• Cart
  • RU
Неправильно введён индекс, город, страна, номер телефона

Privacy Policy

Privacy Policy for Personal Data of Website Users

1. General Provisions

1.1. This Privacy Policy for Personal Data of Website Users (hereinafter referred to as the Policy) has been developed in accordance with the requirements of Article 18.1 of Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data”, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data.

1.2. LIMITED LIABILITY COMPANY “BUBNOVY VALET” (TIN: 7702690333, PSRN: 5087746542208, address: 125009, Moscow, Stoleshnikov Lane, 2, bldg. 1, office 1) (hereinafter referred to as the Operator) ensures the protection of processed personal data against unauthorized access and disclosure, unlawful use or loss in accordance with the requirements of Federal Law No. 152-FZ of 27 July 2006 “On Personal Data”.

1.3. The Policy is a publicly available document that applies only to the website located on the Internet at: https://www.km20.ru/ (hereinafter referred to as the Website).

1.4. The Policy does not apply to third-party websites that the personal data subject may access via the Website.

1.5. The Policy establishes mandatory general requirements and rules for the Operator’s employees involved in the processing of personal data regarding the handling of all types of information carriers containing personal data of personal data subjects using the Website.

1.6. The Policy does not apply to issues of ensuring the security of personal data classified as information constituting a state secret of the Russian Federation.

1.7. The terms contained in Article 3 of the Personal Data Law are used in this Policy with the same meaning.

1.8. The following terms are also used in this Policy:

  • — Personal data subject, User/Website Visitor – any person visiting the Website and using the information, materials and services of the Website.
  • — Website – a set of software and hardware tools for computers that ensure the publication of information and data for public viewing, united by a common purpose, by means of technical tools used for communication between computers on the Internet.
  • — Confidentiality of personal data – the requirement mandatory for the Operator or any other person who has gained access to personal data not to disclose it to third parties and not to disseminate personal data without the consent of the personal data subject or on another legal basis provided for by federal law.
  • — Head – the sole executive body of the Operator.

1.9. Basic rights and obligations of the Operator.

1.9.1. The Operator has the right:

  • — to independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by this law or other federal laws;
  • — to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with such person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Personal Data Law, to observe the confidentiality of personal data, and to take necessary measures aimed at ensuring the fulfillment of obligations stipulated by the said law;
  • — to receive from the User reliable information and/or documents containing personal data for the purposes of processing specified in clause 2.3 of the Policy;
  • — in the event of the User’s withdrawal of consent to the processing of personal data, as well as the submission of a request to terminate the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject only if there are grounds specified in the Personal Data Law.

1.9.2. The Operator is obliged:

  • — to organize the processing of personal data exclusively for the purposes specified in clause 2.3 of the Policy, in the manner established by the current legislation of the Russian Federation;
  • — to provide the User, upon his request, with information concerning the processing of his personal data;
  • — to respond to appeals and requests from the User and his legal representative in accordance with the requirements of the Personal Data Law;
  • — to provide the authorized body for the protection of the rights of personal data subjects, upon request of that body, with the necessary information within the time limits established by law;
  • — to take legal, organizational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as against other unlawful actions in relation to personal data;
  • — to stop the transfer (dissemination, provision, access) of personal data, stop processing and destroy personal data in the manner and in the cases provided for by the Personal Data Law;
  • — to fulfill other obligations stipulated by the Personal Data Law.

1.10. Basic rights and obligations of the User.

1.10.1. The User has the right:

  • — to receive information concerning the processing of his personal data, including information about the Operator, confirmation of the fact of processing, as well as the right to access his personal data, except in cases provided for by the legislation of the Russian Federation;
  • — to demand from the Operator the clarification of his personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of processing, and to take measures provided by law to protect his rights;
  • — to withdraw consent to the processing of personal data, as well as to send a request to terminate the processing of personal data;
  • — to appeal to the authorized body for the protection of the rights of personal data subjects or in court against the actions or inaction of the Operator if he believes that the latter processes his personal data in violation of the requirements of Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” or otherwise violates his rights and freedoms;
  • — to exercise other rights provided for by the legislation of the Russian Federation.

1.10.2. The User is obliged:

  • — to ensure the accuracy of the personal data provided to the Operator that are necessary for the purposes of processing specified in clause 2.3 of the Policy;
  • — to inform the Operator about the clarification (updating, modification) of his personal data.

1.11. Liability for violation of the requirements of the legislation of the Russian Federation and the Operator’s regulatory acts in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.


2. Purposes and Legal Grounds for Processing Personal Data

2.1. The processing of personal data is limited to achieving specific, pre-determined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed.

2.2. Only personal data that meet the purposes of their processing shall be subject to processing.

2.3. The processing of personal data by the Operator on the website is carried out for the following purposes:

  • — identification and management of the user account on the Operator’s website;
  • — establishing feedback on the Operator’s website, as well as providing customer and technical support;
  • — promotion of goods, works and services on the market;
  • — collection and analysis of statistical data to improve the operation of the Operator’s website;
  • — preparation, conclusion and execution of civil law contracts;
  • — sending advertising information to the subject (including in the form of advertising and other information mailings).

2.4. The regulatory legal acts pursuant to which and in accordance with which the Operator processes personal data are:

  • — the Constitution of the Russian Federation;
  • — the Civil Code of the Russian Federation;
  • — Federal Law No. 149-FZ of 27.07.2006 “On Information, Information Technologies and Information Protection”;
  • — Law of the Russian Federation No. 2300-I of 07.02.1992 “On Protection of Consumer Rights”;
  • — Federal Law No. 152-FZ of 27.07.2006 “On Personal Data”;
  • — Federal Law No. 294-FZ of 26.12.2008 “On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercise of State Control (Supervision) and Municipal Control”;
  • — Decree of the President of the Russian Federation No. 188 of 06.03.1997 “On Approval of the List of Confidential Information”;
  • — Decree of the Government of the Russian Federation No. 1119 of 01.11.2012 “On Approval of Requirements for the Protection of Personal Data when Processed in Personal Data Information Systems”;
  • — Order of the FSTEC of Russia No. 21 of 18.02.2013 “On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data when Processed in Personal Data Information Systems”;
  • — other regulatory legal acts regulating relations related to the Operator’s activities.

2.5. The legal grounds for processing personal data also include:

  • — processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
  • — processing of personal data is necessary to achieve the purposes provided for by an international treaty of the Russian Federation or by law, for the performance of functions, powers and duties imposed on the operator by the legislation of the Russian Federation;
  • — processing of personal data is necessary for the performance of a contract to which the personal data subject is a party, beneficiary or guarantor, as well as for concluding a contract at the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor. The contract concluded with the personal data subject may not contain provisions that limit the rights and freedoms of the personal data subject, establish cases of processing personal data of minors if otherwise not provided for by the legislation of the Russian Federation, or provisions that allow inaction by the personal data subject as a condition for concluding the contract.

3. Scope and Categories of Personal Data Processed, Categories of Personal Data Subjects

3.1. The content and scope of personal data processed must correspond to the stated purposes of processing provided for in Section 2 of this Policy. The personal data processed must not be excessive in relation to the stated purposes of their processing.

3.2. The Operator may process personal data of the following categories of personal data subjects:

3.2.1. Website visitors — for the purpose of identification and management of the user account on the Operator’s website:

  • — last name, first name, patronymic;
  • — email address;
  • — phone number.

3.2.2. Website visitors — for the purpose of establishing feedback on the Operator’s website, as well as providing customer and technical support:

  • — last name, first name, patronymic;
  • — email address;
  • — phone number.

3.2.3. Clients, counterparties, mailing recipients — for the purpose of promotion of goods, works and services on the market:

  • — last name, first name, patronymic;
  • — email address;
  • — phone number;
  • — data collected through metric programs.

3.2.4. Website visitors — for the purpose of collection and analysis of statistical data to improve the operation of the Operator’s website:

  • — data collected through metric programs.

3.2.5. Clients, counterparties, website visitors — for the purpose of preparation, conclusion and execution of civil law contracts:

  • — last name, first name, patronymic;
  • — email address;
  • — phone number;
  • — delivery address.

3.2.6. Website visitors, mailing recipients — for the purpose of sending advertising information to the subject (including in the form of advertising and other information mailings):

  • — last name, first name, patronymic;
  • — email address;
  • — phone number.

3.3. The Operator does not process biometric personal data (information that characterizes the physiological and biological features of a person on the basis of which his identity can be established), nor special categories of personal data concerning racial or national origin, political opinions, religious or philosophical beliefs, health status, or intimate life, except in cases provided for by the legislation of the Russian Federation.

3.4. All personal data should be obtained directly from the User. In the event that consent to the processing of personal data is obtained from the User’s representative, his/her authority must be confirmed in the manner prescribed by law.


4. Procedure and Conditions for Processing Personal Data

4.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation in the following ways:

  • — non-automated processing of personal data;
  • — automated processing of personal data with or without the transfer of the received information via information and telecommunication networks;
  • — mixed processing of personal data.

4.2. The list of actions performed by the Operator with the personal data of personal data subjects for the purposes specified in clause 2.3 of the Policy:

  • — collection;
  • — recording;
  • — systematization;
  • — accumulation;
  • — storage;
  • — clarification (updating, modification);
  • — retrieval;
  • — use;
  • — transfer (provision, access);
  • — blocking;
  • — deletion;
  • — destruction.

4.3. The processing of personal data is carried out by the Operator with the consent of the personal data subjects to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.

4.4. Access to personal data is granted only to those employees of the Operator whose job duties involve the processing of personal data. The list of such employees is determined by the Operator’s local regulations and approved by order of the Head of the Operator.

4.5. Disclosure to third parties and dissemination of personal data without the User’s consent is not allowed, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the User for dissemination is drawn up separately from other consents of the User to the processing of his personal data. The requirements for the content of consent to the processing of personal data permitted by the personal data subject for dissemination are approved by Order of Roskomnadzor No. 18 dated 24.02.2021 “On Approval of Requirements for the Content of Consent to the Processing of Personal Data Permitted by the Personal Data Subject for Dissemination”.

4.6. The transfer of personal data to state authorities, local self-government bodies, and other authorized bodies is carried out in the framework of fulfilling the requirements of the legislation of the Russian Federation, subject to mandatory verification of the legality and validity of such a request.

4.7. The Operator guarantees the confidentiality of the User’s personal data received. When processing personal data, the Operator takes or ensures the taking of necessary legal, organizational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as against other unlawful actions in relation to personal data.

4.7.1. The security of personal data is achieved by the following methods:

  • — determining threats to the security of personal data during their processing in personal data information systems;
  • — applying organizational and technical measures to ensure the security of personal data during their processing in personal data information systems that are necessary to meet the requirements for the protection of personal data;
  • — applying information security means that have undergone the conformity assessment procedure in the established manner;
  • — adopting local regulations and other documents regulating relations in the field of processing and protection of personal data;
  • — appointing a person responsible for organizing the processing of personal data;
  • — assessing the effectiveness of the measures taken to ensure the security of personal data;
  • — recording machine-readable carriers of personal data;
  • — detecting facts of unauthorized access to personal data and taking appropriate measures;
  • — restoring personal data modified or destroyed due to unauthorized access;
  • — establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
  • — exercising continuous control over the measures taken and the level of security of personal data information systems;
  • — training the Operator’s employees directly involved in the processing of personal data in the provisions of the legislation of the Russian Federation.

4.8. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than is necessary to achieve each purpose of personal data processing, unless the storage period is established by federal law or a contract.

4.8.1. In the event that documents containing personal data generated in the course of the Operator’s activities are archival documents, their storage period may be determined in accordance with Order of Rosarkhiv No. 236 dated 20.12.2019 “On Approval of the List of Standard Management Archival Documents Generated in the Activities of State Bodies, Local Self-Government Bodies and Organizations, with Indication of Their Storage Periods”.

4.8.2. The storage period of personal data processed in personal data information systems corresponds to the storage period of personal data on paper carriers.

4.9. The period of processing of personal data is determined by the achievement of the purposes for which they were collected, unless another period is provided for by a contract or agreement with the User, as well as by applicable legislation.

4.9.1. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing or the loss of the need to achieve these purposes, the expiration of the consent period or withdrawal of consent to the processing of personal data (if there are no other grounds for processing personal data provided for by law), detection of unlawful processing of personal data, as well as in the event of termination of the Operator’s activities.

4.10. Upon the User’s request to terminate the processing of personal data, the Operator shall stop such processing within a period not exceeding ten business days from the date of receipt of the relevant request, except in cases provided for by law. This period may be extended by no more than five business days. For this purpose, the Operator must send the User a reasoned notification indicating the reasons for the extension of the period.

4.11. When collecting personal data via the information and telecommunication network “Internet”, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification) and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except in cases specified in the Personal Data Law.

4.12. The Operator ensures the confidentiality and security of personal data during their processing in accordance with the requirements of the Operator’s local regulations and the requirements of applicable legislation.

4.13. The User has the right to refuse receiving information mailings by sending a written statement to the Operator at the email address specified in clause 6.3 of the Policy requesting to stop processing his personal data in this manner. From the moment the Operator receives such a statement, the User’s personal data is immediately excluded from the mailing list.

4.14. The Operator does not carry out cross-border transfer of personal data.

4.15. To analyze the behavior of Users on the Website, improve its quality and content, as well as for targeting advertising materials, the Website uses metric programs (web analytics services).

4.15.1. By using the Website, the User agrees to the automated processing of data transmitted by his browser using the specified programs, including: IP address, cookie data, browser information, technical characteristics of the equipment and software, date and time of access, addresses of requested pages and other similar information.

4.15.2. The following metric programs are used on the Website:
Yandex.Metrica. Data processing is carried out in accordance with the Yandex Privacy Policy: https://yandex.ru/legal/confidential/.
Top.mail. Data processing is carried out in accordance with the VK Privacy Policy: https://help.mail.ru/legal/terms/top/pp/

4.15.3. Metric programs collect generalized statistical information that does not identify a specific User and is not used to establish his identity. The data obtained is intended to provide information on how Users interact with the Website and helps the Operator improve its functionality and content.

4.15.4. The User may prohibit the collection of data by metric programs by disabling cookies in his browser settings or using special software tools to block them.

4.15.5. Disabling the use of metric programs may lead to deterioration in the quality of the Website and limitation of the availability of some of its functions.

4.16. The Operator transfers personal data to the following third parties:

  • — Limited Liability Company “Yandex”, TIN: 7736207543
    Address: 119021, Moscow, Leo Tolstoy Street, 16.
    Purpose of data transfer — collection and analysis of statistical data to improve the operation of the Operator’s website.
  • — Limited Liability Company “VK”, TIN: 7743001840
    Address: 125167, Moscow, Leningradsky Prospekt, 39, bldg. 79.
    Purpose of data transfer — collection and analysis of statistical data to improve the operation of the Operator’s website.

4.17. Persons processing Users’ personal data on behalf of the Operator are obliged to comply with the principles and rules for processing personal data provided for by the legislation of the Russian Federation.


5. Updating, Correction, Deletion, Destruction of Personal Data, Responses to Requests from Subjects for Access to Personal Data

5.1. Procedure for granting access to personal data based on an appeal (request).

5.1.1. The information provided for in Part 7 of Article 14 of the Personal Data Law is provided to the User within ten business days from the date the Operator receives the request. This period may be extended by no more than five business days provided that the User is sent a reasoned notification.

5.1.2. The Operator provides the requested information to the User or his representative in the form in which the relevant appeal or request was sent, unless otherwise specified in the appeal or request itself. If the appeal (request) does not reflect all the necessary information in accordance with Part 3 of Article 14 of the Personal Data Law, or the personal data subject does not have the right to access the requested information, a reasoned refusal is sent to him.

5.1.3. The User’s right to access his personal data may be restricted in accordance with Part 8 of Article 14 of the Personal Data Law, including if access to his personal data violates the rights and legitimate interests of third parties.

5.2. Procedure for updating and correcting personal data.

5.2.1. In the event that inaccurate personal data is detected upon the appeal of the User or his representative or upon their request or upon the request of the authorized body for the protection of the rights of personal data subjects, the Operator blocks the personal data relating to this User from the moment of such appeal or receipt of the request for the period of verification, if blocking the personal data does not violate the rights and legitimate interests of the User or third parties.

5.2.2. In the event that the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the User or his representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, clarifies the personal data within seven business days from the date of submission of such information and removes the blocking of personal data.

5.3. Procedure for termination of unlawful processing of personal data.

5.3.1. In the event that unlawful processing of personal data is detected upon the appeal (request) of the User or his representative or the authorized body for the protection of the rights of personal data subjects, the Operator blocks the unlawfully processed personal data relating to this User from the moment of such appeal or receipt of the request for the period of verification.

5.3.2. In the event that the fact of unlawful processing of personal data is confirmed, the Operator, within a period not exceeding three business days from the date of such detection, terminates the unlawful processing of personal data or ensures the termination of the unlawful processing of personal data. If it is impossible to ensure the lawfulness of the processing of personal data, the Operator, within a period not exceeding ten business days from the date of detection of unlawful processing of personal data, destroys such personal data or ensures their destruction.

5.4. Deletion of personal data from the Website is carried out on the basis of a written appeal by the User (his representative) or the authorized body for the protection of the rights of personal data subjects, including in the form of an electronic document signed with an electronic signature in accordance with the legislation of the Russian Federation.

5.5. Procedure for destruction of personal data by the Operator.

5.5.1. The Operator destroys personal data in the following cases and within the established time limits:

  • — upon achievement of the purpose of personal data processing or loss of the need to achieve it — within thirty days;
  • — upon request of the User (his representative) upon confirmation that the personal data were obtained unlawfully or are not necessary for the stated purpose of processing — within seven business days;
  • — upon withdrawal by the User of consent to the processing of his personal data, if their further storage is no longer required for the purpose of processing — within thirty days;
  • — upon expiration of the storage periods for documents containing personal data — within thirty days.

5.5.2. Upon achievement of the purpose of personal data processing, as well as in the event of the User’s withdrawal of consent to the processing of personal data, they are subject to destruction, unless otherwise provided by a contract or other agreement with the User or the Operator is not entitled to process them without the consent of the User on the grounds provided for by the Personal Data Law or other federal laws.

5.5.3. Destruction of personal data is carried out by a commission established by order of the Head of the Operator.

5.5.4. The methods of destruction of personal data are established in the Operator’s local regulations.


6. Final Provisions

6.1. The Policy was approved by order of the Head of the Operator No. 1-PD dated 15.04.2026 and remains in effect indefinitely until a new version of the Policy comes into force.

6.2. In the event of changes in the legislation of the Russian Federation in the field of personal data protection, the Operator adopts a new version of the Policy taking into account the changes. Until that moment, the Policy remains in force to the extent that it does not contradict the current legislation of the Russian Federation.

6.3. The following contact details may be used to contact the Operator:
tel.: +7 495 623-78-88;
e-mail: customers@km20.ru;
postal address: 125009, Moscow, Stoleshnikov Lane, 2, bldg. 1, office 1.

KM20 – the main concept store in Moscow, which presents fashionable clothing from the most current designers and promising brands. In our online store you can buy fashionable things of such designers as Jean Paul Gaultier, Dries Van Noten, Maison Margiela, Diesel and many others. In KM20 you can buy fashionable clothes for men and women. The online store presents the most exclusive collaborations and fashionable brands. We present branded clothes of various price categories, accessible for both adult and youth audiences. Our online store also offers you express delivery for comfortable online shopping.
Cart
 
Remove the item from the shopping cart?
Remove the wishlist?
Remove product from wishlist?
We use cookies to improve website functionality. You can disable cookies in your browser settings. By clicking "ACCEPT," you agree to the use of cookies.