Privacy policy
Bo Put, Ko Samui District
01.09.2024
This Privacy Policy for personal data (hereinafter referred to as the "Privacy Policy") has been developed in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ "On personal data" and applies to all information that the Mio Mio pizza online store, located at the domain name link to the site (hereinafter referred to as the "Online Store"), may receive about the User during the use of the website of the Online Store, programs and products of the Online Store.
1. DEFINITION OF TERMS
The following terms are used in this Privacy Policy:
"The Administration of the Online Store Website (hereinafter referred to as the "Website Administration") - Banyan Food Market Company, address: 25/243, Moo 6, Bo Phut, Ko Samui, Surat Thani, 84320, employees authorized to manage the website (hereinafter referred to as the "Operator"), who organize and (or) process personal data, and determine the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
"Personal data" - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
"Personal data processing" - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
"Operator" - a legal entity or an individual organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data.
"Confidentiality of personal data" - a mandatory requirement for the operator or other person who has access to personal data not to allow their distribution without the consent of the subject of personal data or the presence of other legal grounds.
"User of the Online Store Website" (hereinafter referred to as the "User") - a person who has access to the Site via the Internet and uses the Online Store Website.
"Cookies" — a small piece of data sent by a web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time it tries to open a page of the corresponding site.
"IP address" — a unique network address of a node in a computer network built using the IP protocol.
2. GENERAL PROVISIONS
2.1. The User's use of the Online Store website means consent to this Privacy Policy and the terms of processing the User's personal data.
2.2. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Online Store website.
2.3. This Privacy Policy applies only to the Mio Mio pizza Online Store website. The Online Store does not control and is not responsible for third-party websites to which the User can click on links available on the Online Store website.
2.4. The Site Administration does not verify the accuracy of the personal data provided by the User to the Online Store website.
3. SUBJECT OF PRIVACY POLICY
3.1. This Privacy Policy sets forth the obligations of the Administration of the Online Store website to maintain confidentiality and ensure protection of the privacy of personal data that the User provides at the request of the Website Administration upon registration on the Online Store website or when placing an order for catering services.
3.2. Personal data permitted for processing within the framework of this Privacy Policy are provided by the User by filling out the registration form on the Website of the Mio Mio pizza Online Store and include the following information:
User name;
User contact phone number;
address of provision of catering services (delivery of culinary products);
last name, first name of the recipient of the order.
3.3. The Online Store protects the Data that is automatically transmitted during viewing of advertising blocks and when visiting pages on which the statistical script of the system is installed:
IP address;
information from cookies;
information about the browser (or other program that provides access to displaying ads);
access time;
address of the page on which the ad unit is located;
referrer (address of the previous page).
Disabling cookies may result in the inability to access parts of the Online Store website that require authorization.
3.4. The Online Store collects statistics on the IP addresses of its visitors. This information is used to identify and resolve technical problems, to control the legality of financial payments.
3.5. Any other personal information not specified above (purchase history, browsers and operating systems used, etc.) is subject to secure storage and non-dissemination, except for cases provided in paragraphs. 5.2. and 5.3. of this Privacy Policy.
4. PURPOSES OF PROCESSING THE USER'S PERSONAL DATA
4.1. The Administration of the website of the online store "Mio Mio pizza" may use the User's personal data for the following purposes:
4.2. Identification of the User registered on the website of the Online store, to place an order for catering services.
4.3. Providing the User with access to the personalized resources of the Website of the Online store.
4.4. Establishing feedback with the User, including sending notifications, requests regarding the use of the Website of the Online store, provision of services, processing requests and applications from the User.
4.5. Create an account to place orders if the User has consented to the account creation.
4.6. Notify the User of the Online Store Website about the Order status.
4.7. Process and receive payments.
4.8. Provide the User with effective customer and technical support in the event of problems related to the use of the Online Store Website.
4.9. Provide the User with information about product updates, special offers, price information, newsletters and other information on behalf of the Online Store or on behalf of the Online Store's partners.
4.10. Carry out advertising activities aimed at attracting the User's attention to the products and services of the Online Store.
4.11. Provide the User with access to the websites or services of the Online Store's partners in order to receive products, updates and services.
4.12. Carry out marketing activities, including assessing the level of service, monitoring traffic and the popularity of various products and services.
5. METHODS AND TERMS OF PROCESSING PERSONAL INFORMATION
5.1. The processing of the User's personal data is carried out without time limitation, in any legal way, including in personal data information systems with or without the use of automation tools.
5.2. The User agrees that the Site Administration has the right to transfer personal data to third parties, in particular, courier services, postal organizations, telecommunications operators, for the purpose of fulfilling and providing information support for the User's order placed on the Mio Mio pizza online store website or through a call center operator, including delivery of ordered culinary products, as well as for the purpose of informing and attracting the User's attention about the terms and process of providing services, including advertising promotions, new products.
5.3. The Contractor has the right to transfer the personal data of Users to organizations with which the Contractor has concluded agreements to ensure the implementation of promotions aimed at attracting the attention of consumers to the Contractor's services.
5.4. The Contractor has the right to transfer personal data of Users to organizations with which 5.5. The Contractor has concluded telecommunications agreements, including for information support of the order fulfillment procedure.
5.6. The Contractor has the right to transfer personal data of Users to organizations with which the Contractor has concluded agreements to ensure the implementation of promotions aimed at attracting the attention of consumers to the Contractor's services.
5.7. The User's personal data may be transferred to authorized state authorities of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
5.8. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
5.9. The Site Administration takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.10 The Site Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
6. CONSENT TO THE PROCESSING OF PERSONAL DATA
6.1. The collection and processing of personal data is carried out with the consent of the Users, except in cases established by law.
6.2. The User's consent to the processing of personal data is considered to be received when he/she provides personal data freely, of his/her own free will and in his/her own interests and is confirmed by clicking the "Place an order" button when ordering dishes from the site and reading the "Privacy Policy".
6.3. Disagreement with the processing of personal data is expressed by refusing to use the site.
6.4. The User has the right to cancel the previously given consent to the processing of personal data by sending a message or calling the phone number indicated on the site. In the event of receiving a message about the cancellation of consent to the processing of the User's personal data, the Site Administration takes immediate measures to exclude the User's personal data from the database and stops processing them in any way, except for cases provided by law.
6.5. If the cancellation of consent to the processing of personal data is made by the User before the execution of the placed and confirmed order, the use of personal data is terminated after the order is executed.
7. PERSONAL DATA PROTECTION OBLIGATIONS
The Site Administration undertakes to:
7.1. Use the information received solely for the purposes specified in paragraph 4 of this Privacy Policy.
7.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and not sell, exchange, publish, or disclose in any other possible way the transferred personal data of the User, with the exception of paragraphs 5.2 and 5.3 of this Privacy Policy.
7.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure usually used to protect such information in existing business practices.
7.4. Block personal data related to the relevant User from the moment of the User's request or appeal or their legal representative or authorized body for the protection of the rights of personal data subjects for the verification period, in the event of detection of inaccurate personal data or illegal actions.
8. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING
8.1. When processing personal data, the Site Administration takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
8.2. The Site Administration ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation
8.2.1. In order to protect personal data, the Site Administration takes the following measures:
Data identification:
Identification and authentication of users who are employees of the operator
Management of identifiers, including creation, assignment, destruction of identifiers
Management of authentication tools, including storage, issuance, initialization, blocking of authentication tools and taking measures in case of loss and (or) compromise of authentication tools
Identification and authentication of users who are not employees of the operator (external users)
Protection of feedback when entering authentication information
Access control of access subjects to access objects:
Management (creation, activation, blocking and destruction) of user accounts
Implementation of necessary methods, types and rules for access control
Management of information flows between devices, segments of the information system, as well as between information systems
Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system
Assignment of the minimum necessary rights and privileges to users, administrators and persons ensuring the functioning of the information system
Limitation of unsuccessful attempts to log in to the information system
Blocking an access session to the information system after a set period of inactivity of the user or at his request
Permission (prohibition) of user actions permitted before identification and authentication
Implementation of secure remote access of access subjects to access objects through external information and telecommunication networks
Regulation and control of the use of wireless access technologies in the information system
Regulation and control of the use of mobile technical means in the information system
Management interaction with information systems of third-party organizations
Registration of security events:
Definition of security events subject to registration and their storage periods
Definition of the composition and content of information on security events subject to registration
Collection, recording and storage of information on security events for the established storage period
Protection of information on security events
Anti-virus protection:
Implementation of anti-virus protection
Updating the database of signs of malicious computer programs (viruses)
Control (analysis) of personal data security:
Identification, analysis of information system vulnerabilities and prompt elimination of newly identified vulnerabilities
Control of installation of software updates, including updating software for information security tools
Control of operability, configuration parameters and correct functioning of software and information security tools
Control of the composition of technical means, software and information security tools
Protection of the virtualization environment:
Identification and authentication of access subjects and access objects in the virtual infrastructure, including administrators of virtualization tools
Management of access subjects to objects access in the virtual infrastructure, including inside virtual machines
Registration of security events in the virtual infrastructure
Implementation and management of anti-virus protection in the virtual infrastructure
Segmentation of the virtual infrastructure
Protection of technical means:
Control and management of physical access to technical means, information protection means, and means of ensuring the functioning
Placement of devices for output (display) of information, excluding its unauthorized viewing
Protection of the information system, its means, communication systems and data transfer:
Ensuring the protection of personal data from disclosure, modification and imposition (input of false information) during its transmission (preparation for transmission) via communication channels that go beyond the controlled zone, including wireless communication channels
Protection of wireless connections used in the information system
Configuration management of the information system and personal data protection system:
Determination of persons who are authorized to make changes to the configuration of the information system and personal data protection system
Management of changes to the configuration of the information system and personal data protection system
Analysis of potential impact of planned changes in the configuration of the information system and the personal data protection system on ensuring the protection of personal data and coordinating changes in the configuration of the information system with the official (employee) responsible for ensuring the security of personal data
9. ADDITIONAL TERMS
9.1. The Site Administration has the right to make changes and additions to this Privacy Policy without the consent of the User.
9.2. The new Privacy Policy comes into force from the moment it is posted on the Website of the online store, unless otherwise provided by the new version of the Privacy Policy.
9.3. The current Privacy Policy is posted on the page at https://miomiopizza.com/pp
01.09.2024
This Privacy Policy for personal data (hereinafter referred to as the "Privacy Policy") has been developed in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ "On personal data" and applies to all information that the Mio Mio pizza online store, located at the domain name link to the site (hereinafter referred to as the "Online Store"), may receive about the User during the use of the website of the Online Store, programs and products of the Online Store.
1. DEFINITION OF TERMS
The following terms are used in this Privacy Policy:
"The Administration of the Online Store Website (hereinafter referred to as the "Website Administration") - Banyan Food Market Company, address: 25/243, Moo 6, Bo Phut, Ko Samui, Surat Thani, 84320, employees authorized to manage the website (hereinafter referred to as the "Operator"), who organize and (or) process personal data, and determine the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
"Personal data" - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
"Personal data processing" - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
"Operator" - a legal entity or an individual organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data.
"Confidentiality of personal data" - a mandatory requirement for the operator or other person who has access to personal data not to allow their distribution without the consent of the subject of personal data or the presence of other legal grounds.
"User of the Online Store Website" (hereinafter referred to as the "User") - a person who has access to the Site via the Internet and uses the Online Store Website.
"Cookies" — a small piece of data sent by a web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time it tries to open a page of the corresponding site.
"IP address" — a unique network address of a node in a computer network built using the IP protocol.
2. GENERAL PROVISIONS
2.1. The User's use of the Online Store website means consent to this Privacy Policy and the terms of processing the User's personal data.
2.2. In case of disagreement with the terms of the Privacy Policy, the User must stop using the Online Store website.
2.3. This Privacy Policy applies only to the Mio Mio pizza Online Store website. The Online Store does not control and is not responsible for third-party websites to which the User can click on links available on the Online Store website.
2.4. The Site Administration does not verify the accuracy of the personal data provided by the User to the Online Store website.
3. SUBJECT OF PRIVACY POLICY
3.1. This Privacy Policy sets forth the obligations of the Administration of the Online Store website to maintain confidentiality and ensure protection of the privacy of personal data that the User provides at the request of the Website Administration upon registration on the Online Store website or when placing an order for catering services.
3.2. Personal data permitted for processing within the framework of this Privacy Policy are provided by the User by filling out the registration form on the Website of the Mio Mio pizza Online Store and include the following information:
User name;
User contact phone number;
address of provision of catering services (delivery of culinary products);
last name, first name of the recipient of the order.
3.3. The Online Store protects the Data that is automatically transmitted during viewing of advertising blocks and when visiting pages on which the statistical script of the system is installed:
IP address;
information from cookies;
information about the browser (or other program that provides access to displaying ads);
access time;
address of the page on which the ad unit is located;
referrer (address of the previous page).
Disabling cookies may result in the inability to access parts of the Online Store website that require authorization.
3.4. The Online Store collects statistics on the IP addresses of its visitors. This information is used to identify and resolve technical problems, to control the legality of financial payments.
3.5. Any other personal information not specified above (purchase history, browsers and operating systems used, etc.) is subject to secure storage and non-dissemination, except for cases provided in paragraphs. 5.2. and 5.3. of this Privacy Policy.
4. PURPOSES OF PROCESSING THE USER'S PERSONAL DATA
4.1. The Administration of the website of the online store "Mio Mio pizza" may use the User's personal data for the following purposes:
4.2. Identification of the User registered on the website of the Online store, to place an order for catering services.
4.3. Providing the User with access to the personalized resources of the Website of the Online store.
4.4. Establishing feedback with the User, including sending notifications, requests regarding the use of the Website of the Online store, provision of services, processing requests and applications from the User.
4.5. Create an account to place orders if the User has consented to the account creation.
4.6. Notify the User of the Online Store Website about the Order status.
4.7. Process and receive payments.
4.8. Provide the User with effective customer and technical support in the event of problems related to the use of the Online Store Website.
4.9. Provide the User with information about product updates, special offers, price information, newsletters and other information on behalf of the Online Store or on behalf of the Online Store's partners.
4.10. Carry out advertising activities aimed at attracting the User's attention to the products and services of the Online Store.
4.11. Provide the User with access to the websites or services of the Online Store's partners in order to receive products, updates and services.
4.12. Carry out marketing activities, including assessing the level of service, monitoring traffic and the popularity of various products and services.
5. METHODS AND TERMS OF PROCESSING PERSONAL INFORMATION
5.1. The processing of the User's personal data is carried out without time limitation, in any legal way, including in personal data information systems with or without the use of automation tools.
5.2. The User agrees that the Site Administration has the right to transfer personal data to third parties, in particular, courier services, postal organizations, telecommunications operators, for the purpose of fulfilling and providing information support for the User's order placed on the Mio Mio pizza online store website or through a call center operator, including delivery of ordered culinary products, as well as for the purpose of informing and attracting the User's attention about the terms and process of providing services, including advertising promotions, new products.
5.3. The Contractor has the right to transfer the personal data of Users to organizations with which the Contractor has concluded agreements to ensure the implementation of promotions aimed at attracting the attention of consumers to the Contractor's services.
5.4. The Contractor has the right to transfer personal data of Users to organizations with which 5.5. The Contractor has concluded telecommunications agreements, including for information support of the order fulfillment procedure.
5.6. The Contractor has the right to transfer personal data of Users to organizations with which the Contractor has concluded agreements to ensure the implementation of promotions aimed at attracting the attention of consumers to the Contractor's services.
5.7. The User's personal data may be transferred to authorized state authorities of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
5.8. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
5.9. The Site Administration takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.10 The Site Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
6. CONSENT TO THE PROCESSING OF PERSONAL DATA
6.1. The collection and processing of personal data is carried out with the consent of the Users, except in cases established by law.
6.2. The User's consent to the processing of personal data is considered to be received when he/she provides personal data freely, of his/her own free will and in his/her own interests and is confirmed by clicking the "Place an order" button when ordering dishes from the site and reading the "Privacy Policy".
6.3. Disagreement with the processing of personal data is expressed by refusing to use the site.
6.4. The User has the right to cancel the previously given consent to the processing of personal data by sending a message or calling the phone number indicated on the site. In the event of receiving a message about the cancellation of consent to the processing of the User's personal data, the Site Administration takes immediate measures to exclude the User's personal data from the database and stops processing them in any way, except for cases provided by law.
6.5. If the cancellation of consent to the processing of personal data is made by the User before the execution of the placed and confirmed order, the use of personal data is terminated after the order is executed.
7. PERSONAL DATA PROTECTION OBLIGATIONS
The Site Administration undertakes to:
7.1. Use the information received solely for the purposes specified in paragraph 4 of this Privacy Policy.
7.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and not sell, exchange, publish, or disclose in any other possible way the transferred personal data of the User, with the exception of paragraphs 5.2 and 5.3 of this Privacy Policy.
7.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure usually used to protect such information in existing business practices.
7.4. Block personal data related to the relevant User from the moment of the User's request or appeal or their legal representative or authorized body for the protection of the rights of personal data subjects for the verification period, in the event of detection of inaccurate personal data or illegal actions.
8. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA DURING THEIR PROCESSING
8.1. When processing personal data, the Site Administration takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
8.2. The Site Administration ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation
8.2.1. In order to protect personal data, the Site Administration takes the following measures:
Data identification:
Identification and authentication of users who are employees of the operator
Management of identifiers, including creation, assignment, destruction of identifiers
Management of authentication tools, including storage, issuance, initialization, blocking of authentication tools and taking measures in case of loss and (or) compromise of authentication tools
Identification and authentication of users who are not employees of the operator (external users)
Protection of feedback when entering authentication information
Access control of access subjects to access objects:
Management (creation, activation, blocking and destruction) of user accounts
Implementation of necessary methods, types and rules for access control
Management of information flows between devices, segments of the information system, as well as between information systems
Separation of powers (roles) of users, administrators and persons ensuring the functioning of the information system
Assignment of the minimum necessary rights and privileges to users, administrators and persons ensuring the functioning of the information system
Limitation of unsuccessful attempts to log in to the information system
Blocking an access session to the information system after a set period of inactivity of the user or at his request
Permission (prohibition) of user actions permitted before identification and authentication
Implementation of secure remote access of access subjects to access objects through external information and telecommunication networks
Regulation and control of the use of wireless access technologies in the information system
Regulation and control of the use of mobile technical means in the information system
Management interaction with information systems of third-party organizations
Registration of security events:
Definition of security events subject to registration and their storage periods
Definition of the composition and content of information on security events subject to registration
Collection, recording and storage of information on security events for the established storage period
Protection of information on security events
Anti-virus protection:
Implementation of anti-virus protection
Updating the database of signs of malicious computer programs (viruses)
Control (analysis) of personal data security:
Identification, analysis of information system vulnerabilities and prompt elimination of newly identified vulnerabilities
Control of installation of software updates, including updating software for information security tools
Control of operability, configuration parameters and correct functioning of software and information security tools
Control of the composition of technical means, software and information security tools
Protection of the virtualization environment:
Identification and authentication of access subjects and access objects in the virtual infrastructure, including administrators of virtualization tools
Management of access subjects to objects access in the virtual infrastructure, including inside virtual machines
Registration of security events in the virtual infrastructure
Implementation and management of anti-virus protection in the virtual infrastructure
Segmentation of the virtual infrastructure
Protection of technical means:
Control and management of physical access to technical means, information protection means, and means of ensuring the functioning
Placement of devices for output (display) of information, excluding its unauthorized viewing
Protection of the information system, its means, communication systems and data transfer:
Ensuring the protection of personal data from disclosure, modification and imposition (input of false information) during its transmission (preparation for transmission) via communication channels that go beyond the controlled zone, including wireless communication channels
Protection of wireless connections used in the information system
Configuration management of the information system and personal data protection system:
Determination of persons who are authorized to make changes to the configuration of the information system and personal data protection system
Management of changes to the configuration of the information system and personal data protection system
Analysis of potential impact of planned changes in the configuration of the information system and the personal data protection system on ensuring the protection of personal data and coordinating changes in the configuration of the information system with the official (employee) responsible for ensuring the security of personal data
9. ADDITIONAL TERMS
9.1. The Site Administration has the right to make changes and additions to this Privacy Policy without the consent of the User.
9.2. The new Privacy Policy comes into force from the moment it is posted on the Website of the online store, unless otherwise provided by the new version of the Privacy Policy.
9.3. The current Privacy Policy is posted on the page at https://miomiopizza.com/pp