In relation to the processing of personal data of site visitors
1. General Provisions
1.1. This Privacy Policy (hereinafter the “Policy”)
prepared in accordance with paragraph 2 of Part 1 of Art. 18.1 of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 (hereinafter referred to as the “Law”) determines the position of an individual and / or its affiliates, (hereinafter referred to as the “Company”) in the field of processing and protection personal data (hereinafter - “Data”), respect for the rights and freedoms of each person and, in particular, the right to privacy, personal and family secrets.
2. Scope
2.1. This Policy applies to Data received both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of the Data, as well as caring for the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company ensures reliable protection of the Data.
3. Definitions
3.1. Data refers to any information relating directly or indirectly to
a defined or designated individual (citizen), i.e. Such information, in particular, includes: name, email, location, link to personal website or social networks, ip address, cookies.
3.2. Data processing is understood to mean any action (operation) or set of actions (operations) with Data performed using automation means and / or without using such means. Such actions (operations) include: collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data Security is understood to mean that the Data is protected from unauthorized and / or unauthorized access to, destruction, alteration, blocking, copying, provision, dissemination of Data, as well as from other illegal actions in relation to the Data.
4. Legal basis and purpose of data processing
4.1. Processing and ensuring the security of the Data in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other defining cases and peculiarities of processing the Data of the federal laws of the Russian Federation, guidance and guidance documents of the FSTEC of Russia and FSB of Russia.
4.2. The Data Subjects processed by the Company are:
customers are consumers, incl. visitors of the site https://topquality.bigbadmole.com/en/, owned by the Company, including for the purpose of placing an order on the Site https://topquality.bigbadmole.com/en/, with subsequent delivery to the client, recipients of services;
4.3. The company processes the Subjects for the following purposes:
implementation of the functions, powers and responsibilities assigned to the Company by the legislation of the Russian Federation in accordance with federal laws, including but not limited to: the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, the Labor Code of the Russian Federation, the Family Code of the Russian Federation, Federal Law of 01.04 .1996 No. 27-ФЗ “On Individual (Personalized) Accounting in the System of Mandatory Pension Insurance”, Federal Law No. 152-ФЗ dated July 27, 2006 “On Personnel data ”, Federal Law of 28.03.1998, No. 53-ФЗ“ On Military Duty and Military Service ”, Federal Law of 26.02.1997, № 31-ФЗ“ On Mobilization Training and Mobilization in the Russian Federation ”, Federal Law No. 14-ФЗ dated February 8, 1998 “On Limited Liability Companies”, Federal Law No. 2300-1 dated February 7, 1992 “On Protection of Consumer Rights”, Federal Law No. 129-ФЗ dated November 21, 1996 “On Accounting registration ”, Federal Law of 29.11.2010, № 326-ФЗ“ On compulsory medical
Insurance in the Russian Federation ", Customers - consumers in order to:
providing information on goods / services, ongoing shares and special
offers;
five.Principles and conditions of data processing.
5.1. When processing Data, the Company adheres to the following principles: Data processing is carried out on a lawful and fair basis; The data are not disclosed to third parties and are not distributed without the consent of the data subject, with the exception of cases requiring the disclosure of data at the request of the authorized state bodies, legal proceedings; identification of specific legal objectives prior to the processing (including collection) of the Data; Only those Data are collected that are necessary and sufficient for the stated purpose of processing; merging of databases containing Data that are processed for purposes that are incompatible with each other is not allowed; Data processing is limited to achieving specific, predetermined and legitimate goals; processed Data shall be destroyed or depersonalized upon the achievement of processing objectives or in the event of the loss of the need to achieve these objectives, unless otherwise provided by federal law.
5.2. The Company may include the Subject's Data in publicly available sources of Data, while the Company takes the written consent of the subject to the processing of its Data, or by expressing consent through the site form (checkbox), by pressing which the subject of personal data expresses its consent.
5.3. The company does not process the data relating to racial, national
affiliation, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including in trade unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be identified and which are used by the operator to identify the subject's identity) is not processed in the Company.
5.5. The company does not provide cross-border data transmission.
5.6. In cases established by the legislation of the Russian Federation, the Company has the right to
transfer data to third parties (the Federal Tax Service, the state __________ pension fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The Company has the right to entrust the processing of the Data of the Data Subjects to third parties with the consent of the Data Subject, on the basis of the contract concluded with these persons, including with the consent of the user agreement and personal data processing policies posted on the website.
5.8. Persons who process the Data on the basis of a contract entered into with the Company (operator’s instructions) undertake to comply with the principles and rules for the processing and protection of Data provided for by the Law. For each third party, the contract specifies a list of actions (operations) with Data that will be performed by a third party processing the Data, processing objectives, establishes the obligation of such persons to maintain confidentiality and ensure the safety of the Data when processing them, specifies the requirements for the protection of the processed Data in accordance with with the law.
5.9. In order to fulfill the requirements of the current legislation of the Russian Federation and its contractual obligations, the processing of Data in the Company is carried out both with and without automation. A set of processing operations includes the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of data.
5.10. The Company prohibits the adoption on the basis of exclusively automated processing of these decisions, which give rise to legal consequences in relation to the Data subject or in any other way affecting his rights and legitimate interests, with the exception of cases provided for by the legislation of the Russian Federation.
6. Rights and obligations of Data Subjects, as well as the Company in the processing of Data
6.1. The entity whose data is processed by the Company has the right to:
- receive from the Company:
confirmation of the processing of the Data and information on the availability of Data relating to the relevant Data Subject;
information on the legal basis and purpose of data processing;
information about the data processing methods used by the Company;
information about the name and location of the Company;
information about persons (with the exception of Company employees) who have access to the Data or to whom Data may be disclosed on the basis of an agreement with the Company or on the basis of federal law;
the list of processed Data relating to the subject of the Data, and information about the source of their receipt, unless a different procedure for the provision of such Data is provided for by federal law;
information about the processing time of the data, including the storage period;
information on the procedure for the exercise by the subject of the Data of rights provided for by the Law;
the name (full name) and address of the person processing the data on behalf of the Company;
other information provided by the Law or other regulatory acts of the Russian Federation;
- require from the Company:
clarification of their Data, their blocking or destruction if the Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
withdraw your consent to the processing of data at any time; require the removal of illegal actions of the Company in relation to its data;
appeal against the actions or inaction of the Company to the Federal Service for Supervision in the Field of Communications, Information Technologies and Mass Communications (Roskomnadzor) or in court if the Data subject believes that the Company processes its Data in violation of the Law or otherwise violates its rights and freedom;
- to protect their rights and legitimate interests, including damages and / or compensation for moral damage in a judicial proceeding.
6.2. The company in the processing of data must:
provide the Data Subject, upon request, with information regarding the processing of its
PD or legally provide a waiver within thirty days from the date
receiving a request from a Data Subject or its representative;
clarify to the Data Subject the legal consequences of not providing the Data if
the provision of Data is mandatory in accordance with federal law;
prior to data processing (if Data is not received from the Data Subject) provide
The following information is subject to the Data subject, with the exception of cases provided for by paragraph 4 of Article 18 of the Law:
1) the name or surname, name, patronymic and address of the Company or its representative;
2) the purpose of processing the data and its legal basis;
3) the intended users of the Data;
4) the rights of data subjects established by law;
5) the source of the data.
take the necessary legal, organizational and technical measures or ensure their adoption to protect the Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, submission, dissemination of Data, as well as from other illegal actions in relation to the Data;
publish on the Internet and provide unrestricted access, using the Internet, to the document defining its data-processing policy to the data on the implemented data protection requirements;
provide the Data Subjects and / or their representatives free of charge with the opportunity to familiarize themselves with the Data when making a corresponding request within 30 days from the date of receipt of such a request;
perform blocking of illegally processed Data related to the Data Subject, or ensure their blocking (if the Data is processed by another person acting on behalf of the Company) from the moment of applying or receiving a request for the verification period, in case of unlawful processing of Data when the Data Subject or a representative or upon request of a Data Subject or its representative or an authorized body for the protection of the rights of personal data subjects;
clarify the Data or ensure their clarification (if the Data is processed by another person acting on behalf of the Company) within 7 working days from the date of submission of information and remove the blocking of the Data, in case of confirmation of the fact
inaccuracies of the Data based on information provided by the Data Subject or his representative;
stop illegal data processing or ensure the termination of illegal data processing by a person acting on behalf of the Company, in case of unlawful processing of data carried out by the Company or a person acting on the basis of an agreement with the Company, within a period not exceeding 3 working days from the date of this identification;
stop processing the Data or ensure its termination (if the data is processed by another person acting under the contract with the Company) and destroy the Data or ensure its destruction (if the data is processed by another person acting under the contract with the Company) to achieve the purpose of processing the Data, unless otherwise it is not stipulated by the contract, the party to which, the beneficiary or guarantor of which is the subject of the Data, in case of achieving the goal of processing the Data;
stop processing the Data or ensure its termination and destroy the Data or ensure their destruction if the Data subject withdraws the consent to the Data processing, if the Company does not have the right to process the Data without the consent of the subject
Data;
keep a log of records of PD subjects, in which the requests of the Data Subjects to receive Data, as well as the facts of the provision of Data on these requests, should be recorded.
7. Data Protection Requirements
7.1. When processing the Data, the Company takes the necessary legal, organizational and technical measures to protect the Data from unauthorized and / or unauthorized access, destruction, modification, blocking, copying, submission, dissemination of Data, as well as from other illegal actions in relation to the Data.
7.2. Such measures in accordance with the Law, in particular, include:
the appointment of the person responsible for organizing the processing of the Data and the person responsible for ensuring the security of the Data;
development and approval of local acts on the processing and protection of data;
application of legal, organizational and technical measures to ensure data security:
- identification of data security threats during their processing in information systems
personal data;
- application of organizational and technical measures to ensure data security
when processing them in the information systems of personal data necessary to meet the requirements for data protection, the execution of which ensures the levels of data protection established by the Government of the Russian Federation;
- the use of the information security protection measures passed in the prescribed manner;
- evaluation of the effectiveness of measures taken to ensure the security of the Data prior to the commissioning of the personal data information system;
- accounting of data storage media, if the data is stored on computer storage media;
- detection of facts of unauthorized access to the Data and taking measures to prevent similar incidents in the future;
- recovery of data modified or destroyed due to unauthorized access to it;
- the establishment of rules for access to the Data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with the Data in the personal data information system.
control over the measures taken to ensure data security and the level of security of personal data information systems;
assessment of the harm that may be caused to the Data subjects in case of violation of the requirements of the Law, the ratio of the said harm and the measures taken by the Company to ensure the fulfillment of the duties provided for by the Law;
compliance with conditions that preclude unauthorized access to tangible data carriers and ensure the safety of the Data;
familiarization of the Company's employees who directly process the Data with the provisions of the legislation of the Russian Federation on Data, including the requirements for data protection, local acts on processing and protection
Data and training of Company employees.
8. Terms of processing (storage) of data
8.1. Terms of processing (storage) of Data are determined on the basis of the purposes of processing the Data, in accordance with the term of the contract with the Data subject, the requirements of federal laws, the requirements of Data Operators on whose behalf the Company processes the Data, the basic rules of the archives of organizations, and the limitation periods.
8.2. Data, the processing time (storage) of which has expired, must be destroyed, unless otherwise provided by federal law. Data storage after the termination of their processing is allowed only after their anonymization.
9. Procedure for obtaining clarifications on data processing issues.
9.1. Persons whose Data is processed by the Company may receive clarifications on the processing of their Data by contacting the Company in person or by sending a corresponding written request to the address of the Company: 432072, Ulyanovsk, Stolypin Avenue, 33, apt. 36
9.2. If an official request is sent to the Company in the request text
specify:
surname, name, patronymic of the subject of the Data or his representative;
the number of the main document certifying the identity of the Data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
information confirming that the subject has the Data of relations with the Company;
feedback information for the Company to respond to the request;
the signature of the Data subject (or his representative). If the request is sent electronically, it must be in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
10. Features of the processing and protection of data collected by the Company using the Internet
10.1. The company processes the data coming from users of the Site from the resource:
https://topquality.bigbadmole.com/en/ (hereinafter jointly referred to as the Website), as well as those that arrive at the Company's email address:
10.2. Data collection
There are two main ways in which the Company receives Data via the Internet:
10.2.1. Provision of Data (independent data entry):
Name, email, link to personal website or social network, cookies
10.2.2. Data Subjects by entering the Company's email address:
10.3. Automatically collected information
The company may collect and process information that is not personal data:
location ip address information about the interests of users on the Site based on the entered search queries of users of the Site about the products sold and offered by the Company to provide up-to-date information to the Company's customers when using the Site, as well as summarizing and analyzing information about which sections of the Site and products are most in demand with the Company's clients;
processing and storing search queries of users of the Site in order to summarize and create client statistics on the use of sections of the Site.
The company automatically receives certain types of information obtained in the process of user interaction with the Website, email correspondence, etc. These are technologies and services, such as web protocols, cookies, web tags, as well as applications and tools of this third parties.
At the same time, web-marks, cookies and other monitoring technologies do not allow to automatically receive Data. If a Site user, at his own discretion, provides his Data, for example, when filling out a feedback form or sending an e-mail, then only then the processes of automatic collection of detailed information are launched to facilitate the use of websites and / or to improve interaction with users.
10.4. Data usage
The Company has the right to use the provided Data in accordance with the stated purposes of their collection with the consent of the Data subject, if such consent is required in accordance with the requirements of the legislation of the Russian Federation in the field of Data.
The data obtained in a generalized and anonymous form can be used to better understand the needs of buyers of goods and services sold by the Company and improve the quality of service.
10.5. Data transfer
The company may assign the processing of data to third parties solely with the consent of the data subject. Also, Data may be transferred to third parties in the following cases:
a) B as a response to legitimate requests of authorized state bodies, in accordance with laws, court decisions, etc.
b) Data cannot be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data Subject.
10.6. The site contains links to other web resources where there may be useful and interesting information for users of the Site. However, this Policy does not apply to such other sites. Users following links to other sites are advised to familiarize themselves with the data processing policies posted on such sites.
10.7. The Site User may at any time withdraw his consent to the processing of the Data by sending a message to the Company's email address: ,
After receiving such a message, the processing of User Data will be terminated, and its Data will be deleted, except when processing can be continued in accordance with the law. Final Provisions This Policy is a local regulatory enactment of the Company. This Policy is publicly available. The general availability of this Policy is provided by publication on the Company's Website. This Policy may be revised in any of the following cases:
changes in the legislation of the Russian Federation in the field of processing and protection of personal data;
in cases of obtaining instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;
by decision of the Company's management;
at change of the purposes and terms of data processing;
when changing the organizational structure, the structure of information and / or telecommunication systems (or the introduction of new ones);
in the application of new technologies for processing and protecting data (including transmission, storage);
when it becomes necessary to change the processing of data related to the activities of the Company. In the event of non-compliance with the provisions of this Policy, the Company and its employees shall be liable in accordance with applicable law.
Russian Federation. The monitoring of compliance with the requirements of this Policy is carried out by those responsible for organizing the processing of Company Data, as well as for the security of personal data .__
