Home|
Privacy Policy
Privacy Policy
1. BASIC CONCEPTS, TERMS AND DEFINITIONS:
Website - the website located in the telecommunication network of the Internet at the address: syrovarnya.com.
Organisation - OOO «SYROVARNYA» (TIN 7730242132, OGRN 1187746320508, legal address: 105120, Moscow, Vn.ter. Basmanniy Municipal District, Zemlyanoy Val str. 35, p. 1, cf. 1)
User (Client) - a natural person over the age of 16, a consumer of the Organisation's services, who provides the Organisation with his/her personal information (personal data) in any way.
Personal data - any information directly or indirectly related to a natural person (the subject of the personal data), defined or determined on the basis of such information, including his/her name, surname, patronymic, year, month, date and place of birth, registration address, e-mail address, landline and/or mobile phone number, IMEI (International Mobile Equipment Identifier), device number and other information.
Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automated means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, communication (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data. Confidentiality of personal data - a mandatory requirement for the designated responsible person who has access to personal data not to allow its dissemination without the consent of the data subject or other legal basis.
Confidentiality of personal data - a mandatory requirement for the designated responsible person who has access to personal data not to allow their dissemination without the consent of the data subject or other legal basis.
Dissemination of personal data - actions aimed at communicating personal data to a certain number of persons (transfer of personal data) or at making personal data known to an unlimited number of persons, including publication of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way.
Dissemination of personal data - dissemination of information through communication channels and physical media.
Use of personal data - actions (operations) with personal data performed in order to make decisions or perform other actions that have legal consequences in relation to the personal data subjects or otherwise affect their rights and freedoms or the rights and freedoms of others.
Blocking of personal data - temporary cessation of collection, systematisation, collection, use, distribution of personal data, including their transmission.
Destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the personal data information system or as a result of which material carriers of personal data are destroyed.
De-identification of personal information - actions that make it impossible to determine that personal information belongs to a specific individual without the use of additional information.
Publicly available personal data - personal data to which an unlimited number of persons have access with the subject's consent or which is not subject to confidentiality requirements in accordance with federal laws.
Personal data protection - a set of measures (organisational, administrative, technical, legal) aimed at preventing unlawful or accidental access to personal data, destruction, alteration, blocking, copying, dissemination of personal data of subjects, as well as other unlawful actions.
Information - information (news, data) regardless of the form of its presentation. Client/user (subject of personal data) - a natural person, a consumer of the sale of goods/service provision through the website of OOO «SYROVARNYA».
Controller - a state authority, local authority, legal entity or natural person who, independently or jointly with others, organises and (or) carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data subject to processing, the operations (activities) performed with personal data. Within the framework of this document, the Operators are the Organisation, as well as other organisations with which the Operators have concluded / will conclude relevant agreements for the purposes of processing the personal data of the Customers/Users defined in the terms of this Agreement, in particular for sending to the Customers/Users by various means of communication the Operator's advertising information, etc., as well as agreements for the purposes of conducting sociological and other research, including research on the Customer satisfaction index with the quality of the services provided by the Operators, as well as agreements for the purposes of conducting sociological and other research, including research on the Customer satisfaction index with the quality of the services provided by the Operators.
Consent to the processing and protection of personal data.
By clicking the «Checkout» button in the «Payment» section of the Company's website, the User gives his/her consent to the processing of personal data in the following form:
I (hereinafter referred to as the User/Client) hereby give my consent to the processing of personal data by leaving my data on the website, including for OOO «SYROVARNYA» (TIN 7730242132, OGRN 1187746320508) by filling in the fields of the form. Customer:
I confirm that all the personal data provided by me belong to me personally.
I confirm and acknowledge that I have carefully and fully read the User Agreement and the terms and conditions for processing my personal data, which I have provided in the fields of the online application (registration) on the Website, and that the text of the User Agreement and the terms and conditions for processing my personal data are clear to me.
I give my consent to the processing of the personal data provided as part of the information provided by the website for the purpose of concluding this user agreement between myself and the organisation, as well as for its subsequent execution; I express my consent to the terms and conditions for the processing of personal data without reservation or restriction.
The Client/User gives his/her consent to the processing of his/her personal data, namely for the performance of the actions specified in par. 3 ч. 1 part 1 of article 3 of the Federal Law of 27.07.2006 N 152-FZ «On Personal Data» and confirms that by giving such consent he/she acts freely, of his/her own free will and in his/her own interest.
The Client/User grants the Company the right to carry out the following operations with personal data: collection, recording, systematisation, accumulation, storage within the reporting retention periods established by regulatory documents, but not less than three years from the date of termination of the Client/User's use of the services, clarification (updating, modification), extraction, use, communication (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data, communication to third parties with the purpose of the Company.
The Client/User undertakes to inform the Company of any changes to the personal data in cases where this may affect the provision of the services.
2. GENERAL PROVISIONS
2.1 This Privacy Policy is an official document of the Organisation and establishes the rules for processing and protecting the personal data of Users. It regulates the collection and use of the personal data of the Users of the Website in cases of their registration on the Website, use of the services of the Website, including when placing an application/order on the Website.
The User provides personal data of his/her own free will. The provision of personal data by the User implies that the User is familiar with this Privacy Policy and agrees to its terms and conditions.
The confidentiality of the User's personal data is guaranteed from the moment the data is provided by the person to whom it relates.
The User's personal data may not be used for purposes contradicting the purposes of providing goods/services through the Site. It is not allowed to use personal data for the purpose of causing property and (or) moral damage, restriction of realisation of rights and freedoms guaranteed by the laws of the Russian Federation.
2.2 The purpose of this Privacy Policy is to ensure proper protection of information about the User, including his/her personal data, from unauthorised access and disclosure, to establish the responsibility of officials who have access to personal data for failure to comply with the rules of processing and protection of personal data.
2.3 Relations related to collection, storage, distribution and protection of information about the User are regulated by this Privacy Policy and the current legislation of the Russian Federation.
2.4 This Privacy Policy comes into force from the moment of its approval, is valid for an unlimited period of time and expires at the moment of its replacement by a new policy.
2.5 The current version of the Privacy Policy is a public document prepared by the Organisation and is available to any user of the Internet telecommunications network by clicking on the hypertext link «Privacy Policy».
2.6 The Organisation reserves the right to make changes to this Privacy Policy at any time.
2.7 In the event of changes to the Privacy Policy, the Organisation will notify the User by posting a new version of the Privacy Policy on the Website. Previous versions of the Privacy Policy will be kept in the Organisation's documentation archive.
2.8 In the process of collecting information about the User, the Organisation does not check the reliability of the information received (collected).
3. CONDITIONS AND PURPOSES OF COLLECTION AND PROCESSING
PERSONAL DATA OF THE USER
3.1 The personal data of the user, such as Surname, first name, patronymic, date of birth, e-mail addresses, telephone numbers, home addresses, delivery addresses of goods, delivery addresses of services, data of messengers, social networks and other information referred to by the legislation as personal data of the User, are provided by the User to the Organisation and processed by the Organisation with the User's consent. The User's consent to the processing of personal data is valid for the entire duration of the contract and for five years from the date of termination of the User's contractual relationship with the Organisation. At the end of this period, the consent shall be deemed to be renewed for each of the following five years, unless the User indicates that he/she wishes to revoke it.
3.2 The processing of the User's personal data is carried out for the purpose of providing services and carrying out transactions that are not prohibited by the current legislation of the Russian Federation, as well as for carrying out actions with the personal data that are necessary for providing such services and carrying out the above-mentioned transactions, fulfilling the Organisation's obligations to the User, complying with the requirements of the current legislation of the Russian Federation.
3.3 The processing of personal data by the Organisation shall be based on the principles of
a) Legality of the purposes and methods of personal data processing and good faith;
b) conformity of the purposes of the processing of personal data with the purposes defined in advance and stated at the time of the collection of personal data;
c) the adequacy of the scope and nature of the personal data processed with the methods and purposes of personal data processing;
d) the inadmissibility of merging databases containing personal data created for incompatible purposes.
3.4 The Organisation may create, collect and store information containing data about Users, including: questionnaires, applications, data on payment of orders, delivery addresses, contracts (public offers) and information on joining contracts, copies of identity documents, other documents and information containing personal data, records of telephone conversations and electronic correspondence.
3.5. Processing the User's personal data may be carried out without their consent in the following cases personal data are publicly available; at the request of authorised state authorities in cases provided by federal law of the Russian Federation; processing of personal data is carried out on the basis of a federal law, which defines its purpose, conditions for obtaining personal data and the range of subjects, whose personal data are subject to processing, as well as determines the powers of the Operator; processing of personal data is carried out on the basis of a federal law, which defines its purpose, conditions for obtaining personal data and the range of subjects, whose personal data are subject to processing, as well as determines the powers of the Operator.
3.6 The Organisation does not receive and does not process the User's personal data concerning race, nationality, political opinions, religious or philosophical beliefs, state of health, intimate life.
3.7 If the User's personal data can only be obtained from a third party, the Organisation will inform the User. The third party providing the User's personal data must have the User's consent to transfer the User's personal data to the Organisation.
3.8 When working with third parties, the Organisation shall enter into an agreement with them on the confidentiality of information relating to the User's personal data.
3.9 The processing of personal data shall be terminated in connection with the liquidation of the Organisation and upon receipt of a corresponding request from the User.
4. STORAGE AND USE OF PERSONAL DATA
4.1 The User's personal data may be stored on both paper and electronic media. User's personal data in paper form shall be stored in safes. User's personal data in electronic form shall be stored in the local computer network of the Organisation, in electronic folders and files in the personal computers of the employees authorised to process User's personal data.
4.2 All documentation containing User's personal data shall be stored in a manner that ensures protection from unauthorised access.
4.3 Personal data will be used only for the purposes set out in this Privacy Policy.
4.4 In order to prevent unauthorised access to databases containing User's personal data, the Organisation shall ensure that:
- The use of licensed anti-virus and anti-hacking software that does not allow unauthorised access to the organisation's local network;
- Differentiation of access rights via the account;
- Restrict access to folders and files containing personal information by establishing a system of passwords that are shared only with employees who have access to user's personal information and are not subject to disclosure;
- periodically change the passwords used to access files and folders containing personal information;
4.5 Employees who have access to personal information may only copy personal information (or portions thereof) for business purposes and shall not permit its distribution or unauthorised access to personal information.
5. TRANSFER OF PERSONAL DATA
5.1 The User's personal data will not be disclosed to third parties, except as expressly provided in this Privacy Policy.
5. 2 When transferring personal data, the organisation's employees are obliged to Not to disclose the User's personal data for commercial purposes; Not to disclose the User's personal data to third parties without the User's consent (except in cases provided for by current legislation of the Russian Federation); not to disclose the User's personal data to third parties without the User's consent (except in cases provided for by the current legislation of the Russian Federation); to warn the persons receiving the User's personal data that such data may be used only for the purposes for which it was disclosed and to require these persons to confirm compliance with this rule; to provide access to the User's personal data; not to provide access to the User's personal data to third parties without the User's consent (except in cases provided for by the current legislation of the Russian Federation).
5.3 The User shall be given access to his/her personal data upon request or upon receipt of the User's request. The Organisation is obliged to inform the User of the existence of personal data concerning him/her and to give him/her the opportunity to acquaint himself/herself with them within ten working days from the date of his/her request.
5.4 The transfer of the User's personal data to the User's authorised representatives shall be carried out in accordance with the procedure established by the legislation of the Russian Federation and regulatory and technical documentation. The User's representatives shall receive information only to the extent necessary for the performance of their representative functions.
5.5 During the transfer of the User's personal data, a record of the transferred information shall be kept.
5.6 Provision of the User's personal data at the request of state bodies, local authorities shall be carried out in the manner prescribed by the legislation of the Russian Federation.
6. RETENTION AND DESTRUCTION PERIODS
PERSONAL DATA
6.1 The User's personal data shall be stored on the Website's electronic media for an indefinite period of time.
6.2 Civil law contracts containing the User's personal data, as well as documents relating to their conclusion and execution, shall be stored for five years from the date of expiry of the contract. During this period, personal data may not be anonymised or destroyed.
6.3 Upon expiry of the storage period, personal data may be anonymised in information systems and destroyed on paper in accordance with the procedure set forth in this Privacy Policy and the applicable laws of the Russian Federation.
6.4 The User's personal data shall be destroyed at the User's request or on the Organisation's initiative without explanation by deleting the information posted by the User.
6.5 The de-identification of the User's personal data shall be carried out upon the User's written request, provided that all contractual relations have been completed and at least five years have elapsed from the date of termination of the last contract.
6.6 When destroying the User's personal data, the possibility of any access to the User's personal data shall cease, and the Organisation's employees shall not be able to access the User's personal data in information systems.
6.7 When destroying personal data, paper carriers of documents shall be destroyed, personal data in information systems shall be depersonalised. Personal data shall not be recovered. The process of destroying personal data is irreversible.
7. USER RIGHTS
7.1 The User has the right to obtain from the Organisation, upon request, information regarding the processing of his/her personal data.
7.2 The User has the right to obtain clarification of his/her personal data, to block or destroy it if it is incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of processing, as well as to take the measures provided for by law to protect his/her rights;
7.3 The User has the right to appeal to the competent authority for the protection of the rights of data subjects or to the courts against unlawful acts or omissions in the processing of his/her personal data.
8. RIGHTS OF THE ORGANISATION
8.1 The Organisation has the right to disclose the User's personal data to third parties if it is provided for by the applicable legislation (tax, law enforcement, etc.) or the agreement with the User.
8.2 The Organisation has the right to refuse to provide personal data in cases stipulated by the legislation of the Russian Federation.
8.3 The Organisation has the right to use the User's personal data without the User's consent in cases provided by the legislation of the Russian Federation.
9. MEASURES OF PROTECTION OF THE USER'S INFORMATION
9.1 The protection of the User's personal data is carried out at the expense of the Organisation in accordance with the procedure established by the current legislation of the Russian Federation.
9.2 When protecting the User's personal data, the Organisation shall, if necessary, take all measures sufficient to achieve the protection goals, including, but not limited to: use of encryption methods, antivirus protection, security analysis, intrusion detection and prevention, access control, registration and accounting, integrity assurance, organisation of regulatory and methodological local acts regulating personal data protection, and other measures.
9.3 Only employees who need the personal data in connection with the performance of their job duties shall have access to User's personal data. All employees involved in the collection, processing and protection of User's personal data are obliged not to disclose User's personal data. Employees shall ensure that information containing User's personal data is stored in such a way that it cannot be accessed by third parties. If an employee who has access to the personal data of User's is dismissed, the documents and other media containing the personal data of User's shall be transferred to another employee who has access to the personal data of User's.
9.4 Access to User's personal data by employees of the Organisation who do not have duly authorised access is prohibited.
