1. General provisions

1.1. While processing personal data the Operator sets as its top priority and obligatory condition for its functioning the observance of the rights and freedoms of man and citizen, including protection of privacy, personal and family secrets.

1.2. The Operator’s Policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator can receive about the website visitors at www.maximelia.com / maximelia.com

1.3. Processing personal data means any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

1.4. The User grants the Operator their consent for processing their personal data by ticking the relevant box on the website www.maximelia.com / maximelia.com to confirm familiarization with this Privacy Policy.

2. Rights and obligations of the Operator

2.1. The Operator may:

— receive accurate information and/or documents containing personal data from the subject of personal data;

– if the subject of personal data withdraws consent to the personal data processing, the Operator may continue processing personal data without the Subject’s consent on the grounds specified in the Personal Data Law;

— independently determine the list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law and regulatory legal acts passed in compliance to it, unless otherwise provided by the Personal Data Law or other federal laws.

2.2. The Operator must:

— provide the subject of personal data, at their request, with information concerning the processing of their personal data;

— organize the processing of personal data according to the procedures established by the current legislation of the Estonia;

— respond to requests and inquiries from subjects of personal data and their legal representatives in accordance with the requirements of the Personal Data Law;

— to inform the authorities in the field of protection of the subjects’ of personal data rights at their request of the necessary information within the period specified by the current legislation;

— publish or otherwise provide unrestricted access to this Policy;

— take legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions concerning personal data;

— stop the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided for by the Personal Data Law

— undertake other duties provided for by the Personal Data Law.

3. Personal data Subjects’ (Users) Rights and Obligations

3.1. The subject of personal data may:

— receive information concerning the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The nature of information and the procedure for obtaining it is established by the Personal Data Law;

— demand from the Operator to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;

— revoke consent to process their personal data;

— appeal to the authorized body for the protection of the personal data subjects’ rights in court in case of the Operator’s illegal actions or inaction when processing their personal data;

— have other rights provided for by the legislation of the Estonia.

3.2. Personal data subjects must:

— provide the Operator with factual data about themselves;

— inform the Operator of the necessity to clarify (update, change) their personal data.

3.3. Persons who have provided the Operator with false information about themselves or information about another personal data subject without the latter’s consent are liable in accordance with the legislation of the Estonia.

4. Personal data processed by the Operator. Purposes of personal data processing

4.1. The Operator may process Users’ personal data that Users enter on the website www.maximelia.com / maximelia.com in particular (but not limited to): surname, first name, patronymic name, date of birth, phone number, email address, postal address, User certification information, links to social media profiles and personal websites.

4.2. The Operator automatically receives and stores certain information about the User’s computer when the User visits the website at www.maximelia.com / maximelia.com . The operator determines the IP address, browser type, as well as the website which the User went to prior to using www.maximelia.com / maximelia.com . This information may not always be used to identify the User.

4.3. The Operator may also collect data on the Users’ online activity, for example, viewed tours and groups. When a User visits third-party websites through the website www.maximelia.com / maximelia.com, The Operator may also receive certain information provided by the User to these sites.

4.4. The Operator uses Users’ personal and other data with the User’s consent for the following purposes:

— identification within the framework of the relationship with the Operator;

— to provide an opportunity to create tours or groups and join tours or groups on the website at www.maximelia.com / maximelia.com;

— to work with the User’s account, including sending notifications;

— to communicate with the user;

— to assess the interest in the website’s www.maximelia.com / maximelia.com services and improve their quality;

— to detect and prevent fraud and/or other illegal activities;

— to provide the User with access to the services, information and/or materials contained on the website www.maximelia.com / maximelia.com;

— to ensure the implementation of the User Agreement;

— for other purposes, which the User will be informed about at the time of date collection.

4.5. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distribution, provision, access), depersonalizes, blocks, deletes and destroys personal data.

4.6. The Operator performs automated processing of personal data with or without receiving and/or transmitting the received information via information and telecommunication networks.

5. Conditions for the Users’ personal data transfer to third parties

5.1. With respect to the User’s personal data, their confidentiality is maintained, except in cases where the User voluntarily provides information about themselves for general access to an unlimited number of persons.

5.2. The Operator may transfer the User’s personal data to third parties in the following cases:

5.2.1. The User has agreed or instructed the Operator to take such actions;

5.2.2. The transfer is necessary for the User to have access to a certain service or to fulfill a certain agreement or contract with the User;

5.2.3. The transfer is necessary for the functioning and operability of the website itself at www.maximelia.com / maximelia.com;

5.2.4. The transfer is provided for by Estonian or other applicable legislation within the framework of the procedure established by the law;

5.2.5. Such transfer takes place within the framework of the sale or other business transfer (in whole or in part), while the acquirer assumes all obligations to comply with the terms of this Agreement in relation to the personal information received by them;

5.2.6. In order to ensure the possibility to protect the Operator or third parties’ rights and legitimate interests in cases where the User violates the documents containing the terms of use of specific services;

5.2.7. As a result of processing the User’s personal data by depersonalizing it, depersonalized statistical data is obtained, which is transferred to a third party for conducting research, performing work or providing services on behalf of the Operator.

6. Processing of personal data using cookies and counters

6.1. Cookies transmitted by the website www.maximelia.com / maximelia.com to the User’s equipment and by the User’s equipment to the site www.maximelia.com / maximelia.com, may be used by the Operator to provide personalized services to the User, to target advertising that is shown to the User, for statistical and research purposes, as well as to improve the website www.maximelia.com / maximelia.com .

6.2. The User is aware that the equipment and software used by them to visit websites on the Internet may have the function of prohibiting operations with cookies (for any websites or for certain websites), as well as deleting previously received cookies.

6.3. The Operator may set up certain services in such a way that the provision of a certain website service at www.maximelia.com / maximelia.com are possible only if cookies are authorized, accepted and received by the User.

6.4. The structure of the cookie file, its content and technical parameters are determined by the Operator and may change without prior notice to the User.

6.5. Counters posted on the website www.maximelia.com / maximelia.com, can be used to analyze User cookies, to collect and process statistical information about the use of this site, as well as to ensure its operability in general or their individual functions. The technical parameters of the counters are determined by the Operator and may change without prior notice to the User.

7. Procedure for the collection, storage, transfer and other types of personal data processing

7.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.

7.2. The Operator ensures the safety of personal data and takes all possible measures to make unauthorized persons’ access to the personal data impossible.

7.3. The User’s personal data will not be transferred to third parties, except in cases provided for by applicable laws, this Policy, or if the personal data subject has given the Operator consent to transfer data to a third party to fulfill obligations under a civil contract.

7.4. In case of inaccuracies in personal data, the User may update them independently by sending a notification to the Operator to the Operator’s email address info@maximelia.com marked «Updating personal data» or by independently making changes to their profile data.

7.5. The term of personal data processing is determined by the achievement of the purposes for which personal data was collected, unless another term is stipulated by the contract or the current legislation.

7.6. The User may withdraw their consent to personal data processing at any time by sending a notification to the Operator via e-mail to the Operator’s e-mail address info@maximelia.com

7.7. Cross-border transfer of personal data is possible only if the Operator complies with the requirements and conditions provided for in Article 12 of the Personal Data Law.

7.8. On the website www.maximelia.com / maximelia.com links to third-party websites may be provided. If the User decides to visit third-party’s websites or use the services offered there, the User must take into account that this Privacy Policy will not be considered valid in relation to the actions taken by them and the information provided by the User to third parties. In this case, third-party websites are not subject to this Privacy Policy. The Operator strongly recommends that Users study the Privacy Policy of third-party websites in order to familiarize themselves with their terms and conditions for the collection, use, transfer and disclosure of personal and other data.

8. Final provisions

8.1. The User may receive any clarifications on issues of interest concerning their personal data processing by contacting the Operator via e-mail info@maximelia.com

8.2. The current version of the Policy is freely available on the Internet on the website www.maximelia.com / maximelia.com

8.3. In the event of a discrepancy between the Estonian and English versions of the texts of this Policy, the text in Russian shall prevail.

8.4. In all matters that are not described in this Policy, the Operator, Users and other persons are guided by the provisions of the current legislation of the Estonia. In the event of a legal dispute, it will be held in the Estonia in Smolensk, in accordance with the jurisdiction of the courts of the judicial system in the Estonia.