PRIVACY POLICY FOR BVC SERVICES
GENERAL PROVISIONS
1. This Policy defines how BVC Trade, LLC (hereinafter the “Provider”) processes and protects information about individuals (hereinafter the “User”/“Users”) that may be obtained by the Provider when the User uses the BVC services under the User Agreement as well as the non-exclusive license agreement and that may include services, features, programs provided through the
www.xbvc.ru website and used by the Provider (hereinafter the “Site”, the “Services”).
2. The purpose of this Policy is to ensure adequate protection from unauthorized access and disclosure of personal information that the User provides about themselves when using the Site and Services as well as in the registration process (when creating an account) for the purchase of goods/services or for obtaining non-exclusive rights to use the Services.
3. Relations connected with the collection, storage, sharing and protection of information provided by the User are governed by this Policy, other official documents of the Provider and the current legislation of the territory where the User is located.
4. 4 By registering on the Site and ticking the corresponding box on the Site as well as by using the Site and the Services, the User expresses their full agreement with the terms of this Policy.
5. If the User disagrees with the terms of this Policy, the User should stop using the Site and /or any Services available through the Site.
6. If the User does not wish to receive information newsletters from the Provider, the User may opt out of receiving them by sending a request to support@xbvc.ru. The User will be excluded from informational mailing lists within 24 hours.
THE PURPOSES OF COLLECTING, PROCESSING AND STORING OF THE USER DATA BY THE PROVIDER.
1. 1 The processing of the User’s personal data is governed by the laws of the territories where the Services are used, including, but not limited to, the Russian Federal Law No. 152-FZ on Personal Data, the EU General Data Protection Regulation (GDPR), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and personal data protection laws of the U.S. and its individual states.
2. Provider processes the User’s personal data for the following purposes:
2.1. to identify the User as a party to the agreements and contracts made between the User and the Provider;
2.2. to provide goods/services, non-exclusive rights to use them, access to the Site and Services to the User, and to ensure compliance with the Terms of Use (https://xbvc.ru/terms); (https://xbvc.ru/terms)
2.3. to communicate with the User, send the User one-time transactional letters upon receiving the application for registration on the Site or receiving payment from the User if the User performs these actions, to send the User notifications and requests;
2.4. to send the User advertising and/or informational messages;
2.5. to verify, research and analyze such data in order to maintain and improve the Services and the Site, as well as to develop new Services and Site sections;
2.6. to conduct statistical and other studies based on anonymized data.
3. Below are listed the types of personal data collected by the Provider.
3.1.1. Personally identifying information provided at the time of account registration and during further work with the Services, as well as information relating to how the User uses the Services. This data may include the name, organization name, address, email, gender, age, data on the hardware and software used, information on the User’s vehicles, geolocation data (information on the physical location of BVC devices used by the User, speed, direction of travel), profile photo and other photos, video content. In the process of using the Services, the Provider may request additional personal data from the User. The Provider may also collect additional personal data from the User when the User contacts the Services support specialists or communicates with the Provider in any other way.
Social insurance number (SIN) is not required for accessing the Services (unless there is a legal requirement that the Provider make providing SIN mandatory for accessing the Services).
3.2. 2 When the User makes a payment for using the Services, the Provider may collect information for processing the payment as per the set terms. This personal information may include the User’s name, address, phone number, email, bank card details and payment amount. The Provider uses the services of third-party payment providers that have the appropriate licenses, allowing them to process payments made using payment cards and other payment methods, and does not store bank card details of the Users.
TERMS OF PROCESSING PERSONAL USER DATA AND ITS SHARING WITH THIRD PARTIES
1 The Provider will take appropriate security measures to prevent accidental or illegal destruction or accidental loss, alteration, unauthorized disclosure or accessing as well as other types of illegal processing of personal data in accordance with the applicable legislation on the protection of personal data. The Provider takes its security responsibilities seriously and applies the most appropriate physical and technical measures, including training and educating staff, and regularly reviews these measures.
2 Upon request, the User must be informed about the storage, use and disclosure of their personal information, and they must also be given access to this information.
3 The Provider gives access to the User’s personal data only to those employees, contractors and affiliates who need this information to ensure the functioning of the Site and the Services as well to sell products, provide services and non-exclusive rights to the User.
4 The Provider has the right to use the information provided by the User, including personal data, to comply with the applicable laws of the territory where the Services are used (this includes preventing and/or deterring unlawful and/or illegal actions of Users). Information provided by the User may be disclosed only in accordance with the applicable law of the territory where the Services are used at the request of the court, law enforcement agencies, as well as in other cases where required by the legislation of the territory where the Services are used. The Provider is also entitled to disclose the User’s information to third parties, including law enforcement agencies, state institutions or government bodies, as well as to private plaintiffs and defendants, whether inside or outside the User’s country of residence, if it is established that such disclosure is reasonably necessary to comply with the law, including for responding to court orders or warrants, subpoenas, etc. The Provider may also disclose User’s information if the Provider determines that such disclosure is reasonably necessary to protect any person from death or serious physical injury, to solve national security issues or other issues of public importance, to prevent or detect violations of the Terms of Use of the Services or fraud or abuse of the Provider or its users, as well as to protect activities, property or the legal rights of the Provider. This can include disclosing the User’s information to the Provider’s legal adviser or other consultants and third parties in connection with an ongoing or potential litigation.
5 Since the User’s personal data is considered by law to be a business asset, if BVC Trade, LLC goes out of business, enters bankruptcy or is acquired as a result of a transaction such as a merger, acquisition or asset sale, the User’s personal data may be disclosed or transferred to a third party in connection with such transaction.
6 The Provider’s company BVC Trade, LLC is registered in the Russian Federation. The servers hosting the Services are located in the Russian Federation, Canada, the USA, and the European Union. Thus, the personal information of the Users using the Services and providing their data to the Provider will be processed and stored in the territory where the Services are used.
7 The Provider has the right to disclose the User’s information if the User instructs the Provider to do so.
8 The Provider has the right to disclose the User’s information to third parties by forwarding copyright and/or trademark infringement notices in their original form (without deleting any data) in accordance with the law.
9 The User’s personal identifying information may be disclosed to third parties in unforeseen situations that cannot be prevented even with commercially reasonable means of protection, for example, in the event of a hacker or other attack on the Provider or the Services.
10 The Provider processes the personal data of Users who have different Roles in the Services on equal terms in accordance with the User Agreement (https://xbvc.ru/terms). (https://xbvc.ru/terms) Cases where the User provides their personal data to another User are governed by the relevant agreements between the Users. The responsibility for complying with these agreements lies solely with the parties to such agreements.
11 The Provider uses cookies in order to improve the usability of the Services. When the User visits the Site, a cookie file is created on the User’s device. This means that a unique number is assigned to the device that is only required for using the Services and doesn’t have any function otherwise. Cookies do not contain any personally identifying information and are used to personalize interaction with the User: after the User enters their login and password, this information is stored for the duration of the session in the Services so that the User does not have to enter it repeatedly during this session. Most web browsers automatically accept cookies. To stop their information from being collected through cookies or other tracking technologies, the User has to configure the appropriate settings in their browser or on their mobile device. For instructions on how to delete and disable cookies and other tracking and recording tools, see the help guide for the respective browser or mobile device. The User can also send a request to the Services support specialists on how to disable cookies and other means of tracking and activity recording. Disabling cookies may result in certain features of the Services becoming unavailable. The Provider may use the User's IP address to identify them, manage the Services and diagnose problems with the servers hosting the Services.
12 The Services server logs may store IP addresses, information about the User’s type of browser, internet service provider (ISP), visited pages and exit pages, type of operating system, date and time of visiting the Site, and number of mouse clicks. This information is used for analyzing trends, administering the Services, general click-through tracking and collecting general demographic data for complex use. IP addresses and other data can be mapped to session, user, and device identifiers.
13 The Provider uses third-party analytics services to understand how the Services are used and how to improve them.
14 The Provider may modify, anonymize and collect information provided by the User in the Services (“Content”) so that it does not identify the User and does not contain personally identifying information. Such generalized information or statistics include information about the User’s hardware and its use, demographic information, travel route and geolocation data. The Provider may use, sell, license and transfer this information to third parties for research, business or other purposes. If the User openly provides information or content in the Services, then such information, even in a generalized form, may be associated with the User.
15 The Provider does not intentionally collect information about minors. If there is reason to believe that the Provider could have accidentally received this information, it is necessary to immediately contact the Services Administration at support@xbvc.ru. The processing of data of a minor user must be authorized by the parents or legal representatives. The age threshold for parental authorization is set by individual EU member states (13 to 16 years), and the age of majority is determined individually by each country where the Services are used.
16 In the course of the User’s using the Services, the Provider may collect personally identifying information about the User’s actions on third-party websites and online services. The Provider may receive additional information about the User from third parties, such as marketers, partners, researchers, and others.
The Provider may combine the information collected from the User with the information received from these third parties, as well as through the use of any other subscriptions, products or services of the Provider.
17 The Provider’s Sites and Services do not recognize Do Not Track signals and do not respond to them, since such standards and solutions are not sufficiently developed. For more information on Do Not Track signals, see https://allaboutdnt.com (https://allaboutdnt.com/). (https://allaboutdnt.com/)
18 Third-party applications, plug-ins or websites that integrate with the Services, when used by the User, may receive the User’s information and Content, including personal information, photos and geolocation data. The terms of collecting and processing information by these third parties are governed by their policies. The Provider is not responsible for the terms or policies of third parties.
19 The User understands that when broadcasting or transmitting Content in another way through third-party services, this Content becomes available outside the Services and can be publicly accessible. When sharing information with third parties, the User should carefully review their methods of protecting confidential data. The User takes such actions at their own risk.
20 The Provider has taken a number of measures to protect its mechanisms of collecting, sharing and storing the collected data. These measures depend on the confidentiality of the data collected, processed and stored. Although the Provider seeks to take reasonable measures to protect the User information with regard to its confidentiality, the Provider does not guarantee complete security of the information provided by the User and is not responsible for theft, destruction or accidental disclosure of this information or Content. The Services use an industry- standard technology - the SSL protocol - which ensures the encryption of personal information and bank card numbers. In order to strengthen the security of the Services, the Provider is registered with an industry leading company for website identification, which means that the browser checks the Site’s reliability before sending any personally identifying information. In addition, the Provider’s servers protect user information with an advanced firewall. The effectiveness of these measures in preventing unauthorized access to personal information depends on the security functions available in the User’s browser. The responsibility for using a secure browser when sending credit card details and other personal information to the Services lies with the User. Using a browser that does not support the SSL protocol invariably puts the confidentiality of personal data at
21 The Provider does not verify the accuracy of the information provided by the User, and assumes that the User faithfully provides true and sufficient information as well as makes sure that the previously provided information is timely updated when needed, this including, but not being limited to, updating the phone number, etc.
22 The User can correct, update or delete inaccurate information in their account at any time in the account settings. All questions related to editing the information in the account should be sent to .
23 The Provider retains information about the User for as long as it is necessary for the Services to work. Information that is no longer required will be de-identified and/or safely destroyed. The Provider may also retain information from closed accounts if required by the law in order to prevent fraud, levy fees, resolve disputes, solve problems, assist in investigations, ensure compliance with the Terms of Use (https://xbvc.ru/terms) and perform other actions permitted by the law. The stored information will be processed in accordance with this Privacy Policy.
PERSONAL DATA SUBJECT RIGHTS AND DATA PROCESSING CONTROL MECHANISMS
1 The User can at any time withdraw the consent given to the Provider for the processing of personal data on their own initiative in their account in the Services (if the User has one) or by contacting the Supplier at
support@xbvc.ru.
Withdrawal of consent will not affect the legality of the collecting and processing of the User’s data carried out before the consent is withdrawn. It is important to consider that the Provider may have legal grounds for processing the User’s data for other purposes, including the grounds specified in this Privacy Policy.
2 In certain cases described in the legislation the User may demand that the processing of their personal data be restricted. This, for example, is possible if the User disputes the accuracy of their personal data. In this case, the Provider will limit the processing of data until its accuracy is verified.
3 In certain cases provided for by law, the User may object to the processing of their personal data, including its processing for direct marketing purposes.
4 If the User provides their data directly to the Provider and their processing is carried out automatically with the User’s consent or in order that the User complies with the terms of their contract with the Supplier, the User has the right to receive their processed personal data in a structured, commonly used and machine-readable format and transmit this data to another service provider.
5 The User has the right to request that their personal data be deleted. The request should be sent to the Provider’s email: support@xbvc.ru. Deleted accounts cannot be restored. It is important to consider that the Content published by the User through third-party services (for example, by broadcast) or copied by third parties may be available to them even after the User’s account or the Content is deleted. The User may also not always be able to read, rectify or delete the information copied by third parties as a result of the User’s providing them with access to this information.
6 The User has the right to dispute the Provider’s compliance with the principles of personal data protection in accordance with the law.
CHANGES TO THIS PRIVACY POLICY
If the Provider modifies the Privacy Policy, its updated version will be published in the Services in a timely manner. For major changes, an explicit notice will be given. The Provider reserves the right to change this Privacy Policy at any time. If the User objects to any changes to the Privacy Policy, they may stop using the Services and deactivate their account. If the User continues to use the Services after receiving a notification about the changes or its publication in the Services, it means that the User automatically agrees to such changes.
DISCLAIMER OF LIABILITY
The Provider makes every effort to protect the User’s personal information. However, no method of transmitting data via the internet is absolutely safe, and therefore the Provider cannot guarantee the security of any information transmitted by the User. The User provides their personal information at their own risk.
CONTACTS
All questions regarding how the Provider collects, stores and uses personal data, or any questions regarding this Privacy Policy should be sent to the Provider’s email address: support@xbvc.ru