Rules for protection and processing of personal data

1.   General provisions    1.     These Rules for working with personal data of the Users of the website (hereinafter referred to as the «Rules») are developed and applied by OOO «Draganov-Pipal» (hereinafter referred to as the «Operator») in accordance with paragraph 2 part 1 article 18.1 of the Federal Law of July 27, 2006 Nr. 152-ФЗ «On Personal Data» (hereinafter referred to as the «Law on Personal Data»).    2.     These Rules determine the Operator’s policy regarding the processing of personal data received for processing, the procedure and conditions for the processing of personal data of individuals who transferred their personal data for processing to the Operator (hereinafter referred to as «Users») using and without using automation tools, establishes procedures aimed at preventing violations of the laws of the Russian Federation, eliminating the consequences of such violations related to the processing of personal data.    3.     The rules are designed to ensure the protection of the rights and freedoms of the Users in the processing of their personal data, as well as to establish the liability of the Operator who have access to personal data of the Users for failure to comply with the requirements and standards governing the processing of personal data.    4.    Personal data of the Users is any information relating directly or indirectly to a specific or determinable natural person.     5.      The Operator processes the following personal data of the Users:  – Full Name  – E-mail address  – Phone number  – other data necessary for the Operator in the provision of services to the Users, to ensure the operation of the Site.    6.      The Operator processes the personal data of the Users for the following purposes:  – providing feedback from the Operator’s Specialists at the request of the Users  – ensuring the fulfillment of the obligations of the Operator to the Users  – for market research purposes  – statistical purposes  – for other purposes, if the relevant actions of the Operator do not contradict the current legislation, the activities of the Operator, and the consent of the User has been obtained for the processing.   7.     The Operator processes the personal data of the Users by performing any action (operation) or a combination of actions (operations) performed with or without automation, including the following: – collection  – recording  – systematization  – accumulation – clarification (update, change)  – use  – depersonalization  – blocking  – removal  – deleting.    2.     Principles of processing personal data    1.     When processing personal data, the Operator is guided by the following principles:  – legality and justice – confidentiality  – actuality and reliability of obtaining the consent of the Users to the processing of personal data  – exclusive processing of personal data that correspond to their processing  – compliance of the content and volume of processed personal data with the stated processing goals. The processed personal data should not be redundant in relation to the stated purposes of their processing  – inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other  – storage of personal data in a form that allows to determine the subject of personal data, no longer than it is required by the purpose of processing personal data  – termination or depersonalization of personal data to achieve the goals, their processing or in case of loss of need to achieve these goals.    2.     The processing of personal data by the Operator is carried out in compliance with the principles and rules provided for:  – of the Federal Law of July 27, 2006 Nr. 152-FZ «On Personal Data»  – from the present Rules  – from the Decree of the Government of the Russian Federation dated November 1, 2012 Nr. 1119 «About the approval of the requirements for the protection of personal data during their processing in personal data information systems»  – From the decision of the FSTEC of Russia dated February 18, 2013 Nr. 21 «About the approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems»  – From other regulatory and non-regulatory legal acts regulating the processing of personal data.   3.     Receiving personal data    1.     Personal data of the Users is received by the Operator:  – by the Users in the course of submitting forms, filling out registration forms on the Operator’s website or sending it by e-mail, by phone message or in other ways that do not contradict the legislation of the Russian Federation and the requirements of international legislation on the protection of personal data.    2.     The Operator receives and begins processing the personal data of the User in the moment he receives his consent. Consent to the processing of personal data is given by the Users from the moment the website starts being used, including by ticking the boxes «I agree with the user agreement», «I give consent to the processing of personal data», via the performance by the User of specific actions.   3.     The User may at any time withdraw his consent to the processing of personal data. In order to withdraw consent to the processing of personal data, it is necessary to submit a corresponding notification to the Operator using available means of communication.    4.     The User has the right to choose which personal data will be provided to the Operator. However, in case of incomplete provision of the necessary data, the Operator does not guarantee the subject’s ability to use all the services and products of the Site.    4.     Rules and procedure for processing personal data      1.     The operator takes technical and legal measures to ensure the protection of personal data from unauthorized or accidental access to it, termination, modification, blocking, copying, distribution, as well as from other illegal actions.    2.      When transferring personal data, the Operator complies with the following requirements:  – does not disclose personal data of the Users subject to a third party without express consent, unless it is necessary in order to process personal data, to prevent threats to the life and health of the User, as well as in cases established by law  – does not disclose personal data for commercial purposes without the express consent of the subject of personal data  – informs the persons receiving personal data that these data can only be used for the purposes for which they are communicated, and requires these persons to take appropriate measures to protect personal data. Persons receiving the User’s personal data are required to comply with confidentiality  – Allows access to personal data only to authorized persons, while these persons should be entitled to receive only those personal data that are necessary to perform specific functions.    3.     The Operator has the right to disclose any information collected about the User of this Site, if disclosure is necessary in connection with an investigation or complaint regarding the misuse of the Site, or to establish (identify) a User who may violate or interfere with the rights of the Site Administration or the rights of other Users Site, as well as to comply with the provisions of applicable law or court decisions, to ensure compliance with the terms of this Agreement and to protect the rights or safety of other Users and any third parties.    4.     Third parties shall independently determine the list of other persons (their employees) having direct access to such personal data and (or) carrying out their processing. The list of these persons, as well as the procedure for access and (or) processing of personal data by them, is approved by internal documents of the Third Party.    5.     The Operator does not sell or provide personal data to third parties for marketing purposes not provided for by these Rules, without the direct consent of the Users. The Operator can combine anonymized data with other information received from third parties and use it to improve and personalize services, content and advertising.    6.     The processing of personal data is carried out on the territory of the Russian Federation. The Operator reserves the right to choose any channels for transmitting information about personal data, as well as the content of the transmitted information.    7.     Personal information collected online is stored by the Operator and / or by service providers in databases protected by physical and electronic means of control, access control system technologies and other acceptable security measures.    8.     The User acknowledges, confirms and agrees that the technical processing and transmission of information on the Operator’s Website may include data transmission over various networks, including unencrypted Internet communication channels, which are never completely confidential and secure. 9.     The User also understands that any messages and / or information sent via the Operator’s Server may be read and / or intercepted by third parties without the Operator’s authorization.       5.    Final provisions    1.     In the event of any disputes or disagreements related to the implementation of these Rules, the User and the Operator will make every effort to resolve them through negotiations between them. In the event that disputes are not resolved through negotiations, disputes shall be resolved in the manner established by the current legislation of the Russian Federation.    2.     These Rules come into force for the User from the moment he / she starts using the Operator’s Website.    3.     These Rules may be amended and / or supplemented by the Operator at any time during the term of the Rules at its discretion without the need to obtain the consent of the User. All changes and / or additions are posted by the Operator in the appropriate section of the Site and take effect on the day of such publication. The User undertakes to timely and independently familiarize himself / herself with all changes and / or additions. If the User does not agree with the amended Rules, he / she is obliged to stop accessing the Site, stop using the materials and services of the Site.