Select language
Reserve
Club CardReserve

Privacy Policy on the Processing of Personal Data — Timeless

1. GENERAL PROVISIONS

This Privacy Policy on the processing of personal data has been drafted in accordance with Federal Law No. 152-FZ of July 27, 2006, “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data as well as the measures taken to ensure the security of personal data by the TIMELESS trademark users (franchisees) — LLC “OXFORD”, LLC “VKUSNO”, LLC “CAMBRIDGE”, LLC “NORFOLK”, LLC “BRIGHTON”, LLC “HARVARD”, and the rights holder LLC “OXBRIDGE” (hereinafter collectively referred to as the “Operator”).

1.1. The Operator considers the observance of human and civil rights and freedoms in the processing of personal data to be one of its highest priorities, including the protection of the right to privacy, personal and family confidentiality.

1.2. This Privacy Policy (hereinafter referred to as the “Policy”) applies to all personal data that the Operator may obtain about visitors to the website https://timeless.club

2. KEY TERMS USED IN THIS POLICY

2.1. Automated processing of personal data — processing of personal data using computer technology.

2.2. Blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data).

2.3. Website — a collection of graphic and informational materials, as well as software and databases, made available on the Internet at https://timeless.club.

2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means that enable their processing.

2.5. Depersonalization of personal data — actions that render it impossible to determine, without the use of additional information, the association of personal data with a specific User or other data subject.

2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.7. Operator — a government body, municipal authority, legal entity, or individual that, independently or jointly with others, organizes and/or carries out the processing of personal data, and determines the purposes of such processing, the composition of personal data to be processed, and the actions (operations) performed on personal data.

2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://timeless.club.

2.9. Personal data made publicly available by the data subject — personal data to which the data subject has granted access to an unlimited number of persons by giving consent for their processing and dissemination in accordance with the Personal Data Law (hereinafter — personal data authorized for dissemination).

2.10. User — any visitor to the website https://timeless.club.

2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a defined group of persons.

2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or making personal data available to the general public, including publication in mass media, posting in information and telecommunications networks, or otherwise granting access to personal data.

2.13. Cross-border transfer of personal data — the transfer of personal data to the territory of a foreign state to a foreign governmental authority, a foreign individual, or a foreign legal entity.

2.14. Destruction of personal data — any actions that result in the permanent, irreversible deletion of personal data with no possibility of restoring the content of such data in the personal data information system and/or that lead to the destruction of physical media containing personal data.

3. PRIMARY RIGHTS AND OBLIGATIONS OF THE OPERATOR

3.1. The Operator has the right to:

– receive accurate information and/or documents containing personal data from the personal data subject;
– continue processing personal data without the data subject’s consent if the data subject withdraws consent, provided there are legal grounds as specified by the Personal Data Law;
– independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations established by the Personal Data Law and applicable regulatory legal acts, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Operator is obligated to:

– provide the personal data subject, upon request, with information regarding the processing of their personal data;
– organize the processing of personal data in accordance with the procedures established by the legislation of the Russian Federation;
– respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
– submit the necessary information to the authorized body for the protection of the rights of personal data subjects upon request of such body within 30 days from the date of receipt of the request;
– publish or otherwise ensure unrestricted access to this Privacy Policy regarding the processing of personal data;
– take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and any other unlawful actions;
– terminate the transfer (dissemination, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases stipulated by the Personal Data Law;
– fulfill any other obligations stipulated by the Personal Data Law.

4. PRIMARY RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS

4.1. Personal data subjects have the right to:

– receive information regarding the processing of their personal data, except in cases provided for by federal law. Such information shall be provided to the data subject by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, unless there are lawful grounds for disclosing such data. The scope of information and the procedure for obtaining it are established by the Personal Data Law;
– request that the Operator clarify, block, or delete their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing, and to take legal measures to protect their rights as prescribed by law;
– set a condition requiring prior consent for the processing of personal data for the purpose of promoting goods, works, and services on the market;
– withdraw their consent to the processing of personal data;
– appeal to the authorized body for the protection of personal data subjects’ rights or to a court against unlawful actions or inaction by the Operator in the processing of their personal data;
– exercise other rights provided by the legislation of the Russian Federation.

4.2. Personal data subjects are obligated to:

– provide the Operator with accurate information about themselves;
– notify the Operator of any clarification (update, amendment) of their personal data.

4.3. Individuals who provide the Operator with false information about themselves or information about another personal data subject without that subject’s consent shall be held liable in accordance with the legislation of the Russian Federation.

5. PERSONAL DATA THAT MAY BE PROCESSED BY THE OPERATOR

5.1. Surname, first name, and patronymic (if applicable).
5.2. Email address.
5.3. Telephone numbers.
5.4. Year, month, date, and place of birth.
5.5. Other information necessary for the provision of services.
5.6. The website also collects and processes anonymized data about visitors (including cookie files) through web analytics services (such as Yandex.Metrica, Google Analytics, and others).

5.7. The above-listed data are collectively referred to in this Policy as Personal Data.

5.8. The Operator does not process special categories of personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, or data concerning health or sex life.

5.9. The processing of personal data that falls within the special categories referred to in Part 1, Article 10 of the Personal Data Law and is authorized by the data subject for dissemination is permitted only if the prohibitions and conditions provided in Article 10.1 of the Personal Data Law are observed.

5.10. The User’s consent to the processing of personal data authorized for dissemination shall be obtained separately from other consents to the processing of their personal data. In doing so, the conditions provided for in Article 10.1 of the Personal Data Law shall be observed. The requirements for the content of such consent are established by the authorized body for the protection of the rights of personal data subjects.

5.10.1. The User shall provide the Operator with consent for the processing of personal data authorized for dissemination directly.

5.10.2. Within no more than three (3) business days from the moment such consent is received from the User, the Operator must publish information regarding the terms of processing, including any restrictions and conditions applicable to the dissemination of such personal data to an unlimited number of persons.

5.10.3. The dissemination (disclosure, provision, or access) of personal data authorized for dissemination by the personal data subject must be terminated at any time upon the data subject’s request. Such a request must include the subject’s full name, contact information (such as phone number, email address, or mailing address), and a list of the personal data whose processing must cease. The personal data specified in the request may be processed only by the Operator to whom the request was addressed.

5.10.4. Consent for the processing of personal data authorized for dissemination shall cease to be valid upon receipt by the Operator of the request specified in clause 5.10.3 of this Policy.

6. PRINCIPLES OF PERSONAL DATA PROCESSING

6.1. The processing of personal data shall be carried out on a lawful and fair basis.

6.2. The processing of personal data shall be limited to the achievement of specific, pre-defined, and lawful purposes. The processing of personal data that is incompatible with the purposes for which it was collected is not permitted.

6.3. The merging of databases containing personal data that are processed for incompatible purposes is not permitted.

6.4. Only personal data that are relevant to the purposes of their processing shall be subject to processing.

6.5. The content and volume of the processed personal data must correspond to the stated purposes of processing. The processing of personal data that is excessive in relation to the stated purposes is not permitted.

6.6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the data in relation to the purposes of processing shall be ensured. The Operator shall take necessary measures and/or ensure that such measures are taken to delete or clarify incomplete or inaccurate data.

6.7. Personal data shall be stored in a form that enables the identification of the data subject for no longer than is necessary for the purposes of personal data processing, unless a longer retention period is required by federal law or by an agreement to which the data subject is a party, beneficiary, or guarantor. Once the purposes of processing have been fulfilled, or if the need to achieve these purposes no longer exists, the processed personal data shall be destroyed or anonymized, unless otherwise provided by federal law.

7. PURPOSES OF PERSONAL DATA PROCESSING

7.1. The purposes of processing the User’s personal data are as follows:
– to inform the User by sending email messages;
– to inform the User via SMS messages;
– to enter into, perform, and terminate civil-law contracts;
– to provide the User with access to services, information, and/or materials available on the website https://timeless.club.

7.2. The Operator is also entitled to send the User notifications about new products and services, special offers, and various events via any available communication channels (email, SMS messages, push notifications, and others). The User may at any time opt out of receiving such informational messages by sending an email to the Operator at welcome@timeless.club with the subject line: “Unsubscribe from notifications about new products, services, and special offers.”

7.3. Anonymized data collected from Users through web analytics services is used to gather information about User behavior on the website, with the aim of improving the quality and content of the site.

8. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

8.1. The legal grounds for the processing of personal data by the Operator include:
– contracts concluded between the Operator and the personal data subject;
– federal laws and other regulatory legal acts governing the protection of personal data;
– the User’s consent to the processing of their personal data, including consent to the processing of personal data authorized for dissemination.

8.2. The Operator processes the User’s personal data only when such data is provided voluntarily by the User via designated forms available on the website https://timeless.club or by email correspondence sent to the Operator. By completing the relevant forms and/or submitting their personal data, the User consents to this Privacy Policy.

8.3. The Operator processes anonymized data about the User if such processing is permitted in the User’s browser settings (e.g., cookies are enabled and JavaScript technology is allowed).

8.4. The personal data subject independently decides to provide their personal data and gives consent freely, voluntarily, and in their own interest.

9. CONDITIONS FOR PERSONAL DATA PROCESSING

9.1. Personal data shall be processed with the consent of the personal data subject to such processing.

9.2. Personal data processing is necessary for the achievement of purposes established by an international treaty of the Russian Federation or by law, and for the performance of functions, powers, and obligations imposed on the Operator by the legislation of the Russian Federation.

9.3. Personal data processing is necessary for the administration of justice, execution of a judicial act, or an act issued by another authority or official subject to enforcement under the legislation of the Russian Federation on enforcement proceedings.

9.4. Personal data processing is necessary for the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for entering into a contract at the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor.

9.5. Personal data processing is necessary for the exercise of the Operator’s or third parties’ rights and legitimate interests, or for the achievement of socially significant objectives, provided that this does not violate the rights and freedoms of the personal data subject.

9.6. Processing is carried out on personal data made publicly available by the personal data subject or at their request (hereinafter referred to as publicly available personal data).

9.7. Processing is carried out on personal data subject to publication or mandatory disclosure in accordance with federal law.

10. PROCEDURE FOR COLLECTION, STORAGE, TRANSFER, AND OTHER FORMS OF PERSONAL DATA PROCESSING

The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures required for the full compliance with applicable legislation on personal data protection.

10.1. The Operator ensures the safekeeping of personal data and takes all reasonable measures to prevent unauthorized access to personal data by third parties.

10.2. The User’s personal data shall never, under any circumstances, be transferred to third parties, except in cases required by applicable law or when the personal data subject has given the Operator explicit consent for such transfer to a third party for the purpose of fulfilling obligations under a civil-law contract.

10.3. In the event of inaccuracies in personal data, the User may independently update the data by sending a notification to the Operator’s email address at welcome@timeless.club with the subject line: “Personal Data Update.”

10.4. The duration of personal data processing is determined by the time required to achieve the purposes for which the personal data was collected, unless otherwise stipulated by a contract or applicable law.
The User may withdraw their consent to the processing of personal data at any time by sending a notification to the Operator via email at welcome@timeless.club with the subject line: “Withdrawal of Consent to Personal Data Processing.”

10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by such parties (Operators) in accordance with their own Terms of Use and Privacy Policies. The personal data subject and/or User is independently responsible for familiarizing themselves with these documents in a timely manner. The Operator shall not be held liable for the actions of third parties, including the service providers referenced in this clause.

10.6. Any restrictions set by the personal data subject on the transfer (excluding access provision), processing, or terms of processing of personal data authorized for dissemination shall not apply in cases where such processing is conducted in the interests of the state, society, or other public interests as defined by the legislation of the Russian Federation.

10.7. The Operator ensures the confidentiality of personal data during its processing.

10.8. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than is necessary to achieve the purposes of processing, unless a longer retention period is stipulated by federal law or by a contract to which the personal data subject is a party, beneficiary, or guarantor.

10.9. The processing of personal data may be terminated upon the achievement of processing purposes, the expiration of the data subject’s consent, the withdrawal of such consent by the data subject, or the identification of unlawful processing of personal data.

11. LIST OF ACTIONS PERFORMED BY THE OPERATOR WITH PERSONAL DATA

11.1. The Operator performs the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

11.2. The Operator carries out automated processing of personal data, including the receipt and/or transmission of such data via information and telecommunications networks or without the use of such networks.

12. CROSS-BORDER TRANSFER OF PERSONAL DATA

12.1. Prior to initiating the cross-border transfer of personal data, the Operator must ensure that the foreign country to whose territory the transfer is intended provides reliable protection of the rights of personal data subjects.

12.2. Cross-border transfer of personal data to the territory of foreign countries that do not meet the above requirements may be carried out only with the written consent of the personal data subject to such transfer and/or for the performance of a contract to which the personal data subject is a party.

13. CONFIDENTIALITY OF PERSONAL DATA

The Operator and any other parties who have access to personal data are obligated not to disclose such data to third parties and not to disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.

14. FINAL PROVISIONS

14.1. The User may obtain any clarification regarding the processing of their personal data by contacting the Operator via email at welcome@timeless.club.

14.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. This Policy is valid indefinitely until replaced by a new version.

14.3. The current version of the Policy is publicly available online at https://timeless.club/legal.

 

Feedback

it’s time to get acquainted

thank you
your message was sent successfully
We will contact you in case some details need to be clarified.
With love, TIMELESS
go back to the main page

waiting for you

-30% on your first visit
-30% on your first visit

Your promo code — 30NEW

read more