Privacy Policy
1. General terms

This Privacy Policy is made in compliance with the Federal Law on Personal Data No.152-FZ from 27.07.2006 (hereinafter referred to as “the Law on Personal Data”) and sets out principles and rules for personal data processing and steps for ensuring personal data safety taken by CHOICEIT Inc (hereinafter referred to as “the Operator”).
1.1. The Operator prioritizes the fulfillment of the rights and freedoms of a person and a citizen during the processing of their personal data, such as the right to privacy, to personal and family secrets.
1.2. This Privacy Policy (hereinafter referred to as “the Policy”) is applied by the Operator to all information about the users of the https://choiceit.me website that the Operator can obtain.

2. Key terms used in the Policy

2.1. Automated processing of personal data means processing of personal data using computing devices and technologies.
2.2. Restriction of personal data means a temporary suspension of personal data processing, except when processing is needed to rectify personal data.
2.3. Website means an array of graphic and information materials, as well as computer programs and databases that ensure their accessibility on the Internet at https://choiceit.me.
2.4. Information system of personal data means personal data contained in databases, as well as information technologies and technical devices used for personal data processing.
2.5. Pseudonymisation of personal data means a set of actions that make it impossible, without the use of additional information, to attribute personal data to an identified User or other personal data subject.
2.6. Processing of personal data means any activity (operation) or series of activities (operations) performed, with or without the help of automation tools, on personal data, such as collection, recording, structuring, storage, rectification (updating, alteration), retrieval, use, disclosure by transmission, dissemination or otherwise making available, pseudonymisation, restriction, erasure or destruction of personal data.
2.7. Operator means a state authority, local authority, company or individual that, alone or together with other parties, organizes and (or) performs the processing of personal data, determines the purposes of personal data processing, composition of personal data subject to processing, and actions (operations) performed on personal data.
2.8. Personal data means any information that can be, directly or indirectly, attributed to an identified or identifiable User of the https://choiceit.me website.
2.9. Personal data that has been consented for disclosure by the personal data subject means personal data that was made available to a wide public by the personal data subject through agreeing to the processing of personal data, and that was allowed for disclosure by the personal data subject under the Law on Personal Data (hereinafter referred to as “the personal data that has been consented for disclosure.”)
2.10. User means a person that visits the https://choiceit.me website.
2.11. Provision of personal data means disclosing personal data to a certain organization or individual, or a group of organizations or individuals.
2.12. Disclosure of personal data means revealing personal data to an unlimited range of persons (transfer of personal data) or making it public for an unlimited range of persons, such as publication of personal data in mass media, information and telecommunication networks, or making it accessible otherwise.
2.13. Trans-border transfer of personal data means the transfer of personal data to a foreign authority in a foreign state, foreign individual or foreign company.
2.14. Destruction of personal data means any actions that result in the irreversible destruction of personal data and make it impossible to restore personal data in the information system of personal data, and (or) destruction of physical carriers with personal data.

3. Rights and responsibilities of the Operator

3.1. The Operator has the right to:
– obtain accurate information and/or documents containing personal information from the personal data subject;
– if the personal data subject revokes their consent to the processing of their personal data, the Operator has the right to continue processing the subject’s personal data without the subject’s consent provided there are grounds under the Law on Personal Data that allow it;
– determine the measures which are necessary and sufficient for fulfilling the obligations under the Law on Personal Data and related regulations, unless otherwise established by the Law on Personal Data or other federal laws.
3.2. The Operator shall:
– on the request of the personal data subject, to provide them with information regarding the processing of their personal data;
– organize personal data processing under the established legislation of the Russian Federation;
– respond to requests submitted by personal data subjects and other authorized representatives under the Law on Personal Data;
– upon receiving a request from an authorized body that protects the rights of personal data subjects, provide such a body with the requested information within 30 days of receipt of the request;
– make this Policy public or provide unlimited access to it otherwise;
– take legal, organizational and technical steps to protect personal data from unauthorized or accidental access, destruction, alteration, restriction, copying, transfer, and disclosure, as well as other unauthorized actions in regards to personal data;
– cease the transfer (dissemination, disclosure, access) and processing of personal data, and destroy personal data in the cases provided by the Law on Personal Data;
– fulfill other obligations under the Law on Personal Data.

4. Key rights and responsibilities of personal data subjects

4.1. Personal data subjects have the right to:
– obtain information about the processing of their personal data, except for the cases provided by federal laws. The information must be provided by the Operator in an accessible form and must not contain the personal data attributed to other personal data subjects, except for the cases when such disclosure is required by the law. The list of information and the procedure for obtaining such information is provided by the Law on Personal Data.
– ask the Operator to update, restrict or destruct their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the specified purpose of processing, as well as take lawful steps to protect their rights;
– fulfill the right to prior consent in the cases when their personal data is processed with the purpose of promoting products and services;
– revoke their consent to the processing of their personal data;
– file a complaint with an authorized body that protects the rights of personal data subjects, or court against the Operator’s unlawful actions or lack of actions in regards to the processing of personal data;
– enforce other rights under the laws of the Russian Federation.
4.2. Personal data subjects shall:
– provide the Operator with correct personal data;
– inform the Operator about the need to rectify (update, alter) their personal data.
4.3. Subjects that provided the Operator with incorrect information about themselves or other personal data subjects without the consent of the latter, are responsible under the laws of the Russian Federation.

5. The Operator has the right to process the following personal data pertaining to the User:

5.1. First name, second name, and patronymic name.
5.2. Email address.
5.3. Phone numbers.
5.4. Web analytics services, such as Yandex.Metrics, Google Analytics, and others, collect and process pseudonymized data (including cookie files) of website users.
5.5. The above mentioned data will be hereinafter referred to as “Personal data”.
5.6. The Operator shall not process special categories of personal data that regard race, nationality, political views, religious and philosophical beliefs, and private life.
5.7. The personal data that has been consented for disclosure and belongs within the special categories of personal data specified in Part 1, Article 10 of the Law on Personal Data can be processed provided that the restrictions and terms specified in Article 10.1 of the Law on Personal Data are applied.
5.8. The User’s consent to the processing of personal data that has been consented for disclosure is obtained separately from other consents to the processing of personal data. In this case, the terms specified in Article 10.1 of the Law on Personal Data must be applied. The contents of such consent are determined by an authorized body that protects the rights of personal data subjects.
5.8.1 Consent to the processing of personal data that has been consented for disclosure is provided by the User directly to the Operator.
5.8.2 Within 3 days after receiving such consent from the User, the Operator must make public the information about the terms of processing, as well as restrictions and terms of personal data processing by an unlimited range of persons.
5.8.3 The transfer (dissemination, disclosure, access) of personal data that has been consented for disclosure must be suspended at any time, upon the request of the personal data subject. Such a request must contain the first and last name, patronymic name (if any), and contact information (phone number, email address, postal address) of the personal data subject, as well as the list of personal data in regard to which the processing must be suspended. The personal data contained in such a request can be processed solely by the Operator to whom it has been submitted.
5.8.4 Consent to the processing of personal data that has been consented for disclosure becomes invalid once the Operator has received the request mentioned in Clause 5.8.3 of this Policy.

6. Principles of personal data processing

6.1. Personal data shall be processed lawfully and fairly.
6.2. The processing of personal data only serves to achieve specified, explicit and legitimate purposes. The processing of personal data, which does not conform with the purposes of collecting personal data, is not allowed.
6.3. Combining of databases that contain personal data processed to achieve incompatible goals, is not allowed.
6.4. The Operator shall only process personal data that complies with the purposes of the processing.
6.5. The contents and volume of processed personal data must conform with the specified purposes of the processing. It is not allowed to process personal data which is excessive for the specified processing purposes.
6.6. Processed personal data shall be accurate, sufficient, and, when necessary, relevant to the processing purposes. The Operator shall take the necessary steps, and/or ensure that such steps are taken, to erase or rectify personal data which is incomplete or inaccurate.
6.7. Personal data shall be kept in the form that permits identification of personal data subjects. The personal data shall be stored for no longer than is necessary for the purposes of personal data processing, unless the period of storage is determined by a federal law or agreement to which the personal data subject is a party, beneficiary or guarantor. Processed personal data shall be destroyed or pseudonymized once the purposes of processing have been achieved or the necessity to achieve them has ceased to exist, unless otherwise is established by federal laws.

7. Purposes of personal data processing

7.1. User’s personal data shall be processed with the following purposes:
– keeping the User informed via emails;
– entering into, fulfillment and termination of civil agreements;
– providing the User with access to services, information, and/or materials contained on the https://choiceit.me website.
7.2. The Operator has the right to notify the User of new products and services, special offers, and events. The User can opt out of receiving such messages by sending an email (“Deactivate notifications of new products, services, and special offers”) at hello@choiceit.me.
7.3. Anonymized user data collected by web analytics services serve to gather information about the User’s behavior on the website, improve the website and its content.

8. Legal grounds for personal data processing

8.1. The Operator processes personal data based on the following legal grounds:
– list the laws and decrees that regulate your niche. If, for example, you’re an IT company (website development), you can mention the Federal Law on Information, Information Technologies and Information Protection No. 149-FZ from 27.07.2006;
– Operator’s incorporation documents;
– agreements made between the Operator and the personal data subjects;
– federal laws and other regulations that ensure personal data protection;
– User consent to the processing of their personal data, as well as personal data that has been consented for disclosure.
8.2. The Operator shall process the User’s personal data only if the User has submitted their personal data via special forms on the https://choiceit.me website or via email. By filling out the above-mentioned forms and/or sending their personal data to the Operator, the User agrees to this Policy.
8.3. The Operator shall process the User’s anonymized personal data only if it’s allowed in the User’s browser settings (cookie files are accepted and JavaScript technology is supported).
8.4. The personal data subject makes their own decision to submit their personal data and gives their consent of their own free will and in their interest.

9. Terms of personal data processing

9.1. Personal data shall be processed solely if the personal data subject has given consent to the processing of their personal data.
9.2. Personal data processing serves to achieve the purposes established by an international agreement or a law of the Russian Federation, and to fulfill the functions, authorities, and obligations to which the Operator is subject under the laws of the Russian Federation.
9.3. Personal data processing serves to ensure justice, enforce a court order, or regulation of another body or executive that are to be enforced under the laws of the Russian Federation.
9.4. Personal data processing serves to fulfill an agreement to which the personal data subject is a party, beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject, or agreement to which the personal data subject is a beneficiary or guarantor.
9.5. Personal data processing serves to exercise the rights and legitimate interests of the Operator or third parties, or to achieve public purposes, except where such rights and interests infringe on the rights and freedoms of the personal data subject.
9.6. The Operator shall process personal data that has been made public by the personal data subject or on their request (hereinafter referred to as “the public personal data”).
9.7. The Operator shall process personal data that is to be made public or disclosed under federal laws.

10. Terms of collection, storage, transfer, and other forms of personal data processing

The safety of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical steps established under personal data protection laws.
10.1. The Operator shall ensure personal data safety and take all reasonable steps to protect personal data from unauthorized access.
10.2. Under no circumstances shall the User’s personal data be disclosed to third parties, except when required by the established laws or when the personal data subject has given the Operator their consent to disclose their data to a third person to perform obligations under a civil contract.
10.3. If the User’s personal data is inaccurate or incomplete, the User has the right to rectify it by sending an email (“Personal data update”) at hello@choiceit.me.
10.4. The processing of personal data shall continue for as long as it takes to achieve its purposes, unless otherwise provided by an agreement or established legislation.
The User has the right to withdraw their consent to the processing of personal data at any time by sending an email (“Withdrawing my consent to the processing of personal data”) at hello@choiceit.me.
10.5. All information gathered by third-party services, including payment systems, communication tools, and other service providers, shall be stored and processed by the above-mentioned services (Operators) under the terms of their User Agreements and Privacy Policies. It’s the responsibility of the personal data subject and/or User to get acquainted with the above-mentioned documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned herein.
10.6. User-imposed bans on data transfer (except for providing access), as well as bans on the processing or terms of processing (except for obtaining access) of personal data that has been consented for disclosure do not apply if personal data is processed in the interests of a state or society, or other public interests established under the laws of the Russian Federation.
10.7. When processing personal data, the Operator shall keep personal data confidential.
10.8. The Operator shall store personal data in a form that allows the identification of personal data subject, and for no longer than is necessary for the purposes of personal data processing, unless the period of personal data storage is determined by a federal law or agreement to which the personal data subject is a party, beneficiary or guarantor.
10.9. Personal data processing may be terminated if the purposes of personal data processing have been achieved, the subject’s consent has expired, the subject has withdrawn their consent, or unlawful processing of personal data has been detected.

11. List of operations performed by the Operator on personal data:

11.1. The Operator performs the collection, recording, structuring, storage, rectification (updating, alteration), retrieval, use, disclosure by transmission, dissemination or otherwise making available, pseudonymisation, restriction, erasure and destruction of personal data.
11.2. The Operator shall perform automated processing of personal data, receive and/or transfer received information via telecommunication networks or otherwise.

12. Transborder transfer of personal data

12.1. Before performing transborder transfer of personal data, the Operator shall ascertain that the foreign state to which the personal data is to be transferred ensures the protection of the rights of personal data subjects.
12.2. Transborder transfer of personal data to foreign states that fails to meet the above requirements can be performed only if the personal data subject has given a written consent to transborder transfer of their personal data, and/or it is needed to fulfill the agreement to which the personal data subject is a party.

13. Confidentiality of personal data

The Operator and other organizations or individuals that have access to personal data are not allowed to disclose such personal data to third parties or disseminate such personal data without consent from the personal data subject, unless otherwise is established under federal laws.

14. Final provisions

14.1. The User has the right to ask any questions regarding the processing of their personal data by contacting the Operator at hello@choiceit.me.
14.2. Any changes to this Privacy Policy will be added hereto by the Operator. This Policy is valid indefinitely until replaced by a newer version.
14.3. The current version of this Policy is publicly available on the Internet https://choiceit.me/policy.