Processing of personal data
- General Provisions.
- The present policy on the processing of personal data (hereinafter - the Policy) is prepared in accordance with paragraph 2 of. 1 article 18.1 of the Federal Law of Russian Federation "On Personal Data" № 152-FZ dated July 27, 2006 (hereinafter - the Law) and defines the position of the site administration (hereinafter - the Administration) in the processing and protection of personal data (hereinafter - the Data), the rights and freedoms of every person and in particular the right to privacy, personal and family secrets.
- Application.
- This Policy applies to Data received both before and after the enactment of this Policy.
- Aware of the importance and value of Data, as well as concerned about respect for the constitutional rights of citizens of the Russian Federation and citizens of other states, the site administration provides reliable protection of Data.
- Definitions.
- Data refers to any information relating to a directly or indirectly identified or identifiable individual, i.e., such information includes, but is not limited to: last name, first name, middle name, email, location, link to a personal website or social media, ip address.
- Data processing means any action (operation) or a set of actions (operations) with Data performed using automation and/or without the use of such means. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
- Data security means protection of Data from unauthorized and/or unauthorized access to Data destruction, change, blocking, copying, distribution, as well as from other unlawful acts in relation to Data.
- Legal basis and purpose of Data processing.
- We, the Site Administration, process and protect user data in accordance with the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other federal laws and guidance documents FSTEC of Russia and the FSB of Russia.
- We process data from users and visitors to our site, including for the purposes of placing orders on this site.
- We process user data for the following purposes:
- Fulfillment of our functions, powers and duties as prescribed to us by the legislation of the Russian Federation in accordance with federal laws.
- Supplying users with the following information:
- Information about products/services, current promotions and special offers
- Analysis of the quality of service and improvement of customer service.
- Information on the status of orders.
- Implementation of contracts, including remote purchase and sale contracts on the site, rendering of compensated services, provision of services and accounting of services rendered for mutual settlements.
- Delivery of ordered products to users and the ability to return products
- Data processing principles and conditions.
- When processing data, the site administration observes the following principles: the data are processed in a lawful and fair manner; the data are not disclosed to third parties or disseminated without the consent of the data subject, except when required by authorized public authorities or judicial procedures; specific lawful purposes of data processing are determined before the data collection process begins; only data necessary and sufficient to achieve the stated purposes are collected; the association of the databases that are processed
- The site administration can include data subjects in publicly available data sources only if the subject's written consent to the processing of his data or the expression of consent through the form on the site (checkbox).
- The administration of the site does not process data related to race, ethnicity, political views, religious, philosophical and other beliefs, personal life, membership in public associations, including trade unions.
- The site does not process any biometric data that can be used to identify individuals.
- The site administration can transfer personal data abroad. In this case, foreign countries, in whose territory the data transfer takes place, must ensure adequate protection of the rights of personal data subjects in accordance with the level of security defined by the Council of Europe Convention.
- The administration of the site may transfer data to third parties (eg, government agencies) in cases stipulated by Russian law.
- The site may authorize third parties to process data with the consent of the data subject under a contract with them, including through a user agreement and a policy on the processing of personal data posted on the site. The administration of the site may entrust the processing of data to third parties with the consent of the data subject under a contract, including the use of the User Agreement and the policy of processing of personal data posted on the site.
- Persons who process data on behalf of the Administration of the site on the basis of a contract are obliged to comply with the principles and rules of data processing and protection, established by the legislation of the Russian Federation. For each third party, the contract must define a list of actions with data, the purposes of processing, data protection requirements, as well as the obligation to respect the confidentiality and security of data.
- The site administration processes data both with and without the use of automation in order to fulfill its contractual obligations. Processing operations include collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, depersonalization, blocking, deletion and destruction of data.
- The site administration prohibits making decisions that produce legal consequences or affect the rights and lawful interests of the Data subject, based solely on the automated processing of Data, decisions that produce legal consequences in relation to the Data subject or otherwise affect their rights and lawful interests.
- Rights and obligations of the persons whose data are processed and of the site administration with regard to data processing.
- The subject whose Data is processed by the Site Administration has the right:
- Receive from the site Administration:
- Confirmation of the fact of Data processing and information about the availability of Data pertaining to the relevant Data subject.
- Information on the legal basis and purpose of Data processing
- Information about the Data processing methods used by the Site Administration
- List of processed Data pertaining to the Data subject and information about the source of the data
- Data processing time, including storage time
- Information on how the subject of Data exercises his rights.
- Other information provided by the Law or other regulations of the Russian Federation.
- Require the Site Administration:
- Clear, block or delete your Data if it is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing
- Cancel his consent to the processing of Data at any time; demand the removal of unlawful acts of the Administration of the site in respect of his Data.
- The protection of their rights and legitimate interests, including compensation for damages and/or compensation for moral harm in court.
- The site administration is obliged to process personal data:
- Provide the data subject with information about the processing of his personal data at his request or refuse to provide it on legitimate grounds within 30 days of receiving the request
- Explain to the data subject the legal consequences of a refusal to provide data if its provision is mandatory under federal law.
- Take or ensure that the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, sharing, distribution or other wrongdoing.
- Publish on the Internet and provide unrestricted access to the document that defines the site policy on the processing of personal data and information about the requirements for the protection of personal data.
- Give data subjects and/or their representatives the opportunity to review their personal data upon request within 30 days of receiving the request
- Block inappropriately processed personal data relating to the data subject, upon receipt of a request or on its own initiative if it is found to be inappropriately processed during the inspection period.
- Clear personal data or provide clarification within 7 working days from the date of presentation of the information and remove the blocking of data, if it is confirmed inaccurate on the basis of information provided by the data subject or his representative.
- Stop unauthorized processing of personal data or ensure that it is stopped.
- Stop processing of personal data and destroy it after achieving the purpose of processing, unless otherwise provided by the contract.
- Stop processing of personal data or ensure that it is terminated and destroy the data or ensure its destruction in case the data subject has withdrawn his consent to the data processing, if the Administration of the site is not entitled to the processing of personal data without the consent of the subject.
- Requirements for the protection of personal data.
- The site administration takes all necessary legal, organizational and technical measures in processing personal data to protect them from unauthorized access, destruction, modification, blocking, copying, distribution and other unlawful acts.
- Such measures include:
- appointment of responsible persons for the organization of processing and protection of personal data.
- Drafting and approval of local acts regulating the processing and protection of personal data.
- Applying legal, organizational and technical measures to ensure the security of personal data.
- Determination of threats to the security of personal data in their processing in information systems.
- Use organizational and technical measures to ensure the security of personal data during their processing in information systems.
- Pass the conformity assessment procedure for information security.
- Evaluation of the effectiveness of measures to ensure the security of personal data prior to the commissioning of the information system.
- Recording of personal data storage media.
- Detecting unauthorized access to personal data and taking measures to prevent such incidents.
- Recovering personal data modified or destroyed as a result of unauthorized access.
- Setting the rules of access to personal data in the information system and registration of all actions taken with them.
- Monitoring of measures to ensure the security of personal data and the level of protection of information systems.
- Assessment of the harm that may be caused to personal data subjects in the event of a breach of the requirements of the law.
- The site administration must comply with the conditions that prevent unauthorized access to tangible media personal data and ensure the safety of this data.
- Terms of processing (storage) of personal data.
- Terms of processing (storage) of personal data are set with regard to the purposes of processing, the duration of the contract with the subject of personal data, the requirements of legislation, as well as the requirements of data controllers, on behalf of which the Administration carries out the processing of personal data, and the limitation period.
- Personal data whose processing (storage) period has expired must be destroyed. Storage of personal data after the termination of their processing is allowed only after their depersonalization.
- The procedure for obtaining explanations for data processing.
- People whose data is processed by the Administration of the site can receive an explanation of the processing of their data by contacting the Administration of the site through the feedback form.
- Exclusive Provisions.
- This Policy is the rules of the site and it is publicly available because it is published on the site. We may change this Policy at any time for the following reasons:
- If the legislation of the Russian Federation on personal data changes.
- If we receive a directive from a government agency that we need to change our Policy.
- If we decide to change the Policy.
- If we change the purposes and deadlines for processing personal data.
- If we change the structure of the site, information or telecommunications systems.
- If we use new technologies to process and protect personal data.
- If we have to change the processing of personal data in connection with the activities of the site.
- The consent to the processing of personal data posted on the site is an integral part of this Policy.
- This policy goes hand in hand with the Terms of Use on the site.