1. General provisions

1.1. This Privacy Statement (hereinafter referred to as the"Statement") is regulated by the Constitution of the Russian Federation, Federal Law No. 149-FZ dated 27.07.2006 "On Information,Information Technologies and Protection of Information", Federal Law No.152-FZ dated 27.07.2006 "On Personal Data" and other regulatory legalacts.

1.2. Main terms used in the Statement:

SELLER/ OPERATOR shall mean BAKKOURA LLC, OGRN (Primary State Registration Number) 5167746071004

ONLINE STORE shall mean the Internet website owned by the Seller, located on the Internet at:  www.bakkoura.com, where the Goods offered by the Seller for purchase and the terms of payment and delivery of Goods to Buyers are presented.
COOKIES shall mean small chunks of data that increase the efficiency and improve the terms of use of the Website. This information may include data about the Client's location or language preferences, which will be saved when re-entering the website, or data about the goods that the Client liked. 

CLIENT - Website Visitor shall mean a person visiting www.bakkoura.comwithout the purpose of placing an Order; the Buyer shall mean the User who placed an Order in the Online Store - personal data subjects; 

PERSONAL DATA shall mean information stored in any format relating to a specific individual or to an individual determined on the basis of such information (personal data subject), which by itself or in combination with other information available to the Online Store makes it possible to identify the Client; 

PERSONAL DATA PROCESSING shall mean actions(operations) with personal data, including collection, recording,systematization, accumulation, storage, clarification (updating, modification),extraction, use, distribution (including transfer), depersonalization,blocking, destruction of personal data;
DISTRIBUTION OF PERSONAL DATA shall mean actions aimed at the transfer of personal data to a specific group of people (transfer of personal data) or atmaking personal data available to an unlimited number of people, including the publication of personal data in the media, placing personal data in information and telecommunications networks or providing access to personal data in any other way;

USE OF PERSONAL DATA shall mean actions (operations)with personal data carried out by the operator for the purpose of making decisions or carrying out other actions bearing legal consequences in respect of personal data subjects or other persons, or otherwise concerning the rights and freedoms of the personal data subjects or other persons. 

CONFIDENTIALITY OF PERSONAL DATA shall mean an obligation of the Operator or other entity that has access to personal data to prevent Personal Data distribution without the consent of the personal data subject or presence of other legal grounds. 

1.3. This Statement establishes the procedure for processing personal data of Clients. 

1.4. The purpose of the Statement is to ensure the protection of human and civil rights and freedoms when processing personal data.

1.5. Personal data are processed for the purposes for which they were provided, including:

identification of the Website Visitor,registration in the self-service system (personal account), providing feedback,including sending notifications, requests related to the provision of services,processing requests and applications from the Website Visitor, determining the location of the Website Visitor to ensure security, prevent fraud, and for other purposes in accordance with the accepted Offer of the Seller posted inthe Online Store (the Client is one of the parties to the Public Offer) or with the consent of the Website Visitor. The Online Store collects data only to the extent necessary to achieve these purposes. 

1.6. Personal data may not be used for the purpose of causing property and moral damage or hindering the exercise of the rights and freedoms of citizens of the Russian Federation. 

1.7. This Statement is approved by the director and shall be binding on all employees who have access to the Client's personal data.

‍

2. Composition and acquisition of personal data of Clients

2.2. Personal data collected and processed by the Online Store shall include: personal data (last name, first name); residential address; email address; contact phone number, as well as information provided by the User independently when registering in the personal account, when placing an order in the online store or during the use of the Website.

2.2. The Seller's employees shall receive all personaldata directly from personal data subjects – the Clients.

2.3. Consent to the personal data processing is considered to be given by ticking the appropriate box on the Website on consenting to the personal data processing to the extent, for the purposes and in the manner provided for in the text shown for information purposes before obtaining consent.

3. Processing and storage of personal data of Clients 

3.1. The processing of personal data by the OnlineStore in the interests of Clients involves acquiring, systematizing,accumulating, storing, clarifying (updating, changing), using, distributing,depersonalizing, blocking, destroying personal data and preventing unauthorized access to personal data of Clients.
3.2. The consent of Clients to the personal data processing is not required,since the processing of personal data is carried out for the purpose of executing a Public Offer, one of the parties to which is the personal data subject – the Client.
3.3. The processing of personal data of Clients is carried out by the method of mixed processing.
3.4. Only the Seller's employees who are authorized to work with the Client's personal data and have signed an Agreement on Non-Disclosure of the Client's Personal Data can have access to the processing of personal data of Clients.

3.5. The list of employees who have access to personal data of Clients is determined by the order of the Director. 

3.6 Personal data of Clients in hard copy form shall be stored at the Seller's location in a safe, and only the employees who have signed a non-disclosure statement shall have access to these materials.
3.7. Personal data of Clients in electronic form shall be stored in the loca lcomputer network of the online store, in electronic folders and files on the personal computers of the Seller and the Seller's employees authorized to process personal data of Clients.

‍

4. Use and transfer of personal data of Clients 

4.1. The use of Clients' personal data is carried out exclusively to achieve the purposes defined by the Public Offer between the Client and the Online Store.
4.2. When transferring personal data of Clients, the Online Store must comply with the following requirements: 

4.2.1. To notify the persons receiving personal data of Clients that these data can only be used for the purposes for which they have been provided, and to require that these persons confirm the compliance with this rule in writing. The persons obtaining personal data of Clients shall be required to comply with the confidentiality policy. This provision does not apply in case of depersonalization of personal data and in relation to publicly available data. 

4.2.2. To allow access to personal data of Clients only to designated persons; such persons shall have the right to obtain only those personal data that are necessary to perform specific functions.
4.2.3. In case of cross-border transfer of personal data, the Online Store shall ensure that the foreign state to the territory of which the transfer of personal data is carried out shall provide adequate protection of the rights of personal data subjects.

 4.2.4. The cross-border transfer of personal data to the territory of foreign countries that do not provide adequate protection of the rights of the personal data subjects may be carried out in the following cases:  

- availability of written consent of the Client; 

- if provided for by international treaties of the Russian Federation on the issuance of visas, international treaties of the Russian Federation on the provision of legal assistance in civil, family and criminal cases, as well as international treaties of the Russian Federation on readmission; 

- if provided for by federal laws, when it is necessary in order to protect the foundations of the constitutional order of the Russian Federation and to ensure the defense of the country and the security of the state;

- for the purposes of execution of an agreement to which the personal data subject is a party;
- for the protection of life, health, and other vital interests of the personal data subject or other persons if the written consent of the personal data subject cannot be obtained. 

4.3. It is prohibited to answer questions related to the transfer of information containing personal data by phone or fax. 

4.4. The Online Store has the right to provide or transfer personal data of Clients to third parties in the following cases: 

- the user has expressed their consent to such actions;

- the transfer is necessary for the User to use a certain service or to fulfill a certain agreement or contract with the User; -
the transfer is necessary for the functioning and performance of the Website; -
disclosure of such information is required to comply with the law or execute a judicial act; 

- to assist in conducting investigations carried out by law enforcement or other government agencies; 

- to protect the rights and legitimate interests of the Client and the Online Store.

‍

5. Protection of Clients' personal data from unauthorized access 

5.1. When processing personal data of Clients, the Online Store shall take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification,blocking, copying, distribution of personal data, as well as from other illegal actions.

5.2. For effective protection of personal data of Clients it is necessary: 
5.2.1. to observe the procedure for acquiring, accounting for and storing personal data of Clients;
5.2.2. to use technical security means and alarm systems;

5.2.3. to conclude a Non-Disclosure Agreement with all employees related to the acquisition, processing and protection of the Client's personal data;
5.2.4. to impose disciplinary liability on employees guilty of violating the rules governing the acquisition, processing and protection of the Client's personal data.
5.3. Access to personal data of Clients by the Seller's employees without duly granted access is prohibited. 

5.4. Documents containing personal data of Clients shall be stored in the premises of the Seller ensuring protection against unauthorized access.
5.5. Protection of access to electronic databases containing personal data of Clients is ensured: 

- using licensed software products that prevent unauthorized access by third parties to personal data of Clients; - by using a password system. Passwords are set by the system administrator andare issued individually to employees who have access to personal data of Clients.5.6. Copying and making extracts of the Client's personal data is allowed solely for official purposes with the written permission of the Seller's management.

‍

6. Obligations of the Online Store

6.1. The Online Store shall:

 6.1.1. Process Clients' personal data solely for the purpose of executing the Public Offer. 

6.1.2. Obtain the Client's personal data directly from the Client. If it is only possible to obtain personal data of the Client from a third party, the Client shall be informed thereof in advance, anda written consent shall be obtained from the Client. The Seller's employees must inform the Clients about the objectives, expected sources and methods of acquisition of personal data, as well as the nature of the personal data to be obtained and consequences of the Client's refusal to give written consent to provide such data.  

6.1.3. Refrain from receiving or processingthe Client's personal data regarding their race, ethnicity, political views,religious or philosophical beliefs, health status, intimate life, except in cases provided for by law.

 6.1.4. Provide Clients or their legal representatives with access to their personal data on application or upon request containing the number of the main identity document of the Client or their legal representative, information about the date of issue and the issuing authority of the specified document and the handwritten signature of the Client or their legal representative. The request may be submitted in electronic form and signed by an electronic digital signature in accordance with the laws of the Russian Federation. Information about the availability of personal data should be provided to the Client in an accessible form, and it should not contain personal data related to other personal data subjects.

 6.1.5. Restrict the Client's right to access their personal data if: 
1) the processing of personal data, including personal data obtained as a result of domestic intelligence, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
2) the processing of personal data is carried out by the authorities that have detained the personal data subject on the count of committing a crime or have filed criminal charges against the personal data subject, or have applied a preventive measure to the personal data subject before the lodging of charges,with the exception of cases when the suspect or accused is allowed to review such personal data provided for by the criminal procedure legislation of the Russian Federation;
3) the provision of personal data violates the constitutional rights and freedoms of others.

 6.1.6. Ensure the storage and protection of the Client's personal data from their misuse or loss. 

6.1.7. If unreliable personal data or the operator's illegal actions with personal data are revealed on application or at the request of the personal data subject, their legal representative or the authorized body for the protection of the rights of personal data subjects, the operator shall block the personal data related to the relevant personal data subject from the moment of such application or receipt of such request for the verification period.
6.1.8. If the unreliability of personal data is confirmed, the operator, on the basis of documents submitted by the personal data subject, their legal representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, shall clarify and unblock the personal data.

 6.1.9. If illegal actions with personal data are detected, the operator shall eliminate the violations within a period not exceeding three business days from the date of such detection. Ifit is impossible to eliminate the violations committed, the operator shall destroy the personal data within a period not exceeding three business days from the date of detection of the illegal actions with personal data. The operator shall notify the personal data subject or their legal representative about the elimination of violations or the destruction of personal data, and if the application or request was sent by the authorized body for the protection of the rights of personal data subjects, the operator shall also notify this authority. 

‍ 
7. Rights of the Client

7.1 The Client has the right to: 

- access the information about oneself,including information containing confirmation of personal data processing, as well as the purpose of such processing; methods of processing personal data used by the Online Store; the list of processed personal data and their source,the terms of processing personal data, including the terms of their storage;other data in accordance with the requirements of the legislation of the Russian Federation; 

- determine forms and methods of processing their personal data; limit methods and forms of processing personal data;prohibit the distribution of personal data without their consent; modify,clarify, and destroy information about oneself. 

The Client can withdraw their consent to the processing of personal data at any time by sending a statement to the website administration:  

- by e-mail; info@bakkoura.com

- at: Moscow, 10 Nikolskaya str., floor 2,room 53

The information will be updated within 7(seven) days from the date of the request.

‍

8. Confidentiality of personal data of Clients 

8.1. Information about personal data of Clients is confidential.
8.2. The Online Store shall ensure the confidentiality of personal data and shall prevent their distribution to third parties without the consent of Clients or existence of other legal grounds. 

8.3. Persons who have access to personal data of Clients shall comply with the confidentiality policy; they must be informed about the need to comply with information security procedures. Due to the confidential treatment of personal information, appropriate security measures shall be taken in order to protect data from accidental or unauthorized destruction, accidental loss, unauthorized access, modification or distribution.
8.4. All confidentiality measures during the collection, processing and storage of personal data of Clients shall apply to all media, both paper-based and automated.
8.5. The confidential treatment of personal data shall be ceased in cases of depersonalization of data or inclusion of data in publicly available personal data sources, unless otherwise stipulated by law.

9. Liability for violation of the rules governing the processing of personal data of Clients 

9.1. The Seller is responsible for the personal data at its disposal and shall ensure that its employees assume personal liability for compliance with the established confidentiality policy. 

9.2. Each employee of the Seller who receives a document containing the Client's personal data for work purposes shall be solely responsible for the safety of the medium and the confidentiality of the information. 

9.3. Any person can contact the Seller's employee with a complaint regarding the violation of this Statement. Complaints and applications regarding compliance with data processing requirements shall be considered within three days from the date of receipt.

 9.4. The Seller's employees shall ensure the proper level of consideration of requests, applications and complaints of Clients, as well as facilitate the fulfillment of the requirements of the competent authorities. 

9.5. Persons guilty of violating the rules governing the acquisition, processing and protection of personal data of Clients shall be subject to disciplinary, administrative, civil or criminal liability in accordance with the legislation of the Russian Federation.
9.6. The Seller has the right to change the terms of the confidentiality policy unilaterally at any time.

10. Cookies and other tracking technologies.

10.1. www.bakkoura.com uses cookies and similar technologies to ensure maximum convenience for Clients by providing personalized information, memorizing marketing and product preferences, as well as helping to get the correct information. By using the Website, you confirm that you consent to the use of cookies in accordance with this notice regarding this type of files. If you do not consent to our use of this type of files, you should set your browser settings accordingly or refrain from using www.bakkoura.com

‍