SECURITY PROCESSING AND SECURITY POLICY PERSONAL DATA LLC "UNIFY VANYA TRADING"
1. General Provisions
1.1. This Policy regarding the Processing of Personal Data (hereinafter referred to as the Policy) determines the policy of "Uncle Vanya Trading" LLC with respect to processing and ensuring the security of Personal Data.
1.1.1. The operator carries out the activity to the address: 140014, Moscow region, Lyubertsy, Ogurechnaya street, house number 3.
1.1.2. Contact details of the Operator:
- Phone: 8 800 250-35-65;
- Email address: firstname.lastname@example.org
1.2. This policy is mandatory for all employees and officials of the Operator in respect of all personal data processed by LLC "Uncle Vanya Trading".
1.3. This policy can be changed by the sole executive body of the Operator.
1.4. This Policy is designed to protect the rights and freedoms of a person and a citizen when processing his personal data by the Operator, including protecting the rights to privacy, personal and family secrets.
1.5. The Policy applies to all Operator activities related to the Processing of Personal Data.
1.6. The processing of personal data by the Operator is based on the following principles:
- Legality of the purposes and ways of processing of the personal data and conscientiousness;
- Correspondence of the purposes of processing personal data to the purposes, predetermined and claimed in the collection of personal data, as well as the powers of the Operator;
- Correspondence of the volume and nature of the processed personal data, methods of processing personal data for the purposes of processing personal data;
- Reliability of personal data, their relevance and sufficiency for processing purposes, inadmissibility of processing redundant personal data collection purposes;
- Legitimacy of organizational and technical measures to ensure the security of personal data;
- Aspiration for continuous improvement of the personal data protection system.
1.7. This document is a public document of the Operator, provides for the possibility of acquaintance with him of any persons and is subject to publication on the Operator's website www.dyadya-vanya.ru.
2. Legislative and other normative legal acts of the Russian Federation, in accordance with which the policy of processing personal data of the Operator
2.1. The policy of processing personal data of the Operator is determined in accordance with the following regulatory legal acts:
- Federal Law of July 27, 2006, No. 152-FZ "On Personal Data";
- Resolution of the Government of the Russian Federation of 1 November 2012 No. 1119 "On the approval of the requirements for the protection of personal data when processing them in information systems of personal data";
- Resolution of the Government of the Russian Federation of September 15, 2008, No.687 "On Approval of the Regulation on the Specifics of Processing Personal Data Performed Without the Use of Automation Tools";
- Order FSTEC of Russia of February 18, 2013 №21 "On approval of the composition and content of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems";
- Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.
2.2. In order to implement the provisions of the Policy, the Operator may develop appropriate local regulations and other documents.
3. Terms and definitions
Personal data - any information related to a directly or indirectly defined or determined individual (subject of personal data).
Operator - a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as defining the purposes of processing personal data, the composition of the personal data subject to processing, the actions (operations) performed with personal data.
Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data - processing of personal data by means of computer facilities.
Dissemination of personal data - actions aimed at disclosing personal data to an undetermined number of persons.
Provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons.
Blocking of personal data - temporary termination of the processing of personal data (except for cases when processing is necessary to clarify personal data).
Destruction of personal data is an action that makes it impossible to restore the contents of personal data in the personal data information system and (or) as a result of which material data carriers of personal data are destroyed.
The depersonalization of personal data is an action that makes it impossible to use the additional information to determine whether personal data belongs to a particular personal data subject.
Information system of personal data - a set of personal data contained in databases and providing their processing of information technologies and technical means.
Responsible for organizing the processing of personal data - an official who is appointed by the Order of the sole executive body of the Operator, organizing the adoption of legal, organizational and technical measures to ensure proper performance of the functions of organizing the processing of personal data in accordance with the provisions of the legislation of the Russian Federation in the field of Personal Data;
The Site User is a person who has access to the Site through the Internet and uses the Site.
4. Categories of subjects whose personal data are processed
The operator processes the personal data received in the manner prescribed by law and belongs to:
- to the customers of the Operator, including potential clients, representatives of clients authorized to represent clients, both natural and legal persons;
- consumers of goods manufactured by the Operator;
- users of the Operator's Site;
- other subjects of personal data (to ensure the implementation of the processing objectives specified in the Policy section).
5. Rules for processing personal data
5.1. The operator processes the personal data of the subjects with their consent, provided by the subjects and / or their legal representatives through the performance of conclusive acts, in accordance with this Policy.
Processing of personal data includes, including:
• clarification (updating, modification);
• transfer (distribution, provision, access);
5.2. The operator processes the personal data of the subjects no longer than the purpose of processing personal data requires, unless otherwise provided by the requirements of the legislation of the Russian Federation. The term for the processing of personal data of subjects can be extended if the subject is a participant in the loyalty program - for the period of his participation in the loyalty program or the validity period of the loyalty program, as well as in case the User signs the application for the creation of an account (personal cabinet) the moment of withdrawal of consent to the processing of personal data.
5.3. The operator processes the following personal data of the subjects:
- Surname, name, patronymic of the subject;
- Date of birth of the subject;
- Sex of the subject;
- City of residence of the subject;
- Email address of the subject;
- Information about the presence of the account (page) in social networks, such as Vkontakte, Facebook, Instagram and others;
- Photos of the subject.
5.4. The operator processes only those personal data specified in the Policy and / or in local regulations approved by the Operator.
5.5. The operator does not allow the processing of the following categories of personal data:
- Political Views;
- Philosophical beliefs;
- Health status;
- The state of intimate life;
- National affiliation;
- Religious beliefs.
5.6. The operator does not process biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his personality can be established).
5.7. The operator does not cross-border the transfer of personal data (the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity).
5.8. The operator does not make decisions regarding the subjects of personal data on the basis of exclusively automated processing of their personal data.
5.9. The operator does not process data on the criminal record of the subjects.
5.10. The operator does not place the personal data of the subject in public sources without his prior consent. At the same time, the Operator has the right to publish photographs of the subject on the site www.dyadya-vanya.ru with the inability to download or save them directly for 365 (three hundred and sixty-five) calendar days, subject to the participation of the subject in marketing activities (promotions, competitions, etc.).
5.11. Without the consent of the subject of personal data, the Operator shall not disclose to third parties or disseminate personal data unless otherwise provided by federal law.
5.12. The operator has the right to charge the processing of personal data to another person with the consent of the personal data subject on the basis of a contract concluded with that person. The contract must contain a list of actions (operations) with personal data that will be performed by the person processing personal data, the purpose of processing, the duty of such person to respect the confidentiality of personal data and ensure the safety of personal data during processing, as well as the requirements for protection of the processed personal data in According to Article 19 of the Federal Law "On Personal Data".
6. The purposes and the bases of data processing
The operator performs processing of personal data for the following purposes:
• Registration, identification and provision of the procedure for the entity's participation in loyalty programs offered by the Operator.
• Providing the subject access to personalized site resources (personal cabinet).
• Establishing feedback with the subject, including sending notifications, requests regarding the use of the Site, rendering services, processing requests and applications from the subject.
• Granting to the subject, with his consent, information about new products, holding special actions and offers, information on prices, newsletters and other information about the goods of the Operator.
• Carry out advertising activities with the consent of the subject.
• Information messages about the marketing activities organized by the Operator (promotions, competitions, etc.).
• Directions for proposals on the subject's participation in marketing activities.
• Conducting marketing analysis and collecting statistical information.
7. Ensuring the security of personal data
7.1. When processing personal data, the Operator takes the necessary legal, organizational and technical measures to protect personal data from accidental or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in relation to personal data.
7.2. Ensuring the security of personal data is achieved in particular:
• the development by the Operator of the Policy regarding the processing of personal data, as well as other internal documents on the processing of personal data;
• familiarization of the Operator's employees who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Policy for the processing of personal data, as well as other internal documents of the Operator on the processing of personal data;
• the use of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to ensure the appropriate levels of security established by Government Decree of 1 November 2012 No. 1119;
• the use of procedures that passed in accordance with the established procedure to assess the compliance of information protection means;
• evaluation of the effectiveness of measures taken to ensure the safety of personal data prior to putting into operation the personal data information system;
• taking into account the computer carriers of personal data;
• detection of unauthorized access to personal data and taking necessary measures;
• restoration of personal data, modified or destroyed due to unauthorized access to them;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
• control over the measures taken to ensure the security of personal data and the level of security of the personal data information system.
7.3. In order to monitor compliance with the requirements of the legislation of the Russian Federation and coordinate actions to ensure the safety of personal data, the order of the Director General appoints the person responsible for organizing the processing of personal data.
8. Rights of subjects of personal data
8.1. The subject of personal data has the right:
- to receive personal data relating to this subject and information regarding their processing;
- to clarify, block or destroy his personal data if they are incomplete, obsolete, inaccurate, illegally obtained or are not necessary for the stated purpose of the processing;
- to revoke his consent to the processing of personal data;
- to protect their rights and legitimate interests, including compensation for damages and compensation for non-pecuniary damage in court;
- to appeal against actions or omissions of the Operator to the authorized body for protection of the rights of subjects of personal data or in court.
8.2. To realize their rights and legitimate interests, personal data subjects have the right to apply to the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law "On Personal Data".