regarding the processing of personal data of site visitors
1. General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the "Policy") has been prepared in accordance with paragraph 2 of Part 1 of Article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No152–FZ dated July 27, 2006 (hereinafter referred to as the "Law") and defines the position of IP Shibanova Tatiana Yuryevna (OGRNIP: 511005683120, registration address: 183017, Murmansk, Ushakov str., 7, building 1, sq. 122) and/or its affiliates, (hereinafter referred to as the "Company") in the field of processing and protection of personal data (hereinafter referred to as "Data"), respect for the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.
2. Scope of application
2.1. This Policy applies to Data received both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of Data, as well as taking care of the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company provides reliable data protection.
3.1. Data means any information relating directly or indirectly to a certain or identifiable individual (citizen), i.e. such information, in particular, includes: surname, first name, patronymic, address of registration / sending correspondence, e-mail, phone number.
3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and/or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions with respect to Data.
4. Legal grounds and purposes of data processing
4.1. Processing and ensuring data security in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other defining cases and features of data processing federal laws of the Russian Federation, guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.
4.2. The subjects of the Data processed by the Company are:
customers – consumers, including site visitors http://dearagaya.com , owned by the Company, including for the purpose of placing an order on the Website http://dearagaya.com with subsequent delivery to the client, recipients of services; participants of loyalty bonus programs.
4.3. The Company processes the Data of the subjects for the following purposes:
implementation of the functions, powers and duties assigned to the Company by the legislation of the Russian Federation in accordance with federal laws, including, but not limited to: the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, the Labor Code of the Russian Federation, the Family Code of the Russian Federation, Federal Law No. 27-FZ of 01.04.1996 "On Individual (Personalized) accounting in the compulsory pension insurance system", Federal Law of 27.07.2006. No. 152-FZ "On Personal Data", Federal Law No. 53-FZ of 28.03.1998 "On Military Duty and Military Service", Federal Law No. 31-FZ of 26.02.1997 "On Mobilization Training and Mobilization in the Russian Federation", Federal Law No. 14-FZ of 8.02.1998 "On Companies with Limited Liability Company", Federal Law of 07.02.1992 No2300-1 "On Consumer Rights Protection", Federal Law of 21.11.1996 No 129-FZ "On Accounting", Federal Law of 29.11.2010 No 326-FZ "On Compulsory Medical Insurance in the Russian Federation",
Participants of loyalty bonus programs in order to:
1 providing information on goods, ongoing promotions, personal account status;
Customers – consumers in order to:
1 providing information on goods/services, ongoing promotions and special offers;
2 analysis of the quality of the service provided by the Company and improvement of the quality of customer service of the Company;
3 informing about the order status;
5. Principles and conditions of data processing.
5.1. When processing Data, the Company adheres to the following principles: data processing is carried out on a lawful and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies, legal proceedings; determination of specific legitimate purposes before processing (including collection) Data; only those Data that are necessary and sufficient for the stated purpose of processing are collected; combining databases containing Data processed for purposes incompatible with each other is not allowed; data processing is limited to achieving specific, predetermined and legitimate goals; processed Data is subject to destruction or depersonalization upon achievement of processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
5.2. The Company may include the Data of subjects in publicly available data sources, while the Company takes the written consent of the subject to the processing of his Data, or by expressing consent through the form of the website (checkbox), by clicking on which the subject of personal data expresses his consent.
5.3. The Company does not process Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to establish the identity of the Data subject) are not processed by the Company.
5.5. The Company does not carry out cross-border Data transfer.
5.6. In cases established by the legislation of the Russian Federation, the Company has the right to transfer Data to third parties (the federal tax service, the state pension fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The Company has the right to entrust the processing of Data of Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these persons, including with the consent of the user agreement and the personal data processing policy posted on the site.
5.8. Persons who process Data on the basis of an agreement concluded with the Company (operator's instructions) undertake to comply with the principles and rules of data processing and protection provided for by Law. For each third party, the contract defines a list of actions (operations) with Data that will be performed by a third party engaged in data processing, the purposes of processing, establishes the obligation of such a person to respect confidentiality and ensure data security during their processing, specifies the requirements for the protection of processed Data in accordance with the Law.
5.9. In order to comply with the requirements of the current legislation of the Russian Federation and its contractual obligations, Data processing in the Company is carried out both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Company is prohibited from making decisions based solely on automated data processing that generate legal consequences with respect to the Data subject or otherwise affect his rights and legitimate interests, except in cases provided for by the legislation of the Russian Federation.
6. Rights and obligations of data subjects, as well as Companies in terms of data processing
6.1. The Subject whose Data is processed by the Company has the right to: - receive from the Company:
confirmation of the fact of data processing and information about the availability of Data related to the relevant Data subject;
information about the legal grounds and purposes of data processing; information about the methods of data processing used by the Company; information about the name and location of the Company;
information about persons (with the exception of employees of the Company) who have access to Data or to whom Data may be disclosed on the basis of an agreement with the Company or on the basis of federal law;
the list of processed Data related to the Data subject and information about the source of their receipt, unless another procedure for providing such Data is provided for by federal law;
information about the terms of data processing, including the terms of their storage;
information on the procedure for the exercise by the subject of these rights provided for by Law;
name (Full name) and address of the person processing Data on behalf of the Company;
other information provided by Law or other regulatory legal acts of the Russian Federation;
- require the Company to:
clarify its Data, block or destroy them if the Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
revoke his consent to data processing at any time; demand the elimination of illegal actions of the Company in relation to his Data;
appeal the actions or omissions of the Company to the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court if the Data subject believes that the Company processes his Data in violation of the requirements of the Law or otherwise violates his rights and freedoms;
- to protect their rights and legitimate interests, including compensation for damages and/or compensation for moral damage in court.
6.2. In the process of Data processing, the Company is obliged to:
to provide the Data subject, upon his request, with information concerning the processing of his personal data, or to legally provide a refusal within thirty days from the date of receipt of the request of the Data subject or his representative;
explain to the Data Subject the legal consequences of refusing to provide Data if the provision of Data is mandatory in accordance with federal law;
prior to the start of Data processing (if the Data is not received from the Data subject), provide the following information to the Data subject, except for the cases provided for in part 4 of Article 18 of the Law:
1) the name or surname, first name, patronymic and address of the Company or its representative;
2) the purpose of data processing and its legal basis;
3) intended Data users;
4) the rights of data subjects established by Law;
5) the source of the Data.
take the necessary legal, organizational and technical measures or ensure their adoption to protect Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions with respect to Data;
publish on the Internet and provide unrestricted access using the Internet to the document defining its data processing policy, to information about the implemented data protection requirements;
provide data subjects and/or their representatives with the opportunity to familiarize themselves with the Data free of charge when making a corresponding request within 30 days from the date of receipt of such a request;
to block illegally processed Data related to the Data subject, or to ensure their blocking (if data processing is carried out by another person acting on behalf of the Company) from the moment of the request or receipt of the request for the verification period, in case of detection of illegal data processing when the Data subject or his representative or at the request of the Data subject or his representative, or authorized body for the protection of the rights of personal data subjects;
to clarify the Data or to ensure their clarification (if Data processing is carried out by another person acting on behalf of the Company) within 7 working days from the date of submission of the information and to remove the blocking of the Data, in case of confirmation of the inaccuracy of the Data on the basis of the information provided by the Data subject or his representative;
to terminate the unlawful processing of Data or to ensure the termination of the unlawful processing of Data by a person acting on behalf of the Company, in case of detection of unlawful data processing carried out by the Company or a person acting on the basis of a contract with the Company, within a period not exceeding 3 working days from the date of this detection;
terminate Data processing or ensure its termination (if Data processing is carried out by another person acting under an agreement with the Company) and destroy the Data or ensure their destruction (if Data processing is carried out by another person acting under an agreement with the Company) after achieving the purpose of data processing, unless otherwise provided by the contract, the party to which, the beneficiary or the guarantor according to which the data subject is, if the purpose of data processing is achieved;
terminate data processing or ensure its termination and destroy the Data or ensure their destruction in case the Data subject withdraws consent to data processing, if the Company does not have the right to process Data without the consent of the Data subject;
keep a log of the appeals of PD subjects, which should record the requests of data subjects to receive Data, as well as the facts of providing Data on these requests.
7. Data Protection Requirements
7.1. When processing Data, the Company takes the necessary legal, organizational and technical measures to protect Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions with respect to Data.
7.2. Such measures in accordance with the Law, in particular, include:
the appointment of a person responsible for the organization of data processing, and a person responsible for ensuring data security;
development and approval of local acts on data processing and protection;
application of legal, organizational and technical measures to ensure data security:
· identification of data security threats during their processing in personal data information systems;
· application of organizational and technical measures to ensure data security during their processing in personal data information systems necessary to meet data protection requirements, the implementation of which ensures the levels of data security established by the Government of the Russian Federation;
· the use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure;
· assessment of the effectiveness of the measures taken to ensure data security prior to the commissioning of the personal data information system;
· accounting of machine data carriers, if data storage is carried out on machine media;
· detection of unauthorized access to Data and taking measures to prevent such incidents in the future;
· recovery of data modified or destroyed due to unauthorized access to them;
· establishment of rules for access to Data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with Data in the personal data information system.
control over the measures taken to ensure data security and the level of security of personal data information systems;
assessment of the harm that may be caused to data subjects in case of violation of the requirements of the Law, the ratio of this harm and the measures taken by the Company aimed at ensuring compliance with the obligations provided for by Law;
compliance with the conditions that exclude unauthorized access to material data carriers and ensure the safety of Data
familiarization of the Company's employees directly engaged in data processing with the provisions of the legislation of the Russian Federation on Data, including data protection requirements, local acts on data processing and protection, and training of the Company's employees.
8. Terms of data processing (storage)
8.1. The terms of Data processing (storage) are determined based on the purposes of data processing, in accordance with the validity period of the contract with the Data subject, the requirements of federal laws, the requirements of data operators on whose behalf the Company processes Data, the basic rules of the archives of organizations, the statute of limitations.
8.2. Data whose processing (storage) period has expired must be destroyed, unless otherwise provided by federal law. Data storage after the termination of their processing is allowed only after their depersonalization.
9. Procedure for obtaining clarifications on data processing issues
9.1. Persons whose Data is processed by the Company can receive clarifications on the processing of their Data by contacting the Company personally or by sending a corresponding written request to the address of the Company's location: 7 Ushakov str., bldg. 1, sq. 122, Murmansk, 183017
9.2. In case of sending an official request to the Company, it is necessary to specify in the text of the request:
last name, first name, patronymic of the data subject or his representative;
the number of the main document certifying the identity of the data subject or his representative, information about the date of issue of the specified document and the issuing authority;
information confirming the existence of the Data subject's relationship with the Company; information for feedback in order for the Company to send a response to the request;
signature of the data subject (or his representative). If the request is sent electronically, it must be issued in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
10. Features of processing and protection of Data collected by the Company using the Internet
10.1. The Company processes the Data received from the Website users from the resource:
earagaya.com (hereinafter jointly referred to as the Website), as well as incoming to the Company's email address: email@example.com , via the Company's feedback form
10.2. Data Collection
There are two main ways in which a Company receives Data via the Internet:
10.2.1. Provision of Data
Providing Data (independent data entry):
address of registration/sending correspondence e-mail
10.2.2. Data subjects by receiving to the Company's e-mail address: firstname.lastname@example.org , via the Company's feedback form located at:
10.3. Automatically collected information
The Company may collect and process information that is not personal data:
information about the interests of users on the Site based on the entered search queries of Site users about the goods sold and offered for sale by the Company in order to provide up-to-date information to the Company's customers when using the Site, as well as generalization and analysis of information about which sections of the Site and products are in the greatest demand among the Company's customers;
processing and storage of Site users' search queries for the purpose of summarizing and creating client statistics on the use of Site sections.
The Company automatically receives certain types of information obtained during user interaction with the Site, correspondence by e-mail, etc. We are talking about technologies and services, such as web protocols, cookies, web tags, as well as applications and tools of the specified third party.
At the same time, web tags, cookies and other monitoring technologies do not make it possible to automatically receive Data. If the Site user provides his/her Data at his/her discretion, for example, when filling out a feedback form or when sending an email, then only then the processes of automatic collection of detailed information are started for the convenience of using the websites and/or to improve interaction with users.
10.4. Data Usage
The Company has the right to use the provided Data in accordance with the stated purposes of their collection with the consent of the Data subject, if such consent is required in accordance with the requirements of the legislation of the Russian Federation in the field of Data.
The data obtained in a generalized and depersonalized form can be used to better understand the needs of buyers of goods and services sold by the Company and improve the quality of service.
10.5. Data Transmission
The Company may entrust Data processing to third parties only with the consent of the Data subject. The Data may also be transferred to third parties in the following cases:
a) as a response to legitimate requests of authorized state bodies, in accordance with laws, court decisions, etc.
b) The Data may not be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data subject.
10.6. The Site contains links to other web resources, where there may be useful and interesting information for users of the Site. At the same time, this Policy does not apply to such other sites. Users who click on links to other sites are advised to familiarize themselves with the data processing policies posted on such sites.
10.7. The Website User may withdraw his consent to data processing at any time by sending a message to the Company's email address: email@example.com , via the Company's feedback form located at: https:// (pupottery.com ), or by sending a written notification to the Company's address: 236017, Kaliningrad, Kaliningrad, Kharkiv, d. 5, sq. 8. After receiving such a message, the processing of the user's Data will be terminated and his Data will be deleted, except in cases when processing can be continued in accordance with the legislation. Final Provisions This Policy is a local regulatory act of the Company. This Policy is publicly available. The general availability of this Policy is ensured by publication on the Company's Website. This Policy may be revised in any of the following cases:
when changing the legislation of the Russian Federation in the field of processing and protection of personal data;
in cases of receiving instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;
by the decision of the Company's management;
when changing the goals and deadlines of data processing;
when changing the organizational structure, the structure of information and/or telecommunication systems (or introducing new ones);
when using new technologies for data processing and protection (including transmission, storage);
if there is a need to change the data processing process related to the Company's activities. In case of non-compliance with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Russian Federation. The control of compliance with the requirements of this Policy is carried out by persons responsible for the organization of data processing of the Company, as well as for the security of personal data.