Personal Data Processing Policy
Important. This Policy explains how personal data is processed and does not, by itself, constitute consent to such processing. Where consent is required by law, it is requested separately from this Policy, the Public Offer and other documents.
1. General Provisions
1.1. This Policy sets out the procedure and conditions for the processing of personal data by Individual Entrepreneur Mikhail Korneevich Shishkin, Taxpayer Identification Number (INN) 631506586813, Primary State Registration Number of an Individual Entrepreneur (OGRNIP) 319631300064766 (the “Operator”).
1.2. This Policy has been prepared in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”, Federal Law No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 38-FZ dated March 13, 2006 “On Advertising”, and other applicable laws and regulations of the Russian Federation.
1.3. This Policy applies to the use of the following resources operated by the Operator:
- clear-aligners.ru and its subdomains, including course.clear-aligners.ru;
- clear-aligners.guru and its subdomains;
- personal accounts, registration, order and contact forms, educational platforms and other interfaces through which the Operator collects personal data;
- the Operator’s official communication channels, including email, messengers and social networks, where a user contacts the Operator on their own initiative.
1.4. This Policy applies to the personal data of website visitors, registered users, customers and course participants, persons who submit an application or enquiry, representatives of organisations, and recipients of informational or advertising messages.
1.5. The Operator does not verify the accuracy of all information supplied by a user, but may request clarification where necessary to perform a contract, ensure security or comply with the law.
2. Operator Details
Operator: Individual Entrepreneur Mikhail Korneevich Shishkin
INN: 631506586813
OGRNIP: 319631300064766, registered on April 18, 2019
Correspondence address: 55A Lesnaya Street, Mazin Ugol Territory, Samara, 443031, Russian Federation
Email for personal data matters: mail@clear-aligners.ru
Telephone: +7 927 607-70-53
3. Key Definitions
3.1. Personal data means any information relating directly or indirectly to an identified or identifiable individual.
3.2. Processing of personal data means any operation or set of operations performed on personal data, including collection, recording, organisation, accumulation, storage, rectification, retrieval, use, transfer, provision, access, anonymisation, blocking, deletion and destruction.
3.3. User means an individual who visits the Operator’s resources, creates a personal account, purchases access to materials, participates in training, submits an enquiry or otherwise interacts with the Operator.
3.4. Cookies are small data files stored by a browser on a user’s device and used to operate the website, save settings, ensure security, analyse traffic and, where separate consent has been obtained, for marketing purposes.
4. Categories of Data Subjects, Purposes, Data and Retention Periods
| Category and purpose | Personal data processed | Legal basis | Retention period |
|---|---|---|---|
| Website visitors. Operating and securing the website, preventing misuse, diagnosing errors and maintaining technical statistics. |
IP address; date and time of access; requested page; referral source; browser type and version; device and operating-system type; technical identifiers; essential cookies; information about actions on the website. | The Operator’s legitimate interests in maintaining the availability and security of its resources; compliance with legal requirements. Separate user consent is obtained for non-essential analytics and marketing cookies where required. | Technical logs are generally retained for no longer than 12 months unless a longer period is required to investigate an incident or comply with the law. Cookies are retained for their stated lifetime or until deleted by the user. |
| Personal-account users. Registration, authentication, access recovery, account management and provision of functionality. |
First and last name; email address; telephone number, where requested; account identifier; password hash; language and country; external authentication-service identifier where such login method is selected; login and account-activity history. | User consent; entering into and performing a contract; steps taken at the user’s request before entering into a contract. | For the lifetime of the account and up to 3 years after its deletion or termination of the contract, unless a different period is required by law or for the resolution of a dispute. |
| Customers and course participants. Order processing, providing access, delivering training, reviewing assignments, giving feedback, support and evidence of performance. |
First and last name; email; telephone number; account data; selected product and plan; access date, period and status; training history; answers, comments, files and homework assignments; support correspondence; certificate details, where applicable. | Entering into and performing a contract; user consent where required; compliance with legal obligations. | For the term of the contract and access to the materials, and then for up to 3 years for the resolution of possible claims, unless a longer period is required by law. |
| Payers. Receiving and recording payments, refunds, reconciliation, accounting and tax compliance. |
Name; email; telephone number; order contents, amount and currency; payment date and status; transaction identifier; partially masked payment details where supplied by a payment provider. The Operator does not request or store full bank-card details. | Entering into and performing a contract; compliance with tax, accounting and other legal obligations. | For the periods required by law for payment, accounting and tax records. |
| Persons submitting an application or enquiry. Responding to questions, consultation, preparing an offer, technical support and maintaining business correspondence. |
Name; email; telephone number or messenger identifier; content of the enquiry; attachments; information voluntarily supplied by the user. | Consent; steps taken at the user’s request before entering into a contract; the Operator’s legitimate interests in maintaining and evidencing correspondence. | Until the enquiry has been completed and generally no longer than 1 year after the last interaction, unless the enquiry relates to a contract, dispute or mandatory retention requirement. |
| Recipients of informational and advertising messages. Sending news, offers, announcements and other promotional materials. |
Name; email; telephone number; messenger identifier; preferred communication channel; date, time, source and version of the consent obtained; opt-out details. | Separate prior consent to receive informational and advertising messages. | Until consent is withdrawn or the recipient opts out. Records proving the obtaining and withdrawal of consent may be retained additionally for the applicable period required to protect the Operator’s rights. |
| Representatives of organisations. Entering into and performing contracts, business communication and document management. |
First name, last name and patronymic; position; organisation; business telephone and email; representative authority; document details and correspondence to the extent necessary for the relationship. | Entering into and performing a contract; the parties’ legitimate interests in business communication; compliance with legal requirements. | For the duration of the relationship and the mandatory retention periods applicable to contractual, accounting and other records. |
4.1. The Operator does not intend to process data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life, criminal convictions, health information, or biometric personal data used for identification.
4.2. The Operator does not request passport details, residential address, date of birth, sex or full bank details for ordinary registration and the sale of access to the online course unless such information is required in a specific case by law or for the preparation of a separate document.
5. Legal Bases for Processing
5.1. The Operator processes personal data where one or more of the following legal bases applies:
- the data subject’s consent, obtained in a form that allows the fact of consent to be demonstrated;
- the need to enter into or perform a contract to which the user is a party, beneficiary or guarantor, or to take steps at the user’s request before entering into a contract;
- compliance with duties and powers imposed on the Operator by law;
- the exercise of the rights and legitimate interests of the Operator or third parties, provided that the user’s rights and freedoms are not thereby infringed;
- other grounds provided for by the laws of the Russian Federation.
5.2. Consent to the processing of personal data is obtained separately from other documents accepted or signed by the user. Consent to receive advertising messages is also requested separately and is not a condition for purchase or access to the principal functionality.
6. Procedure and Methods of Processing
6.1. Processing may be carried out using automated means and without such means.
6.2. The Operator may collect, record, organise, accumulate, store, rectify, update, amend, retrieve, use, transfer and provide personal data to persons acting on the Operator’s instructions, as well as anonymise, block, delete and destroy personal data.
6.3. The Operator does not disclose personal data to an indefinite number of persons without separate consent to the processing of personal data made publicly available, or without another lawful basis.
6.4. The Operator does not make decisions that produce legal consequences for a user or otherwise materially affect the user’s rights and legitimate interests solely on the basis of automated processing.
7. Data Transfers and Processors
7.1. To operate the websites and perform its obligations, the Operator may engage third parties to process personal data or grant them access to the necessary extent. Such parties may include:
- hosting, cloud infrastructure, administration, backup and attack-protection providers;
- developers, technical-support providers and suppliers of website and personal-account management systems;
- payment organisations, banks, fiscal-data operators and other payment participants;
- educational, video and communications-platform providers;
- email, SMS, messenger and notification-service providers;
- authentication, CAPTCHA, analytics and cookie-management providers;
- CRM, user-support and enquiry-management systems;
- accountants, auditors, lawyers and other professional advisers;
- government bodies and other persons to whom data must be disclosed by law.
7.2. The Operator provides each recipient only with the amount of data required for the relevant purpose and includes confidentiality, security and legal-compliance requirements in its agreements.
7.3. The specific services used depend on the payment, authentication, communication and content-access methods selected by the user. Information concerning recipients of a particular user’s data may be requested at mail@clear-aligners.ru.
8. Data Localisation and Cross-Border Transfers
8.1. When collecting personal data of citizens of the Russian Federation via the Internet, the Operator ensures that such data is recorded, organised, accumulated, stored, updated and retrieved using databases located in the Russian Federation, except where expressly permitted by law.
8.2. A cross-border transfer may be required where a user selects a foreign payment provider, external authentication service, international messenger, email or other service. Before such transfer begins, the Operator performs the actions required by the laws of the Russian Federation, including assessing the transfer conditions and submitting any required notification to the competent authority. If lawful transfer conditions cannot be ensured, the relevant transfer will not take place.
9. Cookies and Analytics
9.1. Essential cookies are used for authentication, session preservation, shopping-cart and form operation, security and other functions without which the website cannot operate correctly.
9.2. Non-essential analytics, functional and marketing cookies are used only after the user has made a separate choice through the cookie-management interface, where such choice is required by applicable law.
9.3. A user may change cookie settings through the website interface or browser. Disabling essential cookies may cause the personal account and certain features to operate incorrectly.
10. Educational and Clinical Materials
10.1. When completing homework assignments, submitting clinical cases for review or requesting a consultation, the user must first anonymise materials concerning third parties. Without a lawful basis, the user must not submit a patient’s first name, last name, patronymic, date of birth, telephone number, email, medical-record number, address, full facial portrait or other information that directly or indirectly identifies the patient.
10.2. Where the user provides the Operator with another person’s personal data, the user confirms that a lawful basis exists for the transfer, that the other person has received the required information about the processing and, where necessary, that valid consent has been obtained.
10.3. The Operator may delete, or require the replacement of, materials containing excessive or clearly non-anonymised third-party data.
11. Storage, Blocking and Destruction
11.1. Personal data is retained no longer than required by the processing purposes, contractual relationship, limitation periods and mandatory retention periods established by law.
11.2. Once the purpose has been achieved, the data is no longer required, a justified request is received or consent is withdrawn, the Operator will stop processing and destroy the data within the periods required by law, unless continued retention is permitted on another lawful basis.
11.3. If immediate destruction is technically impossible, the data will be blocked and destroyed within the period established by law.
11.4. Backup copies are cleared in accordance with the applicable backup-rotation cycle. Access to such data remains restricted until final deletion.
12. Personal Data Security
12.1. The Operator implements necessary and sufficient legal, organisational and technical measures to protect personal data against unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination and other unlawful actions.
12.2. Such measures may include access controls, passwords and multi-factor authentication, encrypted connections, backups, software updates, event logging, anti-malware protection, supervision of persons with access to data and incident response.
13. User Rights
13.1. A user has the right to:
- obtain information about the processing of their personal data;
- request rectification, blocking or destruction where the data is incomplete, outdated, inaccurate, unlawfully obtained or unnecessary for the stated purpose;
- withdraw consent to the processing of personal data;
- opt out of advertising messages at any time;
- challenge the Operator’s actions or omissions before Roskomnadzor or a court;
- exercise other rights provided by law.
13.2. To exercise these rights, the user may contact mail@clear-aligners.ru or write to: 55A Lesnaya Street, Mazin Ugol Territory, Samara, 443031, Russian Federation.
13.3. The request should state the user’s name, contact address allowing the relevant account or enquiry to be identified, the substance of the request and information confirming the user’s connection with the data requested. The Operator may request information reasonably necessary to verify the applicant’s identity and prevent disclosure to an unauthorised person.
13.4. Requests are considered in accordance with the procedure and time limits established by the laws of the Russian Federation.
14. Withdrawal of Consent and Opting Out
14.1. Consent to personal-data processing may be withdrawn by emailing mail@clear-aligners.ru with the subject line “Withdrawal of Consent to Personal Data Processing”.
14.2. Advertising emails may be refused through the unsubscribe link in the message or by emailing the address above. Messenger communications may be refused by replying with a request to stop the messages.
14.3. After consent is withdrawn, the Operator may continue processing only where another lawful basis applies, for example to perform an existing contract, retain records as required by law or protect rights in a dispute.
15. Changes to this Policy
15.1. The Operator may update this Policy where the law, the services used or the processing activities change. A new version takes effect on the date of publication unless it states otherwise.
15.2. The current version is permanently available at https://clear-aligners.guru/policy/.
15.3. Questions about this Policy or personal-data processing should be sent to mail@clear-aligners.ru.