Offline Protection
Offline Protection
Protect Your Brand
Choose the conditions that suit you best
Create an Account
Act now—business waits for no one!
Comprehensive Protection for Your Brand
+7 (800) 700-14-45
46 Deputatskaya St., Office 3064,
Novosibirsk, 630099, Russian Federation
Novosibirsk, 630099, Russian Federation
Protect Your Brand
Choose the conditions that suit you best
Create an Account
Act now—business waits for no one!
Phone number
Adress
1. General Provisions
1.1. Purpose of the Policy
This document, developed in accordance with Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter — the Personal Data Law), defines the policy of Brand Defender Limited Liability Company, INN 5406843226, OGRN 1245400032338, legal address: 630099, Russian Federation, Novosibirsk, Deputatskaya St., 46, office 3064 (hereinafter — the Operator) regarding the processing of personal data of Users visiting the website of the legal company Brand Defender at branddefender.ru (hereinafter — the Website) (hereinafter — the Policy).
Brand Defender Limited Liability Company, acting as the Operator processing personal data, ensures the protection of the rights and freedoms of data subjects during the processing of their personal data, including the protection of the rights to privacy, personal and family secrets, and takes measures to ensure compliance with the obligations stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it.
The Policy applies exclusively to the Website. The Operator does not control and is not responsible for third-party websites that the User may access via links available on the Website.
This document, in accordance with the requirements of Clause 2, Part 1, Article 18.1 of the Personal Data Law, is publicly accessible and must be published on the Website at the following address: LINK.
For any questions related to the processing of personal data during the User’s use of the Website, the User may contact the Operator via email: official@branddefender.ru.
1.2. Key Terms Used in This Policy
The following terms are used in this document:
The Operator of personal data undertakes:
1.3.1. When collecting personal data, to provide the Data Subject, at their request, with information related to the processing of their personal data, as provided for by Part 7, Article 14 of the Personal Data Law:
• Confirmation of the fact of processing personal data by the Operator;
• Legal grounds and purposes of processing personal data;
• The purposes and methods of processing personal data used by the Operator;
• The name and location of the Operator, information about persons (excluding the Operator’s employees) who have access to personal data or to whom personal data may be disclosed under an agreement with the Operator or based on federal law;
• The personal data being processed that relates to the respective Data Subject, the source of their receipt, unless a different procedure for presenting such data is provided for by federal law;
• The time limits for processing personal data, including the time limits for their storage;
• The procedure for the Data Subject to exercise the rights provided for by the Personal Data Law;
• Information about completed or planned cross-border data transfers;
• The name or surname, first name, patronymic, and address of the person processing personal data on behalf of the Operator, if processing is or will be entrusted to such a person;
• Information about the methods of fulfilling the Operator’s obligations established by Article 18.1 of the Personal Data Law;
• Other information required by the legislation of the Russian Federation.
1.3.2. To inform the Data Subject or their representative about the existence of personal data related to the respective Data Subject and to provide them with a free opportunity to review such personal data upon the Data Subject’s or their representative’s request.
1.3.3. To make necessary changes to the personal data within a period not exceeding seven business days from the date the Data Subject or their representative provides information confirming that the personal data is incomplete, inaccurate, or outdated.
1.3.4. To destroy personal data within a period not exceeding seven business days from the date the Data Subject or their representative provides information confirming that such personal data was obtained unlawfully or is not necessary for the stated processing purpose.
1.3.5. To notify the Data Subject or their representative of the changes made to the personal data and the measures taken and to take reasonable steps to notify third parties to whom the personal data of this Data Subject has been transferred.
1.3.6. To explain to the Data Subject the legal consequences of refusing to provide their personal data and/or consent to their processing, if, under federal law, the provision of personal data and/or the Operator’s receipt of consent to process personal data is mandatory.
1.3.7. In cases where personal data is obtained not from the Data Subject, prior to the start of processing such personal data, the Operator is obliged to provide the Data Subject with the information specified in Part 3, Article 18 of the Personal Data Law:
• The name or surname, first name, patronymic, and address of the Operator or their representative;
• The purpose and legal basis for processing personal data;
• The list of personal data;
• The intended users of personal data;
• The rights of the Data Subject established by the Personal Data Law;
• The source of the personal data.
1.3.8. To take necessary legal, organizational, and technical measures or ensure their adoption to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions regarding personal data.
1.3.9. To appoint a person responsible for organizing the processing of personal data.
1.3.10. To ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
1.3.11. In the event of identifying unlawful processing of personal data, to terminate such unlawful processing within a period not exceeding three business days from the date of such identification. If it is impossible to ensure lawful processing of personal data, such data shall be destroyed within ten business days.
1.3.12. In the event of establishing the fact of unlawful or accidental transfer (provision, dissemination, access) of personal data that resulted in a violation of the Data Subjects’ rights, to notify the authorized body for the protection of the rights of personal data subjects and to provide the information specified in Clause 3.1, Article 21 of the Personal Data Law.
1.3.13. To cease processing and destroy personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data.
1.3.14. To cease processing personal data and, if retention of the personal data is no longer necessary for the purposes of processing, to destroy the personal data within a period not exceeding thirty days from the date of receipt of the Data Subject’s withdrawal of consent.
1.3.15. To cease processing personal data within a period not exceeding ten business days from the date of receipt of the Data Subject’s request. This period may be extended, but not by more than five business days, if the Operator sends a reasoned notification to the Data Subject indicating the reasons for the extension.
1.3.16. To take measures necessary and sufficient to ensure compliance with the obligations stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it, including determining the composition and list of measures necessary and sufficient to ensure the Operator’s obligations to protect personal data.
1.4. Rights of the Data Subject
The Data Subject has the right to:
1.4.1. Receive free information from the Operator about the processing of their personal data, as specified in Clause 1.3.1 of this Policy, by submitting a request to the Operator in accordance with Part 3, Article 14 of the Personal Data Law.
1.4.2. Demand that the Operator clarify, block, or destroy their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose.
1.4.3. Demand that the Operator cease processing their personal data, including by withdrawing consent to processing.
1.4.4. Appeal the Operator’s actions or inaction to the authorized body for the protection of the rights of personal data subjects or in court.
1.4.5. Take legal measures to protect their rights and legitimate interests, including claiming compensation for damages and/or moral harm in court.
2. Purposes of Collecting Personal Data
The processing of personal data of Data Subjects on the Website is carried out by the Operator for the following purposes:
• Establishing feedback with the Website User, including sending notifications, requests, processing them, and processing the User’s inquiries and applications for the purpose of further concluding and executing a contract for the provision of legal services.
• Conducting email newsletters to Website Users of an informational and advertising nature (news, event information, analytical reviews, advertisements for goods, works, and services).
• Conducting statistical, analytical, and other research to improve the Website’s performance based on anonymized personal data of Users.
3. Legal Basis for Processing Personal Data
3.1. The legal basis for processing the personal data of Website Users is their consent to the processing of personal data.
3.2. The User makes the decision to provide their personal data to the Operator freely, voluntarily, and in their own interest. The User may provide consent personally or through a representative.
3.3. Consent to process the personal data of minors under the age of 14 is provided by their legal representatives.
3.4. Website Users provide their consent to the processing of their personal data in the following cases:
• The User fills out the Feedback Form on the Website.
• The User subscribes to the email newsletter on the Website.
• The User agrees to the use of Cookie files in accordance with the notification displayed upon their first visit to the Website.
3.5. By providing their personal data in the Feedback Form and checking the box stating, "I consent to the processing of my personal data in accordance with the terms of the personal data processing policy of Brand Defender LLC, which I have read in advance (details at the link: LINK)," the User expresses their consent and grants permission for the processing of their personal data in accordance with this Policy.
3.6. By providing their personal data when subscribing to the email newsletter and checking the box stating, "I consent to the processing of my personal data in accordance with the terms of the personal data processing policy of Brand Defender LLC, which I have read in advance (details at the link: LINK)," the User expresses their consent and grants permission for the processing of their personal data in accordance with this Policy.
3.7. By agreeing to the use of Cookie files in accordance with the notification displayed upon their first visit to the Website and subsequently browsing the Website, the User expresses their consent to the use of Cookie files and similar technologies and grants permission for the processing of their personal data in accordance with this Policy.
3.8. Consent to the processing of personal data may be withdrawn by the Data Subject at any time by submitting a withdrawal request in free form to the Operator’s email address official@branddefender.ru or to the Operator’s legal address.
4. Scope and Categories of Processed Personal Data
4.1. The Operator processes the personal data of Website Users.
4.2. The Operator processes the following personal data of Users:
• Full name (surname, first name, patronymic).
• Email address.
• Mobile phone number.
• Data automatically transmitted when using the Website, including IP address, Cookie information, browser information (or other program used to access the Website), access time, and the address of the requested page.
4.3. The Operator may also obtain additional personal data voluntarily provided by the User in the "Message" field of the Website’s Feedback Form. If such data constitutes the personal data of third parties, the responsibility for informing such third parties about the transfer of their data to the Operator lies with the User.
4.4. The Operator processes these categories of personal data of Data Subjects to the extent necessary for the purposes of processing specified in Clause 2 of this Policy.
4.5. The processing of personal data of other categories of Data Subjects by the Operator is regulated by other internal documents of the Operator.
5. Procedure and Conditions for Processing Personal Data
5.1. General Provisions on the Procedure and Methods of Processing
5.1.1. The Operator processes Users’ personal data with their consent, provided by Users and/or their legal representatives upon acceptance of the terms of the Personal Data Processing Policy available at: LINK.
5.1.2. The processing of biometric personal data and special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, or intimate life is not conducted on the Website.
5.1.3. The Operator does not verify the accuracy or relevance of the information provided by the User and assumes that the User provides reliable and sufficient information and independently ensures its relevance.
5.1.4. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access to authorized persons), deletion, and destruction.
5.1.5. Processing of personal data may be carried out using automation tools (automated processing) or manually without the use of such tools (non-automated processing).
5.2. Transfer of Personal Data to Third Parties
5.2.1. The Operator does not transfer Users’ personal data to third parties or engage third parties to process personal data on its behalf, except in cases where such transfer is required by applicable law.
5.2.2. The Operator does not perform cross-border transfers of Users’ personal data.
5.3. Confidentiality of Personal Data
5.3.1. The personal data of Data Subjects is confidential and protected information, subject to all requirements established by the Operator’s internal documents for the protection of confidential information.
5.3.2. The personal data of Data Subjects is subject to the confidentiality regime established by the Operator.
5.3.3. The Operator does not disclose personal data to third parties or distribute it without the Data Subject’s consent, unless otherwise provided by federal law.
5.3.4. The Operator requires other persons who have gained access to personal data not to disclose or distribute such data without the Data Subject’s consent, unless otherwise provided by federal law.
5.3.5. Access to processed personal data is permitted only to the Operator’s employees whose job responsibilities include processing personal data.
5.3.6. All employees of the Operator are obliged to maintain the confidentiality of personal data and other information specified by the Operator, unless this contradicts the legislation of the Russian Federation.
5.3.7. Confidentiality is not required for publicly available personal data.
5.4. Storage of Personal Data
5.4.1. The Operator stores personal data in a form that allows identification of the Data Subject no longer than required by the purposes of processing.
5.4.2. Processed personal data is subject to destruction or anonymization under the following conditions:
• Achievement of the processing purposes or expiration of the maximum storage period.
• Loss of necessity to achieve the processing purposes.
• Submission by the Data Subject or their representative of confirmation that the personal data was unlawfully obtained or is unnecessary for the stated processing purpose.
• Inability to ensure lawful processing.
• Liquidation (reorganization) of the Operator.
• Withdrawal of consent by the Data Subject, if retention of the data is no longer necessary for processing purposes.
5.4.3. The retention period for personal data is determined in accordance with Russian legislation and is 3 (Three) years from the date of receipt.
5.4.4. If federal law establishes mandatory retention periods for certain categories of personal data, the Operator stores such data for the legally required period.
5.5. Security Measures for Personal Data
The Operator implements legal, organizational, and technical measures to ensure the security of personal data, protecting it from unauthorized (including accidental) access, destruction, alteration, blocking, and other unlawful actions. These measures include:
• Appointing responsible persons for organizing processing and ensuring data protection.
• Restricting access to personal data among the Operator’s employees.
• Adopting internal regulations on personal data processing (including this Policy) and ensuring employee awareness.
• Establishing password complexity requirements for access to personal data systems.
• Conducting antivirus checks and preventing malware intrusions into the corporate network.
• Verifying and including confidentiality clauses in contracts.
• Ensuring physical security of premises and equipment, access control, surveillance.
• Separating non-automated personal data from other information via dedicated storage media or sections.
• Accounting and secure storage of data carriers to prevent theft, substitution, or unauthorized copying.
• Backup procedures for data recovery.
• Other measures required by Russian legislation on personal data.
6. Updates, Corrections, Deletion, and Destruction of Personal Data
6.1. The information specified in Clause 1.3.1 of this Policy is provided to the Data Subject or their representative within ten business days of their request.
6.2. The Operator accepts and reviews requests from Data Subjects via email at official@branddefender.ru or by post.
6.3. A request must include identification details of the Data Subject or their representative, evidence of data processing by the Operator, and a signature (including electronic) of the Data Subject or representative.
6.4. Requests may be submitted electronically and signed with a digital signature under Russian law.
6.5. Information is provided free of charge in an accessible format and excludes data related to other Data Subjects unless legally justified.
6.6. If a request lacks required information or the Data Subject lacks access rights, a reasoned refusal is provided.
6.7. The Data Subject’s right to access personal data may be restricted under Part 8, Article 14 of the Personal Data Law, including if access violates third-party rights.
6.8. Within seven business days of receiving confirmation of incomplete, inaccurate, or outdated data, the Operator makes necessary changes.
6.9. Within seven business days of receiving confirmation of unlawfully obtained or unnecessary data, the Operator destroys such data.
6.10. The Operator notifies the Data Subject of changes and takes reasonable steps to inform third parties who received the data.
6.11. The Operator provides necessary information to the authorized body within ten business days of a request.
6.12. In case of other grounds for destruction (Clause 5.4.2), the Operator ensures destruction within thirty days.
6.13. If destruction is impossible, the Operator blocks the data and ensures its destruction within six months unless otherwise stipulated.
7. Automated Data Collection
7.1. The Operator uses Cookie files and similar technologies to automatically collect information about Users’ Website visits.
7.2. Automated collection may include: device/browser details, IP address, location, session duration, visited pages, and technical data.
7.3. This data is used for Website security, functionality, and internal analytics.
7.4. The Operator uses web analytics services (e.g., Yandex.Metrica, Roistat) with anonymized data. Privacy policies are linked:
• Yandex Privacy Policy
• Roistat Privacy Policy
7.5. Users may disable Cookies via browser settings but may lose access to certain Website features.
8. Final Provisions
8.1. This Policy takes effect upon approval by the Operator and remains valid indefinitely.
8.2. Compliance is monitored by the person responsible for data processing.
8.3. The Operator may amend the Policy due to legal changes or at its discretion.
8.4. Changes are published on the Website at branddefender.ru.
8.5. Date: December 16, 2024
1.1. Purpose of the Policy
This document, developed in accordance with Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter — the Personal Data Law), defines the policy of Brand Defender Limited Liability Company, INN 5406843226, OGRN 1245400032338, legal address: 630099, Russian Federation, Novosibirsk, Deputatskaya St., 46, office 3064 (hereinafter — the Operator) regarding the processing of personal data of Users visiting the website of the legal company Brand Defender at branddefender.ru (hereinafter — the Website) (hereinafter — the Policy).
Brand Defender Limited Liability Company, acting as the Operator processing personal data, ensures the protection of the rights and freedoms of data subjects during the processing of their personal data, including the protection of the rights to privacy, personal and family secrets, and takes measures to ensure compliance with the obligations stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it.
The Policy applies exclusively to the Website. The Operator does not control and is not responsible for third-party websites that the User may access via links available on the Website.
This document, in accordance with the requirements of Clause 2, Part 1, Article 18.1 of the Personal Data Law, is publicly accessible and must be published on the Website at the following address: LINK.
For any questions related to the processing of personal data during the User’s use of the Website, the User may contact the Operator via email: official@branddefender.ru.
1.2. Key Terms Used in This Policy
The following terms are used in this document:
- Personal Data — any information relating directly or indirectly to a specific or identifiable individual (data subject).
- Website — a collection of interconnected web pages located on the Internet at branddefender.ru and its subdomains.
- Cookie Files — a small fragment of data sent by a web server and stored on the User’s computer, which the web client or web browser transmits to the web server in an HTTP request each time an attempt is made to open a page of the corresponding website.
- IP Address — a unique network address of a node in a computer network through which the User gains access to the Website.
- User — an individual visiting the Website and using the information, materials, and services of the Website.
- Data Subject — an individual, including a User, who is directly or indirectly identified or identifiable through personal data.
- Operator — Brand Defender Limited Liability Company, INN 5406843226, OGRN 1245400032338, legal address: 630099, Russian Federation, Novosibirsk, Deputatskaya St., 46, office 3064, which independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
- Processing of Personal Data — any action (operation) or set of actions (operations) performed with personal data, with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
- Automated Processing of Personal Data — processing of personal data using computer technology.
- Dissemination of Personal Data — actions aimed at disclosing personal data to an indefinite circle of persons.
- Provision of Personal Data — actions aimed at disclosing personal data to a specific person or specific group of persons.
- Blocking of Personal Data — temporary cessation of the processing of personal data (except for cases where processing is necessary to clarify personal data).
- Destruction of Personal Data — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or the destruction of physical storage media containing personal data.
- Anonymization of Personal Data — actions resulting in the impossibility of determining the affiliation of personal data to a specific data subject without the use of additional information.
- Personal Data Information System — a combination of personal data contained in databases and the information technologies and technical means ensuring their processing.
- Cross-Border Transfer of Personal Data — the transfer of personal data to the territory of a foreign state, to a foreign authority, foreign individual, or foreign legal entity.
The Operator of personal data undertakes:
1.3.1. When collecting personal data, to provide the Data Subject, at their request, with information related to the processing of their personal data, as provided for by Part 7, Article 14 of the Personal Data Law:
• Confirmation of the fact of processing personal data by the Operator;
• Legal grounds and purposes of processing personal data;
• The purposes and methods of processing personal data used by the Operator;
• The name and location of the Operator, information about persons (excluding the Operator’s employees) who have access to personal data or to whom personal data may be disclosed under an agreement with the Operator or based on federal law;
• The personal data being processed that relates to the respective Data Subject, the source of their receipt, unless a different procedure for presenting such data is provided for by federal law;
• The time limits for processing personal data, including the time limits for their storage;
• The procedure for the Data Subject to exercise the rights provided for by the Personal Data Law;
• Information about completed or planned cross-border data transfers;
• The name or surname, first name, patronymic, and address of the person processing personal data on behalf of the Operator, if processing is or will be entrusted to such a person;
• Information about the methods of fulfilling the Operator’s obligations established by Article 18.1 of the Personal Data Law;
• Other information required by the legislation of the Russian Federation.
1.3.2. To inform the Data Subject or their representative about the existence of personal data related to the respective Data Subject and to provide them with a free opportunity to review such personal data upon the Data Subject’s or their representative’s request.
1.3.3. To make necessary changes to the personal data within a period not exceeding seven business days from the date the Data Subject or their representative provides information confirming that the personal data is incomplete, inaccurate, or outdated.
1.3.4. To destroy personal data within a period not exceeding seven business days from the date the Data Subject or their representative provides information confirming that such personal data was obtained unlawfully or is not necessary for the stated processing purpose.
1.3.5. To notify the Data Subject or their representative of the changes made to the personal data and the measures taken and to take reasonable steps to notify third parties to whom the personal data of this Data Subject has been transferred.
1.3.6. To explain to the Data Subject the legal consequences of refusing to provide their personal data and/or consent to their processing, if, under federal law, the provision of personal data and/or the Operator’s receipt of consent to process personal data is mandatory.
1.3.7. In cases where personal data is obtained not from the Data Subject, prior to the start of processing such personal data, the Operator is obliged to provide the Data Subject with the information specified in Part 3, Article 18 of the Personal Data Law:
• The name or surname, first name, patronymic, and address of the Operator or their representative;
• The purpose and legal basis for processing personal data;
• The list of personal data;
• The intended users of personal data;
• The rights of the Data Subject established by the Personal Data Law;
• The source of the personal data.
1.3.8. To take necessary legal, organizational, and technical measures or ensure their adoption to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions regarding personal data.
1.3.9. To appoint a person responsible for organizing the processing of personal data.
1.3.10. To ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
1.3.11. In the event of identifying unlawful processing of personal data, to terminate such unlawful processing within a period not exceeding three business days from the date of such identification. If it is impossible to ensure lawful processing of personal data, such data shall be destroyed within ten business days.
1.3.12. In the event of establishing the fact of unlawful or accidental transfer (provision, dissemination, access) of personal data that resulted in a violation of the Data Subjects’ rights, to notify the authorized body for the protection of the rights of personal data subjects and to provide the information specified in Clause 3.1, Article 21 of the Personal Data Law.
1.3.13. To cease processing and destroy personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data.
1.3.14. To cease processing personal data and, if retention of the personal data is no longer necessary for the purposes of processing, to destroy the personal data within a period not exceeding thirty days from the date of receipt of the Data Subject’s withdrawal of consent.
1.3.15. To cease processing personal data within a period not exceeding ten business days from the date of receipt of the Data Subject’s request. This period may be extended, but not by more than five business days, if the Operator sends a reasoned notification to the Data Subject indicating the reasons for the extension.
1.3.16. To take measures necessary and sufficient to ensure compliance with the obligations stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it, including determining the composition and list of measures necessary and sufficient to ensure the Operator’s obligations to protect personal data.
1.4. Rights of the Data Subject
The Data Subject has the right to:
1.4.1. Receive free information from the Operator about the processing of their personal data, as specified in Clause 1.3.1 of this Policy, by submitting a request to the Operator in accordance with Part 3, Article 14 of the Personal Data Law.
1.4.2. Demand that the Operator clarify, block, or destroy their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated processing purpose.
1.4.3. Demand that the Operator cease processing their personal data, including by withdrawing consent to processing.
1.4.4. Appeal the Operator’s actions or inaction to the authorized body for the protection of the rights of personal data subjects or in court.
1.4.5. Take legal measures to protect their rights and legitimate interests, including claiming compensation for damages and/or moral harm in court.
2. Purposes of Collecting Personal Data
The processing of personal data of Data Subjects on the Website is carried out by the Operator for the following purposes:
• Establishing feedback with the Website User, including sending notifications, requests, processing them, and processing the User’s inquiries and applications for the purpose of further concluding and executing a contract for the provision of legal services.
• Conducting email newsletters to Website Users of an informational and advertising nature (news, event information, analytical reviews, advertisements for goods, works, and services).
• Conducting statistical, analytical, and other research to improve the Website’s performance based on anonymized personal data of Users.
3. Legal Basis for Processing Personal Data
3.1. The legal basis for processing the personal data of Website Users is their consent to the processing of personal data.
3.2. The User makes the decision to provide their personal data to the Operator freely, voluntarily, and in their own interest. The User may provide consent personally or through a representative.
3.3. Consent to process the personal data of minors under the age of 14 is provided by their legal representatives.
3.4. Website Users provide their consent to the processing of their personal data in the following cases:
• The User fills out the Feedback Form on the Website.
• The User subscribes to the email newsletter on the Website.
• The User agrees to the use of Cookie files in accordance with the notification displayed upon their first visit to the Website.
3.5. By providing their personal data in the Feedback Form and checking the box stating, "I consent to the processing of my personal data in accordance with the terms of the personal data processing policy of Brand Defender LLC, which I have read in advance (details at the link: LINK)," the User expresses their consent and grants permission for the processing of their personal data in accordance with this Policy.
3.6. By providing their personal data when subscribing to the email newsletter and checking the box stating, "I consent to the processing of my personal data in accordance with the terms of the personal data processing policy of Brand Defender LLC, which I have read in advance (details at the link: LINK)," the User expresses their consent and grants permission for the processing of their personal data in accordance with this Policy.
3.7. By agreeing to the use of Cookie files in accordance with the notification displayed upon their first visit to the Website and subsequently browsing the Website, the User expresses their consent to the use of Cookie files and similar technologies and grants permission for the processing of their personal data in accordance with this Policy.
3.8. Consent to the processing of personal data may be withdrawn by the Data Subject at any time by submitting a withdrawal request in free form to the Operator’s email address official@branddefender.ru or to the Operator’s legal address.
4. Scope and Categories of Processed Personal Data
4.1. The Operator processes the personal data of Website Users.
4.2. The Operator processes the following personal data of Users:
• Full name (surname, first name, patronymic).
• Email address.
• Mobile phone number.
• Data automatically transmitted when using the Website, including IP address, Cookie information, browser information (or other program used to access the Website), access time, and the address of the requested page.
4.3. The Operator may also obtain additional personal data voluntarily provided by the User in the "Message" field of the Website’s Feedback Form. If such data constitutes the personal data of third parties, the responsibility for informing such third parties about the transfer of their data to the Operator lies with the User.
4.4. The Operator processes these categories of personal data of Data Subjects to the extent necessary for the purposes of processing specified in Clause 2 of this Policy.
4.5. The processing of personal data of other categories of Data Subjects by the Operator is regulated by other internal documents of the Operator.
5. Procedure and Conditions for Processing Personal Data
5.1. General Provisions on the Procedure and Methods of Processing
5.1.1. The Operator processes Users’ personal data with their consent, provided by Users and/or their legal representatives upon acceptance of the terms of the Personal Data Processing Policy available at: LINK.
5.1.2. The processing of biometric personal data and special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, or intimate life is not conducted on the Website.
5.1.3. The Operator does not verify the accuracy or relevance of the information provided by the User and assumes that the User provides reliable and sufficient information and independently ensures its relevance.
5.1.4. The Operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access to authorized persons), deletion, and destruction.
5.1.5. Processing of personal data may be carried out using automation tools (automated processing) or manually without the use of such tools (non-automated processing).
5.2. Transfer of Personal Data to Third Parties
5.2.1. The Operator does not transfer Users’ personal data to third parties or engage third parties to process personal data on its behalf, except in cases where such transfer is required by applicable law.
5.2.2. The Operator does not perform cross-border transfers of Users’ personal data.
5.3. Confidentiality of Personal Data
5.3.1. The personal data of Data Subjects is confidential and protected information, subject to all requirements established by the Operator’s internal documents for the protection of confidential information.
5.3.2. The personal data of Data Subjects is subject to the confidentiality regime established by the Operator.
5.3.3. The Operator does not disclose personal data to third parties or distribute it without the Data Subject’s consent, unless otherwise provided by federal law.
5.3.4. The Operator requires other persons who have gained access to personal data not to disclose or distribute such data without the Data Subject’s consent, unless otherwise provided by federal law.
5.3.5. Access to processed personal data is permitted only to the Operator’s employees whose job responsibilities include processing personal data.
5.3.6. All employees of the Operator are obliged to maintain the confidentiality of personal data and other information specified by the Operator, unless this contradicts the legislation of the Russian Federation.
5.3.7. Confidentiality is not required for publicly available personal data.
5.4. Storage of Personal Data
5.4.1. The Operator stores personal data in a form that allows identification of the Data Subject no longer than required by the purposes of processing.
5.4.2. Processed personal data is subject to destruction or anonymization under the following conditions:
• Achievement of the processing purposes or expiration of the maximum storage period.
• Loss of necessity to achieve the processing purposes.
• Submission by the Data Subject or their representative of confirmation that the personal data was unlawfully obtained or is unnecessary for the stated processing purpose.
• Inability to ensure lawful processing.
• Liquidation (reorganization) of the Operator.
• Withdrawal of consent by the Data Subject, if retention of the data is no longer necessary for processing purposes.
5.4.3. The retention period for personal data is determined in accordance with Russian legislation and is 3 (Three) years from the date of receipt.
5.4.4. If federal law establishes mandatory retention periods for certain categories of personal data, the Operator stores such data for the legally required period.
5.5. Security Measures for Personal Data
The Operator implements legal, organizational, and technical measures to ensure the security of personal data, protecting it from unauthorized (including accidental) access, destruction, alteration, blocking, and other unlawful actions. These measures include:
• Appointing responsible persons for organizing processing and ensuring data protection.
• Restricting access to personal data among the Operator’s employees.
• Adopting internal regulations on personal data processing (including this Policy) and ensuring employee awareness.
• Establishing password complexity requirements for access to personal data systems.
• Conducting antivirus checks and preventing malware intrusions into the corporate network.
• Verifying and including confidentiality clauses in contracts.
• Ensuring physical security of premises and equipment, access control, surveillance.
• Separating non-automated personal data from other information via dedicated storage media or sections.
• Accounting and secure storage of data carriers to prevent theft, substitution, or unauthorized copying.
• Backup procedures for data recovery.
• Other measures required by Russian legislation on personal data.
6. Updates, Corrections, Deletion, and Destruction of Personal Data
6.1. The information specified in Clause 1.3.1 of this Policy is provided to the Data Subject or their representative within ten business days of their request.
6.2. The Operator accepts and reviews requests from Data Subjects via email at official@branddefender.ru or by post.
6.3. A request must include identification details of the Data Subject or their representative, evidence of data processing by the Operator, and a signature (including electronic) of the Data Subject or representative.
6.4. Requests may be submitted electronically and signed with a digital signature under Russian law.
6.5. Information is provided free of charge in an accessible format and excludes data related to other Data Subjects unless legally justified.
6.6. If a request lacks required information or the Data Subject lacks access rights, a reasoned refusal is provided.
6.7. The Data Subject’s right to access personal data may be restricted under Part 8, Article 14 of the Personal Data Law, including if access violates third-party rights.
6.8. Within seven business days of receiving confirmation of incomplete, inaccurate, or outdated data, the Operator makes necessary changes.
6.9. Within seven business days of receiving confirmation of unlawfully obtained or unnecessary data, the Operator destroys such data.
6.10. The Operator notifies the Data Subject of changes and takes reasonable steps to inform third parties who received the data.
6.11. The Operator provides necessary information to the authorized body within ten business days of a request.
6.12. In case of other grounds for destruction (Clause 5.4.2), the Operator ensures destruction within thirty days.
6.13. If destruction is impossible, the Operator blocks the data and ensures its destruction within six months unless otherwise stipulated.
7. Automated Data Collection
7.1. The Operator uses Cookie files and similar technologies to automatically collect information about Users’ Website visits.
7.2. Automated collection may include: device/browser details, IP address, location, session duration, visited pages, and technical data.
7.3. This data is used for Website security, functionality, and internal analytics.
7.4. The Operator uses web analytics services (e.g., Yandex.Metrica, Roistat) with anonymized data. Privacy policies are linked:
• Yandex Privacy Policy
• Roistat Privacy Policy
7.5. Users may disable Cookies via browser settings but may lose access to certain Website features.
8. Final Provisions
8.1. This Policy takes effect upon approval by the Operator and remains valid indefinitely.
8.2. Compliance is monitored by the person responsible for data processing.
8.3. The Operator may amend the Policy due to legal changes or at its discretion.
8.4. Changes are published on the Website at branddefender.ru.
8.5. Date: December 16, 2024