1. General Provisions
1.1 This Policy of the Individual Entrepreneur Vladislav Vitalievich Cherevatoy TIN 940400451150 OGRNIP 323940100208325 Legal address: 141031 Russian Federation, Moscow region, o. o. Mytishchi (in relation to the processing of personal data (hereinafter - the Policy) is developed in fulfillment of the requirements of par. 2 ч. 1 part 1 of Article 18.1 of the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter - the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrecy.
1.2 The Policy applies to all personal data processed by the Individual Entrepreneur Vladislav Vitalievich Cherevatyi, TIN 940400451150 OGRNIP 323940100208325 Legal address: 141031 Russian Federation, Moscow region, o. Mytishchi, e-mail: info@vladcherevatyi.comincluding, but not limited to, through the website https://vladcherevatyi.com/
1.3 The Policy applies to the relations in the field of personal data processing, which have arisen for the Operator both before and after the approval of this Policy.
1.4 Pursuant to the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in free access in the information and telecommunication network Internet on the Operator's website.
2. Terms and accepted abbreviations
Personal data - any information relating to a directly or indirectly identified or identifiable natural person (personal data subject).
Personal data authorized by the subject of personal data for dissemination - is personal data to which access to an unlimited number of persons is granted by the personal data subject by giving consent to the processing of personal data authorized by the personal data subject for dissemination.
Personal data operator (operator) - a state authority, municipal authority, legal or natural person, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
Processing of personal data - any action (operation) or set of actions
(operations) with personal data, performed with or without the use of means of automation. Processing of personal data includes, but is not limited to:
- collection;
- entry;
- systematization;
- accumulation;
- storage;
- clarification (update, change);
- extraction;
- Utilization;
- transfer (provision, access);
- dissemination;
- depersonalization;
- blocking;
- deletion;
- annihilation.
Automated processing of personal data - processing of personal data with the help of computing equipment.
Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
Blocking of personal data - temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data).
Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Personal data depersonalization - actions that make it impossible to determine, without the use of additional information, the belonging of the personal data to the following persons
personal data to a particular subject of personal data.
Personal data information system - a set of personal data contained in databases and ensuring their processing, information technologies and technical means.
Cross-border transfer of personal data - transfer of personal data to the territory of a foreign country to a foreign government authority, a foreign natural person or a foreign legal entity.
3. Procedure and conditions for processing and storage of personal data
3.1 Processing of personal data shall be carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
3.2 Processing of personal data shall be carried out with the consent of personal data subjects to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
3.3 The consent to the processing of personal data authorized by the personal data subject for dissemination shall be executed separately from other consents of the personal data subject to the processing of his/her personal data.
3.4 Consent to the processing of personal data authorized by the personal data subject for dissemination may be granted to the operator:
- directly;
- using the information system of the authorized body for the protection of the rights of personal data subjects.
3.5 The Operator performs both automated and non-automated processing of personal data.
3.6 The Operator's employees whose job description includes personal data processing are allowed to process personal data.
3.7 The processing of personal data shall be carried out by:
- receiving personal data orally and in writing directly with the consent of the personal data subject to the processing or dissemination of his/her personal data;
- entering personal data into the Operator's journals, registers and information systems;
- using other methods of personal data processing.
3.8 It is not allowed to disclose to third parties and disseminate personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.
3.9 The transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive authorities and organizations shall be carried out in accordance with the requirements of the legislation of the Russian Federation.
3.10. The Operator shall take necessary legal, organizational and technical measures to protect personal data from illegal or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
- determines the security threats to personal data during its processing;
- adopts local normative acts and other documents regulating relations in the field of personal data processing and protection;
- appoints persons responsible for ensuring personal data security in the structural subdivisions and information systems of the Operator;
- creates the necessary conditions for working with personal data;
- organizes accounting of documents containing personal data;
- organizes work with information systems where personal data are processed;
- stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
- organizes training of the Operator's employees processing personal data.
3.11. The Operator shall store personal data in a form that allows to identify the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, contract or agreement.
3.12. When collecting personal data, including through the information and telecommunication network Internet, the Operator shall ensure recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation, except for cases specified in the Law on Personal Data.
3.13. Types of data and purposes of personal data processing:
3.13.1 Types of PD processed by the Operator:
- NAME
- phone number
- e-mail address
- social media links
- residential address
3.13.2 Only personal data that meet the purposes of their processing shall be processed. The Operator shall process personal data for the following purposes:
- ensuring compliance with the Constitution, federal laws and other regulatory legal acts of the Russian Federation;
- realization of its activities;
- realization of civil law relations;
- bookkeeping;
- notifying the data subject of changes and additions to the services provided under the contract with him/her,
- Receiving feedback, reviews and recommendations from the Subject,
- Conducting surveys for effective communication with current and potential customers of the Operator.
3.14. Categories of personal data subjects.
The following PDs of the following PD subjects are processed:
- natural persons having civil legal relations with the Operator.
3.15. PD processed by the Operator:
- data obtained in the exercise of civil law relations.
3.16. Storage of PDs.
3.16.1. Subjects' PII may be received, further processed and transferred for storage both on paper and in electronic form.
3.16.2. PDs recorded on paper shall be stored in locked cabinets or in locked rooms with limited access rights.
3.16.3. PD of subjects processed using automation tools for different purposes shall be stored in different folders.
3.16.4 It is not allowed to store and place documents containing PD in open electronic catalogs (file-sharing sites) in the ISPD.
3.16.5 The storage of Personal Data in a form that allows identifying the subject of Personal Data shall be carried out for no longer than required by the purposes of their processing, and they shall be subject to destruction upon achievement of the purposes of processing or in case of loss of necessity in their achievement.
3.17. Destruction of PDs.
3.17.1 Destruction of documents (media) containing PD shall be carried out by burning, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.
3.17.2. PDs on electronic media shall be destroyed by erasing or formatting the media.
3.17.3 The fact of destroying the data shall be documented by a media destruction act.
4. Protection of personal data
4.1 In accordance with the requirements of regulatory documents, the Operator has established a personal data protection system (PDPS) consisting of legal, organizational and technical protection subsystems.
4.2 The legal protection subsystem is a complex of legal, organizational and
administrative and regulatory documents that ensure the establishment, operation and improvement of the NWPA.
4.3 The organizational protection subsystem includes the organization of the NWPA management structure, permitting system, information protection when working with employees, partners and third parties.
4.4 The technical protection subsystem includes a complex of technical, software,
software and hardware that ensure protection of personal data.
4.4 The main measures of PD protection used by the Operator are:
4.5.1 Appointment of a person responsible for processing of personal data, who is responsible for organization of personal data processing, training and instruction, internal control over compliance of the institution and its employees with the requirements for personal data protection.
4.5.2 Identify current threats to the security of PD when processed in the ISDS and develop measures and activities to protect PD.
4.5.3 Developing a policy on personal data processing.
4.5.4 Establishing rules for access to the data processed in the ISDS, as well as ensuring registration and record keeping of all actions performed with the data in the ISDS.
4.5.5 Establishing individual passwords for employees' access to the information system in accordance with their work responsibilities.
4.5.6 The use of information protection means that have passed the conformity assessment procedure in accordance with the established procedure.
4.5.7 Certified anti-virus software with regularly updated databases.
4.5.8. Observance of conditions ensuring the security of personal data and excluding unauthorized access to them.
4.5.9 Detecting facts of unauthorized access to personal data and taking measures.
4.5.10. Restoration of PDs modified or destroyed due to unauthorized access to them.
4.5.11. Training of the Operator's employees directly involved in personal data processing, the provisions of the Russian legislation on personal data, including requirements to personal data protection, documents defining the Operator's policy on personal data processing, local acts on personal data processing.
4.5.12. Implementation of internal control and audit.
5. Basic rights of the subject of PD and obligations of the Operator
5.1 Basic rights of the subject of PD.
The subject has the right to access his/her personal data and the following information:
- confirmation of the fact of processing of PD by the Operator;
- legal grounds and purposes of processing of personal data;
- the purposes and methods of processing of personal data applied by the Operator;
- name and location of the Operator, information about persons (except for the Operator's employees) who have access to the data or to whom the data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- terms of personal data processing, including the terms of their storage;
- the procedure for exercising the rights provided for by this Federal Law;
- name or surname, first name, patronymic and address of the person processing the Personal Data on behalf of the Operator, if the processing has been or will be assigned to such a person;
- contacting the Operator and sending requests to the Operator;
- appeal against actions or inaction of the Operator.
5.2 Operator's Duties. The Operator shall:
- provide information on the processing of PD when collecting PD;
- in cases where the PD was not received from the PD subject, notify the subject;
- in case of refusal to provide PD, the subject is explained the consequences of such refusal;
- publish or otherwise provide unrestricted access to the document defining its policy with regard to processing of personal data, to the information on the implemented requirements to the protection of personal data;
- take the necessary legal, organizational and technical measures or ensure that they are taken to protect Personal Data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other unlawful actions in relation to Personal Data;
- provide answers to inquiries and appeals of the subjects of PD, their representatives and the authorized body for protection of the rights of the subjects of PD.
6. Updating, correction, deletion and destruction of personal data, responses to requests of subjects for access to personal data
6. Updating, correction, deletion and destruction of personal data, responding to the subjects' requests for access to personal data
6.1 Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in p. 6.1.
7, Article 14, Article 7 of the Law on Personal Data, are provided by the Operator to the personal data subject or his/her representative upon application or upon receipt of the request of the personal data subject or his/her representative.
The information provided shall not include personal data relating to other personal data subjects, unless there are legitimate grounds for disclosure of such personal data.
The request must contain:
- number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the said document and the issuing authority;
- information confirming the personal data subject's participation in relations with the Operator (contract number, date of contract conclusion, conventional word designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
- signature of the personal data subject or his/her representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the appeal (request) of the personal data subject does not reflect all necessary information in accordance with the requirements of the Law on personal data or the subject does not have the right of access to the requested information, a reasoned refusal shall be sent to him.
The right of the personal data subject to access his/her personal data may be restricted in accordance with part 8 of Article 14 of the Law on Personal Data, including if the access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.
6.2 In case inaccurate personal data is revealed upon application of a personal data subject or his/her representative or at their request or at the request of Roskomnadzor, the Operator shall block personal data related to this personal data subject from the moment of such application or receipt of the said request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
6.3 In case of detection of unlawful processing of personal data upon application (request) of a personal data subject or his/her representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data related to this personal data subject from the moment of such application or request.
6.4 Upon achievement of the purposes of personal data processing, as well as in the event of withdrawal of consent to personal data processing by the personal data subject, the personal data shall be destroyed if:
- otherwise is not provided for in the contract to which the personal data subject is a party, beneficiary or guarantor;
- the operator may not carry out processing without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
- otherwise not provided for by another agreement between the Operator and the subject of personal data.
7. Operator's requisites:
Individual entrepreneur Vladislav Vitalievich Cherevatyi
TIN 940400451150
OGRNIP 323940100208325
Address: 141031 Russian Federation, Moscow region, Mytishchi, Moscow, Russia, d.o. Mytishchi
E-mail: info@vladcherevatyi.com
