Appendix №1 to User’s Agreement
of the website https://legalbet.es/ “Website”
You should not use the Website if you are underage person, i.e. under 16 years of age for EU citizens and under 18 years of age for Russian citizens. The operator does not have technical opportunity to define the age of the User in the absence of data that indicates it directly. If you are a parent or a legal representative of such a person, you must immediately contact the Operator and apply for removing the data and/or account of an underaged person by learning that he or she registered on the Website and transferred the personal data or By you do not agree with procession of the data.
1.4 As it is mentioned in the introduction to the Agreement, the Website is designed for adult capable persons. People under age of 16 (for EU citizens) should not use the Website. If parents or legal representatives learn that this person provided the Website with the personal data, they should apply to Operator with the request to delete the data of the underage person. The operator will delete all the personal data of the underage person in the shortest possible time after receiving the application.
1.5 Personal data is the information uploaded on the Website by the User in process of registration, account management, the use of the Website that allow to identify the User directly or indirectly as a natural person.
1.6 By uploading personal data and authorizing on the Website with his/her login, User expressly agrees to the procession of all the personal data reported in process of using the Website both by request of the Operator and by report of User.
1.7 For any contacts with the operator on procession of personal data issues User should use email address specified by registering. In case it is lost, the User must inform the Operator.
1.8 Operator is entitled to take any available actions to confirm the data provided by the User on the Website and/or in process of the use. In case the personal data and/or information specified by the User is invalid by any reason, the Operator is entitled but not obliged not to take it into account and/or delete it immediately.
1.9 All the personal data provided by the User is accepted by the Operator “as is” and is not a subject for compulsory preliminary check. User is held responsible for reliability of the personal data is on the User.
1.10 In case Operator discloses personal data or provides third parties with the personal data, Operator should comply with the requirements of respecting the law and confidentiality.
1.11 Processing of the personal data according to the Policy is such actions (operations) as collecting, receiving, recording, systematization, accumulation, storage, defining (updating, changing), extracting, using, transferring (spreading, providing, access to), depersonalization, blocking, deleting, destroying the personal data.
1.12 Processing of the personal data is carried out in any legal way including with Operator’s personal data informational systems with the use of automation system and without using such a system. Processing of the personal data provided by the User is carried out according to the Federal Law №152-FZ “On personal data” of 27.07.2006.
1.13 The User must use only his/her own personal data. If the third persons have claims to the Operator about illegal use of the personal data that do not belong to the User, the User should settle the argue on his/her own and at his/her own expense. User also is obliged to compensate to the Operator for additional cost and losses that Operator had due to User’s violation of this clause.
2. General rights of the subject of the personal data
2.1. User is entitled to receive the confirmation from the Operator on whether the personal data is being processed or not, thus the user is entitled to have access to the personal data. The right is realized by giving the User the access to the account on the Website, where he/she can ascertain this fact.
2.3. User is entitled to demand from the Operator a removal of the personal data uploaded by him/her and to limit its processing or object to the processing.
2.5. User is entitled to forward the inquiry to the Operator via e-mail firstname.lastname@example.org for receiving a copy of User’s personal data which is being processed. This copy is granted within 30 (Thirty) calendar days from the moment of receiving an e-file sent from the User’s e-mail. Operator charges an acceptable fee for granting any additional copies, inquired by the User. The User is informed on the amount of the charge in a response to the additional copy inquiry. The amount of the charge depends on administrative expenses.
2.6 User is entitled to demand from the Operator to correct inaccurate personal data without unjustified delay. User is also entitled to complement the personal information in his/her account in “My profile” on his/her own.
2.7 Operator removes the personal data without unjustified delay by receiving a User’s inquiry. User may also remove his/her personal data by pressing a certain button in the account.
2.8. User accepts processing of the personal data including for the purposes of direct marketing. However, User is entitled to object to the processing of the personal data for the purposes of such marketing at any time. User may realize this right by pressing “Unsubscribe” button in his/her account.
3. Processed personal data
3.1. Operator receives and processes the following personal data compulsory:
3.1.1. User’s e-mail address which is necessary for registration on the Website; storage time – during the entire period of the use of the Website.
3.1.2. User’s login which is also necessary for registration and further authorization on the Website; storage time - during the entire period of the use of the Website.
3.1.3. User’s password which is necessary for registration on the Website and further authorization; storage time - during the entire period of the use of the Website.
3.1.4. Information from the social networks which is in public domain in case User used ”Login with social network account” function by registration.
3.2. Operator receives and processes the following personal data and user’s information that are specified at User’s will:
3.2.1. Data that may be specified by User in ”About me” after authorization with own login and password in „My profile” on the Website; storage time - during the entire period of the use of the Website.
3.2.2. Information about User’s choice of a bookmaker from those presented on the Website; This information is only used for the formation of the ranking; storage time - during the entire period of the use of the Website.
3.2.3. User’s comments in different parts of the Website (blogs, news, contests, bookmaker individual page, betting center, a tip of an expert or a capper etc.); storage time – during the entire period of the Website’s functioning.
3.2.4. User’s cookies which are necessary for statistics services functioning, that monitor User’s behavior on the Website for personalized and comfortable use of the Website. Cookies anonymous data analysis allows Operator to understand the way User interacts with different pages/parts/moduls of the Website so that Operator could improve it; storage time – 1 (one) year from the moment the data was left on the Website. Operator uses the following cookies: sessionid–used for data storage of User’s session on the Website; csrftoken–used for protection from external CSRF attacks; other User’s cookies (including _ga, _gid, _gat, AMP_TOKEN, _gac_<property-id>, __utma, __utmt, __utmb, __utmc, __utmz, __utmv, __utmx, __utmxx, _gaexp), which are necessary for work of the statistics services of «Google Analytics», «Intercom», «Яндекс.Метрика», «Facebook», that monitor User's behavior on the Website.
3.3. When personal data is processed for statistical purposes only, it can be stored during longer period than it is mentioned above, taking into account implementation of certain technical and organizational measures for protection of rights and freedoms of the User.
3.4. The privacy is kept for all User’s personal data not depending on whether it is processed by Operator or third parties based upon respective agreements with Operator. The exceptional cases are when User decides to publish his/her data in public domain on his/her own (for example, in comments).
3.6. Processing of the personal data is carried out in any legal way including with Operator’s personal data informational systems with the use of automation system and without using such a system. Processing of the personal data provided by the User is carried out according to the Federal Law №152-FZ “On personal data” of 27.07.2006 and according to General Data Protection Regulation (GDPR) of European Union.
4. Data processing purpose. Informational mailing.
4.1. Personal data processing is based upon:
- principles of legitimacy and justice;
- processing only the information that serves the purposes of its processing;
- conformity of content and volume of the processed information to the stated purposes of processing.
4.2. Generally, personal data processing is carried out with a purpose of maintaining full-fledged functioning of the Website, creating User’s account on the Website, further authorization on the Website, collecting statistical information, necessary for the Operator for the Website modification, improving its consumer properties.
4.3. User’s personal data may also be used for e-mailing with a purpose of direct address marketing. User is entitled to decline the processing at any time by using a respective decline button in his own account or following the link in a letter “Decline mailing”. Until User declines, he/she is considered a person accepted processing his personal data with the purpose of this clause.
4.4. When registering User can choose on his own whether he/she wants to receive the mailing, by checking “Receive the most interesting from our website to your e-mail” on the registration page.
4.5. After registration on the Website in case of initial decline of mailing. User may change his decision and subscribe on mailing in his account in “My profile” by pressing “edit” button and tick the box in the appeared interface. Thus advertising and informational mailing is carried out by direct and obvious claim and/or acceptance of User only, which is confirmed by the User on his own by double acceptance of subscription (doubleopt-in technology) from an e-letter directly received on a User’s address specified by registration or in account in “My profile”.
4.6. In case User wants to clarify personal data if it is incomplete, inaccurate, outdated or he wants to draw back the acceptance for personal data processing, User may do so by pressing button (following the link) “Update data” or “Unsubscribe” respectively in any of the letters or should send an official application to Operator via e-mail to email@example.com with topic “Clarify personal data” or “Stop processing personal data”. You should specify e-mail address and a claim in the letter. When User declines to process personal data he/she also declines receiving mailing to his/her e-mail address specified by registration.
4.7. Operator uses the data provided by User with the following purposes:
4.7.1. Sending advertising messages to User’s e-mail that he/she specified by registration and subscription;
4.7.2. Promoting his services or services of bookmakers-partners;
4.7.3. Evaluation and analysis of Operator’s systems work;
4.7.4. Informing User about events, bonuses and special offers of bookmakers by mailing.
4.8. Operator is also entitled to use User’s personal data with purposes that do not contradict the current legislation of the Russian Federation.
4.9. User agrees that personal data, processed by Operator is not excessive to the stated purposes of processing.
5. Data storage policy
5.2. Personal data is stored no longer than it is necessary for processing. Processed personal data should be erased or depersonalized after the purpose of processing is reached or in case of loss of need to reach such a purpose (for example, if User’s account is deleted).
5.3. Personal data with different requirement or purposes of processing should be stored separately within the Operator’s informational system or, if it is stored on physical devices, within the service requirements of a certain department of the Operator.
5.4. Operator’s staff member that has access to personal data because of his charges should store the information that contains personal data accurately to avoid the access of third parties. In case the staff member is absent, there should be no documents that contain personal data at his workplace. Upon going on leave, business trip or in any other cases when a staff member is absent for a long period of time, he must transfer documents and other storage devices, that contain personal data, to a person who is in charge for this by local act of the Operator. In case this person is not appointed, documents and other storage devices should be transferred to another staff member that has access to personal data by the head of the certain department of the Operator.
5.5. Upon separation from service of a staff member that has access to the personal data, his documents and other storage devices that contain personal data should be transferred to another staff member that has access to personal data by head of the department with notification of the data protection inspector.
6. Transfer and removal of the data
6.1 The personal data added by the User may be placed in public domain. However, Operator does not transfer the data to third parties.
6.2. Operator may transfer the User’s personal data in case when it is expressly stated by the acting legislature of the Russian Federation in the light of data transfer limitations defined by GDPR for EU citizens.
6.3. Providing User’s personal data upon request of state services of the Russian Federation (or local authorities) is carried out according to the legislature of the Russian Federation in case a User is a Russian Federation citizen. Providing User’s personal data upon request of state services of the Russian Federation (or local authorities) is carried out according to GDPR in case a User is an EU citizen.
6.4. Operator transfers User’s data to his staff so that they could perform their duties. Operator’s staff may maintain a data recordings roster and perform other actions with the purpose of full-fledged functioning of the Website.
6.5. User’s personal data should be removed as soon as it is technically possible upon receiving User’s application, sent to the Operator via e-mail.
6.6. Personal data and/or information given by the user by registration on the Website and using of the Website must be removed by the Operator immediately and irrevocably in cases when data and/or information:
6.6.1. Contains calls for mass riots, extremist actions, participation in mass (public) events organized with violation of the established order;
6.6.2. Provided with the purpose of performing criminal offence; disclosure of the information that contains state secret or secret specially protected by law; spreading material that contains public calls for terrorist actions or public justification of terrorism; containы other extremist materials and materials that advocate for pornography, cult of violence; contains materials with obscene language;
6.6.3. Are unreliable or contradict publicly available information;
6.6.4. Contains information regarding private life of a citizen;
6.6.5. Contradicts to the requirements of the Russian Federation referendum law and Russian Federation elections law;
6.6.6. Violates rights and legitimate interests of citizens and organizations including attacking on honor, dignity and business reputation of citizens, business reputation of organizations;
6.6.7. Is spread with the purpose of concealment or falsification of socially significant information, spreading inherently untruthful information under cover of truthful messages;
6.6.8. Is spread with the purpose of defaming a citizen or certain categories of citizens based on gender, age, race or nationality, language, religion, profession, residence and workplace or political opinion;
6.6.9. Contains pornography including pornographic images and/or advertising of involvement of underage people as performers in the events of pornographic nature.
6.6.10. Contains information about ways, methods of developing, manufacturing and using narcotics, psychotropic substances and their precursors; places when one can acquire those narcotics, substances and their precursors; ways and places of cultivating of narcotic plants.
6.6.11. Contains information about the ways of committing suicide and calls for committing suicide.
6.8. Operator also removes the personal data without unjustified delay in case one of the following reasons can be applied:
6.8.1. Personal data is no more necessary for the purposes, that were the reasons for its collecting and processing;
6.8.2. User recalled the acceptance that was a basis for processing the data;
6.8.3. Personal data was processed improperly.
7. Backup policy
7.1. Operator ensures personal data backup in the architecture to avoid losing information by the machinery failures; software failures; hardware failures; OS and applied OS failures; malware attacks; unintentional destruction of information, user’s errors; intentional destruction of information etc.
7.2. Backup creates opportunity to transfer the personal data from one Operator’s workstation to another one, thus removing dependence of the Personal data integrity on a certain workstation and/or a certain placement.
7.3. Backup is preserved on an Operator’s server.
7.4. Information of the following basic categories shall be backed up:
7.4.1. User’s personal data
7.4.2. Information that is necessary for Website servers’ and data bases management systems recover;
7.4.3. Website Users’ accounts;
7.4.4. Information of the automated systems of the architecture of the Operator, including data bases.
7.5. All data storage devices that contain data backup should be classified as “Trade secret”, thus all the backup information is confidential and protected by the Operator according to the current legislature.
7.6. Operator appoints a responsible person from the staff who is in charge for personal data backup. The work of the responsible person is controlled by a data protection inspector.
7.7. The main tasks of the person responsible for backup are:
7.7.1. Planning of backup and recovery;
7.7.2. Establishing of the life cycle and operations calendar;
7.7.3. Daily review of the backup process logs;
7.7.4. Backup data base protection;
7.7.5. Daily determination of the backup time window;
7.7.6. Creating and supporting open report, open problems reports;
7.7.7. Consultations with vendors and backup software suppliers;
7.7.8. Backup system development;
7.7.9. Monitoring of the tasks in the field of backup;
7.7.10. Preparing the Reports about failures and successful completion;
7.7.11. Analysis and resolution of problems;
7.7.12. Backup manipulations and library management;
7.7.13. Architecture output analysis;
7.7.14. Review and analysis of the backup methods;
7.7.15. Architecture development planning, determination of daily, weekly, and monthly tasks.
7.8. Person responsible for the backup is entitled to make proposals and demand termination of personal data processing in cases of violation of established technology of the information backup or malfunctioning of backup system means.
7.9. Personal data backup is made with periodicity: once per week
7.10. Control over the results of the personal data backup is performed by a personal data inspector within 10 (ten) labor days from the moment of implementation of the procedures.
7.11. In case of detecting backup system error, the person responsible for backup should inform the data protection inspector as soon as possible.
7.12. Backup verification is performed selectively at least 1 (once) a month.
8. Responses to incidents policy
8.2. The source of the information about informational security incident may be the following:
8.2.1. Messages of the staff, Users, Operator’s counterparties, sent him as an e-mail message, a service note, a letter, an application etc.
8.2.2. Notifications/messages of personal data procession supervisory authority.
8.2.3. Data obtained by the Operator after analysis of information systems logs, personal data protection systems logs.
8.3. Operator’s staff member that receives the information about an incident should inform a data protection inspector that registers the incident in Incidents management electronic system by assigning a sequence number and recording date of incident and its essence. Informational security incidents base is updated as incidents happen.
8.4. User whose rights are violated as a result of an incident is informed about the incident via e-mail as soon as possible but not later than 30 (Thirty) calendar days from the moment that incident happened. During this period all possible measures are taken to decrease or terminate further harm to the User’s rights.
8.5. Incidents’ analysis is performed by a data protection inspector that on every incident:
8.5.1. Collects and analyzes all data about incident’s circumstances (e-mails, log files of information systems, Users’ and Operator’s staff members testimony etc.);
8.5.2. Determines the volume of the personal data leak, circumstances of the leak;
8.5.3. Determines the persons, who are guilty in violation of the prescribed events for protection of the personal data;
8.5.4. Determines reasons and conditions, that contributed to the violation.
8.5.5. By completion of the analysis files a report to the Operator’s board.
8.6. After completion of the analysis and receiving the report of the data protection inspector Operator decides how to sanction the guilty.
9. Data protection policy
9.1. Operator takes technical and organizational-legal measures to protect User’s personal data from unlawful or accidental access, destruction, change, block, copy, spread or other unlawful actions.
9.2. Access to the Website is carried out through the protected (encrypted) HTTPS protocol. Website’s software maintains preventing unauthorized access to the information and/or transfering the information to the persons that do not have a right to access.
9.3. User’s account password is stored as a hashed password.
9.4. Operator carries out the following activities to protect personal data:
9.4.1. Determines threats to personal data security when the data is processed on the Website;
9.4.2. Takes all available technical and organizational measures to protect personal data security when the data is processed on the Website;
9.4.3. Appoints persons from the Operator’s staff who are responsible for User’s personal data processing;
9.4.4. Applies information security means that completed the compliance procedure in accordance with established procedure;
9.4.5. Analyzes effectivity of personal data security measures;
9.4.6. Takes actions to detect unauthorized access to the personal data;
9.4.7. Recovers personal data that was modified or destroyed after unauthorized access;
9.4.8. Determines the rules of access to the personal data that is processed by the Operator, maintains registration process and record of all actions with the personal data on the Website;
9.4.9. Uses only certified licensed software on the Operator’s workstations that are involved in personal data processing;
9.4.10. Limits access on technical and organizational level to the Operator’s workstations that are involved in personal data processing;
9.4.11. Constantly controls the taken measures to ensure personal data security.
9.5. Operator is not responsible for actions of the third parties that got access to the User’s personal data as a result of an unauthorized access to the Website and/or Operator’s software or due to another unlawful actions, taken by the third parties, when Operator could not foresee them or prevent them.
10.1. Cookies are small files or parts of a file that are stored on a computer or a mobile device of an Internet user “User”, that visited the Website. They consist of letters and numbers and are stored in a browser which is used for Internet surfing. The files allow to save information about User’s behavior in the Internet and may contain User’s ID data, his/her personalized settings and browsing history.
10.3. Cookies cannot be used to transfer malware or launch programms. When User vistis the Website, a cookie file is sent to his browser and saved on a hard drive of a User’s computer.
10.4. User can block cookies in the settings of the browser used for visiting the Website on his/her own.
10.5. By using User’s cookies, the Website gets the following information: IP-address, address of the website that was used by the User to go to the Website, information about visited pages on the Website and other technical data. All collected data are used only for the following purposes:
- traffic and traffic source analysis on the Website which is necessary for improving the Website to make it more comfortable for Users.
- access monitoring to secure Website safety and detect potentially dangerous accesses.
10.6. All the data is necessary for statistics and anonymous. If User disagree with using cookies on the Website, he/she can block this function in his browser’s settings.
10.7. User must take following steps to switch off access to cookies in the most popular browsers:
10.7.1. Microsoft Internet Explorer 6.0., 7.0, 8.0: choose ‘Tools” in upper corner of the browser or choose “Internet Options”, then choose “Privacy”. You should choose necessary settings, then press “Apply” button, then “Accept/OK”.
10.7.2. Mozilla Firefox: in browser’s menu you should choose “Parameters”, then follow to the “Privacy” and in appeared menu choose “Individual history settings”. Then you should choose necessary settings and press “OK/Accept”.
10.7.3. Google Chrome: in browser’s menu (upper right corner) you should choose “Configurations”, set necessary settings, then press “OK”.
10.7.4. Safari: in “Settings” panel you should choose “Privacy”, set necessary parameters, then press “OK”.
11. Concluding clauses
11.3. In the event of any arguments happened during the using of the User’s personal data they should be resolved pre-trial according to the current legislature of the Russian Federation order. A claim about the personal data processing shoul be responded within 30 (thirty) calendar days from the moment it was received. In case the argument is not solved pre-trial, it should tried in the Arbitration court of Saratov region.
Requisites of Operator
Address: Russian Federation, 410012, City of Saratov, 66, Atkarskaya street, office №416