Revision dated August 28, 2017
I. General Provisions
I.1. This Policy regarding the processing of personal data (hereinafter - the Policy) is made in accordance with cl.18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006, as well as of other legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter referred to as Data), which IP "Gorbenko Olga Anatolievna" (hereinafter referred to as the Operator) can receive from the subject personal data.
I.2. The operator protects the personal data being processed from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data," Decree No. 687 of the Government of the Russian Federation of September 15, 2008 "On Approval of the Regulation on the specifics of processing personal data, carried out without the use of automation, "Decree of the Government of the Russian Federation from 01.11.2012 N 1119" On the approval of the requirements for the protection of personal data at their processing in information systems of personal data ", normative documents of authorized bodies.
I.3. The operator has the right to make changes to this Policy. When you make changes to the Policy header, the date of the last revision of the edition is indicated. The new version of the Policy shall come into force from the moment of its posting on the site, unless otherwise provided by the new edition of the Policy.
I.4. In order to implement this Policy, the Operator develops appropriate local regulations and other documents. This Policy is the basis for the development by the Operator of local regulations.
II. Principles and objectives of developing personal data
II.1. Processing of personal data The operator is carried out taking into account the need to ensure the protection of the rights and freedoms of subjects of personal data, including protection of the right to privacy, personal and family secrets, based on the following principles:
- Processing of personal data is carried out on a legal and fair basis;
- Processing of personal data is limited to the achievement of specific, pre-determined goals;
- It is not allowed to process personal data incompatible with the purposes of collecting personal data;
- It is not allowed to combine databases containing personal data, processing of which is carried out for purposes incompatible with each other;
- Only personal data that are suitable for processing purposes is subject to processing;
- The content and volume of the processed personal data corresponds to the stated processing objectives. It is not allowed to redundant personal data in relation to the stated purposes of their processing;
- The processing of personal data ensures the accuracy of personal data, their sufficiency, and, if necessary, the relevance to the purposes of processing personal data;
- The processed personal data is destroyed or depersonalized upon the achievement of processing purposes or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
II.2. Personal data is processed in order to:
- Implementation of customer support, feedback from clients, feedback and suggestions on the functioning of the site, the work of the Operator and his partners, the calculation of projects on the application of the client, as well as the participation of the personal data subject in the advertising, marketing and other programs and promotions conducted by the Operator;
- Implementation of research aimed at improving the quality of the services provided by the partners of the Operator and / or implemented by the Operator's partners, marketing and / or statistical and / or other research, promotion of goods, works, services;
- Informing the subject of personal data about new products, special offers and promotions, discount systems and bonuses, newsletters through various means of communication, including (without limitation) mailing, Internet, mailing to the email address of the personal data subject, mobile and (if applicable) the stationary telephone of the personal data subject of the relevant information, including information corresponding to the concept of advertising in the sense of art. 3 of Law No. 38-FZ "On Advertising".
II.3. The list of personal data processed by the Operator includes:
- Surname, name, patronymic of the subject of personal data;
- the mobile number and (if applicable) the stationary telephone number of the personal data subject;
- e-mail address of the subject of personal data;
- Place of residence of the subject of personal data;
- Profession of the subject of personal data.
III. Terms of personal data processing
III.1. The processing of personal data by the Operator is carried out with the consent of the personal data subject to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data;
III.2. The operator receives all personal data from the subject himself. If the personal data of the subject can only be obtained from a third party, then the subject must be notified of this and consent must be obtained from him.
III.3. The operator has the right to charge the processing of personal data to another person with the consent of the personal data subject on the basis of a contract concluded with that person. The contract must contain a list of actions (operations) with personal data that will be performed by the person processing personal data, the purpose of processing, the duty of such person to respect the confidentiality of personal data and ensure the safety of personal data when processing, as well as the requirements for protection of the processed personal data in Accordance with Art. 19 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data".
IV. Rights of subjects of personal data
IV.1. The subject of personal data has the right to receive information concerning the processing of his personal data, including:
- Confirmation of the fact of personal data processing by the Operator;
- legal grounds and objectives for the processing of personal data;
- Goals and methods of processing personal data used by the Operator;
- the name and location of the Operator, information on persons (with the exception of the Operator's employees) who have access to personal data or who can disclose personal data on the basis of a contract with the operator or on the basis of a federal law;
- Processed personal data relating to the relevant personal data subject, the source of their receipt, if another procedure for the submission of such data is not provided for by federal law;
- terms of processing of personal data, including the terms of their storage;
- The procedure for the subject to exercise personal data in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
- information on the transboundary data transfer that has been or is being expected;
- The name or surname, name, patronymic and address of the person carrying out the processing of personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such person;
- Other information stipulated by the legislation of the Russian Federation.
IV.2. The subject of personal data has the right to require the specification of their personal data, their blocking or destruction in the event that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing; To withdraw their consent to the processing of personal data; to demand the elimination of unlawful actions of the Operator in relation to his personal data, to protect his rights and legitimate interests, including compensation for damages and / or compensation for moral damage in accordance with the procedure established by law.
V. Ensuring the security of personal data
V.1. In accordance with the requirements of the legislation of the Russian Federation, the Operator has created a system for protecting personal data.
V.2. During the processing of personal data, the operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions against personal data. Such measures to ensure the security of personal data in accordance with Federal Law of July 27, 2006 N 152-FZ "On Personal Data," in particular, include:
- appointment by the Operator of a person from among the staff of the Operator responsible for organizing the processing of personal data;
- training employees of the Operator directly processing personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, familiarization with the documents that determine the policy of the Operator in respect of processing personal data, local acts on the processing of personal data;
- identification of threats to the security of personal data when processing them in personal data information systems;
- Application of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems required to meet the requirements for the protection of personal data, the fulfillment of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation;
- Implementation of anti-virus control, prevention of the introduction of malicious programs (virus programs) and program bookmarks;
- The use of procedures for assessing the compliance of information protection means that passed in accordance with the established procedure;
- evaluation of the effectiveness of measures taken to ensure the security of personal data prior to commissioning of the personal data information system;
- Detection of unauthorized access to personal data and taking measures to prevent similar incidents in the future;
- restoration of personal data, modified or destroyed due to unauthorized access to them;
- Setting rules for access to personal data processed in personal data information systems, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of security of information systems of personal data.
VI. Final provisions
VI.1. The operator, as well as his officials and employees, bear civil, administrative and other responsibility for non-observance of the principles and conditions for the processing of personal data of individuals, as well as for the disclosure or illegal use of personal data in accordance with the legislation of the Russian Federation.