"Personal Data Policy"
- General Provisions
1.1. This Regulation has been developed in accordance with the Federal Law "On Personal Data" and other regulatory acts of the Russian Federation.
1.2. This Regulation establishes the procedure for processing personal data of personal data subjects in the interaction of the latter with PT PT GROUP Limited Liability Company (TIN 7721772937, BIN 1127747070505, 109428, Moscow, Ryazansky Avenue, 8A, p. 45, floor 5, pom VII, room No. 17, hereinafter referred to as the “Operator”).
1.3. The purpose of the Regulation is to ensure the protection of the rights and freedoms of a person and citizen in the processing of his personal data.
1.4. Principles of personal data processing:
- the processing of personal data is carried out in a lawful and fair manner;
- the processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. It is not allowed to process personal data incompatible with the purposes of collecting personal data;
- it is not allowed to merge databases containing personal data that are processed for purposes that are incompatible with each other;
- only personal data are processed that meets the purposes of their processing;
- the content and volume of processed personal data must comply with the stated processing objectives. The processed personal data should not be redundant in relation to the stated purposes of their processing;
- in the processing of personal data, the accuracy of personal data must be ensured, its sufficiency and, if necessary, its relevance in relation to the purposes of processing personal data. The operator must take the necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data;
- the storage of personal data should be carried out in a form that allows determining the subject of personal data no longer than the purpose of processing personal data requires, unless the period for storing personal data is established by federal law, contract, to which party the beneficiary or guarantor is personal data subject . The personal data to be processed shall be destroyed or depersonalized upon the achievement of the processing objectives or in case of the loss of the need to achieve these objectives, unless otherwise provided by federal law.
- Basic concepts
2.1. The Regulations use the following basic concepts:
- personal data - any information relating to a directly or indirectly determined or determined individual (subject of personal data);
- an operator is a legal entity who, independently or jointly with other persons, organizes and (or) performs the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
- personal data processing - any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- automated processing of personal data - processing of personal data using computer technology;
- distribution of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
- provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons;
- blocking of personal data - temporary termination of the processing of personal data (unless it is necessary to process personal data);
- the destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed;
- de-identification of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the identity of personal data to a specific subject of personal data;
- Purposes of personal data processing
3.1. The processing of personal data is carried out by the Operator in order to conclude and execute contracts with personal data subjects.
- Volume of personal data processed
4.1. The personal data processed by the Operator is divided into 2 types:
- A) technical;
- B) initiated.
4.2. Technical personal data refers to personal data transmitted automatically by the electronic equipment of the subject of personal data. The composition of the transmitted technical personal data depends on the settings of the electronic equipment of the personal data subject and may include ip-address, GPS data, cookies, type and model of electronic equipment, software version, history of page views and other data.
4.3. Under the initiated personal data refers to personal data transmitted by the subject of personal data by performing actions aimed directly at such a transfer. The composition of the transmitted initiated personal data depends on the will of the subject and may include the full name, contact information, the company in whose interests the subject acts and other data.
- Ways of obtaining personal data and expressing consent of the subject of personal data
5.1. The Operator receives technical personal data when the subject visits personal data of the Operator's sites on the Internet.
5.2. The initiated personal data may be transferred by the subject of personal data to the Operator in any possible legal way, including but not limited to: via the Internet network, by telephone, orally or in writing.
5.3. By providing the Operator with their personal data (committed actions), the subject of personal data gives its consent to the processing of his personal data by the Operator for the purposes specified in clause 3.1. of this Regulation.
- Period of storage of personal data
6.1. Personal data are processed and stored by the Operator until the withdrawal of consent to the processing of personal data by the subject of personal data.
6.2. The withdrawal of consent to the processing of personal data must be expressed in writing and signed by the subject of personal data or his representative.
- Provision of personal data
7.1. To collect statistics and maintain the stability of the sites, the Operator transfers the technical personal data of Google entities. Google’s data processing policies are located at https://www.google.com/intl/en/policies/privacy/.
7.2. Thus, by visiting the Operator's websites on the Internet, the subject of personal data agrees to provide his technical personal data in accordance with clause 7.1. this Provision.
- Personal data protection system
8.1. In processing personal data, the operator takes the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.
8.2. In particular, the Operator:
- a) appoints a person responsible for organizing the processing of personal data;
- b) issues documents defining the policy of the Operator in relation to the processing of personal data, local acts on the processing of personal data;
- c) carries out internal control over compliance with the rules for processing personal data;
- d) technically manages employee access to personal data;
- e) performs identification and authentication before providing access to personal data;
- e) organizes antivirus protection;
- g) limits the software environment;
- h) carries out other measures.
8.3. The following employees of the Operator have access to personal data in accordance with their competence:
- a) Director General;
- b) Director of Development;
- c) personnel department staff;
- d) employees of sales departments;
- e) accounting staff;
- e) employees of the legal department;
- g) employees of the information technology department;
- h) Secretary;
- i) other employees, by order of the Director General.
- Rights of the subject of personal data
9.1. The subject of personal data has the right to:
- a) to receive information concerning the processing of his personal data;
- b) require the Operator to clarify his personal data, to block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
- c) take measures stipulated by law to protect their rights;
- d) to exercise other rights provided by law.
- Final provisions
10.1. Other relationships that are not reflected in these Regulations are governed by the laws of the Russian Federation.