1. General Provisions 1.1 This Privacy and Personal Data Processing Policy (hereinafter referred to as the "Policy") determines the procedure and conditions for processing information about an individual , which can be received by the Operator from this individual or from his legal representative (hereinafter referred to as the "User" or "Personal Data Subject"), in the event of the following relationship with the Personal Data Subject:
a) when using the functions of the site http://deepgaze.online, including all its domains, subdomains, and pages, their content, as well as Internet services and software offered by the Operator for use on this site (hereinafter referred to as the "Site") ; b) when the Operator exercises the rights and obligations established by the agreements/contracts to which the Operator is a party;
c) when processing appeals, complaints, requests, and messages sent by the Operator and the User to each other. 1.2 The purpose of the Policy is to ensure the proper legal regime for personal data. The policy may not contain provisions restricting the rights and freedoms of the subject of personal data, establishing the cases of processing personal data of minors, unless otherwise provided by the legislation of the Russian Federation, as well as provisions allowing, as a condition for concluding an agreement or expressing consent, the inaction of the subject of personal data.
2. Legal basis for the processing of personal data
2.1 The legal grounds for the processing of personal data are: a) consent to the processing of personal data, expressed in the manner prescribed by law and this Policy; b) agreements concluded between the Operator and the User; c) local regulations of the Operator in the field of personal data.
2.2 The subject of personal data decides to provide his personal data and agrees to their processing freely, by his own will, and in his own interest. The inaction of the subject of personal data cannot be understood as consent. Consent to the processing of personal data must be specific, informed, conscious, and unambiguous. Consent to the terms of the Policy can be expressed by the subject of personal data through any of the following actions: a) conclusion of an agreement with the Operator, provided that the User is given the opportunity to read the full text of this Policy in each place of personal data collection; or
b) putting a symbol in the checkbox (in the input field) on the Site next to the text, provided that the User is given the opportunity to read the full text of this Policy in each place where personal data is collected.
2.3. In pursuance of the requirements p. 2 Article. 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator's website: http://deepgaze.online.
3. Procedures and conditions for processing personal data
3.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
3.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it. in cases stipulated by the legislation of the Russian Federation.
3.3. Consent to the processing of personal data is provided when filling out special subscription forms on the Operator's website, when making an application for the conclusion of the relevant service agreement (acceptance of a public offer), or directly when making payment for services under the specified agreement (acceptance of a public offer) by putting a "tick" in a special "checkbox".
3.4. Consent to the processing of personal data authorized by the subject of personal data for distribution is issued separately from other consents of the subject of personal data to the processing of his personal data.
3.5. The transfer of personal data about the subject to third parties is prohibited. Exceptions are:
3.5.1. Transfer with the consent of the user.
3.5.2. Transfer to authorized bodies in accordance with the law.
3.5.3. Transfer of personal data to partners or service providers of the Operator - companies that process personal data on a special document-instruction of the Operator.
3.5.4. The recipient of the Operator's services or a visitor to the Site as a subject of personal data is notified and agrees to the objective need that arises during the operation of the Site and the receipt of the Operator's services to allow access to their personal data for the Operator's software and third parties (partners or service providers of the Operator). This access is provided solely for the purposes defined by this Policy.
3.5.4.1 Partners and service providers acting on behalf of the Operator and on the basis of relevant agreements concluded with the Operator: Limited Liability Company "TILDA PUBLISHING" Primary state registration number: 1177746176211, TIN: 7722391042. Legal address: 107031, Moscow, Kuznetsky Most street, 19 building 1, fl. 2/I room 28.
3.6. The transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund, the Social Insurance Fund, and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
3.7. The operator carries out both automated and non-automated processing of personal data.
3.8. The Operator does not intentionally process the personal data of minors. The Contractor recommends using the site for persons over 18 years of age. Responsibility for the actions of minors, including their purchase of services on the Site, lies with the legal representatives of minors. All visitors under the age of 18 are required to obtain permission from their legal representatives before providing any personal information about themselves.
If the Operator becomes aware that he has received personal information about a minor without the consent of legal representatives, then such information will be deleted as soon as possible.
3.9. The Operator generally does not verify the accuracy of the personal information provided by the subjects of personal data and does not exercise control over their legal capacity. The risk of providing inaccurate personal data, including the provision of data from third parties as their own, is borne by the subject of personal data.
3.10. The operator assumes that:
3.10.1. The subject of personal data provides reliable and sufficient personal information that is up-to-date.
3.10.2. The subject of personal data is familiar with this Policy, expresses his informed consent to it.
3.11. The operator takes the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution, and other unauthorized actions, including:
- determines threats to the security of personal data during their processing;
- adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
- appoints persons responsible for ensuring the security of personal data in structural subdivisions and information systems of the Operator;
- creates the necessary conditions for working with personal data;
- organizes accounting of documents containing personal data;
- organizes work with information systems in which personal data is processed;
- stores personal data in conditions under which their safety and illegal access to them are excluded.
4. Purposes of personal data processing
4.1. Only personal data that meet the purposes of their processing are subject to processing. The operator processes personal data to achieve the following goals:
4.1.1. Purpose: authentication of the subject of personal data for the conclusion of a contract for the provision of services. Categories and list of processed data: last name, first name, phone number, e-mail, date of birth, nickname in Telegram. Categories of subjects whose personal data is processed: Users of the Site.
Processing methods: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, depersonalization, transfer (access, provision), blocking, deletion, and destruction of personal data. Processing and storage period: until the personal data subject receives a request to terminate processing or withdraw consent, or 10 (ten) years.
The procedure for the destruction of personal data upon reaching the purpose of their processing or upon the occurrence of other legal grounds: the person responsible for the processing of personal data shall erase the data by overwriting (replacing all information storage units with "0") and drawing up an act on the destruction of personal data.
4.1.2. Purpose: communication with the User, sending messages, notifications, requests, answers, documents, and messages of an advertising or informational nature to the User.
Categories and list of processed data: first name, last name, phone number, e-mail, Telegram nickname. Categories of subjects whose personal data is processed: Users of the site Processing methods: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, depersonalization, blocking, deletion, and destruction of personal data. Processing and storage period: until the personal data subject receives a request to terminate processing or withdraw consent, or 10 (ten) years.
The procedure for the destruction of personal data upon reaching the purpose of their processing or upon the occurrence of other legal grounds: the person responsible for the processing of personal data shall erase the data by overwriting (replacing all information storage units with "0") and drawing up an act on the destruction of personal data.
4.1.3. Purpose: processing of appeals, complaints, requests, and messages sent by the Operator and the User to each other. Categories and list of processed data: last name, first name, telephone, e-mail, message text (if the message text contains personal data).
Categories of subjects whose personal data is processed: Users of the site Processing methods: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, depersonalization, transfer (access, provision), blocking, deletion, and destruction of personal data. Processing and storage period: until the personal data subject receives a request to terminate processing or withdraw consent, or 10 (ten) years.
The procedure for the destruction of personal data upon reaching the purpose of their processing or upon the occurrence of other legal grounds: the person responsible for the processing of personal data shall erase the data by overwriting (replacing all information storage units with "0") and drawing up an act on the destruction of personal data.
4.1.4. Purpose: conclusion, execution, modification and termination of contracts to which the party are
Categories of subjects whose personal data are processed: counterparty (individual).
Categories and list of processed data: full name, data from a passport or other identification document;
TIN;
Personal insurance policy number;
registration address;
contact phone number;
E-mail address;
Bank details.
Processing methods: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, depersonalization, transfer (access, provision), blocking, deletion, and destruction of personal data. Processing and storage period: until the personal data subject receives a request to terminate processing or withdraw consent, or 10 (ten) years.
The procedure for the destruction of personal data upon reaching the purpose of their processing or upon the occurrence of other legal grounds: the person responsible for the processing of personal data shall erase the data by overwriting (replacing all information storage units with "0") and drawing up an act on the destruction of personal data.
4.1.5. Purpose: The user leaves feedback on the services of the Operator.
Categories and list of processed data: last name, first name, text of the message (if the text of the message contains personal data), data of the User's social network accounts, image data: photographs, videos, and other technical fixation of face and body images. Categories of subjects whose personal data is processed: Users of the site Processing methods: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, depersonalization, transfer (access, provision), blocking, deletion, and destruction of personal data.
Processing and storage period: until the personal data subject receives a request to terminate processing or withdraw consent, or 10 (ten) years. The procedure for the destruction of personal data upon reaching the purpose of their processing or upon the occurrence of other legal grounds: the person responsible for the processing of personal data shall erase the data by overwriting (replacing all information storage units with "0") and drawing up an act on the destruction of personal data.
4.2. The Operator's website uses cookies (Cookies) and visitor data from traffic statistics services (IP address, information from cookies, information about the browser, access time to the site, address of the page on which the ad unit is located, referrer (address of the previous page), and other data). With the help of this data, information is collected about the actions of visitors on the Site in order to improve its content, improve its functionality, and, as a result, create high-quality content and services for visitors.
The subject of personal data can at any time change the settings of his browser so that all cookies are blocked or notifications are made about their sending. At the same time, the subject must understand that some functions and services of the Operator will not be able to work properly. 5. Storage and destruction of personal data.
5.1. The operator stores personal data in a form that allows to determine the subject of personal data, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law, contract, or agreement.
5.2. Personal data of subjects can be obtained, further processed, and transferred to storage both on paper and in electronic form.
5.3. Personal data recorded on paper is stored in locked cabinets or locked rooms with limited access rights.
5.4. Personal data of subjects processed using automation tools for different purposes is stored in different folders.
5.5. It is not allowed to store and place documents containing personal data in open electronic catalogs (file hosting) in the personal data information system.
5.6. The storage of personal data in a form that allows determining the subject of personal data is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
5.7. In the event of a request for deletion or withdrawal of consent to processing, or in connection with the achievement of the purposes of processing personal data, the Operator undertakes to stop processing personal data and destroy personal data within a period not exceeding 10 calendar days from the date of withdrawal of consent or achievement of the purpose of processing personal data .
5.8. The term may be extended, but not more than 5 working days, in the case of sending a reasoned notice indicating the reasons for the extension.
5.9. Personal data is destroyed by erasing it from the database, formatting the media, or mechanically damaging hard drives. If personal data was processed in a non-automated way, it could be destroyed by burning, crushing (grinding), or chemical decomposition. The procedure for documenting the fact of destruction of personal data is determined independently by the operator. For the destruction of PD, a special commission is usually convened, and, based on the results of its activities, an act on the destruction of PD is drawn up.
5.10. Destruction of personal data is carried out in the following cases: provision by the user of information confirming that the PD is illegally obtained or not necessary for the stated purpose of processing - within 7 working days from the date of submission of such information (part 1 of article 14, part 3 of article 20 of Law N 152-FL) ; detection of illegal processing of personal data - within 10 working days (part 3 of article 21 of Law N 152-FL);
withdrawal of personal data by the User - within 30 days (part 5 of article 21 of Law N 152-FL; achievement of the purpose of processing personal data - within 30 days (part 4 of article 21 of Law N 152-FL); expiration of the personal data storage period - within 30 days (part 4 of article 21 of Law N 152-FL).
5.11. In the event that the subject of personal data withdraws consent to the processing of personal data or the consent expires, the subject of personal data sends a request to stop processing personal data, the Operator has the right to block the data and process them in archive form for 3 (three) years.
6. Protection of personal data
6.1. The personal data protection system complies with the requirements of Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems." In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (SPPD), consisting of subsystems of legal, organizational, and technical protection.
6.2. The subsystem of legal protection is a complex of legal, organizational, administrative, and regulatory documents that ensure the creation, operation, and improvement of the CPAP. 6.3. The subsystem of organizational protection includes the organization of the management structure of the SPPD, the permit system, and the protection of information during work with partners and third parties.
6.4. The technical protection subsystem includes a set of technical, software, and hardware tools that ensure the protection of personal data.
6.5. The main personal data protection measures used by the Operator are:
6.5.1. Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training, and instruction.
6.5.2. Determination of actual threats to the security of personal data during their processing in the information system of personal data and development of measures for the protection of personal data.
6.5.3. Development of a policy regarding the processing of personal data.
6.5.4. Establishing rules for access to personal data, as well as ensuring the registration and accounting of all actions performed with personal data.
6.5.5. The use of information security tools that have passed the conformity assessment procedure in the prescribed manner.
6.5.6. Certified anti-virus software with regularly updated databases.
6.5.7. Compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them.
6.5.8. Detection of facts about unauthorized access to personal data and taking action.
6.5.9. Recovery of personal data modified or destroyed due to unauthorized access to them.
6.5.10. Implementation of internal control and audit.
7. Basic rights of the Subject of personal data and obligations of the Operator
7.1. The subject of personal data has the right:
- to receive personal data relating to this subject, and information regarding their processing;
— to clarify, block, or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing;
- to withdraw their consent to the processing of personal data;
— to protect their rights and legitimate interests, including compensation for losses and compensation for moral damage in court;
- to appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.
7.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law "On Personal Data".
7.3. The request must contain:
- number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the specified document and the issuing authority;
- information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation, and/or other information), or information otherwise confirming the fact of processing personal data by the Operator;
- signature of the personal data subject or his representative.
7.4. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation. If the appeal (request) of the subject of personal data does not reflect the requirements of the Law on Personal Data, all the necessary information is not provided, or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him. 7.5. The right of the subject of personal data to access his personal data may be limited in accordance with Part 8 of Art. 14 of the Law on Personal Data, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.
7.6. In the event that inaccurate personal data is detected when the personal data subject or his representative contacts, at their request, or at the request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
7.7. If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the subject of personal data, his representative, Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
7.8. If unlawful processing of personal data is detected when a personal data subject, his representative, or Roskomnadzor contacts (requests), the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment such a request or receipt of a request is made.
8. Responsibility of the Parties
8.1. The Operator, who has not fulfilled its obligations, is liable for losses incurred by the User in connection with the unlawful use of personal data, in accordance with the legislation of the Russian Federation.
8.2. In case of leakage of personal data by the subject, the Operator is obliged to notify the relevant state authorities about the leakage of personal data and the results of the investigation of this leakage within the time limits stipulated by the current legislation of the Russian Federation.
9. Final provisions
9.1. The operator has the right to make changes to this Policy without the consent of the subjects of personal data.
9.2. The new Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Privacy Policy.
10. Details of the Operator
Sole proprietor Ekaterina Glebovna Kornilova
Primary State Registration Number of Individual Entrepreneur: 320527500097840
TIN: 526213931347
Settlement account: 40802810801500249210
Name of the bank: public company BANK "FC OTKRITIE"
BIC: 044525999
Corr. account: 30101810845250000999
Email: info@kornilovakat.ru