Policy on Personal Data Processing
- General
- The Policy on Personal Data Processing (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data are processed by a private limited liability company
- The Policy is developed in accordance with cl. 2 Part 1 Art. 18.1 of the Federal Law dated July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter the Federal Law "On Personal Data"), as well as taking into account the requirements of EU Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (GDPR).
- The Policy contains the information subject to disclosure in accordance with Part 1 Art. 14 of the Federal Law "On Personal Data", and is a public document.
- Operator Info
- The Operator works at the address: Russian Federation, Moscow Region, Krasnogorsk, 4, Stroiteley blvd., bld. 1 (branch).
-
Information on the Personal Data Processing
- The Operator processes personal data lawfully and fairly to perform the functions, powers, and duties assigned by law, and to exercise the rights and legitimate interests of the Operator, the Operator's employees, and third parties.
- The Operator receives personal data directly from the personal data subjects.
- The Operator processes personal data in automated and non-automated ways, using computer equipment and without using such means.
- Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
- The Operator shall retain the Personal Information for as long as is necessary to achieve the purpose for which it was collected or to comply with applicable laws and other regulations.
-
Processing of the Clients Personal Data
- The Operator processes clients' personal data with their consent provided by clients and/or their legal representatives by performing exclusive actions on this website, including, but not limited to, placing an order, registering a personal account, subscribing to a newsletter, in accordance with this Policy.
- The Operator processes the clients' personal data no longer than required for the purposes of personal data processing unless otherwise provided by the requirements of applicable law.
- The Operator processes the following clients' personal data:
— Surname, name, patronymic;
— Contact phone number;
—°Email address.
- The Operator protects the User's personal information in accordance with the requirements for the protection of such information and is responsible for the use of safe methods of such information protection.
- The Operator applies the necessary and sufficient technical and administrative measures to protect the User's personal information, ensure its proper use and prevent unauthorized and/or accidental access to it. The personal information provided by the User is stored on servers with limited access located in protected premises.
- The Operator shall have the right to transfer the User's personal information (including organizations recording, systematizing, accumulating, clarifying, storing, extracting, directly sending to the User special offers, information about new products and promotions, processing of requests and appeals, as well as destroying personal information) to third parties in the following cases:
— as part of the use of a certain Service by the user or to provide a service to the user or fulfill obligations under the agreement;
— the transfer is done under the Russian or other applicable legislation as part of the procedure established by law.
-
Information on ensuring personal data security
- The Operator appoints a person responsible for the organization of personal data processing to perform the duties provided for by applicable law.
- The Operator applies a set of legal, organizational and technical measures to ensure confidentiality of personal data and their protection from unlawful actions:
— provides unrestricted access to the Policy whose copy is located at the Operator's address and can also be placed on the Operator's website (if any);
— in pursuance of the Policy, approves and enables the document "Regulation on Personal Data Processing" (hereinafter referred to as the Regulation) and other local acts;
— familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and the Regulation;
— gives the employees access to personal data processed in the Operator's information system, as well as to their tangible media only for the performance of labor duties;— establishes the rules for access to the personal data processed in the Operator's information system, provides registration and accounting of all actions with them;
— assesses the harm that may be caused to personal data subjects in case of violation of applicable law;
— determines threats to the security of personal data when they are processed in the Operator's information system;
— applies organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;
— detects facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them;
— assesses the effectiveness of measures taken to ensure the security of personal data before the commissioning of the Operator's information system;
— carries out internal control of the personal data processing compliance with the requirements of applicable law for personal data protection, the Policy, the Regulation and other local acts, including control over the measures taken to ensure the security of personal data and their level of security when they are processed in the Operator's information system.
-
Rights of Personal Data Subjects
- The personal data subject shall have the right:
— to receive personal data relating to this subject and information relating to their processing;
— to correct inaccurate personal data without undue delay and, taking into account the purposes of collection and processing, supplement incomplete personal data, including by providing an additional statement;
— to clarify, restrict, block or destroy ("the right to be forgotten") his personal data in case they are incomplete, outdated, inaccurate, illegally obtained, or are not necessary for the stated purpose of processing;
— to withdraw his consent to the processing of personal data;
— to protect his rights and legitimate interests, including compensation for damages and moral damage in court;
— to appeal against the Operator's actions or inaction to the authorized body for the protection of the personal data subjects' rights or in court.
— to request an electronic copy of his personal data in a structured, widely used, machine-readable format.
- The personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative in order to exercise their rights and legitimate interests.
-
Purposes of Collecting and Processing the Users' Personal Information:
- The Operator collects, processes and stores only the personal information that is necessary.
- The Operator processes the clients' personal data for the purpose of accepting partnership offers and further negotiations for the following purposes:
- identification of the party as part of agreements with the Operator;
- acceptance of partnership proposals and further negotiations;
- provision of customer support and service to the User;
- informing the User about the activities and actions carried out by the Operator;
- The Operator does not check the accuracy of the personal information provided by the User and does not monitor its relevance. All responsibility, as well as possible consequences for the provision of inaccurate or irrelevant personal information, shall be borne by the User.