DATA PROTECTION POLICY, CONSENT TO THE PROCESSING OF PERSONAL DATA
1. DEFINITION OF TERMS
1.1 The following terms are used in this Data Protection Policy:
1.1.1 "Site Administration" - employees authorized to manage the site, acting on its behalf, which organizes and/or conducts personal data processing, define the purpose of personal data processing, the scope of personal data to be processed, actions (operations) performed with personal data.
1.1.2. "Personal data" means any data relating directly or indirectly to a specific or identifiable individual (personal data subject).
1.1.3. "Personal data processing" - any action (operation) or set of actions (operations) performed with or without automation means, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, depersonalization, transfer at the request of the court, including to third parties, in compliance with measures ensuring the protection of personal data from unauthorized access, blocking, deletion, destruction of personal data.
1.1.4. "Confidentiality of personal data" - a mandatory requirement for the Operator not to allow its dissemination without the consent of the subject of personal data or availability of other legal grounds.
1.1.5. "Site User" means a person accessing and using the site via the Internet.
1.1.6. "Cookies" - is a small piece of data sent by a web-server and stored on the User's computer, which a web-client or a web-browser sends to a web-server in HTTP-request whenever trying to open a page of the corresponding site.
1.1.7. "IP-address" - the unique network address of a node in an IP-based computer network.
2. GENERAL PROVISIONS
2.1 This Privacy Policy of personal data (hereinafter - Privacy Policy) applies to all the information posted on the website at https://pvubank.com (hereinafter - the Site), which the visitors, other users can obtain about the User while using the site, its services, programs and products.
2.2 Use of the Site's services means the User's unconditional consent to this Policy and the terms of processing his personal information specified therein; in case of disagreement with these terms, the User must refrain from using the services.
2.3 For this Policy, personal information of the User shall mean:
2.3.1 Personal information, which the User provides about himself/herself when registering (creating an account) or using the Services, including the User's personal data. Mandatory for the provision of Services, the information is marked in a special way. The User provides other information at his discretion.
2.3.2 The data which are automatically transmitted to the Services during their use with the help of the software installed on the User's device, including the IP address, cookie data, information about User's browser (or any other program with which the User accesses the Services), technical characteristics of the equipment and software used by the User, date and time of access to the Services, addresses of requested pages and other similar information.
2.3.3 Other information about the User, the processing of which is stipulated by the Agreement on the use of the website.
2.3.4. This Privacy Policy only applies to the Site https://pvubank.com. The Site has no control over and is not responsible for third parties' websites, which can be accessed via the links available on the Site.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1 The Site collects and stores personal data only as necessary for providing services or executing agreements and contracts with the User, except for cases when the law requires mandatory storage of personal data for the period specified by law.
3.2 The Site processes the User's personal data for the following purposes:
3.2.1 Identification of the User, registered on the Site, for providing services or performance of agreements and contracts with the User.
3.2.2 Providing the User with access to the personalized resources of the Site.
3.2.3 Establishment of feedback with User, including sending notices, requests regarding use of the Website, provision of services, processing of claims and applications from the User.
3.2.4 Defining the User's location for security purposes, fraud prevention.
3.2.5 Confirming the accuracy and completeness of the personal data provided by the User.
3.2.6. Providing effective customer and technical support to the User when there are problems associated with the use of the Site.
3.2.7. Performing advertising activities with the User's consent.
4. TERMS OF PERSONAL DATA PROCESSING AND ITS TRANSFER TO THIRD PARTIES
4.1 The Site stores its users' personal data in compliance with the particular service's internal regulations. Processing of the User's personal data shall be performed without time limitations, in any lawful way, including information systems of personal data with or without the use of automation tools.
4.2 The User's personal data is kept confidential, except when the User voluntarily provides information about him/herself for general access to an unlimited number of people. When using particular services, the User agrees that certain portions of their personal information will become publicly available.
4.3 The Site has the right to transfer the User's personal information to third parties in the following cases:
4.3.1. The User has expressed consent to such actions.
4.3.2 The transfer is driven by the need for the User to use a particular service or the performance of a particular agreement or contract with the User.
4.3.4 The transfer is provided by the Russian or other applicable law in the framework of the procedure established by law.
4.3.5 In case of sale of the Website, all obligations to comply with the terms of this Policy in relation to personal data received by the Buyer shall pass to the Buyer.
4.4 Processing of the User's personal data shall be carried out without limitation of time by any lawful means, including personal data information systems with or without the use of automation tools. Processing of users' Personal Data is made in compliance with the Federal Law dated July 27, 2006, N 152-FZ "On Personal Data."
4.5 In case of loss or disclosure of personal data, the Website Administration shall inform the User of the loss or disclosure of personal data.
4.6 The Website Administration shall take the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful acts of third parties.
4.7 The Website Administration, together with the User, shall take all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
5. COOKIE FILES
5.1 Cookies are small text files stored on the User's computer when visiting certain web pages and enable the Site to work more efficiently. Cookies do not contain any personal data about the User and cannot be used to identify an individual user. A cookie often includes a unique identifier, an unknown number (randomly generated) stored on the User's device. Some files are deleted at the end of the session on the Site, others remain on the User's computer long time.
5.2 The cookies used on the Site cannot damage the User's computer in any way. Our company does not store personally identifiable information, such as credit card data, in cookie files, but the Administration of the Site uses the encrypted data received through cookie files to ensure the best user experience. In particular, cookies are used to recognize and correct errors or identify services related to the User requests when browsing the Site.
5.3 Cookies Used on the Site:
5.3.1 Our own cookies, which are sent to the User's computer and processed by the Site Administration solely to improve the Site, as well as third-party cookies, which are used as a tool to analyze the User's interaction with the Site. The data obtained through these cookies improve the links to the pages and provides the User with better services.
5.3.2 Session and permanent cookies. Sessional files save data only during the User's stay on the Site, while permanent files save data to the terminal so that it can be used for more than one session.
5.3.3 Third-party cookies set by other companies whose services we use. For example, we use third-party analytics services, and the providers of those services set cookies on our behalf to tell us which sections of our Site are popular and which are not. The Site the User visits may contain content downloaded from, for example, YouTube, and these sites may set their own cookies.
The site administration has no control over and is not responsible for third-party cookies. More information can be found on the developer's website.
5.4 By accessing and staying on the Site, the User consents to use the cookies mentioned above within the terms and conditions listed in the cookie policy.
5.5 The User can withdraw consent to the data processing carried out by the cookie policy at any time. To do this, it is necessary to delete the cookies stored on the User's computer, using the Internet browser settings used by the User.
5.6 The User can limit, block, or delete any website's cookies by using the browser for this purpose. More information about cookies is provided on the website www.allaboutcookies.org, which contains details about cookies and the possibilities of blocking them in different types of browsers.
6. OBLIGATIONS OF THE PARTIES
6.1 The User shall:
6.1.1 Provide personal data necessary to use the Website.
6.1.2 Update, supplement the provided data in case of changes in such data.
6.2 The Website Administration shall:
6.2.1 Use the received data solely for the purposes specified in this Privacy Policy.
6.2.2 Keep confidential data secret, and not disclose it without prior written permission of the User, as well as not to sell, exchange, publish or disclose in any other ways the User's personal data, except as provided in this Privacy Policy.
6.2.3 Take precautionary measures to protect the confidentiality of the User's personal data, according to the procedure generally used for personal data protection with the accepted business practices.
6.2.4 To block personal data, related to the relevant User, from the moment of application or request of the User or its legal representative, or authorized body for the protection of the rights of subjects of personal data for the period of verification in case of detection of inaccurate personal data or unlawful actions.
7. LIABILITY OF THE PARTIES
7.1 The Website Administration, not performing its obligations, is liable for losses incurred by the User in connection with the unauthorized use of the personal data, in accordance with the laws of the Russian Federation.
7.2 In the case of loss or disclosure of confidential data, the Website Administration shall not be liable if such confidential information:
7.2.1. Became public domain before its loss or disclosure.
7.2.2. Was received from a third party prior to its receipt by the Site Administration.
7.2.3. Has been disclosed with the User's consent.
8. DISPUTE RESOLUTION
8.1 Before going to court to settle any disputes, which arise out of relations between the User and the Administration, it is obligatory to file a complaint (a written offer to settle a dispute voluntarily).
8.2 The recipient of the claim within 30 calendar days after receipt of the claim shall notify the claimant in writing of the results of its consideration.
8.3 If the agreement is not reached, the dispute will be transferred to the court in accordance with the current legislation of the Russian Federation.
8.4 The Privacy Policy and the relations between the User and the Website Administration are governed by the existing legislation of the Russian Federation.
9. ADDITIONAL PROVISIONS
9.1. The Administration of the Website has the right to change this Privacy Policy and Cookies Policy without the consent of the User.
In this regard, the Administration of the site recommends that each time you visit the Site you check these policies for updates, in particular to be properly informed about how we use cookies.
9.2 A new Privacy Policy shall be effective as of its posting on the Website, unless otherwise stipulated by the new Privacy Policy.
9.3 Any suggestions or questions regarding this Privacy Policy should be sent to fabio@i-ias.ru.
9.4 The current Privacy Policy is available at https://ias-msb.ru/english/politica
9.5 Any persons who would like their personal data provided by filling the forms on the Website to be amended or deleted from the information bases of our company may send a corresponding request to the e-mail address fabio@i-ias.ru with the subject "Personal data".
9.6 Any persons who believe that their personal data is being used improperly may send their complaints to the e-mail address fabio@i-ias.ru.
1.1 The following terms are used in this Data Protection Policy:
1.1.1 "Site Administration" - employees authorized to manage the site, acting on its behalf, which organizes and/or conducts personal data processing, define the purpose of personal data processing, the scope of personal data to be processed, actions (operations) performed with personal data.
1.1.2. "Personal data" means any data relating directly or indirectly to a specific or identifiable individual (personal data subject).
1.1.3. "Personal data processing" - any action (operation) or set of actions (operations) performed with or without automation means, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, depersonalization, transfer at the request of the court, including to third parties, in compliance with measures ensuring the protection of personal data from unauthorized access, blocking, deletion, destruction of personal data.
1.1.4. "Confidentiality of personal data" - a mandatory requirement for the Operator not to allow its dissemination without the consent of the subject of personal data or availability of other legal grounds.
1.1.5. "Site User" means a person accessing and using the site via the Internet.
1.1.6. "Cookies" - is a small piece of data sent by a web-server and stored on the User's computer, which a web-client or a web-browser sends to a web-server in HTTP-request whenever trying to open a page of the corresponding site.
1.1.7. "IP-address" - the unique network address of a node in an IP-based computer network.
2. GENERAL PROVISIONS
2.1 This Privacy Policy of personal data (hereinafter - Privacy Policy) applies to all the information posted on the website at https://pvubank.com (hereinafter - the Site), which the visitors, other users can obtain about the User while using the site, its services, programs and products.
2.2 Use of the Site's services means the User's unconditional consent to this Policy and the terms of processing his personal information specified therein; in case of disagreement with these terms, the User must refrain from using the services.
2.3 For this Policy, personal information of the User shall mean:
2.3.1 Personal information, which the User provides about himself/herself when registering (creating an account) or using the Services, including the User's personal data. Mandatory for the provision of Services, the information is marked in a special way. The User provides other information at his discretion.
2.3.2 The data which are automatically transmitted to the Services during their use with the help of the software installed on the User's device, including the IP address, cookie data, information about User's browser (or any other program with which the User accesses the Services), technical characteristics of the equipment and software used by the User, date and time of access to the Services, addresses of requested pages and other similar information.
2.3.3 Other information about the User, the processing of which is stipulated by the Agreement on the use of the website.
2.3.4. This Privacy Policy only applies to the Site https://pvubank.com. The Site has no control over and is not responsible for third parties' websites, which can be accessed via the links available on the Site.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1 The Site collects and stores personal data only as necessary for providing services or executing agreements and contracts with the User, except for cases when the law requires mandatory storage of personal data for the period specified by law.
3.2 The Site processes the User's personal data for the following purposes:
3.2.1 Identification of the User, registered on the Site, for providing services or performance of agreements and contracts with the User.
3.2.2 Providing the User with access to the personalized resources of the Site.
3.2.3 Establishment of feedback with User, including sending notices, requests regarding use of the Website, provision of services, processing of claims and applications from the User.
3.2.4 Defining the User's location for security purposes, fraud prevention.
3.2.5 Confirming the accuracy and completeness of the personal data provided by the User.
3.2.6. Providing effective customer and technical support to the User when there are problems associated with the use of the Site.
3.2.7. Performing advertising activities with the User's consent.
4. TERMS OF PERSONAL DATA PROCESSING AND ITS TRANSFER TO THIRD PARTIES
4.1 The Site stores its users' personal data in compliance with the particular service's internal regulations. Processing of the User's personal data shall be performed without time limitations, in any lawful way, including information systems of personal data with or without the use of automation tools.
4.2 The User's personal data is kept confidential, except when the User voluntarily provides information about him/herself for general access to an unlimited number of people. When using particular services, the User agrees that certain portions of their personal information will become publicly available.
4.3 The Site has the right to transfer the User's personal information to third parties in the following cases:
4.3.1. The User has expressed consent to such actions.
4.3.2 The transfer is driven by the need for the User to use a particular service or the performance of a particular agreement or contract with the User.
4.3.4 The transfer is provided by the Russian or other applicable law in the framework of the procedure established by law.
4.3.5 In case of sale of the Website, all obligations to comply with the terms of this Policy in relation to personal data received by the Buyer shall pass to the Buyer.
4.4 Processing of the User's personal data shall be carried out without limitation of time by any lawful means, including personal data information systems with or without the use of automation tools. Processing of users' Personal Data is made in compliance with the Federal Law dated July 27, 2006, N 152-FZ "On Personal Data."
4.5 In case of loss or disclosure of personal data, the Website Administration shall inform the User of the loss or disclosure of personal data.
4.6 The Website Administration shall take the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other unlawful acts of third parties.
4.7 The Website Administration, together with the User, shall take all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
5. COOKIE FILES
5.1 Cookies are small text files stored on the User's computer when visiting certain web pages and enable the Site to work more efficiently. Cookies do not contain any personal data about the User and cannot be used to identify an individual user. A cookie often includes a unique identifier, an unknown number (randomly generated) stored on the User's device. Some files are deleted at the end of the session on the Site, others remain on the User's computer long time.
5.2 The cookies used on the Site cannot damage the User's computer in any way. Our company does not store personally identifiable information, such as credit card data, in cookie files, but the Administration of the Site uses the encrypted data received through cookie files to ensure the best user experience. In particular, cookies are used to recognize and correct errors or identify services related to the User requests when browsing the Site.
5.3 Cookies Used on the Site:
5.3.1 Our own cookies, which are sent to the User's computer and processed by the Site Administration solely to improve the Site, as well as third-party cookies, which are used as a tool to analyze the User's interaction with the Site. The data obtained through these cookies improve the links to the pages and provides the User with better services.
5.3.2 Session and permanent cookies. Sessional files save data only during the User's stay on the Site, while permanent files save data to the terminal so that it can be used for more than one session.
5.3.3 Third-party cookies set by other companies whose services we use. For example, we use third-party analytics services, and the providers of those services set cookies on our behalf to tell us which sections of our Site are popular and which are not. The Site the User visits may contain content downloaded from, for example, YouTube, and these sites may set their own cookies.
The site administration has no control over and is not responsible for third-party cookies. More information can be found on the developer's website.
5.4 By accessing and staying on the Site, the User consents to use the cookies mentioned above within the terms and conditions listed in the cookie policy.
5.5 The User can withdraw consent to the data processing carried out by the cookie policy at any time. To do this, it is necessary to delete the cookies stored on the User's computer, using the Internet browser settings used by the User.
5.6 The User can limit, block, or delete any website's cookies by using the browser for this purpose. More information about cookies is provided on the website www.allaboutcookies.org, which contains details about cookies and the possibilities of blocking them in different types of browsers.
6. OBLIGATIONS OF THE PARTIES
6.1 The User shall:
6.1.1 Provide personal data necessary to use the Website.
6.1.2 Update, supplement the provided data in case of changes in such data.
6.2 The Website Administration shall:
6.2.1 Use the received data solely for the purposes specified in this Privacy Policy.
6.2.2 Keep confidential data secret, and not disclose it without prior written permission of the User, as well as not to sell, exchange, publish or disclose in any other ways the User's personal data, except as provided in this Privacy Policy.
6.2.3 Take precautionary measures to protect the confidentiality of the User's personal data, according to the procedure generally used for personal data protection with the accepted business practices.
6.2.4 To block personal data, related to the relevant User, from the moment of application or request of the User or its legal representative, or authorized body for the protection of the rights of subjects of personal data for the period of verification in case of detection of inaccurate personal data or unlawful actions.
7. LIABILITY OF THE PARTIES
7.1 The Website Administration, not performing its obligations, is liable for losses incurred by the User in connection with the unauthorized use of the personal data, in accordance with the laws of the Russian Federation.
7.2 In the case of loss or disclosure of confidential data, the Website Administration shall not be liable if such confidential information:
7.2.1. Became public domain before its loss or disclosure.
7.2.2. Was received from a third party prior to its receipt by the Site Administration.
7.2.3. Has been disclosed with the User's consent.
8. DISPUTE RESOLUTION
8.1 Before going to court to settle any disputes, which arise out of relations between the User and the Administration, it is obligatory to file a complaint (a written offer to settle a dispute voluntarily).
8.2 The recipient of the claim within 30 calendar days after receipt of the claim shall notify the claimant in writing of the results of its consideration.
8.3 If the agreement is not reached, the dispute will be transferred to the court in accordance with the current legislation of the Russian Federation.
8.4 The Privacy Policy and the relations between the User and the Website Administration are governed by the existing legislation of the Russian Federation.
9. ADDITIONAL PROVISIONS
9.1. The Administration of the Website has the right to change this Privacy Policy and Cookies Policy without the consent of the User.
In this regard, the Administration of the site recommends that each time you visit the Site you check these policies for updates, in particular to be properly informed about how we use cookies.
9.2 A new Privacy Policy shall be effective as of its posting on the Website, unless otherwise stipulated by the new Privacy Policy.
9.3 Any suggestions or questions regarding this Privacy Policy should be sent to fabio@i-ias.ru.
9.4 The current Privacy Policy is available at https://ias-msb.ru/english/politica
9.5 Any persons who would like their personal data provided by filling the forms on the Website to be amended or deleted from the information bases of our company may send a corresponding request to the e-mail address fabio@i-ias.ru with the subject "Personal data".
9.6 Any persons who believe that their personal data is being used improperly may send their complaints to the e-mail address fabio@i-ias.ru.
Hereby I (hereinafter - the User), acting of my own free will and in my own interest, consent to the AO "Pervouralskbank" with the location: 623101, Sverdlovsk region, Pervouralsk, Ilyich ave. 9 "b", OGRN 1026600001823 (hereinafter referred to as the Company), my consent to processing, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer, depersonalization, blocking, deletion, destruction of my personal data, in order to determine the possibility of concluding contracts of leasing, contracts of insurance (insurance policies), purchase and sale contracts, any other contracts, their amendment, execution and termination, promotion of leasing, insurance and other services by any means of communication, as well as to ensure compliance with laws and other regulations.
Personal Data means any sensitive data that allows you to identify the User, such as:
Surname, first name, patronymic
Date of birth
Phone number
E-mail address
Personal information is stored only on electronic media and processed through automated systems, except when non-automated processing of personal data is necessary as required by the law.
The Company undertakes not to transfer received personal data to third parties, except for the following cases:
Upon requests from authorized governmental authorities of the Russian Federation only on the grounds and in the manner prescribed by the laws of the Russian Federation
To strategic partners who work with the Company to provide products and services, or those who help the Company sell products and services to consumers. We provide third parties with the minimum amount of personal data necessary only to provide the required service or to conduct the necessary transaction.
This consent is valid for the entire period of personal data storage and can be withdrawn by sending a written request for withdrawal to the registered address of the Company specified in this consent to the processing of personal data. In this case, the person who received the withdrawal of consent for the personal data processing shall stop the processing of personal data. Personal data shall be erased or depersonalized if there are no other legal grounds for the processing, established by the Russian Federation's legislation or the documents of the person who received a withdrawal of consent for the processing of personal data, regulating personal data processing.
I guarantee that the information submitted by me is complete, accurate, and reliable. The presented information does not violate the Russian Federation's current legislation, the legal rights, and interests of third parties. All the submitted data is filled in by me personally.
The Regulation on Processing of Personal Data of AO «Pervouralskbank» is published on the Company's official website.
The Company reserves the right to make unilateral changes to these rules if the changes do not contradict the Russian Federation's current legislation. Amendments to the terms and conditions of these Rules shall take effect upon their publication on the website.
DATA PROTECTION POLICY
1. GENERAL PROVISIONS
1.1 This Policy on processing and protection of personal data (hereinafter - the "Policy") is adopted and in force in the company "Pervouralskbank" (hereinafter - the "Company"), located at: 623101, Sverdlovsk region, Pervouralsk, Ilyich ave. 9 "b", OGRN 1026600001823
1.2 The Policy applies to processing of personal data by the Company, including:
use of web-sites owned by the Company;
any inquiries to the Company in any form, sending complaints, comments or remarks and suggestions;
visiting the Company's offices;
conclusion of leasing contracts, insurance contracts (insurance policies), purchase and sale contracts, any other contracts, their amendment, execution and termination, promotion of leasing, insurance and other services;
interaction with the Company's counterparties and business partners;
in other cases.
1.3 Subjects whose personal data is processed in accordance with the Regulation may be:
clients, potential clients of the Company and their representatives;
counterparties or business partners, potential counterparties or business partners of the Company and their representatives and employees;
Other persons in the cases stipulated in clause 1.2 above.
1.4. The Company's data protection policy is based on:
personal data processing shall be carried out on a lawful and fair basis;
personal data processing is limited to achieving specific, predetermined and legitimate purposes;
personal data processing that is incompatible with the purpose of personal data collection is prohibited;
personal data bases containing the personal data, processing of which is incompatible with the purposes of personal data collection, shall not be merged;
only personal data that meets the purposes of its processing shall be processed;
the content and scope of processed personal data shall comply with the stated processing purposes. The redundancy of processed personal data in relation to the stated processing purposes shall not be allowed;
processing of personal data shall ensure accuracy of personal data, its sufficiency and, where necessary, relevance in relation to the purpose of personal data processing, take necessary measures to remove or clarify incomplete or inaccurate personal data;
personal data shall be stored in a form, which allows to identify the subject of personal data, no longer than required by the purposes of personal data processing, unless the term of storage of personal data is provided by federal law, consent to processing of personal data, the contract, which party, beneficiary or guarantor under which the subject of personal data is a party;
the processed personal data shall be erased upon achievement of processing purposes or in case of loss of necessity in achievement of such purposes, unless otherwise provided by the federal law;
personal data processing shall not be used to cause material and/or moral damage to the subjects of personal data, complicating the exercise of their rights and freedoms;
other principles defined by the Policy.
2. SCOPE, PURPOSE OF PERSONAL DATA PROCESSING
2.1 In accordance with the principles of personal data processing, the Company has defined the scope of the processed personal data and the purpose of their processing.
In particular, but not limited to, the purposes of personal data processing in the Company in accordance with the Policy are:
providing information (as well as data related to advertising), including, but not limited to, about the goods and services of the Company, the special offers, promotions with respect thereto, financial services related to the purchase and use of goods and services, events, presentations;
promotion of goods, works and services in the market by means of direct contacts;
preparation and sending offers of goods and services, financial services related to them;
performance of due diligence procedures, pre-contractual coordination, conclusion and execution of any contracts, as well as control over correctness of conclusion/execution of transactions;
control over the quality of services and works;
conducting market research and other statistical studies, including the satisfaction rate with the quality of goods and services provided, customer surveys;
handling of possible claims and other inquiries;
managing the relationships with clients, counterparties and business partners, including use and maintenance of information systems, automatic generation of draft contracts and other documents in the referenced systems;
compliance with legal requirements, as well as exercising the rights and legitimate interests of the Company.
2.2 The scope and purposes of personal data processing comply with the requirements of the applicable laws of the Russian Federation in the field of processing and protection of personal data.
2.3 When processing personal data, the Company pursues only those purposes, which were defined before the beginning of data collection. Subsequent changes to the objectives are possible only to a limited extent, and are subject to justification and notification of the subject of personal data.
2.4 Specific scope and purposes of personal data processing are recorded and communicated to the subject of personal data collection in a manner and form appropriate to the source of receipt and the basis of processing of such personal data (e.g. consent to process personal data, informing about the terms of services, the relevant contract, etc.).
3. DATA PROTECTION GUIDELINES
3.1 The Company shall perform personal data processing on a lawful basis. In cases stipulated by applicable laws of the Russian Federation, the Company shall obtain consent (written consent) of the subject to process their personal data in the manner prescribed by applicable laws of the Russian Federation. If the Company receives personal data from a third party, the Company shall mandatorily require confirmation from such party that it has the necessary grounds to transfer the personal data to the Company.
3.2 In the course of its activities, the Company shall have the right to assign processing and/or transfer personal data (provide access to personal data) to a third party, unless otherwise provided for by applicable laws of the Russian Federation. In this case, the mandatory condition for entrusting the processing and / or transfer of personal data to a third party is the obligation to respect the principles and rules of personal data processing provided by applicable law, to ensure confidentiality and security and protection of personal data during their processing, to ensure the rights of subjects of personal data, as well as the obligation of the third party to use data only for predefined purposes and volumes and the obligation to comply with other conditions
3.3 No personal data related to race, ethnicity, political views, religious or philosophical beliefs, intimate life, shall be processed in the Company.
3.4 No biometric personal data is processed in the Company. In appropriate cases, when personal data subjects present passports or other documents containing a photograph of the subject, the Company does not use this photograph to establish the identity of the subject of personal data (identification), but uses it to verify the identity of the person who presented the document with the person depicted in the photograph in this document (authentication).
3.5 The Company does not place personal data of the subject of personal data in publicly available sources without their consent.
3.6 Subjects may apply to the Company on all matters provided for in the legislation of the Russian Federation, related to the processing of personal data by sending a written request to the Company's address. Consent to the processing of personal data may be withdrawn by the subject by sending a written notice to the Company by registered mail with the list of attachments or by courier service. In this case, the Company has the right to continue processing of personal data in cases established by applicable laws of the Russian Federation, or if personal data is processed in accordance with other legal grounds (in particular, in accordance with the accepted terms of services).
3.7 The Company may request the consent of the subject of personal data more than once for each request by the subject. If, at subsequent requests for consent by the Company (e.g. when filling out web forms with the appropriate consent checkbox), consent is not given, previously given consent will not automatically be considered withdrawn and will continue to be valid for the period specified in the consent.
3.8 The Company shall transfer personal data to state and local authorities, courts, law enforcement and other bodies in cases and in the manner prescribed by Russian law.
4. SETTING RULES FOR PERSONAL DATA PROCESSING
4.1 The Company, as well as relevant agreements with partners, counterparties and other third parties, as applicable, shall define
procedures for granting access to personal data;
procedures for amending personal data to ensure its accuracy, reliability and relevance, including in relation to the purposes of personal data processing;
procedures for destruction or blocking of personal data in case of necessity to perform such a procedure;
procedure for processing appeals of personal data subjects (their legal representatives) in cases provided by the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", in particular the procedure for preparation of information on availability of personal data related to particular personal data subject, information necessary to allow familiarization of personal data subject (his legal representatives) with his personal data, as well as procedures for processing appeals to clarify personal data, their blocking or destruction in case if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
processing procedures of requests of the authorized body on protection of rights of subjects of personal data;
procedures for obtaining consent from the subject of personal data to process his/her personal data and to transfer the processing of his/her personal data to third parties;
procedures for transferring personal data between users of personal data resource, which provides for the transfer of personal data only between the Company's employees who have access to personal data;
procedures for transfer of personal data to third parties;
procedures for handling material media of personal data.
5. REQUIREMENTS TO ENSURING SECURITY AND CONFIDENTIALITY OF PERSONAL DATA
5.1 In order to ensure the security of personal data during their processing, the Company implements the requirements of applicable laws of the Russian Federation in the field of processing and protection of personal data.
5.2 The Company applies necessary and sufficient legal, organizational and technical measures, including but not limited to:
development of internal documents on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
protection of personal data against unauthorized access, unauthorized processing or transfer, as well as against loss, distortion or destruction;
determination and implementation prior to the introduction of new personal data processing and new personal data systems (hereinafter referred to as "PDIS") of technical and organizational measures ensuring the protection of personal data, focused on the state-of-the-art technology and the required degree of personal data protection;
determination of personal data security threats in the course of personal data processing in PDIS;
establishing rules for access to personal data processed in PDIS, as well as ensuring registration and recording of actions performed with personal data in PDIS;
control and evaluation of the efficiency of applied measures;
detection of facts of unauthorized access to personal data (and other incidents with personal data) and taking measures;
restoration of personal data.
5.4 In terms of ensuring the confidentiality of the processing, the Company shall take measures aimed at preventing unauthorized collection, processing, or use of personal data:
providing access to personal data only in cases and in the manner prescribed by the legislation of the Russian Federation;
making the Company's employees directly involved in personal data processing aware of the provisions of the personal data legislation of the Russian Federation, including requirements to the protection of personal data, documents defining the Company's policy regarding personal data processing, local acts on personal data processing, conditions to non-automated processing of personal data, and (or) training the defined employees.
5.5 The Company appointed persons responsible for organizing the personal data protection.
6. CONTROL
6.1 Control over compliance with this Regulation shall be carried out by the persons responsible for arranging the personal data protection, as well as by the employees performing corresponding roles in accordance with the Company's internal regulatory documents, in accordance with their functions.
7. FINAL PROVISIONS
7.1 These Regulations shall come into force upon their approval and shall remain in force until they are amended and/or a new document is adopted in accordance with the Company's internal procedures.
7.2 The Regulations can be updated or otherwise changed by the Company, and the Company shall publish any change. The Company may also notify the subjects whose personal data is processed by the Company under the Regulations. Such changes come into effect from the moment of their publication.
7.3 If any provision of these Regulations is or becomes invalid, this does not affect the validity of these Regulations' remaining provisions.
7.4 In the event of changes in the regulatory and legal acts used in these Regulations, these Regulations continue to be effective to the extent that they do not contradict the current legislation. In the remaining part, the Company shall be governed by the provisions of the Russian Federation's applicable laws.