About the controller of personal data

Professional Basketball Club CSKA LLC, registered at: Russia, Moscow, Nakhimovsky Prospect, Building 1, Quarters 2, Floor 1, Room 1, Room 18 (hereinafter referred to as Company, Club or “we”), in carrying out its activities, receives personal data from users of its websites and processes them.
The Club’s websites are:

This policy defines the key areas of activity in the field of personal data processing and ensuring the safety of personal data processed by the Company.
The Privacy Policy was developed in accordance with the Federal Law No.152 “On Personal Data” of July 27, 2006, taking into account the provisions of the General Data Protection Regulation (hereinafter - GDPR) (Regulation (EU) 2016/679) of April 27, 2016, and aims to ensure the protection of data subject’s rights and freedoms while processing of their personal data.


This Policy consists of the following sections:


Terms used in this Policy

  • Personal data (PD) – any information relating to an individual (data subject). For example, personal data is the first name, last name, middle name, passport data, email address, phone number.
  • Personal data processing – actions performed with personal data, including: collection, storage, use, modification, destruction, transmission of personal data.
  • Counterparty – natural or legal person who is one of the parties to a contract with the Company in civil relations.
  • Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a public authority of a foreign state, a foreign natural person or a foreign legal entity.
  • Cookies – a piece of data sent by the website server and stored on your device.

Data of which data subjects are processed using websites?

With the use of our websites we can process personal data:

  • clients (including potential) who use our services;
  • visitors of our websites.

List of actions with personal data and methods for their processing

  • We carry out: collection, recording, systematization, accumulation, storage, specification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, restriction, erasure or destruction of data.
  • We perform personal data processing by mixed processing of personal data with transfer over the Internet

Why do we process your data?

We may process your data for one or more of the several reasons:

  • for selling tickets for matches and booking tickets for away matches of the Club;
  • for services provisioning on the website of the official store of the Club;
  • for carrying out information distribution;
  • for ensuring the correct operation of website services (e.g. for automatic user authorization);
  • for collecting the statistics of websites visits (to track the availability of our services and to analyze the use of our services).

What information do we need to perform such actions?

We process the following categories of personal data:

  • general information about clients (e.g.: full name, gender, date of birth);
  • clients’ contact information (e.g.: email, post address (country, city), contact phone number).

We also process some technical data about client’s devices and websites visitors’ data (e.g.: cookies, username and password, user ID, session ID, status on the website, data about failures on the website).


About processing of special categories of personal data

Information regarding racial, nationality, political opinion, religious or philosophical beliefs, intimate life, health, is not processed using our websites.


About processing of child’s personal data

We do not process personal data of minors (up to 18 years or other age in other jurisdictions) without the consent of their parents or other holders of parental rights over a child.


Our principles we follow towards the PD processing

While PD processing, we adhere to the following principles:

  • We process personal data in a lawful, fair and transparent manner. The legal basis for processing could be: a service contract, consent to the processing of personal data or the requirements of legislation and international agreements.
  • We limit ourselves to achieving specific, predetermined and legitimate purposes. This means that we process your personal data only to achieve the predetermined processing purposes and do not use the data that you provided for purposes other than for primary data collection purposes.
  • We process personal data in the form and in the amount corresponding to the established purposes. We collect the minimum possible amount of personal data that is necessary to achieve PD processing purposes.
  • We store personal data in a form that allows identifying you no longer than the processing or fulfilling of our obligations purposes require it. We ensure the timely destruction of your data and do not store it after achieving processing purposes or in case of loss of the need to achieve such purposes.
  • We ensure the accuracy, sufficiency and relevance of personal data. We take the necessary steps to erase or update incomplete or inaccurate personal data.
  • We implemented all the necessary organizational and technical measures to protect your personal data and to ensure its privacy. Read more about the measures of your personal data protection in the section – What do we do to protect your personal data?.
  • We do not combine databases containing personal data that we process for different, incompatible with each other purposes. This means that data collected for various processing purposes is stored separately from each other. It prohibits to use such data for irrelevant purposes.

We are responsible for the compliance of our activities with the above mentioned principles of personal data processing in accordance with applicable legislation.


Who can access your personal data

In order to carry out marketing activities and delivery of goods ordered on the online store website, we transfer your personal data to our partners. In such cases, we carefully monitor compliance with the principles of personal data processing and the implementation of appropriate security measures.


About cross-border transfer of personal data

According to your preliminary application, in order to provide tickets for away matches, the Club could transfer your personal data to the representatives of other teams. You form the application personally using a third-party service provided by TimePad.


Use of Сookies

We use Сookies to make our websites easier to use and to adapt the content of the sites to the user's preferences. Websites are able to read and store Сookies on the users’ devices, which allows the websites to identify the user and keep important information about the user, to enhance the user’s experience with our websites (e.g., via storing the preferred settings). Cookies can also be used to speed up your future experience on our websites.

Web analysis

We use site analysis services on websites such as Yandex.Metrics and Google Analytics. Yandex LLC and Google Inc. analyze, on our behalf, the way of how users use the websites of the Club to assess the effectiveness of their work and further optimization. You can decline the collection of such data via downloading and installing the browser plugin:

You can also disable Cookies at any time or set the configuration of your browser to warn you when such data is received. Please refer to your browser manual for more information on how to adjust or change your browser settings. More information about the Cookies we use, you can read in the appropriate section.


We store different categories of personal data for a different amount of time

Your personal data is deleted as soon as the urpose of processing is achieved, or in case of loss of the need to achieve this purpose. However, in some cases, we must store your data as long as it is required by law.


What do we do to protect your personal data

To protect your data, we perform the following activities:

  • we appointed an employee to be responsible for organization the PD processing processes;
  • we assess the risks of PD processing and take measures to ensure the safety of your data;
  • we conduct an assessment of the harm that may be caused to you in case of violation of the requirements for processing and ensuring the safety of personal data;
  • we take appropriate and effective measures to protect you from risks of discrimination, data theft, personal data fraud, financial loss, reputation damage, breach of the confidentiality of your data and any other significant economic or social damage;
  • we conduct internal audits of the PD processing activities and protection of your data;
  • we enhance our employees’ awareness regarding information security and personal data protection;
  • we organized the process of receiving and controlling the processing of your appeals and requests.

About the rights of data subjects

We guarantee free of charge the granting of the following rights to you exclusively in relation to your personal data:

  • to correct the provided personal data if they are incomplete and (or) incorrect (Article 14 of the 152-FL, Article 16 of the GDPR);
  • to withdraw consent to the PD processing with the subsequent destruction of personal data (Article 9 of the 152-FL, Article 7 of the GDPR);
  • to receive information relating to the PD processing (Article 14, 16 of the 152-FL, Article 15 of the GDPR);
  • to limit processing and delete personal data (Art. 14, 15 of the 152-FL, Art. 17, 18 of the GDPR);
  • if you consider that your rights and interests have been violated, you can file a claim (Article 17 of the 152-FL, Article 21 of the GDPR). We will do our best to correct the situation. To do this, you should write a letter to us gdrp@cskabasket.com;
  • if you consider that your rights and interests have been violated, you have the right to file a claim with the relevant supervisory authority (Article 17 of the 152-FL, Article 21 of the GDPR).

If you are a data subject under European Union law, within the framework of the GDPR, we guarantee in addition the following rights:

  • to receive personal data provided to us in a structured format and transfer this data to other organizations (Article 20 of the GDPR);
  • to receive a copy of the personal data processed by the Company (Article 15 of the GDPR);
  • to be notified about any leaks of your personal data (article 34 of the GDPR).

The execution of the above mentioned rights is possible only in the case of a unique identification of the data subject. We notify you of your obligation to provide us with the accurate personal data.


Contacts

We welcome your questions and feedback regarding this Policy. If you have any questions, please feel free to contact us in any convenient way specified below.

Contact information for the PD processing:

Contacts of the data processing officer (DPO):


This document can be changed!

We regularly assess the processes of personal data processing described in this Privacy Policy and update the provisions of this Privacy Policy as necessary. We will notify you about any changes to this Privacy Policy by email or by means of a notice on the Club's websites. We encourage you to periodically review this page for current information about our Privacy Policy.

Date of publication: 23.10.2020