1. General Provisions
1.2. The Policy uses concepts in the sense that they are defined in clause 1.6 of the Policy. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.3. The operator independently or jointly with other persons organizes the processing of personal data, and also determines the purposes of processing personal data, determines the actions (operations) performed with personal data.
1.4. The Policy applies to all personal data that the Operator receives from the Users of the Site.
1.5. In pursuance of the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunication network on the Site.
1.6. Basic concepts used in the Policy:
1.6.1. Personal data - any information relating directly or indirectly to a specific or identifiable User of the Site;
1.6.2. Site - a set of logically interconnected web pages (web documents) located on the Internet at: https://www.ructrims.org;
1.6.3. User - any person who provided information to the Operator using the Site;
1.6.4. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
1.6.5. Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among other things:
clarification (update, change);
transfer (distribution, provision, access);
1.6.6. Automated processing of personal data - processing of personal data using computer technology;
1.6.7. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
1.6.8. Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
1.6.9. Depersonalization of personal data - actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
1.6.10. Blocking of personal data - temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);
1.6.11. Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
1.6.12. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2. Purposes of personal data processing
2.1. The processing of personal data by the Operator is carried out for the following purposes:
2.1.1. Processing of User applications for the purpose of concluding agreements with Users by the Operator;
2.1.2. Conclusion and execution by the Operator of agreements with Users;
2.1.3. Providing Users with access to information and materials contained on the Site;
2.1.4. Informing Users about goods, services, advertising and other activities of the Operator;
2.1.5. Other purposes necessary for the Operator to comply with the legislation on personal data.
3. Categories of personal data processed
3.1. The Operator processes the following personal data of Users:
3.2. The Operator collects and processes impersonal data about visitors (including cookies) using Internet statistics and advertising services (Yandex Metrika, Google Analytics and others).
3.3. The Operator does not process the special categories of personal data provided for by the Law on Personal Data.
3.4. The Operator does not process the biometric categories of personal data provided for by the Law on Personal Data.
4. Procedure and conditions for processing personal data
4.1. The processing of personal data is carried out by the Operator with the consent of the Users to the processing of their personal data, as well as without it in cases provided for by law. The User's consent to the processing of personal data is considered received by the Operator from the moment the User puts a special mark in the appropriate field of the personal data collection form posted on the Site.
4.2. The Operator carries out Automated processing of personal data.
4.3. The operator processes personal data in a form that allows to determine the subject of personal data, no longer than required by the purposes of processing personal data.
4.4. Upon reaching the goals of processing personal data, as well as in the event that the User revokes consent to their processing, personal data is subject to destruction, except as otherwise provided by law.
4.5. The operator implements the following requirements for the protection of personal data:
4.5.1. requirements for confidentiality of personal data;
4.5.2. requirements to ensure the exercise by the subject of personal data of their rights, including the right to access information;
4.5.3. requirements to ensure the accuracy of personal data, and, if necessary, relevance in relation to the purposes of processing personal data (with the adoption (ensuring the adoption) of measures to delete or clarify incomplete or inaccurate data);
4.5.4. requirements for the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
4.5.5. other requirements stipulated by the legislation.
4.6. The operator takes the following measures, necessary and sufficient to ensure the fulfillment of the obligations stipulated by law regarding the processing and protection of personal data:
4.6.1. appointment of the Person responsible for ensuring the security of personal data;
4.6.2. determination of the list of employees admitted to work with personal data;
4.6.4. application of legal, organizational and technical measures to ensure the security of personal data, in particular:
- determination of threats to the security of personal data during their processing in the Personal Data Information System;
- application of organizational and technical measures to ensure the security of personal data during their processing in the Personal Data Information System, necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
- application of procedures for assessing the conformity of information security tools that have passed in the prescribed manner;
- establishment of rules for access to personal data processed in the Personal Data Information System;
- control over the measures taken to ensure the security of personal data and the level of security of the Personal Data Information System;
4.6.5. implementation of internal control over the compliance of the processing of personal data with the Law on Personal Data and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Operator's policy regarding the processing of personal data, local acts of the Operator;
4.6.6. familiarization of employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, as well as with this Policy.
4.7. The Operator has the right to transfer the User's personal data to third parties in the following cases:
4.7.1. The user has agreed to such actions;
4.7.2. The transfer is necessary in order to fulfill the contract concluded with the User by the Operator;
4.7.3. The transfer is necessary in order to provide the User, at his request, with access to certain services of the Site;
4.7.4. The transfer is provided for by applicable law;
4.7.5. The transfer of personal data is carried out for statistical or other research purposes, with the exception of the purposes specified in Article 15
of the Law on Personal Data, subject to the mandatory depersonalization of personal data.
4.8. When collecting personal data of Users, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the Personal Data Law.
5. The procedure for interaction between Users and the Operator
5.1. Users have the right to request information from the Operator regarding the processing of their personal data. To do this, you need to send a request to the email address: email@example.com. The User's request must contain the information provided for in paragraph 3 of Article 14 of the Law on Personal Data.
5.2. Users have the right to send requests for clarification, updating of personal data, applications for withdrawal of consent to the processing of personal data to the email address specified in clause 5.1 of the Policy.