1.1 This document (hereinafter – the Policy) determines the policy of individual entrepreneur Kadashevich Mikhail Ilyich (hereinafter – the Operator) regarding the processing and protection of personal data of users (hereinafter – Users/Data Subjects) who use the Operator's:
1.2 The processing of personal data, the scope and content of personal data processed are determined in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", other federal laws and subordinate legal acts.
1.3 The text of the Policy is available to Data Subjects on the Services on the Internet.
2.1 Users give their consent to the processing of personal data when using the Services, access to which is provided to them in accordance with this Policy, by ticking the "agree" checkbox or an equivalent when using the Services. The User's consent is deemed to be given to the extent and on the terms provided by this Policy.
2.1.1 If the User does not agree with the terms of this Policy, they must immediately leave the Services or send the Operator an appropriate withdrawal/request indicating the need to stop processing their personal data.
2.1.2 Conclusive actions of the User, expressed in the actions provided for in clause 2.1 of the Policy and aimed at accepting the terms of the Policy, are considered the User's consent to the processing of their personal data given freely, of their own will and in their interest. Consent to the processing of personal data is specific, informed, conscious and unambiguous.
2.2 The Operator does not verify the accuracy of the personal data provided by Data Subjects or the legal capacity of the Data Subjects.
3.1. Automated processing of personal data – processing of personal data using computer equipment;
3.2. Non-automated processing of personal data – actions with personal data such as use, clarification (updating, changing), dissemination or destruction, carried out with the direct participation of a person;
3.3. Depersonalization of personal data (destruction) – actions as a result of which it becomes impossible to determine the belonging of personal data to a specific data subject;
3.4. Processing of personal data – any action (operation) or set of actions (operations) provided for by this Policy performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
3.5. Personal data — any information relating to a directly or indirectly identified or identifiable natural person (Data Subject). The list of personal data received from the Data Subject, with respect to which the Operator processes, is defined in clause 4 of the Policy.
3.6. Messenger/Messengers — software for instant messaging with the functions of exchanging text, voice and video messages, as well as stickers, photos and files in various formats.
3.7. IP address — a unique numeric identifier of a device in a computer network operating under the IP protocol.
3.8. Cookies are text files that the Services save on the user's computer (or other device) to remember information about their visits. With their help, the Services save settings, remember authorization and simplify the User's navigation around the Services.
3.9. Offer - an offer published on the Services by the Provider addressed to data subjects with the aim of entering into an agreement for the provision of services on the terms set forth in the Offer.
4.1. Personal data of the User:
4.2. Data that are automatically transmitted to the Services during their use by means of software installed on the User's device:
4.3. In the course of the Operator's activities, it is possible to process any categories of personal data listed in clauses 4.1 and 4.2 above.
5.1 The Operator processes personal data for the purpose of preparing, concluding and performing concluded contracts, promoting goods, works and services in the market, as well as ensuring communication between consumers/users of the Internet/Data Subjects and the Operator through the use of the Services, including for:
For the purposes listed above, the Operator processes the following personal data of users/clients and other persons:
5.2. Data that are automatically transmitted to the Services during their use by means of software installed on the User's device:
6.1. The processing of personal data is limited to achieving specific, pre-defined purposes indicated in Section 5 of the Policy. Processing of personal data incompatible with the purposes of collection is not permitted.
6.2. Processing of personal data is carried out both by automated means and without the use of automation tools. Storage of personal data is carried out in a form that allows identification of the Data Subject for no longer than required by the purposes of processing personal data, unless the storage period is established by federal law.
6.3. Processed personal data must be destroyed or depersonalized upon achievement of the processing purposes or in case of loss of necessity in achieving those purposes, unless otherwise provided by federal law.
7.1. Data Subjects whose personal data are processed by the Operator have the right to obtain information regarding the personal data processed by the Operator to the extent provided by Federal Law No. 152-FZ of the Russian Federation "On Personal Data", and also:
7.1.1. Receive complete information about their personal data;
7.1.2. Obtain information about the Operator, its location, and whether the Operator holds personal data related to the respective Data Subject;
7.1.3. Require the Operator to clarify, exclude or correct incomplete, inaccurate, outdated, unlawfully obtained personal data, or data that are not necessary for the declared purpose of processing, as well as to take legally provided measures to protect their rights;
7.1.4. Opt out of receiving promotional phone calls by setting the appropriate preferences by contacting the Operator.
7.1.5. Submit to the Operator a withdrawal of consent to the processing of the Data Subject's personal data. The withdrawal is sent using the Operator's contact details provided on the Services, or using the functionality of the Services. The Operator undertakes to ensure the fulfillment of obligations provided by applicable law upon receiving such a withdrawal regarding the processing of personal data.
8.1. The Operator, its employees, and other persons who have obtained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the Data Subject, except in cases provided for by applicable law. The Operator guarantees obtaining written non-disclosure obligations from its employees. Third parties to whom personal data are transferred in the manner provided for in Section 10 of this Policy ensure the confidentiality of Users' personal data in accordance with the rules of the current legislation of the Russian Federation.
8.2. Confidentiality of personal data is ensured by the Operator through:
9.1. The duration of personal data processing carried out by the Operator is determined as follows:
9.1.1. For personal data related to the performance of contracts – for the entire term of the contract.
9.1.2. For personal data collected for statistical and advertising purposes – indefinitely (until the user sends the corresponding withdrawal in the manner provided in clause 7.1.5 of the Policy).
9.1.3. In other cases, the Operator processes personal data until the purpose for which the personal data were collected has been achieved.
9.2. Personal data whose processing period has expired must be destroyed or depersonalized unless otherwise provided by the current legislation of the Russian Federation.
10.1. In the course of its activities, the Operator may provide personal data of Data Subjects to third parties specified in clause 10.1.1 of the Policy in accordance with the requirements of Russian law and with the consent of the Data Subject, namely:
10.1.1. By agreeing to the terms of this Policy, the Data Subject explicitly expresses their consent to the transfer by the Operator of their personal data to the following third parties:
10.1.2. Personal data transferred to the third parties specified in clause 10.1.1 of the Policy are transferred for the purpose of ensuring the execution of agreements/contracts concluded between the Operator and the Data Subject through the Services, promoting goods, works, services on the market, as well as ensuring communication between consumers/users of the Internet/Data Subjects and the Operator through the use of the Services, including for:
10.1.3. Personal data of the User transferred to third parties under the rules of clauses 10.1.1-10.1.2 of the Offer:
11.1. The Operator takes the necessary organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, destruction, alteration, blocking of access and other unauthorized actions. Personal data obtained by the Operator within lawful purposes are not disclosed or provided to third parties without the consent of the Data Subject, unless otherwise provided by federal law.
11.2. The Operator implements the following legal requirements in the field of personal data:
11.2.1. Requirements to maintain the confidentiality of personal data;
11.2.2. Requirements for protecting personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data;
11.3. In accordance with Federal Law of the Russian Federation No. 152-FZ "On Personal Data" dated July 27, 2006, the Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided by the legislation in the field of personal data.
11.3.1. Protection of personal data is achieved by adopting this Policy;
12. Destruction and depersonalization of personal data
12.1. Destruction and depersonalization of personal data are carried out in the following cases:
12.1.1. upon achievement of the purposes of their processing or in case of loss of necessity in achieving them within a period not exceeding three years from the moment the purpose of personal data processing is achieved, unless otherwise provided by the contract, of which the Data Subject is a party, beneficiary or guarantor, or by another agreement between the Operator and the Data Subject, or if the Operator is not entitled to process personal data without the consent of the Data Subject on the grounds provided by federal laws of the Russian Federation;
12.1.2. in case of withdrawal by the Data Subject of consent to the processing of their personal data;
12.1.3. upon expiration of the storage period of personal data determined in accordance with the legislation of the Russian Federation and the internal documents of the Operator;
12.1.4. in case of an instruction by an authorized body for the protection of the rights of personal data subjects, the Prosecutor's Office of Russia or a court decision.
13.1. The Operator or other guilty parties for violating the requirements of the legislation of the Russian Federation on personal data, as well as the provisions of this Policy, bear the liability provided for by the legislation of the Russian Federation.
14.1. The Operator is registered as a person in the register of personal data operators in the manner provided by applicable law.
15. If agreements between the Operator and the Data Subject contain provisions concerning the use of personal information and/or the User's personal data, the provisions of the Policy and such agreements apply in part that does not contradict the Policy.
15.2. For Users, the new edition of the Policy comes into force from the moment it is posted on the Site or the Mobile Application. Continued use of the Service after the publication of the new version of the Policy constitutes acceptance of the Policy and its terms by the User.
15.3. The Operator has the right, unilaterally and without prior notice to the Data Subject, to make changes to the text of this Policy. The processing of the Data Subject's personal data is carried out in accordance with the version of the Policy accepted by the Data Subject when visiting the Services. In the event of the User's repeated acceptance of the Policy on the Services, the processing of the Data Subject's personal data is carried out in accordance with the version of the Policy published at a later date.