APPROVED
by the order of the General Director
of Subscriptions Club Limited Liability Company
No. 4 dated September 6, 2021


PRIVACY POLICY

of Subscriptions Club Limited Liability Company


1. TERMS AND DEFINITIONS

Automated personal data processing - personal data processing with the use of computer technology;

Personal data blocking - temporary termination of the personal data processing (except for cases where processing is required to clarify personal data);

Personal data information system - a set of personal data contained in databases, information technologies and technical means that ensure their processing;

Non-automated processing personal data processing - personal data processing when use, rectification, distribution, destruction of personal data in relation to each of the subjects of personal data are carried out with direct participation of a person;

Personal data depersonalization - actions as a result of which it becomes impossible to attribute personal data to a specific subject of personal data without using additional information;

Personal data processing - any action (operation) or a set of actions (operations) performed with personal data with or without the use of automatization, including collection, recording, systematization, accumulation, storage, rectification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

Operator - state body, municipal body, legal entity or individual, independently or collectively organizing and (or) performing the personal data processing, as well as determining the purposes of personal data processing, the scope of personal data to be processed, actions (operations) performed with personal data;

Personal data - any information relating directly or indirectly to a specific individual (personal data subject);

Personal data sharing - actions aimed at disclosing personal data to a specific person / circle of persons;

Personal data dissemination - actions aimed at disclosing personal data to an indefinite range of persons;

Personal data destruction - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the physical media on which personal data is stored are destroyed.



2. GENERAL PROVISIONS

2.1. This document establishes the order of organization and work to ensure the security of personal data processed by Subscriptions Club Limited Liability Company (hereinafter referred to as the "Company"), as well as the processing goals and procedures, terms of storage, order of rectification and destruction of personal data in the information systems of the Company.

2.2. This Privacy Policy has been developed to ensure the protection of the rights and freedoms of citizens during personal data processing by the Company, as well as to establish the responsibility of employees of the Company who have access to personal data for failure to comply with the requirements for processing and protecting personal data (hereinafter referred to as "PD").


3. FUNDAMENTAL TERMS OF PD PROCESSING

3.1. Any of the information Subscriptions Club LLC collects from users may be used in one of the following ways:

  • We provide personalized offers for subscription services & information about subscription services to our customers. We process personal data as necessary to perform these services. In addition to storing and retrieving data, we carry out necessary processing to generate reports and insights of your interactions with subscription services to providers of subscription services as well as usage statistics information to you for your internal use
  • To personalize your experience. Your information helps us to better respond to your individual needs and provide to you the personalized offers
  • To improve our application. We continually strive to improve our application based on the information and feedback we receive from customers
  • To improve customer service. Your information helps us to more effectively respond to your customer service and support needs

3.2. Automated and non-automated PD processing shall be based on principles identified by law of the Russian Federation, and in particular:

  • the legality of the purposes and methods of PD processing;

  • compliance of the purposes of PD processing with the goals predetermined and declared when collecting PD;

  • correspondence of the volume and nature of the processed PD, methods of PD processing to the purposes of PD processing;

  • the reliability of PD, their sufficiency for the purposes of processing, inadmissibility of processing PD that is redundant in relation to the goals declared during the collection of PD;

  • inadmissibility of combining PD information systems databases for incompatible purposes;

  • destruction of PD after reaching the processing goals or in case of loss of the need to achieve them;

  • personal liability of employees of the PD Company for the safety and confidentiality of PD, as well as the carriers of this information;

  • availability of a clear authorization system for employees' access to documents and databases containing PD.

3.3. The Company has no right to receive and process the PD of subjects that contain information about racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, except when such PD is processed with the consent of the PD subject, with the exception of cases when Company is obliged to process such PD under the legislation of the Russian Federation.

3.4. The procedure for obtaining access to PD includes:

  • familiarization of employees of the Company with this Privacy Policy, as well as other documents regulating the processing and protection of PD in the Company.

  • requesting employees of the Company to provide a written commitment to this Privacy Policy to comply with the PD processing rules.

3.5. Access to PD is available to employees who directly use them for business purposes within the limits of their competence. In order to perform an assignment and subject to resolution of the General director (CEO) of the Company, access to PD may be granted to another worker, the position of which is not included in the list of posts of employees having access to PD.

3.6. Transfer (exchange, etc.) of PD is allowed between employees who have access to PD, between employees and operators of subscription services, as well as to companies that concluded a cooperation agreement with the Company on the basis of the consent of the PD subject.

3.7. Transfer of PD to state bodies is performed in accordance with the requirements of the current legislation and this Privacy Policy.

3.8. In case of dismissal of employee who has access to the PD, documents and PD storage devices are transferred to another employee, who has the access to PD as directed by head of respective business unit.

3.9. PD may be disclosed to relatives or family members of PD subject only subject to written permission of the PD subject, except for the cases when the transfer of PD without the consent of the subject is allowed under the legislation of the Russian Federation.

3.10. Responsibility for compliance with the above procedure for accessing PD is borne by the employee, as well as the head of the business unit allowing access to PD to third parties.

3.11. The employee responsible for organizing the processing and protection of PD is appointed, and a list of positions whose access to PD processing is necessary for the performance of their official duties is approved by the order of the General Director of the Company.

3.12. We do not sell, trade, or otherwise transfer your personal information except in accordance with this Privacy Policy. This does not include trusted third parties who assist us in operating our application or website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our application and website policies, or protect ours or others' rights, property, or safety. However, non-personally identifiable customer or visitor information may be provided to other parties for marketing, advertising, or other uses.

3.13. Subscriptions Club LLC takes meaningful precautions to protect and safeguard our users' information. Subscriptions Club LLC has put in place physical, electronic, and procedural safeguards to protect the information Subscriptions Club LLC collects and process.


3.1.1. Persons liable for violation of the rules governing the PD processing, may be brought to disciplinary, material, civil, administrative and criminal responsibility.



4. CATEGORIES OF PROCESSED PD

Subscriptions Club LLC never collects or shares potentially dangerous information and stand by our no-spam policy.
We collect information from you when you register in the application, make parsing of your emails or add your subscriptions in the application. Any data we request that is not required will be specified as voluntary or optional.

4. 1. Users of the service (application) SubU (individuals):

4.1.1. Method of PD processing: automated and non-automated.

4.1.2. Source of PD receipt: PD subject.

4.1.3. Basis for the PD processing: clause 5 of part 1 of Article 6 of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data" (PD processing is necessary for performance of contract concluded with or in favor of PD subject).

4.1.4. Purpose of PD processing: performance of the User Agreement published in the Application SubU and on the website https://subu.app/useragreement_eng

4.1.5. List of processed PD:

  • full name;

  • gender;

  • age;

  • e-mail address;

  • phone number;

  • details of the identity document;

  • residential address;

  • information about payment (bank) details.

4.1.6. The period of PD processing: before the termination of the User Agreement published in the on the website https://subu.app/useragreement_eng by PD subject.


4.2. Employees of the Company:

4.2.1. Method of PD processing: non-automated.

4.2.2. Source of PD receipt: PD subject.

4.2.3. Basis for the PD processing: parts 5,7 of Article 6 of the Federal Law No. 152-FZ "On Personal Data" (performance of employment contract, execution of the rights and performance of obligations of the employer).

4.2.4. Purpose of PD processing: performance of employment contracts with PD subjects.

4.2.5. List of processed PD:

  • full name;

  • date of birth;

  • place of birth;

  • citizenship;

  • information about education;

  • specialization, profession;

  • work experience;

  • family status;

  • family membership;

  • passport data;

  • actual address of the residence place;

  • registration address;

  • phone number;

  • information about military registration;

  • information about wages;

  • information about conviction records;

  • medical details;

  • information about payment (bank) details;

  • email address.

4.2.6. The term for processing PD: until the termination of the employment contract, regarding the storage of personnel documentation - until the expiration of the period for storing personnel documentation established by the current legislation


4.3. Individuals - counterparties under civil law contracts:

4.3.1. Method of PD processing: non-automated.

4.3.2. Source of PD receipt: PD subject.

4.3.3. Basis for the PD processing: parts 5,7 of Article 6 of the Federal Law No. 152-FZ "On Personal Data" (performance of civil contracts, realization of the rights and legitimate interests of the Company).

4.3.4. Purpose of PD processing: performance of civil contracts, realization of the rights and legitimate interests of the Company.

4.3.5. List of processed PD:

  • full name;

  • date of birth;

  • place of birth;

  • citizenship;

  • passport data;

  • actual address of the residence place;

  • registration address;

  • phone number;

  • information on remuneration in accordance with the terms of a civil contract;

  • information about payment (bank) details;

  • email address.

4.3.6. Term of PD processing: until the expiration of the term of the civil contract, regarding the storage of the contract and accounting documentation for the purposes of fulfilling the legislation on taxation and accounting - until the expiration of the storage period for the contract and accounting documentation established by the current legislation.


4.4. Individuals - representatives of counterparties:

4.4.1. Method of PD processing: non-automated.

4.4.2. Source of PD receipt: PD subject or an employer (principal) of subject of PD.

4.4.3. Basis for the PD processing: Part 7 of Article 6 of the Federal Law No. 152-FZ "On Personal Data" (implementation of the rights and legitimate interests of the Company).

4.4.4. Purpose of PD processing: performance of civil contracts, realization of the rights and legitimate interests of the Company.

4.4.5. Content of processed PD:

  • full name;

  • details of the identity document;

  • other information specified in the power of attorney.

4.4.6. Term of PD processing: until the expiration of the term of the civil contract, regarding the storage of the contract and accounting documentation for the purposes of fulfilling the legislation on taxation and accounting - until the expiration of the storage period for the contract and accounting documentation established by the current legislation.


4.5. Individuals - shareholders of the Company:

4.5.1. Method of PD processing: non-automated.

4.5.2. Source of PD receipt: PD subject.

4.5.3. Basis for the PD processing: parts 5,7 Article 6 of the Federal Law No. 152-FZ "On Personal Data" (performance of obligations imposed on Company under the legislation of the Russian Federation).

4.5.4. Purpose of PD processing: performance of duties assigned to the Company by the legislation of the Russian Federation, implementation of the rights and legitimate interests of the Company.

4.5.5. Content of processed PD:

  • full name;

  • details of the identity document;

  • registration address;

  • contact details;

  • payment details;

  • other information under the requirements of the legislation of the Russian Federation.

4.5.6. The term for PD processing: until the moment of winding up of the Company.


4.6. Individuals - applicants for filling vacant positions opened in the Company:

4.6.1. Method of PD processing: non-automated.

4.6.2. Source of PD receipt: PD subject.

4.6.3. Basis for the PD processing: clause 1 of Part 1 of Article 6 of the Federal Law No. 152-FZ "On Personal Data" (consent Subject PD).

4.6.4. Purpose of PD processing: conclusion of an employment agreement.

4.6.5. Content of processed PD:

  • full name;

  • information about education;

  • information about previous employment;

  • information about registration and in the system of individual (personified) accounting;

  • contact phone number;

  • information about conviction records;

  • e-mail address.

4.6.6. Term of PD processing: until the conclusion of the employment contract.

4.7. Metadata and data for interactions:

● Email addresses and names of participants

● Email headers that contain Personal Data

● Metadata of emails (times sent, etc.) that are linked to Personal Data

● Structured data stored by Company about Data Subjects, including text notes about Data Subjects that contain Personal Data, and structured data about Data Subjects (e.g. columns and "magic columns") that contain Personal Data

Subscription Club LLC does not store the content (the body) of your emails. Subscription Club LLC temporarily stores email metadata (recipients, subject line) for the sole purpose of indexing and sorting your email, before presenting and visualizing that data back to you in application.

4.8. We may use Cookies. Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information.

4.9. Parsing of Gmail. We have an option that you may or may not use to automatically scan you Gmail and find existing subscription services to be added automatically to your Subscriptions Club LLC account.

To do that, we use Gmail API (OAuth API) and ask for your permission to connect to your Google account, and authenticate that connection via Google Apps OAuth. Subscriptions Club LLC account thus has the same industry-leading login security as your Google account.

Subscriptions Club LLC use and transfer any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Subscriptions Club LLC does not make any changes to your Gmail, Drive, Contacts, or Calendar without your explicit permission.

Subscriptions Club LLC takes all reasonable and appropriate steps to protect all applications or systems that make use of Google API Services against unauthorized or unlawful access, use, destruction, loss, alteration, or disclosure.


5. ORGANIZATION OF PD PROTECTION

5.1. Protection of PD is a set of organizational and technical measures to prevent violation of the established regime of availability, integrity, authenticity and confidentiality of PD and ensuring the information security in the PD processing by the Company.

5.2. The objects of protection are:

  • documents containing PD;

  • PD, as well as technical means (including computer technology, computer storage media, communication and data transmission facilities and systems, technical means for processing alphanumeric, graphic, video and speech information), system-wide, applied, special software, information technology and protection of information as part of the PD information systems that are used for PD processing.

5.3. Employees who have access to PD in connection with performance of their job duties:

  • ensure the storage of information containing PD, blocking access to it by third parties with the exception of cases indicated in clause 3.5 of this Privacy Policy;

  • in case of vacation, business trip and other cases of a long absence of an employee at his workplace, the employee is obliged to transfer documents and other PD storage devices to the person who will be entrusted with the performance of his job duties by the order of the General Director of the Company;

  • ensure protection of the information stored in electronic databases from unauthorized access, distortion and destruction of information, as well as other illegal actions, among other cases, through differentiation of access rights.

5.4. Subscriptions Club LLC locates our data centers in the Russian Federation, Sankt-Petersburg and by utilizing our application and services, you expressly instruct us to process personal data within the Russian Federation and consent to its processing in accordance with this privacy policy. We strive to maintain the highest standards of Data Protection and our data centers are fully compliance with our privacy policy and PD rules required by Law.


6. PROCEDURE OF RESPONSE TO REQUESTS OF PD SUBJECTS

6.1. When a PD subject sends a request for information regarding the processing of his PD (as indicated in part 7 of Article 14 of the Federal Law No. 152-FZ "On Personal Data"), in particular:

  • for confirmation of the fact of PD processing by the Company;
  • on the existence of legal reasons and on the purposes of PD processing;
  • on the methods used by the Company for PD processing;
  • the name and location of the Company, information about persons (except for employees of the Company) who have access to PD or to whom PD may be disclosed on the basis of an agreement with the Company or on the basis of a federal law;
  • on the list of processed PD, the sources of its receipt;
    the terms of PD processing, including the terms of their storage;
  • information on the performed or expected cross-border PD transfer;
  • the name or surname, first name, patronymic and address of the person performing the PD processing on behalf of the Company, if the processing is entrusted or will be entrusted to such a person;
  • Contact email for requests: info@subu.app;
  • other information under the Federal Law No. 152-FZ "On Personal Data" or other federal laws,

the person responsible for processing PD must prepare a response on the merits of the request to the PD subject. Each such request must be registered in a separate register for requests of PD subjects. The mark about the response to the appeal is registered in the register of requests of PD subjects in a separate column.


7. FINAL PROVISIONS

7.1. This Privacy Policy shall come into force from the moment of its approval and put into effect by the order of the General Director of the Company.

7.2. The requirements of this Privacy Policy apply to all employees of the Company who have access to PD.

7.3. The Company has the right to make changes and additions to this Privacy Policy. Employees and users of our application shall be notified of the changes and addition by an order of the General Director of the Company. In addition, we will post those changes on our web page and in the application. Policy changes will apply only to information collected after the date of the change.

7.4. By using our application, you consent to our privacy policy. If you do not consent to the collection and processing of the information required to be processed, we are unable to provide you with our application or service, and you should not use it.


Administration details:

Name: Subscriptions Club LLC
Legal Address: Russia, Moscow, 3-Ya Khoroshevskaya Ulitsa, dom 2, stroenie 1, etazh 3, pomeshenie 21, komnata 2, office 34
ITN (Indi­vid­ual Tax­pay­er Num­ber): 7734439764
IEC (Indus­tri­al Enter­pris­es Classifier): 773401001
PSRN (Pri­ma­ry State Reg­is­tra­tion Number): 1217700004389
D&B D-U-N-S® Number: 893070964