Personal Data Processing Policy
Personal Data Processing Confidentiality Policy STANDARTPLAST LLC
1. GENERAL PROVISIONS
Personal Data Processing Confidentiality Policy (hereinafter – Policy) of STANDARTPLAST LLC (hereinafter – Company) complies with _
The present Personal Data Processing Confidentiality Policy is an official document of the Website Administration and defines the procedure of processing the personal data of private individuals and legal entities.
The purpose of the Policy is to ensure the proper protection of the information about the User, including his/her personal data, against unauthorized access and disclosure.
Relations connected with collecting, storing, disseminating and protection of the information about the users are regulated by the present Policy and by the current legislation of the Russian Federation.
Basic terms used in the Policy:
1) Automated personal data processing – personal data processing by means of computer technology;
2) Personal data blocking – temporary stoppage of personal data processing (except for the situations when processing is required for personal data specification);
3) Personal data information system – a set of personal data and technical means of its processing contained in a database;
4) Personal data anonymization – actions that make it impossible to identify the owner of the personal data without using additional information;
5) Personal data processing – any action (operation) or a series of steps (operations) performed with the help of automated means or without it on personal data, including the collection, recording, systematization, storage, clarification (renewal, change), withdrawal, usage, transmission (dissemination, delivery, access to), anonymization, blocking, removal, destruction of personal data;
6) Operator – a public authority, a municipal authority, a private individual or a legal entity, which independently or together with other persons organizes and (or) performs personal data processing, and defines the purposes of personal data processing, the scope of personal data subject to processing, and the operations performed on personal data;
7) Personal data – any information directly or indirectly related to a certain individual or an individual being defined (personal data subject);
8) Personal data provision – actions aimed at personal data disclosure to a certain person or group of individuals;
9) Personal data dissemination – actions aimed at personal data disclosure to general public (personal data transfers), or at the familiarization of general public with personal data including personal data publication in mass media or telecommunication networks, or granting access to personal data by any other means;
10) Trans-border transfer of personal data – personal data transfer to the territory of a foreign state to a foreign public agency, a foreign individual, or a foreign legal entity;
11) Destruction of personal data – actions making it impossible to restore the contents of personal data in a personal data information system and (or) destroying the physical storage of personal data.
2. PERSONAL DATA PROCESSING PRINCIPLES AND CONDITIONS
2.1. Personal data processing principles
The Operator processes personal data according to article 5 of the Federal Law “On personal data” based on the following principles:
· Legality and equitable basis;
· Limitation of personal data processing by the achievement of particular, preliminary defined legal purposes;
· Prohibition of personal data processing incompatible with the purposes of personal data collecting;
· Prohibition of the unification of databases containing personal data processed for the purposes contradicting each other;
· Processing of only that data which complies with the purposes of processing;
· Compliance of the contents and the volume of the processed personal data with the declared purposes of processing;
· Prohibition of processing of personal data excessing the purposes of processing;
· Assurance of accuracy, sufficiency and relevance of personal data in respect of the purposes of processing;
· Destruction or anonymization of personal data upon achieving the purposes of processing, or if there’s no further need for these purposes, in case if the Operator is unable to correct the violation of personal data unless otherwise provided by the federal law.
2.2. Personal data processing conditions
The Operator processes personal data if at least one of the following conditions is met:
· The personal data subject gives his/her consent to personal data processing;
· Personal data processing is necessary for getting access to the private section of the website (access to online courses); to the analytical data describing the activity of the individual on the website and the functioning of the website; to the updates emailing in online courses
2.3. Personal data confidentiality
The Operator or other individuals with access to personal data is obliged not to disclose or disseminate personal data to third persons without the personal data subject’s consent unless otherwise provided by the federal law.
2.4. Public sources of personal data
For the purpose of information management, the Operator can create public sources of personal data of the subjects of personal data including reference books and address books. Upon the written consent of the personal data subject, the public sources can contain his/her last name, first name, patronymic name, date and place of birth, occupation, phone numbers, email address and other personal data provided by the personal data subject.
The information about the subject must be withdrawn from public sources upon the subject’s request or the court order, or upon the decision of authorized government bodies at any moment.
2.5. Special categories of personal data
The Operator doesn’t process special categories of personal data related to ethnicity or nationality, political views, religious or philosophical views, health or intimate life.
2.6. Authorizing a third party to process personal data
The Operator has the right to authorize a third party to process the subject’s personal data upon the consent of the subject unless otherwise provided by the federal law, based on the contract with this third party. The entity, authorized by the Operator to process personal data, is obliged to obey the principles and rules of personal data processing provided by the Federal Law “On personal data”.
2.7. Trans-border transfer of personal data
In case if it is necessary to transfer personal data, the Operator must make sure that the foreign state the data is supposed to be transferred to ensures the protection of rights of personal data subjects before the transfer is performed.
Trans-border transfer of personal data to foreign states which fail to ensure appropriate personal data protection, is possible in the following cases:
· Written consent of the personal data subject to trans-border transfer of his/her personal data;
· Implementation of an agreement the personal data subject is the party to
2.8. Personal data disclosure to government bodies or local authorities
The disclosure of personal data upon the request of government bodies or local authorities is regulated by the legislation of the Russian Federation.
2.9. Personal data storage and usage
The users’ personal data is stored only electronically and processed by means of automated systems except for the cases when manual processing of personal data is required by the legislation.
Personal data collected by the Operator allow sending notification about new services, special offers and various events to the Customers. They also help the Company to improve the quality of its services, the content and the communications.
The Company can also use personal data for sending important notices containing the information about the changes in our rules, conditions, and policies, and confirming orders placed by the Customers and their purchases. Since this information is essential for relations with the Company, the Customer has no right to opt out of such notifications.
The Company has the right to use personal data for internal purposes such as: auditing, data analysis and rese arch aimed at the improvement of products and services of the Company, and communication with the Customers.
Personal data processing and storage take no longer than it is required by the purposes of data processing if there are no legal grounds for further processing, e.g. if the Federal Law or an agreement doesn’t specify particular storage time. The processed personal data is subject to destruction or anonymization under the following circumstances:
· The purpose of personal data processing has been achieved or the maximum storage time has expired – within 30 days;
· There’s no further need for personal data processing purposes – within 30 days;
· The personal data subject or his/her legal representative proves that personal data has been collected illegally and is not required for the declared purpose achievement – within 7 days;
· It is impossible to ensure the legitimacy of personal data processing – within 10 days;
· The expiration of the limitation period for the relations within which personal data processing has been or is being performed.
· The withdrawal of the personal data subject’s consent to personal data processing if personal data keeping is not necessary for further personal data processing – within 30 days;
· The withdrawal of the personal data subject’s consent to personal data usage for contacting would-be customers for the promotion of goods and services – within 2 days;
· Dissolution (restructuring) of the Company
3. PERSONAL DATA SUBJECT
3.1. Persona data subject’s consent to personal data processing
Personal data subject makes decision on the provision of his/her personal data and gives consent to its processing freely, willingly, and for his/her benefit. Consent to personal data processing can be given by the personal data subject or his/her legal representative in any confirmable form unless otherwise provided by the Federal Law.
3.2. Rights of the personal data subject
The personal data subject has the right to get information about his/her personal data processing from the Operator unless this right is restricted by federal legislation. The personal data subject has the right to demand the clarification, blocking or destruction of his/her personal data from the Operator if the data is incomplete, outdated, inaccurate, illegally collected, or is not necessary for the declared purpose of data processing, and to enforce his/her rights by other legal means.
Personal data processing for the purpose of the promotion of goods, works, and services by means of direct contacts with would-be customers via communication technologies, as well as for the purpose of political solicitation, is allowed only upon the preliminary consent of the personal data subject. Such processing of personal data is considered to be performed without a consent of the personal data subject if the Operator fails to prove that the consent has been given.
The Operator must immediately stop processing the subject’s personal data upon the receipt of his/her request for the above mentioned purposes.
It is prohibited to, based on automated personal data processing only, make decisions having legal implications in respect of the personal data subject or in any other way affecting his/her rights and legal interests, except for the cases specified by federal laws, or given the written consent of the personal data subject.
If the personal data subject believes that the Operator processes his/her personal data in violation of the requirements of the Federal Law 152, or infringes his/her rights and freedoms in any other way, the personal data subject has the right to appeal against the actions or inactions of the Operator to a privacy authority or to a court.
The personal data subject has the right to protect his/her rights and legal interests, including compensation of losses and (or) compensation for moral harm, through judicial procedures.
4. PERSONAL DATA SECURITY
The Operator processes personal data by means of legal, organizational and technical measures necessary for the implementation of the requirements of federal legislation in the field of personal data security.
5. THE COLLECTION AND STORAGE OF INFORMATION WHICH IS NOT PERSONAL DATA
The Company can also collect information which is not personal data and is not identified with any particular individual. The Company can collect, use, transfer and disclose information which is not personal, for any purposes. The following are the examples of information which is not personal and can be collected by the Company, and the ways it can be used: information about the user behavior on the website when using other products and services. Such information is collected and used for helping the Company to give more useful information to the customers, and for the understanding which elements of the website, as well as products and services, are the most interesting for customers. For the purposes of this Policy, this type of information is considered to be not personal.
If the Company combines information which is not personal with personal data, such cumulative data is considered as personal as long as it is combined.
6. USERS’ CLAIMS
The Policy and relations between the User and the Operator are regulated by the current legislation of the Russian Federation.
The Users have the right to submit their requests to the Operator, including those related to their personal data usage, and withdraw their consent to personal data processing in writing by sending requests to the address specified in the General Provisions section of this Policy, or electronically, confirmed by an authorized electronic signature in compliance with the Russian legislation, and submitted via the feedback form on the website.
A request, submitted by the User, should comply with the Rules of appealing to technical support, and contain:
· The number of an identity document of the user or his/her legal representative;
· The identity document’s issuance date and issuing authority;
· The signature of the User or the legal representative;
· Contact phone number;
The Operator is obliged to consider the request and send the reply within 30 days from the moment of receipt of the application.
7. FINAL PROVISIONS
In all other respects which are not covered by this Policy, the Company follows the rules and provisions of _
The visitor of the Company’s website, providing his/her personal data, thereby agrees with the provisions of this Policy.
The Company reserves the right to amend the Policy at any time at its own discretion for the purpose of further improvement of the system of protection against unauthorized access to the personal data provided by the Users, without the Users’ consent. When the Company makes significant changes to the Policy, it publishes the notification on the website containing the renewed version of the Policy.
The effect of the Policy doesn’t cover the actions of other websites and third parties.
Other rights and responsibilities of the Operator as the personal data operator are regulated by the legislation of the Russian Federation in the field of personal data.
The personal data subject has the right to demand the withdrawal of his/her personal information from public sources (reference books). The Company must immediately withdraw the data from the reference book since the date of the receipt of the request.
The personal data subject has the right to at any time change (update, amend) personal data provided by him/her or its part via submitting a request to the Company.
The personal data subject has the right to protect his/her rights and legal interests, including the compensation of losses and (or) compensation for moral harm, through judicial procedures.
The responsibility for the implementation of this Policy is laid on the Operator - STANDARTPLAST LLC
The internal control over the observance of the Russian legislation and local laws in the field of personal data, including the requirements to personal data protection, by the structural divisions of the Company, is carried out by Ilya Vanjushin.
8. CONTACT INFORMATION
The visitors of the website, whose personal data is being processed by the Operator, can apply to the Operator STANDARTPLAST LLC firstname.lastname@example.org if they have any questions or want to exercise their rights.