PRIVACY POLICY
1. GENERAL POLICY
The policy of personal data processing (hereinafter referred to as the «Policy») is developed in accordance with the Federal Law of 27.07.2006. No. 152-FZ «On Personal Data» (hereinafter referred to as «152-FZ»). This Policy defines the procedure for processing of personal data of persons (hereinafter referred to as the «User») collected during the use of the Desktop Application «BugCatcher», web-service https://bugcatcher.pro/, browser plugin «BugCatcher» ((hereinafter referred to as the «Services»), measures to ensure the security of personal data and the procedure for storing personal data by the BugCatcher Limited Liability Company (hereinafter referred to as the «Operator») for the purpose of protecting the rights and liberties of a person while processing his personal data, including the protection of privacy rights, personal and family secrets.
1.1. The following main terms are used in the Policy:
Operator - an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purposes of processing personal data subject to processing, actions (operations) performed with personal data. The Operator is BugCatcher Limited Liability Company located at the address: 10/2-80, Dmitriya Shmonina Street, Novosibirsk, Russia.
User — a user of the Internet and, in particular, of the Services, who has his own personal page (profile/account).
The policy of personal data processing (hereinafter referred to as the «Policy») is developed in accordance with the Federal Law of 27.07.2006. No. 152-FZ «On Personal Data» (hereinafter referred to as «152-FZ»). This Policy defines the procedure for processing of personal data of persons (hereinafter referred to as the «User») collected during the use of the Desktop Application «BugCatcher», web-service https://bugcatcher.pro/, browser plugin «BugCatcher» ((hereinafter referred to as the «Services»), measures to ensure the security of personal data and the procedure for storing personal data by the BugCatcher Limited Liability Company (hereinafter referred to as the «Operator») for the purpose of protecting the rights and liberties of a person while processing his personal data, including the protection of privacy rights, personal and family secrets.
1.1. The following main terms are used in the Policy:
- Automated processing of personal data - personal data processing by means of computer technologies;
- Personal data information system- a combination of personal data contained in databases, and information technologies and hardware used for data processing;
- Personal data processing - any action (operation) or a combination of actions (operations) performed both automatically or manually with personal data, including collection, recording, systematization, accumulation, storage, specification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking and destruction of personal data;
- Dissemination of personal data - an action related to disclosing personal data to a definite range of persons by prior consent, in cases provided for by federal law.
- Depersonalization of personal data - an action, as a result of which it is impossible to determine without the use of additional information the identity of the individual who is a subject of personal data;
- Blocking of personal data - the temporary cessation of personal data processing (except for the cases when the processing is necessary for personal data specification);
- Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the respective database and/or as a result of which the tangible medium of personal data is destroyed.
- Provision of personal data - actions related to making personal data available to a definite person or a definite range of persons;
- Services - a software system with a specific interface for a computer, providing the publication for public view of information and data united by a common purpose, through the technical means used for communication between computers on the Internet. Services in this Agreement are understood as the web-service under the name « BugCatcher», desktop application under the name « BugCatcher», browser plugin under the name «BugCatcher», located on the Internet at https://chrome.google.com/webstore/detail/bugcatcher/feibaoiokpiggjjlfhkkmbaokihalfif .
Operator - an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purposes of processing personal data subject to processing, actions (operations) performed with personal data. The Operator is BugCatcher Limited Liability Company located at the address: 10/2-80, Dmitriya Shmonina Street, Novosibirsk, Russia.
User — a user of the Internet and, in particular, of the Services, who has his own personal page (profile/account).
2. PRINCIPLES AND TERMS OF THE PERSONAL DATA PROCESSING
2.1. Principles of personal data processing
The processing of personal data by the Operator is carried out on the basis of the following principles:
The processing of personal data is carried out by the Operator under the following terms:
- the processing of the personal data of the Users of the Services is carried out in accordance with the Civil Code of the Russian Federation, the Constitution of the Russian Federation, the current legislation of the Russian Federation in the field of personal data protection.
- the processing of personal data by the Services is carried out in compliance with the principles and terms provided for by the legislation of the Russian Federation.
The processing of personal data is allowed in the following cases:
- the processing of personal data is necessary for the use of the Services, to which the User is a party;
- the processing of personal data is necessary to protect the life, health or other vital interests of the User of the Services, if the obtaining of consent is impossible;
- the processing of personal data is necessary for the implementation of the rights and legal interests of the Operator or third parties or for the achievement of socially significant purposes, provided that the rights and liberties of the User of the Services are not violated thereby;
- the processing of personal data is carried out for statistical or other research purposes, except for the processing of personal data in order to promote goods, works, services on the market by making direct contacts with potential consumers by means of communications, as well as for political agitation, subject to mandatory depersonalization of personal data.
2.3. Purposes of the processing of personal data
2.3.1. The processing of the personal data of the User of the Services is carried out solely in order to provide the User with the opportunity to interact with the Services.
2.3.2. Information constituting personal data on the Services is any information related to a certain person or a subject to such information to a person (a subject of personal data).
2.1. Principles of personal data processing
The processing of personal data by the Operator is carried out on the basis of the following principles:
- legal and equitable basis;
- restrictions on the processing of personal data by the achievement of specific, pre-determined and legal purposes;
- preventing the processing of personal data incompatible with the purposes of personal data collection;
- preventing the unification of databases containing personal data, processing of which is carried out for purposes incompatible with each other;
- processing of only those personal data that meet the purposes of their processing;
- compliance of character and scope of processed personal data with the declared purposes of such data processing;
- preventing the processing of personal data that is excessive in relation to the declared purposes of data processing;
- ensuring the accuracy, adequacy and relevance of personal data in relation to the purposes of data processing;
- destruction or depersonalization of personal data upon achieving the purposes of their processing as well as when such purposes cease to be relevant if the Operator can not eliminate the admitted violations of personal data, unless otherwise provided for by federal law.
The processing of personal data is carried out by the Operator under the following terms:
- the processing of the personal data of the Users of the Services is carried out in accordance with the Civil Code of the Russian Federation, the Constitution of the Russian Federation, the current legislation of the Russian Federation in the field of personal data protection.
- the processing of personal data by the Services is carried out in compliance with the principles and terms provided for by the legislation of the Russian Federation.
The processing of personal data is allowed in the following cases:
- the processing of personal data is necessary for the use of the Services, to which the User is a party;
- the processing of personal data is necessary to protect the life, health or other vital interests of the User of the Services, if the obtaining of consent is impossible;
- the processing of personal data is necessary for the implementation of the rights and legal interests of the Operator or third parties or for the achievement of socially significant purposes, provided that the rights and liberties of the User of the Services are not violated thereby;
- the processing of personal data is carried out for statistical or other research purposes, except for the processing of personal data in order to promote goods, works, services on the market by making direct contacts with potential consumers by means of communications, as well as for political agitation, subject to mandatory depersonalization of personal data.
2.3. Purposes of the processing of personal data
2.3.1. The processing of the personal data of the User of the Services is carried out solely in order to provide the User with the opportunity to interact with the Services.
2.3.2. Information constituting personal data on the Services is any information related to a certain person or a subject to such information to a person (a subject of personal data).
3. RIGHTS OF A PERSONAL DATA SUBJECT
3.1. The subject of personal data decides to provide his personal data and consent to the processing thereof freely, of his own will and in his own interest. Consent to the processing of personal data may be given by the subject of personal data or his representative in any form which provides evidence of its receipt, unless otherwise provided for by federal law. Obligation to provide evidence of the consent of the personal data subject to processing of his personal data or evidence of the grounds specified in 152-FZ is assigned to the Operator.
3.2. Rights of personal data subjects (Users)
3.2.1. The User has the right to receive information about the Operator, the place of his location, the presence of the Operator's personal data relating to his personal data (the User's data), as well as to acquaint himself with such personal data, except for the cases provided for by part 8 of Article 14 of 152-FZ.
3.2.2. The User has the right to receive from the Operator, upon a personal request or upon receipt of a written request from the User by the Operator, the following information regarding the processing of his personal data and including:
3.2.4. The User has the right to protect his rights and legal interests, including compensation for damages and (or) compensation for moral harm in court.
3.1. The subject of personal data decides to provide his personal data and consent to the processing thereof freely, of his own will and in his own interest. Consent to the processing of personal data may be given by the subject of personal data or his representative in any form which provides evidence of its receipt, unless otherwise provided for by federal law. Obligation to provide evidence of the consent of the personal data subject to processing of his personal data or evidence of the grounds specified in 152-FZ is assigned to the Operator.
3.2. Rights of personal data subjects (Users)
3.2.1. The User has the right to receive information about the Operator, the place of his location, the presence of the Operator's personal data relating to his personal data (the User's data), as well as to acquaint himself with such personal data, except for the cases provided for by part 8 of Article 14 of 152-FZ.
3.2.2. The User has the right to receive from the Operator, upon a personal request or upon receipt of a written request from the User by the Operator, the following information regarding the processing of his personal data and including:
- confirmation of the fact of processing of personal data by the Operator, as well as the purpose of such processing;
- legal grounds and purposes for the processing of personal data;
- purposes and methods of processing personal data used by the Operator;
- name and location of the Operator, information on persons (except for the operator's employees) who have access to personal data or who can disclose personal data on the basis of a contract with the Operator or on the basis of 152-FZ;
- processed personal data relating to the relevant personal data subject, the source of their receipt, unless another procedure for providing such data is provided for by 152-FZ;
- the terms of processing of personal data, including the terms of their storage;
- the procedure for the subject of personal data to exercise the rights provided for by 152-FZ;
- information on the carried out or expected transboundary transfer of personal data;
- surname, first name, patronymic and address of the person carrying out the processing of personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such person;
- other information provided for by 152-FZ or other federal laws;
- to require changes, clarification, destruction of his personal information;
- to appeal against wrongful acts or omissions regarding the processing of personal data and to demand appropriate compensation in court;
- to supplement personal data of an evaluation nature with a statement expressing his own point of view;
- identify representatives to protect their personal data;
- to require the Operator to notify all changes or exceptions made therein.
3.2.4. The User has the right to protect his rights and legal interests, including compensation for damages and (or) compensation for moral harm in court.
4. OBLIGATIONS OF THE OPERATOR
4.1. Upon a personal request or upon receipt of a written request from the subject of personal data or his representative, the Operator, provided that there are grounds, is obliged to provide information within the period specified in 152-FZ — within 30 days from the date of application or receipt of the request of the personal data subject or his representative. Such information should be provided to the personal data subject in an accessible form and they should not contain personal data relating to other personal data subjects, unless there are legal reasons for disclosing such personal data.
4.2. All appeals of subjects of personal data or their representatives are registered in the Journal of Registration of Citizens' Appeals (subjects of personal data) concerning the processing of personal data.
4.3. In case of refusal to provide personal data to the subject or his representative when applying for or when a personal data subject or his representative receives a request for information about the availability of personal data on the relevant personal data subject, the Operator must give a written response that contains a reference to the provision of part 8 of Article 14 152-FZ or other federal law, which is the basis for such refusal, within a period not exceeding 30 days from the date of the request of the personal data subject or his representative, or from the date of receipt of the request of the personal data subject or his representative.
4.4. In case of receiving a request from the authorized body for protection of the rights of subjects of personal data on providing information necessary for carrying out the activities of the specified body, the Operator shall send such information to the authorized body within 30 days from the date of the receipt of such request.
4.5. In case of revealing illegal processing of personal data when the subject of personal data or his representative or an authorized body for protection of the rights of subjects of personal data is contacted, the Operator shall block the illegally processed personal data relating to this personal data subject from the time of such action or receipt of the request for the verification period.
4.6. In case of revealing illegal processing of personal data carried out by the Operator, it shall be obliged to stop illegal processing of personal data within a period not exceeding 3 working days from the date of this detection. On the elimination of violations, the Operator is obliged to notify the subject of personal data or his representative, and, if the request of the personal data subject or his representative or the request of the authorized body for protection of the rights of subjects of personal data was sent by the authorized body for protection of the rights of subjects of personal data, also such authorized body. In the event that the purpose of processing personal data is achieved, the Operator must stop processing personal data and destroy personal data within a period not exceeding 30 working days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract to which the subject of personal data is a party.
4.7. It is prohibited to make decisions on the basis of an exclusively automated processing of personal data that generate legal consequences with respect to the subject of personal data or otherwise affect his rights and legal interests.
4.1. Upon a personal request or upon receipt of a written request from the subject of personal data or his representative, the Operator, provided that there are grounds, is obliged to provide information within the period specified in 152-FZ — within 30 days from the date of application or receipt of the request of the personal data subject or his representative. Such information should be provided to the personal data subject in an accessible form and they should not contain personal data relating to other personal data subjects, unless there are legal reasons for disclosing such personal data.
4.2. All appeals of subjects of personal data or their representatives are registered in the Journal of Registration of Citizens' Appeals (subjects of personal data) concerning the processing of personal data.
4.3. In case of refusal to provide personal data to the subject or his representative when applying for or when a personal data subject or his representative receives a request for information about the availability of personal data on the relevant personal data subject, the Operator must give a written response that contains a reference to the provision of part 8 of Article 14 152-FZ or other federal law, which is the basis for such refusal, within a period not exceeding 30 days from the date of the request of the personal data subject or his representative, or from the date of receipt of the request of the personal data subject or his representative.
4.4. In case of receiving a request from the authorized body for protection of the rights of subjects of personal data on providing information necessary for carrying out the activities of the specified body, the Operator shall send such information to the authorized body within 30 days from the date of the receipt of such request.
4.5. In case of revealing illegal processing of personal data when the subject of personal data or his representative or an authorized body for protection of the rights of subjects of personal data is contacted, the Operator shall block the illegally processed personal data relating to this personal data subject from the time of such action or receipt of the request for the verification period.
4.6. In case of revealing illegal processing of personal data carried out by the Operator, it shall be obliged to stop illegal processing of personal data within a period not exceeding 3 working days from the date of this detection. On the elimination of violations, the Operator is obliged to notify the subject of personal data or his representative, and, if the request of the personal data subject or his representative or the request of the authorized body for protection of the rights of subjects of personal data was sent by the authorized body for protection of the rights of subjects of personal data, also such authorized body. In the event that the purpose of processing personal data is achieved, the Operator must stop processing personal data and destroy personal data within a period not exceeding 30 working days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract to which the subject of personal data is a party.
4.7. It is prohibited to make decisions on the basis of an exclusively automated processing of personal data that generate legal consequences with respect to the subject of personal data or otherwise affect his rights and legal interests.
5. SAFETY OF PERSONAL DATA.
MEASURES APPLIED TO PROTECTION OF PERSONAL INFORMATION
5.1. The safety of personal data processed by the Operator is provided by the implementation of legal, organizational and technical measures necessary to ensure the requirements of federal legislation in the field of personal data protection.
5.2. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
- appointment of employees responsible for organizing the processing and protection of personal data;
- restriction of the composition of persons having access to personal data;
- familiarization of the subjects with the requirements of the federal legislation and regulatory documents of the Operator for the processing and protection of personal data;
- organization of accounting, storage and circulation of information carriers;
- Identification of threats to the security of personal data during processing, the formation of threat models based on them;
- development of a personal data protection system based on the threat model;
- checking the readiness and effectiveness of using information protection tools;
- delineation of users' access to information resources and software and hardware information processing tools;
- registration and recording of actions of users of information systems of personal data;
- use of anti-virus and means of restoring the system of personal data protection;
- application of firewall, intrusion detection, security analysis and cryptographic protection of information in necessary cases;
- the organization of an access regime to the territory of the Operator, the protection of premises with technical means for processing personal data.
5.3. Services can be integrated with third party's software. Operator use personal data which are transmitted by API with established by such third party conditions and restrictions.
MEASURES APPLIED TO PROTECTION OF PERSONAL INFORMATION
5.1. The safety of personal data processed by the Operator is provided by the implementation of legal, organizational and technical measures necessary to ensure the requirements of federal legislation in the field of personal data protection.
5.2. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
- appointment of employees responsible for organizing the processing and protection of personal data;
- restriction of the composition of persons having access to personal data;
- familiarization of the subjects with the requirements of the federal legislation and regulatory documents of the Operator for the processing and protection of personal data;
- organization of accounting, storage and circulation of information carriers;
- Identification of threats to the security of personal data during processing, the formation of threat models based on them;
- development of a personal data protection system based on the threat model;
- checking the readiness and effectiveness of using information protection tools;
- delineation of users' access to information resources and software and hardware information processing tools;
- registration and recording of actions of users of information systems of personal data;
- use of anti-virus and means of restoring the system of personal data protection;
- application of firewall, intrusion detection, security analysis and cryptographic protection of information in necessary cases;
- the organization of an access regime to the territory of the Operator, the protection of premises with technical means for processing personal data.
5.3. Services can be integrated with third party's software. Operator use personal data which are transmitted by API with established by such third party conditions and restrictions.
6. YOUR DATA PROTECTION RIGHTS UNDER GENERAL DATA PROTECTION REGULATION (GDPR)
6.1. If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
6.2. In certain circumstances, you have the following data protection rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your Personal Data;
- the right of restriction. You have the right to request that we restrict the processing of your personal information;
- the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
- the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
6.3. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide the Services without some necessary data.
6.1. If you are a resident of the European Union (EU) and European Economic Area (EEA), you have certain data protection rights, covered by GDPR. – See more at https://eur-lex.europa.eu/eli/reg/2016/679/oj
6.2. In certain circumstances, you have the following data protection rights:
- the right to access, update or to delete the information we have on you;
- the right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete;
- the right to object. You have the right to object to our processing of your Personal Data;
- the right of restriction. You have the right to request that we restrict the processing of your personal information;
- the right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format;
- the right to withdraw consent. You also have the right to withdraw your consent at any time where we rely on your consent to process your personal information;
6.3. Please note that we may ask you to verify your identity before responding to such requests. Please note, we may not able to provide the Services without some necessary data.
7. ANALYTICS
We may use third-party Service Providers to monitor and analyze the use of our Service.
7.1. Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
7.2. Yandex.Metrica
Yandex.Metrica is a web analytics service offered by Yandex that tracks and reports website traffic. Yandex uses the data collected to track and monitor the use of our Services. This data is shared with other Yandex services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Yandex, please visit the Terms of use of the Yandex.Metrica service web page: https://yandex.ru/legal/metrica_termsofuse/
We may use third-party Service Providers to monitor and analyze the use of our Service.
7.1. Google Analytics
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en
7.2. Yandex.Metrica
Yandex.Metrica is a web analytics service offered by Yandex that tracks and reports website traffic. Yandex uses the data collected to track and monitor the use of our Services. This data is shared with other Yandex services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Yandex, please visit the Terms of use of the Yandex.Metrica service web page: https://yandex.ru/legal/metrica_termsofuse/
8. PAYMENTS
8.1. We may provide paid products and/or services within the Services. In that case, we use third-party services for payment processing (e.g. payment processors).
8.2. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.
8.3. BugCatcher offers a browser extension that records your screen and captures data from your browser, such as network traffic, developer console logs, and environmental data (such as your operating system). BugCatcher collects such information because such data assists you in diagnosing and fixing bugs with web applications. Please be aware that the network traffic can contain sensitive information that may not be apparent by reviewing the screencast portion of the recording. For example, even though you didn't type your password during the recording, it may be listed somewhere in the network traffic. We caution you to consider the sensitivity of any content you capture using the Services, and we advise you not to share any recording or screenshot with BugCatcher or any third parties unless you are certain there is no sensitive information contained therein.
8.1. We may provide paid products and/or services within the Services. In that case, we use third-party services for payment processing (e.g. payment processors).
8.2. We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy.
8.3. BugCatcher offers a browser extension that records your screen and captures data from your browser, such as network traffic, developer console logs, and environmental data (such as your operating system). BugCatcher collects such information because such data assists you in diagnosing and fixing bugs with web applications. Please be aware that the network traffic can contain sensitive information that may not be apparent by reviewing the screencast portion of the recording. For example, even though you didn't type your password during the recording, it may be listed somewhere in the network traffic. We caution you to consider the sensitivity of any content you capture using the Services, and we advise you not to share any recording or screenshot with BugCatcher or any third parties unless you are certain there is no sensitive information contained therein.
9. FINAL PROVISIONS
9.1. Other rights and obligations of the Operator as a personal data operator are determined by the legislation of the Russian Federation in the field of personal data. Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability specified by federal laws.
9.2. The Operator is not responsible for the content and compliance with the requirements of the legislation of the Russian Federation of video content that Users add to the Service from public web services, video hosting sites and file sharing sites, including YouTube, Vimeo, Facebook, GoogleDrive, Dropbox.
Publication date: February 21, 2020
9.1. Other rights and obligations of the Operator as a personal data operator are determined by the legislation of the Russian Federation in the field of personal data. Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability specified by federal laws.
9.2. The Operator is not responsible for the content and compliance with the requirements of the legislation of the Russian Federation of video content that Users add to the Service from public web services, video hosting sites and file sharing sites, including YouTube, Vimeo, Facebook, GoogleDrive, Dropbox.
Publication date: February 21, 2020
Программа для видеорегистрации процесса тестирования, разметки дефектов на видео, передачи контекста разработчикам
©2020 «Баг Кэтчер», ООО
©2020 «Баг Кэтчер», ООО
- Договор-оферта
- Политика конфиденциальности
- info@bugcatcher.pro
- Россия, г. Новосибирск, ул. Демакова 27, офис 705.
- 8 800 555-10-48
- Пн-пт: 06:00-16:00 мск
