Website Use Rules

If third-party users have signed up on or started using asp-aqua.ru website, it means full and unconditional agreement with these Website Use Rules. If a Website User does not agree with these Rules, he shall leave the website.

The Use Rules of asp-aqua.ru Website are valid from 08.02.2013 to 07.02.2028 or to the next version.

The Website Administrator has the right to make adjustments to these Rules, in this case, if the user continues using the Website, it means that he automatically agrees to the changes introduced.

1. Basic Concepts and Definitions

1.1. Website — a set of web pages posted the Internet, united by a single subject, design and a single asp-aqua.ru domain address space.

1.2. Website Administrator — website management authorized employees acting on behalf of the Company, organizing and (or) processing personal data, as well as determining the purposes of processing the personal data, the composition of the personal data to be processed, actions (operations) performed with the personal data;

1.3. User — an adult legally capable individual who accesses the Website via the Internet.

1.4. Personal Data (PD) — any information relating to an individual (subject of personal data) directly or indirectly specified or to be specified;

1.5. Confidentiality — the need to prevent leakage (disclosure) of any information;

1.6. Confidentiality of Information — a mandatory requirement for a person who has an access to certain information not to transfer such information to third parties without the consent of its owner;

1.7. Personal Data Processing — any action (operation) or totality of actions (operations) to be performed with personal data with or without use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

1.8. Automated Personal Data Processing — processing of personal data using computer technologies;

1.9. Dissemination of Personal Data — actions aimed at disclosure of personal data to an indefinite range of persons;

1.10. Provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain circle of persons;

1.11. Blocking of Personal Data — temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data);

1.12. Destruction of Personal Data — actions resulting in impossibility to restore the content of personal data in the personal data information system and (or) resulting in destruction of material media bearing the personal data;

1.13. Personal Data Information System (PDIS) — a totality of personal data contained in databases and information technologies and technical means that ensure its processing.

2. Use of asp-aqua.ru Website Content

2.1. Copying of the textual and graphic information of the Website is only allowed for personal use of the Website by the User.

2.2. Copying and use of the contents of the Website by third-party resources is only allowed if the active link to asp-aqua.ru Website is posted.

2.3. Commercial use of the Website by its Users is prohibited.

2.4. Copying and attempting to breach the source code used in the Website development is prohibited.

2.5. It is forbidden to use the Website design elements, corporate identity, asp-aqua.ru logo. All rights to these objects are reserved.

2.6. Spam e-mailing on behalf of the Website is prohibited.

2.7. When signing up on the Website, It is forbidden to enter the Personal Data, including contact details of other Users or other persons without their prior consent.

3. Processing of Personal Data

In case if a Website User has completed the signing-up procedure, participated in the running Promotions, called the hotline or other contact numbers, the Administrator’s email address posted on asp-aqua.ru Website, and also left a message in the Administrator’s feedback windows or using other means, and provided the Administrator with his personal data, he automatically agrees to its processing, storage and use.

The Administrator processes personal data for the following purposes:

  • Identification of the User signed up on asp-aqua.ru Website, for placing an order, taking part in the Promotions, and (or) for concluding of a purchase and sale contract for the goods, as well as the User who has called the hotline or other contact numbers, the Administrator’s email address posted on asp-aqua.ru Website, and who has left a message in the Administrator’s feedback windows or with using other means;
  • Provision of the User with an access to the Website personalized resources;
  • Establishment of feedback with the User, including sending notifications, requests regarding the use of the Website, provision of services, processing of requests and applications from the User;
  • Determination of the User’s location to ensure security, fraud prevention;
  • Confirmation of authenticity and completeness of the personal data provided by the User;
  • Creation of an account for making purchases, if the User has agreed to create an account;
  • Notification of the Website User about the Order status;
  • Provision of the User with efficient customer and technical support in case if problems related to the Website use arise;
  • Provision of the User with his consent, with product updates, special offers, pricing information, newsletters and other information on behalf of the Company or on behalf of the Company’s partners.
  • Implementation of advertising activities with the User’s consent;
  • Conclusion, performance and termination of civil law contracts with individuals, legal entities, individual entrepreneurs and other persons, in cases provided for by the effective legislation of the Russian Federation and the Administrator’s Charter.

4. Principles of Personal Data Processing

The Personal Data is processed at the Company based of the following principles:

  • The Personal Data is processed on a legal and fair basis;
  • Processing of the Personal Data is limited to achievement of specific, predetermined and legitimate goals. Processing of the Personal Data incompatible with the purposes of collection of the Personal Data is not allowed;
  • It is not allowed to combine databases containing the Personal Data that is processed for purposes incompatible with each other;
  • Only those Personal Data that meet its processing purposes shall be subject to processing;
  • The content and volume of the Personal Data to be processed correspond to the stated processing purposes. The Personal Data to be processed is not redundant in relation to the stated processing purposes;
  • When processing the Personal Data, provision is made for accuracy and sufficiency of the Personal Data, and, if necessary, — also its relevance in relation to the stated processing purposes;
  • The Personal Data is stored in a form that allows determining the subject of the Personal Data for no longer than the Personal Data processing purposes need, unless the storage period of the Personal Data is established by a federal law, contract, to which the subject of the Personal Data is a party, beneficiary or guarantor. The Personal Data to be processed is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by a federal law.

5. Terms of Processing of the Personal Data

5.1. The Personal Data is processed in compliance with the principles and rules established by the Federal Law «Concerning Personal Data».

5.2. If necessary, the Company may include the Personal Data of the subjects in publicly available sources of personal data, while the Company obtains written consent of the subject to processing of his Personal Data.

5.3. The Company may process special categories of the Personal Data related to race, nationality, health status, while the Company undertakes to obtain written consent of the subject to processing of his Personal Data.

5.4. Decisions based solely on automated processing of the Personal Data that generate legal consequences with respect to the subject of the Personal Data or otherwise affect his rights and legitimate interests may not be made.

5.5. In the absence of the need for written consent of the subject to processing of his Personal Data, the consent of the subject may be provided by the subject of the Personal Data or his representative in any form enabling to confirm its actual obtaining.

5.6. The Company has the right to make it incumbent on another person to process the Personal Data with consent of the subject of the Personal Data, unless otherwise provided by a federal law, based on a contract entered into with this person (hereinafter referred to as the «Administrator’s Order»). At the same time, the Company in the contract obliges the person processing the Personal Data as designated by the Company, to adhere to the principles and rules of the Personal Data processing provided for by this document and Federal Law No. 152-FZ «Concerning Personal Data».

5.7. If the Company makes it incumbent on another person to process the Personal Data,, the Company shall be responsible to the subject of the Personal Data for the actions of this person. The person who processes the Personal Data as designated by the Company shall be responsible to the Company.

5.8. The Company undertakes and obliges other persons who have gained an access to the Personal Data not to disclose to third parties and not to distribute the Personal Data without consent of the subject of the Personal Data, unless otherwise provided by a federal law.

6. Rights of the Subject of the Personal Data

6.1. In accordance with No. 152-FZ «Concerning Personal Data», the subject of the Personal Data has the right to:

6.1.1 Obtain information regarding processing of the Personal Data by the Administrator, namely:

  • Confirmation of the actual processing of the Personal Data by the Administrator;
  • Legal grounds and purposes of processing of the Personal Data;
  • Purposes and methods of processing of the Personal Data used by the Administrator;
  • Name and location of the Administrator, information about the persons (with the exception of the Administrator’s employees) who have an access to the Personal Data or to whom the Personal Data may be disclosed based on a contract entered into with the Administrator or based on a federal law;
  • The processed Personal Data relating to the relevant subject of the Personal Data, its receipt source, unless another procedure for submission of such data is provided for by a federal law;
  • Processing terms of the Personal Data, including its storage terms;
  • The procedure for exercise by the subject of the Personal Data of the rights provided for by No. 152-FZ «Concerning Personal Data»;
  • Information about the cross-border data transfer that has been carried out or is expected to be carried out;
  • Name or surname, first name, patronymic and address of the person processing the Personal Data as designated by the Administrator, if processing is or will be made incumbent on such person;
  • Other information provided by No. 152-FZ «Concerning Personal Data» or other federal laws.

6.1.2. Require the Administrator to clarify his Personal Data, to block or destroy it in case if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose;

6.1.3. To raise an objection against to making decisions with respect to oneself that generate legal consequences based solely on the automated processing of the Personal Data;

6.1.4. Withdraw the consent to processing of the Personal Data in the cases provided for by the law.

6.2. The right of the subject of the Personal Data to access his Personal Data can be restricted in accordance with the RF federal laws.

7. Responsibilities of the Company

7.1. In accordance with the requirements of Federal Law No. 152-FZ «Concerning Personal Data», the Company shall:

7.1.1. Provide the subject of the Personal Data, upon his request, with information concerning processing of his Personal Data, or provide a refusal on legal grounds;

7.1.2. At the request of the subject of the Personal Data, clarify the Personal Data to be processed, block or delete it if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose.

7.1.3. Keep a Log of Registration of the Subjects of the Personal Data, which shall record the requests of the subjects of the Personal Data to obtain the Personal Data, as well as the actual provision of the Personal Data according to these requests.

7.1.4. Notify the subject of the Personal Data about processing of the Personal Data if the Personal Data was not received from the subject of the Personal Data. The following cases are an exception:

  • The PD subject has been notified about processing of his PD by the relevant Administrator;
  • PD is received by the Company based on a federal law or in connection with performance of a contract, to which the PD subject is a party or beneficiary or guarantor;
  • PD is made publicly available by the PD subject or is obtained from a publicly available source;
  • The Company processes PD for statistical or other research purposes, for implementation of the professional activity of a journalist or scientific, literary or other creative activity, if the rights and legitimate interests of the PD subject are not violated;
  • Provision of the PD subject with the information contained in the Notification of PD Processing, violates the rights and legitimate interests of third parties.

7.1.5. In case if the processing purpose of the Personal Data is achieved, immediately terminate processing of the Personal Data and destroy the relevant Personal Data within a period not exceeding thirty days from the achievement date of the processing purpose of the Personal Data, unless otherwise provided by the contract, to which the subject of the Personal Data is a party, beneficiary or guarantor, other agreement entered into between the Company and the subject of the Personal Data or if the Company does not have the right to process the Personal Data without consent of the subject of the Personal Data on the grounds provided for by No. 152-FZ «Concerning Personal Data» or other federal laws.

7.1.6. If the subject of the Personal Data withdraws the consent to processing of his Personal Data, stop processing the Personal Data and destroy the Personal Data within a period not exceeding thirty days from the receipt date of the said withdrawal, unless otherwise provided by the agreement between the Company and the subject of the Personal Data. The Company is obliged to notify the subject of the Personal Data about the destruction of the Personal Data.

7.1.7. In case of receipt of the subject’s request to terminate processing of the Personal Data to promote goods, works, services on the market, immediately stop processing of the Personal Data.

8. Measures to Ensure Security of the Personal Data during Processing

8.1. When processing the Personal Data, the Company takes the necessary legal, organizational and technical measures to protect the Personal Data from an unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of the Personal Data, as well as from other illegal actions with respect to the Personal Data.

8.2. Ensuring Security of the Personal Data is achieved, in particular, by:

  • Identification of threats to security of the Personal Data during its processing in the Personal Data information systems;
  • Application of organizational and technical measures to ensure security of the Personal Data during its processing in the Personal Data information systems necessary to meet the requirements to protection of the Personal Data, the compliance with which ensures the Personal Data protection levels established by the Government of the Russian Federation;
  • Use of the information security tools that have undergone the compliance assessment procedure in accordance with the established order;
  • Assessment of efficiency of the measures taken to ensure security of the Personal Data prior to the commissioning of the Personal Data information system;
  • Taking into account machine-based personal data storage media;
  • Detection of facts of unauthorized access to the Personal Data and taking measures
  • Recovery of the Personal Data modified or destroyed resulting from the unauthorized access to it;
  • Establishment of the rules for access to the Personal Data to be processed in the Personal Data information system, as well as by ensuring of registration and accounting for all actions made with the Personal Data in the Personal Data information system;
  • Monitoring of the measures taken to ensure security of the Personal Data and the security level of the Personal Data information systems.

9. Changing the Website Use Rules

9.1. The Company has the right to make changes to these Rules.

9.2. When introducing changes, the date of the last version update is indicated in the heading of the Rules. The new version of the Rules comes into force from the time it is posted on the Company’s website, unless otherwise provided by the new version of the Rules.