PRIVACY POLICY

PRIVACY POLICY

1. General provisions

1.1. Personal Data Processing Policy (hereinafter referred to as “Policy”) is aimed to protect the rights and freedoms of individuals, whose personal data is processed by an individual entrepreneur, Sherstobitov Evgeny Alexandrovich (hereinafter referred to as “Operator“).

1.2. This Policy has been developed in accordance with cl. 2 Part 1, Art. 18.1 of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the FL “On Personal Data”).

1.3.The Policy contains the data subject to disclosure in accordance with P. 1 of Art. 14 of FL “On Personal Data” and is a public document.

2. Information on personal data processing

2.1. The Operator processes the personal data on the legal and equitable basis for performance of the functions, powers and obligations imposed by legislation, for exercise of rights and legitimate interests of the Operator, Operator’s employees and third parties.

2.2. The Operator receives personal data directly from the subjects of personal data.

2.3. The Operator processes personal data by automated and manual methods, using the means of computer technology and without using such means.

2.4. Personal data processing operations include collection, recording, systematization, accumulation, storage, clarification (updating, change), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion and destruction.

2.5 Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.

3. Processing of Customers’ personal data

3.1. The Operator processes the customers’ personal data within the legal relationships with the Operator governed by Part 2 of the Civil Code of the Russian Federation dated January 26, 1996 No. 14-FZ, (hereinafter referred to as the “Customers”).

3.2. The Operator processes the customers’ personal data in order to comply with the Russian Federation statutory regulations, as well as with the aim:

— to accept applications and requests from the subject of personal data;

— to inform of the new goods, special promotional events and offers; 

— to issue discount cards.

3.3. The operator processes the personal data of customers with their consent provided for the duration of the contracts concluded with them. The consent is provided in writing in the cases provided for by the FL “On Personal Data”. In other cases, the consent is considered to have been obtained at the conclusion of the contract or when performing explicit actions.

3.4.The Operator processes the personal data of customers during the validity period of the contracts (offers) concluded with them. The Operator may process the personal data of clients after the expiration of the contracts concluded with them within the period established by cl. 5, Part 3, Art. 24 of Part one of the  Tax Code of the Russian Federation, Part 1, Art. 29 of Federal Law "On Accounting" and other regulatory legal acts.

3.5. The Operator processes special categories of personal data of minor clients with the written consent of their legal representatives on the basis of  Part 1, Art. 9, par. 1 of Part 2, Art. 10 of the FL "On Personal Data".

3.6. The Operator may process the following customers’ personal data:

— Surname, name, patronymic; 

— Address;

— Contact phone number;

— E-mail address.

— Type, series and number of the personal identity document;

— Date of issue of the personal identity document and information about the issuing authority;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth.

4. Information on personal data security

4.1. The Operator appoints a person responsible for organizing the processing of personal data to perform the duties provided for by the FL "On Personal Data" and the regulatory legal acts adopted in accordance with it.

4.2. Upon personal data processing, the Operator takes necessary legal, organizational and technical measures to ensure the confidentiality of personal data and protect them from illegal actions:

- provides unlimited access to the Policy, a copy of which is available at the Operator's location, and can also be posted on the Operator's website (if available);

-  the "Regulation on the Processing of Personal Data" (hereinafter referred to as the “Regulation”) and other local acts approve and implement the document in compliance with the Policy

- familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulation;

- allows employees to access personal data processed in the Operator's information system, as well as their material carriers, only for the performance of their work duties;

- sets the rules for access to personal data processed in the Operator's information system, as well as ensures the registration and accounting of all actions with them;

- assesses the damage that may be caused  to personal data subjects in case of breach of FL "On Personal Data";

- identifies threats to the security of personal data when they are processed in the Operator's information system;

- applies organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;

- detects the facts of unauthorized access to personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them;

- assesses the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator's information system;

- performs internal control over the compliance of personal data processing with the FL "On Personal Data", regulatory legal acts adopted in accordance with it, requirements for personal data protection, Policy, Regulation and other local acts, including control over the measures taken to ensure the security of personal data and their level of security when processing in the Operator's information system.

5. Rights of the personal data subjects

5.1. The personal data subject have the right to:

— obtain the personal data related to that subject and information concerning their processing;

— to update, block or destroy his/her personal data in the event that they are incomplete, obsolete, inaccurate, illegally obtained or not necessary for the stated processing purpose;

— to revoke his/her consent given to the personal data processing;

—to protect his/her rights and legitimate interests, including the right to compensation for damages and compensation for emotional damage in the courts; 

— to appeal against the Operator’s actions or inaction to the authorized body in charge of protection of the rights of the personal data subjects or through legal proceedings.

5.2. To exercise the rights and legitimate interests, the personal data subjects have the right to apply to the Operator or forward a request personally or through the representative. The request must contain the data stated in Part 3, Art. 14 of FL “On Personal Data”.

Director Sherstobitov Evgeny Alexandrovich

Approved on 01.05.2020

Let's Keep In Touch