1. General information
1.1. Privacy and personal data processing policy of Grunge Company Limited located at 25 Nikitskiy boulevard, Moscow, 119019, Russia (hereinafter the «Controller in handling personal data» or the «Controller») determines the rules relating to personal data gathering, storage, transfer and other categories of processing on private individuals purchasing at https://grungejohn.com, together with details of carried out data protection requirements.
1.2. Providing of necessary and sufficient level of security as a guarantee that human rights and privacy will be respected is fundamental condition of Controller’s activity.
1.3. Personal data contain any information related to private individual (data subject) directly or indirectly.
1.4. The policy is prepared in accordance with Russian law.
1.5. Personal data that Grunge Company Limited receives and processes are stored on server protected in accordance with advanced standards present in the territory of Russian Federation.
2. Purposes of personal data processing
2.1. The Controller processes personal data in order to implement the obligations under contract for the sale of goods in https://grungejohn.com online store and retail stores of Grunge Company Limited; realize marketing campaign, loyalty program , researches and other activities including third parties; provide other services to data subject; promote services and goods of Grunge Company Limited and its partners on the market through direct contact with the Consumer via various means of communication including phone, e-mail, post, online, etc.; achieve other aims unless the activity of Grunge Company Limited contradicting the Laws in effect.
3. Procedure of personal data gathering, processing, transfer and storage
3.1. For purchasing of goods in online store the Consumer provides his or her personal data to the Controller while agreeing with these data being processed by the Controller including for the purpose of promoting the goods and services of Grunge Company Limited.
3.2. The Controller collectsthe following personal data:
— Name and surname;
— E-mail address;
— Mobile phone number;
— Additional phone number;
— Delivery address;
— Any information placed in comments.
3.3. No payment details are collected and stored by the Controller. The Collector ensures the security of payment informationentered on the outside payment service protected by all necessary technologies. The collector receives only payment status and amount of payment.
3.4. If the Consumer chooses no his or her personal data to be processed, he or she shall submit it to the customer service. In this caseall personal data including login and password provided by the Consumer are removed from Collector’s customer base with Consumer’s losing the opportunity to place the order on the Website.
3.5. The Collector uses personal data for the following purposes:
— registration of the Consumer on the Website;
— implementation the commitments made of the Consumer;
— measuring and analyzing the Website work;
— any marketing research.
3.6. The Collector has the right to sent promotional reference messages. If the Consumer chooses not to receive this newsletter, he or she shall change the subscription settings at his or her account on the Website or contact the customer service.
3.7. The Collector undertakes not to divulge Consumer’s personal data. It shall not be considereda breach to provide the personal data to third parties with a treaty with the Seller for implementing the commitments made of the Consumer or competent authority in accordance with its legitimate demands.
3.8. The Collector shall not be liable to the Consumer for damages owning to a disclosure of login and password to third parties.
3.9. In case of suspicion that Consumer’s account is used by third parties or malicious software, the Collector has the right to change Consumer’s password unilaterally and block the access to his or her account temporarily or completely remove it if the activity related to Consumer’s account threatens the smooth running of the Website. The Consumer shall contact the consumer service to recover the password and unlock or recover his or her account.
3.10. Grunge Company Limited identifies the list of individuals processing personal data and having an access to them. The Collector shall secure the personal data and take measures that prevent unauthorized access to them.
3.11. The Collector stores backup personal data in order to have the possibility of immediate recovery of altered or destroyed personal data owing to unauthorized access and implements permanent monitoring over providing the personal data security.
3.12. Grunge Company Limited makes every effort to provide personal data security.
4. Rights and duties of the Collector
4.1. Grunge Company Limited as the Collector has the following rights:
— to bring cases before the court;
— to provide the personal data to third parties if it specified in legislation in force;
— to refuse to provide the personal data in accordance with the conditions specified by the law;
— to use the personal data without Consumer’s consent in accordance with the conditions specified by the law.
4.2. The Collector takessecurityprecautions including legal, organizational, administrative, technical and physical ones to protect the personal data from unauthorizedand casualaccess, destruction, modification, blocking, copying, dissemination and other unlawful acts of third parties in accordance with article 19 of the Federal Act «On personal data».
5. Right and duties of the Consumer (data subject)
5.1. The data subject has the following rights:
— to request rectification, blocking or destruction ofpersonal data if they are incomplete, outdated, invalid, illegally obtained and not necessary for processing, as well as take measures to protect his or her rights stipulated by the law;
— to request the list of personal data processed by the Collector and providing their source;
— to be informed of times allowed for personal data processing and storage;
— to request third parties that were provided Consumer’s incomplete or invalid personal data to be informed of modification, destruction and supplement of these data;
— to appeal unauthorized actions and omission to his or her personal data to the court or competent authorities;
— to protect his or her rights and legitimate interests including reparation for material or moral damagein the court.
5.2.In case of suspicion that Consumer’s login and passwordare compromised, he or she shall immediately contact the customer service.
6. Final provisions
6.1. The present policy is subject to change and supplement if new Federal Acts and regulations under personal data processing and protection are arise.
6.2. Personal data safety personnel of Grunge Company Limited are responsible for monitoring compliance with present policy.