Privacy policy

1. General Provisions

1.1. This document defines the policy of FitoLux LLC (OGRN 1201600072882) (hereinafter referred to as the Operator) regarding the processing of personal data (hereinafter referred to as the Privacy Policy, the Policy).

1.2. The Operator operates at the address: 420107, Russia, Republic of Tatarstan, Kazan, ul. Khadi Taktasha, 1.

Legal address of the Operator: 420074, Russia, Republic of Tatarstan, Kazan, ul. Ostrovskogo, 102.

1.3. From the moment of providing the Operator with their personal data, individuals become subjects of personal data. Subjects of personal data enter into relationships with the Operator solely of their own free will and initiative.

1.4. The Operator’s Policy has been developed in accordance with the provisions of the Constitution of the Russian Federation, the Federal Law of July 27, 2006. N 149-FZ “On Information, Information Technologies and Information Protection”, Federal Law of July 27, 2006 N 152-FZ “On Personal Data” (hereinafter referred to as the Federal Law) and other regulatory legal acts and applies to all information that the Operator located at the domain name fitolooks.com can receive about the User during the latter’s use of the Operator’s website, its programs and its products.

1.5. The Operator protects personal data and takes appropriate measures to protect the received personal data from personal data subjects in accordance with the current legislation of the Russian Federation.

1.6. The Policy has been developed in order to implement the requirements of the legislation on personal data and applies to all actions and operations performed by the Operator with the personal data of personal data subjects, including, but not limited to: personal data received from visitors and registered users of the website in the information and telecommunications network Internet at https://fitolooks.com/ (hereinafter referred to as the Website, the Operator’s website); personal data received from visitors and users of the Operator’s website, the terms of use of which refer to this Policy; personal data of the Operator’s counterparties (clients), received by the Operator within the framework of its activities, as well as personal data of other persons specified in Section 6 of this Policy (hereinafter referred to as personal data subjects).

1.7. The Policy establishes the purposes of processing personal data, personal data subjects, determines the procedure and conditions for processing personal data, measures to ensure the security of personal data in relation to information that the Operator may receive from personal data subjects, including from visitors and users (hereinafter referred to as the User) during the use of the Site.

1.8. In accordance with this Policy, the Operator processes personal data both with and without the use of automation tools. The processing of personal data cannot be carried out by the Operator or its employees for the purpose of causing property and moral harm to personal data subjects, hindering the exercise of their rights and freedoms. The processing of personal data must be carried out until the achievement of legitimate, specific and predetermined purposes, and must be carried out with respect to those personal data and only to the extent that meet the purposes of processing.

1.9. The Operator does not disclose to third parties or distribute personal data without the consent of the Personal Data Subject (unless otherwise provided by the federal law of the Russian Federation).

1.10. In cases where the Operator entrusts the processing of personal data to other persons, they comply with all the requirements of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” provided for entrusting the processing of personal data to third parties.

1.11. The provisions of this Policy are the basis for organizing work on the processing of personal data by the Operator, including the development of internal regulatory documents governing the process of processing personal data by the Operator and are mandatory for all employees of the Operator.

1.12. Using the Site and/or providing the Operator with your personal data means the User’s unconditional consent to this Policy and the terms of personal data processing. In case of disagreement (in whole or in part) with the terms of the Policy, the User must stop using the Site.

1.13. The Site may contain hyperlinks to other websites provided by third parties. The Operator does not control third-party websites or information posted on third-party websites. The Operator is not responsible for the protection and confidentiality of any information provided by the subject of personal data on third-party websites after he/she has left the Operator’s site, including via links available on the Operator’s site.

1.14. The Operator receives personal data directly provided by the User. Transfer of personal data by the User to the Operator via web data collection forms (registration, application, feedback form, subscription, etc.) means the User’s consent to the transfer of his personal data.

1.15. The Operator does not check the accuracy of the personal data provided. All information provided by the User that allows him to be directly or indirectly identified is considered by the Operator as correct personal data.

1.16. The User confirms that all the data provided by him belongs to him personally and that if the information provided by the User concerns other persons, he confirms that he transfers personal data with the consent of these persons to the Operator on the basis of Part 8 of Art. 9, Clause 5 of Part 1 of Art. 6 of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data”.

1.17. The Operator uses “cookies” technology to create statistical reports. When the User visits the Site, the Operator uses cookies to determine which pages the User visited, what was loaded, the domain name of the User’s Internet provider, the country and the selected transitions from one page to another, as well as the addresses of third-party websites from which the transition to the Portal was made.

The information contained in the cookies is not personal data, since it does not contain the User’s email address or any personal data about the User.

1.18. The server on which the personal data of Users is stored is located in the data center https://beget.com/ on the territory of the Russian Federation at the address: pl. Karla Faberge, 8B, St. Petersburg, 195112

1.19. In case of questions regarding this Policy, the User can contact the person responsible for organizing the processing of personal data by sending an email to the email address order@fitolooks.com with the subject line “Request for personal data” or to the address: order@fitolooks.com .

1.20. All issues not regulated by this Personal Data Processing Policy are governed by the legislation of the Russian Federation.

1.21. The Operator undertakes to comply with the norms of the legislation of the Russian Federation in the field of protection and processing of personal data.

2. Definition of Terms

2.1 The following terms are used in this Privacy Policy:
2.1.1. “Website Administration” (hereinafter referred to as the Administration) – employees authorized to manage the Operator’s website, who organize and (or) carry out the processing of personal data, and also determine the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.

2.1.2. “Personal data” – any information related to a directly or indirectly determined or determinable individual (subject of personal data).

2.1.3. Subject of personal data is an individual who is directly or indirectly identified using personal data, in relation to whom personal data is processed.

For the purposes of this Policy, subjects of personal data include individuals acting on their own behalf, as well as individuals who are representatives of legal entities, individual entrepreneurs, authorized to act on behalf of such legal entities on the basis of a charter, power of attorney, employment contract, civil law contract or on other grounds. Authorized representatives of legal entities and individual entrepreneurs include persons who have accessed accounts on the Site using the login and password assigned to the relevant legal entity/individual entrepreneur within the framework of the contract/agreement concluded with the Operator for the provision of Services/provision of the Service/sale (realization) of Products (Goods).

2.1.4. “The FitoLux LLC website is a collection of interconnected web pages located on the Internet at a unique address (URL): fitolooks.com.

2.1.5. Using the Website – any actions by the personal data subject to gain access to the Website or its individual parts, functions, interfaces both with and without authentication data (login and password); reproduction, distribution, communication to the public, transmission by cable and on air, import, rental, public performance, translation and other processing of materials, information (in full or in part) posted on the Website; any other methods of use, regardless of whether the relevant actions are performed for profit or without such purpose.

2.1.6. “User of the FitoLux LLC website (hereinafter referred to as the User) is a person who has access to and uses the FitoLux LLC website via the Internet, and uses the information, materials and products of the FitoLux LLC website

2.1.7. “Confidentiality of personal data” is a requirement that the Operator or another person who has gained access to personal data must comply with to prevent their dissemination without the consent of the subject of personal data or the presence of another legal basis.

2.1.8. “Cookies” is a small piece of data sent by the web server by faith and stored on the user’s computer, which the web client or web browser sends to the web server in an HTTP request each time an attempt is made to open a page of the corresponding site.

2.1.9. “IP address” — a unique network address of a node in a computer network through which the User gains access to the site.

2.1.10. “Personal data processing” — any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.1.11. Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;

2.1.12. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;

2.1.13. Depersonalization of personal data — actions as a result of which it becomes impossible to determine the ownership of personal data by a specific personal data subject without the use of additional information.

2.1.14. Blocking — temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data);

2.1.15. Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible personal data carriers are destroyed.

2.1.16. Protection of personal data — a set of technical, organizational and organizational-technical measures aimed at protecting information related to a specific or determinable personal data subject on the basis of such information.

2.1.17. Account – a record containing information necessary for identification of an individual, including in an online store, as well as information for authorization and accounting.

2.1.18. Personal data operator (Operator) – a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, and also determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data. Within the framework of the provisions of this Policy, FitoLux LLC acts as the Personal Data Operator.

2.1.19. Biometric personal data – information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which are used by the operator to establish the identity of the subject of personal data.

2.1.20. The Operator’s Partners are legal entities and individual entrepreneurs acting on their own behalf or on behalf of the Operator and promoting the Operator’s Services on the basis of concluded agency agreements, agreements for the provision of services for attracting clients and other agreements.

2.1.21. The Online Store is a set of information resources administered by the Operator and/or attracted third parties in compliance with the legislation of the Russian Federation, including the Internet site with the Internet address https://fitolooks.com/, which presents the products offered by the Site Administration to its Clients for placing Orders, as well as the terms of sale, payment and delivery of these Orders to Clients and the terms of return, when permissible in accordance with the legislation of the Russian Federation.

2.1.22. Order – a request placed by the Client and confirmed by the Site Administration in accordance with the Rules for the sale of goods in the online store of FitoLux LLC (https://fitolooks.com/katalog) for the delivery of a list of Goods selected in the Online Store.

An order may be placed both for the purpose of concluding a retail sale and purchase agreement and for the exchange or replacement of Goods under a previously concluded agreement in cases stipulated by the legislation of the Russian Federation.

2.1.23. Service – an activity, the results of which do not have a material expression, are implemented and consumed in the process of carrying out this activity. In relation to the Operator’s activities, “Services” shall mean services described, in particular, at the links: https://fitolooks.com/obuchenie/dlya-parikmaherov/kurs-esteticheskaya-trihologiya-uroven-i.html, provided by the Operator on the basis of a civil law contract with the Client, as well as services provided by the Operator during the period of demo access to such services.

2.1.24. Products (Goods) – an object of the material world that has not been withdrawn from civil circulation and presented for sale by the Operator, including on the Site. The subject of purchase and sale may only be Goods available in availability, i.e. Products for which the “Add to Cart” button is active.

2.1.25. Client – a term used when referring jointly to a corporate client and a retail client.

Retail client – an individual who has entered into an agreement with the Operator, including by joining the terms of a public agreement, and whose personal data has been transferred to the Operator.

Corporate client – a legal entity, an individual entrepreneur, as well as an individual engaged in private practice in accordance with the procedure established by the legislation of the Russian Federation, who has entered into or intends to enter into an agreement with the Operator.

2.1.26. Employee – an individual who has entered into an employment contract with the Operator.

3. Subject of the privacy policy

3.1. Personal data permitted for processing within the framework of this Privacy Policy are provided by the User by providing information to the Operator, including by filling in the data on the Operator’s website and include the following information:

3.1.1. last name, first name, patronymic (indicated together or separately);

3.1.2. contact telephone number;

3.1.3. e-mail address;

3.1.4. date and place of birth;

3.1.5. passport details (passport series and number, by whom and when the passport was issued) or other identity document;

3.1.6. gender, citizenship;

3.1.7. place of residence (actual residence);

3.1.8. address of the place of registration (temporary stay);

3.1.9. information about education;

3.1.10. information about receiving additional professional education, completing courses;

3.1.11. position held;

3.1.12. details of the work book, insert to the work book;

3.1.13. details of the document confirming registration in the individual (personalized) accounting system, including in the form of an electronic document (SNILS number);

3.1.14. taxpayer identification number (TIN);

3.1.15. details of the certificate of change of surname (if any);

3.1.16. account number and information on payment documents;

3.1.17. information on awards, other incentives and distinctions;

3.1.18. information on disciplinary sanctions;

3.1.19. information contained in the materials of official investigations;

3.1.20. information on marital status;

3.1.21. information on close relatives, in-laws;

3.1.22. information on health status;

3.1.23. photos, videos;

3.1.24. reviews, including photo and video reviews;

3.1.25. training certificate number;

3.1.26. place of professional activity and/or name of the salon/store;

3.1.27. delivery address;

3.1.28. loyalty card number;

3.1.29. other information provided by the Client in paper questionnaires, questionnaires on the website, when communicating with the Operator and in other sources.

3.2. The Operator’s website protects data that is automatically transmitted when visiting pages:

— IP address;

— information from cookies;

— browser information;

— access time;

— referrer (address of the previous page).

3.2.1. Disabling cookies may result in the inability to access parts of the Operator’s website that require authorization.

3.2.2. The Operator’s website collects statistics on the IP addresses of its visitors. This information is used to prevent, detect and solve technical problems.

3.3. Any other personal information not specified above (browsing history, browsers used, operating systems, etc.) is subject to secure storage and non-dissemination, except for cases provided for in paragraph 5.1. of this Privacy Policy.

4. Purposes of collecting personal information

4.1. Identification of the User registered on the Operator’s website for his/her subsequent authorization.

4.2. Providing the User with access to personalized data of the Operator’s website.

4.3. Establishing feedback with the User, including sending notifications, requests regarding the use of the Operator’s website, processing requests and applications from the User.

4.4. Determining the location of the User to ensure security, prevent fraud.

4.5. Confirmation of the authenticity and completeness of personal data provided by the User.

4.6. Creating an account to use parts of the Operator’s website, if the User has consented to the account creation.

4.7. Notifying the User by email.

4.8. Providing the User with effective technical support in the event of problems related to the use of the Operator’s website.

4.9. Providing the User with his consent with special offers, newsletters and other information on behalf of the Operator’s website.

4.10. Conclusion, execution and termination of civil law contracts, including the provision of educational services, retail sale and purchase, including remotely in the online store of FitoLux LLC on the official website https://fitolooks.com/

4.11. Informing users of the site about persons using and selling the Operator’s products when providing services or selling products.

4.12. Advertising the Operator’s services and products.

4.13. Compliance with the legality of personal data processing.

4.14. Implementation and performance of the functions, powers and duties imposed on the Operator by the legislation of the Russian Federation, in particular:

4.14.1. compliance with the requirements of the legislation in the field of labor and taxation;

4.14.2. maintaining current accounting and tax records, forming, producing and timely submitting accounting, tax and statistical reports;

4.14.3. filling out primary statistical documentation in accordance with labor, tax legislation and other federal laws;

4.14.4. maintaining personnel work and organizing the accounting of the Operator’s employees;

4.14.5. regulation of labor and other relations directly related to them;

4.14.6. attracting and selecting job seekers for the Operator and recording them in the personnel reserve;

4.14.7. compliance with the requirements of the legislation on determining the procedure for processing and protecting the personal data of citizens who are employees, clients or contractors of the Operator;

4.14.8. exercising the rights and legitimate interests of the Operator within the framework of the activities stipulated by the Charter and other local regulatory acts of the Operator, or third parties, or achieving socially significant goals, including:

4.14.8.1. for the purposes of organizing and conducting the Operator’s loyalty programs, marketing and/or advertising campaigns, research, surveys;

4.14.8.2. promoting the services and/or goods of the Operator and/or the Operator’s partners on the market by implementing direct contacts with the Operator’s clients using various means of communication, including, but not limited to: by telephone using special messaging programs, SMS – sending messages, by e-mail, mailing list and other methods not prohibited by law.

4.15. Provision of information on issued certificates of completion of training (educational programs).

4.16. Carrying out administrative and economic activities by the Operator.

4.17. For other lawful purposes.

5. Methods of processing personal information

5.1. The User’s personal data may be transferred to authorized state authorities of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.

5.2. In the event of loss or disclosure of personal data, the Administration has the right not to inform the User about the loss or disclosure of personal data.

5.3. The Administration takes the necessary organizational and technical measures to protect the User’s personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

5.4. The Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s personal data.

5.5. The processing of personal data, including biometric personal data, is carried out by the operator in accordance with the requirements for the protection of personal data established in accordance with the Law on Personal Data.

6. Subjects of personal data. Terms of processing personal data.

6.1. The Operator, in order to properly fulfill its duties as an Operator, processes the personal data of the following subjects of personal data necessary for the proper fulfillment of contractual obligations:

6.1.1. Applicants for vacant positions – in the composition and within the timeframes necessary for the Operator to make a decision on hiring or refusing to hire, with the consent of the subjects of personal data, as well as for the formation of a personnel reserve with the consent of the subjects of personal data.

6.1.2. Employees who are or were in employment relationships with the Operator – in the composition and within the timeframes necessary to achieve the goals stipulated by the legislation of the Russian Federation, to implement and perform the functions, powers and duties imposed by the legislation of the Russian Federation, to form a personnel reserve with the consent of the subjects of personal data, as well as to conclude and execute an agreement to which the subject of personal data is a party, beneficiary or guarantor.

6.1.3. Relatives of the Operator’s employees – in the composition and within the timeframes necessary to implement and perform the functions, powers and duties imposed by the legislation of the Russian Federation, to exercise the rights and legitimate interests of the Operator.

6.1.4. Representatives of the Operator’s clients – in the composition and within the timeframes necessary to interact with clients with the consent of the subjects of personal data.

6.1.5. Persons receiving income but not in employment relationships with the Operator, in the composition and within the timeframes necessary to achieve the goals stipulated by the legislation of the Russian Federation, to implement and perform the duties imposed by the legislation of the Russian Federation and functions, powers and responsibilities.

6.1.6. Potential and existing Clients — in the composition and within the timeframes necessary for interaction with potential and existing clients, with the consent of the personal data subjects.

6.1.7. Persons who left reviews of the Operator’s services and products — in the composition and within the timeframes necessary for the implementation of the interaction goals.

6.1.8. Persons who intend to conclude or have concluded a civil law contract with the Operator.

6.1.9. Persons whose personal data they have made publicly available, and their processing does not violate their rights and complies with the requirements established by the legislation on personal data.

6.1.10. Other persons in contractual relations with the Operator — in the composition and within the timeframes necessary for the implementation of the interaction goals.

6.2. The terms of personal data processing are determined taking into account the established purposes of personal data processing, the terms of agreements with personal data subjects and the consents of personal data subjects to the processing of their personal data, as well as the terms determined by regulatory legal acts of the Russian Federation.

6.3. The processing of the User’s personal data is carried out without time limitation, in any legal way, including in personal data information systems with or without the use of automation tools.

6.4. The validity period of the consent of the personal data subject to the processing of his personal data is determined by the moment the Operator receives from the personal data subject a written notice of the personal data subject’s revocation of his consent to the processing of personal data.

7. Rights and obligations of the parties

7.1. The User has the right to:

7.1.1. make a free decision on the provision of his personal data necessary for using the Operator’s website and give consent to their processing;

7.1.2. update, supplement the provided information on personal data in the event of a change in this information;

7.1.3. receive information from the Website Administration concerning; processing of his personal data, unless such right is limited by federal law; legal grounds and purposes of processing personal data; purposes and methods of processing personal data used by the operator; other information stipulated by the law on personal data or other federal laws;

7.1.4. demand that the Site Administration clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect his rights. To do this, it is sufficient to notify the Administration at the e-mail address specified in paragraph 1.19 of this Policy.

7.2. The User is obliged to:

— provide updated personal data (including an updated telephone number and e-mail address) in the event of their change by contacting the Operator or sending it to the e-mail address specified in paragraph 1.19. of the Policy or changing data through the personal account on the site.

7.3. The Site Administration is obliged to:

7.3.1. Use the information received solely for the purposes specified in paragraph 4 of this Policy.

7.3.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and not sell, exchange, publish, or disclose in any other possible way the transferred personal data of the User, with the exception of paragraph 5.1. of this Policy.

7.3.3. Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure usually used to protect such information in existing business practices.

7.3.4. Block the personal data related to the relevant User from the moment of the User’s request or appeal, or of his legal representative or authorized body for the protection of the rights of personal data subjects for the verification period, in the event of detection of inaccurate personal data or illegal actions.

8. Liability of the Parties

8.1. The Site Administration that has failed to fulfill its obligations shall be liable for damages incurred by the User in connection with the illegal use of personal data, in accordance with the legislation of the Russian Federation, except for cases provided for in paragraph 5.1. of this Policy.

8.2. In the event of loss or disclosure of confidential information, the Site Administration shall not be liable if this confidential information:

8.2.1. Has become publicly known prior to its loss or disclosure.

8.2.2. Was received from a third party prior to its receipt by the Site Administration.

8.2.3. Was disclosed with the consent of the User.

8.3. The User shall be fully responsible for compliance with the requirements of the legislation of the Russian Federation, including laws on advertising, on the protection of copyright and other rights, protection of trademarks and service marks, but not limited to the above, including full responsibility for the content and form of materials posted on the Site or provided to the Operator.

8.4. The User acknowledges that responsibility for any information (including, but not limited to: data files, texts, etc.), to which he may have access as part of the Operator’s site, is borne by the person who provided such information.

8.5. The User agrees that the information provided to him as part of the Operator’s site may be an object of intellectual property, the rights to which are protected and belong to other Users, partners or advertisers who post such information on the Operator’s site.

8.6. With regard to text materials (articles, publications, freely available to the public on the Operator’s site), their distribution is permitted, provided that a link to the Operator’s Site is given.

8.7. The Site Administration shall not be liable to the User for any loss or damage incurred by the User as a result of the deletion, failure or inability to save communication data contained on the Operator’s site or transmitted through it.

8.8. The Site Administration shall not be liable for any direct or indirect damages resulting from: the use or inability to use the Site or individual services; unauthorized access to the User’s communications; statements or behavior of any third party on the site.

8.9. The Site Administration shall not be liable for any information posted by the User on the Operator’s site, including, but not limited to: information protected by copyright, without the express consent of the copyright owner.

8. Dispute Resolution

8.1. Before filing a claim in court regarding disputes arising from the relationship between the User and the Site Administration, it is mandatory to file a claim (a written proposal or an electronic proposal for a voluntary settlement of the dispute).

8.2. The recipient of the claim shall, within 30 calendar days from the date of its receipt, notify the claimant in writing or electronically of the results of the claim review.

8.3. If no agreement/consent is reached, the dispute may be referred to the court.

8.4. The current legislation of the Russian Federation shall apply to this Policy and the relations between the User and the Site Administration.

9. Additional terms

9.1. The Operator shall take the necessary and sufficient organizational and technical measures to protect the personal information of the personal data subject from unauthorized/accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions by third parties, including.

9.2. The Operator has the right to make changes to this Policy without the consent of the User.

9.3. The new Policy shall enter into force from the moment it is posted on the Operator’s website, unless otherwise provided by the new version of the Policy.

9.4. Any suggestions or questions regarding this Policy should be sent to: order@fitolooks.com

9.5. The current Policy is publicly available and is posted on the page at fitolooks.com/politika-konfidencialnosti.

9.6. This Policy and the relationship between the personal data subject and the Operator arising in connection with the application of the Policy are subject to the law of the Russian Federation.