PERSONAL DATA PROTECTION AND PROCESSING POLICIES
Individual entrepreneur Maslennikova Oksana Yuryevna
(hereinafter IE Maslennikova O. Y.)
Version of the document from 25.08.2020
Date of publication on the site 25.08.2020
- General provisions
1.1. This policy regarding the processing of personal data (hereinafter-the policy) is compiled in accordance with paragraph 2 of article 18.1 of the Federal law dated 27.07.2006 № 152-FZ “On Personal Data” (hereinafter-the Law on personal data), as well as other legal acts in the field of protection and processing of personal data and applies to all personal data (hereinafter – data) that IE Maslennikova O. Y. (hereinafter-The Operator) can receive from the subject of personal data, which is a party to a civil contract : http://en.omaslennikova.com
1.2. The Operator protects the processed personal data from unauthorized access and disclosure, illegal use or loss in accordance with the requirements of the Law on personal data.
1.3. The Policy Change
1.3.1. The Operator has the right to make changes to this Policy. When making changes, the Policy title indicates the date when the revision was last updated. The new version of the Policy enters into force from the moment it is posted on the site, unless otherwise provided by the new version of the Policy.
1.5. As a General rule, the Administration does not check the accuracy of personal information provided by Users.
2. Terminology and accepted abbreviations
Personal data (hereinafter called “PD”) – any information related to a directly or indirectly identified or identifiable person (subject of personal data).
Personal data operator (Operator) – a government body, municipal body, juridical body or a person that independently or jointly with other persons organizes and (or) performs the processing of personal data, as well as determines the purposes of processing personal data, the content of personal data to be processed, actions (operations) performed with personal data.
Personal data processing – any action (operation) or a set of actions (operations) with personal data performed using automated tools or without their use. The processing of personal data includes but is not limited to:
- clarification (update, change);
- transmission (distribution, provision, access);
Automated processing of personal data – processing of personal data using computer technology.
Distribution of personal data – actions aimed at disclosure of personal data to an indefinite group of persons.
Provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain group of persons.
Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data).
Destruction of personal data – actions that make it impossible to recover the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
Depersonalization of personal data – actions that make it impossible to determine the identity of personal data to a specific personal data subject without using additional information.
Personal data information system – a set of personal data contained in data bases and ensuring their processing, information technologies and technical means.
Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual or a foreign legal entity.
Website – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at a network address: http://omaslennikova.com
3. Procedure and conditions for processing and storing personal data
3.1. Personal data is processed by the Operator in accordance with the requirements of the legislation of the Russian Federation.
3.2. Personal data processing is performed with the agreement of the personal data subjects to process their personal data, as well as without it, in cases specified by the legislation of the Russian Federation. If any discrepancies in personal data are detected, the personal data Subject can update them independently by sending a notification to the Operator’s email address email@example.com marked “Updating personal data”.
The user agrees to the provisions of this Policy for the protection and processing of personal data by checking the box “I consent to the processing of personal data”, at any stage of registration and (or) at any time when using the site.
Using the site in any form means that the user unconditionally agrees to the terms of this Policy and the terms of processing of their personal information specified in it. In case of disagreement with the terms of the Policy, the user must refrain from using it.
3.3. Personal data of users is stored exclusively on electronic media and processed using automated systems, except in cases when non-automated processing of personal data is necessary in connection with the implementation of legal requirements.
3.4 Only the Operator’s employees, whose job responsibilities include processing personal data, are allowed to process personal data.
3.5. The processing of personal data is carried out by:
- receiving personal data in oral and written form directly with the agreement of the personal data subject to the processing of his / her personal data;
- receiving personal data from publically available sources;
3.6. Users are not allowed to provide personal data of third parties without permission from third parties for such distribution, or if such personal data of third parties was not obtained by the User from publicly available sources of information.
It is not allowed to disclose or distribute personal data to third parties without the permission of the personal data subject, unless otherwise is provided by Federal law.
3.7. Transfer of personal data to bodies of inquiry and investigation, to the Federal tax service, Pension Fund, Social Insurance Fund and other authorized executive authorities and organizations is performed in accordance with the requirements of the legislation of the Russian Federation.
3.8. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including
- identifies threats to the security of personal data during their processing;
- appoints persons responsible for ensuring the security of personal data in the Operator’s structural divisions and information systems;
- creates the necessary conditions for working with personal data;
- organizes registration of documents containing personal data;
- organizes work with information systems that process personal data;
- stores personal data in conditions that ensure their safety and prevent unauthorized access to them.
3.9. The Operator stores personal data in a form that allows determining the subject of personal data for no longer than the purposes of personal data processing require, unless the term for storing personal data is established by Federal law or contract. The subject of personal data may at any time withdraw his agreement to the processing of personal data by sending a notification to the Operator via e-mail to the Operator’s e-mail address firstname.lastname@example.org marked “Withdrawal of agreement to the processing of personal data”.
3.10. When collecting personal data, the Operator shall record, systematize, accumulate, store, clarify (update, change).
3.11. Purposes of personal data processing:
3.11.1. Only personal data that meet the purposes of their processing are processed.
3.11.2. Processing of personal data by the Operator is carried out for the following purposes:
- conclusion of contracts and agreements with the site operator and their further execution,
- providing access to the functionality of the website
- informing the User by sending emails;
- providing the User with access to the services, information and / or materials contained on the website;
- realization of civil law relations;
- collecting and processing only the information about users that is necessary for the fulfillment of obligations by the operator, answering the question asked by the user when sending a message via the site, making an appointment for a consultation, as well as fulfilling obligations under the agreement.
3.12. Categories of personal data subjects.
Personal data of the following subjects of personal data are processed:
3.13. Personal data processed by the Operator:
– Last name, first name;
– Email address;
– Also on the website, there is a collection and processing of depersonalized data about users (including cookies) using Internet statistics services (Yandex.Metrica and Google Analytics, and others).
3.14. Personal data storage.
3.14.1. Personal data of subjects can be received, processed and stored in electronic form.
3.14.2. Personal data recorded on paper are stored in locked lockers or in locked rooms with restricted access rights.
3.14.3. Personal data of subjects that are processed using automation tools for different purposes are stored in different folders.
3.14.4. It is not allowed to store and place documents containing Personal data in open electronic catalogues (file sharing sites).
3.14.5. Personal data is stored in a form that allows you to identify the subject of personal data for no longer than the purposes of their processing require, and they are to be destroyed when the processing goals are achieved or if there is no need to achieve them.
3.15. The destruction of the personal data.
3.15.1. Personal data on electronic carriers are destroyed by erasing or formatting the carrier.
- Protection of personal data
4.1. The main Personal data protection measures used by the Operator are:
4.1.1. Appointment of the person responsible for Personal data processing, who organizes the processing of personal data.
4.1.2. Identification of current threats to the security of Personal data when processing them.
4.1.3. Setting individual passwords for accessing the information system.
4.1.4. Fulfillment of the conditions that ensure the safety of Personal data and exclude unauthorized access to them.
4.1.5. Detection of unauthorized access to personal data and taking measures
- Basic rights of the subject of PD and obligations of the Operator
5.1. Basic rights of the subject of PD.
The subject has the right to access his personal data and the following information:
– verification of PD processing by the Operator;
– legislative bases and purposes of PD processing;
– goals and methods of PD processing used by the Operator;
– period of processing of personal data, including the period of their storage;
– procedure of the implementation by a subject of PD of the rights provided by this Federal law;
– name or surname, first name, patronymic and address of the person who assigned by the operator to process the PD, if the processing is or will be entrusted to such a person;
– contacting the Operator and sending them requests.
5.2. Operator’s Responsibilities.
The operator must:
– when collecting PD, provide information about PD processing;
– if the Personal data was not received from the subject of the personal data, inform the subject;
– publish a policy on PD protection;
– take the necessary legal, organizational and technical measures or ensure that they are taken to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;
– provide answers to questions and requests of subjects of PD, their representatives and the authorized body for the protection of the rights of subjects of PD.