Personal Data Processing Policy
1. GENERAL PROVISIONS
1.1. This Personal Data Processing Policy (hereinafter referred to as the "Policy") has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data "(hereinafter referred to as the "Personal Data Law") in order to ensure the protection of human and civil rights and freedoms in the following cases: processing of their personal data, including the protection of their rights to privacy, personal and family secrets.
1.2. This Policy applies to the following categories of personal data subjects, information about which is processed by the Operator: employees; contractors; customers; site visitors.
1.3. Basic concepts used in the Policy:
Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
Personal data operator (Operator) – ОООDikey Mart LLC (TIN 5050109563), which independently or jointly with other persons organizes and / or performs the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
Processing of personal data – any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes, but is not limited to: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
Automated processing of personal data – processing of personal data using computer technology;
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons;
Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons;
Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data);
Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data – actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information;
Personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
Website – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at https://dk-mart.com; https://www.frais.su/
1.4. Basic rights and obligations of the Operator.
1.4.1. The Operator has the right to:
• independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
• assign the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with this person. A person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for in the Personal Data Law;
• if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject, if there are grounds specified in the Personal Data Law.
1.4.2. The Operator must:
• organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
• respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
• notify the authorized body for the protection of the rights of personal data subjects (hereinafter referred to as "Roskomnadzor") of the necessary information at the request of this body within 10 working days from the date of receipt of such request.
1.5. Basic rights of personal data subjects. The personal data subject has the right to:
• receive information related to the processing of their personal data, with the exception of cases stipulated by federal laws. Information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain personal data related to other Personal Data Subjects, except in cases where there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
• require the Operator to clarify their personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
• appeal to Roskomnadzor or in court against illegal actions or omissions of the Operator when processing their personal data.
A personal data subject can exercise the rights to receive information related to the processing of his / her personal data, as well as the rights to clarify, block or destroy his / her personal data, by contacting the Operator with a corresponding request at the address: 25 1st Sovetsky Lane, Shchelkovo, 141100, Moscow Region. page 2, office 3002 or by contacting the Operator with a corresponding request by e-mail info@dk-mart.com In both cases, the request must comply with the requirements of section 8 of this Policy.
1.6. Control over the implementation of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data by the Operator.
1.7. Liability for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:
• legality and fair basis;
• restrictions on the processing of personal data to achieve specific, pre-defined and legitimate goals;
• preventing the processing of personal data that is incompatible with the purposes of personal data collection;
• preventing the association of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
• processing only those personal data that meet the purposes of their processing;
• compliance of the content and volume of personal data processed with the stated purposes of processing;
• prevention of processing of redundant personal data in relation to the stated purposes of their processing;
• ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
• destruction or depersonalization of personal data after the purposes of their processing have been achieved, or if it is no longer necessary to achieve these goals, if the Operator cannot eliminate the violations of personal data committed, unless otherwise provided for by federal law.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal basis for personal data processing is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
• The Constitution of the Russian Federation;
• The Labor Code of the Russian Federation;
• The Civil Code of the Russian Federation;
• The Tax Code of the Russian Federation;
• Federal Law No. 402-FZ of December 6, 2011 "On Accounting";
• other regulatory legal acts regulating relations related to the Operator's activities.
3.2. The legal basis for the processing of personal data is also:
• contracts concluded with the Personal Data Subject;
• consent of the Personal data Subject to the processing of personal data.
4. SCOPE, CATEGORIES AND CONDITIONS OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS IN RELATION TO THE STATED PURPOSES OF PERSONAL DATA PROCESSING
4.1. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not allowed. Only personal data that meets the purposes of their processing are subject to processing.
4.2. The content and scope of the personal data processed must correspond to the stated purposes of processing provided for in this section. The personal data processed should not be redundant in relation to the stated purposes of their processing. Personal data is processed by the Operator for the following purposes:
• ensuring compliance with the labor legislation of the Russian Federation (assistance to employees in employment, education and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)
• preparation, conclusion and execution of contracts
• offer and promote your own products and brand in the market through marketing (advertising, PR) activities and sales promotion
• processing incoming requests from the Site
• maintaining statistics of Site visits
4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:
• employees of the Operator
• to the Operator's counterparties
• Operator's clients
• users of the Operator's Website
4.4. Processing of personal data in order to ensure compliance with the labor legislation of the Russian Federation.
4.4.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data to be processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as " ensuring compliance with the labor legislation of the Russian Federation (in particular including assistance to employees in employment, education and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)".
4.4.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• employees of the Operator
4.4.3. The Operator processes the following categories and lists of employees ' personal data for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of employees is carried out in accordance with the following list:
• last name, first name, patronymic
• address of the place of residence
• education
• profession
• passport details
• contact phone number
• revenue
• post
• INN NUMBER
• SNILS
• marital status
b) processing of special categories of personal data of employees is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• health information
• national affiliation
c) processing by the Operator of biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• face image data obtained from photo and video devices
4.4.4. The Operator performs mixed processing of personal data of employees for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.4.5. The list of actions performed by the Operator with personal data of employees for the purpose specified in this section of the Policy: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.4.6. Processing of personal data of employees does not require obtaining the appropriate consent, provided that the amount of personal data processed by the Operator corresponds to the purpose of ensuring compliance with the labor legislation of the Russian Federation specified in this section of the Policy, based on paragraph 2 of part 1 of Article 6 of the Law on Personal Data.
4.4.7. When entering into an employment contract, employees provide the Operator with the following documents containing their personal data:
• passport or other identity document;
• employment record and (or) information about employment, except for cases when the employment contract is concluded for the first time;
• a document confirming registration in the individual (personalized) accounting system, including in the form of an electronic document;
• military registration documents - for those liable for military service and persons subject to conscription;
• a document of education and / or qualification or availability of special knowledge - when applying for a job that requires special knowledge or special training;
• other documents in accordance with the requirements of the legislation.
4.4.8. In the case of the initial conclusion of an employment contract with employees, the employment record book, insurance certificate of state pension insurance is issued by the Operator.
4.4.9. If работников other documents are required for the employment of employees in accordance with the legislation, the Operator applies to persons entering the job with a request to provide such documents containing their personal data.
4.4.10. The Operator stores personal data of employees in a form that allows identifying the subjects of personal data, no longer than the purpose of processing personal data specified in this section of the Policy requires, if the period of storage of personal data is not established by federal law.
4.4.11. The Operator processes personal data of dismissed employees in cases and within the time limits stipulated by the legislation of the Russian Federation. Such cases include, inter alia, the processing of personal data in the framework of accounting and tax accounting, including to ensure the safety of documents necessary for calculating, withholding and transferring tax.
4.4.12. The operator is obliged to keep accounting documents for the period established in accordance with the rules of the organization of state archival affairs, but the minimum storage period may not be less than 5 (five) years.
4.4.13. After the expiration of the terms defined by the legislation of the Russian Federation, employees ' personal files and other documents are transferred for archival storage for a period of 50 years.
4.4.14. Employees ' consent to the processing of their personal data in the cases stipulated in clauses 4.4.11. – 4.4.13. of the Policy is not required.
4.4.15. The Operator does not disclose or distribute employees ' personal data to third parties for the purpose specified in this section of the Policy without the consent of employees, unless otherwise provided by the legislation of the Russian Federation.
4.4.16. When transmitting employees ' personal data, the Operator must comply with the following requirements:
• it is prohibited to disclose employees ' personal data to a third party without the written consent of employees, except in cases where this is necessary in order to prevent a threat to the life and health of employees, as well as in cases established by the current legislation of the Russian Federation;
• the employee who transmits personal data of the Operator's employees is obliged to warn the persons receiving personal data of employees that this data can only be used for the purposes for which it is reported, and to require these persons to confirm compliance with this rule. Persons who receive personal data of the Operator's employees are obliged to observe their confidentiality regime. This provision does not apply to the exchange of personal data of employees in accordance with the procedure established by the current legislation of the Russian Federation;
• an employee who transfers personal data of the Operator's employees has the right to transfer their personal data to employee representatives in accordance with the procedure established by the Labor Code of the Russian Federation, and to limit this information only to those personal data of employees that are necessary for the performance of their functions by these representatives.
• transfer of personal data of employees to the Pension and Social Insurance Fund of the Russian Federation (Social Fund of Russia) in accordance with the procedure established by federal laws, in particular the Federal Law "On Compulsory Pension Insurance in the Russian Federation", the Federal Law "On the Basics of Compulsory Social Insurance", the Federal Law "On Compulsory Medical Insurance in the Russian Federation" is carried out without the employees ' consent.
• The consent of employees is not required in cases when the Operator transfers personal data of employees to tax authorities, military commissariats, trade union bodies provided for by the current legislation of the Russian Federation, as well as when receiving, within the established powers, reasoned requests from prosecutor's offices, law enforcement agencies, security agencies, and state labor inspectors when they exercise state supervision and control over the use of compliance with labor legislation and other bodies authorized to request information about employees in accordance with the competence provided for by the current legislation of the Russian Federation.
4.4.17. The Operator does not transfer employees ' personal data across borders for the purpose specified in this section of the Policy.
4.4.18. The terms for processing and storing personal data for the purpose specified in this section of the Policy are set during the term of the employment contract and 5 (five) years after the termination of the employment contract.
4.5. Processing of personal data for the preparation, conclusion and execution of contracts.
4.5.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as"preparation, conclusion and execution of contracts".
4.5.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• Operator's counterparties
• Operator's clients
4.5.3. The Operator processes the following categories and a list of personal data of counterparties and clients for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of counterparties and clients is carried out in accordance with the following list:
• last name, first name, patronymic
• address of the place of residence
• passport details
• contact phone number
• email address
• floor
b) processing of special categories of personal data of counterparties and clients is not carried out;
c) processing of biometric personal data of clients (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• face image data obtained from photo and video devices
4.5.4. The Operator performs mixed processing of personal data of counterparties and customers for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.5.5. The list of actions performed by the Operator with personal data of counterparties and clients for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.5.6. Processing of personal data of counterparties and clients does not require obtaining the relevant consent, provided that the scope of personal data processed by the Operator corresponds to the purpose of preparing, concluding and executing a civil contract, specified in this section of the Policy, based on paragraph 5 of part 1 of Article 6 of the Personal Data Law.
4.5.7. The Operator, without the consent of the personal data subject, does not disclose to third parties or distribute personal data of counterparties and clients for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.5.8. The Operator does not perform cross-border transfer of personal data of counterparties, customers for the purpose specified in this section of the Policy.
4.5.9. The terms for processing and storing personal data for the purpose specified in this section of the Policy are set during the term of the agreement with the client and 5 (five) years after the termination of such agreement.
4.6. Processing of personal data for the purpose of offering and promoting your own products and brand on the market through marketing (advertising, PR) activities and sales promotion.
4.6.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a goal as " offering and promoting your own products and brand in the market through the implementation of marketing (advertising, PR) activities and sales promotion".
4.6.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• Operator's clients
• users of the Operator's Website
4.6.3. The Operator processes the following categories and a list of personal data of customers, visitors for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of customers and visitors is carried out in accordance with the following list:
• last name, first name, patronymic
• contact phone number
• email address
• floor
b) processing of special categories of personal data of customers and visitors is not carried out;
c) processing of biometric personal data of customers, visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.6.4. The Operator performs mixed processing of personal data of customers, visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.6.5. A list of actions performed by the Operator with personal data of customers and visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.6.6. The processing of personal data of customers and visitors for the purposes specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.6.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of customers or visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.6.8. The Operator does not perform cross-border transfer of personal data of customers, visitors for the purpose specified in this section of the Policy.
4.6.9. The terms of processing and storing visitors 'personal data for the purpose specified in this section of the Policy are set from the moment of receiving visitors' personal data until the goal of processing personal data is achieved – offering and promoting your own products and brand on the market by performing marketing (advertising, PR) activities and stimulating sales.
4.7. Processing of personal data for the purpose of processing incoming requests from the Site.
4.7.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as "processing incoming requests from the Site".
4.7.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• users of the Operator's Website
4.7.3. The Operator processes the following categories and a list of personal data of visitors for the purpose specified in this section of the Policy including through an external form of personal data collection (https://form.gle):
a) processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
• last name, first name, patronymic
• contact phone number
• email address
b) processing of special categories of personal data of visitors is not carried out;
c) processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.7.4. The operator performs mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.7.5. A list of actions performed by the Operator with users ' personal data for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.7.6. The processing of visitors ' personal data for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.7.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.7.8. The Operator does not transfer visitors ' personal data across borders for the purpose specified in this section of the Policy.
4.7.9. The terms of processing and storing visitors 'personal data for the purpose specified in this section of the Policy are set from the moment of receiving visitors' personal data until the goal of processing personal data – processing incoming requests from the Site-is achieved.
4.8. Processing of personal data for the purpose of maintaining statistics of Site visits.
4.8.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as "maintaining statistics of site visits".
4.8.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• users of the Operator's Website
4.8.3. The Operator processes the following categories and a list of personal data of visitors for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
• information collected through metric programs
b) processing of special categories of personal data of visitors is not carried out;
c) processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.8.4. The operator performs mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.8.5. The list of actions performed by the Operator with personal data of visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.8.6. The processing of visitors ' personal data for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.8.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.8.8. With the consent of visitors within the country, the Operator may transfer their personal data for the purpose specified in this section of the Policy to Yandex LLC (TIN 7736207543), address: 16 Lva Tolstogo str., Moscow, 119021, when using the Yandex.Metrica software.
4.8.9. The content of the user's consent must be specific, substantive, informed, conscious and unambiguous, that is, it must contain information that makes it possible to unambiguously draw a conclusion about the purposes, methods of processing, indicating the actions performed with personal data, and the volume of personal data being processed.
4.8.10. The Operator does not transfer visitors ' personal data across borders for the purpose specified in this section of the Policy.
4.8.11. The terms of processing and storing personal data of visitors for the purpose specified in this section of the Policy are set from the moment of receiving personal data of visitors until the goal of processing personal data is achieved – maintaining statistics of Site visits
1.1. This Personal Data Processing Policy (hereinafter referred to as the "Policy") has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data "(hereinafter referred to as the "Personal Data Law") in order to ensure the protection of human and civil rights and freedoms in the following cases: processing of their personal data, including the protection of their rights to privacy, personal and family secrets.
1.2. This Policy applies to the following categories of personal data subjects, information about which is processed by the Operator: employees; contractors; customers; site visitors.
1.3. Basic concepts used in the Policy:
Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
Personal data operator (Operator) – ОООDikey Mart LLC (TIN 5050109563), which independently or jointly with other persons organizes and / or performs the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
Processing of personal data – any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes, but is not limited to: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
Automated processing of personal data – processing of personal data using computer technology;
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons;
Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons;
Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data);
Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data – actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information;
Personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
Website – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at https://dk-mart.com; https://www.frais.su/
1.4. Basic rights and obligations of the Operator.
1.4.1. The Operator has the right to:
• independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
• assign the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with this person. A person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for in the Personal Data Law;
• if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject, if there are grounds specified in the Personal Data Law.
1.4.2. The Operator must:
• organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
• respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
• notify the authorized body for the protection of the rights of personal data subjects (hereinafter referred to as "Roskomnadzor") of the necessary information at the request of this body within 10 working days from the date of receipt of such request.
1.5. Basic rights of personal data subjects. The personal data subject has the right to:
• receive information related to the processing of their personal data, with the exception of cases stipulated by federal laws. Information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain personal data related to other Personal Data Subjects, except in cases where there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
• require the Operator to clarify their personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
• appeal to Roskomnadzor or in court against illegal actions or omissions of the Operator when processing their personal data.
A personal data subject can exercise the rights to receive information related to the processing of his / her personal data, as well as the rights to clarify, block or destroy his / her personal data, by contacting the Operator with a corresponding request at the address: 25 1st Sovetsky Lane, Shchelkovo, 141100, Moscow Region. page 2, office 3002 or by contacting the Operator with a corresponding request by e-mail info@dk-mart.com In both cases, the request must comply with the requirements of section 8 of this Policy.
1.6. Control over the implementation of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data by the Operator.
1.7. Liability for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:
• legality and fair basis;
• restrictions on the processing of personal data to achieve specific, pre-defined and legitimate goals;
• preventing the processing of personal data that is incompatible with the purposes of personal data collection;
• preventing the association of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
• processing only those personal data that meet the purposes of their processing;
• compliance of the content and volume of personal data processed with the stated purposes of processing;
• prevention of processing of redundant personal data in relation to the stated purposes of their processing;
• ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
• destruction or depersonalization of personal data after the purposes of their processing have been achieved, or if it is no longer necessary to achieve these goals, if the Operator cannot eliminate the violations of personal data committed, unless otherwise provided for by federal law.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal basis for personal data processing is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
• The Constitution of the Russian Federation;
• The Labor Code of the Russian Federation;
• The Civil Code of the Russian Federation;
• The Tax Code of the Russian Federation;
• Federal Law No. 402-FZ of December 6, 2011 "On Accounting";
• other regulatory legal acts regulating relations related to the Operator's activities.
3.2. The legal basis for the processing of personal data is also:
• contracts concluded with the Personal Data Subject;
• consent of the Personal data Subject to the processing of personal data.
4. SCOPE, CATEGORIES AND CONDITIONS OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS IN RELATION TO THE STATED PURPOSES OF PERSONAL DATA PROCESSING
4.1. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not allowed. Only personal data that meets the purposes of their processing are subject to processing.
4.2. The content and scope of the personal data processed must correspond to the stated purposes of processing provided for in this section. The personal data processed should not be redundant in relation to the stated purposes of their processing. Personal data is processed by the Operator for the following purposes:
• ensuring compliance with the labor legislation of the Russian Federation (assistance to employees in employment, education and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)
• preparation, conclusion and execution of contracts
• offer and promote your own products and brand in the market through marketing (advertising, PR) activities and sales promotion
• processing incoming requests from the Site
• maintaining statistics of Site visits
4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:
• employees of the Operator
• to the Operator's counterparties
• Operator's clients
• users of the Operator's Website
4.4. Processing of personal data in order to ensure compliance with the labor legislation of the Russian Federation.
4.4.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data to be processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as " ensuring compliance with the labor legislation of the Russian Federation (in particular including assistance to employees in employment, education and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)".
4.4.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• employees of the Operator
4.4.3. The Operator processes the following categories and lists of employees ' personal data for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of employees is carried out in accordance with the following list:
• last name, first name, patronymic
• address of the place of residence
• education
• profession
• passport details
• contact phone number
• revenue
• post
• INN NUMBER
• SNILS
• marital status
b) processing of special categories of personal data of employees is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• health information
• national affiliation
c) processing by the Operator of biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• face image data obtained from photo and video devices
4.4.4. The Operator performs mixed processing of personal data of employees for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.4.5. The list of actions performed by the Operator with personal data of employees for the purpose specified in this section of the Policy: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.4.6. Processing of personal data of employees does not require obtaining the appropriate consent, provided that the amount of personal data processed by the Operator corresponds to the purpose of ensuring compliance with the labor legislation of the Russian Federation specified in this section of the Policy, based on paragraph 2 of part 1 of Article 6 of the Law on Personal Data.
4.4.7. When entering into an employment contract, employees provide the Operator with the following documents containing their personal data:
• passport or other identity document;
• employment record and (or) information about employment, except for cases when the employment contract is concluded for the first time;
• a document confirming registration in the individual (personalized) accounting system, including in the form of an electronic document;
• military registration documents - for those liable for military service and persons subject to conscription;
• a document of education and / or qualification or availability of special knowledge - when applying for a job that requires special knowledge or special training;
• other documents in accordance with the requirements of the legislation.
4.4.8. In the case of the initial conclusion of an employment contract with employees, the employment record book, insurance certificate of state pension insurance is issued by the Operator.
4.4.9. If работников other documents are required for the employment of employees in accordance with the legislation, the Operator applies to persons entering the job with a request to provide such documents containing their personal data.
4.4.10. The Operator stores personal data of employees in a form that allows identifying the subjects of personal data, no longer than the purpose of processing personal data specified in this section of the Policy requires, if the period of storage of personal data is not established by federal law.
4.4.11. The Operator processes personal data of dismissed employees in cases and within the time limits stipulated by the legislation of the Russian Federation. Such cases include, inter alia, the processing of personal data in the framework of accounting and tax accounting, including to ensure the safety of documents necessary for calculating, withholding and transferring tax.
4.4.12. The operator is obliged to keep accounting documents for the period established in accordance with the rules of the organization of state archival affairs, but the minimum storage period may not be less than 5 (five) years.
4.4.13. After the expiration of the terms defined by the legislation of the Russian Federation, employees ' personal files and other documents are transferred for archival storage for a period of 50 years.
4.4.14. Employees ' consent to the processing of their personal data in the cases stipulated in clauses 4.4.11. – 4.4.13. of the Policy is not required.
4.4.15. The Operator does not disclose or distribute employees ' personal data to third parties for the purpose specified in this section of the Policy without the consent of employees, unless otherwise provided by the legislation of the Russian Federation.
4.4.16. When transmitting employees ' personal data, the Operator must comply with the following requirements:
• it is prohibited to disclose employees ' personal data to a third party without the written consent of employees, except in cases where this is necessary in order to prevent a threat to the life and health of employees, as well as in cases established by the current legislation of the Russian Federation;
• the employee who transmits personal data of the Operator's employees is obliged to warn the persons receiving personal data of employees that this data can only be used for the purposes for which it is reported, and to require these persons to confirm compliance with this rule. Persons who receive personal data of the Operator's employees are obliged to observe their confidentiality regime. This provision does not apply to the exchange of personal data of employees in accordance with the procedure established by the current legislation of the Russian Federation;
• an employee who transfers personal data of the Operator's employees has the right to transfer their personal data to employee representatives in accordance with the procedure established by the Labor Code of the Russian Federation, and to limit this information only to those personal data of employees that are necessary for the performance of their functions by these representatives.
• transfer of personal data of employees to the Pension and Social Insurance Fund of the Russian Federation (Social Fund of Russia) in accordance with the procedure established by federal laws, in particular the Federal Law "On Compulsory Pension Insurance in the Russian Federation", the Federal Law "On the Basics of Compulsory Social Insurance", the Federal Law "On Compulsory Medical Insurance in the Russian Federation" is carried out without the employees ' consent.
• The consent of employees is not required in cases when the Operator transfers personal data of employees to tax authorities, military commissariats, trade union bodies provided for by the current legislation of the Russian Federation, as well as when receiving, within the established powers, reasoned requests from prosecutor's offices, law enforcement agencies, security agencies, and state labor inspectors when they exercise state supervision and control over the use of compliance with labor legislation and other bodies authorized to request information about employees in accordance with the competence provided for by the current legislation of the Russian Federation.
4.4.17. The Operator does not transfer employees ' personal data across borders for the purpose specified in this section of the Policy.
4.4.18. The terms for processing and storing personal data for the purpose specified in this section of the Policy are set during the term of the employment contract and 5 (five) years after the termination of the employment contract.
4.5. Processing of personal data for the preparation, conclusion and execution of contracts.
4.5.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as"preparation, conclusion and execution of contracts".
4.5.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• Operator's counterparties
• Operator's clients
4.5.3. The Operator processes the following categories and a list of personal data of counterparties and clients for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of counterparties and clients is carried out in accordance with the following list:
• last name, first name, patronymic
• address of the place of residence
• passport details
• contact phone number
• email address
• floor
b) processing of special categories of personal data of counterparties and clients is not carried out;
c) processing of biometric personal data of clients (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
• face image data obtained from photo and video devices
4.5.4. The Operator performs mixed processing of personal data of counterparties and customers for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.5.5. The list of actions performed by the Operator with personal data of counterparties and clients for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.5.6. Processing of personal data of counterparties and clients does not require obtaining the relevant consent, provided that the scope of personal data processed by the Operator corresponds to the purpose of preparing, concluding and executing a civil contract, specified in this section of the Policy, based on paragraph 5 of part 1 of Article 6 of the Personal Data Law.
4.5.7. The Operator, without the consent of the personal data subject, does not disclose to third parties or distribute personal data of counterparties and clients for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.5.8. The Operator does not perform cross-border transfer of personal data of counterparties, customers for the purpose specified in this section of the Policy.
4.5.9. The terms for processing and storing personal data for the purpose specified in this section of the Policy are set during the term of the agreement with the client and 5 (five) years after the termination of such agreement.
4.6. Processing of personal data for the purpose of offering and promoting your own products and brand on the market through marketing (advertising, PR) activities and sales promotion.
4.6.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a goal as " offering and promoting your own products and brand in the market through the implementation of marketing (advertising, PR) activities and sales promotion".
4.6.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• Operator's clients
• users of the Operator's Website
4.6.3. The Operator processes the following categories and a list of personal data of customers, visitors for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of customers and visitors is carried out in accordance with the following list:
• last name, first name, patronymic
• contact phone number
• email address
• floor
b) processing of special categories of personal data of customers and visitors is not carried out;
c) processing of biometric personal data of customers, visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.6.4. The Operator performs mixed processing of personal data of customers, visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.6.5. A list of actions performed by the Operator with personal data of customers and visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.6.6. The processing of personal data of customers and visitors for the purposes specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.6.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of customers or visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.6.8. The Operator does not perform cross-border transfer of personal data of customers, visitors for the purpose specified in this section of the Policy.
4.6.9. The terms of processing and storing visitors 'personal data for the purpose specified in this section of the Policy are set from the moment of receiving visitors' personal data until the goal of processing personal data is achieved – offering and promoting your own products and brand on the market by performing marketing (advertising, PR) activities and stimulating sales.
4.7. Processing of personal data for the purpose of processing incoming requests from the Site.
4.7.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as "processing incoming requests from the Site".
4.7.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• users of the Operator's Website
4.7.3. The Operator processes the following categories and a list of personal data of visitors for the purpose specified in this section of the Policy including through an external form of personal data collection (https://form.gle):
a) processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
• last name, first name, patronymic
• contact phone number
• email address
b) processing of special categories of personal data of visitors is not carried out;
c) processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.7.4. The operator performs mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.7.5. A list of actions performed by the Operator with users ' personal data for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
4.7.6. The processing of visitors ' personal data for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.7.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.7.8. The Operator does not transfer visitors ' personal data across borders for the purpose specified in this section of the Policy.
4.7.9. The terms of processing and storing visitors 'personal data for the purpose specified in this section of the Policy are set from the moment of receiving visitors' personal data until the goal of processing personal data – processing incoming requests from the Site-is achieved.
4.8. Processing of personal data for the purpose of maintaining statistics of Site visits.
4.8.1. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data is processed, the methods and terms of their processing and storage, the procedure for destroying personal data when the purpose of their processing is achieved or when other legal grounds arise for such a purpose as "maintaining statistics of site visits".
4.8.2. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the category (s) of personal data subjects such as:
• users of the Operator's Website
4.8.3. The Operator processes the following categories and a list of personal data of visitors for the purpose specified in this section of the Policy:
a) processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
• information collected through metric programs
b) processing of special categories of personal data of visitors is not carried out;
c) processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out.
4.8.4. The operator performs mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transmission over the internal network, with transmission over the Internet.
4.8.5. The list of actions performed by the Operator with personal data of visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.8.6. The processing of visitors ' personal data for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent to such processing.
4.8.7. The Operator, without the consent of the personal data subject, does not disclose or distribute personal data of visitors to third parties for the purpose specified in this section of the Policy, unless otherwise provided for by the legislation of the Russian Federation.
4.8.8. With the consent of visitors within the country, the Operator may transfer their personal data for the purpose specified in this section of the Policy to Yandex LLC (TIN 7736207543), address: 16 Lva Tolstogo str., Moscow, 119021, when using the Yandex.Metrica software.
4.8.9. The content of the user's consent must be specific, substantive, informed, conscious and unambiguous, that is, it must contain information that makes it possible to unambiguously draw a conclusion about the purposes, methods of processing, indicating the actions performed with personal data, and the volume of personal data being processed.
4.8.10. The Operator does not transfer visitors ' personal data across borders for the purpose specified in this section of the Policy.
4.8.11. The terms of processing and storing personal data of visitors for the purpose specified in this section of the Policy are set from the moment of receiving personal data of visitors until the goal of processing personal data is achieved – maintaining statistics of Site visits
5. PROCEDURE FOR PROCESSING VISITORS ' PERSONAL DATA USING COOKIES
5.1. Cookies transmitted to the Personal Data Subject's technical devices can be used to provide the Personal Data Subject with personalized Site functions, for personal advertising that is shown to the Personal Data Subject, for statistical and research purposes, and to improve the Site's performance.
5.2. The personal data subject is aware that the equipment and software they use to visit sites on the Internet may have the function of prohibiting operations with cookies (for any sites or for certain sites), as well as deleting previously received cookies.
5.3. The Operator has the right to establish that the provision of certain functions of the Site is possible only if the reception and receipt of cookies is authorized by the Subject of personal data.
5.4. The structure of the cookie, its content and technical parameters are determined by the Operator and may change without prior notice to the Personal Data Subject.
5.5. Counters placed on the Site or application of the Site can be used to analyze the cookies of the Personal Data Subject, to collect and process statistical information about the use of the Site, as well as to ensure the functionality of the Site as a whole or its individual functions in particular. Technical parameters of counter operation are determined by the Operator and can be changed without prior notice to the Subjects of personal data.
5.6. The Operator uses the Yandex. Metrica software tool, which allows you to identify a unique Site user and generate information about their preferences and behavior on the Site
6. PROCEDURE FOR COLLECTING AND STORING PERSONAL DATA
6.1. When collecting personal data, including through the information and telecommunications network Internet, the Operator provides recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
6.2. Persons who have transferred information about another Personal Data Subject to the Operator, including through the Website, without having the consent of the subject whose personal data was transferred, are liable in accordance with the legislation of the Russian Federation.
6.3. The Operator stores personal data in a form that makes it possible to determine the subject of personal data, no longer than the purposes of processing personal data require, unless the period of storage of personal data is established by a federal law, an agreement to which the Subject of personal data is a party, beneficiary or guarantor.
6.4. The operator strictly adheres to the principles of data minimization and data processing time. The processed personal data is subject to destruction in the following cases:
• achieving the purposes of personal data processing;
• receiving revocation of consent to the processing of personal data or expiration of the consent to the processing of personal data;
• loss of the need to achieve the purposes of personal data processing;
• exclusion of the Operator from the Unified State Register of Individual Entrepreneurs.
Upon expiration of the specified time limits, the Operator may process personal data if the processing is necessary for the Operator to comply with the legislation of the Russian Federation.
7. PERSONAL DATA PROTECTION
7.1. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
• identifies threats to the security of personal data when processing them;
• adopts local regulations and other documents regulating relations in the field of personal data processing and protection;
• appoints persons responsible for ensuring the security of personal data in the Operator's structural divisions and information systems;
• creates the necessary conditions for working with personal data;
• organizes accounting of documents containing personal data;
• organizes work with information systems that process personal data;
• stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
• organizes training of the Operator's employees who process personal data.
8. UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA, RESPONDING TO REQUESTS FROM SUBJECTS FOR ACCESS TO PERSONAL DATA
8.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in part 7 of Article 14 of the Personal Data Law, are provided by the Operator to the Personal Data Subject or his representative when applying or receiving a request from the Personal Data Subject or his representative within 10 (ten) business days from the moment when the request was received or received. The information provided does not include personal data related to other Personal Data Subjects, except in cases where there are legal grounds for disclosure of such personal data.
8.2. The request must contain:
• number of the main identity document of the Personal Data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
• information confirming the Personal Data Subject's participation in relations with the Operator (contract number, date of conclusion of the contract, conditional word designation and /or other information), or information otherwise confirming the fact of personal data processing by the Operator;
• signature of the Personal Data Subject or their representative.
8.3. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
8.4. If the request (request) of the Personal Data Subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him.
8.5. The right of a Personal Data Subject to access his / her personal data may be restricted in accordance with part 8 of Article 14 of the Personal Data Law, including if the Personal Data Subject's access to his / her personal data violates the rights and legitimate interests of third parties.
8.6. If inaccurate personal data is identified when a Personal Data Subject or his representative applies, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this Personal Data Subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the Personal Data Subject or third parties.
8.7. If the fact of inaccuracy of personal data is confirmed, the Operator, based on information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
8.8. Personal data is subject to destruction by the Operator in the following cases:
• achieving the purposes of personal data processing;
• revocation of the personal data subject's consent to the processing of their personal data;
• identification of illegal actions with personal data, as well as in other cases provided for by the current legislation of the Russian Federation.
8.9. If the purpose of processing personal data is achieved, the Operator undertakes to stop processing personal data or ensure its termination (if the processing of personal data is carried out by another person acting on behalf of the Operator) and to destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of processing of personal data. date of achievement of the purpose of personal data processing, unless otherwise provided by a contract to which the personal data subject is a party, beneficiary or guarantor, another agreement between the Operator and the personal data subject, or if the Operator is not entitled to process personal data without the consent of the personal data subject.
8.10. If the personal data subject has withdrawn his consent to the processing of personal data, the Operator undertakes to stop processing them or ensure the termination of such processing (if the processing of personal data is carried out by another person acting on behalf of the Operator) and if the storage of personal data is no longer required for the purposes of personal data processing, to destroy the personal data their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of receipt of the specified revocation, unless otherwise provided for by a contract to which the personal data subject is a party, beneficiary or guarantor, another agreement between the Operator and the personal data subject, or if the Operator has the right to process personal data without the consent of the personal data subject.
8.11. In case of detection of illegal processing of personal data carried out by the Operator or a person acting on behalf of the Operator, and it is impossible to ensure the legality of personal data processing, the Operator undertakes to destroy such personal data or ensure their destruction within a period not exceeding ten working days from the date of detection of illegal processing of personal data. The Operator undertakes to notify the personal data subject or his representative about the destruction of personal data, and if the request of the personal data subject or his representative or the request of the authorized body for the protection of the rights of PD subjects was sent by the authorized body for the protection of the rights of personal data subjects, also the specified body.
9. FINAL PROVISIONS
9.1. The Operator has the right to send Субъекту персональных данных advertising and informational messages to the Subject of personal data via e-mail, SMS and pushnotifications only with prior consent to receive advertising in accordance with part 1 of Article 18 of Federal Law No. 38-FZ of 13.03.2006 "On Advertising". Consent to receive advertising messages from the Operator via e-mail, SMS and pushnotifications is provided in writing, or in electronic form by ticking the appropriate box on the Site.
9.2. The subject of personal data has the right to refuse to receive advertising messages by clicking on the appropriate link in the e-mails received from the Operator, sending a notification of refusal to receive advertising messages to the support service at the address of the Operator's location by contacting the Operator with a corresponding request by e-mail
9.3. In compliance with the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is posted at the Operator's location, freely available on the Internet information and telecommunications network on the Site.
5.1. Cookies transmitted to the Personal Data Subject's technical devices can be used to provide the Personal Data Subject with personalized Site functions, for personal advertising that is shown to the Personal Data Subject, for statistical and research purposes, and to improve the Site's performance.
5.2. The personal data subject is aware that the equipment and software they use to visit sites on the Internet may have the function of prohibiting operations with cookies (for any sites or for certain sites), as well as deleting previously received cookies.
5.3. The Operator has the right to establish that the provision of certain functions of the Site is possible only if the reception and receipt of cookies is authorized by the Subject of personal data.
5.4. The structure of the cookie, its content and technical parameters are determined by the Operator and may change without prior notice to the Personal Data Subject.
5.5. Counters placed on the Site or application of the Site can be used to analyze the cookies of the Personal Data Subject, to collect and process statistical information about the use of the Site, as well as to ensure the functionality of the Site as a whole or its individual functions in particular. Technical parameters of counter operation are determined by the Operator and can be changed without prior notice to the Subjects of personal data.
5.6. The Operator uses the Yandex. Metrica software tool, which allows you to identify a unique Site user and generate information about their preferences and behavior on the Site
6. PROCEDURE FOR COLLECTING AND STORING PERSONAL DATA
6.1. When collecting personal data, including through the information and telecommunications network Internet, the Operator provides recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
6.2. Persons who have transferred information about another Personal Data Subject to the Operator, including through the Website, without having the consent of the subject whose personal data was transferred, are liable in accordance with the legislation of the Russian Federation.
6.3. The Operator stores personal data in a form that makes it possible to determine the subject of personal data, no longer than the purposes of processing personal data require, unless the period of storage of personal data is established by a federal law, an agreement to which the Subject of personal data is a party, beneficiary or guarantor.
6.4. The operator strictly adheres to the principles of data minimization and data processing time. The processed personal data is subject to destruction in the following cases:
• achieving the purposes of personal data processing;
• receiving revocation of consent to the processing of personal data or expiration of the consent to the processing of personal data;
• loss of the need to achieve the purposes of personal data processing;
• exclusion of the Operator from the Unified State Register of Individual Entrepreneurs.
Upon expiration of the specified time limits, the Operator may process personal data if the processing is necessary for the Operator to comply with the legislation of the Russian Federation.
7. PERSONAL DATA PROTECTION
7.1. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
• identifies threats to the security of personal data when processing them;
• adopts local regulations and other documents regulating relations in the field of personal data processing and protection;
• appoints persons responsible for ensuring the security of personal data in the Operator's structural divisions and information systems;
• creates the necessary conditions for working with personal data;
• organizes accounting of documents containing personal data;
• organizes work with information systems that process personal data;
• stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
• organizes training of the Operator's employees who process personal data.
8. UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA, RESPONDING TO REQUESTS FROM SUBJECTS FOR ACCESS TO PERSONAL DATA
8.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in part 7 of Article 14 of the Personal Data Law, are provided by the Operator to the Personal Data Subject or his representative when applying or receiving a request from the Personal Data Subject or his representative within 10 (ten) business days from the moment when the request was received or received. The information provided does not include personal data related to other Personal Data Subjects, except in cases where there are legal grounds for disclosure of such personal data.
8.2. The request must contain:
• number of the main identity document of the Personal Data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
• information confirming the Personal Data Subject's participation in relations with the Operator (contract number, date of conclusion of the contract, conditional word designation and /or other information), or information otherwise confirming the fact of personal data processing by the Operator;
• signature of the Personal Data Subject or their representative.
8.3. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
8.4. If the request (request) of the Personal Data Subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him.
8.5. The right of a Personal Data Subject to access his / her personal data may be restricted in accordance with part 8 of Article 14 of the Personal Data Law, including if the Personal Data Subject's access to his / her personal data violates the rights and legitimate interests of third parties.
8.6. If inaccurate personal data is identified when a Personal Data Subject or his representative applies, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this Personal Data Subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the Personal Data Subject or third parties.
8.7. If the fact of inaccuracy of personal data is confirmed, the Operator, based on information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
8.8. Personal data is subject to destruction by the Operator in the following cases:
• achieving the purposes of personal data processing;
• revocation of the personal data subject's consent to the processing of their personal data;
• identification of illegal actions with personal data, as well as in other cases provided for by the current legislation of the Russian Federation.
8.9. If the purpose of processing personal data is achieved, the Operator undertakes to stop processing personal data or ensure its termination (if the processing of personal data is carried out by another person acting on behalf of the Operator) and to destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of processing of personal data. date of achievement of the purpose of personal data processing, unless otherwise provided by a contract to which the personal data subject is a party, beneficiary or guarantor, another agreement between the Operator and the personal data subject, or if the Operator is not entitled to process personal data without the consent of the personal data subject.
8.10. If the personal data subject has withdrawn his consent to the processing of personal data, the Operator undertakes to stop processing them or ensure the termination of such processing (if the processing of personal data is carried out by another person acting on behalf of the Operator) and if the storage of personal data is no longer required for the purposes of personal data processing, to destroy the personal data their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of receipt of the specified revocation, unless otherwise provided for by a contract to which the personal data subject is a party, beneficiary or guarantor, another agreement between the Operator and the personal data subject, or if the Operator has the right to process personal data without the consent of the personal data subject.
8.11. In case of detection of illegal processing of personal data carried out by the Operator or a person acting on behalf of the Operator, and it is impossible to ensure the legality of personal data processing, the Operator undertakes to destroy such personal data or ensure their destruction within a period not exceeding ten working days from the date of detection of illegal processing of personal data. The Operator undertakes to notify the personal data subject or his representative about the destruction of personal data, and if the request of the personal data subject or his representative or the request of the authorized body for the protection of the rights of PD subjects was sent by the authorized body for the protection of the rights of personal data subjects, also the specified body.
9. FINAL PROVISIONS
9.1. The Operator has the right to send Субъекту персональных данных advertising and informational messages to the Subject of personal data via e-mail, SMS and pushnotifications only with prior consent to receive advertising in accordance with part 1 of Article 18 of Federal Law No. 38-FZ of 13.03.2006 "On Advertising". Consent to receive advertising messages from the Operator via e-mail, SMS and pushnotifications is provided in writing, or in electronic form by ticking the appropriate box on the Site.
9.2. The subject of personal data has the right to refuse to receive advertising messages by clicking on the appropriate link in the e-mails received from the Operator, sending a notification of refusal to receive advertising messages to the support service at the address of the Operator's location by contacting the Operator with a corresponding request by e-mail
9.3. In compliance with the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is posted at the Operator's location, freely available on the Internet information and telecommunications network on the Site.