Задержитесь!

У нас 11141 бесплатных книг, а также есть возможность оформить подписку всего от 279 рублей в месяц!

+
Home Favorites Catalog Library Blog

Privacy and Personal Data Processing Policy

Privacy and Personal Data Processing Policy
Version date: October 2, 2025, applicable to zelluloza.ru
This document reflects the requirements of Russian law, court practice, market best practices, and the specifics of the zelluloza.ru service. The Russian version prevails.

1. Controller and Scope

1.1. Personal data controller: KMG LLC, TIN 7735159826, OGRN 1177746075561, registered/postal address: office 616, building 1126, Zelenograd, Moscow, 124460, website: zelluloza.ru, email: info@zelluloza.ru.

1.2. Person responsible for organizing personal data processing: website administration, email: dpo@zelluloza.ru.

1.3. This Policy applies to zelluloza.ru and related services, including user accounts and, where available, mobile applications and bot interfaces.

1.4. The service is intended for users aged 18 or older. Registration by persons under 18 is not allowed.

1.5. This Policy does not apply to third-party websites or services reached through external links, or to independent sellers; they act as separate personal data controllers.

1.6. Registration, use of the website, and consent marks confirm that the user has read this Policy and gives separate consents where required. If this Policy conflicts with the User Agreement or offers, the special rules of those documents apply; this Policy supplements them.

1.7. The controller does not sell personal data and does not receive remuneration for providing access to it.

1.8. The controller is included in the Roskomnadzor personal data processing register under Article 22 of Federal Law No. 152-FZ.

2. Terms and Roles

2.1. "Personal data" means any information relating to a user who is directly or indirectly identified or identifiable.

2.2. "User" means a personal data subject. "Identified user" means a user who has passed identity verification for access to full functionality, including publication and payments.

2.3. "User data" means technical and behavioral data, including IP address, cookie/SDK identifiers, User-Agent string, device identifier, and events, which are processed as personal data when linked to an account.

2.4. "Processor" means a party processing personal data under a processing agreement with the controller. "Independent controller" means a partner processing personal data for its own purposes and policy. "Joint processing" means cases where purposes or means are determined jointly; allocation of responsibilities is published near the service and in the /legal/subprocessors register.

2.5. "Cookies/SDK" are online identifiers used for authorization, settings, security, statistics, and marketing. They are managed through the consent banner (CMP) and browser/device settings.

2.6. "Dissemination of personal data" means disclosure of personal data to an indefinite group of persons and is allowed only with separate consent under Article 10.1 of Federal Law No. 152-FZ.

2.7. Abbreviations: SDK means software development kit modules embedded in websites or applications; CRM means customer relationship management system; KYC means "know your customer" identity verification for payouts and fraud prevention; CMP means consent management platform; UTM tags mean traffic source parameters.

3. Principles and Legal Bases

3.1. Processing is lawful, fair, purpose-limited, data-minimized, kept up to date, and stored no longer than required by its purposes or law. Personal data is not sold.

3.2. Legal bases: (i) contract/offer; (ii) compliance with legal duties, including taxes, accounting, authority requests, and receipts under 54-FZ; (iii) consent of the data subject, including marketing, cookies/SDK, cross-border transfer, and dissemination of personal data; (iv) legitimate interest of the controller or third parties where the data subject's rights are not violated; (v) statistics and analytics on anonymized data.

3.3. Marketing mailings, statistical and marketing cookies/SDK, and advertising profiling are used only with separate consent. Service notifications are sent under the contract without separate consent.

3.4. Consent and withdrawal evidence is maintained in logs that record date/time, IP address, User-Agent string, form/Policy version, source (web/mobile), and selected cookie/SDK categories.

3.5. Decisions producing legal effects solely on the basis of automated processing are not made without a lawful basis or consent.

3.6. Mandatory data. The minimum personal data marked as mandatory is required to conclude or perform the contract; refusal makes service provision impossible. Additional data is provided voluntarily.

4. Data Categories and Sources

4.1. Account and profile: email, pseudonym/full name, password stored as a hash, phone number if provided, avatar, social network links, date of birth if provided, author biography/description.

4.2. Technical data: IP address, cookies/SDK and other identifiers, User-Agent string, device/OS type, language/time zone, referrer and UTM tags, request date/time and URLs, security events such as logins, password changes, consents, anti-fraud metrics, and cross-device linking by login/tokens for security and, for marketing, only with consent.

4.3. Financial and settlement data: transaction statuses, payment identifiers, amount, currency, payment method; for author payouts, full name, TIN, SNILS, address, bank details, and documents confirming rights or payouts. The controller does not collect or store card details.

4.4. Communications: requests and messages through forms, email, phone, messengers/chatbots, system notifications, and metadata such as date/time and IP. Messenger platforms are independent controllers.

4.5. Content and metadata: works, comments, reviews, ratings, attachments, and their metadata including date, time, and IP. When publishing third-party personal data, the user confirms that the required consent exists. The user is responsible for the legality of publishing third-party personal data and must resolve related claims independently.

4.6. Social login: when logging in through VK, Google, Apple, or Telegram, we receive email/name/user ID/avatar to the extent provided by the platform and link it to the account. Unlinking is available in the user account.

4.7. Push identifiers: web-push and mobile push notification tokens; advertising device identifiers (IDFA/GAID) are used only with consent.

4.8. Sources: the user; automatic collection through websites/applications; contractual partners such as payment, mailing, hosting, and anti-fraud providers; publicly available sources within the limits of law. If personal data is obtained from someone other than the subject, notice is provided where and when required by law.

4.9. Special categories and biometrics are not processed. Photos/scans of documents for identity verification are used only for verification, are not used for biometric identification, and are destroyed after verification.

4.10. Minors. The service is 18+. Personal data of persons under 18 is not processed; detected records are blocked and data is deleted unless mandatory retention grounds apply.

5. Processing Purposes and Scenarios

Format: Purpose -> Data -> Basis -> Retention -> Recipients -> Conditions.

5.1. Registration and User Account

  • Purpose: account creation, authentication, support, and service notifications.
  • Data: email, pseudonym/full name, password hash, IP, cookies/SDK, technical logs.
  • Basis: contract/offer and legitimate interest for security.
  • Retention: account term plus 3 years; security logs up to 1 year.
  • Recipients: hosting provider, email provider, anti-fraud/anti-spam providers acting as processors.
  • Conditions: service notifications without separate consent; marketing only with consent.

5.2. Author Identification and Payouts (KYC)

  • Purpose: confirming the author's identity, performing agreements, settlements, and reporting.
  • Data: full name, date/place of birth, citizenship, registered address, phone, email, TIN, SNILS, bank details, photo/scan of document.
  • Basis: contract, law, and consent for certain transfers or cross-border transfers.
  • Retention: settlement data according to accounting requirements, usually at least 5 years; photo/scan until verification is completed, then destroyed under an act.
  • Recipients: banks/payment organizations, electronic document interchange or mailing operators, verification contractors acting as processors.
  • Conditions: photo/scan is not biometric data; access is restricted; destruction is recorded.

5.3. Purchases, Subscriptions, Gift Certificates, and Passes

  • Purpose: placing and performing orders, subscriptions, certificates, and passes; support and billing.
  • Data: name/pseudonym, email, phone if provided, delivery/recipient address where applicable, transaction statuses, amount, currency, payment identifier.
  • Basis: contract/offer and legal obligations including taxes, accounting, and receipts under 54-FZ.
  • Retention: accounting data usually at least 5 years; billing logs up to 1 year.
  • Recipients: payment organizations/banks, fiscal data operator, delivery/call center where applicable, acting as processors.
  • Conditions: card details are processed by the payment organization; the website stores only tokens/transaction identifiers.

5.4. Requests (Forms, Email, Phone, Messengers)

  • Purpose: processing requests/claims and exercising personal data subject rights.
  • Data: full name/pseudonym, email, phone if provided, request content, metadata such as date/time and IP.
  • Basis: legitimate interest, consent for web forms, and law for data subject requests.
  • Retention: 30 days after closure unless longer retention is required by law.
  • Recipients: email, call center, and support providers acting as processors.
  • Conditions: responses in CSV/JSON where technically possible; third-party personal data is masked without their consent.

5.5. User Research and Surveys

  • Purpose: UX research and feature pilots.
  • Data: name/pseudonym, contact details, survey responses, technical metrics, demographics if provided.
  • Basis: consent.
  • Retention: until the research is completed plus 30 days, then anonymization or destruction.
  • Recipients: research contractors acting as processors.
  • Conditions: results are published only in anonymized form.

5.6. Contests, Awards, and Events

  • Purpose: accepting applications, selection, running events, and notifications.
  • Data: full name/pseudonym, contact details, information required by the rules, application materials.
  • Basis: consent and/or participation agreement; law for issuing prizes/documents.
  • Retention: until completion plus 3 years; accounting documents as required by law.
  • Recipients: event, communications, and logistics contractors acting as processors.
  • Conditions: winners are published only with separate consent under Article 10.1.

5.7. Publication of Profiles (Personal Data Permitted for Dissemination)

  • Purpose: publishing public profiles and work cards.
  • Data: full name/pseudonym, photo/avatar, biography, works/awards list, links.
  • Basis: separate consent under Article 10.1 of Federal Law No. 152-FZ.
  • Retention: until the page is deleted or consent is withdrawn; cache/backups for the required period; mandatory archives as required by law.
  • Recipients: an unlimited group of persons, search engines, and aggregators.
  • Conditions: restrictions and conditions register: /legal/public-pd; changes within 3 business days.

5.8. Candidate Selection (Vacancies)

  • Purpose: selection, interviews, and execution of employment or civil-law contracts.
  • Data: full name, date of birth, citizenship, city, contacts, education, experience, skills, resume/portfolio data, and, after an offer, documents required by law.
  • Basis: consent; law when concluding a contract.
  • Retention: 3 months after a decision; for hired candidates, as required by law.
  • Recipients: HR services and video interview providers acting as processors.

5.9. Analytics, Anti-Fraud, Recommendations, and Remarketing

  • Purpose: security, analytics, personalization, and remarketing with consent.
  • Data: IP, cookies/SDK, device identifier, events and logs, aggregated metrics.
  • Basis: legitimate interest for security; consent for statistics and marketing.
  • Retention: security logs up to 1 year; anonymized analytics without limitation.
  • Recipients: analytics, anti-fraud, mailing, and advertising providers acting as processors; list: /legal/subprocessors.
  • Conditions: recommendation opt-out in the account; cross-device marketing only with consent.

5.10. External Sales and Partners (Independent Controllers)

  • Purpose: order/delivery statuses and integrated partner services.
  • Data: order ID, name/pseudonym, contact details, delivery address where applicable, statuses.
  • Basis: contract; for the seller, its own policy.
  • Retention: by the controller under contract/law; by the seller under its policy.
  • Recipients: independent sellers, delivery providers, and payment organizations.
  • Conditions: roles are separated; the user is informed about the partner policy.

5.11. User-Generated Content (UGC) and Third-Party Personal Data

  • Purpose: publication of works, comments, and profiles.
  • Conditions: publishing third-party personal data without consent, special-category data, and minors' personal data is prohibited. Complaints: "Report a violation" and dpo@zelluloza.ru. Disputed materials are blocked within 72 hours.

5.13. Referral Programs and Partner Links

  • Purpose: accounting for traffic sources and partner rewards, anti-fraud.
  • Data: UTM tags, referral identifiers, campaign source/channel, internal user/session IDs, aggregated metrics.
  • Basis: legitimate interest; profiling/remarketing only with consent.
  • Retention: UTM/referral tags up to 13 months; aggregated statistics without limitation after anonymization.
  • Recipients: partners and tracking platforms to the necessary extent; list: /legal/subprocessors.

Further sections: sections 6-16 and appendices P1-P6 are maintained in the same structure. The Russian version is the controlling version for legal interpretation.

Become an author to earn with us

Are you a creative person? Do you love sharing your knowledge with people?

Become an author

Мы используем файлы cookie для работы сайта, аналитики и улучшения сервиса. Подробнее

Принять