1.2. Veles Technology LLC acts as a payment aggregator (a bank payment agent engaged by a Settlement Bank), an operator of information exchange services, provides information and technological interaction between Settlement Participants when performing transactions through the Velespay System.
The relationship between Veles Technology LLC (hereinafter referred to as the Company) and Settlement Banks is based on a contractual basis and is determined by the provisions of the Agreement on the beginning of the implementation of the Cooperation Program, the involvement of a bank payment agent-payment aggregator and the implementation of payment aggregator operations through the Velespay System (hereinafter referred to as the BPA Agreement) and the terms of the Agreement on the Provision of Payment Services using the Velespay electronic Payment method (hereinafter referred to as the Agreement).
In accordance with the terms of the Agreement, Veles Technology LLC, on behalf of and on behalf of the Settlement Bank, processes Users ' personal data in order to identify Users within the framework of Federal Law No. 115-FZ of 07.08.2001 "On Countering the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism" and Federal Law No. 161-FZ of 27.06.2011 "On the National Payment System" until the User enters into any Agreements (Agreements) with the Company.
1.5. If you do not agree with the terms of the Policy, or if you do not understand the Policy, the User must refrain from registering on the Company's Website and using the Company's Services.
2.1. Within the framework of the Policy, "User's personal data" means:
2.1.1. Any information related directly or indirectly to a specific or identifiable individual (Subject of personal data) that the User provides about himself / herself, including personal data when registering on the Site before entering into any agreements (Contracts) of the User with the Company.
The User hereby understands and agrees that registration on the Site and the creation of a Personal Account, the use of the Company's Services by the User is possible only if the User provides the necessary personal data and passes the identification procedure.
2.1.2. Data provided by the User independently:
When passing the simplified identification procedure (Formal account status):
- Cell phone number;
- E-mail address;
- Last name, First name and Patronymic (the latter-if available);
- Date of birth;
- Data of the identity document (series, number, name of the department that issued the document, date of issue of the document) and with the attachment of the scanned document;
- Address of the actual place of residence, registration at the place of residence and with the attachment of a scanned document;
- Taxpayer identification number (TIN) and / or insurance number of the individual personal account of the insured person in the system of personalized accounting of the Pension Fund of the Russian Federation (SNILS) and with the attachment of a scanned document;
When completing the full identification procedure (Personal / Business account status):
- The documents provided under the simplified identification procedure are notarized and sent by Post to the address of the company's location or authorized representative of the company; or
- The documents provided in the simplified identification procedure are provided in person with a visit to the company's office or an authorized representative of the company;
Depending on the Company's Service and the services provided, the list of information provided by the User may be changed.
2.1.3. The User provides the Company with the necessary reliable and up-to-date User Information for the formation of the Personal Account, including a unique Login for each User (E-mail or cell phone number for entering the Personal Account).
2.1.4. After receiving the Information, the Company checks the provided Information for completeness and reliability, verifies the authenticity (validity) of the submitted documents, the compliance of the submitted documents with the information and data specified in the electronic form of the Questionnaire. For these purposes, the Company uses the information contained in the open information systems of the state authorities of the Russian Federation, the Pension Fund of the Russian Federation, the Federal Compulsory Health Insurance Fund, posted on the Internet.
2.1.5. Automatically collected data:
- IP address;
- Data from cookies;
- Information about the User's browser, technical characteristics of the hardware and software used by the User;
- date and time of access to the site, the addresses of the requested pages and other similar information;
When browsing the Company's websites, the following depersonalized statistical data about the User is automatically collected (from cookies), including:
- The type of action performed on the Service's website (click, hover, etc.);
- Date and time when the action was performed;
- Page URL;
- IP (without the ability to work with IP addresses in statistics);
- ClientID (browser id for the cookie file);
- Screen Resolution;
- The class of the HTML element that is clicked on;
- Data about the information viewed by the User in the interface of the Company's Services;
- Data on the facts of filling out forms/requests on the Company's Services ' websites, including errors when filling them out;
2.1.6. The processing of Users ' personal data is carried out with their Consent.
Consent to the processing of personal data must be specific, informed and conscious. Consent to the processing of personal data can be given by the User or his legal representative in any form that allows you to confirm the fact of its receipt.
2.1.7. The User who registers on the Site in order to gain access to the Company's services, independently puts a mark in the appropriate form under the Application for personal data processing and thereby expresses his full Consent to the processing of personal data in accordance with Article 9 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
If the consent to the processing of personal data is obtained from the legal representative of the User, the authority of this representative to give consent on behalf of the User is checked by the Company.
2.1.8. The Company may obtain publicly available information when the User uses third-party resources (for example, chats/forms/social networks). This data may contain information that the User publishes, including in the form of comments or reviews about the Company's Services. The Company uses such information in order to improve the quality of User service.
2.1.9. The Company may also process certain data (for example, IP address, user device ID) in order to identify and / or prevent conditions that facilitate the commission of actions using the Personal Account that contradict the requirements of the law or the Agreement (Contract) concluded by the User with the Company, in accordance with which the Client is granted access to the Personal Account.
2.1.10. The Company may receive information in order to maintain an adequate level of security of online payments made by the User using electronic means of payment on the Company's Services. The list of such information is defined in Section 5 of the Policy.
2.2. The User provides reliable and sufficient personal information about himself and keeps such information up to date.
3.1. Personal data is collected and processed for the purpose of identifying Users in the framework of fulfilling obligations under the BPA Agreement; ensuring the execution of the User Agreement; Agreements (Contracts) on the use of the Company's Services; providing the User with access to the Personal Account and performing operations provided for by the functionality of the Personal Account; providing personalized Services of the Company; improving the quality of the Site, conducting statistical and other research based on depersonalized personal data.
3.2. Minors aged from fourteen to eighteen years carry out the registration procedure on the Company's Website, in order to gain access to the Personal Account and services of the Company, only with the written consent of their legal representatives - parents, adoptive parents or a trustee. At the same time, minors must obtain the written consent of their parents for the processing of personal data.
4.1. When processing the User's personal data, the Company is guided by Federal Law No. 152-FZ" On Personal Data " of 27.07.2006 and other regulatory acts regulating relations in the field of personal data security.
4.3. The processing of personal data by the Company consists in the collection, recording on electronic media, storage, clarification (updating, changing), transfer (provision, access), depersonalization, blocking, destruction and protection from unauthorized access.
4.4. The processing of personal data is carried out by the method of mixed (including automated) processing.
4.5. The information provided by the User to the Company is confidential.
The Company ensures the confidentiality of the information provided and is obliged to prevent its distribution to third parties, without the User's consent, or the presence of other legal grounds.
All confidentiality measures for the collection, processing and storage of personal data of clients apply to both paper and electronic (automated) data carriers.
The privacy regime of personal data is removed in cases of depersonalization or publication in publicly available sources (mass media, Internet, Unified State Register of Legal Entities and other public state registers).
5.1. The Operator transfers personal information to third parties only for the purpose of the targeted processing indicated at the conclusion of the BPA Agreement, Agreements (Agreements) on the use of the Company's Services and obtaining the User's consent to the processing of personal data in the form of transfer to third parties, namely, the transfer of personal data is carried out by the Operator:
- to Settlement banks, within the framework of the Agreement on the beginning of the implementation of the Cooperation Program, the involvement of a bank payment agent-payment aggregator and the implementation of payment aggregator operations through the Velespay System (BPA Agreement);
- in order to comply with the proper level of security of online payments made using electronic means of payment through the Company's Services, the Company may transmit information to credit institutions involved in making transfers within the framework of the Company's Services, the list of which is established by the security protocols of payment systems, acquiring banks, issuers of electronic means of payment;
- within a group of companies, including subsidiaries and / or holding companies, in relation to the Company itself, in order to expand the User database or exchange user information about Customers;
The transmission of information may be mandatory, for example, in terms of information about user equipment: IP address, OS, geographical data, ID/type of equipment, channel used: browser/application, payment authorization, identification/verification, or optional, for example, in terms of information about address match indicators, information about the supplier's system account, email address, mobile phone number, payment amount, the level of risk set by the supplier, MCC.
5.2. Transition of control.
The transfer takes place within the framework of a sale or other transfer of the business (in whole or in part), while the acquirer assumes all obligations to comply with the terms of the Policy in relation to the User's personal information received by him.
5.3. Settlement banks ensure the confidentiality of personal data and the security of personal data during their processing.
5.4. The transfer of personal data to state authorities is carried out within the scope of their powers in accordance with the applicable legislation.
6.1. Modification and destruction of the User's personal data.
6.1.1. Destruction of personal data means actions that make it impossible to restore the content of personal data on the Site and/or as a result of which the material carriers of personal data are destroyed.
6.1.3. In the event of changes to the information previously provided by the User in electronic Form/As part of the registration procedure on the Site, the User is obliged to notify the Company in writing about this fact and provide new information within 10 (Ten) calendar days from the date of such changes.
6.1.4. The Company updates the information obtained during the User identification process at least once a year.
When updating information, the Company has the right to request information, documents from the User or to use information from open information systems of state authorities of the Russian Federation, the Pension Fund of the Russian Federation, the Federal Compulsory Health Insurance Fund, posted on the Internet.
6.1.5. Within the limits established by the applicable legislation, the User has the right to withdraw their consent to the processing of personal data, which was previously provided to them. In some cases, the withdrawal of consent will mean that the User will not be able to use the Personal Account and the Company's Services.
6.1.6. In the event of a corresponding written request from the User, the Company is obliged to make the necessary changes, destroy the personal data upon the provision by the User or his legal representative of information confirming that the personal data related to the relevant User and processed by the Company are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing.
6.1.7. The Company destroys the User's personal data no later than 7 (Seven) business days from the date of receipt of the corresponding written request from the User.
6.1.8. The Company, within the limits established by the applicable legislation, informs about the change or destruction of the User's personal information to each recipient to whom such personal information has been disclosed, unless this is impossible or requires a disproportionate effort.
6.1.9. In the event of a written request to the User's Company for the destruction of up-to-date information on personal data, the Company stops processing the User's personal data, with the exception of the storage and blocking operation.
6.2. The right to access the User's personal data.
6.2.1. In accordance with the applicable legislation, the User or his / her legal representative has the right to request information from the Company regarding:
- confirmation of the fact of processing of personal data by the Company, as well as the purpose of such processing;
- methods of processing personal data used by the Company;
- name and location of the Company, information about persons who have access to personal data or who may be granted such access;
- the list of personal data processed and the source of their receipt;
- terms of processing of personal data, including the terms of their storage;
- information about the legal consequences for the User that the processing of their personal data may entail;
6.2.2. The information (a copy of it) specified in clause 6.2.1 of the Policy must be provided to the User in an accessible form (in writing or by other means of communication).
6.2.3. If the Company has grounds for doubt regarding the identification of the User or his legal representative submitting the request in accordance with clause 6.2.1 of the Policy, the Company has the right to request the provision of additional information necessary to confirm the identity of such User or his legal representative.
6.2.4.The Company considers the request for the provision of information (a copy thereof) specified in clause 6.2.1 of the Policy within 30 (thirty) calendar days from the date of receipt of the request from the User or his legal representative. The Company has the right to extend the specified period up to 60 (sixty) calendar days, taking into account the complexity and number of requests. The Company informs the User or his / her legal representative about such extension of the term, with an indication of the reasons that served as the basis for such extension, through the services of the Russian Post or through the User's Personal Account.
6.2.5. In case of refusal to provide the User or his legal representative, when applying or receiving a request from the Personal Data Subject or his legal representative, information about the availability of personal data about the relevant Personal Data Subject, the Company is obliged to give a reasoned response in writing, containing a reference to the provision of Part 8 of Article 14 of the Federal Law "On Personal Data" or other Federal Law, which is the basis for such refusal, within the time limit, no more than 30 calendar days from the date of the request of the Personal Data Subject or his legal representative, or from the date of receipt of the request of the Personal Data Subject or his legal representative.
6.2.6. The processing of the User's personal data may be accessed by the General Director of the Company and the Company's employees, whose official duties are directly related to the access and work with the User's personal data.
7.1. The Company protects and processes the User's personal data in accordance with the requirements of applicable legislation, including Federal Law No. 152-FZ "On Personal Data" of 27.07.2006, the Decree of the Government of the Russian Federation "On Approval of requirements for the protection of personal data when processing them in Personal Data information systems" No. 1119 of 01.11.2012 and other regulatory acts regulating relations in the field of personal data security.
7.2. When processing personal data, the Company ensures their security and takes the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of the User's personal data, as well as from other illegal actions, by establishing a confidentiality regime and monitoring its compliance with such data, as well as by implementing additional protection measures that implement the requirements of the legislation of the Russian Federation, standards and internal organizational and administrative documents of the Company.
8.1. In everything that is not directly provided for by the Policy, the Company and the User are guided by the terms of the Personal Data Regulation, the legislation of the Russian Federation and business practices.
8.2. The Company provides the User with information support by phone, as well as through the web sites of the Company's Services.
8.3. When the User requests to provide information within the framework of the Policy, as well as in other cases, the Company has the right to perform additional authentication of the User using the following data:
- the mobile phone number and / or email address specified by the User in the personal account during registration and identification;
- number of the operation performed using the Company's Services;
- other data at the discretion of the Company;
8.4. The Company reserves the right to make unilateral changes to the Policy at any time without prior notice to the User. Changes made to the Policy come into force from the date of posting the new version of the Policy on the Company's website.
Veles Technology LLC
Registration number: 1167746578625
INN/KPP: 9729012924 / 770901001
Address: 3 Marksistskaya street, building 3, Moscow, Russia, 109147
Phone/Fax: +7 (495) 133-65-64