Privacy Policy
1.1. Limited Liability Company “Vega”, which is the administrator of the second-level domain name “goodwix.com”, hereby determines the procedure for the processing of personal data and other confidential information collected using the website goodwix.com.
1.2. This Privacy Policy (hereinafter — the Policy) is developed and used in accordance with the Terms of Use of goodwix.com, located at https://goodwix.com/user-agreement/.
1.3. The purpose of the Policy is to ensure proper protection of the collected personal data and other confidential information from unauthorized access and disclosure.
1.4. The terms and concepts used in this document must be interpreted according to the definitions provided in section 1 of the user agreement of the goodwix.com site.
1.5. The rules established by clauses 2.1.-2.3., 2.5.-2.6. and 2.8.-2.12. The user agreement of goodwix.com in relation to the User Agreement is equally applicable to this Policy.
2. Definitions and interpretation
2.1. Personal data — any information relating to a directly or indirectly determined or determined individual (subject of personal data).
2.2. Personal data operator (operator) — a state body, municipal body, legal or natural person, organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.
2.3. Personal data processing — any action (operation) or a set of actions (operations) with personal data, performed with the use of automation tools or without their use.
2.4. Automated processing of personal data — processing of personal data using computer technology.
2.5. Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.
2.6. Provision of personal data — actions aimed at disclosing personal data to a specific person or a certain circle of persons.
2.7. Blocking of personal data — a temporary suspension of the processing of personal data (unless it is necessary to process personal data).
2.8. The destruction of personal data is an action, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed.
2.9. Anonymization of personal data is an action in which it becomes impossible without the use of additional information to determine the identity of personal data to a specific subject of personal data.
2.10. Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.11. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
2.12. Confidential information — any information relating to the User and / or placed by the User on the Site, including personal data of the User and third parties, except for the one that the Administration made publicly available at the request of the User, including information about the User’s activity on the Site.
2.13. Registered User — A user who has passed the registration procedure on the Site.
2.14. Unregistered User — A user who has not passed the registration procedure on the Site.
3. Purposes of personal data processing
3.1. The administration processes personal data collected using the goodwix.com site solely for the purpose of:
3.1.1. fulfillment of the obligations stipulated by the User Agreement and the Privacy Policy to the Users, as well as individual entrepreneurs and legal entities on whose behalf and in the interests of which the Users act when using the Site Functionality;
3.1.2. compliance with current accounting, tax laws, legislation in the field of personal data and information protection;
3.1.3. implementation of the Functional Service for the creation and display of the User Account. The administration organizes and displays in the Service User accounts containing information that the Users have independently made publicly available;
3.1.4. User identification in the framework of the fulfillment of obligations under contracts concluded with him;
3.1.5. providing technical support to users in connection with the use of the Service. Contact support is accepted using the software of the Site and e-mail;
3.1.6. providing feedback to the User in order to provide information services and improve the quality of the Service under the concluded agreements, including in the order of notification with the involvement of third parties. Communication with the User is carried out through e-mail or by the phone number specified by the User during Registration or in the process of using the Service;
3.1.7. formation of impersonal user data about the interests and preferences of Users, the frequency and duration of visits to certain pages of the Service and other data for:
3.1.7.1. targeting advertising and / or informational materials on the criteria of age, gender, scope of activity and other signs;
3.1.7.2. conducting marketing, statistical and other research, as well as marketing and other actions aimed at promoting the Service and other goods and services.
4. Volume and categories of processed personal data of Users
4.1. The administration processes the following personal data of the Users, collected by the Site automatically without the participation of the Users when visiting the site:
4.1.1. IP address
4.1.2. type, version of browser used and installed add-ons;
4.1.3. information about your operating system;
4.1.4. information about the hardware of the User, including information about the resolution of the screen of the device of the User;
4.1.5. information about the geolocation of the user,
4.1.6. data on the visited pages of the Site and time of visit,
4.1.7. other data obtained using various technologies, such as cookies, flash cookies, tracking JS files, other data on the User’s behavioral activity on the Site, data on pages from which the transition to the Site was made.
4.2. Personal data specified in clause 4.1. Policies may be obtained by the Administration from third parties using third party software, including but not limited to the following:
4.2.1. Services for collecting statistics on the attendance and activity of users (Yandex.Metrica, Google Analytics, and others);
4.2.2. Plug-ins of social services;
4.3. The obligation to notify the User of the processing of his personal data and obtain consent for their transfer to the Administration lies with the third person who provided the personal data of the Administration.
4.4. In addition to the data specified in paragraph 4.1. Policies, Administration processes the following personal data of registered Users, indicated by them during registration on the Site and in the process of using the Site Functionality:
4.4.1. surname, name, patronymic, e-mail, phone number of the User, name of the company whose interests are represented by the User, position in the specified company, website of the specified company and industry of the company, as well as other personal data specified by the registered User during registration;
4.4.2. address of the place of registration, TIN, OGRNP, date of birth, place of birth, series, passport number, date of issuance of the passport, authority that issued the passport, details of the bank account of the User — an individual entrepreneur, if he uses the Website Functional for business purposes;
4.4.3. other personal data specified by the User in the Personal Account.
4.5. In addition to the data specified in paragraph 4.1. Policies, Administration processes personal data of unregistered Users who applied to the Administration for this or that free service in the following scope: surname, name, patronymic, e-mail, telephone, company name, website and position in the company whose interests the User represents.
4.6. The administration does not handle special categories of personal data, as well as biometric personal data.
5. The procedure and conditions for the processing of users’ personal data
5.1. The personal data of the registered User is processed from the moment the User is registered on the Website. The personal data of an unregistered User is processed from the moment of the first visit to any page of the Site.
5.2. By virtue of Article 6 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”, the separate consent of the User to the processing of his personal data is not required. The Administration collects, records, organizes, accumulates, stores, refines (updates, changes), retrieves, uses, transfers (provides, access), remodel, blocks, deletes, deletes users’ personal data using automation tools and without using such tools.
5.3. The administration stores the personal data of the Users in electronic form on a cloud server. The extraction of personal data of users from the cloud storage and subsequent processing using machine-based media and in paper form can be carried out only in cases when it is required to comply with the legislation of the Russian Federation in the field of accounting and tax accounting.
5.4. The administration does not distribute and cross-border transfer of users’ personal data.
5.5. The administration can provide users’ personal data to law enforcement agencies in cases expressly provided for by the legislation of the Russian Federation.
5.6. The Administration can provide access to the User’s personal data to another User if it is necessary for the Users to interact in using the Website Functional, in the amount necessary for performing such interaction and solely on the initiative of one of the Users.
5.7. The registered User agrees that the Administration has the right to entrust the processing of his personal data to another person on the basis of a contract concluded with this person. At the same time, the Administration in the contract obliges the person carrying out the processing of personal data on behalf of the Administration to comply with the principles and rules for the processing of personal data provided for by the legislation of the Russian Federation. Responsibility to the subject of personal data for the actions of this person is borne by the Administration. The person who processes personal data on behalf of the operator is responsible to the Administration.
5.8. The administration processes the users’ personal data using databases located on the territory of the Russian Federation.
5.9. Deactivation of the User’s Account entails the termination of the processing of his personal data specified in clause 4.1., And their destruction by the Administration within 10 days from the moment of Deactivation of the Account, if a longer storage period is not provided for by the legislation of the Russian Federation.
5.10. The removal by the User of his personal data specified in paragraph 4.4. of this Policy, or the Deactivation of the User’s Account, results in stopping the processing of the User’s personal data specified in paragraph 4.4. of this Policy.
5.11. Personal data of the registered User, access to which was granted to another registered User in the manner provided for by clause 5.6. Policies can not be destroyed until they are last removed or Deactivate an account of the latter and must be destroyed within 10 days from the moment of removal or Deactivation, if a longer storage period is not provided for by the legislation of the Russian Federation.
5.12. The administration stores personal data, the processing of which is provided for by paragraph 4.5. Policies, until the end of the service or until the User abandons the service and must be destroyed by the Administration within 10 days from the end of the service or abandonment of the service.
6. Volume and categories of processed personal data of third parties
6.1. Users, using their own Accounts, place on the Website personal data of third parties who are not Users of the Site, including:
6.1.1. personal data of individual entrepreneurs on whose behalf and in the interests of which the Users act when using the Site Functionality, in particular, data on surname, name, patronymic, address of registration place, TIN, OGRNP, date of birth, place of birth, series, passport number, date of issue , passport issuer, bank account details;
6.1.2. personal data of persons authorized to conclude contracts and sign other legally significant documents on behalf of legal entities on whose behalf and in the interests of which the Users act when using the Site Functionality, in particular, data on the person’s last name, first name, patronymic and position;
6.1.3. other personal data of persons specified in clause 6.1.1. and 6.1.2. Policies, if these data are necessary for concluding an agreement with an individual entrepreneur or a legal entity, on whose behalf and behalf of which the User acts;
6.1.4. personal data of employees, counterparties and employees of counterparties of legal entities or individual entrepreneurs, on whose behalf and in the interests of which the Users act when using the Site Functionality.
6.2. The volume of personal data processed by the persons listed in clause 6.1.4. Policies are determined at their discretion by an individual entrepreneur or a legal entity, on whose behalf and in the interests of which the User acts who has posted them.
7. Procedure and conditions for processing third-party personal data
7.1. The user guarantees that:
7.1.1. It is authorized to place those specified in clause 6.1. personal data of third parties on the Site by an individual entrepreneur or a legal entity, on behalf of and in whose interests the User acts;
7.1.2. third parties whose personal data are placed in accordance with clause 6.1. Policies are notified of the processing of their personal data.
7.2. The user independently using the Site Functionality collects, records, updates (updates, changes), extracts, uses, depersonalizes and deletes placed in accordance with clause 6.1. Third party personal data policies.
7.3. Regarding personal data of third parties listed in clause 6.1.4. Policy, the Operator is the User — an individual entrepreneur, if he acts on his own behalf and in his own interests, or an individual entrepreneur or legal entity, on whose behalf and behalf of which the User acts, who has placed personal data. The administration processes personal data at the request of the Operator in compliance with the principles and rules established by the Federal Law “On Personal Data”, ensuring their confidentiality and security during processing. The user guarantees that the Operator has obtained consent to the instructions for processing personal data of the Administration.
7.4. The administration processes personal data placed by the User in accordance with clause 6.1.4 of the Policy by systematizing, accumulating, storing, transmitting (providing, accessing) and destroying only using automation tools.
7.5. The Administration stores personal data placed by the User in accordance with clause 6.1.4 of the Policy, only in electronic form on a cloud server.
7.6. Transfer (provision, access) to personal data posted by the User in accordance with clause 6.1.4 of the Policy is carried out only by direct instruction of the User who posted them.
7.7. The administration processes the personal data specified in clause 6.1.4 of the Policy from the moment they are posted until they are deleted by the User or the User Account is deactivated, which entails. The termination of the processing of such personal data entails their destruction by the Administration within 10 days from the moment of termination of the processing. This rule does not apply if access to such personal data was previously granted to another registered User in the manner provided for by clause 7.6 of this Policy. In this case, the termination of the processing of such personal data and their destruction occurs within 10 days from the moment of their deletion by the User who obtained access to them, or from the moment of Deactivating the last Account.
7.8. Regarding the personal data listed in clauses 6.1.1.-6.1.3. Policies, the Operator is the Administration. The user agrees that the Administration has the right to entrust the processing of this personal data to another person on the basis of a contract concluded with this person. At the same time, the Administration in the contract obliges the person carrying out the processing of personal data on behalf of the Administration to comply with the principles and rules for the processing of personal data provided for by the legislation of the Russian Federation. Responsibility to the subject of personal data for the actions of this person is borne by the Administration. The person who processes personal data on behalf of the operator is responsible to the Administration.
7.9. The administration processes personal data placed by the User in accordance with clause 6.1.1.-6.1.3. Policies, through the extraction, use, systematization, accumulation, storage, transfer (provision, access), destruction with or without the use of automation.
7.10. Deletion by the User of personal data specified in paragraph 6.1.1.-6.1.3. Policies or Deactivation of the User’s Account shall entail the termination of the processing of personal data specified in clauses 6.1.1.-6.1.3., And their destruction by the Administration within 10 days from the moment of termination of processing, if a longer storage period is not stipulated by the legislation Federation or paragraph 7.11 of this Policy.
7.11. The personal data of third parties, access to which was provided to the registered User from another registered User, cannot be destroyed until they are last deleted or Deactivated The last account and must be destroyed within 10 days from the time of removal or Deactivation, if the storage period is longer not stipulated by the legislation of the Russian Federation.
7.12. The Administration stores personal data posted by Users on the Site in accordance with clause 6.1.1.-6.1.3. Policies, electronically on a cloud server. The extraction of personal data of users from the cloud storage and subsequent processing using machine-based media and in paper form can be carried out only in cases when it is required to comply with the legislation of the Russian Federation in the field of accounting and tax accounting.
7.13. The administration does not distribute and cross-border transfer of personal data posted by the User in accordance with clause 6.1. Politicians.
7.14. The administration processes personal data posted by the User in accordance with clause 6.1. Policies using databases located on the territory of the Russian Federation.
7.15. Personal data posted by Users on the Website in accordance with clause 6.1. Policies cannot belong to a special category of personal data or to biometric personal data.
8. The procedure and conditions for processing other confidential information
8.1. Other confidential information, in addition to personal data, posted by Users on the Site or obtained as a result of the actions of Users on the Site, is stored by the Administration only in electronic form on a cloud server and cannot be used by the Administration in any way.
8.2. Confidential information specified in clause 8.1. The policy is processed by the Administration from the moment of its posting until the moment of its deletion by all Users or the Deactivation of the Accounts of all Users who had access to such confidential information.
8.3. Deletion by all Users of confidential information using the Website Functional and Deactivation of the Accounts of all Users who have access to such confidential information results in the destruction of such confidential information, unless the legislation of the Russian Federation provides for the Administration’s duty to keep such confidential information for a certain period. In this case, the confidential information is deleted at the end of the statutory period.
9. Measures to ensure the security of personal data and other confidential information
9.1. The administration in the processing of personal data takes all the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data .
9.2. Access to personal data and other confidential information stored on the Website is provided only after the User has been authorized (the introduction of the User Login and Password).
9.3. The Administration provides access to the personal data of the User only to those employees of the Administration who need this information to ensure the functioning of the Site and to provide the User with access to its use. These persons are warned about the responsibility for the accidental or deliberate disclosure or unauthorized use of confidential information.
9.4. The administration also implements the following technical measures to ensure the safety and security of confidential information:
9.4.1. Confidential information is transmitted over a secure channel — a secure HTTPS protocol using a non-revoked certificate with a key of at least 256 bits, a protocol version not lower than TLS 1.2;
9.4.2. In order to protect against DDoS attacks, a restriction has been introduced on the number of requests per second received both from a separate IP address, from a specific subnet, and in general to the Site;
9.4.3. Data is encrypted using cryptographic algorithms;
9.4.4. Implemented active password brute force protection;
9.4.5. Means of protection against potentially malicious programs are used;
9.4.6. Do-Not-Track browser directive is taken into account;
9.4.7. Access restrictions are set depending on the roles of the Users at the web server level;
9.4.8. Installed prohibiting indexing directives in the robots.txt file;
9.4.9. Multi-level software and hardware access control systems have been installed that require additional authorization for employees who have access to the personal data of the Users.
9.5. The administration monitors the measures taken to ensure the security of personal data and the level of security of personal data information systems and takes other necessary measures to ensure security.
10. Update, correction, deletion of personal data, responses to requests from subjects for access to personal data
10.1. Registered User independently updates, corrects and deletes his personal data using his personal account.
10.2. An unregistered User and a third party whose personal data are processed by the Administration are entitled to request updating, correction and deletion of their personal data by sending a request to e-mail info@goodwix.com.
10.3. Any person has the right to contact the Administration with a request regarding the processing of their personal data by sending a message to the e-mail info@goodwix.com.
10.4. The request received in accordance with this section of the Policy should be considered by the Administration within 10 days and be completed with the response sent to the User by e-mail, from which the request was received from the User.
10.5. Personal data and other information about the person who sent the request in accordance with this section of the Policy can not be used without his consent otherwise than to answer on the subject of the request received or in cases expressly provided by law.
11. Final provisions
11.1. This Policy is intended for posting on goodwix.com. The current version of the Policy is permanently located at: https://goodwix.com/en/privacy-policy/.
11.2. The administration undertakes to ensure the confidentiality of personal data and other confidential information collected through the use of goodwix.com.
11.3. The Administration reserves the right to make changes to the Policy unilaterally with the notification of registered Users. The new edition comes into force from the moment of its publication at the address specified in clause 11.1.
11.4. By virtue of clause 2 of part 2 of article 22 of this law, the Administration has the right to process personal data without notifying the authorized body to protect the rights of personal data subjects.