Personal Data Processing Rules (hereinafter referred to as PD rules) Site Users https://shop.imen.world/ developed in accordance with the provisions of the legislation of the European Union and the Rules of Use of the Site.
These Rules are an appendix to the Rules of Use of the Site and an integral part of them. By accepting the terms of the Site’s Terms of Use, the User automatically accepts the terms of these Terms of Use.

1. Terms and definitions.

• The Parties are the Site Administration (G-Retail OU (Reg. nom: 16860182, VAT EE nom: EE102706545, Vesivarava tn 50-201, 10152, Tallinn, Estonia, Management board member: Bogdanian Garri) and any User of the Site.
• Personal data (PD) — any information related directly or indirectly to a specific or identifiable individual (subject of personal data).
• Personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
• Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.
• Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain circle of persons.
• Blocking of personal data — temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data);
• Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
• Depersonalization of personal data — actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information.
• Information — information (messages, data) regardless of the form of their presentation.
• Documented information — information recorded on a tangible medium by documenting information with details that allow you to identify such information or its tangible medium.
• Confidentiality of personal data is a mandatory requirement for the Administration or other person who has access to personal data to prevent their dissemination without the consent of the subject of personal data or the presence of other legitimate grounds.

1. General provisions.
   2.1 The PD Rules establish the obligations of the Site Administration for non-disclosure and ensuring the confidentiality of personal data provided by the User.
   2.2 The use of the Site by the User means acceptance of the PD Rules and the terms of processing of the User’s personal data by the Administration.
   2.3 In case of disagreement with the terms of the PD Rules, the User undertakes to stop using the Site.
   2.4 Personal data authorized for processing under these PD Rules are provided by the User voluntarily by filling out various forms during registration on the Site and include the following information: surname, first name, patronymic, date, month and year of birth, data of an identity document (passport), personal taxpayer number, photos and videos your personal image, phone number, registration address, and other similar information provided by the User about yourself, and on the basis of which it is possible to identify the subject of personal data.
   2.5 The Administration has the right to carry out with the received personal data of Users all legal necessary actions related solely to the achievement of the above-mentioned goals.
   2.6 Any other personal and confidential information not mentioned above is subject to safe storage and non-proliferation by the Administration and the User.
2. The basic principles and purposes of collecting personal information.
   3.1. The Administration processes personal data that is necessary to provide the User with access to the Site and its separate functionality.
   3.2. The User hereby instructs the Administration and agrees that the Administration:

• processes the User’s personal data in order to provide access to the Site and its functionality, verify, research and analyze such data, allowing to maintain and improve the current functionality of the Site, develop new functionality, as well as for other purposes provided for by these PD Rules;
• takes all necessary measures to protect the User’s personal data from unauthorized access, modification, disclosure or destruction;
• provides access to the User’s personal data only to those employees, contractors and agents of the Administration who need this information to ensure the functioning of the Site and provide Users with access to its use;
• will and has the right to use the information provided by the User, including personal data, in order to ensure compliance with the requirements of the current legislation of the European Union and Estonia in particular (including in order to prevent and/or suppress illegal and/or illegal actions of Users).
  3.3. Principles of processing personal data of Users:
• the processing of personal data should be carried out exclusively on legal grounds and in the interests of Users;
• the processing of personal data should be limited to achieving specific legitimate goals;
• when processing personal data, the accuracy, sufficiency, and, if necessary, the relevance of personal data is ensured;
• the storage of personal data should be carried out in a form that allows you to identify the subject of personal data, no longer than the purposes of personal data processing require.
  3.4. The Administration processes the User’s personal data in order to:
• execution of agreements with the User to provide access to the Site’s functionality, for Site administration;
• User identification during registration and User authentication when using the Site;
• provision of services, processing of requests and requests from the User;
• establishing feedback with the User, including sending notifications and requests;
• confirmation of the completeness of the personal data provided by the User;
• conclusion of contracts with the User, implementation of mutual settlements;
• collecting statistics;
• improving the quality of the Site, the convenience of its use and the development of new services and services;
• conducting marketing (advertising) events, sending offers, promoting services on the market by making direct contacts with a potential consumer.
  3.5. The User is aware and agrees that for the purposes provided for in the PD Rules, the Administration has the right:
• collect and use additional information related to the User, obtained during the User’s access to the Site or from third parties, and including data on technical means (including mobile devices) and methods of technological interaction with the Site (including The IP address of the host, the type of User’s operating system, browser type, geographical location, provider data, etc.), User activity on the Site, Cookies, information about errors issued to Users, downloaded files, videos, tools, as well as other data obtained by the methods established by the PD Rules;
• to dispose of statistical information related to the operation of the Site, as well as User information for the purposes of organizing the operation and technical support of the Site and the fulfillment of the terms of these Rules.

1. Conditions for processing personal information.
   4.1. The processing of the User’s personal data is carried out within the time limits specified by the Rules, in any legal way, including in personal data information systems, using automation tools (in the form of electronic images of documents), except in cases when non-automated processing of personal data is necessary in connection with compliance with legal requirements. The processing of Users’ personal data is carried out in accordance with the requirements of Regulation of the European Parliament and of the Council of the European Union 2016/679 of April 27, 2016. on the protection of individuals in the processing of personal data and on the free circulation of such data, as well as on the repeal of Directive 95/46/EC (General Data Protection Regulation /GDPR), these PD Rules.
   4.2. The source of information about all personal data of the User is the User of the Site himself. By filling out any form and/or attaching a file when registering in the Application and using the Site, the User thereby consents to the processing of his personal data for the purposes specified in these Rules. The User confirms the rights and obligations in relation to the account created in this way.
   4.3. In relation to the User’s personal information, its confidentiality is maintained, except in cases where the User voluntarily provides information about himself for general access to an unlimited number of persons. When using the Site, the User agrees that a certain part of his personal information as a result of the User’s actions becomes publicly available to other Users of the Site and Internet users, can be copied and/or distributed by such Users, taking into account the available privacy settings.
   4.4. The Administration takes the necessary organizational and technical measures to protect the User’s personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
   4.5. The Administration stores information about the User during the period of granting the latter access to the Site, as well as 3 (three) months from the date of termination of such access for any reason. If the Administration receives an application from the User to revoke consent to the processing of PD, the Administration stops processing the User’s PD from the date specified in the application, but not earlier than the date following the date the Administration actually received the review.
   4.6. The Administration stores the personal data of the User and his employees. At the same time, the User guarantees that he has received the consent of each of his employees to transfer his personal data to the Administration.
   4.7. The Administration, being the processor of personal data on behalf of the User, is not obliged to obtain the consent of the User’s employees to process their personal data. By unconditionally accepting the terms of these Rules, the User confirms that he has received the consent of his employees in advance to transfer their personal data to the Administration.
   4.8. The User is responsible to the User’s employees, whose personal data is processed by the Administration on behalf of the User, independently.
   4.9. The Administration processes the personal data of the User’s employees in full accordance with the provisions provided for in these Rules.
   4.10. The Administration processes personal data in the following ways: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of User’s personal data.
   4.11. The storage of Personal Data of Users is carried out exclusively on electronic media and is processed using automated systems, except in cases where non-automated processing of personal data is necessary in connection with compliance with legal requirements. The servers where User data is stored are located in the EU.
   4.12. The Administration may transfer Users’ personal data, including cross-border transfer to the territory of foreign states, subject to obtaining the User’s consent and ensuring the necessary protection of the rights of personal data subjects, to Administration contractors who are engaged by the Administration to provide services to maintain proper technical condition, operability, and modification of the Site.
   4.13. If the User does not agree with the processing of his personal data by the Administration, the User should not publish this information or report this data when registering on the Site (in his personal account or other functionality) and using the Site. As soon as the User provides his personal data when registering on the Site, they will become available to the Administration.
2. Obligations of the parties.
   5.1. The User is obliged to:

• Provide correct information about personal data necessary for the purposes specified in the section of the PD Rules.
• Update and supplement the information provided about personal data in case of changes to this information.
  5.2. The Administration is obliged to:
• Use the information obtained exclusively for the purposes specified in the PD Rules.
• Ensure that confidential information is kept confidential.
• Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure usually used to protect this kind of information in existing business transactions.
• To block personal data related to the relevant User from the moment of the User’s request or request, or his legal representative, or the authorized body for the protection of the rights of personal data subjects for the period of verification, in case of identification of false personal data or illegal actions.
  5.3. When processing personal data, the Administration is obliged to take the necessary legal, organizational and technical measures to protect personal data from unauthorized, unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data, by:
• development and implementation of documents regulating work with PD in the organization;
• restrictions and regulations on the composition of employees who have access to personal data;
• implementation of a permissive system for User access to information resources, software and hardware for processing and protecting information;
• implementation of anti-virus control, prevention of the introduction of malware (virus programs) and software bookmarks into the corporate network;
• detection of intrusions into the corporate network of the Administration that violate or create prerequisites for violation of the established requirements for ensuring the security of personal data;
• backup information.
  5.4. When determining the volume and content of the processed personal data, the Administration is guided by the provisions of the General Data Protection Regulation /GDPR and these PD Rules.
  5.5. The Administration undertakes to ensure that unauthorized and inappropriate access to the personal data of Users of the Site is prevented.
  5.6. In this case, authorized and targeted access to the personal data of Users of the Site will be considered access by persons authorized by the Administration within the framework of the objectives of the activity and the subject of the Site.

1. Final provisions.
   6.1. These PD Rules are valid for an indefinite period, and in terms of the User’s consent to PD processing – until the moment of its withdrawal by the User by sending an appropriate notification to the Administration’s email address, as well as by writing to the Administration’s legal address. The chosen method of treatment should ensure that the Administration is able to reliably identify the person who applied.
   6.2. The User may contact the Administration with a request to clarify, change, block, revoke, etc. his personal data at the e-mail address posted in the contact information section about the Administration on the Website.