ERA PRIVACY POLICY

1. Provision of Information by the Client:

1.1. When contacting the director on the website https://erann.ru (hereinafter referred to as the «Site»), the Customer provides the following information: Name, email address.

1.2. By providing their personal data, the Customer consents to their processing (until the Customer withdraws their consent to the processing of their personal data) by the Men's Spa Salon «ERA» (hereinafter referred to as the «Executor»), for the purposes of fulfilling the Executor's and/or its partners' obligations to the customer, receiving advertising and informational messages, and service messages. When processing the Customer's personal data, the Executor is guided by the Federal Law «On Personal Data,» the Federal Law «On Advertising,» and local regulatory documents.

1.3. If the Customer wishes to clarify, block, or destroy their personal data in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing, or if the Customer wishes to withdraw their consent to the processing of personal data or eliminate unlawful actions by the Men's Spa Salon «ERA» regarding their personal data, they must send an official request to the Seller in the manner prescribed by the Men's Spa Salon «ERA» Policy regarding the processing of personal data – [link to document].

If the Customer wishes to delete their account on the Site, the Customer contacts us at spamk56@mail.ru with a corresponding request. This action does not imply the withdrawal of the Customer's consent to the processing of their personal data, which, according to current legislation, must be done in the manner prescribed by paragraph 1 of this clause.

1.4. Use of information provided by the Customer and received by the Executor.

1.4.1. The Executor uses the data provided by the Client for the duration of the discount promotion for the purposes of:

• the Customer receiving advertising and informational messages and service messages;
• processing the discount specified on the website to fulfill its potential obligations to the Customer;
• for carrying out promotional activities for services;
• evaluating and analyzing the Site's performance;
• informing the Customer about promotions, discounts, and special offers via email newsletters.

1.4.2. The Executor has the right to send the Customer advertising and informational messages. If the Customer does not wish to receive advertising and informational messages from the Executor, they must notify us at the email address spamk56@mail.ru of this requirement. From the moment of receiving the aforementioned requirement, the Executor may continue sending newsletters for up to 3 days, due to the specifics of the operation and interaction of information systems.

2. Provision and Transfer of Information Obtained by the Seller:

2.1. The Executor undertakes not to transfer the information received from the Customer to third parties.

2.2. The transfer of information in accordance with reasonable and applicable requirements of the legislation of the Russian Federation is not considered a breach of obligations.

2.3. The Executor has the right to use «cookies» technology. «Cookies» do not contain confidential information and are not transferred to third parties.

2.4. This information is not used to identify the visitor.

2.5. When processing personal data, the Executor takes necessary and sufficient organizational and technical measures to protect personal data from unauthorized access, as well as from other unlawful actions regarding personal data.

2.6. More detailed information about the Men's Spa Salon "ERA" policy regarding the processing of personal data is provided below.

POLICY ON THE PROCESSING OF PERSONAL DATA

1. INTRODUCTION

1.1 This document defines the policy of the Men's Spa Salon "ERA" (hereinafter – the Salon) regarding the processing of personal data (hereinafter – PD).

1.2 This Policy is developed in accordance with the current legislation of the Russian Federation on personal data.

1.3 The scope of this Policy covers all processes of collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, carried out using automation tools and without the use of such means.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

The processing of personal data is based on the following principles:

1. Processing of personal data is carried out on a lawful and fair basis;
2. Processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of collecting personal data is not permitted;
3. Merging databases containing personal data processed for incompatible purposes is not permitted;
4. Only personal data that meets the purposes of their processing is subject to processing;
5. The content and volume of processed personal data correspond to the stated processing purposes. The processed personal data is not excessive in relation to the stated processing purposes;
6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data in relation to the stated purposes of their processing are ensured.
7. Storage of personal data is carried out in a form that allows identification of the subject of personal data for no longer than required by the purposes of processing personal data, unless the storage period for personal data is established by federal law, contract, where the subject of personal data is a party, beneficiary, or guarantor. Processed personal data is subject to destruction or depersonalization upon achieving the processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided by federal law.

3. CONDITIONS FOR PROCESSING PERSONAL DATA

3.1 Processing of personal data is carried out in compliance with the principles and rules established by the Federal Law "On Personal Data". Processing of personal data is permitted in the following cases:

1. Processing of personal data is carried out with the consent of the subject of personal data to the processing of their personal data;
2. Processing of personal data is necessary to achieve the purposes provided for by an international treaty of the Russian Federation or law, for the implementation and fulfillment of the functions, powers, and duties imposed on the operator by the legislation of the Russian Federation;
3. Processing of personal data is necessary for the administration of justice, execution of a judicial act, act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
4. processing of personal data is necessary for the performance of a contract where the subject of personal data is a party, beneficiary, or guarantor, as well as for concluding a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be a beneficiary or guarantor;
5. processing of personal data is necessary to protect the life, health, or other vital interests of the subject of personal data, if obtaining the consent of the subject of personal data is impossible;
6. processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for achieving socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
7. processing of personal data is carried out for statistical or other research purposes, provided that the personal data is mandatory depersonalized. Exception is made for the processing of personal data for the purpose of promoting goods, works, services on the market by means of direct contact with a potential consumer via communication means, as well as for political campaigning;
8. processing of personal data is carried out, access to which is provided to an unlimited number of persons by the subject of personal data, or at their request (hereinafter – personal data made publicly available by the subject of personal data);
9. processing of personal data is carried out that is subject to publication or mandatory disclosure in accordance with federal law.

3.2 The Salon may include personal data of subjects in public sources of personal data, provided that the Salon obtains the written consent of the subject to the processing of their personal data.

3.3 The Salon may process special categories of personal data concerning race, nationality, health status, provided that the Salon undertakes to obtain the written consent of the subject for the processing of their personal data.

3.4 Biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which their identity can be established and which is used by the operator to identify the subject of personal data) are not processed by the Salon.

3.5 Making decisions based solely on automated processing of personal data that give rise to legal consequences for the subject of personal data or otherwise affect their rights and legitimate interests is not carried out.

3.6 If written consent of the subject for the processing of their personal data is not required, the consent of the subject can be given by the subject of personal data or their representative in any form that allows confirmation of its receipt.

3.7 The Salon has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with that person (hereinafter – the operator's instruction). In doing so, the Salon obliges the person processing personal data on behalf of the Salon to comply with the principles and rules of personal data processing provided for by this Federal Law.

3.8 If the Salon entrusts the processing of personal data to another person, the Salon itself is responsible to the subject of personal data for the actions of that person. The person processing personal data on behalf of the Salon is responsible to the Salon.

3.9 The Salon undertakes and obliges other persons who have gained access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.

4. OBLIGATIONS OF THE SALON

In accordance with the requirements of Federal Law No. 152-FZ «On Personal Data,» the Salon is obliged to:

Provide the subject of personal data, upon their request, with information regarding the processing of their personal data, or provide a lawful refusal.

Upon the request of the subject of personal data, clarify the processed personal data, block or delete them if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing.

Maintain a Log of appeals from subjects of personal data, which should record requests from subjects of personal data to obtain personal data, as well as facts of providing personal data in response to these requests.

Notify the subject of personal data about the processing of personal data if the personal data was not obtained from the subject of personal data. The following cases are exceptions:

The PD subject is notified about the processing of their PD by the relevant operator;

PD was obtained by the Salon on the basis of federal law or in connection with the performance of a contract where the subject of PD is a party, beneficiary, or guarantor;

PD was made publicly available by the subject of PD or obtained from a public source;

The Salon processes PD for statistical or other research purposes, for the exercise of professional journalistic activity or scientific, literary, or other creative activity, provided that the rights and legitimate interests of the PD subject are not violated;

Providing the PD subject with the information contained in the Notification of PD processing violates the rights and legitimate interests of third parties.

— Upon achieving the purpose of processing personal data, immediately cease processing personal data and destroy the corresponding personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract where the subject of personal data is a party, beneficiary, or guarantor, by another agreement between the Salon and the subject of personal data, or if the Salon is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by No. 152-FZ «On Personal Data» or other federal laws;

— In case of withdrawal by the subject of personal data of consent to the processing of their personal data, cease processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by the agreement between the Salon and the subject of personal data. The Salon must notify the subject of personal data about the destruction of personal data;

— In case of receipt of a requirement from the subject to cease processing personal data for the purpose of promoting goods, works, services on the market, immediately cease processing personal data.

5. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING

5.1 When processing personal data, the Salon takes necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.

5.2 Ensuring the security of personal data is achieved, in particular, by:

• identifying threats to the security of personal data during their processing in personal data information systems;
• applying organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for the protection of personal data, the fulfillment of which ensures the levels of personal data protection established by the Government of the Russian Federation;
• using information security tools that have passed the conformity assessment procedure in the established manner;
• assessing the effectiveness of the measures taken to ensure the security of personal data before putting the personal data information system into operation;
• accounting for machine carriers of personal data;
• detecting facts of unauthorized access to personal data and taking measures;
• recovering personal data modified or destroyed due to unauthorized access to them;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
• monitoring the measures taken to ensure the security of personal data and the level of security of personal data information systems.