Business-digital

1. General Provisions

1.1. This Policy (hereinafter referred to as the Policy) lays out the general principles and procedures for processing personal data, as well as measures to ensure security of said data, within the Open Joint-Stock Company "Faberlic" (hereinafter referred to as the Company).

The aim of the Policy is assurance of the protection of personal rights and liberties during the processing of personal data, including protection of the right to personal and family privacy; and strict observance of the legislation of the Russian Federation in the sphere of personal data.

1.2. The Policy has been developed in accordance with the provisions of Federal law 152-FZ of 27.07.2006 "On personal data", and other legislative and normative legal acts that govern the procedures surrounding the use of personal data and requirements to ensure their safety.

1.3. The Policy uses the following terms and definitions:

Biometric personal data – data that characterize a person's physiological and biological features, on the basis of which identity can be established and which are used by the operator to establish the identity of the data subject;

Personal data blocking – the temporary cessation of personal data processing (except where processing is necessary for rectification of personal data);

Access to personal data – the disclosure of personal data that are processed by the Company to certain parties (including employees), while maintaining the privacy of this information;

Contractor – the counterparty in a contract with the Company, not an employee of the Company;

Personal data confidentiality – the responsibility of parties with access to personal data not to disclose said data to third parties and not to distribute personal data without the consent of the data subject, unless otherwise required by law;

Depersonalization of personal data – action taken by which it becomes impossible to determine the particular subject of personal data without additional information;

Processing of personal data – any action (operation) or a combination of actions (operations) performed both automatically and manually with personal data, including collection, recording, arrangement, accumulation, storage, rectification (updating, changing), extraction, use, distribution (including transfer), depersonalization, blocking and destruction of personal data;

Public personal data – personal data available to the public, access to which is provided according to legislation or at the subject's request, as well as data that are subject to mandatory disclosure or publication;

Operator – state agency, municipal authority, legal entity or individual who independently or in cooperation with other entities organizes and/or processes personal data as well as determines the purposes, scope and subject of data processing and actions (operations) related to personal data (in the Policy, the Operator refers to the Company unless otherwise specified);

Personal data – any information referring directly or indirectly to a particular or identified individual (personal data subject);
personal data subject – the individual to whom the personal data refers;

Cross-border transfer of personal data – the transfer of personal data to a foreign territory, foreign government body, foreign individual or foreign legal entity;

Destruction of personal data – actions performed on personal data contained in the database that prevent such data from being restored and (or) actions aimed at the physical destruction of the tangible medium of personal data.

2. Status of the Company and categories of subjects whose personal data is processed by the Company

2.1. The company acts as operator with respect to personal data of the following categories of individuals:

  • Employees of the Company with whom the Company has entered into or previously entered into employment contracts, including former employees with whom employment contracts were terminated;
  • Close relatives and spouses of employees of the Company, where personal data processing is required by law and carried out by the Company as an employer in accordance with the requirements of state statistical registration authorities;
  • Applicants for vacancies in the Company (candidates for employment with the Company), who have submitted their resume or a form containing personal data, whether personally or through specialized recruitment organizations (recruitment agencies), including through specialized sites on the Internet;
  • Employees of subsidiaries and affiliated enterprises of the Company for providing necessary access to the Company's Information Systems;
  • Representatives, whose data is received for the purpose of sales of the Company's products under the contract entered into through acceptance of an offer on the Company's website;
  • Individuals who provide the Company with reimbursable services in accordance with civil contracts;
  • Individual representatives of contractors to the Company, with whom the Company has a contractual relationship or with whom it intends to enter into a contractual relationship, including employees, owners, representatives acting under power of attorney and other representatives of contractors;
  • Users of the Company's products ;
  • Representatives of personal data subjects who are not employees of the Company and report to the Company on behalf of personal data subjects;
  • Visitors to secure areas of the Company who do not have permanent access to the premises.

3. Principles of personal data processing

The Company processes personal data according to the following principles:

3.1. Legality and equitable basis of personal data processing. The Company takes all necessary measures to comply with the requirements of the Law and does not process personal data in cases where it is not permitted by law and is not required for any specific purpose by the Company.

3.2. Personal data processing is limited to specific, predefined, and legitimate purposes. The purposes of the Company's personal data processing are:

  • With respect to employees – execution of signed employment contracts, including training and promotion, employees' personal security, quantity and quality control of work performed, the safeguarding of assets, calculation and payment of wages and other remunerations, calculation and deduction of taxes and insurance premiums, provision by the employer of additional services (pension insurance, transfer of income to employee payment cards); and fulfillment of the requirements of state statistical registration authorities;
  • With respect to employees' relatives – provision of benefits and protection to employees under legislation for individuals with (adopted) children and individuals with familial responsibilities; and fulfillment of the requirements of state statistical registration authorities.
  • With respect to job applicants – to make decisions about the possibility of filling vacant posts by candidates who most closely meet the Company's requirements;
  • With respect to Representatives – signing and execution of the contract between the Company and the Representative entered into through acceptance of an offer on the Company's website;
  • With respect to users of products – provision of personalized information system services and services for the sale of the Company's products.
  • With respect to independently employed contractors and representatives of contractors – signing and execution of civil contracts and enforcement of contractual obligations to the Company;
  • With respect to representatives of subjects – fulfillment of actions taken by the Company on behalf of the representatives of personal data subjects;
  • With respect to visitors – allowance of visitors to pass into the protected premises of the Company and monitoring of their exit from the protected premises.

4. Conditions of personal data processing

4.1. The company's personal data processing is allowed in the following situations:

4.1.1. With the personal data's consent to personal data processing.

4.1.2. Personal data processing that is necessary for enforcement of and adherence to current laws.

4.2. The Company does not disclose or distribute personal data to third parties without the subject's consent, unless otherwise required by law, by contract with personal data subject, or not specified in their consent to process personal data.

4.3. The Company does not process personal data in specialized categories related to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status (with the exception of information that is relevant to the question of employee's performance of job functions and that is necessary for the purposes of certain pension legislation), intimate life, or membership in labor unions or union activity, except where expressly required by law.

4.4. The Company does not process biometric personal data.

4.5. When collecting personal data, the Company shall carry out recording, systematization, accumulation, storage, rectification (updating, changing), and extraction of personal data using databases located on the premises of the Company in the city of Moscow.

4.6. The Company does not perform cross-border personal data processing.

5. Confidentiality of personal data

5.1. Employees of the Company who have access to personal data must ensure the confidentiality of said data. Confidentiality is not required with respect to:

  • Personal data after its depersonalization;
  • Public personal data.

5.2. The Company may, with the consent of the subject, entrust the processing of personal data to another party, unless otherwise required by law, on the basis of a contract related to personal data processing on behalf of the Company entered into with said party, following the principles and rules of personal data processing as required by law. The amount of personal data transferred to another party for personal data processing and the number of processing methods used by said party must be the minimum necessary to fulfill their responsibilities to the Company. The Company's instructions must include a defined list of actions (operations) to be taken with personal data that will be performed by the party carrying out the personal data processing and purposes of the processing; said instructions must define the aforementioned party's responsibility to maintain the confidentiality of personal data and ensure the security of personal data during their processing as well as indicate the requirements for the protection of processed personal data in accordance with article 19 of Federal law 152-FZ of 27.07.2006 "On personal data".

When fulfilling the Company's instructions with regard to personal data processing, the party to whom the processing is entrusted shall be entitled to use their information systems located on the territory of the Russian Federation and conforming to safety measures required by law as instructed by the Company in the agreed-upon contract.

6. Consent of personal data subject to personal data processing

6.1. The personal data subject makes the decision about providing their personal data to the Company and consents to the processing of their own free will and in their own interest. Consent to personal data processing must be specific, informed and conscious, and may be given by the subject in any form that allows confirmation of the fact of their consent, unless otherwise required by law.

6.2. Representatives and Users of the products provide their personal data when registering in the system, buying the products, using the services of the information system, or through other interactions on the Company's website.

6.3. The use of the Company's information system services means unconditional agreement to the Policy and the terms and conditions of personal information processing mentioned within. In the event that the user disagrees with these conditions, they must refrain from using the information system services.

7. Rights of personal data subjects

7.1. The personal data subject has the right to receive information regarding the processing of their personal data. The personal data subject is entitled to request that the Company rectify, block, or destroy their personal data in the event that the personal data is incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the declared purpose of processing; and also to take legal measures to protect their rights. The personal data subject may make requests in writing, by e-mail to This e-mail address is being protected from spam. You need JavaScript enabled to view it , or via the feedback form on the Company's website.

7.2. The subject's inquiry about the Company's processing of their personal data in writing or by e-mail must contain:

  • Surname, first name, and patronymic/middle name of the personal data subject or their representative;
  • The number of a basic document proving the identity of the personal data subject as well as their representative (if the inquiry is made by a representative), the date the aforementioned document(s) was issued, and the issuing authority;
  • Information that confirms the personal data subject's relationship with the Company (number and date of contract with the Company, a copy (scan or photograph) of written communication or an SMS from the Company, etc.), or information that otherwise confirms personal data processing by the Company;
  • the signature of the personal data subject or their representative;
  • An inquiry issued through the feedback form on the Company's website does not need to contain the information described above.

7.3. The subject has the right to revoke their consent to the Company's processing of their personal data at any time by written declaration in any form containing basic document information that proves the subject's identity or the personal data that was specified when providing it to the Company, or by sending a request via the feedback form on the Company's website (in this case, identity-proving document information is not required).

7.4. If the personal data subject believes that the Company is processing personal data in violation of the law, or otherwise violating their rights and liberties, the personal data subject has the right to appeal the Company's actions to the authorized body on protection of the rights of subjects of personal data or through legal action.

7.5. The personal data subject is entitled to protect their rights and legal interests, including damages and/or compensation for psychological damage.

7.6. The personal data subject has the right to opt out of receiving promotional mailings by e-mail by clicking the unsubscribe link at the bottom of the received e-mail, or by writing a request in any form to Customer Care service at This e-mail address is being protected from spam. You need JavaScript enabled to view it .

8. Information concerning ongoing requirements for protection of personal data

8.1. The security of personal data processed by the Company is supported by the implementation of legal, organizational, and technical measures necessary and sufficient to meet the requirements of legislation concerning personal data.

9. Final provisions

9.1. Other responsibilities and rights of the Company as a personal data operator and as a party that processes data on behalf of other operators are regulated by the laws of the Russian Federation in the sphere of personal data.

9.2. Officials and employees of the Company responsible for the violation of terms regulating personal data processing and protection shall bear material, disciplinary, administrative, civil and criminal liability in accordance with the laws of the Russian Federation.

9.3. The terms of this Policy shall be revised as necessary. Mandatory Policy review shall be conducted in the event of significant changes in international or Russian Federation law in the sphere of personal data.

The following are considered when introducing changes to the terms of the Policy:

  • changes in the information infrastructure and/or technologies used by the Company;
  • established practice of enforcement of law in the sphere of personal data in the Russian Federation;
  • Changes to the conditions and nature of the Company's personal data processing in connection with the introduction of new information systems, processes and technologies into the Company's operation.