manner established by the Operator and/or the Processor.
7.1. The User may at any time change, update, supplement, or delete the personal data provided to them or part thereof using the Service interface.
7.2. If the Operator independently identifies that the User’s personal data is incomplete or inaccurate, the Operator shall take all possible measures to update personal data and make appropriate corrections.
7.3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete it.
7.4. If it becomes known that the processing of the User’s personal data is unlawful, the processing by the Operator shall stop, and the personal data shall be deleted.
7.5. If the Service interface is inoperative or the Service does not have a function for changing, updating, supplementing, or deleting the personal data by the User, as well as in any other cases, the User has the right to demand in writing from the Operator the clarification of his/her personal data, its blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose.
7.6. The Operator makes the necessary changes to the personal data that are incomplete, inaccurate, or irrelevant in a period not exceeding seven business days from the date the User provides information confirming that the personal data is incomplete, inaccurate, or outdated.
7.7. The Operator destroys the User’s personal data illegally obtained or not necessary for the stated processing purpose within a period not exceeding seven business days from the date the User submits information confirming that such personal data is illegally obtained or is not necessary for the stated processing purpose.
7.8. The Operator notifies the User of the changes made and measures taken and takes reasonable measures to notify third parties to whom the personal data of this User was transferred.
7.9. User’s rights to change, update, supplement, or delete personal data may be limited in accordance with the requirements of laws, statutes, codes, rules, regulations, and requirements. Such restrictions, in particular, may provide for the Operator’s obligation to save personal data changed, updated, supplemented, or deleted by the User for a period specified by laws, statutes, codes, rules, regulations, and requirements and to transfer such personal data in accordance with the established procedure to state authorities.
8.1. The User has the right to receive information from the Operator regarding the processing of his/her personal data, including:
8.2. The Operator provides free of charge the opportunity to familiarize yourself with the personal data processed and stored in the Operator’s information system within thirty calendar days from the date of receipt of a written request from the User.
8.3. In case the Operator refuses to provide information on the availability of personal data about the User or personal data to the User upon his/her request or upon receipt of a request from the User, the Operator shall provide in writing a reasoned response, which is the basis for such a refusal, within a period not exceeding thirty calendar days from the date of receipt of the User’s request.
8.4. The Operator provides an opportunity to send a request for deletion of personal data (information about which was received by the User) by sending a request to the email address [email protected].
8.5. If the User sends a request, in accordance with clause 8.4, the Operator shall delete his/her personal data within thirty calendar days from the receipt of such a written request from the User.
9.1. The security of personal data during its processing in the information system is ensured by a personal data protection system that neutralizes current threats defined in accordance with part 5 of article 19 of the Federal Law “On Personal Data”.
9.2. The personal data protection system used by the Operator includes legal, organizational, technical, and other measures to ensure the security of personal data, defined taking into account current threats to the security of personal data and information technologies used in information systems.
9.3. With regard to personal data (which the User has given consent to being processed by third parties) the Operator based on an agreement has the right to attract another person ensuring the security of such personal data when being processing in the information system. At the same time, all processed data is transmitted using modern methods of connection encryption through the secure HTTPS protocol.
9.4. When processing personal data in the information system, the Operator ensures:
9.5. In order to comply with security requirements and implement a personal data security system, the Operator has developed a private model of security threats to the personal data information system.
9.6. In accordance with the Decree of the Government of the Russian Federation No. 1119 “On approval of requirements for the protection of personal data when processed in personal data information systems” dated November 1, 2012, the Operator has determined the level of protection of personal data when processing it in the personal data information system owned by the Operator.
9.7. The Operator drew up an act determining the level of protection of personal data during the processing in the personal data information system.
9.8. Based on the level of personal data security determined by the Operator when processing it in the personal data information system without using automation, the Operator developed and implemented a set of measures to protect and ensure the security of personal data.
9.9. The Operator uses hardware and software for processing and protecting personal data, and also maintains a register of personal data protection means.
9.10. The Operator keeps a journal of accounting and storage of removable storage media containing personal data.
9.11. Technical means ensuring the functioning of the personal data information system are located in premises owned by the Operator based on ownership or other property rights (rent, use, etc.).
9.12. All employees of the Operator authorized to work with personal data, as well as those associated with the operation and maintenance of the personal data information system, are familiar with the requirements of this policy, as well as with the Operator’s internal documents regulating the procedure for working with personal data.
9.13. The Operator has organized the process of training employees in the use of personal data protection equipment managed by the Operator. The training is held by employees with constant access to personal data, and employees associated with the operation and maintenance of the personal data information system and personal data protection facilities.
9.14. The internal documents of the Operator established that employees must immediately inform the appropriate official of the Operator about the loss, damage, or shortage of information carriers containing personal data, as well as about attempts to unauthorized disclosure of personal data, its reasons, and conditions.
10.1. The User decides to provide his/her personal data and agrees to its processing freely, voluntarily, of his/her own free will, and for his/her benefit.
10.2. Consent to the processing of personal data provided by the User is specific, informed, and explicit and given by his/her free will.
10.3. In case the User’s personal data is processed on the basis and in pursuance of the Agreement governing the use of the Service, and other transactions, agreements or contracts concluded between the User and the Operator using the Service, such processing of the User’s personal data is carried out based on clause 5 of part 1 of Article 6 of the Federal of the Personal Data Law, subparagraph (b) of paragraph 1 of Article 6 GDPR and does not require separate consent.
10.4. In case the User’s personal data is processed based on a separate consent to such processing, expressed directly when using the Service by clicking on the appropriate button, by ticking the indicator of the corresponding check-box, sending an SMS message or email, such consent to the processing of personal data is provided by the User in the form of an electronic document signed with a simple electronic signature in accordance with the Agreement governing the use of the Service.
10.5. Consent to the processing of personal data may be revoked by the User following the procedure established by laws, statutes, codes, rules, regulations, and requirements.
11.1. If the User starts using the Service it means his/her acceptance of the terms of this policy. If the User disagrees with the terms of this policy, he/she should immediately stop using the Service.
11.2. The law of the Russian Federation shall apply to this policy and the relationship between the User and the Operator arising out of and in connection to this policy. GDPR shall also apply to Users located in the European Union. CCPA shall apply to Users located in California (USA).
11.3. This policy is always publicly available at the following link: https://bothelp.io/policy/.
11.4. The User can send all suggestions or questions regarding this policy to the Operator’s customer support service by sending an electronic message to the following email address [email protected]. Е-mail address for Users located in the European Union is the following: [email protected].