Personal Data Processing Policy
The policy of the owner of the Internet site https://eurosaleonline.com (hereinafter referred to as the site owner) regarding the processing of personal data and the implementation of personal data protection requirements.
1.1 This document defines the website owner's policy regarding the processing of personal data and the implementation of personal Data protection requirements (hereinafter – the policy) in accordance with the requirements of art. 18.1 of the federal law of 27.07.2006 № 152-FZ "on personal data".
1.2 The following basic concepts are used in this policy:
Personal Data – any information that relates directly or indirectly to a specific or identifiable person (the subject of personal data);
operator – A state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal Data, the composition of personal data to be processed, the actions (operations) performed with personal data;
Processing of personal data – any action (operation) or a set of actions (operations), committed with the use of automation means or without the use of such means with personal data, including collection, recording, Systematisation, Accumulation, storage, refinement (updating, modification), retrieval, use, transfer (distribution, granting, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data – processing of personal data by means of computer equipment;
Dissemination of personal data – actions aimed at disclosing personal data to an unspecified circle of persons;
Providing personal data – actions aimed at disclosing personal data to a certain person or to a certain circle of persons;
Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary for specification of personal data);
Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which destroyed material carriers Personal data;
Depersonalization of personal data – actions, which make it impossible without the use of additional information to determine the identity of personal data to a specific subject of personal data;
Information System of personal data – the set of personal data contained in the databases and providing their processing of information technologies and technical means.
2. Principles of processing of personal data of the site owner:
2.1 The processing of personal data is carried out on a legal and fair basis;
2.2 The processing of personal data is limited to the achievement of specific, predetermined and lawful purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed;
2.3 It is not allowed to combine databases containing personal data which are processed for purposes incompatible with each other;
2.4 Only personal data that meets the purpose of processing shall be processed;
2.5 The content and volume of the processed personal data correspond to the stated purposes of processing and are not redundant in relation to the stated purposes of their processing;
2.6 The processing of personal data ensures the accuracy of personal data, its adequacy and, where necessary, the relevance to the purposes of processing personal data. Necessary measures are taken to remove or refine incomplete or inaccurate data;
2.7 The storage of personal data is carried out in a form that allows to determine the subject of personal data, no longer than this requires the purpose of processing personal data, if the period of storage of personal data is not established by federal law, contract to which the beneficiary or the guarantor on which the subject of personal data is a party. The personal data processed upon reaching the processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided by the Federal law, shall be destroyed or depersonalization.
3. Legal basis for the processing of personal data.
Processing of personal data by the website owner is carried out in accordance with the federal law of July 27, 2004. № 79-FZ "On the state civil service of the Russian Federation", federal Law of July 27, 2006. № 152-FZ "On personal data", Labour Code of the Russian Federation, by the Decree of the President of the RF dated May 30, 2005. № 609 "On approval of the regulations on personal data of the state civil servant of the Russian Federation and the conduct of his personal business", by the Government of the Russian Federation of 01.11.2012 № 1119 "On approval of the requirements for the protection of personal data Their processing in information systems of personal data ", by the decision of the Government of the Russian Federation of July 6, 2008. № 512 "On approval of requirements to material carriers of biometric personal data and technologies of storage of such data outside information systems of personal data", by the decree of the Government of the Russian Federation of September 15, 2008. № 687 "On approval of the regulations on peculiarities of processing of personal data carried out without the use of automation means", by the decision of the Government of the Russian Federation of March 21, 2012. № 211 "On approval of the list of measures aimed at ensuring fulfillment of the obligations stipulated by the Federal law" on personal data "and the normative legal acts adopted in accordance with it, by the operators being state or municipal authorities. "
4. purposes of personal data processing.
Processing of personal data by the site owner is carried out for the purpose of functioning of site and for communication of the site owner with subject of personal data.
5. Composition and subjects of personal data.
5.1 The operator performs processing of the following categories of personal data: surname, first name, patronymic, address, telephone, e-mail address (e-mail), user data (location information; Type and version of the OS; Type and version of the browser; type Device and screen resolution; Source from which the user came to the site; from which site or on what advertising; OS and browser language Which pages opens and which buttons the user clicks; IP address).
5.2 Subjects of personal data (individuals)-users who have left the application on the Internet site https://eurosaleonline.com or contacted through the form of feedback.
6. Processing of personal data.
6.1 Processing of personal data is carried out by the owner of the site using the means of automation, as well as without using such means (on paper media).
6.2 The operator shall not provide or disclose information containing personal data of the subjects to a third party without the written consent of the subject of personal data, except in cases where it is necessary to prevent the threat of life and Health, as well as in cases established by federal laws.
6.3 The personal data of the personal subject without his consent may be transferred to the following based on a reasoned request solely for performance of the functions and powers assigned by law:
To the judicial authorities in connection with the implementation of justice;
– To the Federal Security Service bodies;
-to the prosecutor's office;
– to police authorities;
-to other bodies and organizations in cases, established by normative legal acts, obligatory for execution.
6.4 The terms of storage of personal data carriers are determined by the site owner nomenclature. The procedure for the destruction of personal data carriers is set by the manual.
7. Confidentiality of personal data.
7.1 Information relating to personal data that has become known in connection with the implementation of the employment relationship and in connection with the provision of public services and the exercise of public functions is confidential and protected by law.
7.2 Public civil servants and other persons who have gained access to processed personal data have signed an obligation to non-disclosure of confidential information, as well as warned of possible disciplinary, administrative, Civil and criminal liability in case of violation of the norms and requirements of the current legislation of the Russian Federation in the field of personal data processing.
8. Rights of the subjects of personal data.
8.1 The subject of personal data is entitled to receive information concerning the processing of his personal data, including:
8.1.1 confirms the fact of processing of personal data by the operator;
8.1.2 The legal basis and purpose of personal data processing;
8.1.3 aims and the operator's methods of processing personal data;
8.1.4 the name and location of the operator, information about the persons (except employees/employees of the operator) who have access to personal data or which can be disclosed personal data on the basis of a contract with the operator or Federal law;
8.1.5 processed personal data relating to the relevant subject of personal data, the source of their receipt, unless otherwise provided by federal law;
8.1.6 terms of processing of personal data, including terms of their storage;
8.1.7 the procedure for the implementation by the subject of personal data of rights stipulated by the Federal law "on personal data";
8.1.8 to provide information on the alleged transboundary transmission of data;
8.1.9 the name or surname, name, patronymic and address of the person carrying out the processing of personal data on behalf of the operator, if the processing is entrusted or will be entrusted to such person;
8.1.10 Other information provided by the federal law "on personal data" or other federal laws.
8.2 The subject of personal data is entitled to require the operator to clarify his personal data, to block or to destroy it in the event that personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take statutory measures to protect their rights.
8.3 If the subject of personal data considers that the operator performs the processing of his personal data in violation of the requirements of the federal law "on personal data" or otherwise violates his rights and freedoms, the subject of personal data shall have the right To appeal the actions or omissions of the operator to the higher body on protection of the rights of subjects of personal data (Federal service for supervision in the sphere of communications, information technologies and mass Communications – Roskomnadzor) or in a court order.
8.4 The subject of personal data has the right to the protection of his rights and lawful interests, including compensation for damages and (or) compensation of moral harm in court.
8.5 Other rights defined in chapter 3 of the Federal law "on personal data".
9. Measures aimed at ensuring that the site owner perform the duties provided for in art. Church. 18.1, 19 of the federal law "on personal data".
9.1 Appointed responsible for the organization of personal data processing by the site owner.
9.2 The owner of the site approved the regulations on the processing of personal data, other local acts, establishing procedures aimed at detecting and preventing violations of the legislation of the Russian Federation in the field of personal data, as well as Defining for each purpose of processing of personal data the contents of processed personal data, categories of subjects, personal data of which are processed, terms of their processing and storage, order of destruction at achievement of processing purposes Or at the onset of other lawful grounds;
9.3 The legal, organizational and technical measures provided by the relevant normative legal acts to ensure the safety of personal data during their processing in information systems of personal data of the site owner shall be applied.
9.4 When processing personal data carried out without the use of automation means, the requirements established by the decision of the Government of the Russian Federation of September 15, 2008 are fulfilled. № 687 "On approval of the regulations on peculiarities of processing of personal data carried out without the use of automation means";
9.5 In order to carry out internal control of compliance of personal data processing with the established requirements the site owner is organized periodic checks of personal data processing conditions.
9.6 All persons directly carrying out the processing of personal data shall be familiarized with the provisions of the legislation of the Russian Federation on personal data (including the requirements for the protection of personal data), local Personal data processing.
9.7 The owner of the site is responsible for the breach of obligations to ensure the security and confidentiality of personal data when processed in accordance with the laws of the Russian Federation.
9.8 The owner of the site is included in the register of personal data operators.