Privacy policy

This privacy policy (hereinafter referred to as “Policy”) regulates how AO “ISPsystem” (hereinafter referred to as “ISPsystem”) processes personal data and describes the rights granted to you as a user in regard to such processing.

The given Policy applies to (collectively referred to as “ISPsystem Services”):  

• ISPsystem software products such as: ISPmanager, BILLmanager, DCImanager, VMmanager, DNSmanager, COREmanager, IPmanager. It also applies to every software product released after the entry of the Policy, license agreements, or other contracts granting the rights to use Software products (hereinafter referred to as “Software products”) into legal force;
• the secured user account on the following websites: https://www.ispsystem.ru, https://www.ispsystem.com (hereinafter referred to as “Account area”);
• https://www.ispsystem.ru and https://www.ispsystem.com and their subdomains (hereinafter referred to as “Websites”);
• any related services and certificates, such as SSL certificates, webinars, conferences, or contests (hereinafter referred to as “Related services”);
• requests to technical support, other departments, or via online chat (hereinafter referred to as “Requests”);
• data processing related to employment.

If you refuse to accept this Policy, please do not use ISPsystem Services.

This Privacy policy does not apply to:

• software products not listed above, including integrations with Software products,
• third party services, platforms, social media, or services that can be available through ISPsystem Services or integrated with them (hereinafter referred to as “Third party services”). For instance, during the payment process you can be redirected to a specific payment service website. You can leave comments on Websites through the integrated comments service. In such cases, data processing will be out of ISPsystem control. Such Third party services are independent controllers (data operators) acting upon their own privacy policies,
• third party companies using ISPsystem Software products e.g. for web hosting. In this case, your personal data will be processed directly by your web hosting provider.

Certain rules clarifying statements of this Policy can be included in other regulations, agreements, and rules which define terms and conditions of ISPsystem Services. Please read these documents carefully and agree with them to continue.

This Policy can be translated into other languages. All translations published on Websites, in Account area, or in Software products are considered identical. Acceptance of the Policy in one language does not require acceptance in other languages, with the exception when there is a specific clause added to translation.

Personal data processing is performed in accordance with the requirements of the Russian Federation laws (hereinafter referred to as “Applicable law”):

• Civil Code of the Russian Federation;
• Labour Code of the Russian Federation;
• Russian Federation Federal Law #152-FZ “On Personal Data” as of 27th of June 2006;
• Russian Federation Federal Law #149-FZ “On Information, Information Technologies and Protection of Information” as of 27th of June 2006.

ISPsystem processes personal data with regard to the requirements of the General Data Protection Regulation (GDPR).

ISPsystem can process personal and other information (including anonymized information) which is not directly considered as personal data. It can be technical device specifications, connection data, error logs, or interface interaction methods (hereinafter referred to as “Supplementary data”).

ISPsystem receives information from the following sources:

1. Personal data provided by users.

   The user provides this information by signing up on Websites, sending Requests, purchasing Software products, and using Account area and Related services. ISPsystem uses this data to deliver its obligations, provide transactions, meet tax obligations, and protect itself against complaints and suits. This data may include family name, first name, email, address, billing details, and phone number. Depending on the scope of obligations, other personal information might be also requested. ISPsystem does not collect or store any bank card information..

2. Supplementary data processed while using Software products, Websites, Account area, and Related services:

   1. Log data (log information). Our servers automatically save technical information about access to them. This takes place when you open Websites, receive Software product, use your Account area or Related services. Log data can contain information about IP address, browser specifications, date, time, activities duration and their sequence.
   2. Usage data. ISPsystem collects information about how you use ISPsystem Services to make them better. Such information may include device type, operating system version, error logs, and quantity usage parameters. Specific data to be collected is determined by the type of ISPsystem Service.
   3. IP addresses of servers where Software products are installed and their license IDs. In effort to protect products from unauthorized copying, the factual IP address and license ID verification are established to check whether the address matches the one specified during agreement signing in your Account area.
   4. Cookie files. ISPsystem uses cookie and other identical technologies to collect information. Further details can be found in the Cookie policy section.
   5. Data provided to ISPsystem by third parties. In most cases, you have the right to grant, deny, or limit revelation of information by a third party. For instance, you can sign in on Websites via social media. In this case, you allow the social media to provide your email address or other information to ISPsystem. ISPsystem is not able to receive any information by itself, unless you have allowed it in your social media settings.

ISPsystem does not process data of specific types such as: biometric data, information about political or religious beliefs, previous convictions, health condition, or other similar information.

ISPsystem strongly recommends you to not specify your personal data on forums or other public sections of Websites. ISPsystem does not moderate the entered data and is not liable for public data revelation.

ISPsystem uses personal data strictly in accordance with the applicable law and goals of data collection.

ISPsystem operates the following principles when processing personal data:

• Personal data is processed on legal and reasonable grounds;
• Personal data processing is limited by specific predetermined legal goals. Contents and volume of data to be processed shall not be excessive. Data processing incompatible with the goals of data collection shall not be permitted;
• Databases with personal data to be processed for goals inconsistent with each other shall not be consolidated;
• It is only allowed to process personal data that meets the goals of data collection;
• During personal data processing, this data shall be kept accurate, sufficient, and actual in relation to the goals of personal data collection. Inaccurate or insufficient data shall be deleted or elaborated where it is required;
• Personal data shall be stored not longer than it is required by the goals of personal data collection;
• Data shall be secured against nonauthorized or illegal processing, unintentional loss, damage, and elimination.

ISPsystem uses personal data for the following goals:

1. Execution of reciprocal liabilities of ISPsystem and user, based on agreements and conditions of ISPsystem Service provisioning.
2. Meeting law requirements e.g. tax laws.
3. Establishment and control of payments, account management and its administration.
4. Protection against copyright violations, fraud, or other inequitable conduct.
5. Improvement, support, and modernization of ISPsystem Services. Such processes are required to avoid and eliminate errors, provide security, fix technical issues, analyze and monitor usage.
6. Interaction with the user e.g. to reply to requests and contact the user directly to discuss installation, settings, and purchasing of ISPsystem Services. For this purpose, we use data provided by the user during ordering of ISPsystem Services and data from open sources.
7. Email sendouts and other communication channels. ISPsystem can send different types of messages, including email, SMS, and Messages in Account area. System messages are required for ISPsystem to perform its obligations towards users in due time. Such messages shall be used to guarantee proper performance of ISPsystem Services. It can be messages about service status, payments, password changes, and other similar matters. Marketing and advertising messages shall be sent only in cases when the user has expressed evident consent to receive such messages. You can always set up settings for receiving such messages in your Account area.
8. Establishment of researches with the usage of anonymized data.

If data is processed for the purposes specified in para. 1-8, with the exceptions for marketing and advertising messages, ISPsystem proceeds from the presence of the relevant legitimate interest.

ISPsystem stores data within the time period required to meet the goals of data collection. Let it be assumed that a user has purchased a 2-years-license for a Software product. The applicable law stipulates the period allowing to send complaints and suits as equal to 3 years. In this case, ISPsystem shall store data within the term of the license agreement (2 years) and within the period of complaint (3 years), so totally for 5 years.

Regardless a request from the user to delete information, ISPsystem has the right to store information if it is required to protect legitimate business interest, meet its obligations, and settle disputes.

Once the goals of data processing have been accomplished or there is no further need of accomplishing such goals, this data shall be eliminated or depersonalized.

ISPsystem discloses information to the third parties only when it is regulated by the given Policy or applicable law, to the extent needed to accomplish the goals of information disclosure.

Information disclosure is allowed in the following cases:

• for providers of additional services as referenced by ISPsystem. It can be services for email sending, Website activity monitoring, subcontractors, or licensors. Such providers shall use personal data only in accordance with ISPsystem guidelines for the purposes specified in the given Policy. Additional information about limits of disclosure and persons whose data can be disclosed is described in the section “Processors”.
• if specific notice has been received from the user. Such notice can be an addition of a new trusted subject in Account area by the User and granting to it access to the corresponding information.
• to meet the requirements of the applicable law. Data can be disclosed only upon receiving of request from the competent body.
• for affiliated persons of ISPsystem for the purposes of executing obligations towards the user. Such affiliated persons are described in the section “Processors”.
• to prevent illegal activities, secure rights, guarantee security of ISPsystem and other parties, and protect against disputes and suits.
• to transfer information during ISPsystem reorganization, as well as during execution of user contracts. In such cases, ISPsystem keeps the right to disclose information to the third party which acquires the rights according to the contract, or to the party which will be established in consequence of such reorganization.
• if general, aggregated, or impersonalized data is used. ISPsystem has the right to disclose impersonalized statistical data e.g. about the most used functions of Software products.
• in other cases when user consent has been received.

ISPsystem utilizes solid technical and organizational measures to secure data. ISPsystem can:

• assign a person responsible for organization of personal data processing;
• establish local documents describing processing of personal data. These documents regulate procedures allowing to avoid or identify violations and eliminate consequences of such violations;
• apply any legal, organizational, and technical measures to provide security of personal data during its processing;
• organize periodic checking of terms regulating processing of personal data;
• introduce employees directly involved in processing of personal data to terms of laws regulating personal data, including specific requirements to personal data protection, documents, or any other internal documents covering processing of personal data.

ISPsystem cannot guarantee that information will be closed fully against intrusions during its transfer through Internet or its storage. ISPsystem uses pseudonimization and data encryption where conditions allow.

ISPsystem shall not process personal data of individuals who have not reached 14 years of age.

If you believe that ISPsystem might have received personal data from a person who is not of the age allowing to provide independent consent to data processing, please let us know about such case by using one of the methods listed in the section “DEFINITION OF DATA CONTROLLER (OPERATOR). CONTACT INFORMATION”.

ISPsystem has the right to revise the current Policy in accordance with the changes in legislation or business processes. All such revisions shall be published on ISPsystem Website. If such revision affects user rights directly or indirectly, ISPsystem shall send notifications to users via email and/or Account area and Software products.

ISPsystem collects personal data and processes it with the use of databases located in the Russian Federation.

ISPsystem can transfer data to processors located outside ISPsystem location and specified in the correspondent section. Such Processors shall provide decent data protection not lower than established by the given Policy.

Controller (operator) of data is AO “ISPsystem”, 664017, Irkutsk, Radujny, 34А.

If Software products have been utilized by third parties with the purpose to offer services e.g. hosting with the use of these products, or sublicense agreements have been signed, ISPsystem will be the controller only of the data collected by Software products to protect copyright.

Any questions related to data processing can be sent to privacy@ispsystem.com or to ISPsystem address in a written form.

ISPsystem shall strive to review such incoming letters as swiftly as possible but not longer than within one month.

User rights shall be observed in compliance with the Applicable law and the recognized norms of international law.

The user has the right to:

• call back its consent to personal data processing, if such processing is based on the consent. E.g. you can always unsubscribe from advertising or marketing emails in your Account area.
• receive information about personal data processing. ISPsystem supports its current policy in the actual state, thus providing you with correct information about data collected, goals of its collection, and other processing aspects. 
• receive access to information, its updates, alterations, and specifications. In most cases, you can manage status of your information in your Account area.
• object against data processing. The user can object against personal data processing made with the purpose of direct marketing.
• request processing restriction. Such right can be used only in specific cases e.g. to dispute data accuracy during the period of data clarification or determine improper processing. If such request to restrict data processing has been received, ISPsystem has no right to process any data without further consent from the user. However, data processing required to provide protection against complaints and suits still can be performed even without such consent from the user.
• request data export, or import if it is technically feasible. Such right can be achieved by the user per his/her request in Account area. Data is exported in CSV.
• request deletion of data. ISPsystem keeps the right to continue data processing after the request has been received if it is allowed by the applicable law.

Other rights might be provided by the applicable law.

ISPsystem can attract subcontractors and service providers (hereafter – Processors) to meet its obligations towards users and establish its reasonable legal interests.

Processors receive the strictly limited data kit required to accomplish their functions. ISPsystem shall take any possible measures to guarantee confidentiality of data transfer before attracting a processor. The given section unveils such parties, their location and function.