We are Oriental, trusted software development company

Personal Data Processing Policy

1. General Provisions

This personal data processing policy has been developed in accordance with the requirements of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal information taken by Oriental City Soft LLC (hereinafter referred to as the Operator). 

1.1 The Operator's most important goal is to respect human and civil rights and freedoms while processing personal data, including protecting the right to privacy and personal and family secrets.

1.2 This Policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information the Operator receives about visitors to our website https://oriental-company.cn.com.

2. The main concepts used in the Policy:

2.1 Automated processing of personal data - processing of personal information using computer technology.

2.2 Blocking of personal data - temporary termination of processing personal data (except in cases where processing is necessary for clarifying personal data).

2.3 Website - a set of graphical and informational materials, as well as computer programs and databases, which ensure their availability on the internet at the address https://oriental-company.cn.com.

2.4 Personal data information system - a set of personal information contained in databases, and information technologies and technical means that support their processing.

2.5 Depersonalization of personal data - actions that make it impossible to identify whether personal data belongs to a particular user or another subject without additional information.

2.6. Processing of Personal Data - Any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collecting, recording, organizing, accumulating, storing, clarifying (updating, modifying), extracting, using, transferring (distributing, providing, access), depersonalizing, blocking, deleting, or destroying personal data.

2.7. Operator - A state body, municipal body, legal entity, or individual who independently or jointly with others organizes and/or processes personal data, determines the purpose of processing, the composition of data to be processed, and the actions to be taken with personal data.

2.8. Personal data - Any information directly or indirectly related to a specific user of the website https://oriental-company.cn.com.

2.9 Personal data authorized for distribution by the data subject - personal data that any number of people have access to, given by the data subject's permission to process personal data, which is authorized for distribution in accordance with the procedures provided for in the Personal Data Protection Law (hereinafter referred to as "personal data authorized for distribution").

2.10 User - any person visiting the website https://oriental-company.cn.com.

2.11. Providing personal data - actions aimed at revealing personal data to a specific person or a group of people.

2.12. Sharing personal data - any actions aimed at sharing personal data with an indefinite number of people (transfer of personal data), or making personal data accessible to an unlimited number of individuals, including publishing it in mass media, posting it on information and telecommunication networks, or otherwise providing access to it.

2.13. Transborder transfer of personal data - transfer of personal data outside the country's territory to a foreign authority, a foreign natural person, or a foreign legal entity.

2.14. Erasing personal data - any action that permanently destroys personal data, rendering it impossible to recover the content of the data in the information system, and/or destroys the material carriers.

3. Basic Rights and Obligations of the Operator

3.1 The Operator has the right to:

• receive reliable information and/or documents containing personal data from the data subject;
• if the data subject withdraws their consent to the processing of personal data and sends a request to stop the processing of their data, the operator has the right to continue the processing of the data without the data subject's consent, if there are grounds specified in the Data Protection Law;
• independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations specified in the Law on Data Protection and regulatory legal acts adopted in accordance with it, unless otherwise provided for by the Data Protection Law or other federal laws.

3.2 The Operator is obligated to:

• provide the data subject, upon request, with information related to the processing of their personal data.
• Organize the processing of personal data in accordance with the procedures established by the relevant legislation of the Russian Federation;
• Respond to requests and inquiries from personal data subjects and their representatives in accordance with the provisions of the Personal Data Protection Law;
• Provide the authorized body responsible for protecting the rights of individuals with the necessary information upon request within 10 business days from receipt of the request;
• Publish or otherwise make available this Personal Data Policy to ensure unrestricted access;
• Take legal, organizational, and technical measures to safeguard personal data against unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, or other illegal activities related to personal data;
• Stop transmitting (distributing, providing, or accessing) personal data and stop processing and delete personal data in accordance with the procedures and cases provided by the Law on Personal Data;
• Perform other duties specified by the Law on Personal Data.

4. Basic Rights and Obligations of personal data subjects

4.1. Personal data subjects have the right to:

- receive information related to the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject in an accessible form by the Operator, and it should not contain personal data related to other personal data subjects, unless there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;

- require the operator to clarify their personal data, block or delete it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;

- set a condition for prior consent when personal data is processed for the purpose of promoting goods, works, and services on the market.

- To withdraw consent to the processing of personal data and send a request to stop the processing of their personal data;

- Appeal to the authorized body for protection of personal data rights or in court against any illegal actions or omissions by the Operator while processing their personal information;

- Exercise other rights provided by the legislation of the Russian Federation.

4.2. Data subjects are required to: 

- Provide the Operator with accurate information about themselves;

- Inform the Operator about clarifications (updates or changes) to their personal details.

4.3. People who provide false information to the Operator or share information about other people without their consent are liable in accordance with the laws of the Russian Federation.

5. Principles of Personal Data Processing

5.1. Personal data is processed in a lawful and fair manner.

5.2. Personal data is only processed to achieve specific, clearly defined, and legitimate objectives. It is not allowed to process personal data for purposes that are not compatible with the original reasons for collecting it.

5.3. Databases containing personal data processed for incompatible purposes must not be combined.

5.4. Only personal data relevant to the purposes of its processing should be processed.

5.5. The content and scope of the processed personal data must align with the stated objectives of processing. It is not acceptable to have excessive personal data processed when it is not necessary for the stated purposes.

5.6. The accuracy, completeness, and relevance of personal data are ensured during the processing. If necessary, the Operator takes the necessary measures to delete or clarify any incomplete or inaccurate information.

5.7. Personal data is stored for as long as necessary to complete the purpose of processing, but not longer than is required. This period may be extended if permitted by federal laws, agreements to which the individual is a party or beneficiary, or guarantor. Once the purposes of processing are achieved or no longer require personal data, it is either destroyed or made anonymous. However, this may not apply if the law requires otherwise.

6. Purposes of Personal Data Processing

Purpose of Processing: Informing the User through Emails

Personal Data: Last name, First name, Patronymic, Email address, Phone numbers

Legal Grounds: Statutory (Constituent) Documents of the Operator

Types of Personal Data Processing: Sending Informational Letters to the Email Address

7. Conditions for personal data processing

7.1. Personal data processing is carried out only with the consent of the data subject, who has the right to object to such processing.

7.2. Personal data is processed to achieve goals specified by the international agreement of the Russian Federation or by law, for the purpose of fulfilling the functions and duties assigned by the operator to the legislation of the Russian Federation.

7.3. Personal data may also be processed for the purpose of administering justice, executing a judicial decision, or an act issued by another body or official, which is subject to enforcement in accordance with Russian legislation on enforcement proceedings.

7.4. Processing of personal data is necessary for the execution of a contract in which the data subject is a party, beneficiary, or guarantor. It is also necessary for concluding a contract at the initiative of the data subject or for a contract under which the data subject will become a beneficiary or guarantor.

7.5. Processing is necessary to protect the rights and interests of the controller or third parties or to achieve social goals, provided that the data subject's rights and freedoms are not violated.

7.6. Personal data that is publicly available, i.e., data that has been made available to an unlimited number of people by the data subject or upon their request, is processed. 

7.7. Data subject to publication or mandatory disclosure under federal law is also processed.

8. Procedure for the Collection, Storage, Transfer, and Other Types of Processing of Personal Data

The security of personal data processed by the Company is ensured by implementing legal, organizational, and technical measures necessary to comply fully with the requirements of current legislation in the field of data protection.

8.1 The Company ensures the safety of personal data and takes all possible measures to prevent unauthorized access to such data.

8.2 The Company will never transfer the User's personal data to third parties under any circumstances, except in cases related to compliance with current legislation or when the data subject has provided consent to such transfer to a third party to fulfill obligations under a civil agreement.

8.3. If any inaccuracies in the user's personal data are detected, the user can update them by sending a message to the operator's email address, info@orientalcity.org, with the subject "Updating personal data".

8.4. The period of time during which the operator will process the user's data is determined by the purpose for which the data was collected. Unless another time period is specified in the contract or applicable laws, the user may withdraw their consent to have their personal data processed at any time by contacting the operator via email at the operator's address info@orientalcity.org with the subject line "Revocation of Consent to Personal Data Processing".

8.5. All information collected by third-party services, including payment systems, communication means and other service providers, is stored and processed by the specified parties (Operators) in accordance with their respective requirements. The User Agreement and Our Privacy Policy govern the use of personal data, and the Operator is not liable for the actions of third parties, including service providers mentioned in this clause.

8.6. The restrictions that a person places on the transfer (except for providing access), processing, or conditions of processing (except for gaining access) of personal data intended for dissemination do not apply in cases where personal data is processed in the interests of the state, public, or other public interests as defined by the legislation of the Russian Federation.

8.7. The Operator ensures the confidentiality of personal data while processing it.

8.8. The Operator stores personal data in a way that allows identification of the data subject, for no longer than necessary for the purposes of processing the personal data, unless a longer storage period is mandated by federal law or an agreement where the subject of personal data is a party, beneficiary, or guarantor.

8.9. The reasons for stopping the processing of personal data can be:

•  reaching the goals of personal data processing;
• the expiration of the agreement from the person whose data is being processed;
• the person whose data is being processed withdrawing their consent;
• a request to stop processing personal data;
• finding out that personal data is being processed illegally.

9. List of Actions Performed by the Operator with Received Personal Data

9.1 The Operator collects, records, organizes, stores, updates, extracts, uses, distributes, provides access to, anonymizes, blocks, removes, and destroys personal data.

9.2 The Operator performs automatic processing of personal data, with or without the receipt and/or transmission of the received information through information and communication networks.

10. Cross-border Transfer of Personal Data

10.1 The Operator is required to notify the relevant authority for the protection of personal data rights of its intention to transfer personal data across borders (this notification should be sent separately from the notice of intent to process personal data).

10.2 Before submitting this notification, the operator must obtain relevant information from authorities of the foreign state, as well as from foreign individuals and legal entities to whom the transfer of personal data will be made.

11. Confidentiality of Personal Data

The operator and any other persons who have access to personal data must not disclose or share personal data with third parties without the individual's consent, unless otherwise required by federal law.

12. Final Provisions

12.1 The User may contact the Operator via email at info@orientalcity.org to obtain any clarifications regarding questions related to the processing of their personal data.

12.2 This document will be updated to reflect any changes to the Operator's policy on the processing of personal data. The policy will remain in effect until a new version replaces it.

12.3 The current version of this Policy is available on the internet at https://oriental-company.cn.com/privacy/

Policy on the Use of User Data by Oriental City Soft LLC

By visiting this site or using the mobile applications of Oriental City Soft LLC (located at 04, Tower A, New Trade Plaza, 6 On Ping Street, Shatin, N. T., Hong Kong) (hereinafter referred to as “Company”) via the information and telecommunication network “Internet” (hereinafter referred to as the “Internet” network), acting freely, in your own interest and expressing your own will, you hereby agree to the following Policy regarding the use of user data by Oriental City Soft LLC, including the fact that the Agency can process user data using Google Analytics and similar metric programs, which is done within the limits and for the purposes outlined below. Processing refers to any actions involving the use of automated tools, such as collecting, recording, organizing, storing, refining (updating or modifying), retrieving, utilizing, transferring (providing access to), blocking, deleting, or destroying processed data. Under "user data" we mean information about the users of the site and the mobile app. This information is collected by the company using the metric program Google Analytics. 

Specifically, we collect the following data:

• User's alias;
• Address of the user or specifications of the device by which the user visits the website of the Company and/or establishes a connection with the Internet service;
• Operating system on the user's device;
• Operating system version;
• "cookie" files;
• Information about the user, including their IP address, search queries, the time of request, the type and version of the browser used, the language, the date and time of access to the site;
• Internet address of the web pages visited by the user;
• The scope of information on the Internet resources of the company visited by the user;
• User ID converted by the company using a hash function or other modifications;
• Device identifier;
• Location.
• The number of pages viewed;

• The duration of the visit to the Company's website;

• Queries that the user used when navigating to the site;
• The pages accessed to get to the site;
• Information about the mobile device, such as device ID and location;
• Information about the system settings on the device;
• User’s CUS;
• User-Agent string;
• Source of advertising traffic;
• Session ID;
• Time of the login/registration; 
• Token; 
• The amount of time used to validate the access to the system;
• IDs of the systems visited by the user;
• Version of the mobile application used;
• Login information;
• Date and time of the use of the service;
• Any other information that does not uniquely identify the user as a specific individual, to provide the user with promotional information and analysis of the user behavior; 
• Cookie files of the metric program Google Analytics.

For more detailed information about how we use and protect your data when using these metrics and counters, please refer to the following link: https://support.google.com/analytics/

The type of data we collect from you depends on the browser and device you use. We may use this data for:

• providing information about the company, its products, and services;
• improving and developing new products and services;
• maintaining statistics about users;
• storing personal preferences and settings of users;
• tracking user access sessions;
• ensuring the proper functioning and enhancing the quality of the website;
• using internet forms on the website;
• offering remote maintenance;
• creating a list of your interests and suggesting relevant content.

You have control over your data. If you use a browser or device that allows it, you can block, delete, or restrict the use of cookies.To learn how to manage cookies on your browser or device, please refer to the instructions provided by the browser's developer or the manufacturer of your device. If you prefer, you can restrict the use of cookies in your browser to protect your user data. The cookies that are processed are destroyed once the specific purpose for processing is achieved or when it is no longer necessary for those goals.