Privacy Policy

1. General Provisions

• 1.1. This Privacy Policy (hereinafter referred to as the “Policy”) for the website https://pip.bar is designed to ensure the protection of human and civil rights and freedoms during the processing of personal data, including the protection of rights to privacy, as well as personal and family confidentiality.

• 1.2. The Policy applies to all personal data of https://pip.bar users that they voluntarily provide during the registration process on the website.

• 1.3. This Policy covers the personal data processing relationships established by the Operator both before and after the approval of this Policy.

• 1.4. This Policy is published and freely available on the Internet.

• 1.5. Key Terms used in this Policy:

  • Personal Data: Any information relating directly or indirectly to a specific or identifiable natural person (the data subject).

  • Personal Data Operator (Operator): The administrator of the https://pip.bar domain name, who organizes and conducts the processing of personal data, determines the purposes of processing, the composition of the data to be processed, and the actions (operations) performed with such data.

  • Website User: A legally competent natural person who has voluntarily completed the registration procedure on the Website.

  • Processing of Personal Data: Any action (operation) or a series of actions performed with or without the use of automated means involving personal data. This includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.

  • Automated Processing of Personal Data: Processing of personal data using computer technology.

  • Blocking of Personal Data: Temporary suspension of personal data processing (unless processing is necessary to clarify personal data).

  • Destruction of Personal Data: Actions that make it impossible to restore the content of personal data in the information system and/or result in the destruction of the physical media containing the personal data.

• 1.6. Core Rights and Obligations of the Operator:

  • 1.6.1. The Operator has the right to:

    • Independently determine the necessary and sufficient measures to fulfill its legal obligations regarding personal data protection, unless otherwise stipulated by applicable federal laws.

    • Entrust the processing of personal data to a third party with the data subject’s consent, based on a formalized contract, unless federal law dictates otherwise. This third party must adhere to the principles and rules of data processing, maintain confidentiality, and implement necessary security measures.

    • Delete a user’s account and their personal data if the user submits a request to cease processing.

  • 1.6.2. The Operator is obliged to:

    • Organize the processing of personal data in compliance with relevant data protection laws.

    • Respond to inquiries and requests from data subjects in accordance with legal requirements.

    • Provide necessary information to the authorized data protection regulatory body within 10 working days of receiving a request (this period may be extended by up to five working days).

    • Interact with the state system for the detection, prevention, and elimination of the consequences of computer attacks, including reporting incidents that result in unlawful data transfers (provision, distribution, access).

• 1.7. Core Rights of the Data Subject. The data subject has the right to:

  • Receive information regarding the processing of their personal data, provided in an accessible format without containing data of other subjects, unless legally justified. The specific information and procedure are determined by law.

  • Demand that the Operator update, block, or destroy their personal data if it is incomplete, outdated, inaccurate, illegally obtained, or no longer necessary for the stated purpose, as well as take legal measures to protect their rights.

  • Provide prior consent for data processing aimed at promoting goods, works, and services on the market.

• 1.8. An authorized person appointed by the Operator is responsible for monitoring compliance with this Policy.

2. Purposes of Processing Personal Data

• 2.1. Processing is strictly limited to achieving specific, pre-defined, and legitimate purposes.

• 2.2. Only personal data that fulfills the purposes of its processing is subject to processing.

• 2.3. The Operator processes personal data for the following purposes:

  • Registering user accounts.

  • Identifying users to grant website access.

  • Sending informational messages to the user’s email address.

  • Conducting advertising activities.

  • Caching data to optimize website performance.

• 2.4. Processing personal data in a manner incompatible with the purposes of its collection is strictly prohibited.

3. Legal Basis for Processing Personal Data

• 3.1. The legal basis for data processing encompasses the regulatory acts that the Operator adheres to while operating.

• 3.2. Further legal bases include:

  • The data subject’s explicit consent to the processing of their personal data.

  • Consent to receive informational and promotional mailings.

4. Volume and Categories of Processed Personal Data

• 4.1. The scope and content of the processed data must align with the stated purposes outlined in Section 2 and must not be excessive.

• 4.2. The Operator may process the following categories of user personal data:

  • Name.

  • Place of work (provided optionally).

  • Photograph (provided optionally).

  • Email address.

  • Gender (provided optionally).

  • Date of birth (provided optionally).

  • Phone number.

  • During website usage, the Operator may also automatically collect the user’s IP address and cookie information.

• 4.3. The Operator strictly does not process special categories of personal data concerning race, nationality, political opinions, religious or philosophical beliefs, health status, or intimate life.

5. Procedure and Conditions for Processing Personal Data

• 5.1. The Operator processes data in strict accordance with legal requirements.

• 5.2. Processing is conducted only with the consent of the data subjects.

• 5.3. The Operator employs automated processing, transmitting obtained information via telecommunication networks, to achieve its processing goals.

• 5.4. Only authorized employees of the Operator whose duties require handling personal data are permitted access.

• 5.5. Depending on the purposes outlined in Section 2.3, processing is carried out through:

  • Direct electronic receipt of data from subjects.

  • User input during registration or profile updates on the website.

  • Automated user identification for granting website access.

  • Automated email dispatch of informational messages.

  • Automated utilization of IP addresses and cookies for preparing and conducting advertising activities.

• 5.6. Disclosure and distribution of personal data to third parties without the subject’s consent is strictly prohibited, unless mandated by federal law.

• 5.7. The User is hereby notified that information regarding their name, occupation, photograph, gender, and age — which they voluntarily disclose in their profile settings — may become publicly accessible within the blog, user profile, and all feeds containing their posts and comments. The responsibility for the lawful subsequent distribution or processing of such data lies with the individual who distributes it.

• 5.8. The Operator implements necessary legal, organizational, and technical measures to safeguard data against unauthorized or accidental access, destruction, modification, blocking, distribution, and other unauthorized actions. These measures include:

  • Identifying potential security threats during processing.

  • Adopting internal policies and documents regulating data protection.

  • Appointing personnel responsible for data security within the Operator’s departments and systems.

  • Creating necessary conditions for securely handling data.

  • Organizing secure workflows within the processing information systems.

  • Storing data under conditions that ensure its preservation and strictly exclude unauthorized access.

• 5.9. Data is stored in a format allowing the identification of the data subject for no longer than required by the specific processing purpose, unless a specific retention period is established by federal law or contract.

• 5.10. The Operator terminates processing in the following instances:

  • Unlawful processing is detected (within three working days of discovery).

  • The purpose of processing has been achieved.

  • The subject’s consent expires or is revoked (when processing is solely reliant on such consent).

• 5.11. Upon goal achievement or consent revocation, processing is stopped unless:

  • An active contract, where the subject is a party, beneficiary, or guarantor, requires otherwise.

  • The Operator is legally permitted to continue processing without consent under applicable laws.

  • A separate agreement between the Operator and the subject stipulates otherwise.

• 5.12. If a user submits a formal request to cease data processing, the Operator will stop processing within 10 working days of receipt. This period can be extended by a maximum of five working days, provided the Operator sends the subject a reasoned notification explaining the delay.

• 5.13. When collecting data, including via the Internet, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, changing), and extraction of personal data.

6. Updating, Correcting, Deleting Data, and Responding to Subject Requests

• 6.1. The Operator must provide the data subject with confirmation of processing, legal grounds, processing purposes, and other relevant details. This information will not include personal data belonging to other users, except where legally justified. A user’s inquiry must contain:

  • Evidence confirming registration on https://pip.bar.

  • The signature of the data subject or their representative.

  • The Operator provides the information in the format requested, unless specified otherwise. If a request lacks required details or the subject lacks access rights, a reasoned refusal will be issued. Access may also be restricted if it violates the rights and legitimate interests of third parties.

• 6.2. If a subject or their representative reports inaccurate data, the Operator will immediately block that specific data pending verification, provided the block does not infringe on the rights of the subject or third parties. Upon confirmation of inaccuracy, the Operator will correct the data within seven working days based on provided documentation and subsequently lift the block.

• 6.3. If unlawful processing is detected following a subject’s request, the Operator will immediately block the affected data.

• 6.4. In the event of an accidental or unlawful data breach (provision, distribution, or access) that violates user rights, the Operator will, within 24 hours:

  • Notify the relevant authority about the incident, presumed causes, estimated harm, remedial measures taken, and provide the contact details of the authorized person handling the incident.

• 6.5. Procedure for the Destruction of Personal Data:

  • 6.5.1. Conditions and Timelines for Destruction:

    • Achievement of processing goals or loss of necessity to achieve them: within 30 days.

    • Expiration of maximum storage periods for documents containing personal data: within 30 days.

    • Confirmation by the subject that data was obtained illegally or is unnecessary for the stated purpose: within seven working days.

    • Revocation of consent by the subject (if further retention is no longer required): within 30 days.

  • 6.5.2. Upon reaching the processing goal or upon consent revocation, data must be destroyed unless:

    • A contract involving the data subject requires otherwise.

    • The Operator has legal grounds to continue processing without consent under applicable laws.