Privacy Policy

1. TERMS AND DEFINITIONS

All terms written with capital letters in this document shall have the meanings ascribed to them in this section, regardless of whether they are used in singular or plural form.

Terms written with capital letters but not defined in this section shall have the meanings assigned to them in other sections of this document or in other documents establishing the rules for using the Website (as this term is defined below).

1.1 "Policy" — this Privacy and Data Processing Policy (including all amendments and supplements).

1.2. "Company" — the limited liability company "Red Soft" (Primary State Registration Number 5147746028216, Taxpayer Identification Number 9705000373), established under the legislation of the Russian Federation and registered at the following address: 121205, Moscow, Skolkovo Innovation Center, Nobel Street, Building 5, Floor 2, Room 4.

1.3. "Company Product" — a software product owned by the Company, representing a Java-written GUI shell that provides an interface for working with databases of the Red Database Management System and Firebird.

1.4. "Website" — the website owned by the Company, dedicated to the Company Product and located on the Internet at: https://rdbexpertpro.com/.

1.5. "User" — any individual who gains access to the Website via the Internet and uses the Website for their own purposes.

1.6. "Applicable Legislation" — national and international legislative acts applicable to the relationship between the User and the Company regarding the use of the Website, including but not limited to:

  • The Constitution of the Russian Federation;
  • The Constitution of the Russian Federation;
  • The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (concluded in Strasbourg on January 28, 1981);
  • Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies, and Information Protection";
  • Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
  • Federal Law No. 59-FZ of May 2, 2006 "On the Procedure for Considering Appeals of Citizens of the Russian Federation";
  • Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems";
  • Order of the Federal Service for Technical and Export Control of the Russian Federation No. 21 of February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems."

Applicable Legislation may also include legislative acts of foreign states if their norms establish the extraterritorial principle of application — for example, Brazil's General Data Protection Law (Lei Geral de Proteção de Dados, LGPD) or the European Union's General Data Protection Regulation (GDPR).

1.7. "Personal Data" ("PD") — any information relating to an identified or identifiable individual, classified as personal data under Applicable Legislation.

1.8. "PD Subject" — an individual who is the subject of Personal Data as defined by Applicable Legislation.

1.9. "PD Processing" — any action (operation) or set of actions (operations) performed with Personal Data, including collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of Personal Data.

1.10. "IP Address" — a unique network address of a node in a computer network built using the Internet Protocol (IP).

1.11. "Cookie File" — a text file placed by a web server on the hard drive of the User's computer device, used to personalize the Website's services and enhance User convenience. Cookie files do not contain personal data but only record User actions.

2. GENERAL PROVISIONS

2.1. This Policy has been developed in accordance with the requirements of regulatory legal acts on information protection and defines the procedure for data processing and the measures taken by the Company to ensure data security.

2.2 The law of the Russian Federation shall apply to this Policy and the relationship between the User and the Company. The Company makes every effort to comply with international practices in the field of data processing and information protection.

2.3. The legal grounds for data processing on the Website are:

  • Applicable Legislation;
  • The Company's internal regulations;
  • Agreements concluded between the Company and Users (PD Subjects or other parties);
  • Consent to PD Processing;
  • Other grounds where consent is not required by law.

2.4. Any use of the Website's services by the User (including filling out web forms and submitting data to the Company via the Website) constitutes the User's full and unconditional acceptance of this Policy. If the User disagrees with the terms of the Policy, they must immediately cease all use of the Website.

2.5. This Policy applies solely to the Website. For other matters related to PD Processing, the Company has developed and implemented internal regulations. The Company does not control and is not responsible for third-party websites that the User may access via links available on the Website.

2.6. The Company processes PD obtained from Users during their use of the Website with their consent, which is provided through the Users' conclusive actions on the Website. The PD Subject is informed about the processing and dissemination of their Personal Data by the Company. The PD Subject confirms that they independently decide to provide their Personal Data to the Company. The User's consent to PD Processing, given through conclusive actions on the Website, is specific, informed, and deliberate.

2.7. By providing their Personal Data and consenting to PD Processing, the User confirms that they are acting voluntarily, of their own free will, and in their own interest, and also confirms their legal capacity.

2.8. By providing their Personal Data, the User agrees that the provided Personal Data will be processed by the Company both with and without the use of automation tools.

2.9. The Company does not verify the accuracy of PD provided by the User through the Website and assumes that the User provides reliable and sufficient PD and will keep it up to date. The User is solely responsible for the consequences of providing false or invalid PD, as well as for failing to update their PD.

2.10. Personal Data is stored by the Company on the territory of the Russian Federation.

2.11. The Company collects and stores only the minimum necessary amount of PD required for Users to use the Website.

2.12. This Policy applies to all operations performed by the Company with Users' PD using automation tools.

3. CATEGORIES OF PROCESSED PERSONAL DATA AND PD SUBJECTS

3.1. The User (PD Subject) provides PD by filling out special web forms on the Website or through other methods provided by the Website's functionality. Depending on the web form filled out by the User, the fields of such form may require the following information (separately or in any combination):

  • Username;
  • Email address.

3.2. The Company also takes measures to protect PD automatically transmitted during visits to the Website's pages, including data from Cookie Files:

  • The IP address assigned to the User's device at the time of visiting the Website;
  • Session data.

3.3. If the Company cannot in any way associate the information specified in clauses 3.1-3.2 of this Policy with the Website User (an individual), the Company will not consider such information as Personal Data.

3.4. The Company does not process PD that may qualify as biometric personal data under Applicable Legislation.

3.5. The Company does not process PD classified as special categories of personal data under Applicable Legislation.

4. PURPOSES OF PERSONAL DATA PROCESSING

4.1. The Company may process PD for the following purposes:

4.1.1. Providing information and materials about the Company Product and related services;

4.1.2. Communicating with the User regarding their use of the Company Product (including technical support);

4.1.3. Ensuring the functionality and security of the Website, confirming actions taken by Users, preventing fraud, cyberattacks, and other unlawful actions, as well as investigating such incidents.

5. CONDITIONS OF PD PROCESSING AND TRANSFER TO THIRD PARTIES

5.1. The confidentiality of Users' PD is maintained, except in cases where the User voluntarily makes their data publicly available to an unlimited audience. When using certain services of the Website, the User agrees that a portion of their PD may become publicly accessible.

5.2. Personal Data is stored in a form that allows identification of the PD Subject for no longer than required by the purposes of PD Processing under this Policy.

5.3. The Website may transfer the User's PD to third parties in the following cases:

5.3.1. The User has given explicit consent to such actions, and such consent meets the requirements of specificity, purposefulness, informedness, consciousness, and unambiguousness;

5.3.2. The transfer of PD is necessary for the User to use a specific service or to fulfill an agreement with the User;

5.3.3. The PD is transferred to a person to whom the exclusive rights to the Website have been transferred (in case of such transfer);

5.3.4. The transfer of PD is provided for by Applicable Legislation as part of the established procedure.

5.4. The Company undertakes to cease processing the User's PD and destroy it within the timeframe and under the conditions established by the legislation of the Russian Federation in the following cases:

  • Upon receiving a written request from the User;
  • If the retention of PD is no longer necessary for the purposes of PD Processing;
  • Upon achieving the purpose of PD Processing.

5.5. If the User withdraws consent to PD Processing, the Company may continue processing PD without the User's consent only if there are grounds expressly provided by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" as grounds for processing PD without the consent of the PD Subject.

6. OBLIGATIONS OF THE COMPANY

6.1. The Company undertakes to:

  • 6.1.1. Upon request of the PD Subject, provide information about the processing of PD related to the PD Subject or provide a justified refusal to provide such information;
  • 6.1.2. Ensure the lawfulness of PD Processing;
  • 6.1.3. Take measures necessary and reasonably sufficient to fulfill its obligations as a PD operator;
  • 6.1.4. At the request of the PD Subject, clarify, block, or delete PD if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;
  • 6.1.5. In case of withdrawal of consent to PD Processing by the PD Subject, cease processing PD and destroy it. Exceptions are cases where PD Processing may continue in accordance with the legislation of the Russian Federation.

7. KEY RIGHTS OF THE PD SUBJECT

7.1. The PD Subject has the right to:

  • 7.1.1. Request and receive from the Company information regarding the processing of their PD;
  • 7.1.2. Demand that the Company clarify, block, or destroy their PD if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, as well as take legal measures to protect their rights;
  • 7.1.3. Withdraw their consent to PD Processing.

8. MEASURES TO ENSURE DATA SECURITY DURING PROCESSING

8.1. The primary objective of ensuring the security of Personal Data during PD Processing by the Company is to prevent unauthorized access by third parties, as well as to prevent deliberate software-technical and other impacts aimed at stealing, destroying, or distorting PD during processing.

8.2. The Company takes necessary and sufficient measures to protect processed PD from unlawful or accidental access, destruction, alteration, blocking, copying, dissemination, or other unlawful actions by third parties.

8.3. The security of Personal Data is ensured, in particular, by:

  • Identifying threats to PD security during their processing in information systems;
  • Applying organizational and technical measures to ensure PD security during their processing in information systems, necessary to meet the requirements for PD protection established by the Government of the Russian Federation;
  • Establishing rules for access to PD processed in the information system, as well as ensuring the registration and accounting of all actions performed with PD in the information system;
  • Using information protection tools that have undergone compliance assessment procedures;
  • Evaluating the effectiveness of measures to ensure PD security before putting the information system into operation;
  • Detecting instances of unauthorized access to PD and taking appropriate measures;
  • Monitoring the measures taken to ensure PD security and the level of protection of information systems;
  • Restoring PD modified or destroyed due to unauthorized access.

8.4. To maintain the required level of PD protection, the Company conducts internal audits of the effectiveness of the PD protection system and compliance with the procedures and conditions for PD Processing and protection as established by applicable requirements.

8.5. Internal audits include:

  • Monitoring the condition of technical and software tools included in the PD protection measures;
  • Ensuring compliance with PD security requirements (as set forth in regulatory legal acts and internal regulations on PD Processing and protection, as well as in agreements).

9. COOKIE FILES

9.1. The Website recognizes Cookie Files placed on the hard drives of Users' devices and may assign unique identifiers to Users' devices, which the Company may use to create a database of Users' actions and preferences (e.g., frequency and periodicity of visits to the Website, preferences on the Website).

9.2. Users can configure their web browsers to allow all Cookie Files integrated into the Website's pages, block them, or enable Cookie Files on request, accepting or rejecting them. Cookie management varies depending on the web browser used.

9.3. When using Cookie technology, the Company does not store or use any specific data about Users. Website Users may configure their web browsers to refuse registration of visits to the Website or to receive warnings about such registration requests. Disabling "Cookies" may result in the inability to access the Website.

10. LIABILITY

10.1. The Company is liable for the intentional disclosure of Personal Data in accordance with the legislation of the Russian Federation, except as provided in this Policy.

10.2. In case of loss or disclosure of Confidential Information, the Company is not liable if such information:

  • Became publicly available before its loss or disclosure;
  • Was received from a third party before being obtained by the Company;
  • Was disclosed with the User's consent;
  • Was obtained by third parties due to unauthorized access to the Website's files.

10.3. The User is responsible for the legality, correctness, and accuracy of the provided Personal Data in accordance with the legislation of the Russian Federation.

11. DISPUTE RESOLUTION

11.1. Before filing a lawsuit regarding disputes arising from the relationship between the User and the Company, compliance with the pre-trial (claim) procedure is mandatory.

11.2. The deadline for responding to a written claim by the recipient is 30 (thirty) calendar days from the date of receipt of the claim.

11.3. If disagreements are not resolved during the pre-trial procedure, the dispute shall be referred to a court in accordance with the legislation of the Russian Federation.

11.4. The Company may amend this Policy at any time without prior notice to the User. Amendments come into force from the date of publication of the new version of the Policy on the Website.

12. REQUESTS AND APPEALS

12.1. If a User wishes to clarify, block, or destroy their Personal Data due to incompleteness, inaccuracy, unlawful receipt, or irrelevance to the stated processing purpose, or if the User wishes to withdraw consent to PD Processing or address unlawful actions by the Company regarding their Personal Data, the User must submit an official request to the Company at: rdb@red-soft.ru. The request must include:

  • Surname and first name;
  • Details of the identity document of the User (PD Subject or their representative);
  • Information confirming the User's participation in the relationship with the Company or otherwise confirming the fact of PD Processing by the Company.

12.2. If the request is submitted electronically, it must be formatted as an electronic document and signed with an enhanced electronic signature.

12.3. The deadline for responding to PD Subjects' appeals is determined in accordance with the legislation of the Russian Federation.

13. FINAL PROVISIONS

13.1. The publication date of this Policy is the date of its posting on the Website. The Company may amend this Policy at any time without the User's consent. The new version of the Policy comes into force from the date of its posting on the Website, unless otherwise specified in the new version.

13.2. All suggestions or questions regarding this Privacy Policy should be sent to: rdb@red-soft.ru.