You can withdraw your consent to the processing of your Personal Information at any time as we are willing to make the procedure for revoking consent as well as providing it as simple as possible. Withdrawal of the consent does not affect the legitimacy of the information processing that took place prior to the consent withdrawal.
TERMS AND DEFINITIONS
Personal Information is any information about a specific or identifiable natural person who is the User of the Service in accordance with the Agreement.
Agreement is a sublicense agreement between the User and stepFORM on the use of the Service which is available on the Internet at stepform.io, accepted by the User in accordance with the established procedures and binding on the User and stepFORM.
Service means a software package available on the Internet at the website address stepform.io. The Service includes but is not limited to the set of information, texts, graphical elements, designs, images, photos and videos, and other intellectual properties, as well as computer programs contained in the information system, which makes such information available on the Internet at the website address stepform.io.
User is a natural person or a legal entity who has accepted the Agreement stepform.io/terms and uses the Service.
All other terms and definitions found in the text of the Policy shall be interpreted in accordance with other rules governing the use of the Service, with the rules of interpretation established on the Internet and the applicable law regulating the processing of Personal Data.
1. Collected Personal Information
1.1. In our activities, we are guided by the current legislation of the Russian Federation in the field of personal data processing, as well as by the Directive of the Council of Europe on the collection and storage of personal data (GDPR), and its principles.
1.2. According to the principle of data minimization, we collect as much Personal Information as is sufficient for comfortable use of the service and accomplishing the objectives of its collection.
1.3. In the process of using the Service by the User, we collect two types of Personal Information: Personally Identifiable Information and Non-Personally Identifiable Information.
1.3.1. Personally Identifiable Information. Such information includes individual data that identifies a particular User and which the User provides us with in the process of the Registration. Required types of Personally Identifiable Information that are necessary for using the Service include:
- phone number;
- email address.
1.3.2. Non-Personally Identifiable Information. Non-Personally Identifiable Information is data that does not identify a particular User, and is collected automatically during the process of the Registration and usage of the Service. The Non-Personally Identifiable Information may include:
- information obtained with the help of cookie files, pixel tags, web beacons, browser analysis tools and web server logs, as well as other similar technologies and tools;
- information about devices that the User uses to access the Service, including the type of operating system, device model, browser type, system settings, including the information about the language that the User’s system uses, location (country/region), time zone of the User’s device, mobile operator;
- logs of actions stored on the server which record IP addresses of devices that the User uses to interact with the Service, the access time, the sequence of the User's actions when using the Service, information about the session, including the response time, download errors;
- information from the User's social media account (depending on the privacy settings configured by the User for their social media account) so we can get information about your interests and preferences as well as access to your photo;
- other information that does not identify the User depending on the permissions you granted.
1.4. The User understands and agrees that in some cases, we are entitled to request additional information about the User as well as scanned copies of the User’s documents for confirming the provided information, and to make any other requests when this is necessary based on reasonable assumptions and legitimate interests.
2. Methods Of Collecting Personal Information
2.1. The legal basis for collecting Personal Information is the User's consent to collect their personal information.
2.2. Personal information is collected by us at the moment the User registers with the Service. The Registration with the Service can be made in a standard way by submitting the User’s Personal Data by the User.
2.3. The Non-Personally Identifiable Information is collected by us in the process of using the Service by you.
3. Objectives Of Collecting Personal Information
3.1. We use Personal Information for the following purposes:
3.1.1. To provide access to the Service and its further use.
3.1.2. To improve the Service, make its use and adjustment of the necessary settings more convenient based on general or individual preferences, experience of use or difficulties encountered by the Users.
3.1.4. To generate statistics summary reports which include analytics and monitoring of trends in the use of the Service and the Users actions in the Service.
3.1.5. To send advertising newsletters to your email address or to your mobile phone with the help of notifications about products, services, promotions, events and other news and information which, in our opinion, might be interesting to the User. We can send you promotional information. You can easily refuse receiving advertising messages by selecting the "Unsubscribe" option offered in these messages.
3.1.6. to prevent fraud or violation of the applicable law, in particular, to detect, investigate and prevent fraudulent transactions and any other illegal activities, and to protect the rights and property of stepFORM as well as the right and property of other users and third parties.
3.1.7. To comply with any applicable law.
3.2. Personal Information of the User will not be used for purposes other than the above.
3.3. The User confirms that the objectives of using their Personal Information correspond to their interests, and the consent to the processing of the Personal Information by us expressed by the User at the beginning of the use of the Service is given for each purpose of the processing specified in clause 3.1 of the Agreement.
4. Disclosure Of Personal Information
4.1. We undertake not to disclose the User's Personal Information to third parties, unless:
4.1.1. The User expressed the explicit consent to the disclosure of their Personal Information.
4.1.2. The information disclosure is necessary for the use of the Service by the User, as well as for the fulfillment of the Sublicense Agreement or any other binding documents that regulate the relationship between us and the User.
4.1.3. When the information disclosure is necessary for the work of the Service and its functionality (information transfer to hosting, communications and content delivery networks (distribution), data protection and cyber security services, billing and payment processing services, fraud detection and prevention services, web analytics, distribution of emails and monitoring the status of the Service, including measuring performance and data optimization, marketing and advertising services), third parties (recipients of Personal Information) can receive or have access to the User’s Personal Information in full or in part, depending on the role and objectives of each such person in maintaining the operability of the Service or in improving it; in addition, they can use the received information only for the purposes specified in this Policy.
4.1.4. Personal Information is passed in accordance with the applicable law on requests of the entities authorized for the receipt of such information (inquiries made by juridical authorities and law enforcement bodies) when we are obliged to disclose such information if in good faith we reason from what the law requires of us and act accordingly.
4.1.5. Ownership of or control over all parts or a part of the Service is transferred to the new owner.
4.2. We shall never sell Personal Information of the Users to third parties.
5. Storage Area And Transboundary Transfer Of Personal Information
5.2. If you reside in a jurisdiction that imposes "data localization"/”data residency” obligations (i.e. requires its residents’ personal information to be kept within the territorial boundaries of that jurisdiction), we provide storage of your Personal Information within such territorial boundaries, provided we are legally obligated to do so.
5.3. We strive to ensure the User's Personal Information is protected and preserved in accordance with the internal industry standards regardless of any lesser legal requirements as compared to those that may apply in the User’s jurisdiction.
6. Use Of Tracking Technologies
6.1. We use certain monitoring and tracking technologies in order to maintain, provide and improve the operation of our Service on an ongoing basis, and in order to provide a comfortable usage of the Service’s environment for the User. By default, we use several such technologies in order to identify the User and the start of the session, to provide security, to save the User’s preferences (for example, with respect to the default language and settings), to ensure the connection stability, to monitor the performance of our Service and marketing campaigns, and to provide and improve our Services.
7. User Rights
7.1.1. The right of access to the User’s Personal Information. To ensure this right, the Service provides a special section in the User’s Account where all Personal Information we received about the User is indicated. The User can go to the Personal Information section and see the Personal Information of theirs which we currently have. At the request of the User, we provide a complete list of the Personal Information we have collected about the User, the legal basis and purpose of the processing, the Personal Information categories, the list of third parties to whom their Personal Information has been or will be disclosed, the period during which the Personal Information will be stored, measure of the Personal Information protection. The answer to the User’s request shall be given within a reasonable time in accordance with the applicable law.
7.1.2. The right to have inaccurate Personal Information rectified. The User has the right to correct their Personal Information through their Account at any time, in case the User has problems with correcting their Personal Information for some reason, they can send a corresponding request to us, we will make corrections within a reasonable time. Taking into account the purposes of Personal Information processing, the data Subject has the right to provide incomplete Personal Information specifying only the obligatory types of Personal Information that are necessary to access the Service.
7.1.3. The right to withdraw consent to the processing of Personal Information. The User has the right to withdraw their consent at any time. The consent withdrawal does not affect the legality of the processing that was made on the basis of the consent prior to its withdrawal. The Service provides the possibility to withdraw the consent as easily as it is given. Thus, the User can forward us a request to delete their Account at any time, and we will delete the Account within a reasonable time after receiving the request.
Please note that you can correct, update or delete certain pieces of your Personal Information on your own.
In case the User makes corrections to their Personal Information or revokes the consent, we shall notify all third parties that have access to the User's Personal Information about this.
7.1.4. The right to erasure ("the right to be forgotten"). The User has the right to demand their Personal Information to be removed, and we are obliged to do so without undue delay, if:
- personal Information is no longer needed for the purposes for which it was collected;
- the data subject withdraws consent to the processing of their Personal Information, which is the basis for its collection;
- personal Information was processed illegally;
- personal Information shall be erased in accordance with the law.
7.1.5. The right to data transfer. The User has the right to receive their Personal Information in a structured, commonly used and machine-readable format. The User can receive all their Personal Information, that was ever received by us, in a structured form by sending a corresponding request to the Support Team. The User has the right to have their Personal Information transmitted directly from one controller to another, where technically feasible.
8. Period Of Personal Information Storage
8.1. We store your Personal Information during the entire period the Service is used by you (according to the actions in your Account), or until we no longer need this data to provide the Service, or if it is required for a longer period (if we are required to store it for a longer period by virtue of applicable law, or it is done to resolve disputes in relation to our Users, to prevent fraud and abuse, and/or to protect our legitimate interests).
9. Information Security
9.1. We hereby guarantee that we take all necessary and sufficient, in accordance with applicable law, organizational and technical measures to protect the User's Personal Information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other unlawful actions with it by third parties. We act in accordance with the generally accepted industry standards to protect the User’s Personal Information and strive to protect and ensure the confidentiality of Personal Information to the greatest extent possible. The protection of Personal Information is implemented in the Service by default at the stage of its development. The security measures include firewalls, pseudonymization, data encryption, data minimization, robustness of the processing systems, the ability to timely restore availability of and access to Personal Information in case of a physical or technical incident, control of physical access to data centers, as well as control of the authority to access data. We regularly monitor our systems for possible vulnerabilities and attacks, evaluate the effectiveness of technical and organizational measures to ensure the security of Personal Information, and are constantly looking for new ways and service providers to further enhance the security of our Service and protect the privacy of our Users. All third parties that can access Personal Information and take part in the process of providing access to the Service for the User take the same strict measures to ensure the security of Personal Information.
9.2. However, we can not guarantee absolute protection, and therefore we urge you to be cautious, create a strong password for your account and avoid providing any sensitive data, disclosure of which can cause you significant harm.
In the event of any violation of the Personal Information confidentiality, we take all possible measures to eliminate or minimize possible negative consequences, and also ensure that the authorized supervisory bodies and the User are immediately notified of the incident and provided with all available information on the confidentiality breach. The facts of such incidents are recorded in a special register of incidents, which we are obliged to keep in accordance with the applicable law.
9.4. The violation of the Personal Information confidentiality is understood in this Policy as a security breach resulting into the accidental or unlawful destruction, loss, change, unauthorized disclosure or access to the transmitted or processed Personal Information.
10.2. You hereby agree that any arising disputes shall be resolved solely by the courts at the territory of our incorporation.
11. Interaction With Us And Answers To Your Questions
11.2. We will respond to your request within a reasonable time or the period specified by the applicable law.
11.3. In cases where this Policy or applicable law establishes our obligation to provide you with copies of information or any documents, we provide them in a single copy for free; for any additional requested copies, we are entitled to charge a reasonable fee based on administrative expenses. If you make an online request, we provide copies in widely used digital format unless otherwise requested by you.
11.4. If the User's requests are obviously unreasonable or excessive, in particular because of their repetitive nature, we are entitled to charge a reasonable fee taking into account the administrative costs of providing information, or to refuse to act upon request.
11.5. In the event that we have reasonable doubts about the identity of the person making a request, we can ask to provide additional information necessary for verifying the identity of the User.