PRIVACY POLICY

Last update: from July 01, 2024

1. GENERAL PROVISIONS

1.1. This policy regarding the processing of personal data (hereinafter referred to as the "Policy") has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152–FZ dated 07/27/2006 "On Personal Data" (hereinafter referred to as the "Law on Personal Data") in order to ensure the protection of human and civil rights and freedoms when processing of his personal data, including protection of the rights to privacy, personal and family secrets.

1.2. This Policy applies to the following categories of personal data subjects that are processed by the Operator:

The Operator's employees.
Applicants for vacant Operator positions.
The Operator's counterparties (individuals).
Representatives (employees) of the Operator's contractors (legal entities and individual entrepreneurs).
The Operator's clients.
Users Of The Operator's Website.

1.3. Basic concepts used in the Policy:

Personal data – any information related directly or indirectly to a specific or identifiable individual (subject of personal data);

Personal data operator (Operator) – VENGO GROUP LIMITED, Date of registration 06.02.2023; registration number 3229485
7/F, MW Tower, 111 Bonham Strand, Sheung Wan, Hong Kong, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

Personal data processing is any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among others: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;

Automated processing of personal data – processing of personal data using computer technology;

Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;

Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;

Blocking of personal data – temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data);

Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;

Depersonalization of personal data – actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information;

Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing;

Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;

A website is a set of programs for electronic computers and other information contained in an information system, access to which is provided via the Internet information and telecommunications network and located at: www.vengo-trading.ru , as well as in the telegram bot @VengoTradingBot

1.4. Basic rights and obligations of the Operator.

1.4.1. The Operator has the right to:

independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Law on Personal Data;
if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.

1.4.2. The Operator is obliged to:

organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
to inform the authorized body for the protection of the rights of personal data subjects (hereinafter – "Roskomnadzor") at the request of this body of the necessary information within 10 working days from the date of receipt of such a request.

1.5. Basic rights of Personal data Subjects. The subject of personal data has the right to:

to receive information concerning the processing of his personal data, except in cases provided for by federal laws. The information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain personal data related to other Personal data Subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights;
to appeal to Roskomnadzor or in court against illegal actions or omissions of the Operator in the processing of his personal data.

The subject of personal data may exercise the rights to receive information concerning the processing of his personal data, as well as the rights to clarify his personal data, block or destroy them, by contacting the Operator with a corresponding request by e-mail support@vengo-trading.ru . In both cases, the request must be executed in compliance with the requirements of Article 7.1. of this Policy.

1.6. Control over the fulfillment of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data from the Operator.

1.7. Liability for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.

2. PRINCIPLES OF PERSONAL DATA PROCESSING

2.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:

legality and fair basis;
restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
preventing the processing of personal data incompatible with the purposes of personal data collection;
preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
processing only those personal data that meet the purposes of their processing;
compliance of the content and volume of the processed personal data with the stated purposes of processing;
preventing the processing of excessive personal data in relation to the stated purposes of their processing;
ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law.

3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in compliance with which and in accordance with which the Operator processes personal data, including:

The Constitution of the Russian Federation;
The Labor Code of the Russian Federation;
The Civil Code of the Russian Federation;
The Tax Code of the Russian Federation;
Federal Law No. 402-FZ dated December 6, 2011 "On Accounting";
other regulatory legal acts regulating relations related to the Operator's activities.

3.2. The legal basis for the processing of personal data is also:

contracts concluded with the Subject of personal data;
consent of the Personal data Subject to the processing of personal data.

4. PURPOSES AND CONDITIONS OF PERSONAL DATA PROCESSING

4.1. The processing of personal data is limited to achieving specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed. Only personal data that meets the purposes of their processing is subject to processing.

4.2. The content and volume of the processed personal data must comply with the stated processing purposes provided for in this section. The processed personal data should not be redundant in relation to the stated purposes of their processing.

4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:

The Operator's employees.
Applicants for vacant Operator positions.
To the Operator's contractors (individuals).
Representatives (employees) of the Operator's counterparties (legal entities and individual entrepreneurs).
To the Operator's clients.
Users Of The Operator's Website.

4.3.1. Operator's employees

4.3.1.1. The Operator processes the personal data of employees for the following purpose(s)::

Assistance to employees in finding employment, obtaining education and promotion.
Ensuring the personal safety of employees.
Control of the quantity and quality of the work performed.

4.3.1.2. Upon conclusion of an employment contract, employees give written consent to the Operator to process their personal data. The content of the employee's consent must be specific and informed, that is, contain information that allows you to unambiguously draw a conclusion about the goals, methods of processing, indicating the actions performed with personal data, the volume of personal data being processed.

4.3.1.3. When concluding an employment contract, employees provide the Operator with the following documents containing his personal data:

passport or other identification document;
employment record and (or) information about employment, except in cases where an employment contract is concluded for the first time;
a document confirming registration in the system of individual (personalized) accounting, including in the form of an electronic document;
military registration documents - for military service and persons subject to conscription;
a document on education and (or) qualifications or the availability of special knowledge - when applying for a job that requires special knowledge or special training;
other documents in accordance with the requirements of the legislation.

4.3.1.4. In the case of the initial conclusion of an employment contract with employees, the employment record book, the insurance certificate of the state pension insurance is issued by the Operator.

4.3.1.5. If other documents are required for the employment of an employee in accordance with the legislation, the Operator applies to the person applying for a job with a request to provide such documents containing personal data.

4.3.1.6. For the purposes provided above, the Operator processes the following categories of personal data of employees:

Last name, first name, patronymic.
The address of the place of residence.
Passport details.
Contact phone number.
Email address.
INN.
SNILS
Login and other data in the Telegram messenger

4.3.1.7. The Operator does not process biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).

4.3.1.8. The Operator does not process special categories of personal data of employees.

4.3.1.9. The list of actions performed by the Operator with personal data of employees: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.

4.3.1.10. The Operator performs mixed processing of personal data of employees without transmission over the internal network, with transmission over the Internet.

4.3.1.11. The Operator has the right to process the personal data of dismissed employees in cases and within the time limits provided for by the legislation of the Russian Federation. Such cases include, among other things, the processing of personal data within the framework of accounting and tax accounting, including to ensure the safety of documents necessary for calculating, withholding and transferring taxes.

4.3.1.12. The Operator is obliged to keep accounting documents for the periods established in accordance with the rules of the organization of state archival affairs, but at the same time the minimum storage period cannot be less than 5 (five) years.

4.3.1.13. After the expiration of the terms determined by the legislation of the Russian Federation, personal files of employees and other documents are transferred to archival storage for a period of 50 years. The processing of this information does not require compliance with the conditions related to obtaining consent to the processing of personal data. The consent of employees to the processing of their personal data in the cases provided for in paragraphs 4.3.1.11 – 4.3.1.12 of this Policy is not required.

4.3.1.14. Disclosure and dissemination of personal data to third parties without the employee's consent is not allowed, unless otherwise provided by federal law.

4.3.1.15. When transferring employee's personal data, the Operator must comply with the following requirements:

it is prohibited to disclose an employee's personal data to a third party without the written consent of the employee, except in cases where this is necessary in order to prevent threats to the life and health of the employee, as well as in cases established by federal law;
the employee who transmits the personal data of the Operator's employee is obliged to warn the persons receiving the employee's personal data that these data can only be used for the purposes for which they are reported, and to require these persons to confirm compliance with this rule. The persons receiving the personal data of the Operator's employee are obliged to comply with their confidentiality regime. This provision does not apply to the exchange of personal data of employees in accordance with the procedure established by federal laws;
an employee who transfers personal data of an Operator's employee has the right to transfer employee's personal data to employee representatives in accordance with the procedure established by the Labor Code of the Russian Federation, and limit this information only to those employee's personal data that are necessary for these representatives to perform their functions.
the transfer of personal data of employees to the Social Insurance Fund of the Russian Federation, the Pension Fund of the Russian Federation in accordance with the procedure established by federal laws, in particular the Federal Law "On Compulsory Pension Insurance in the Russian Federation", the Federal Law "On the Basics of Compulsory Social Insurance", the Federal Law "On Compulsory Medical Insurance in the Russian Federation" is carried out without consent employees.

4.3.1.16. The Operator does not carry out cross-border transfer of personal data of employees.

4.3.1.17. Employees are required to familiarize themselves with the local regulatory legal acts of the Operator, which establish the procedure for processing personal data, as well as their rights and obligations in this area.

4.3.2. Applicants for vacant Operator positions

4.3.2.1. The Operator processes the personal data of applicants for vacant positions for the following purpose(s)::

Consideration of an applicant for a vacant position and making a decision on admission or refusal to apply for a job.
Formation of a personnel reserve.

4.3.2.2. Obtaining consent from applicants for vacant positions is carried out in case of an invitation to an interview.

4.3.2.3. Applicants for vacant positions send their personal data to the Operator directly to the e-mail address or through specialized Internet resources (job aggregators).

4.3.2.4. The placement of resumes by applicants for vacant positions on electronic Internet resources (job aggregators) is carried out in accordance with the rules of these resources. By sending a resume to the Operator's e-mail, applicants for vacant positions thereby give their consent in a definitive form to the processing of their personal data.

4.3.2.5. For the purposes provided above, the Operator processes the following categories of personal data of applicants for vacant positions:

Last name, first name, patronymic.
Contact phone number.
The email address.

4.3.2.6. The Operator does not process biometric personal data of applicants for vacant positions (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).

4.3.2.7. The Operator does not process special categories of personal data of applicants for vacant positions.

4.3.2.8. The list of actions performed by the Operator with the personal data of applicants for vacant positions: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, blocking, deletion, destruction.

4.3.2.9. The Operator performs mixed processing of personal data of applicants for vacant positions without transmission over the internal network, with transmission over the Internet.
4.3.4. Representatives (employees) of the Operator's counterparties (legal entities and individual entrepreneurs)

4.3.4.1. The Operator processes the personal data of the representatives (employees) of the counterparties for the following purpose(s)::

Execution of contracts with contractors.

4.3.4.2. Obtaining consent to transfer personal data of representatives (employees) of counterparties to the Operator is provided directly by the counterparty, whose employee (representative) is the Subject of personal data, whose personal data is processed by the Operator.

4.3.4.3. For the purposes provided above, the Operator processes the following categories of personal data of representatives (employees) of contractors:

Last name, first name, patronymic.
Contact phone number.
The email address.
Post.

4.3.4.4. The Operator does not process biometric personal data of representatives (employees) of contractors (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).

4.3.4.5. The Operator does not process special categories of personal data of representatives (employees) of counterparties.

4.3.4.6. The list of actions performed by the Operator with the personal data of representatives (employees) of contractors: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, blocking, deletion, destruction.

4.3.4.7. The Operator performs mixed processing of personal data of representatives (employees) of counterparties without transmission over the internal network, with transmission over the Internet.

4.3.4.8. Disclosure and dissemination of personal data to third parties without the consent of the representative is not allowed, unless otherwise provided by federal law.

4.3.4.9. The Operator does not carry out cross-border transfer of personal data of representatives (employees) of counterparties.

4.3.5. The Operator's Clients

4.3.5.1. The Operator processes the personal data of clients for the following purpose(s)::

Conclusion and execution of contracts.
Organization of participation in the loyalty program.
Sending advertising information about goods and services.

4.3.5.2. Processing of personal data of clients does not require obtaining additional consent from them, in case of processing of personal data in accordance with paragraph 5 of part 1 of Article 6 of the Law on Personal Data. Obtaining consent from clients is carried out in the following cases:

The client's participation in the loyalty program.
Directions of advertising information about goods and services.

4.3.5.3. For the purposes provided above, the Operator processes the following categories of personal data of clients:

Last name, first name, patronymic.
Contact phone number.
The email address.
Credentials for logging into your personal account: username and password.

4.3.5.4. The Operator does not process biometric personal data of clients (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).

4.3.5.5. The Operator does not process special categories of personal data of clients.

4.3.5.6. Clients transfer personal data upon conclusion of the contract. Personal data of clients are subject to storage during the period of performance of contractual obligations and (or) within the time limits established by law.

4.3.5.7. The list of actions performed by the Operator with personal data of clients: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.

4.3.5.8. The Operator performs mixed processing of personal data of clients without transmission over the internal network, without transmission over the Internet.

4.3.5.9. Disclosure and dissemination of personal data to third parties without the client's consent is not allowed, unless otherwise provided by federal law.

4.3.5.10. The Operator does not transfer clients' personal data across borders.

4.3.6. Users of the Operator's Website

4.3.6.1. The Operator processes the personal data of users for the following purpose(s)::

Processing of applications on the Website.
Sending advertising information about goods and services.
Maintaining statistics of Site visits.
Creating a profile.

4.3.6.2. The processing of personal data of users is carried out subject to obtaining prior consent by clicking the “Start” button.

4.3.6.3. For the purposes provided above, the Operator may process the following categories of personal data of users:

Last name, first name, patronymic.
Contact phone number.
The email address.
Credentials for logging into your personal account: username and password.
Date and time of the Site visit.
The IP address assigned to the device for accessing the Internet.
The type of browser and operating system.
Cookies files.
Data collected on the Site through aggregators of statistics of website visitors.

4.3.6.4. The Operator does not process biometric personal data of users (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).

4.3.6.5. The Operator does not process special categories of personal data of users.

4.3.6.6. The list of actions performed by the Operator with the personal data of users: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, blocking, deletion, destruction.

4.3.6.7. The Operator performs mixed processing of users' personal data without transmission over the internal network, without transmission over the Internet.

4.3.6.8. Disclosure and dissemination of personal data to third parties without the user's consent is not allowed, unless otherwise provided by federal law.

4.3.6.9. The Operator does not transfer users' personal data across borders.

4.3.6.10. An information banner appearing on the Website informs the user about the processing of cookies and user data. The user has the choice to provide his consent to the processing of the above-mentioned personal data by continuing to use the Site, or to refuse to provide such consent by disabling the processing of cookies and the collection of user data in the browser settings, or by leaving the Site.

4.3.6.11. Despite the fact that most browsers accept cookies automatically, the user can configure his browser so that only he decides whether to accept or block cookies (you should refer to the "Tools" or "Settings" menu of the browser used by the user). The user can delete cookies from his device at any time. At the same time, it should be remembered that if the user does not accept cookies, some functions of the Site may be lost. More detailed information about managing cookies can be found in the browser's help file or on specialized websites.

5. THE PROCEDURE FOR COLLECTING AND STORING PERSONAL DATA

5.1. When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.

5.2. Persons who have transferred information about another Personal Data Subject to the Operator, including through the Website, without having the consent of the subject whose personal data was transferred, are responsible in accordance with the legislation of the Russian Federation.

5.3. The Operator stores personal data in a form that allows determining the subject of personal data for no longer than the purposes of processing personal data require, unless the period of storage of personal data is established by federal law, an agreement to which the Subject of Personal data is a party, beneficiary or guarantor.

5.4. The processed personal data is subject to destruction in the event of:

reaching the deadline for processing personal data;
achieving the goals of personal data processing;
loss of the need to achieve the goals of personal data processing;
obtaining a revocation of consent to the processing of personal data;
exclusion of the Operator from the Unified State Register of Individual Entrepreneurs.

6. PROTECTION OF PERSONAL DATA

6.1. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:

identifies threats to the security of personal data during their processing;
adopts local regulations and other documents regulating relations in the field of personal data processing and protection;
appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
creates the necessary conditions for working with personal data;
organizes the accounting of documents containing personal data;
organizes work with information systems in which personal data is processed;
stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
organizes training for the Operator's employees who process personal data.

7. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS FROM SUBJECTS FOR ACCESS TO PERSONAL DATA

7.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the Personal Data Subject or his representative when contacting or receiving a request from the Personal Data Subject or his representative within 10 (ten) working days days from the date of receipt of the request or receipt of the request. The information provided does not include personal data related to other Personal data Subjects, except in cases where there are legitimate grounds for the disclosure of such personal data.

The request must contain:

the number of the main document certifying the identity of the Personal Data Subject or his representative, information on the date of issue of the specified document and the issuing authority;
information confirming the participation of the Personal Data Subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator;
signature of the Personal Data Subject or his representative.

The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

If the Personal Data Subject's request does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him.

The right of a Personal data Subject to access his personal data may be restricted in accordance with part 8 of Article 14 of the Law on Personal Data, including if the access of a Personal Data Subject to his personal data violates the rights and legitimate interests of third parties.

7.2. In case of identification of inaccurate personal data when contacting a Personal Data Subject or his representative, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this Personal Data Subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the Subject personal data or third parties.

In case of confirmation of the fact of inaccuracy of personal data, the Operator, based on the information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.

7.3. In case of detection of unlawful processing of personal data when contacting (requesting) a Personal data Subject or his representative or Roskomnadzor, the Operator blocks unlawfully processed personal data related to this Personal Data Subject from the moment of such request or receipt of the request.

7.4. Upon achievement of the purposes of personal data processing, as well as in the case of withdrawal by the Subject of personal data of consent to their processing, personal data shall be destroyed if:

nothing else is provided for in the agreement to which the Personal Data Subject is a party;
the Operator does not have the right to process personal data without the consent of the Subject on the grounds provided for by the Law on Personal Data or other federal laws;
nothing else is provided for by another agreement between the Operator and the Subject of Personal data.

8. FINAL PROVISIONS

8.1. The Operator has the right to send advertising and informational messages to the Subject of personal data by e-mail, SMS and push notifications only on condition of prior consent to receive advertising in accordance with part 1 of Article 18 of Federal Law No. 38-FZ of 03/13.2006 "On Advertising". Consent to receive advertising messages from the Operator via e-mail, SMS and push notifications is provided in writing or in electronic form by ticking the appropriate box on the Site.

8.2. The subject of personal data has the right to refuse to receive advertising messages by clicking on the appropriate link in the emails received from the Operator, sending a notification of refusal to receive advertising messages to the support service at the address of the Operator's location.

8.3. In compliance with the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is posted at the address of the Operator's location, freely available on the Internet information and telecommunications network on the Website.