Privacy Policy

Last updated: June 11, 2019

This Privacy Policy (the "Policy", the "Privacy Policy") is an integral part of the User Sublicense Agreement which defines the rules for processing Personal Information that the administration of stepFORM ( “stepFORM”, "we") can collect about the Users (the "User" or "you") in relation to the usage of the stepFORM service (the "Service") by the User, and stipulates the types of the information collected, the ways and methods of collecting the information, the purposes of collecting the information, measures to ensure the information protection, as well as the rights of the User regarding their Personal Information.

The User hereby agrees to the processing of their Personal Information under the terms of this Privacy Policy. The User's actions aimed at using the Service mean the User’s unconditional acceptance of the terms of this Policy and the terms of their Personal Information processing specified therein. We urge you to read this Policy and make sure that you fully understand and agree to it before you start using our Service. If you have not read the entire text of the Privacy Policy, do not understand or accept the terms of this Privacy Policy, you shall immediately stop using the Service. The User guarantees that in accordance with the User's jurisdiction, they have reached the age that allows them to independently agree to the processing of their Personal Information (but not younger than 16 years old) or the User can confirm they have got the corresponding permission from the holder of parental responsibility in accordance with the established procedure and form. We draw special attention to the fact that you are not legally obliged to provide us with any information, however, providing this information is a compulsory condition for using our Service. You hereby confirm, guarantee and agree that any information you provide us with is submitted of your own free will, is accurate, unambiguous and complies with your desire to use your data for the purposes described below.

You can withdraw your consent to the processing of your Personal Information at any time as we are willing to make the procedure for revoking consent as well as providing it as simple as possible. Withdrawal of the consent does not affect the legitimacy of the information processing that took place prior to the consent withdrawal.

TERMS AND DEFINITIONS

Personal Information is any information about a specific or identifiable natural person who is the User of the Service in accordance with the Agreement.

Agreement is a sublicense agreement between the User and stepFORM on the use of the Service which is available on the Internet at stepform.io, accepted by the User in accordance with the established procedures and binding on the User and stepFORM.

Service means a software package available on the Internet at the website address stepform.io. The Service includes but is not limited to the set of information, texts, graphical elements, designs, images, photos and videos, and other intellectual properties, as well as computer programs contained in the information system, which makes such information available on the Internet at the website address stepform.io.

User is a natural person or a legal entity who has accepted the Agreement stepform.io/terms and uses the Service.

All other terms and definitions found in the text of the Policy shall be interpreted in accordance with other rules governing the use of the Service, with the rules of interpretation established on the Internet and the applicable law regulating the processing of Personal Data.

1. Collected Personal Information

1.1. In our activities, we are guided by the current legislation of the Russian Federation in the field of personal data processing, as well as by the Directive of the Council of Europe on the collection and storage of personal data (GDPR), and its principles.

1.2. According to the principle of data minimization, we collect as much Personal Information as is sufficient for comfortable use of the service and accomplishing the objectives of its collection.

1.3. In the process of using the Service by the User, we collect two types of Personal Information: Personally Identifiable Information and Non-Personally Identifiable Information.

1.3.1. Personally Identifiable Information. Such information includes individual data that identifies a particular User and which the User provides us with in the process of the Registration. Required types of Personally Identifiable Information that are necessary for using the Service include:

  • name;
  • phone number;
  • email address.
Additionally, you can provide other information in the Account.

1.3.2. Non-Personally Identifiable Information. Non-Personally Identifiable Information is data that does not identify a particular User, and is collected automatically during the process of the Registration and usage of the Service. The Non-Personally Identifiable Information may include:

  • information obtained with the help of cookie files, pixel tags, web beacons, browser analysis tools and web server logs, as well as other similar technologies and tools;
  • information about devices that the User uses to access the Service, including the type of operating system, device model, browser type, system settings, including the information about the language that the User’s system uses, location (country/region), time zone of the User’s device, mobile operator;
  • logs of actions stored on the server which record IP addresses of devices that the User uses to interact with the Service, the access time, the sequence of the User's actions when using the Service, information about the session, including the response time, download errors;
  • information from the User's social media account (depending on the privacy settings configured by the User for their social media account) so we can get information about your interests and preferences as well as access to your photo;
  • other information that does not identify the User depending on the permissions you granted.

1.4. The User understands and agrees that in some cases, we are entitled to request additional information about the User as well as scanned copies of the User’s documents for confirming the provided information, and to make any other requests when this is necessary based on reasonable assumptions and legitimate interests.

2. Methods Of Collecting Personal Information

2.1. The legal basis for collecting Personal Information is the User's consent to collect their personal information.

2.2. Personal information is collected by us at the moment the User registers with the Service. The Registration with the Service can be made in a standard way by submitting the User’s Personal Data by the User.

2.3. The Non-Personally Identifiable Information is collected by us in the process of using the Service by you.

3. Objectives Of Collecting Personal Information

3.1. We use Personal Information for the following purposes:

3.1.1. To provide access to the Service and its further use.

3.1.2. To improve the Service, make its use and adjustment of the necessary settings more convenient based on general or individual preferences, experience of use or difficulties encountered by the Users.

3.1.3. To provide technical support, feedback, including sending notifications, requests and information regarding the use of the Service (update notifications, security information, changes to our rules and terms of use of the Service).

3.1.4. To generate statistics summary reports which include analytics and monitoring of trends in the use of the Service and the Users actions in the Service.

3.1.5. To send advertising newsletters to your email address or to your mobile phone with the help of notifications about products, services, promotions, events and other news and information which, in our opinion, might be interesting to the User. We can send you promotional information. You can easily refuse receiving advertising messages by selecting the "Unsubscribe" option offered in these messages.

3.1.6. to prevent fraud or violation of the applicable law, in particular, to detect, investigate and prevent fraudulent transactions and any other illegal activities, and to protect the rights and property of stepFORM as well as the right and property of other users and third parties.

3.1.7. To comply with any applicable law.

3.2. Personal Information of the User will not be used for purposes other than the above.

3.3. The User confirms that the objectives of using their Personal Information correspond to their interests, and the consent to the processing of the Personal Information by us expressed by the User at the beginning of the use of the Service is given for each purpose of the processing specified in clause 3.1 of the Agreement.

4. Disclosure Of Personal Information

4.1. We undertake not to disclose the User's Personal Information to third parties, unless:

4.1.1. The User expressed the explicit consent to the disclosure of their Personal Information.

4.1.2. The information disclosure is necessary for the use of the Service by the User, as well as for the fulfillment of the Sublicense Agreement or any other binding documents that regulate the relationship between us and the User.

4.1.3. When the information disclosure is necessary for the work of the Service and its functionality (information transfer to hosting, communications and content delivery networks (distribution), data protection and cyber security services, billing and payment processing services, fraud detection and prevention services, web analytics, distribution of emails and monitoring the status of the Service, including measuring performance and data optimization, marketing and advertising services), third parties (recipients of Personal Information) can receive or have access to the User’s Personal Information in full or in part, depending on the role and objectives of each such person in maintaining the operability of the Service or in improving it; in addition, they can use the received information only for the purposes specified in this Policy.

4.1.4. Personal Information is passed in accordance with the applicable law on requests of the entities authorized for the receipt of such information (inquiries made by juridical authorities and law enforcement bodies) when we are obliged to disclose such information if in good faith we reason from what the law requires of us and act accordingly.

4.1.5. Ownership of or control over all parts or a part of the Service is transferred to the new owner.

4.1.6. Personal Information is disclosed in order to ensure the protection of our rights and legitimate interests, or the rights and interests of third parties in case the User violates this Privacy Policy or other binding documents regulating the relationship between us and the User, and the applicable law. The above cases cannot be regarded as an unauthorized disclosure of Personal Information as these actions are aimed at fulfilling the objectives of processing Personal Information.

4.2. We shall never sell Personal Information of the Users to third parties.

4.3. Information can only be disclosed strictly in accordance with this Privacy Policy and under the applicable law.

5. Storage Area And Transboundary Transfer Of Personal Information

5.1. we store and process Personal Information of visitors to stepFORM websites, you and your users in the United States, European Union and Russian Federation. The storage and processing of the User's Personal Information is carried out either directly by us or with the help of third parties specializing in the information storage that are obliged to protect and preserve Personal Information in accordance with this Privacy Policy.

5.2. If you reside in a jurisdiction that imposes "data localization"/”data residency” obligations (i.e. requires its residents’ personal information to be kept within the territorial boundaries of that jurisdiction), we provide storage of your Personal Information within such territorial boundaries, provided we are legally obligated to do so.

5.3. We strive to ensure the User's Personal Information is protected and preserved in accordance with the internal industry standards regardless of any lesser legal requirements as compared to those that may apply in the User’s jurisdiction.

5.4. In the event that we and the User are located in different jurisdictions, the User agrees to the processing and transfer of information to the country of our registration by accessing or using the Services or providing us with their Personal Information in any other way, whereas we guarantee that we will take appropriate measures to protect the User’s Personal Information in accordance with this Privacy Policy, and the applicable law.

6. Use Of Tracking Technologies

6.1. We use certain monitoring and tracking technologies in order to maintain, provide and improve the operation of our Service on an ongoing basis, and in order to provide a comfortable usage of the Service’s environment for the User. By default, we use several such technologies in order to identify the User and the start of the session, to provide security, to save the User’s preferences (for example, with respect to the default language and settings), to ensure the connection stability, to monitor the performance of our Service and marketing campaigns, and to provide and improve our Services.

7. User Rights

7.1. In accordance with this Privacy Policy, each User has the following rights with respect to their Personal Information:

7.1.1. The right of access to the User’s Personal Information. To ensure this right, the Service provides a special section in the User’s Account where all Personal Information we received about the User is indicated. The User can go to the Personal Information section and see the Personal Information of theirs which we currently have. At the request of the User, we provide a complete list of the Personal Information we have collected about the User, the legal basis and purpose of the processing, the Personal Information categories, the list of third parties to whom their Personal Information has been or will be disclosed, the period during which the Personal Information will be stored, measure of the Personal Information protection. The answer to the User’s request shall be given within a reasonable time in accordance with the applicable law.

7.1.2. The right to have inaccurate Personal Information rectified. The User has the right to correct their Personal Information through their Account at any time, in case the User has problems with correcting their Personal Information for some reason, they can send a corresponding request to us, we will make corrections within a reasonable time. Taking into account the purposes of Personal Information processing, the data Subject has the right to provide incomplete Personal Information specifying only the obligatory types of Personal Information that are necessary to access the Service.

7.1.3. The right to withdraw consent to the processing of Personal Information. The User has the right to withdraw their consent at any time. The consent withdrawal does not affect the legality of the processing that was made on the basis of the consent prior to its withdrawal. The Service provides the possibility to withdraw the consent as easily as it is given. Thus, the User can forward us a request to delete their Account at any time, and we will delete the Account within a reasonable time after receiving the request.

Please note that you can correct, update or delete certain pieces of your Personal Information on your own.

In case the User makes corrections to their Personal Information or revokes the consent, we shall notify all third parties that have access to the User's Personal Information about this.

7.1.4. The right to erasure ("the right to be forgotten"). The User has the right to demand their Personal Information to be removed, and we are obliged to do so without undue delay, if:

  • personal Information is no longer needed for the purposes for which it was collected;
  • the data subject withdraws consent to the processing of their Personal Information, which is the basis for its collection;
  • personal Information was processed illegally;
  • personal Information shall be erased in accordance with the law.

7.1.5. The right to data transfer. The User has the right to receive their Personal Information in a structured, commonly used and machine-readable format. The User can receive all their Personal Information, that was ever received by us, in a structured form by sending a corresponding request to the Support Team. The User has the right to have their Personal Information transmitted directly from one controller to another, where technically feasible.

8. Period Of Personal Information Storage

8.1. We store your Personal Information during the entire period the Service is used by you (according to the actions in your Account), or until we no longer need this data to provide the Service, or if it is required for a longer period (if we are required to store it for a longer period by virtue of applicable law, or it is done to resolve disputes in relation to our Users, to prevent fraud and abuse, and/or to protect our legitimate interests).

9. Information Security

9.1. We hereby guarantee that we take all necessary and sufficient, in accordance with applicable law, organizational and technical measures to protect the User's Personal Information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as other unlawful actions with it by third parties. We act in accordance with the generally accepted industry standards to protect the User’s Personal Information and strive to protect and ensure the confidentiality of Personal Information to the greatest extent possible. The protection of Personal Information is implemented in the Service by default at the stage of its development. The security measures include firewalls, pseudonymization, data encryption, data minimization, robustness of the processing systems, the ability to timely restore availability of and access to Personal Information in case of a physical or technical incident, control of physical access to data centers, as well as control of the authority to access data. We regularly monitor our systems for possible vulnerabilities and attacks, evaluate the effectiveness of technical and organizational measures to ensure the security of Personal Information, and are constantly looking for new ways and service providers to further enhance the security of our Service and protect the privacy of our Users. All third parties that can access Personal Information and take part in the process of providing access to the Service for the User take the same strict measures to ensure the security of Personal Information.

9.2. However, we can not guarantee absolute protection, and therefore we urge you to be cautious, create a strong password for your account and avoid providing any sensitive data, disclosure of which can cause you significant harm.

In the event of any violation of the Personal Information confidentiality, we take all possible measures to eliminate or minimize possible negative consequences, and also ensure that the authorized supervisory bodies and the User are immediately notified of the incident and provided with all available information on the confidentiality breach. The facts of such incidents are recorded in a special register of incidents, which we are obliged to keep in accordance with the applicable law.

9.4. The violation of the Personal Information confidentiality is understood in this Policy as a security breach resulting into the accidental or unlawful destruction, loss, change, unauthorized disclosure or access to the transmitted or processed Personal Information.

10. Privacy Policy Changes And Interpretations

10.1. This Privacy Policy, its interpretation, and any claims and disputes related to it are regulated, interpreted and carried out solely in accordance with the laws of our incorporation, without giving effect to the conflict-of-law provisions.

10.2. You hereby agree that any arising disputes shall be resolved solely by the courts at the territory of our incorporation.

10.3. The Privacy Policy may be changed by us at any time. In case we consider the changes significant (at our own discretion), we shall notify you before the changes take effect.

10.4. We recommend that you regularly review this page for up-to-date information about our Privacy Policy. Unless otherwise expressly provided, our latest version of the Privacy Policy applies to all information that we have about you.

11. Interaction With Us And Answers To Your Questions

11.1. If you have any questions concerning this Privacy Policy, please get in touch with us at [email protected].

11.2. We will respond to your request within a reasonable time or the period specified by the applicable law.

11.3. In cases where this Policy or applicable law establishes our obligation to provide you with copies of information or any documents, we provide them in a single copy for free; for any additional requested copies, we are entitled to charge a reasonable fee based on administrative expenses. If you make an online request, we provide copies in widely used digital format unless otherwise requested by you.

11.4. If the User's requests are obviously unreasonable or excessive, in particular because of their repetitive nature, we are entitled to charge a reasonable fee taking into account the administrative costs of providing information, or to refuse to act upon request.

11.5. In the event that we have reasonable doubts about the identity of the person making a request, we can ask to provide additional information necessary for verifying the identity of the User.