Personal Data Processing and Protection Policy
1. General Provisions
1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) is aimed at protect the rights and freedom of individuals, whose personal data is processed by the Trading House Zirkon LLC (hereinafter referred to as the Operator).
1.2. The policy is developed in accordance with Paragraph 2 of Part 1 of Art. 18.1 of the Russian Federation Federal Law of July 27, 2006 No. 152-ФЗ “On Personal Data” (hereinafter – the Federal Law “On Personal Data”).
1.3. The policy contains information to be disclosed in accordance with Part 1 of Art. 14 of the Federal Law “On Personal Data” and is a public document.
2. Information about the operator
2.1. The operator conducts its activities at the address: 4 Vasenko st., 603003 Nizhny Novgorod, Russian Federation.
3. Information on the processing of personal data
3.1. The Operator processes personal data in a lawful and fair manner in order to fulfill the functions and duties entrusted by law, exercise the rights and legitimate interests of the Operator, Operator’s employees and third parties.
3.2. The Operator receives personal data directly from the subjects of personal data.
3.3. The Operator processes personal data in automated and non-automated ways, with and without computer technology.
3.4. The processing of personal data includes collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of data.
4. Processing customer personal data
4.1. The Operator processes the personal data of Customers in the framework of legal relations with the Operator, settled by Part Two of the Civil Code of the Russian Federation dated January 26, 1996 No. 14-ФЗ (hereinafter referred to as Customers).
4.2. The Operator processes the personal data of Customers in order to comply with the laws of the Russian Federation, as well as to:
– inform about new products, special promotions and offers;
– the conclusion and execution of the terms of the contract.
4.3. The Operator processes the personal data of Customers with their consent provided by Customers and/or their legal representatives by performing actions on this Internet site, including, but not limited to, placing an order, registering in a personal account, subscribing to the newsletter in accordance with the Policy.
4.4. The Operator processes the personal data of Customers no longer than required by the purpose of processing personal data, unless otherwise provided by the requirements of the legislation of the Russian Federation.
4.5. The operator processes the following personal customer data:
– Full Name;
– Contact phone number;
– E-mail address.
5. Information about the security of personal data
5.1. The operator appoints a person responsible for organizing the processing of personal data to fulfill the obligations stipulated by the Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it.
5.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from illegal actions:
– provides unlimited access to the Policy, a copy of which is located at the address of the location of the Operator, and can also be posted on the Operator’s website (if available);
– in pursuance of the Policy, approves and enforces the document “Regulation on the processing of personal data” (hereinafter – the Regulation) and other local acts;
– makes employees familiar with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
– carries out the admission of employees to personal data processed in the information system of the Operator, as well as to their material carriers only for the performance of work duties;
– establishes the rules for access to personal data processed in the Operator’s information system, and also ensures the registration and accounting of all actions with them;
– makes an assessment of the harm that may be caused to the subjects of personal data in the event of a violation of the Federal Law “On Personal Data”;
– identifies threats to the security of personal data when they are processed in the information system of the Operator;
– applies organizational and technical measures and uses information security tools necessary to achieve the specified level of personal data security;
– carries out the detection of facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them;
– evaluates the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the information system of the Operator;
– carries out internal control over the compliance of personal data processing with the Federal Law “On Personal Data”, the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Policy, the Regulations and other local acts, including monitoring the measures taken to ensure the security of personal data and their security level in processing in the Operator’s information system.
6. Rights of personal data subjects
6.1. The subject of personal data has the right:
– to obtain personal data relating to the subject, and information relatied to its processing;
– to clarify, block or destroy own personal data in case it is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
– to withdraw the consent given for the processing of personal data;
– to protect the rights and legitimate interests, including damages and moral damages in court;
– to appeal the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.
6.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law “On Personal Data”.