Privacy Policy

1. General Provisions

This personal data processing policy has been drawn up in accordance with the requirements of Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and the measures to ensure the security of personal data taken by the “Surname, Name, Patronymic” (hereinafter referred to as the “Operator”).

1.1. The Operator sets as its primary goal and condition for carrying out its activities the observance of the rights and freedoms of individuals and citizens during the processing of their personal data, including the protection of the rights to privacy, personal and family privacy.

1.2. This Policy of the Operator for the processing of personal data (hereinafter referred to as the “Policy”) applies to all information that the Operator may receive about visitors to the website https://mywebsite.ru.

2. Key Concepts Used in the Policy

2.1. Automated processing of personal data – processing of personal data using computer technology.

2.2. Blocking of personal data – temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).

2.3. Website – the aggregate of graphic and informational materials, computer programs, and databases that provide access to them on the Internet via the network address https://mywebsite.ru.

2.4. Personal data information system – the aggregate of personal data contained in databases and the information technologies and technical means that ensure their processing.

2.5. Depersonalization of personal data – actions as a result of which it is impossible to determine without using additional information the belonging of personal data to a specific User or other subject of personal data.

2.6. Processing of personal data – any action (operation) or set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

2.7. Operator – a state body, municipal body, legal entity, or individual who independently or jointly with other persons organize and/or carry out the processing of personal data, as well as determine the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data.

2.8. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website https://mywebsite.ru.

2.9. Personal data allowed by the subject of personal data for dissemination – personal data, the access of an unlimited circle of persons to which is provided by the subject of personal data by giving consent to the processing of personal data allowed by the subject of personal data for dissemination in the manner prescribed by the Personal Data Law (hereinafter, personal data allowed for dissemination).

2.10. User – any visitor to the website https://mywebsite.ru.

2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons.

2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an uncertain range of persons (transfer of personal data) or making an unlimited range of persons acquainted with personal data request for termination of processing of personal data; – challenge wrongful actions or inaction of the Controller when processing their personal data in the authorized body for protection of the rights of subjects of personal data or in court; – exercise other rights stipulated by the legislation of the Russian Federation.

2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

2.14. Destruction of personal data — any actions as a result of which personal data are destroyed irreversibly, whereby further recovery of the contents of personal data in the personal data information system and/or destruction of physical media containing personal data becomes impossible.

3. Basic rights and obligations of the Operator

3. Main rights and obligations of the Operator
3.1. The Operator shall have the right:
– to get accurate information and/or documents containing personal data from the personal data subject;
– should the personal data subject revoke his consent to the processing of personal data and/or file a claim requesting that the processing of personal data shall be terminated, the Operator shall have the right to continue the processing of personal data without the personal data subject’s consent, should there be grounds specified by the Personal Data Act;
– to independently determine the structure and list of measures required and sufficient to ensure the implementation of the obligations provided for by the Personal Data Act, and implementing regulatory legal acts adopted in compliance with it, unless otherwise provided for by the Personal Data Act or other federal laws.
3.2. The Operator shall be obligated to:
– upon the personal data subject’s request, provide him with the information concerning his personal data processing;
– organize the processing of personal data in compliance with the applicable RF legislation;
– respond to appeals and requests from personal data subjects and their legal representatives in compliance with the requirements of the Personal Data Act;
– upon the request from the authorized personal data protection oversight agency, submit the required information to the agency within 10 days upon the date of receipt of such request;
– publish or otherwise allow unrestricted access to this Policy on the processing of personal data;
– take legal, organizational, and technical measures for the protection of personal data from unauthorized or accidental access to them, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in respect of personal data;
– cease the transfer (distribution, provision, access) of personal data, cease the processing and destroy personal data in the manner and in the cases provided for by the Personal Data Act;
– implement other obligations stipulated by the Personal Data Act.
4. Main rights and obligations of personal data subjects
4.1. The personal data subjects shall have the right to:
– obtain information concerning the processing of his personal data, except for cases provided for by federal laws. The information shall be provided to the personal data subject by the Operator in an accessible form, and they shall not contain personal data of other personal data subjects, except for the cases when there are legal grounds for the disclosure of such personal data. The list of information and the procedure for its obtainment shall be determined by the Personal Data Act;
– demand that the operator clarify his personal data, block or destroy it if the personal data are incomplete, out-of-date, inaccurate, obtained unlawfully, or are not required for the stated purpose of processing, as well as take action provided by the law to protect his rights;
– put forward the condition of prior consent for the processing of personal data for the purposes of marketing goods, works, and services;
– revoke the consent to the processing of personal data and file a claim requesting that the processing of personal data shall be terminated;
– file an appeal to the authorized personal data protection oversight agency, or challenge the illegal actions or inaction of the Operator with respect to the processing of his personal data in court;
– exercise other rights provided by the RF legislation.
4.2. Personal data subjects shall be obligated to:
– provide the Operator with accurate information about themselves;
– inform the Operator about the clarification (update, change) of their personal data.
4.3. Individuals who will transfer to the Operator inaccurate information about themselves, or information concerning another personal data subject without the latter’s consent, shall bear the liability pursuant to the RF legislation.
6. Purposes of personal data processing
Processing purpose: informing the User by sending emails
Personal data: surname, first name, patronymic name; phone numbers
Legal basis: Federal Law “On Information, Information Technologies, and Information Security Protection” of 27.07.2006, No. 149-ФЗ
Types of personal data processing: Transfer of personal data
7. Conditions for personal data processing
7.1. Personal data processing is carried out with the consent of the personal data subject for the processing of their personal data.
7.2. Personal data processing is necessary to achieve the purposes provided for by an international treaty of the Russian Federation or the law, for the performance of functions, powers and responsibilities assigned to the operator by the legislation of the Russian Federation.
7.3. Personal data processing is necessary for the administration of justice, the execution of a judicial act, the act of another body or an official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
7.4. Personal data processing is necessary for the performance of an agreement to which the personal data subject is a party, or the beneficiary or guarantor under which is the personal data subject, as well as for the conclusion of an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor.
7.5. Personal data processing is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject.
7.6. Personal data is processed, access to which is provided by an unlimited number of persons to the personal data subject or at their request (hereinafter, publicly available personal data).
7.7. Personal data is processed that is subject to publication or mandatory disclosure in accordance with federal law.
8. Procedure for collecting, storing, transferring and other types of personal data processing
The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the current legislation in the field of personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to exclude access to personal data by unauthorized persons.
8.2. The User’s personal data will never be transferred to third parties under any circumstances, except for cases related to the execution of current legislation or if the personal data subject has given the Operator consent to transfer data to a third party to fulfill obligations under a civil law agreement.
8.3. If inaccuracies in personal data are identified, the User can update them independently by sending a notification to the Operator to the Operator’s email address [email protected] marked “Updating Personal Data”.
8.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless otherwise provided by the agreement or applicable law.
The User may at any time withdraw their consent to the processing of personal data by sending a notification to the Operator by email to the Operator’s email address [email protected] marked “Withdrawal of Consent to the Processing of Personal Data”.
8.5. All information that is collected by third-party services, including payment systems, communication services, and other service providers, is stored and processed by such persons (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data and/or with the specified documents. The operator is not responsible for the actions of third parties, including the service providers specified in this paragraph.
8.6. The prohibitions against transfer (except for granting access), as well as against processing or the conditions for processing (except for obtaining access) of personal data, authorized for distribution, established by the personal data subject, shall not apply in cases of personal data processing in state, public and other public interests determined by the legislation of the Russian Federation.
8.7. When processing personal data, the Operator ensures the confidentiality of personal data.
8.8. The Operator shall store personal data in a form that allows the personal data subject to be identified for no longer than is necessary for the purposes of personal data processing, unless the storage period for personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor.
8.9. The condition for termination of personal data processing may be the achievement of the goals of personal data processing, expiration of the personal data subject’s consent, withdrawal of the personal data subject’s consent or a request for termination of personal data processing, as well as the identification of illegal processing of personal data. 9. The list of actions performed by the Operator with the received personal data 9.1. The Operator shall collect, record, systematize, accumulate, store, refine (update, change), extract, use, transfer (distribute, provide, access), render anonymous, block, delete and destroy personal data.
9.2. The Operator shall perform automated processing of personal data with the receipt and/or transfer of the received information over information and telecommunication networks or without it.
10. Transborder transfer of personal data
10.1. The Operator shall, prior to commencing its activities on the cross-border transfer of personal data, notify the authorized body for the protection of the rights of personal data subjects of its intention to carry out a cross-border transfer of personal data (such notification shall be sent separately from the notification of the intention to process personal data).
10.2. Prior to submitting the above notification, the Operator shall obtain relevant information from the authorities of a foreign state, foreign individuals, foreign legal entities, to whom the cross-border transfer of personal data is planned.
11. Confidentiality of personal data The Operator and other persons who have gained access to personal data shall not disclose to third parties or disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.
12. Final clauses
12.1. The User can receive any clarifications on issues of interest concerning the processing of his personal data by contacting the Operator by e-mail [email protected].
12.2. This document will reflect any changes in the Operator’s personal data processing policy. The Policy shall be valid indefinitely until it is replaced by a new version.
12.3. The current version of the Policy is freely available on the Internet at https://mywebsite.ru/policy.