Privacy Policy
1. General Provisions
1.1. This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure for processing and protecting the personal data of users of the website https://www.teamsmartrec.com/(hereinafter referred to as the "Website"), which is collected and processed by Smart Recruiting LLC (INN 9703198551, OGRN 1247700795913, address: 123100, Moscow, Sergeya Makeeva St., 1, premises 15A/2, email: info@srteam.ru) (hereinafter referred to as the "Operator") when using the Website.
1.2. This Policy has been developed in accordance with applicable personal data protection legislation, including international privacy standards (e.g., GDPR), and is mandatory for compliance by all employees and contractors of the Operator who have access to personal data.
1.3. The Operator guarantees the protection of the rights and freedoms of personal data subjects, including the right to privacy, personal and family secrets, as well as the right to access, rectify, restrict, or delete their data in accordance with the established procedure.
1.4. By using the Website and submitting their personal data through the forms, the User provides informed and voluntary consent to the terms of this Policy. If the User does not agree with the terms of personal data processing, they must stop using the Website.
2. Processed data
2.1. The processing of personal data by the Operator is carried out based on the principles of legality, fairness, good faith, proportionality, and transparency. All actions with personal data are performed strictly for the purposes defined by this Policy and do not allow the use of data beyond these purposes. Processing that is incompatible with the originally declared purposes is prohibited.2.2. The User’s consent to the processing of personal data is considered expressed at the moment of filling out a form on the Website or performing other actions confirming a deliberate intention to interact with the Operator. The User has the right to withdraw their consent at any time by sending a notification to the contact address.
2.3. The Operator processes Users’ personal data to the extent necessary and sufficient to achieve the stated purposes and does not allow excessive processing. The data processed includes:
· last name, first name, and patronymic;
· contact phone number;
· email address;
· name of the organization (if applicable);
· information about staffing needs;
· technical data: IP address, cookies, browser data, device type, screen resolution, interface language, referrer, date and time of visit, behavioral activity.
2.4. Personal data is any information relating to an identified or identifiable natural person. The Operator may also process data voluntarily provided by the User when filling out forms on the Website (including application forms, feedback forms, comments, etc.).
2.5. When visiting the Website, technical and anonymized data is automatically collected, which in certain cases may fall under the category of personal data. Such information is collected through web analytics systems (including third-party international and regional web analytics systems) and is used exclusively for:
· improving the convenience and security of the User’s experience;
· analyzing Website traffic and performance;
· fixing technical errors and adapting content.
2.6. The Operator does not process special categories of personal data (sensitive data), including:
· racial or ethnic origin;
· political opinions;
· religious or philosophical beliefs;
· health information, biometric data, or genetic data;
· information regarding a person’s private life or sexual orientation.
2.7. Processing of the above categories of personal data is permitted only in cases explicitly provided for by applicable law, with the User’s separate, explicit, and informed consent, and solely to the minimum extent necessary. The Operator does not knowingly collect or process personal data of individuals under the age of 18 without the prior consent of their legal guardians. If you are a parent or guardian and become aware that your child has provided personal data to the Operator, please contact us at info@srteam.ru — such data will be deleted.
3. Purposes of Personal Data Processing:
3.1. The Operator processes personal data based on the following legal grounds:· with the User’s consent;
· Performance of a contract to which the User is a party;
· to comply with legal obligations;
· to protect the legitimate interests of the Operator or third parties, provided the rights and freedoms of the User are not infringed;
· any other grounds permitted by applicable law.
3.2. Personal data is processed only for predefined, lawful, and justified purposes. All actions with personal data are intended to meet legal obligations, provide services, and facilitate interaction with the User, including:
3.2.1. Providing access to Website functionality and services:
· registering and identifying the User;
· processing applications, inquiries, and registration data;
· organizing access to the personal account;
· supporting the interaction process with the Operator.
3.2.2. Ensuring communication with the User:
· sending notifications, responses to requests, and registration confirmations;
· providing information on topics of interest to the User;
· technical support for the services used.
3.2.3. Information and marketing communications (only with consent):
· sending messages with news, promotions, or advertising of the Operator’s goods/services;
· distribution via email, phone, messaging apps, or other communication channels;
· the User may opt out at any time.
3.2.4. Analytics and service quality improvement:
· collection and analysis of anonymized data regarding Website usage;
· use of third-party analytics services (including international and regional web analytics systems);
· optimization of user experience, navigation, and functionality.
3.2.5. Compliance with legal requirements:
· bookkeeping, storage, and archiving;
· providing information in response to lawful requests from authorized authorities;
· fulfilling other obligations established by law.
3.3. Depending on the category of personal data subjects, the purposes of processing may be specified.
№ | Categories of Data Subjects | Purpose of Personal Data Processing | Categories of Personal Data Processed |
1. | Website Users
| Discussion of Potential Collaboration | Full name, phone number, and any other information provided with the User’s consent |
· the User has provided prior, specific, and informed consent; or
· such processing is carried out in accordance with explicit legal requirements.
4. Legal Basis for Processing
4.1. The Operator processes personal data only on lawful grounds, depending on the circumstances and the type of User, including:· where the User has given voluntary, specific, and informed consent;
· where processing is necessary to conclude or perform a contract with the User;
· where processing is required to comply with legal obligations applicable to the Operator;
· where processing is necessary to protect the legitimate interests of the Operator or third parties, provided it does not infringe the rights and freedoms of the User;
· in other cases, expressly permitted by applicable data protection laws.
4.2. For the purposes of this Policy, “applicable law” includes national and international legal frameworks governing the processing of personal data, such as:
· the legislation of the country in which the Operator is registered, including but not limited to personal data laws;
· regulations applicable to the Operator’s activities in countries where Users are located;
· international data protection standards, including, where relevant, the EU General Data Protection Regulation (GDPR) and equivalent laws in other countries or regions.
5. Collection and Storage of Data
5.1. Users’ personal data is collected exclusively through interactive forms available on the Website. All submitted data is transmitted directly to the Operator and is not processed via third-party forms, widgets, or scripts, except for the web analytics services specified in this Policy.5.2. Personal data is stored according to the principles of redundancy and minimal sufficiency. Data is retained on:
· a secure server, physically and logically controlled by the Operator;
· a licensed on-premise version of the CRM system Bitrix24, deployed on the Operator’s infrastructure without third-party cloud hosting.
5.3. The Operator implements appropriate organizational and technical safeguards to prevent unauthorized access, loss, alteration, disclosure, or other unlawful use of personal data. These measures include, among others::
· role-based access controls and authorization procedures;
· encryption of data transmission channels (e.g., HTTPS, SSL);
· regular backups and access logging;
· antivirus protection and security audits;
· mandatory confidentiality agreements (NDAs) with employees and contractors who have access to personal data.
5.4. Personal data is retained only for as long as necessary, in accordance with the following principles:
· until the purposes of processing, as set out in this Policy, have been fulfilled;
· or until the User withdraws consent to processing (where processing is based on consent);
· or for the retention periods required under applicable laws and regulations (e.g., tax or accounting obligations);
· or until the expiration of statutory limitation periods for legal claims arising from the use of the Website.
5.5. Upon the expiry of the applicable retention period, personal data shall either:
· be permanently deleted from the Operator’s information systems; or
· be anonymized, where further use for statistical or other legitimate purposes is required.
5.6. The User has the right to request the deletion or restriction of personal data processing at any time. The Operator will review such requests within the timeframes established by applicable law and, where legally required, implement the appropriate measures.
6. Use of Analytical and Technical Tools
6.1. To enhance the usability of the Website, analyze user behavior, optimize the interface, and assess the effectiveness of content, the Website employs third-party international and regional web analytics services.6.2. These services automatically collect and process anonymized data relating to the User’s activity on the Website, which may include:
· IP address (with possible geolocation);
· session duration and navigation path;
· referral sources;
· behavioral events (such as clicks, scrolling, or form completion);
· cookie identifiers.
6.3. The data collected is aggregated and anonymized and does not enable the Operator to directly identify individual Users.
6.4. The services used may involve the cross-border transfer of data, including to servers located in jurisdictions with different data protection standards. Such transfers are carried out:
· on the basis of standard contractual clauses or similar safeguards recognized in international data protection practice;
· in compliance with principles comparable to Article 12 of the Russian Data Protection Law, Articles 44–49 of the GDPR, or other applicable rules;
· with technical and organizational security measures applied by the respective service providers.
6.5. The Operator does not provide analytics services with personally identifiable information such as name, email address, or phone number.
6.6. The User may at any time:
· disable the storage of cookies through their browser settings;
· use “Incognito” or private browsing mode;
· employ built-in opt-out mechanisms (such as browser extensions).
· The Operator hereby informs the User that disabling cookies may adversely affect the proper functioning of certain features of the Website.
6.7. By continuing to use the Website after receiving a cookie notice, the User is deemed to have consented to the collection of anonymized analytical data as described in this Policy.
7. Access to and Disclosure of Data
7.1. Access to personal data is strictly limited to a defined group of authorized individuals acting on behalf of the Operator and permitted to process such data as part of their official duties. These include:· employees of the Operator who have received training on personal data protection;
· personnel who have signed confidentiality undertakings (including NDAs);
· other persons granted access in accordance with the Operator’s internal security policies.
7.2. Personal data may only be disclosed to third parties where a lawful basis exists and provided that an adequate level of protection is ensured. The Operator may transfer personal data to third parties solely in the following cases:
· where such transfer is expressly required or permitted by applicable law;
· where the transfer is necessary for the performance of a contract with the User;
· where the transfer is carried out on behalf of the Operator, subject to strict confidentiality obligations and limited to the scope necessary to accomplish the specific task.
7.3. The Operator will not disclose personal data to commercial partners, advertising agencies, marketing platforms, or any other parties without the User’s prior explicit consent, unless required by law.
7.4. The User has the right to request information about third parties to whom their personal data has been disclosed, including the identity of such parties, the purpose of disclosure, and the legal basis for the transfer. The Operator will provide such information within the time limits established by applicable law upon receipt of a written request.
8. Data Protection
8.1. The Operator implements comprehensive technical, organizational, and legal safeguards to protect personal data against unlawful or accidental access, alteration, destruction, disclosure, blocking, or any other unauthorized actions. Such safeguards are consistent with generally accepted international information security standards and include, inter alia:· restricting access to personal data on a strict need-to-know basis, limited to authorized employees and contractors with the appropriate level of clearance;
· antivirus protection, information security event monitoring, and regular software updates;
· the use of unique login credentials, secure passwords, and multi-factor authentication for access to CRM systems and other information platforms;
· mandatory confidentiality undertakings (including NDAs) signed by employees and all external contractors with access to personal data.
8.2. The Operator conducts regular risk assessments relating to personal data processing and reviews its protective measures to ensure their continued adequacy and effectiveness. Security audits are carried out as necessary, including with the involvement of external experts.
9. Rights of Data Subjects
9.1. A User whose personal data is processed by the Operator is entitled to exercise all rights granted under applicable data protection laws, including but not limited to:· Right of access — the User may request confirmation as to whether their personal data is being processed, obtain information on the categories of data processed, the purposes of processing, retention periods, sources of collection, as well as details of any transfers to third parties (including the legal basis and identity of such parties);
· Right to rectification — the User may require correction or completion of their personal data where errors, inaccuracies, or changes are identified;
· Right to erasure (“right to be forgotten”) — the User may request complete deletion of their personal data where: the data is no longer necessary for the purposes for which it was collected; processing is based on consent and such consent has been withdrawn; or the data is processed in violation of applicable law or this Policy;
· Right to withdraw consent — the User may at any time withdraw their consent to processing by submitting a written notice. Upon receipt of such withdrawal, the Operator will cease processing, except where processing is required by law (e.g., for accounting or tax purposes);
9.2. Right to lodge a complaint — the User may file a complaint with the competent supervisory authority for personal data protection in their jurisdiction of residence.
9.3. Users may submit any inquiries, requests, or demands regarding their personal data:
· by email to: info@srteam.ru;
· or through other communication channels indicated on the Website or in this Policy.
9.4. The Operator will review and respond to data subject requests within 30 calendar days from the date of receipt, unless otherwise required by law. A written, reasoned response will be provided, or the requested action (e.g., update, deletion) will be carried out.
9.5. When processing such requests, the Operator may require reasonable verification of the User’s identity (e.g., confirmation via the email address provided during registration or another legally permissible method) to prevent unauthorized actions by third parties.
10. Cookies
10.1. To ensure the proper functioning of the Website, enhance usability, personalize content, and perform analytics, the Operator employs cookies technology.10.2. Cookies are small data files (text files) stored on the User’s device (computer, smartphone, tablet, or other device) when visiting the Website. They enable the Website to recognize the User on subsequent visits, retain individual settings, and improve overall functionality.
10.3. The User has the right to:
· disable or restrict the use of cookies at any time via browser settings;
· delete previously stored cookies from their device;
· block the placement of third-party cookies.
Note: Disabling or restricting cookies may affect the availability or proper display of certain sections and functions of the Website.
10.4. By continuing to use the Website after the cookie notice (cookie banner) is displayed, the User provides consent to the use of cookies in accordance with this Policy. Additional information regarding cookie processing may be provided upon request.
11. Communications and Mailings
11.1. The Operator sends advertising, informational, or other electronic communications only upon obtaining the User’s prior, voluntary, specific, and informed consent.11.2. For the purposes of this Policy, “communications” include automated or personalized messages sent by the Operator via:
· email;
· SMS;
· social messaging platforms;
· other remote communication channels provided by the User.
11.3. Communications may contain:
· information about news, updates, and changes related to the Website;
· promotional offers and special campaigns;
· invitations to participate in surveys or provide feedback;
· other messages aligned with the User’s interests.
11.4. Consent to receive communications may be given by the User:
· via selection of the appropriate checkbox in Website forms;
· through subscription to a mailing list;
· by performing a confirming action (e.g., clicking “subscribe” or “receive updates”).
11.5. The User may withdraw consent at any time by using the unsubscribe link included in each message or by sending a notice to: info@srteam.ru.
11.6. Upon receipt of a withdrawal, the Operator will remove the User’s contact information from the relevant lists within a reasonable period, not exceeding 10 business days.
11.7. The Operator does not disclose Users’ personal data to third parties for external advertising or mailings without the User’s explicit separate consent.
12. International Data Transfers
12.1. As the Website targets an international audience, including the Middle East, Europe, Asia, and other regions, Users’ personal data may be transferred outside the country of the Operator’s registration, including to jurisdictions with different levels of data protection.12.2. Such transfers occur only when objectively necessary, in particular:
· when using cloud or technical services (e.g., web analytics, email, or CRM systems);
· when engaging contractors or technical operators located abroad;
· when communicating with a User located in another jurisdiction.
12.3. The Operator takes all reasonable measures to ensure an adequate level of protection for transferred personal data.
12.4. Personal data may be transferred to jurisdictions that do not provide an adequate level of legal protection only under one of the following conditions:
· the User’s explicit consent, given in accordance with this Policy;
· performance of a contract concluded with the User or in the User’s interest;
· fulfillment of the Operator’s legal obligations;
· other grounds explicitly provided by applicable law.
12.5. The User may request information regarding cross-border transfer mechanisms, including the identity of the recipient and the protective measures applied, by contacting: info@srteam.ru.
13. Amendments to the Policy
13.1. This Policy constitutes a public document (offer) and is subject to periodic review to ensure compliance with applicable laws and alignment with the Operator’s operational practices.13.2. The Operator reserves the right to modify or supplement this Policy at any time without prior notice to the User, unless otherwise required by law.
13.3. The revised version of the Policy comes into effect upon its publication on the Website at: https://www.teamsmartrec.com, unless a different effective date is specified in the updated Policy.
13.4. Users are encouraged to review this Policy regularly. Continued use of the Website following any amendments constitutes the User’s acceptance of the updated Policy.
13.5. Contact information for inquiries, suggestions, or requests concerning the processing of personal data: 📧 info@srteam.ru
14. Contact Information
14.1. Any matters not specifically addressed in this Policy shall be resolved in accordance with the User Agreement and the laws of the jurisdiction in which the Operator is registered.· Smart Recruiting LLC
· Taxpayer Identification Number (INN): 9703198551
· Address: 1 Sergeya Makeeva St., Room 15A/2, Moscow, 123100, Russia
· Email: info@srteam.ru