1. GENERAL PROVISIONS
1.2. The Visitor shall send their preliminary orders for the Product to the Processor (a formal offer request) as follows:
1.2.1. The Visitor shall fill in the form in the window popping up at the Site page about the Product chosen by the Visitor after pressing the buttons “Add to cart” → “View cart” → “Proceed to check-in” → “Confirm order” or “Pay” (or similar buttons);
1.2.2. The Visitor shall dial the number provided at the Site and provide to the Processor the data necessary to make the Agreement;
1.2.3. The Visitor shall register an account at the Site («Account») by filling in the form at the Registration page and press the Registration button, or check in the Create account field when sending a preliminary order, and by doing so, the Visitor accepts this Policy and gives their consent to personal data processing as provided herein. On all occasions, the Policy is considered accepted by the Visitor not later than he or she accepts the Terms.
1.3. Personal data of Visitors shall be collected as follows:
1.3.1. through the Site and/or
1.3.2. by telephone (during communication with the Processor’s representatives);
1.3.3. by email.
1.4. The Processor shall process personal data for the purposes of making or fulfilling the Agreement, the Visitor being a party (a beneficiary) of it, as well as the Terms that become a part of the Agreement at the moment indicated therein, or other agreements made by the Processor and the Visitor. The text of the Terms is posted at the Site page, which can be accessed by any person through the following link: [https://kira.boutique/en/sales-terms-en]. The Visitor can agree to the Terms and enter the Agreement as indicated in the Terms.
1.5. As the Visitor’s personal data are processed with the purpose of making and fulfilling the Agreement and other agreements made which the Visitor is a party of, the latter’s agreement for such procession isn’t required.
1.5.1. Accepting the Terms and the Policy, the Visitor at the same time gives the Processor a permission to process the Visitor’s personal data indicated in Clause 3.2 of the Policy for the purpose of promotion of goods, works and services offered by the Processor by direct approach to the Visitor by communication means, including by mail and telephone, SMS messages, mobile messengers, email, etc.).
1.6. The personal data of the Visitors are processed by the Processor for the purpose of fulfilling the obligations emerging due to making, performance, modification and termination of the Agreement, including in particular for the following purposes:
1.6.1. Identification of the Visitor, sending by the Visitor and obtaining by the Processor of the preliminary order for the Product;
1.6.2. Message communication with the Visitor during negotiation about making of the Agreement, approval of the conditions of the Agreement, as well as making, specifying and modification of the preliminary order;
1.6.3. Provision of complete and accurate information about the Products from the Processor to the Visitor;
1.6.4. Acceptance of payment for the Product by non-cash resources and electronic payment means, identification of the Visitor as a proper payer;
1.6.5. Delivery of the Product to the place agreed between the Processor and the Visitor, handing the Product over to the Visitor, identification of the receiver of the Product as a proper receiver;
1.6.6. Proper execution of procedures for return/exchange of the Product, return of the money paid for the Product being returned/exchanged, delivery of the Product being returned/exchanged to the place agreed between the Processor and the Visitor;
1.6.7. Proper performance of procedures to eliminate defects of the Product, reduction of the price of the purchased Product, repayment of the Visitor’s expenses in regard to elimination of defects, replacement of the Product with a similar product and the required recalculation of the purchase price;
1.6.8. Proper performance of procedures for warranty maintenance/repair of the Product;
1.6.9. Message communication with the Visitor for the above-listed purposes;
1.6.10. Collection, procession and analysis of impersonal statistic information related to use of the Site, including for making marketing studies and for selling products, works or services;
1.6.11. Provision of the Site’s functionality to the Visitor;
1.6.12. Location or distribution of targeted, search, banner and other kinds of advertising;
1.6.13. Correction, modification, enhancement and update of the Site functionality.
1.7. If in accordance with the law procession of some personal data types is allowed only if approved by the personal data owner in writing, the Processor will process such personal data of the Visitor on the grounds of the Visitor’s separate written approval and in accordance with legal requirements.
1.8. Personal data of the Visitor made public by the Visitor or on their request are processed without the Visitor’s approval as regards to such personal data unless the other is required by RF law and if there are no other legal grounds for procession of the Visitor’s personal data.
1.9. The Processor grants access to this Policy to the public at large through internet, posting it at the Site page that can be accessed by any person through the link: [https://kira.boutique/en/privacy-policy-en].
1.10. The Processor is entitled at their own discretion to change this Policy. In this case the new version of the Policy will be posted at the Site and come into effect right after posting.
1.11. If after accepting the Policy the Visitor comes up with some objections as regards to its provisions or changes, they should immediately inform the Processor about it by phone, by message communication with the Processor through the Site/ by the Processor’s email, as provided at the Site. The above-said objections of the Visitor are qualified as their refusal of the Terms and the Agreement, which comes into effect as soon as it’s obtained by the Processor. The conditions of this subclause don’t prevent the Visitor from reaccepting the terms of the Policy and entering this Agreement as a party / a beneficiary.
2. PRINCIPLES OF PERSONAL DATA PROCESSION
2.1. Personal data of the Visitor are processed by the Processor on legal and fair grounds.
2.2. Procession of the Visitor’s personal data is limited by achieving the purposes provided in subclause 1.6 of the Policy. The Processor doesn’t process personal data as inconsistent with the purposes of the Visitor’s personal data collection.
2.3. The Processor doesn’t consolidate data bases that contain personal data in case these are processed for purposes inconsistent.
2.4. The Processor processes only the Visitor’s personal data that comply with their procession purposes.
2.5. Content and scope of personal data processed by the Processor comply with the declared procession purposes. The Processor doesn’t process data that are excessive as regards to the declared purposes of the Visitor’s personal data procession.
2.6. During the Visitor’s personal data procession the Processor ensures their accuracy, sufficiency, and if necessary – their applicability as regards to purposes of personal data procession. The Processor uses reasonable efforts (or ensures their use) to remove or to specify incomplete or inaccurate data of the Visitor.
2.7. The Processor stores personal data in a way that allows for identifying the personal data owner within the timelines determined by Clause 8.1 of the Policy.
2.8. The Processor observes other principles of personal data procession, as provided by RF law or international law standards.
3. CONTENT OF THE PERSONAL DATA
3.1. The Visitor’s personal data include the information that the Visitor provides when making a preliminary order of the Product by means of the Site, as well as when the Processor and the Visitor coordinate conditions of the Agreement, the data provided by the Visitor during electronic communication with the Processor required for performance of the Agreement, as well as during registration of the Account, and other data that facilitate direct or indirect identification of the Visitor, which the Visitor submits when using the Site functionality or during electronic communication with the Processor.
3.2. Personal data of the Visitor that can be processed and transmitted by the Processor include, in particular:
3.2.1. the Visitor’s full name;
3.2.2. phone number;
3.2.3. date of birth;
3.2.4. address of permanent or temporary residence;
3.2.5. e-mail address;
3.2.6. number of identifying document;
3.2.7. payment data (number of credit/debit card, number of account, details of e-wallet).
3.3. Personal data field that the Visitor must fill in to proceed are specially marked in the forms used for registration, feedback, order of Products and other similar forms that the Visitor is granted access to when they register their accounts, place preliminary orders or use functionality of the Site. The Visitor is entitled to submit other data at will.
3.4. In case the Visitor shall provide to the Processor personal data of a third person, the Visitor must get such third person’s permission and bring the Policy to their attention. The Visitor providing the third person’s personal data to the Processor implies that the Visitor has obtained such third person’s approval and brought the Policy to their attention.
4. OTHER DATA PROCESSED
4.1. Besides the personal data of the Visitor, the Processor processes the following data:
4.1.1. Standard data, including the ones obtained by http-server when the Site is approached and when the Visitor takes further action, including IP-address of the host, OS type used, and the screen (page) of the Site visited by the Visitor.
4.1.2. Data fragments automatically sent to the Processor and used to store data on the Visitor’s side (cookie-files and similar).
4.1.3. Information obtained through the Visitor’s actions at the Site.
5. PERSONAL DATA ACCESS
5.1. The Visitor agrees that the Processor with the view to fulfil their obligations and rights arising from the Terms and the Agreement or in regard to its making, as well as other documents accepted by the Processor, and RF statutory regulations, has access to all and any data provided by the Visitor to the Processor through the Site or during message communication with the Processor, including the Visitor’s personal data.
5.2. The Processor takes managerial and technical efforts required and sufficient for protection of the Visitor’s personal data from unauthorized or occasional access, deletion, modification, locking, copying, distribution, as well as other unauthorized actions of third parties as regard to such data.
5.3. The Processor is entitled to freely use impersonal statistic data associated with use of the Site by the Visitor and the Site functioning, and in particular, they are entitled to pass such information over to third parties.
5.4. Persons that aren’t employees and representatives of the Processor have no access to personal data of the Visitor but for personal data that the Visitor has made public.
6. PERSONAL DATA DISCLOSURE
6.1. The Visitor’s personal data aren’t disclosed to third parties but for the cases provided by terms of the Policy or the law.
6.2. To accomplish the objective of making or fulfilling the Terms, the Agreement or some other agreement between the Visitor and the Processor, where the Visitor is a party or a beneficiary, the Visitor agrees to their personal data procession, including their disclosure to third parties, chosen by the Processor as directed by the Visitor.
6.3. Any third parties that the Processor discloses personal data to in the cases and on the grounds determined by the Policy must undertake the obligations for keeping such data obtained confidential.
7. PERSONAL DATA MODIFICATION AND DELETION
7.1. The Visitor undertakes to provide true personal data and keep it actual. Personal data that the Visitor provides to the Processor through the Site or during message communication is presumed to be true and updated. In case the Processor has reasons to believe that personal data provided by the Visitor isn’t accurate, sufficient and updated, the Processor is entitled to send the Visitor a request asking to specify, update or extend the personal data provided before. Risks associated with the Visitor’s provision of false or inaccurate data or for non-providing an answer to the Processor’s inquiry rest with the Visitor.
7.2. At any time prior to making the Agreement the Visitor is entitled to change personal data provided to the Processor by sending the Processor a corresponding message. The Visitor understands that modifying personal data relevant for performance of the Agreement during its performance may cause the Processor to undertake additional expenses that may be charged from the Visitor.
7.3. At any time the Visitor is entitled to withdraw their consent for procession of the part of personal data provided in the Policy by sending the Processor a written notification providing that such withdrawal doesn’t reduce the scope of such data below the minimal limit required to make, perform, modify and terminate the Agreement.
The Visitor is entitled withdraw their consent for personal data procession by sending a written registered letter to: 191025, St. Petersburg, Nevsky Prospect 55, letter A, office 335.
7.4. The Visitor’s withdrawal of their consent for procession of all the personal data provided to the Processor before or withdrawal of a part of such personal data that makes formation, performance, modification and termination of the Agreement impossible, is qualified as the Visitor’s rejection of the Agreement.
7.5. Personal data shall be deleted in the following cases:
7.5.1. If the Visitor provides excessive personal data as regards to the purpose of making or performance of the Agreement or another agreement made by the Visitor and the Processor (including if the Visitor sends personal data containing information about their health, religious commitments or intimate life, but not limited to the above-said categories), such data will be deleted within 24 (twenty four) hours.
7.5.2. If the Visitor or another person in any way sends any kind of personal data to the Processor that isn’t associated with making or performing the Agreement or another agreement, such data will be deleted within 24 (twenty four) hours.
8. PERIOD FOR PERSONAL DATA STORAGE
8.1. The period for the Visitor’s personal data procession, including their storage, consists of the effective period of the Agreement between the Processor and the Visitor, its separate provisions or obligations arising from it, or 3 (three) years after its expiration or the effective period of such separate provisions or obligations.
8.2. In case RF law provides another period for storage of some categories of the Visitor’s personal data that objects this Policy, the period provided by the law shall prevail.
9. FINAL PROVISIONS
9.1. Visitors are entitled to send their inquiries, offers and feedback in regard to this policy by email: firstname.lastname@example.org.
9.2. This is the first edition of the Policy which comes into effect right after it is posted at the site.
This Policy was published at the Site on October 25, 2018.