Preamble

This privacy policy of personal data (hereinafter referred to as the "Policy") defines the main principles, conditions, goals, methods of processing, and implemented measures for the protection of personal data and other information, and the rights of users of the Internet network (hereinafter referred to as the "User") in the process of using services provided by Individual Entrepreneur Bogatyryova Anastasia Alekseevna (TIN: 780540826803 OGRNIP: 320774600034623, hereinafter referred to as IP Bogatyryova A.A., Administrator, Operator) to ensure compliance and protection of the rights and freedoms of every person, and especially the right to privacy, personal and family secrets, protection of honor, dignity, and good name.

This Policy governs the terms of confidentiality and processing of personal data between the User and IP Bogatyryova A.A. when using the website https://nontrivitrip.ru/, as well as the conclusion and execution of contracts between them.

The Policy applies to all information, including personal data as understood by the current legislation of the Russian Federation, which the Administrator may receive from the User in the process of using the services provided by the Administrator. The Policy explains how the Administrator receives, collects, stores, uses, and protects Users' personal data.

The action of this Policy extends to all Users of the Internet who provide their personal data to the Administrator with any access and (or) use of the services and in relation to which the Administrator processes personal data. The requirements of the Policy are also taken into account and applied to other persons if necessary for their participation in the process of processing personal data by the Administrator.

Before using the Administrator's services, the User must familiarize themselves with the contents of this document. With each access and/or actual use of any of the services or their individual functions, the User agrees to this Policy in full, without reservations and exceptions. Acceptance of the Policy by the User is an explicitly expressed, specific, and non-abstract consent of the User to the processing of personal data.

1. Terms and Definitions

For the purposes of this Policy, unless the context requires otherwise, the following terms have the following meanings and are an integral part of it:
- Personal Data: any information related directly or indirectly to an identified or identifiable natural person.
- Processing of Personal Data: any action (operation) or a set of actions (operations) with Personal Data performed with or without the use of automation tools. Processing of Personal Data includes, among other things, collection, recording, systematization, accumulation, storage, updating (modification, alteration), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
- Website: the website located at https://nontrivitrip.ru/, providing the User with the opportunity to receive information and consultation services from IP Bogatyryova A.A. when planning trips.
- Services: the Website, products, and services provided by IP Bogatyryova A.A.
- User: a person using the Services.
- IP Bogatyryova A.A. Administrator Operator: Individual Entrepreneur Anastasia Alekseevna (TIN: 780540826803 OGRNIP: 320774600034623) acting as the operator of Personal Data.

Other terms not defined in clause 1.1 of this document may also be used in the Policy. In this case, the interpretation of such terms is carried out in accordance with the text of the Policy. Terms used in this Policy in the singular (depending on the context) have the same meaning in the plural and vice versa. The headings in this Policy are provided for convenience only and do not affect its interpretation.

General Provisions

This Policy is developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006, "On Information, Information Technologies and Information Protection," Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," and other federal laws.

The purpose of developing the Policy is to define the procedure for processing and protecting Users' Personal Data, ensuring the protection of the rights and freedoms of individuals when processing their Personal Data, including protecting the rights to privacy, personal and family secrets.

This Policy comes into force from the moment of its approval and is valid indefinitely until replaced by a new Policy. The Policy may be amended and/or supplemented unilaterally by the Administrator of the Service without any special notice (consent) from the subjects of Personal Data. The current version of the Policy is posted on the Internet at https://nontrivitrip.ru/confidentialitypolicy.

All changes and additions to this Policy come into force on the next day after the new version of the Policy is posted at https://nontrivitrip.ru/confidentialitypolicy.

Continued use of the Services after changes and/or additions to this Policy will indicate acceptance and agreement of the User with such changes and/or additions.

If the User disagrees with the terms and conditions of the Policy and the rules for using the Services, they must immediately stop using the Services. Otherwise, the use of the Services will indicate the unconditional and unreserved agreement of the User with the terms of this Policy.

By providing Users with the opportunity to use the Services, the Administrator, acting reasonably and in good faith, assumes that:
- Before using the Services, the User has carefully read the terms of this Policy;
- The User has all the necessary rights to register and authorize on the Services and use their functionality;
- By starting to use the Services, the User expressed their consent to the terms of this Policy and accepted the rights and obligations specified therein;
- The User realizes that the information provided by them to other Users cannot be independently deleted by them;
- The User understands and realizes that during the use of the Services, the information posted by the User about themselves may be available to other Users, and the Operator is not responsible for the actions of third parties;
- The User regularly checks the terms of this Policy for changes and/or additions.

With each access and/or actual use of any of the Services or their individual functions, the User:
- Agrees with this Policy in full, without reservations and exceptions;
- Confirms that this Policy will apply to the use of the Services by them from the moment of access and/or actual use;
- Assumes the rights and obligations regulated by this Policy, which constitutes an agreement between the User and the Administrator;
- Confirms and agrees that this Policy will apply to all personal data transmitted by them to the Administrator.

The Operator has the right to process Users' Personal Data without notifying the authorized body for the protection of personal data subjects.

The processing of Personal Data may be carried out by the Administrator jointly with another operator for the processing of Personal Data.

The Administrator is the Operator for the processing of Personal Data, except in cases where the functions for the processing of Personal Data are transferred to another person based on a contract concluded with such a person.

Purpose of Collecting and Processing Personal Data

Personal Data is processed by the Operator solely for the purposes for which it was provided, including:
- Conclusion, execution, modification, and termination of contracts with the Operator;
- Provision of consulting and information services;
- Communication with other Users and the Administrator;
- Receiving consulting support;
- Prevention and suppression of violations of contracts concluded with the Administrator and other illegal or unauthorized actions by Users or third parties;
- Organizing participation of Users in events and surveys organized by the Administrator;
- Compliance with the requirements of the legislation of the Russian Federation;
- Analysis of data to improve the functionality and quality of the Services;
- Organization of storage and destruction of information sources, including those containing Users' Personal Data;
- Ensuring the functioning and security of the Services;
- Improving the functioning of the Services;
- Development of new tools for the Services;
- Ensuring interaction between the User and the Administrator within the framework of marketing offers that may interest the User (except in cases when the User has refused marketing mailings or the Administrator is permitted to distribute them under applicable law);
- Verification of the User's identity to protect against fraud and confirm the legitimacy of the use of the Services;
- Achievement of other goals with the consent of Users.

Rights and Obligations of the Operator and the User

The Operator has the right to:
- Independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations provided for by the legislation of the Russian Federation regarding Personal Data;
- Entrust the processing of Personal Data to another person based on a contract concluded with this person;
- Continue processing Personal Data without the consent of the data subject if there are legal grounds for doing so.

The Operator is obliged to:
- Organize the processing of Personal Data in accordance with the requirements of the legislation of the Russian Federation;
- Respond to inquiries and requests from Users in accordance with the requirements of the legislation of the Russian Federation.

The User has the right to:
Receive information regarding the processing of their Personal Data;
- Demand the Operator to clarify their Personal Data, block, or destroy it if the Personal Data is incomplete, outdated, inaccurate;
- Refuse the processing of their Personal Data by the Operator by sending a corresponding request to ceo@nontrivitrip.ru, in which case the User is obliged to stop using the services;
- Take measures provided by law to protect their rights.

The User is obliged to:
- Provide accurate, complete, and up-to-date information on all issues requested by the Services;
- Strictly comply with all requirements of the legislation of the Russian Federation;
- Comply with the requirements and conditions of this Policy and other documents posted on the Website;
- Not use information located on the Services for distribution;
- Not use obscene language, erotic, offensive images and texts, information and statements that contain threats, provoke cruelty, hatred, disrespectful attitude, or may lead to illegal actions, as well as other information and statements that do not comply with generally accepted norms of morality and ethics;
- Not take actions that may restrict access to the Services.

List of Processed Personal Data

The Operator has the right to collect the following categories of User's Personal Data:
- Information provided by the User to place an order and/or conclude a contract with the Administrator, including but not limited to surname, first name, patronymic, email address, passport data, year, month, and date of birth, postal address, mobile phone number, bank details;
- Electronic data (HTTP headers, IP address, cookies, web beacons/pixel tags, browser identifier information, hardware, and software information);
- Information posted by the User when sending a message to the Administrator's support service;
- Date and time of access to the Services;
- Information about the User's activity during the use of the Services, behavioral actions of the User;
- Copies of identity documents, as well as other documents provided by the User containing Personal Data;
- Other User information necessary for processing in accordance with the conditions governing the use of specific Services.

The Operator also has the right to store:
- Contracts concluded between Users and the Administrator;
- Applications for the conclusion of a contract sent by Users;
- Records of telephone conversations and electronic correspondence.

The Operator also processes technical and other information automatically transmitted by the device through which the User uses the Services, including but not limited to cookies, information about the user's equipment, browser information and its settings, date and time of access to the Services, addresses of requested pages, actions of the User on the Services, technical characteristics of the User's device, IP address, and other similar information. The User hereby agrees that the Operator, including with the use of metric programs, has the right to process such information for analyzing the security status of the Services, improving functionality, and enhancing the quality of the Services, managing the Services, as well as collecting data for statistical and other purposes.

Procedure for Obtaining (Collecting) Personal Data

The Operator receives all Personal Data of the User with their written consent, except in cases provided by the legislation of the Russian Federation. Consent to the processing of Personal Data is provided by the User in electronic form and is specific, informed, and conscious. The User's consent to the processing of Personal Data is valid for five years from the date of its acceptance. After this period, the consent is considered extended for each subsequent five years in the absence of information about its withdrawal by the User.

Processing of Personal Data of the User without their consent is carried out in cases:
- At the request of authorized state bodies in cases provided by the legislation of the Russian Federation;
- If Personal Data is publicly available;
- If processing is carried out for the purpose of concluding and executing a contract, one of the parties to which is the User;
- If processing of Personal Data is carried out for statistical purposes, provided that Personal Data is anonymized;
- In other cases provided by law.

The Operator does not receive and does not process Personal Data of the User about their racial or ethnic origin, political opinions, religious or philosophical beliefs, or intimate life.

The User guarantees that the Personal Data provided by them to the Operator is accurate. The Operator is not responsible for the inaccuracy of Personal Data and other information provided by the Users.

Grounds for Processing Personal Data

The Operator processes Personal Data and other information provided by the User when:
- Placing and concluding contracts with the Administrator, sending applications for concluding contracts with the Administrator;
- Each access and/or actual use of any of the Services;
- Subscribing to the Administrator's newsletters;
- Registering for Administrator's events;
- Participating in surveys and participating in studies organized by the Administrator;
- Contacting the Administrator's support service;
- Exercising rights and obligations arising from the legislation of the Russian Federation.

The Operator processes Personal Data and other information provided by the User if at least one of the following conditions is met:
- Processing is carried out with the consent of the User;
- Processing is necessary for the conclusion, execution, modification, or termination of contracts concluded between the Administrator and the User;
- Processing is carried out in connection with participation in legal proceedings or for the execution of an act subject to execution in accordance with the legislation on enforcement proceedings;
- Processing is necessary for the exercise of the rights and legitimate interests of the Administrator, other Users, or third parties;
- Processing is necessary for the performance of functions, powers, and duties assigned to the Administrator by the legislation of the Russian Federation.

Processing of Personal Data is carried out based on the principles:
- Legality of the purposes and methods of processing Personal Data;
- Limiting the processing of Personal Data to achieving specific, pre-defined, and legitimate purposes;
- Preventing the processing of Personal Data incompatible with the purposes of collecting Personal Data;
- Corresponding the purposes of processing Personal Data to the purposes pre-defined and declared during the collection of Personal Data, as well as the powers of the Operator;
- Corresponding the volume and nature of processed Personal Data and the methods of processing Personal Data to the purposes of processing Personal Data.

Protection of User Personal Data

Protection of User's Personal Data is carried out at the expense of the Administrator in the manner established by the legislation of the Russian Federation.

The Operator takes all possible and necessary legal, technical, and organizational measures to protect User's Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions. Such measures include:
- Obtaining User consents for processing their Personal Data, except in cases provided by the legislation of the Russian Federation;
- Analyzing the security status of the Services;
- Detecting and preventing intrusions into the operation of the Services;
- Monitoring actions with Personal Data;
- Other measures provided by the legislation in the field of Personal Data.

Access to the User's Personal Data may also be provided to the Administrator's employees who need Personal Data in connection with the performance of their job duties. All employees involved in receiving, processing, and protecting Users' Personal Data are required to sign a Non-Disclosure Agreement for Users' Personal Data and familiarize themselves with this Policy.

Transfer of Personal Data to Third Parties

To achieve the purposes of processing, the Operator has the right to transfer the User's Personal Data and entrust their processing to third parties, including in foreign countries.

The User's Personal Data may be transferred to third parties to achieve the purposes specified in section 3 of this Policy. Such third parties may include:
- Any state authority of the Russian Federation, state authority of the subjects of the Russian Federation, local government, and other official bodies to which the Administrator is obliged to provide information in accordance with the applicable legislation of the Russian Federation upon request;
- Owners of websites and applications providing services to the Administrator related to the placement and display of advertising on the Services;
- Persons providing services for the development and design of the Website;
- Providers of information services, consultants, behavior analysts of Users on the Services;
- Persons ensuring the functioning of the Services, in particular, organizing the registration and/or authorization procedure for Users, the conclusion of contracts between Users and the Administrator;
- Persons to whom rights or obligations are transferred under the relevant agreement;
- Third parties if the User has consented to the transfer of Personal Data or if the transfer of Personal Data is necessary to provide the User with the relevant Service or to conclude a contract using the Service;
- Third parties if the transfer of Personal Data is carried out for the purpose of legal protection of the Administrator or third parties or in a situation where there is a threat of such violation.

Storage and Destruction of Information

Storage of Personal Data means the existence of records in information systems and on physical media.

For storage purposes, the Administrator may involve third parties. In this case, information storage will be carried out in the information systems of third parties, particularly in the AMOCrm system.

Storage of the User's Personal Data may be carried out as long as it is necessary to fulfill the purposes for which it was collected, unless otherwise provided by federal laws of the Russian Federation.

The Operator closes access and prohibits the use of Personal Data that are no longer needed for the use of the Service, user support, improving service quality, and other operational purposes. Such data is used solely to comply with these requirements, ensure security, detect, and prevent fraud.

The Operator may retain certain information if it is necessary to comply with its legitimate business interests, such as fraud prevention and ensuring the safety and protection of Users.

Destruction of the User's Personal Data implies the termination of any access to Personal Data.

When Personal Data is destroyed, Administrator employees cannot access the subject's Personal Data in the Service's information systems.

When Personal Data is destroyed, it is anonymized in information systems. Destroyed Personal Data cannot be recovered.

The operation of destroying Personal Data is irreversible.

Public Data

The Operator prohibits collecting, extracting, recording, systematizing, storing, transferring

, distributing, copying, reproducing, or otherwise using for any other commercial or non-commercial purposes the data that the User has made publicly available.

The User is not responsible for the actions of third parties regarding any information posted on the Services in open access, including for its accuracy.

The User bears all risks associated with posting publicly available information.

Processing Periods for Personal Data

The Operator ceases to process Personal Data:
- Upon achieving the purposes of processing or if the necessity to achieve these purposes is lost;
- If there are no other legal grounds for processing Personal Data provided by the legislation of the Russian Federation;
- Upon expiration of the User's consent to the processing of Personal Data or in case of withdrawal of such consent if there are no other legal grounds for processing provided by the legislation of the Russian Federation;
- If unlawful processing of Personal Data is detected, if it is impossible to ensure the legality of processing;
- In the event of the Administrator's liquidation.

Upon expiration of the storage period, Personal Data may be anonymized in information systems and destroyed on paper in the manner established by the current legislation of the Russian Federation.

User Requests

Users have the right to send requests to the Administrator, including requests regarding the use of their Personal Data, by sending a message to the address: ceo@nontrivitrip.ru.

The Administrator undertakes to review and respond to the User's request within 30 calendar days from the date of receipt of the request.

Administrator Information

- Individual Entrepreneur Bogatyryova Anastasia Alekseevna
- TIN: 780540826803
- OGRNIP: 320774600034623
- Mailing Address: 125171 Moscow, Leningradskoye Highway 17/1-36
- Phone: +79057808880
- Email: ceo@nontrivitrip.ru
- Date of Publication: 5.06.2024
- Date of Entry into Force: 5.06.2024