Data Protection Policy
The personal data protection policy (hereinafter referred to as the ‘Policy’) applies to any and all information obtained by Aeroexpress and/or its affiliates about the User while he/she is using Aeroexpress’ website, programmes, products, services and support (hereinafter referred to as the ‘Services’) and while Aeroexpress performs its obligations under any agreements and contracts with the User. The User’s consent to the Policy, expressed as part of relations with one of the aforesaid parties, shall extend to all the other parties mentioned above.
Use of Aeroexpress Services means that the User unconditionally consents to this Policy and the terms and conditions of personal data processing described herein. In the case that the User does not consent to these terms and conditions, the User shall refrain from using the Services.
1. User’s Personal Data Processed by Aeroexpress
1.1. As part of this Policy, personal data shall mean the following:
1.1.1. Personal information provided by the User independently when registering on any system (creating an Account) or using the Services, including the User’s personal data, identification, financial, payment, login, and contact details. Data that must be provided in order to use the Services is marked in a special way. The User shall provide any other information at his own discretion.
1.1.2. Information that is automatically transferred to Aeroexpress Services, when they are being used, by the software installed on the User's device, including the IP address, information about the User's browser (or any other software through which the Services are accessed), technical specifications of the equipment and software used by the User, date and time of accessing the Services, addresses of the requested pages, and other information of this kind.
1.1.3. Any other information about the User that must be processed under the terms and conditions regulating the use of Aeroexpress services.
1.2. This Policy shall only apply to the information processed when Aeroexpress Services are being used. Aeroexpress does not control and shall not be liable for data processing carried out by third parties’ websites when the User follows links provided on the Aeroexpress website, including search results.
1.3. Aeroexpress reserves the right to verify the authenticity of the personal information provided by the User. However, Aeroexpress assumes that the User provides reliable and complete information, which he/she keeps updated. The requirements to provide reliable personal data and consequences of providing unreliable and/or insufficient information are set out in the Conditions of Carriage (https://aeroexpress.ru/aero/info/rules.html) and Ticket Purchase Rules (https://aeroexpress.ru/aero/info/buyrules.html).
2. Purposes of Processing Users’ Personal Data
2.1. Aeroexpress collects and stores only the personal data that are required to provide the Services and/or fulfil agreements and contracts with the User, except for cases when Russian law provides for the mandatory storage of personal data for the period of time specified in these laws.
2.2. Aeroexpress processes User’s personal data for the following purposes:
2.2.1. To identify the party using Aeroexpress Services and counterparties to agreements and contracts with Aeroexpress;
2.2.2. To provide the User with personalized Services and to fulfil agreements and contracts;
2.2.3. To engage in communications with the User, including sending him/her notifications, requests and information regarding the Services’ use and fulfilment of agreements and contracts, and processing the User’s requests;
2.2.4. To improve the quality of the Services and convenience of their use and to develop new Services;
2.2.5. To target marketing materials and carry out marketing campaigns;
2.2.6. To carry out statistical and other research based on anonymised data.
3. Conditions of the User’s Personal Data Processing and Transfer to Third Parties
3.1. Aeroexpress stores the User’s personal data in accordance with legislative requirements.
3.2. All the User’s personal data is kept confidential, except for cases when the User has provided his/her personal information for general access to an unlimited number of people.
3.3. Aeroexpress may transfer the User’s personal data to a third party in the following cases:
3.3.1. The User has provided his/her consent to do so;
3.3.2. Such transfer is required to allow the User to use some particular Service and to perform some particular agreement and/or contract with the User;
3.3.3. Such transfer is provided for by Russian or any other applicable law as part of a procedure defined by law;
3.3.4. Such transfer is carried out as part of the sale or other transfer of business (in whole or in part), and all obligations to comply with the terms and conditions of this Policy, regulating the use of the received personal information, are transferred to the acquirer;
3.3.5. In order to ensure the protection of the rights and legal interests of Aeroexpress and/or third parties in cases when the User breaks the laws, Conditions of Carriage (https://aeroexpress.ru/aero/info/rules.html), Ticket Purchase Rules (https://aeroexpress.ru/aero/info/buyrules.html), this Policy or other documents outlining the terms and conditions of using particular Services.
3.3.6. As a result of processing the User’s personal data by means of its anonymisation, some anonymised statistical data is obtained and transferred to third parties in order to carry out research, perform some work or provide services at Aeroexpress’ request.
3.4. When processing the User’s personal data, Aeroexpress is guided by Federal Law of the Russian Federation 152-FZ "On Personal Data”, dated 27 July 2006.
4. Changing and Deleting Personal Data Mandatory Data Storage
4.1. The User may, at any time, change (update or amend) the personal information he/she has provided, or any part thereof, using the personal data editing feature available through the Account of a unified Services personal account.
4.2. The User may also delete the personal data provided by him/her for some particular personal account by using the feature of deleting the Account in the unified Services personal account. In addition, the Account deletion may limit the use of particular Aeroexpress Services.
4.3. All rights described in Clauses 4.1. and 4.2. hereof may be restricted in accordance with legislative requirements. In particular, such restrictions can oblige Aeroexpress to store the information, changed and/or deleted by the User, for the period of time established by legislation and to transfer such information to a public agency in accordance with a procedure outlined by law.
5. Measures to Protect the User’s Personal Data
5.1. Aeroexpress shall take all necessary and sufficient organisational and technical measures to protect the User’s personal data from unauthorised or accidental access, destruction, modification, blocking, copying, and distribution, as well as from other illegal actions carried out by third parties, including measures to securely transfer such data using modern encryption methods.
6. Changing the Data Protection Policy Applicable Law
6.1. Aeroexpress reserves the right to change this Data Protection Policy. If such changes have been introduced, the latest Policy version shall indicate the date of the latest update. The new Policy version shall become valid only after it has been published, unless otherwise provided by the new edition of the Policy. The valid version is constantly available at https://aeroexpress.ru/aero/confidential_politics.html
6.2. Legislation of the Russian Federation shall be applicable to this Policy and relations between the User and Aeroexpress arising out of application of this Data Protection Policy.
7. Feedback Questions and Suggestions
7.1. The User may submit his/her questions and suggestions regarding this Policy to Aeroexpress using the feedback form (https://aeroexpress.ru/aero/info/feedback.html) or by sending a letter to Sheremetyevo Airport, Khimki, Moscow Region, Russia, 141400
Publication date: 15.12.2017