Last updated On September 16, 2018
This Policy defines the processing of personal data and measures to ensure the security of personal data of Savickskaya Diana Azatinna (the Operator)
in order to protect the rights and freedoms of a person and a citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
The Policy uses the following basic concepts:
policy is a way of implementing something that has been formally recognized and chosen by a business company or other organization;
Privacy is a situation in which you trust another person not to share classified or private information with others;
Automated processing of personal data – processing personal data through computer tools;
Blocking personal data is a temporary halt to the processing of personal data (unless processing is necessary to clarify personal data);
The personal data information system is a collection of personal data contained in databases and the information technology and technology that handles them;
Depersonalization of personal data – actions that make it impossible to determine without the use of additional information the identity of personal data to a particular subject of personal data;
personal data processing – any action (operation) or a set of actions (operations) done using or without the use of such tools with personal data, including collection, recording, systemization, accumulation, storage, refinement (update, change), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data;
operator is a public authority, a municipal authority, a legal or natural person, who, independently or jointly with others, organizes and/or processes personal data, as well as determining the objectives of personal processing Data, the composition of personal data to be processed, actions (operations) carried out with personal data;
Personal data – any information pertaining directly or indirectly to a particular or determined individual (the subject of personal data);
Providing personal data is an action to disclose personal information to a specific person or a certain circle of persons;
dissemination of personal data – actions aimed at disclosing personal data to an unspecified number of persons (transfer of personal data) or to familiarize themselves with personal data of an unlimited number of persons, including the disclosure of personal data Personal data in the media, posting in information telecommunications networks or providing access to personal data in any other way;
cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
PRINCIPLES AND THE PERSONAL DATA
2.1 Principles for personal data processing
The Operator's personal data is processed on the basis of the following principles:
legality and fair foundation;
Restrictions on the processing of personal data to specific, predetermined and legitimate goals;
Avoiding the processing of personal data that is incompatible with the purposes of collecting personal data;
Avoid combining databases containing personal data that are processed for purposes incompatible with each other;
Processing only those personal data that meets the purposes of processing it.
Consistent with the content and volume of personal data processed to the stated processing goals.
Avoiding processing personal data that is redundant in relation to the stated purposes of processing it;
Ensure that personal data is accurate, sufficient and relevant to the purposes of personal data processing;
destruction or depersonalization of personal data when the purposes of processing it are achieved or if there is no need to achieve
these objectives, if it is not possible for the Operator to eliminate the personal data breaches committed by the Operator, unless otherwise provided by federal law.
2.2 Personal Data Processing Conditions
The operator processes personal data if there is at least one of the following conditions:
The processing of personal data is carried out with the consent of the subject of personal data to process his personal data;
The processing of personal data is necessary to achieve the objectives of the international treaty of the Russian Federation or the law in order to carry out and implement the functions assigned by the russian Federation's legislation to the operator, powers and responsibilities;
The processing of personal data is necessary for the implementation of justice, the execution of a judicial act, the act of another body or official to be executed in accordance with the legislation of the Russian Federation on executive proceedings;
the processing of personal data is necessary for the performance of a contract by the party of which either the beneficiary or guarantor for which the subject of personal data is, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
The processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
The processing of personal data, accessed by an unlimited number of persons to which is provided by the subject of personal data or at his request (more – public personal data);
personal data to be published or required to be disclosed in accordance with federal law is processed.
2.3 Privacy of personal data
The operator and other persons who have access to personal data are obliged not to disclose to third parties or to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
2.4 The data we collect
We collect your personal data through the various channels described above. The categories of personal data we collect include:
Contact information (such as name, mailing address, email address, mobile or other phone number);
User name and password
Customer service information (such as customer service requests, comments, etc.)
Photos, comments and other content you provide.
Information about your personal or professional interests, date of birth, marital status, personal information, experience with our products and preferred way of communication;
Location data (such as data derived from your IP address, country and/or postcode) and the exact geolocation of your mobile device, with our notification and choice of where to choose where to choose where to choose;
information about activities on the site, and other information about your activities on the Internet (such as information about your devices, browsing activities and features of use), including on online channels and third-party websites that we collect from Using cookies, web beacons and similar technologies
Information we can get from our third-party service providers
other personal data that we collect through our Channels.
2.5 Personal Data Collection Goals
We process the personal data collected to fulfill the contract with you or take action on your request prior to the conclusion of the contract, including:
Making deals with you and providing you with a variety of products and services;
Processing and fulfilling orders related to our products and services and informing you about the status of your order;
Managing employment opportunities, including for recruitment, adaptation of new employees and other employment-related purposes;
Providing support to customers (including repairs, replacements and other services)
create and manage your account on the dianasavitskaya.com website.
We process the collected personal data on the basis of our legitimate interests, including for:
management, evaluation and improvement of our operations (including the development of new products and services; improvement and improvement of our services; management of our communications; analysis of our products and customer base; data analysis; accounting, audit ingestion and Other internal functions;
sending promotional materials and other correspondence (including thank-you letters, reminders of important events and other messages from sales people you have contacted);
communicate with you via e-mail, regular mail, telephone and other means, as well as managing your participation in special events, contests, raffle, programs, offers, surveys and market research;
Identify, prevent and protect against fraud and other illegal activities, claims and other liability;
Compliance and enforcement of relevant industry standards, contractual obligations and our policies;
responding to your queries.
2.6 Using cookies and other technologies
Google Analytics: http://www.google.com/analytics/learn/privacy.html
2.7 Personal Data Processing Times
In legal lyes, we store your personal data for a period of time:
due to the statute of limitations and compliance with the mandatory requirements of the law.
2.8 Public sources of personal data
For information purposes, the Operator may create public sources of personal data of the subjects, including handbooks and address books. Public sources of personal data with the written consent of the subject may include his name, name, middle name, date and place of birth, position, contact phone numbers, email address and other personal data reported subject of personal data.
Information about the subject should be excluded at any time from public sources of personal data at the request of the subject or by decision of the court or other authorized government bodies.
2.9 Special categories of personal data
The Operator's processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life is allowed in cases where:
The subject of personal data has agreed in writing to the processing of their personal data;
Personal data is made by the public entity of personal data;
The processing of personal data is carried out in accordance with the legislation on state social assistance, labor legislation, the legislation of the Russian Federation on state pension pensions, on labor Pensions
the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data or life, health or other vital interests of others and obtaining the consent of the subject
The processing of special categories of personal data should be stopped immediately if the reasons for processing them are eliminated, unless otherwise established by federal law. The processing of personal criminal records may be carried out by the Operator only in cases and in the manner that is determined in accordance with federal laws.
2.9.1 Biometric personal data
Information that characterizes a person's physiological and biological characteristics, on the basis of which it is possible to establish his identity – biometric personal data – can be processed by the Operator only if there is consent in writing Subject.
2.9.2 Ordering the processing of personal data to another person
The operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of the contract with that person. The person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided by FH-152.
2.9.3 Cross-border personal data transfer
The operator is obliged to ensure that the foreign state, which is supposed to transfer personal data, provides adequate protection for the rights of the subjects of personal data, before the start of such transfer. Cross-border transfer of personal data in foreign countries that do not adequately protect the rights of personal data subjects can be carried out in cases of:
The existence of consent in writing of the subject of personal data to cross-border transfer of his personal data;
the subject of personal data.
RIGHT SUBJECTPERSONAL DATA
3.1 Consent of the subject of personal data to the processing of his personal data.
The subject of personal data decides to provide his personal data and consents to their processing freely, by his will and in his interest. Consent to the processing of personal data may be given by the subject of personal data or its representative in any way that allows to confirm the fact of its receipt of the form, unless otherwise established by federal law. It is the Responsibility of the Operator to provide proof of the consent of the individual to obtain the consent of the individual's personal data to process his personal data or to prove the existence of the grounds specified in FH-152.
3.2 Personal Data Subject Rights
The subject of personal data is entitled to receive information from the Operator regarding the processing of his personal data, as if such a right is not limited in accordance with federal law. The subject of personal data has the right to require the Operator to clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take legal measures to protect their rights.
Processing of personal data in order to promote goods, works, services in the market by making direct contact with the potential consumer through means of communication, as well as for the purpose of political agitation is allowed only on the condition that preliminary consent of the subject of personal data. This processing of personal data is recognized as carried out without the prior consent of the subject of personal data, unless the Company proves that such consent has been obtained. The operator is obliged to immediately stop the processing of his personal data for the above purposes at the request of the subject of personal data.
It is prohibited to make decisions based solely on automated processing of personal data that have legal consequences for the subject of personal data or otherwise affect his rights and legitimate interests, except in cases under federal law or if there is consent in writing to the subject of personal data.
If the subject of personal data believes that the Operator is processing his personal data in violation of the requirements of FH-152 or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal against actions or omissions Operator to the Authorized Authority for the Protection of the Rights of Personal Data Subjects or in court.
The subject of personal data has the right to protect his rights and legitimate interests, including damages and/or compensation for moral harm in court.
KEEPING THE PERSONAL DATA
The security of the personal data processed by the Operator is ensured by the implementation of the legal, organizational and technical measures necessary to comply with the requirements of federal legislation in the field of personal data protection. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
Appointment of officials responsible for the processing and protection of personal data;
Limiting the composition of people with access to personal data;
Familiarity of subjects to the requirements of federal legislation and regulations of the Operator for the processing and protection of personal data;
Organize the accounting, storage and circulation of media.
Identify threats to the security of personal data when processing it, forming on its basis models of threats;
Develop a threat-based system for protecting personal data;
Check the readiness and effectiveness of the use of information protection tools;
Distinguishing users' access to information resources and software and hardware processing tools;
Register ingesrate users of personal data information systems
Use of antivirus tools and tools to restore the system of personal data protection;
Use, if necessary, firewall, intrusion detection, security analysis and cryptographic information protection;
organization of the access regime to the territory of the Operator, the protection of premises with technical means of processing personal data.
5.1 Other rights and responsibilities of the Operator as a personal data operator are determined by the legislation of the Russian Federation in the field of personal data. Operator officials guilty of breaching the rules governing the processing and protection of personal data are liable for material, disciplinary, administrative, civil or criminal liability in accordance with federal rules Laws.
5.3 How to contact us