Privacy policy regarding the processing of personal data of subjects ip zabelin n. n.
-
Purpose and scope of this document
The policy of IP Zabelin N.N. (hereinafter referred to briefly as the «Individual Entrepreneur») regarding the processing of personal data (hereinafter briefly referred to as the «Policy») determines its position and intentions in the field of processing and protecting personal data of any subjects, with the aim of observance and protection of the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets, protection of one’s honor and good name.
-
Definitions
Personal data — any information relating to a directly or indirectly identified or identifiable natural person (citizen). That is, such information, in particular, can include: full name, contact phone number and address, as well as other information.
Processing of land data — any action (operation) or a set of actions (operations) with personal, profitable using means of circulation or without the use of such means. Such actions (operations) include: collection, receipt, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, pollution, access), depersonalization, blocking, deletion, destruction of data destruction.
-
An individual entrepreneur processes personal data of the following persons:
- entities with which various civil law agreements have been concluded;
- various clients and counterparties of an individual entrepreneur;
- registered users of the site nuw.store;
- representatives of suppliers — legal entities and organizations.
-
Principles and conditions for the processing of personal data:
- Under the security of personal data, an individual entrepreneur understands the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data and takes the necessary legal, organizational and technical measures to protect personal data;
- The processing and security of personal data by an individual entrepreneur is carried out in accordance with the requirements of the Constitution of the Russian Federation, Federal Law No. 152-FZ «On Personal Data», by-laws, other federal laws of the Russian Federation defining cases and features of personal data processing, guidelines and methodological documents FSTEC of Russia and FSB of Russia;
-
When processing personal data, an individual entrepreneur adheres to the following principles legitimacy and fairness;
- limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
- preventing the processing of personal data that is incompatible with the purposes of collecting personal data;
- preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
- processing of personal data that meet the purposes of their processing;
- content matching.
-
An individual entrepreneur processes personal data only if at least one of the following conditions is met:
- the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
- the processing of personal data is necessary to achieve the goals provided for by law, to implement and fulfill the functions, powers and duties assigned by the legislation of the Russian Federation to the operator;
- the processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
- the processing of personal data is necessary for the exercise of the rights and legitimate interests of the Individual Entrepreneur or third parties, or for the achievement of socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
- processing of personal data is carried out, access of an unlimited circle of persons to which is provided by the subject of personal data or at his request;
- processing of personal data subject to publication or mandatory disclosure in accordance with federal law.
- An individual entrepreneur has the right to entrust the processing of personal data of citizens to third parties, on the basis of an agreement concluded with these persons. Persons processing personal data on behalf of the Individual Entrepreneur undertake to comply with the principles and rules for the processing and protection of personal data provided for by Federal Law No. 152-FZ «On Personal Data». For each person, a list of actions (operations) with personal data that will be performed by a legal entity processing personal data, the purposes of processing, the obligation of such a person to maintain confidentiality and ensure the security of personal data during their processing, as well as requirements for the protection of processed personal data data;
- In cases established by the current legislation of the Russian Federation, an Individual Entrepreneur has the right to transfer personal data of citizens;
- For the purpose of information support, an Individual Entrepreneur may create publicly available sources of personal data of employees, including directories and address books. With the consent of the employee, public sources of personal data may include his last name, first name, patronymic, date and place of birth, position, contact phone numbers, e-mail address. Information about the employee must be excluded from public sources of personal data at any time at the request of the employee or by decision of the court or other authorized state bodies;
- An individual entrepreneur destroys or depersonalizes personal data upon reaching the goals of processing or in case of loss of the need to achieve the goal of their processing.
-
Rights of the subject of personal data
An individual whose personal data is being processed has the right to receive from the Individual Entrepreneur the following:
- confirmation of the fact of processing his personal data;
- legal grounds and purposes of personal data processing;
- information about the methods used by the Individual Entrepreneur to process personal data;
- information about persons who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with an Individual Entrepreneur or on the basis of federal law;
- a list of processed personal data relating to the citizen from whom the request was received and the source of their receipt, unless a different procedure for providing such data is provided by federal law;
- information about the terms of processing personal data, including the terms of their storage;
- the name and address of the person who processes personal data on behalf of the Individual Entrepreneur;
- other information provided for by the Federal Law «On Personal Data» No. 152-FZ or other federal laws;
- demand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
- withdraw your written consent to the processing of personal data;
- demand the elimination of unlawful actions of the Individual Entrepreneur in relation to his personal data;
- appeal against the actions or inaction of the Individual Entrepreneur to the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court if the citizen believes that the Individual Entrepreneur is processing his personal data in violation of the requirements of Federal Law No. 152- Federal Law «On Personal Data» or otherwise violates his rights and freedoms.
-
Responsibility
In case of failure to comply with the provisions of this Policy, the Individual Entrepreneur is liable in accordance with the current legislation of the Russian Federation.
The nuw.store website publishes the current version of the «Personal Data Processing Policy».
Information on the implemented requirements for the protection of personal data When processing personal data, an individual entrepreneur takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
Such measures in accordance with Federal Law No. 152-FZ «On Personal Data» include:
- identification of threats to the security of personal data during their processing in information systems of personal data;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
- the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
- the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
- detection of facts of unauthorized access to personal data and taking measures;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;
- monitoring user actions, conducting proceedings on violations of personal data security requirements;
- monitoring user actions, conducting proceedings on violations of personal data security requirements;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
- the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure;
- detection of facts of unauthorized access to personal data and taking measures;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;
- monitoring user actions, conducting proceedings on violations of personal data security requirements.