PERSONAL DATA PROCESSING POLICYOF SOLE PROPRIETOR ILYA GENNADYEVICH ULYANTSEV1. GENERAL PROVISIONS1.1. This Personal Data Processing Policy (hereinafter — the "Policy") of Sole Proprietor Ilya Gennadyevich Ulyantsev (TIN: 340896422596, OGRNIP: 322344300058723, hereinafter — the "SP" or the "Operator") has been developed in accordance with the requirements of Federal Law No. 152-FZ of 27 July 2006 "On Personal Data" and establishes the procedure for processing personal data and the measures taken by the SP to ensure the security of personal data.
1.2. The purpose of this Policy is to ensure the protection of the rights and freedoms of individuals in the course of processing their personal data, including the protection of the rights to privacy, personal secrecy, and family secrecy.
1.3. This Policy applies to all personal data processing activities carried out by the SP, whether by automated means or otherwise.
1.4. Use of the SP's services and/or Website constitutes the User's unconditional acceptance of this Policy and the terms of personal data processing set forth herein. If the User does not agree to these terms, the User must refrain from using the services and/or the Website.
2. DEFINITIONS2.1. For the purposes of this Policy, the following terms shall have the meanings set out below:
- Personal Data (PD) — any information relating directly or indirectly to an identified or identifiable natural person (data subject).
- Processing of Personal Data — any action (operation) or set of actions (operations) performed with personal data, whether by automated means or otherwise, including collection, recording, organization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
- Automated Processing of Personal Data — processing of personal data by means of computer equipment.
- Dissemination of Personal Data — actions aimed at disclosing personal data to an indefinite circle of persons.
- Provision of Personal Data — actions aimed at disclosing personal data to a defined circle of persons.
- Blocking of Personal Data — temporary suspension of personal data processing (except where processing is necessary for the clarification of personal data).
- Destruction of Personal Data — actions as a result of which it becomes impossible to restore the content of personal data in a personal data information system and/or as a result of which physical data carriers are destroyed.
- Depersonalization of Personal Data — actions as a result of which it becomes impossible, without the use of additional information, to determine whether personal data belongs to a specific data subject.
- Personal Data Information System (PDIS) — a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
- Operator — a state authority, municipal authority, legal entity, or natural person that independently or jointly with other persons organizes and/or carries out the processing of personal data, and also determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) to be performed with personal data. For the purposes of this Policy, the Operator is Sole Proprietor Ilya Gennadyevich Ulyantsev.
- Website — a set of interrelated web pages hosted on the Internet at http://fix-traffic.ru/.
- User — a data subject, being a natural person who uses the Website and/or the Operator's services.
3. PRINCIPLES OF PERSONAL DATA PROCESSINGThe Operator processes personal data in accordance with the following principles:
- Lawfulness and fairness of the purposes and methods of personal data processing.
- Limitation of personal data processing to the achievement of specific, predetermined, and legitimate purposes.
- Prevention of personal data processing that is incompatible with the purposes for which personal data was collected.
- Prevention of the consolidation of databases containing personal data processed for purposes that are incompatible with one another.
- Processing of only those personal data that are adequate for the purposes of processing.
- Compliance of the content and volume of personal data processed with the stated purposes of processing.
- Accuracy, sufficiency, and relevance of personal data in relation to the purposes of processing.
- Implementation of measures to delete or correct incomplete or inaccurate data.
- Retention of personal data in a form that permits identification of the data subject for no longer than is required by the purposes of processing, unless the retention period is established by federal law or by a contract to which the data subject is a party, beneficiary, or guarantor.
- Destruction of personal data upon achievement of the processing purposes or upon the loss of necessity to achieve such purposes, unless otherwise provided by federal law.
4. CATEGORIES OF DATA SUBJECTS AND PERSONAL DATA PROCESSED4.1. The Operator processes personal data of the following categories of data subjects:
- Users of the Website and/or the Operator's services (prospective and existing clients);
- Employees of the Operator (where applicable);
- Representatives of the Operator's counterparties.
4.2. The personal data processed by the Operator may include:
For Website Users / Clients:- Last name, first name, patronymic;
- Contact telephone number;
- Email address;
- IP address, cookie data, browser information, access time, URL of the page on which the advertisement is placed;
- Behavioral data on the Website (page views, navigation, clicks);
- Payment data (where necessary, without retention of full payment credentials);
- Other data voluntarily provided by the User in order to receive the Operator's services.
For Employees of the Operator (where applicable):- Last name, first name, patronymic; date and place of birth;
- Passport details;
- Residential address (place of registration);
- Contact telephone number, email address;
- Information on education, qualifications, and work experience;
- Marital status and family composition;
- TIN, SNILS (individual insurance account number);
- Bank card details for payroll purposes;
- Other data required under applicable labor legislation.
For Representatives of Counterparties:- Last name, first name, patronymic;
- Job title;
- Contact telephone number, email address;
- Other data necessary for the conclusion and performance of contracts.
5. PURPOSES OF PERSONAL DATA PROCESSINGThe Operator processes personal data for the following purposes:
- Carrying out its business activities in accordance with the legislation of the Russian Federation.
- Ensuring compliance with laws and other regulatory legal acts, and assisting in the exercise of powers by state authorities.
- Performing the functions of a personal data operator.
- Managing human resources; assisting employees (where applicable) with employment, training, and career development; ensuring the personal safety of employees; monitoring the quantity and quality of work performed; and safeguarding property.
- Concluding and performing contracts with clients, counterparties, and other persons.
- Ensuring the operation of the Website and the Operator's services.
- Identifying the User in connection with the services provided.
- Providing the User with personalized services.
- Communicating with the User, including sending notifications, requests, and information relating to the use of services and the provision of services, as well as processing requests and applications from the User.
- Improving the quality of services and their ease of use, and developing new services and products.
- Conducting statistical and other research on the basis of depersonalized data.
- Informing Users about the Operator's products, services, and special offers (subject to their consent).
- Ensuring security and preventing fraud.
6. LEGAL BASES FOR PERSONAL DATA PROCESSINGThe legal bases for the Operator's processing of personal data are:
- Federal Law No. 152-FZ of 27 July 2006 "On Personal Data."
- The Labor Code of the Russian Federation and other regulatory legal acts governing labor relations (where employees are engaged).
- Contracts concluded between the Operator and the data subject.
- The consent of the data subject to the processing of their personal data.
- Enforcement of a court order, act of another authority, or act of an official subject to enforcement under the legislation of the Russian Federation on enforcement proceedings.
- The legitimate interests of the Operator, provided that such processing does not infringe upon the rights and freedoms of the data subject.
7. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING7.1. The Operator processes personal data using a combination of automated and non-automated means.
7.2. The Operator ensures the recording, organization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located within the territory of the Russian Federation.
7.3. The periods for which personal data are processed (retained) are determined by:
- The duration of the data subject's consent to the processing of personal data;
- The term of the contract concluded with the data subject;
- Retention periods established by the legislation of the Russian Federation (e.g., retention periods for accounting documents and personnel records);
- Other circumstances provided for by the legislation of the Russian Federation.
7.4. Upon expiry of the applicable processing (retention) period, personal data shall be destroyed, unless otherwise provided by the legislation of the Russian Federation.
7.5. The Operator may transfer personal data to third parties in the following cases:
- The data subject has given consent to such transfer.
- The transfer is necessary for the provision of a particular service to the User.
- The transfer is required under Russian or other applicable law in accordance with a procedure established by law.
- The transfer occurs in connection with the sale or other transfer of a business (in whole or in part), in which case the acquirer assumes all obligations to comply with this Policy with respect to the personal data received.
- The transfer is necessary to protect the rights and legitimate interests of the Operator or third parties in cases where the User violates the terms of the Operator's service agreements.
7.6. In the course of processing personal data, the Operator shall implement or ensure the implementation of the necessary legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other unlawful actions with respect to personal data.
8. RIGHTS OF DATA SUBJECTSA data subject shall have the right to:
- Obtain information concerning the processing of their personal data, except in cases provided for by federal laws.
- Demand the rectification, blocking, or destruction of their personal data where such data are incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing.
- Take measures prescribed by law to protect their rights.
- Demand that the Operator cease processing their personal data.
- Withdraw consent to the processing of personal data.
- Lodge a complaint against the actions or omissions of the Operator with the competent authority for the protection of data subjects' rights or before a court.
- Seek protection of their rights and legitimate interests, including claiming damages and/or compensation for non-pecuniary harm before a court.
To exercise the above rights, a data subject may contact the Operator using the contact details set out in Section 10 of this Policy.
9. PERSONAL DATA SECURITY MEASURESThe Operator implements the following measures to ensure the security of personal data:
- Appointing a person responsible for organizing the processing of personal data (where necessary).
- Issuing internal policies on personal data processing matters, as well as internal procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and remedying the consequences of such violations.
- Conducting internal monitoring and/or audits of compliance with Federal Law "On Personal Data," related regulatory legal acts, personal data protection requirements, and the Operator's internal policies.
- Familiarizing employees of the Operator (where applicable) who directly process personal data with the provisions of Russian personal data legislation, including personal data protection requirements, documents defining the Operator's personal data processing policy, and relevant internal policies, and/or providing training to such employees.
- Identifying security threats to personal data processed within personal data information systems.
- Applying organizational and technical measures to ensure the security of personal data processed within personal data information systems, as required to meet personal data protection requirements.
- Assessing the effectiveness of personal data security measures prior to commissioning a personal data information system.
- Maintaining records of machine-readable personal data carriers.
- Detecting instances of unauthorized access to personal data and taking responsive action.
- Restoring personal data that has been modified or destroyed as a result of unauthorized access.
- Establishing access rules for personal data processed within personal data information systems.
- Monitoring the personal data security measures in place and the level of protection of personal data information systems.
10. CONTACT INFORMATIONFor further information, to exercise your rights as a data subject, or to submit requests or complaints regarding the processing of personal data, please contact Sole Proprietor Ilya Gennadyevich Ulyantsev using the following details:
|
|
Name: | Sole Proprietor Ilya Gennadyevich Ulyantsev |
TIN: | 340896422596 |
OGRNIP: | 322344300058723 |
Registered address: | [Insert registered address of the SP as recorded in the Unified State Register of Individual Entrepreneurs (USRIE)] |
Postal address: | [Insert postal address (if different from registered address)] |
Telephone: | +7 (999) 923-44-68 |
11. FINAL PROVISIONS11.1. This Policy is an internal document of the Operator and shall be published on the Operator's Website.
11.2. The Operator reserves the right to amend this Policy. A revised version of the Policy shall take effect upon its publication on the Website, unless the revised version provides otherwise.