Privacy Policy

1. General Provisions

1.1. This Privacy Policy has been prepared in accordance with the requirements of the General Data Protection Regulation of May 4, 2016 (hereinafter referred to as the "Data Protection Act") and regulates the procedure for processing personal data and the measures to ensure the security of personal data collected by the Operator.

1.2. This Privacy Policy (hereinafter referred to as the "Privacy Policy") applies to all information the Operator receives about visitors to the website https://kerastep.com.
2. User Personal Data Processed by the Operator

2.1. For the purposes of this Privacy Policy, "User Personal Data" refers to personal data that the User provides about themselves when registering or using the Website.

2.2. The Operator collects and stores only the personal data necessary to provide services to the User and to conclude or execute contracts with the User.

2.3. This Policy applies exclusively to data processed during the use of the Website. The Operator does not control or assume responsibility for the processing of data by third-party websites accessed by the User via links on the Website or in the mobile version of the Website.

2.4. The Operator does not verify the accuracy of the personal data provided by the User and cannot assess their legal capacity. However, the Operator assumes that the User provides reliable and sufficient personal data and keeps it up-to-date at all times. The consequences of providing inaccurate or insufficient information are set out in the User Agreement.

3. Basic Rights and Obligations of the Operator

3.1. The Operator has the right to receive reliable information about personal data from the data subject. The Operator independently determines the composition and list of necessary and sufficient measures to ensure compliance with the obligations under the Personal Data Protection Act and the legal acts adopted thereunder, unless otherwise provided by the Personal Data Protection Act or other federal laws.

3.2. The Operator is obliged to provide the data subject with information about the processing of their personal data upon request, to organize the processing of personal data in accordance with the applicable laws of the Russian Federation, to prohibit the transfer (dissemination, provision, access) of personal data, to terminate processing and destroy personal data in the manner and in the cases provided for by the Law on Personal Data, and not to transfer personal data without their consent, unless otherwise provided by federal law.

4. Basic Rights and Obligations of Data Subjects

4.1. Data subjects are obliged to provide the Operator with reliable data about themselves and to inform the Operator about any clarification (updating, changing) of their personal data.

4.2. Persons who have provided the Operator with inaccurate information about themselves or about another data subject without their consent are liable in accordance with the laws of the Russian Federation.

4.3. The User may request the termination of the processing of personal data and the deletion of the personal data provided by them by contacting the Operator informally.

5. Principles of Personal Data Processing

5.1. The processing of personal data is limited to the achievement of specific, predetermined, and legitimate purposes.

5.2. Only personal data that are appropriate for the purposes for which they are processed may be processed.

5.3. When processing personal data, their accuracy, adequacy, and, where appropriate, relevance to the purposes of the processing shall be ensured. The Controller shall take the necessary measures and/or ensure their implementation to delete or rectify incomplete or inaccurate data.

5.4. Personal data shall be stored in a form that allows the identification of the data subject and only for as long as necessary for the purposes of the processing, unless the storage period for personal data is specified by federal law, an agreement to which the data subject is a party, beneficiary, or guarantor. The processed personal data will be destroyed or anonymized after the processing purposes have been achieved or when the need to achieve these purposes no longer exists, unless federal law provides otherwise.

6. Conditions for processing personal data

6.1. Personal data is processed with the consent of the data subject.

6.2. The operator storest data and protects it from unauthorized access and disclosure in accordance with internal regulations.

6.3. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access to personal data.

6.4. If personal data is inaccurate, the User can correct it independently by sending a notification to the Operator's email address at info@kerastep.com.

7. Final Provisions

7.1. The User can contact the Operator by email at info@kerastep.com with any questions regarding the processing of their personal data.

7.2. This document contains all changes to the Operator's Privacy Policy. The Policy is valid indefinitely until it is replaced by a new version.

7.3. The current version of the Policy is available free of charge on the Internet at https://kerastep.ru/en/politics.