regarding the processing of personal data
1. General Provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the "Policy") has been prepared in accordance with cl. 2 p. 18.1 Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 (hereinafter referred to as the "Law") and defines the position of the IP Zavyalov Dmitry Evgenievich (OGRNIP: 314746009100034, address of registration: Russia, 454047, G. CHELYABINSK, 60 (Hereinafter referred to as "the Company") in the field of processing and protection of personal data (hereinafter referred to as the "Data"), the rights of the rights and freedoms of each person and, in particular, rights to privacy, personal and family secrets.
2. Application area
2.1. This Policy on Data received both before and after the implementation of this Policy.
2.2. Providing reliable data protection, as well as concern for the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company provides reliable data protection.
3.1. Data is understood as any information related to a direct or indirectly defined or determined individual (citizen), i.e. to such information, in particular, include: name, e-mail, phone number
3.2. Data processing is understood as any action (operation) or set of actions (operations) with Data, performed with the use of automation facilities and / or without using such means. Such actions include collecting, recording, systemizing, accumulating, storing, updating (updating, changing), extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying Data.
3.3. Data security means data security from unauthorized and / or unauthorized access to, destruction, modification, blocking, copying, provisioning of Data, as well as from other illegal actions with respect to Data.
4. Legal basis and purpose of data processing
4.1. The processing and provision of data security in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other defining cases and processing peculiarities of documents.
4.2. Data Subjects processed by the Company are:
customers - consumers, incl. http://www.stellar-wisdom.com/, http://www.stellar-wisdom.com/, with the delivery of the goods to the client, the recipients of the services;
4.3. The Company carries out processing of Data of subjects for the following purposes:
The Office of the Supreme Council of the Russian Federation for Human Rights, the Federal Constitutional Administration of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, the Federal Code of the Russian Federation, Federal Law No. 27-FZ of April 1, 1996 "On Individual (Personalized) Accounting in the System of Obligation Pension Law ", Federal Law No. 152-FZ of July 27, 2006" On Personal Data ", Federal Law No. 53-FZ of March 28, 1998" On Military Service and Military Service, "Federal Law of February 26, 1997 № 31-FZ "Mobilization preparation and mobilization in the Russian Federation", Federal Law of 8.02.1998 No. 14-FZ "On Limited Liability Companies", Federal Bank of 07.02.1992 No. 2300-1 "On Protection of Rights consumers ", the Federal Law of November 21, 1996 No. 129-FZ" On Accounting ", Federal Law of 29.11.2010, No. 326-FZ" On the obligation th Medical Insurance in the Russian Federation "Clients - Consumers with a view to:
1 provision of information on goods / services, passing shares and special offers;
2 analysis of the quality of the provided Service and improving the quality of customer service;
3 informing about the status of the order;
5. Principles and conditions of data processing
and legitimate purposes; processed Data are subject to destruction or depersonalization upon achievement of treatment objectives or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
5.2. The Company may include the Data of the entities in the publicly available Data sources, while the Company takes the written consent of the subject to process its Data, or by expressing consent through the form of the site (checkbox) by clicking on which the subject of personal data agrees.
5.3. The Company does not process Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person on the basis of which it is possible to establish his identity and which are used by the operator to identify the subject Data) are not processed in the Company.
5.5. The Company does not perform cross-border data transfer.
5.6. In cases stipulated by the legislation of the Russian Federation, the Company is entitled to transfer Data to third parties (the Federal Tax Service, the State Pension Fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The Company has the right to entrust processing Data Data Subjects to third parties with the consent of the Data subject on the basis of a contract concluded with these persons, including with the consent of the user agreement and the policy of processing personal data posted on the site.
5.8. Persons processing data on the basis of a contract concluded with the Company (operator's instructions), undertake to comply with the principles and rules for data processing and protection provided for by the Law. For each third person, the contract specifies a list of actions (operations) with Data that will be performed by the third person performing the Data processing, processing purposes, establishes the duty of such person to maintain confidentiality and ensure the data security during processing, specifies the requirements for protection of the Data being processed in accordance with the Law.
5.9. In order to comply with the requirements of the current legislation of the Russian Federation and its contractual obligations, Data processing in the Company is carried out with or without the use of automation. The set of processing operations includes collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.
5.10. The Company prohibits the adoption on the basis of an exclusively automated processing of the Data of the decisions generating legal consequences with respect to the Data subject or otherwise affecting his rights and legitimate interests, with the exception of cases provided for by the legislation of the Russian Federation.
6. Rights and obligations of data subjects, as well as the Company in terms of data processing
6.1. The entity whose data is processed by the Company has the right:
- receive from the Company: confirmation of the fact of processing the Data and information on the availability of Data relating to the relevant data subject;
information on the legal grounds and purposes of processing the Data;
information on the methods used by the Company to process the Data;
information on the name and location of the Company;
information on persons (with the exception of Company employees) who have access to the Data or who may be disclosed Data on the basis of an agreement with the Company or on the basis of a federal law;
list of data processed relating to the data subject and information on the source of their receipt, unless another procedure for providing such Data is provided for by federal law;
information on the processing time of Data, including the time of their storage;
information on the procedure for the subject of the Data to exercise the rights provided for in the Law;
name (name and surname) and address of the person carrying out data processing on behalf of the Company;
other information provided for by the Law or other regulatory legal acts of the Russian Federation;
- to demand from the Company:
Confirming its data, blocking or destroying it in case the Data
are incomplete, outdated, inaccurate, illegally obtained or not
necessary for the stated purpose of the treatment;
to withdraw their consent to the processing of Data at any time; to demand the elimination of illegal actions of the Company with respect to its Data;
appeal against the actions or inaction of the Company to the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court if the data subject believes that the Company is processing his Data in violation of the requirements of the Law or otherwise violates his rights and freedom;
- to protect their rights and legitimate interests, including compensation for damages and / or compensation for moral harm in the courts.
6.2. The Company is obliged in the course of data processing:
to provide to the data subject, upon his request, information regarding the processing of his PDD, or on legal grounds to refuse within thirty days from the date of receipt of the request of the data subject or his representative; explain to the data subject the legal consequences of the refusal to provide the Data if the Data is mandatory in accordance with the federal law; before the processing of the Data (if Data is received from a data subject), provide the data subject with the following information, except as provided for in subsection 18 (4) of the Law:
1) the name or surname, name, patronymic and address of the Company or its representative;
2) the purpose of data processing and its legal basis;
3) prospective users of the Data;
4) the rights of data subjects established by law;
5) the source of the Data.
take the necessary legal, organizational and technical measures or ensure their adoption to protect Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions with respect to Data;
publish on the Internet and provide unlimited access using the network
The Internet to the document that defines its policy regarding the processing of Data, to information about the current requirements for data protection;
to provide the data subjects and / or their representatives with the free of charge the opportunity to get acquainted with the Data when handling the relevant request within 30 days from the date of receipt of such request;
to block the illegally processed Data related to the Data subject, or to ensure their blocking (if the Data processing is performed by another person acting on behalf of the Company) from the time of application or receipt of the request for the verification period, in case of unlawful processing of data by the data subject or his representative or, upon request, to the data subject or his representative or authorized body for protection of the rights of subjects of personal data;
clarify the Data or ensure their clarification (if the Data processing is performed by another person acting on behalf of the Company) within 7 working days from the date of submission of information and to remove the data blocking in case of confirmation of the fact of inaccuracy of Data on the basis of information submitted by the Data subject or his representative;
terminate the inappropriate processing of Data or ensure that the Data is not illegally processed by a person acting on behalf of the Company in the event that undocumented data processing is performed by the Company or a person acting on the basis of an agreement with the Company within a period not exceeding 3 business days from the date of such disclosure;
terminate the processing of Data or ensure its termination (if data processing is performed by another person acting under the contract with the Company) and destroy the Data or ensure their destruction (if data processing is performed by another person acting under the contract with the Company) upon the achievement of the purpose of data processing, unless otherwise specified is not provided for by an agreement, the party of which, the beneficiary or guarantor is the subject of Data, in the event of the achievement of the purpose of processing the Data;
terminate the processing of Data or ensure its termination and destroy the Data or ensure their destruction in the event that the Data subject withdraws consent to process the Data if the Company is not entitled to process the Data without the consent of the Data subject;
To keep a register of records of requests of PDD subjects, in which the requests of Data subjects for receiving Data should be recorded, as well as the facts of providing Data for these requests.
7. Data Protection Requirements
7.1. In processing the Data, the Company shall take the necessary legal, organizational and technical measures to protect Data from unauthorized and / or unauthorized access to, data destruction, modification, blocking, copying, provision, dissemination, and other unlawful activities with respect to Data.
7.2. Such measures in accordance with the Law, in particular, include:
the designation of the person responsible for organizing the processing of Data and the person responsible for ensuring the security of the Data; development and approval of local acts on data processing and protection; application of legal, organizational and technical measures to ensure the security of Data:
· Identification of data security threats when processing them in personal data information systems;
· Application of organizational and technical measures to ensure data security when processing them in personal data information systems necessary to fulfill data protection requirements, the performance of which is ensured by the levels established by the Government of the Russian Federation
· Application of procedures that passed in the established procedure for assessing the compliance of information protection means;
· Evaluation of the effectiveness of the measures taken to ensure the security of Data before putting into operation the personal data information system;
· Registration of computer data carriers, if data storage is carried out on machine carriers;
· Detection of facts of unauthorized access to Data and taking measures to prevent similar incidents in the future;
· Data recovery, modified or destroyed due to unauthorized access to them;
· Establishment of rules for accessing Data processed in the personal data information system, as well as ensuring registration and recording of all actions performed with Data in the personal data information system.
control over the measures taken to ensure data security and the level of security of information systems of personal data; Assessment of harm that can be caused to data subjects in the event of violation
requirements of the Law, the ratio of this harm and measures taken by the Company,
aimed at ensuring the fulfillment of duties stipulated by the Law; compliance with conditions that preclude unauthorized access to material data carriers and ensure data integrity;
familiarization of the Company's employees who directly handle the Data processing with the provisions of the Russian Federation's Data legislation, including data protection requirements, local acts on data processing and protection, and training of Company employees.
8. Terms of data processing (storage)
8.1. Terms of data processing (storage) Data are determined on the basis of data processing purposes, in accordance with the term of the agreement with the data subject, the requirements of federal laws, the data operators' requirements for the data processing by the Company, the basic rules of the archives of organizations, the limitation period.
8.2. Data whose processing (storage) period has expired must be destroyed, unless otherwise stipulated by federal law. Data storage after the termination of their processing is allowed only after their depersonalization.
9. Procedure for obtaining clarifications on the processing of Data
9.1. Persons whose Data is processed by the Company may receive clarification on the processing of their Data by contacting the Company in person or by sending a written request to the Company's address: Russia, 454047, G. CHELYABINSK, 60 YEARS OF OCTOBER, 34, Apt. 77.
9.2. In case of sending an official request to the Company in the text of the request,
indicate: the name, first name, patronymic of the data subject or his representative;
number of the main document certifying the identity of the data subject or his representative, information on the date of issue of the said document and the issuing body;
information confirming the existence of relations with the Company in the data subject;
information for feedback in order to send the Company a response to the request;
The signature of the data subject (or its representative). If the request is sent in electronic form, then it must be issued in the form of an electronic document and signed by an electronic signature in accordance with the legislation of the Russian Federation.
10. Features of processing and protection of Data collected by the Company using
10.1. The company processes Data received from users of the Site from the resource:
http://www.stellar-wisdom.com/ (hereinafter jointly referred to as the Site), as well as incoming to the Company's phone: 8 950726 21 26, to the Company's e-mail address: firstname.lastname@example.org, via the Company's feedback form , located at: http://www.stellar-wisdom.com/.
10.2. Data collection
There are two main ways in which the Company receives Data using the Internet:
10.2.1. Providing Data
Providing Data (self-input data):
10.2.2. Data entities by entering the Company's telephone: 8 950 726 21 26, to the Company's e-mail address: email@example.com, through the Company's feedback form located at: http://www.stellar-wisdom.com/ .
10.3. Automatically collected information
The company can collect and process information that is not personal data:
information about the interests of users on the Site on the basis of the entered search requests of the users of the Site on the products being sold and offered for sale by the Company with the purpose of providing up-to-date information to the Company's customers when using the Site, as well as generalizing and analyzing information about which sections of the Site and goods are most in demand clients of the Company;
processing and storage of search requests of users of the Site for the purpose of generalization and creation of client statistics about the use of sections of the Site. The company automatically receives some types of information obtained during the interaction of users with the Site, e-mail correspondence, etc. It is a question of technology
обработка и хранение поисковых запросов пользователей Сайтbut for the purpose of generalizing and creating customer statistics on the use of sections of the Site. The company automatically receives some types of information obtained during the interaction of users with the Site, e-mail correspondence, etc. It is about technologies and services, such as web protocols, cookies, web markers, as well as applications and tools specified by the third side. At the same time, web markers, cookies and other monitoring technologies do not allow automatic data retrieval. If the User of the Site, at his own discretion, submits his Data, for example, when filling out the feedback form or sending an e-mail, then only the processes of automatic collection of detailed information for the convenience of using the websites and / or for improving interaction with users are launched.
10.4. Data usage
The Company shall have the right to use the Data provided in accordance with the stated purposes of their collection, subject to the consent of the Data subject, if such consent is required in accordance with the requirements of the Russian Federation legislation in the field of Data. Obtained data in a generalized and impersonal form can be used to better understand the needs of customers of goods and services implemented by the Company and improve the quality of service.
10.5. Data transfer
The Company may entrust the processing of Data to third parties only with the consent of the data subject. Also Data can be transferred to third parties in the following cases:
a) As a response to legitimate requests of authorized state bodies, in accordance with laws, court decisions, etc.
b) Data can not be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the data subject.
10.6. The site contains links to other web resources, where there may be useful and interesting information for the users of the Site. In this case, the effect of this Policy does not apply to such other sites. Users following links to other sites are advised to familiarize themselves with the policies on processing Data posted on such sites.
10.7. The User of the Site may at any time withdraw his consent to process the Data by sending a message by calling the Company's telephone number: 8 950 726 21 26, to the Company's e-mail address: firstname.lastname@example.org, via the Company's feedback form located at address: http://www.stellar-wisdom.com/, or by sending a written notice to the address of the Company: Russia, 454047, G. CHELYABINSK, 60 YEARS OF OCTOBER, 34, Apt. 77. After receiving such a message, processing of User Data will be terminated and its Data will be deleted, unless processing can be continued in accordance with the law. Final provisions This Policy is a local normative act of the Company. This Policy is public. The general availability of this Policy is provided by publication on the Company's Site. This Policy may be revised in any of the following cases: when the legislation of the Russian Federation is modified in the field of processing and protecting personal data; in cases of obtaining instructions from the competent state bodies to eliminate inconsistencies affecting the scope of the Policy; by decision of the Company's management; when changing the purposes and terms of data processing; when changing the organizational structure, the structure of information and / or telecommunications systems (or the introduction of new ones); when applying new technologies for data processing and protection (including transmission, storage); if there is a need to change the processing of Data related to the Company's activities. In the event of failure to comply with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Russian Federation. Control over the implementation of the requirements of this Policy is carried out by persons responsible for organizing the processing of Data of the Company, as well as for the security of personal data.