Privacy Policy
Data protection declaration in accordance with the General Data Protection Regulation (GDPR)
I. PURPOSE
The purpose of this Policy for the processing of personal data by Claustrophobia-V LLC (hereinafter referred to as the Policy) is to ensure the compliance of the processing and protection of personal data in Claustrophobia-V LLC (hereinafter referred to as the Company) in accordance with the legislation of the Russian Federation.
The Policy defines the basic principles, goals, and conditions for the processing of personal data in the Company.
The Company is guided by Federal Law 152-FZ, dated 27 July 2006, “On Personal Data” during the processing of personal data.
This policy is aimed, inter alia, at ensuring that the Company complies with the applicable requirements and principles of the General Data Protection Regulation n.2016 / 679, hereinafter referred to as GDPR in the part that does not contradict the legislation of the Russian Federation.
Personal data controller
The controller of personal data in accordance with the requirements of the General Data Protection Regulation and other national data protection laws of the EU Member States, as well as other data protection regulations, is the Company:
Claustrophobia-V LLC
115114, Moscow, Derbenevskaya nab., 7, building 24
privacy@claustrophobia.com
Website: www.claustrophobia.com
Scope
2.1. This Policy applies to any actions of the Company in relation to the personal data of individual customers, as well as the personal data of the Company’s employees.
2.2. The requirements of this Policy should be considered when developing and implementing all business processes within which personal data is processed.
2.3. GDPR requirements apply to EU citizens (i.e. customers and employees), including sole proprietors, due to the processing of their personal data. The GDPR does not apply to the processing of the personal data of legal entities.
II. GENERAL PROVISIONS REGARDING DATA PROCESSING
Scope of personal data processing
The Company processes personal data of website users only if this is due to the need to provide a functional website, as well as materials and services of the Company. The processing of the personal data of users is carried out regularly only with the consent of the user. The only exceptions are those cases in which it is impossible to obtain prior consent and the data processing is permitted by legislation.
To use the Company’s website, it is generally not needed to provide any personal data. In cases when the collection of personal data (e.g., names, addresses, or e-mail addresses) occurs on the Company’s websites, this is always done voluntarily. This data is not transferred to third parties unless explicit user consent is provided.
Legal basis for the processing of personal data
If the company receives consent from the data subject to carry out personal data processing procedures, the legal basis is paragraph 1 (a) of Art. 6 of the General Data Protection Regulation (GDPR).
If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, the legal basis is paragraph 1 (b) of Art. 6 of the General Data Protection Regulation (GDPR). The same applies to the processing procedures required for the implementation of pre-contractual measures.
If the processing of personal data is necessary to fulfill a legal obligation imposed on the Company, the legal basis is paragraph 1 © of Art. 6 GDPR.
In the event that the need to process personal data is caused by the vital interests of the data subject or another individual, the legal basis is paragraph 1 (d) of Art. 6 GDPR.
If the processing of data is necessary in order to comply with the legitimate interest of the Company or a third party and the interests, fundamental rights, and freedoms of the data subject do not take precedence over the above interest, the legal basis for processing is clause 1 (f) of Art. 6 GDPR.
Data deletion and storage duration
The personal data of the data subject is deleted or blocked as soon as the purpose of its storage ceases to exist. Data storage may also continue if this was provided for by European or national legislation within the confines of EU regulations, laws, or other enactments regulating the activities of the Personal Data Controller. Blocking or deletion of data is also carried out upon expiration of the storage time prescribed by the specified norms, except for cases when the further data storage is needed in order to conclude a contract or fulfill it.
III. SSL / TLS encryption
To ensure the confidentiality of communication with visitors, the Company uses modern SSL / TLS encryption.
The visitor can identify the connections encrypted in this way by the part of the site address, which contains “https: //” in it and appears in the address bar of the browser, as well as by the green padlock in the address bar. The data transmitted by Visitors to these Internet sites, for example, when placing orders or inquiries, is not available to third parties due to SSL encryption.
IV. PROVISION OF A WEBSITE AND CREATION OF A REGISTRATION FILE
1. Description and scope of data processing
Each time the Company’s website is accessed, the system automatically collects data and information from the computer which sends the request.
The following data is collected:
(1) information about the type of browser and the version used
(2) user operating system
(3) user internet service provider
(4) user IP address
(5) date and time of access
(6) Internet sites from which user’s system enters the Company’s website.
The data is also stored in the system logs. The storage of this data together with other personal data of the user is excluded.
. Legal basis for data processing
The legal basis for the temporary storage of data and system logs is paragraph 1 (f) of Art. 6 GDPR.
. Purpose of data processing
The temporary storage of the IP address by the system is a prerequisite for the delivery of the website to the user’s computer. To do this, the user’s IP address must be saved throughout the session.
Saving in a system log is performed in order to ensure the operability of the website. This data is also required by the Company to optimize the website and ensure the security of information technology systems. The data is not analyzed for marketing purposes.
These purposes also determine the legitimate interest of the Company in data processing in accordance with paragraph 1 (f) of Art. 6 GDPR.
4. Duration of storage
Data is deleted as soon as it is no longer necessary to achieve the purpose for which it is collected. In the case of data collection for the provision of the website, this is the moment at the end of the respective session.
If the data is saved to the log files, this moment occurs no later than after seven days. Data can be stored for longer than the specified period. In this case, the user’s IP addresses are deleted or distorted, so that they can no longer be associated with the client accessing the site.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in the system log is an absolute prerequisite for the operation of the website. Thus, there is no possibility for the user to object.
V. USE OF COOKIES
a) Description and scope of data processing
The Company’s website uses cookies. Cookies are text files stored in the Internet browser or in user computer system. When a user accesses a website, a cookie can be stored in the user’s operating system. This cookie contains a characteristic sequence of characters that makes it possible to uniquely identify the browser upon new access to the site.
With the help of cookies, information and advertisements on the Company’s website can be optimized for a specific user. As already mentioned, cookies make it possible to identify users of the Company’s website. The purpose of this identification is to make using the website easier for visitors.
A data subject can at any time prevent the Company’s website from creating cookies for them by adjusting the corresponding settings for the active browser and thereby expressing an objection to the creation of cookies on a long-term basis. In addition, previously created cookies can be deleted at any time using an Internet browser or other program. This feature is provided by all common Internet browsers. Under certain conditions, due to the deactivation of the cookies by the data subject in an active Internet browser, the complete use of all functions of the Company’s website may become impossible.
The user data collected in this way are pseudonymized by technical means. Thus, it becomes impossible to correlate the data with the user accessing the site. The storage of this data is carried out separately from other personal data of users.
When accessing the Company’s website, the user is informed about the use of cookies for the analysis purpose, and their consent to the personal data processing is requested. A link to this data protection declaration is also presented.
b) Legal basis for data processing
The legal basis for the processing of personal data with the use of cookies necessary for technical purposes is paragraph 1 (f) of Art. 6 GDPR.
The legal basis for the processing of personal data using the necessary cookies for analysis, subject to the user’s consent, is paragraph 1 (a) of Art. 6 GDPR.
c) Purpose of data processing
The purpose of using the cookies necessary for technical purposes is to facilitate the user experience of the website. Some functions of the Company’s website may not be available without the use of cookies. Such functions need the browser to be recognized after the page change.
User data collected by technically necessary cookies are not used to create user profiles.
The purpose of using cookies for analysis is to improve the quality of the website and its content. Thanks to the cookies created for the analysis, we can find out exactly how the website is used and constantly optimize how the information is being presented.
These purposes also determine the legitimate interest of the Company in the processing of personal data in accordance with paragraph 1 (f) of Art. 6 GDPR.
e) Duration of storage, the possibility of objection and deletion
Cookies are stored on the user’s computer and transferred from it to the Company’s website. Therefore, the User can fully control the use of cookies. By adjusting the settings of their Internet browser, the user can deactivate or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can be done automatically. If cookies are deactivated for the Company’s website, it may become impossible to completely use all the functions of the website.
VI. NEWSLETTERS
1. Description and scope of data processing
The Company’s website provides an opportunity to subscribe to a free newsletter. In this case, the data from the input form filled for subscribing to the newsletter is transmitted to the Company.
When a user subscribes, the following data is collected:
(1) Email address
(2) Date and time of the newsletter subscription
(3) Geolocation data
As part of the subscription procedure, by clicking on the “Subscribe” button, the user automatically consents to the processing of data.
No data is transmitted to third parties in connection with the processing of data for the newsletter. The data is used exclusively for sending newsletters.
2. Legal basis for data processing
The legal basis for the processing of personal data after subscribing to the newsletter, subject to the user’s consent, is paragraph 1 (a) of Art. 6 GDPR.
3. Purpose of data processing
The data containing user e-mail address is collected for the purpose of delivering news.
The purpose of collecting the remaining personal data as part of the subscription procedure is to prevent misuse of the services or the email address used.
4. Duration of storage
Data is deleted as soon as it is no longer necessary to achieve the purpose for which it is collected. Therefore, the user’s e-mail address is stored for the duration of the subscription to the newsletter.
5. Possibility of objection and removal
The user who is the subject of personal data can unsubscribe from the newsletter at any time. For this purpose, the text of each newsletter contains a corresponding link.
This also provides the withdrawal of consent to the storage of personal data collected during the subscription procedure.
VII. REGISTRATION
1. Description and scope of data processing
On the Company’s website, when booking a quest, users are given the opportunity to register with personal data. In this case, the data is entered into the form, transmitted to Company, and stored by it. The transfer of data to third parties is excluded. As part of the registration process, the following data is collected:
(1) Date and time of registration
(2) Name
(3) Phone number
(4) Email address
As part of the registration procedure, the user’s consent is requested to process this data.
2. Legal basis for data processing
The legal basis for the processing of data, subject to the user’s consent, is 1 (a) of Art. 6 GDPR.
3. Purpose of data processing
User registration is a prerequisite for the provision of entertainment services to them, as well as the provision of certain content on the website and in the e-mail newsletter.
4. Duration of storage
Data is deleted as soon as it is no longer necessary to achieve the purpose for which it is collected.
For the data collected during the registration process, this moment occurs when the registration on our website is canceled or changed.
5. Possibility of objection and removal
The site user has the opportunity to cancel the registration at any time, or make changes to the saved data.
To cancel the registration, it is required to write a free-form letter and send it to privacy@claustrophobia.com, indicating your details to delete your account.
VIII. FEEDBACK FORM AND EMAIL CONTACT
1. Description and scope of data processing
The Company’s website contains a feedback form that can be used to contact it by email. If a user chooses this option, the data entered in the form will be transferred to the Company and saved. Following data:
(1) Date and time of the request
(2) Name / Surname
(3) Email address
(4) Phone number
As part of the message sending process, consent is requested with a link to this Policy.
An alternative option is to contact via the provided email address. In this case, the personal data of the user transmitted with the e-mail will be saved.
The transfer of data to third parties is excluded. The data is used exclusively for processing the dialogue.
2. Legal basis for data processing
The legal basis for the processing of data, subject to the user’s consent, is 1 (a) of Art. 6 GDPR.
The legal basis for the processing of data sent during the transmission of e-mail is 1 (f) of Art. 6 GDPR. If the purpose of the e-mail communication is to conclude a contract, an additional legal basis for the processing is 1 (b) of Art. 6 GDPR.
3. Purpose of data processing
The processing of personal data from the input form is intended only to process the establishment of contact with the user. Establishing contact by e-mail also constitutes the required legitimate interest in the data processing.
The purpose of collecting the remaining personal data during the process of email sending is to prevent abuse of the entry form use and to ensure the security of our information technology systems.
4. Duration of storage
Data is deleted as soon as it is no longer necessary to achieve the purpose for which it is collected. For personal data from the input form, which is part of the feedback form, as well as for data sent by e-mail, this moment occurs when the corresponding dialogue with the user is completed. A dialogue is considered complete if circumstances indicate that the relevant issue has been resolved.
Personal data collected additionally during the sending process is deleted no later than ten days later.
5. Possibility of objection and removal
The user has the opportunity to revoke their consent to the processing of personal data at any time. If the user contacts the Company by e-mail, they can at any time object to the storage of their personal data. However, it should be noted that in the future the user will not be able to receive mailings and personal offers.
The user can make changes to the stored data at any time by writing a free-form letter and sending it to privacy@claustrophobia.com, specifying their data for changes or deletion. In the latter case, all personal data that was saved during the contact process are deleted.
IX. GOOGLE ANALYTICS
The Company’s website uses Google Analytics (Google Inc.) technologies to collect and store data for the purpose of marketing research and website optimization (https://analytics.google.com/). With this data, it is possible to create a user profile under a pseudonym. For this, cookies can be used. Without a separate consent from the data subject, the data collected using Google Analytics technologies are not used to personally identify the visitor to the website and are not linked to personal data containing information about the bearer of the pseudonym.
Please note that when collecting data, Google shortens the IP addresses located within the member states of the European Union or other states that are parties to the Agreement on the European Economic Area, thereby making it impossible to identify a user. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will be shortened. Users can prevent the storage of cookies by adjusting the appropriate settings in their internet browser. Users can also prevent Google from collecting cookies generated regarding the use of online offers and processing this data.
For more information on how Google Analytics handles user data, see Google’s Data Privacy Statement: https://support.google.com/analytics/answer/6004245
X. GOOGLE MAPS
The Company’s website uses the Google Maps service from Google (Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) via the API. To do this, the service needs to save user IP address. The information thus obtained is usually transmitted to a Google server in the USA and stored there. The Company has no influence over this data transfer. Since the legitimate interest of the Company is that the online offers look attractive and the addresses indicated on the website can be easily found, the legal basis follows from paragraph 1 of Art. 6 (f) GDPR. For more information, see Google’s Data Privacy Statement: https://policies.google.com/privacy
XII. VIMEO VIDEO PLUGIN
This website integrates content from third parties. This content is provided by Vimeo.com, Inc.
Vimeo is operated by InterActiveCorp (IAC) in the USA. For Vimeo videos that are integrated on the site, the advanced data protection setting is activated. This means that no information is collected or stored about visitors to the Vimeo site unless they watch a video. For more detailed information on the purpose and scope of data collection, further processing and use of user data by the Provider, as well as user rights in this area and customization options in order to protect user privacy, see Vimeo’s privacy policy: https://vimeo.com/privacy.
XIII. FACEBOOK PIXEL
The Company’s website uses Facebook (Facebook Inc.) technologies to collect and store data for the purpose of marketing research and website optimization. With this data, it is possible to create a user profile under a pseudonym. For this, cookies can be used. Without separate consent from the data subject, the data collected using the Facebook Pixel technologies are not used to identify the visitor to the website and are not linked to personal data containing information about the bearer of the pseudonym.
For more information, see Facebook’s Pledge to Prepare for GDPR Compliance: https://www.facebook.com/business/gdpr
XIV. LINKS TO OTHER WEBSITES
The Company’s website contains links to other websites. Claustrophobia LLC is not responsible for the privacy policies or content of other Internet sites.
XV. RIGHTS OF DATA SUBJECTS
In the case of processing personal data, the User becomes the data subject in the meaning provided by the GDPR, and has the following rights in relation to the Controller of personal data:
1. Right to be informed
The user may require the Controller of personal data to confirm whether personal data concerning them is being processed.
The user can use this link to send the Company a free-form email privacy@claustrophobia.com
If such processing takes place, then the user may require the Controller of personal data to provide an extract of the following types of information:
(1) the purposes for which the personal data are processed;
(2) the categories of personal data that are processed;
(3) recipients or categories of recipients to whom personal data concerning the user have been, or will be disclosed;
(4) the planned storage duration of personal data or, if it is not possible to provide accurate data on this, the criteria by which the storage duration is established;
(5) the existence of the right to edit or delete personal data concerning the User, the right to restrict the processing of personal data by the Controller, or the right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all types of available information on the origin of data, if personal data is not collected from the subject of personal data;
(8) the presence of an automated decision-making process, including profiling, in accordance with paragraphs 1 and 4 of Art. 22 GDPR and — at least in these cases — convincing information about the logic involved, as well as the significance and desired consequences of such processing for the data subject.
The user has the right to request information about whether personal data concerning them is transferred to a third country or any international organization. In this case, the User can also request clarification regarding the relevant guarantees in accordance with Art. 46 GDPR, as far as data transfer is concerned.
2. Right to rectification
The User has the right to demand that the Controller of personal data make corrections and/or additions if the processed personal data concerning them is incorrect or incomplete. The controller of personal data is obliged to make corrections.
3. Right to restriction of processing
The user may request to restrict the processing of personal data concerning them under the following conditions:
(1) if the User disputes the correctness of the personal data concerning them in time, during which the controller of personal data is able to check the correctness of the personal data;
(2) the processing is unlawful and the user refuses to delete personal data, requesting instead to restrict the use of personal data;
(3) The controller of personal data no longer needs personal data for the purpose of processing, but the user needs them to assert, exercise, or defend legal claims, or
(4) if the user has filed an objection to the processing of data in accordance with Art. 21 GDPR, and it has not yet been established whether the reasonable considerations of the Personal Data Controller take precedence over the opinion of the user.
If the processing of personal data has been limited, this data — regardless of its storage — can only be processed with the consent of the user, either for the purpose of asserting, exercising, or defending legal claims or protecting the rights of another individual or legal entity or in the presence of an important public interest of the EU or any or a state party to the Agreement on the European Economic Area (EEA).
If a restriction has been imposed on the restriction of the processing of personal data in accordance with the above conditions, the Personal Data Controller will inform the user about this before lifting the restriction.
4. Right to erasure of data
a) Obligation to delete data
The user may require the Controller of personal data to delete the personal data concerning them immediately, and the Controller of personal data is obliged to immediately delete this data, provided that one of the following grounds is fulfilled:
(1) personal data are no longer required for the purposes for which they were collected or otherwise processed.
(2) The user withdraws their consent, which is the basis for processing in accordance with paragraph 1 (a) of Art. 6 or paragraph 2 (a) of Art. 9 GDPR, and there is no other legal basis for processing.
(3) User, in accordance with paragraph 1 of Art. 21 GDPR, declares an objection to the processing of data, there are no justified considerations in favor of processing having a higher priority, or the User declares an objection to the processing of data in accordance with Art. 21 GDPR.
(4) The processing of the user data was carried out unlawfully.
(5) The deletion of personal data is necessary to fulfill a legal obligation under EU or EU Member State law to which the Personal Data Controller is subject.
(6) The personal data were collected in connection with the services offered by the information society acc. with paragraph 1 of Art. 8 GDPR.
b) Information shared with third parties
If the Personal Data Controller discloses personal data — in accordance with paragraph 1 of Art. 17 GDPR, it will be obliged to delete disclosed data.
c) Exceptions
There is no right to erasure if the processing is required:
(1) to exercise the right to freely express opinions and receive information;
(2) to fulfill a legal obligation imposing on the Operator of personal data the need to process data in accordance with the legislation of the EU or EU Member States to which the Controller of personal data is subject, or to perform a task entrusted to the Controller of personal data that is of public interest or the exercise of public authority functions;
(3) due to the public interest in public health pursuant to Art. 9, as well as paragraph 3 of Art. 9 GDPR;
(4) with the public interest for the purpose of creating an archive, for scientific or historical research or statistical purposes acc. with paragraph 1 of Art. 89 GDPR, if the law referred to in point a) presumably makes the realization of these purposes impossible or seriously complicates it, or
(5) for the purpose of asserting, exercising, or defending legal claims.
5. Right to notification
If the user has exercised their right to rectification, deletion, or restriction of processing — the controller of personal data is obliged to inform all recipients to whom the user’s personal data have been disclosed about such rectification or deletion of data, or restriction of processing, unless this proves impossible or is associated with at a disproportionate cost.
6. Right to data portability
The user has the right to receive personal data concerning them, provided to the Controller of personal data, in a structured and accessible format. In addition, the user has the right to transfer this data to another Controller of personal data without interference from the Controller of personal data to whom the personal data was provided first, as long as:
(1) the processing is carried out on the basis of consent in accordance with paragraph 1 (a) of Art. 6 or paragraph 2 (a) of Art. 9 GDPR, or on the basis of a contract in accordance with Art. 6 GDPR, while
(2) processing is carried out automatically.
As part of the exercise of this right, the user also has the right to demand that personal data concerning them to be transferred directly from one Personal Data Controller to another, if technically possible. This process should not restrict the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data carried out in order to fulfill the task assigned to the Controller of personal data, which is of public interest or the exercise of public authority functions.
7. Right to file an objection
In the presence of special circumstances, the user has the right to object to the processing of personal data concerning personal data at any time, which is carried out on the basis of paragraph 1 (e) or paragraph 1 (f) of Art. 6 GDPR.
The controller of personal data stops processing personal data, except in cases where it can make solid and defensible arguments in favor of processing that take precedence over the interests of the user, rights, and freedoms, or if the processing of data is carried out in order to present, exercise or defend legal claims.
If the processing of personal data is carried out for direct advertising, the user has the right to object to the processing of personal data for the purpose of such advertising at any time; the same applies to profiling if it is associated with such direct advertising.
In the event of an objection to the processing for the purpose of direct advertising, personal data will no longer be processed for these purposes.
Due to the use of information society services, the user has the opportunity to exercise his right to object — notwithstanding the provisions of Directive 2002/58 / EC — in an automated manner using technical specifications.
8. The right to revoke the statement of consent to the processing of personal data
The user has the right to revoke his statement of consent to the processing of personal data at any time. Withdrawal of consent does not affect the legality of the processing carried out on the basis of such consent prior to the withdrawal.
9. Automated decision making in an individual case, including profiling
The user has the right not to obey a decision based solely on automated processing, including profiling, that takes legal action against the user or creates significant complications in another similar way. This provision does not apply if the decision is
(1) necessary for the conclusion or fulfillment of a contract between the user and the Personal Data Controller,
(2) provided by the provisions of the legislation of the European Union or EU Member States to which the Personal Data Controller is subject, and these provisions of the legislation contain adequate measures to protect the rights and freedoms of the user, or
(3) occurs with the explicit consent of the user.
These decisions, however, should not be based on special categories of personal data provided in paragraph 1 of Art. 9 GDPR, unless paragraph 2 (a) or (g) Art. 9 GDPR, and adequate measures to protect rights and freedoms apply.
With regard to the cases listed in paragraphs (1) and (3), the Personal Data Controller takes adequate measures to protect the rights and freedoms, as well as the legitimate interests of the user, which include, at least, the right to require intervention from the Personal Data Controller, the right to express its own point of view and the right to challenge decisions.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, the user has the right to lodge a complaint with a supervisory authority, in particular the EU Member State in which their place of residence, place of work, or place of the alleged violation is located, if the User considers that the processing of personal user data is a violation of the GDPR requirements.
The supervisory authority to which the complaint was submitted informs the complainant about the status of the complaint and the result of its examination, including the possibility of judicial legal protection in accordance with Art. 78 GDPR.