Policy regarding the processing and protection of personal data

Edition No. 1 dated April 01, 2021

1. General Provisions

1.1. This document (hereinafter referred to as the Policy) defines the policy of the self-employed Vasiliev Igor Anatolyevich (TIN 761020669511) (hereinafter referred to as the Operator) regarding the processing of personal data of users of the Site and the Service (as defined below) and contains information about the requirements implemented by the Operator for the protection of such personal data ( PD), including their privacy. The policy is drawn up in accordance with the following regulatory documents:

  • Federal Law “On Personal Data” No. 152-FZ of July 27, 2006 (hereinafter referred to as the Law);
  • Decree of the Government of the Russian Federation of September 15, 2008 No. 687 "On approval of the Regulations on the specifics of the processing of personal data carried out without the use of automation tools";
  • Decree of the Government of the Russian Federation of July 6, 2008 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
  • Order of the FSTEC of the Russian Federation dated February 18, 2013 "On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems" (hereinafter - the Order);
  • Other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data.
2. Terms and accepted abbreviations

Site - a website located on the Internet at https://en.registrator.pl, which is an intellectual property object, the exclusive rights to which belong to the Operator, which is a collection of computer programs and databases, commercial designations and (or ) trademarks and commercial designations of the Operator, information, texts, graphic elements, design, images, photos, videos and other results of the Operator's intellectual activity contained in information systems that ensure the availability of such information on the Internet at the address https://en.registrator.pl.

Service - a set of computer programs "Staf4 Registrator", exclusive rights to the Service belong to the Copyright Holder.

User (PD subject) - a person who has access to the Site and (or) the Service.

Personal data (PD) - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).

Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Automated processing of personal data - processing of personal data using computer technology.

Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons.

Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons.

Personal data information system (PDIS) - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

Personal data made public by the subject of personal data - PD, access to which is granted to an unlimited number of persons by the subject of personal data or at his request.

Blocking of personal data - is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).

Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.

Cross-border transfer of personal data - is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

Operator - an individual who independently or jointly with other persons organizes and / or carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. The operator is self-employed Vasiliev Igor Anatolyevich (TIN 761020669511).

Cookies - a piece of data sent by a web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request each time they try to open a page of the corresponding site.

IP address - a unique network address of a node in a computer network through which the user accesses the Site.

3. Processing of personal data

3.1. PD processing.

3.1.1. The processing of personal data is carried out in accordance with the following principles:

  • PD processing must be carried out in a lawful and fair manner.
  • PD processing should be limited to the achievement of specific, predetermined and legitimate purposes. Processing of PD that is incompatible with the purposes of collecting PD is not allowed.
  • it is not allowed to combine databases containing PD, the processing of which is carried out for purposes that are incompatible with each other.
  • only PD that meet the purposes of their processing are subject to processing.
  • the content and scope of the processed PD must correspond to the stated purposes of processing. The processed PD should not be excessive in relation to the stated purposes of their processing.
  • when processing PD, the accuracy of PD, their sufficiency, and, if necessary, relevance in relation to the purposes of PD processing, must be ensured. The operator must take the necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data.
  • PD storage should be carried out in a form that allows determining the PD subject, no longer than required by the purposes of PD processing, if the PD storage period is not established by federal law, an agreement to which the PD subject is a party, beneficiary or guarantor. The processed PD is subject to destruction or depersonalization upon reaching the goals of processing or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3.1.2. The processing of personal data is carried out in the following cases:

  • with the consent of the PD subject to the processing of his PD;
  • in cases where the processing of PD is necessary for the implementation and performance of the functions, powers and duties assigned by the legislation of the Russian Federation;
  • in cases where PD is being processed, access to which is granted to an unlimited number of persons by the subject of PD or at his request (hereinafter referred to as personal data made public by the subject of personal data);
  • PD processing is necessary for the administration of justice, the execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • PD processing is necessary for the execution of an agreement to which the PD subject is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the PD subject or an agreement under which the PD subject will be the beneficiary or guarantor;
  • PD processing is necessary to protect the life, health or other vital interests of the PD subject, if obtaining the consent of the PD subject is impossible;
  • PD processing is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the PD subject are not violated;
  • processing of PD subject to publication or mandatory disclosure in accordance with federal law is carried out.

3.1.3. Purposes of personal data processing:

  • execution of license agreements and user agreements concluded by the Operator with its customers, including remotely through the Site and (or) Service with Users;
  • implementation of civil legal relations with Users;
  • creation of User accounts and identification of Users registered on the Site and (or) in the Service;
  • establishing feedback with the User;
  • providing the User with his consent with special offers, newsletters, information about goods, works and services and other information;
  • provision of the Service;
  • promotion of goods, works and services of the Operator;
  • promotion of goods, works and services of the Operator's clients;
  • analysis of the quality of the service provided by the Operator;
  • providing the User with effective technical support and improving the quality of customer service of the Operator;
  • prevention, detection and resolution of technical problems in the operation of the Site and (or) the Service;

3.1.4. Categories of personal data subjects. PDs of the following PD subjects are processed:

  • individuals who are users of the Site and (or) the Service;
  • individuals who are in civil relations with the Operator, including the execution and termination of transactions;
  • individuals with whom the Operator intends to enter into civil legal relations, including persons with whom the Operator intends to enter into contracts;
  • individuals who are beneficiaries, pledgers, guarantors or guarantors of obligations to which the Operator is or intends to become a party;
  • individuals who are heads, chief accountants of legal entities that are in civil legal relations with the Operator and legal entities with which the Operator intends to enter into civil legal relations;
  • individuals who are managers, chief accountants of legal entities who are beneficiaries, pledgers, guarantors or guarantors for obligations to which the Operator is or intends to become a party;
  • individuals who are affiliated persons of the Operator;
  • individuals who are managers, chief accountants of legal entities that are affiliated persons of the Operator;
  • other individuals whose personal data must be provided to the Operator in accordance with the requirements of the legislation of the Russian Federation;
  • individuals who are representatives of individuals and legal entities specified in this paragraph.

3.1.5. The processing of personal data is carried out using automation tools and without the use of automation tools.

3.1.6. The composition of personal data processed by the Operator is determined in accordance with the legislation of the Russian Federation and taking into account the purposes of processing established in the Policy, and includes full name, email address for communication, Skype login, Telegram login, gender, phone number, IP address, information from Cookies and also other information. The Operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life.

3.2. PD storage.

3.2.1. PD can be received, further processed and transferred for storage both on paper and in electronic form.

3.2.2. PD recorded on paper are stored in locked cabinets or in locked rooms with limited access rights.

3.2.3. PD of subjects processed using automation tools for different purposes are stored in different folders.

3.2.4. It is not allowed to store and place documents containing PD in open electronic catalogs (file hosting) in ISPD.

3.3. PD transmission.

3.3.1. The Operator does not disclose to third parties and does not distribute PD without the consent of the PD subject, unless otherwise provided by federal law.

3.3.2. PD may be received by the Operator from a person who is not a subject of PD, subject to the provision to the Operator of confirmation of the existence of the grounds specified in paragraphs 2-11 of part 1 of article 6, part 2 of article 10 and part 2 of article 11 of the Law.

3.3.3. The Operator may carry out cross-border transfer of PD in accordance with the requirements of the Law.

3.3.4. The operator has the right to entrust the processing of PD to another person with the consent of the PD subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The specified person is obliged to comply with the principles and rules for the processing of PD, provided for by the legislation of the Russian Federation. The specified person is not obliged to obtain the consent of the subject of the PD for the processing of his PD. The Operator shall be liable to the PD subject for the actions of the said person.

4. Information about the requirements for PD protection implemented by the Operator

4.1. The operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law or other federal laws.

4.2. The Operator takes the following measures to ensure the fulfillment of the obligations provided for by the Law and the regulatory legal acts adopted in accordance with it:

4.2.1. a person responsible for organizing PD processing is appointed;

4.2.2. the Policy, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations are issued;

4.2.3. legal, organizational and technical measures are applied to ensure the security of PD in accordance with Article 19 of the Law;

4.2.4. internal control and (or) audit of compliance of PD processing with the Law and regulations adopted in accordance with it, requirements for the protection of personal data, the Policy, local acts of the Operator;

4.2.5. the Operator's employees directly involved in the processing of PD are familiarized with the provisions of the legislation of the Russian Federation on PD, including the requirements for the protection of PD, the Policy, local acts on the processing of PD, and (or) training of these employees.

4.3. The Operator takes or ensures that the necessary legal, organizational and technical measures are taken to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD, in particular:

4.3.1. PD security threats are determined when they are processed in ISPD;

4.3.2. organizational and technical measures are taken to ensure the security of PD during their processing in PD information systems, necessary to meet the requirements for the protection of personal data, the fulfillment of which ensures the levels of PD security established by the Government of the Russian Federation, including: the possibility of uncontrolled entry or stay in these premises of persons who do not have the right to access these premises; approval by the head of the Operator of a document defining the list of persons whose access to the PD processed in the ISPD is necessary for the performance of their official duties; an employee of the Operator is appointed responsible for ensuring the security of PD in ISPD; the measures established by the Order are applied to ensure the level of PD security required when processing PD in the Operator's ISPD in accordance with the provisions of the RF legislation on PD;

4.3.3. information security tools that have passed the conformity assessment procedure in accordance with the established procedure are used when the use of such tools is necessary to neutralize actual threats;

4.3.4. an assessment of the effectiveness of the measures taken to ensure the security of PD is carried out before the commissioning of the PD information system;

4.3.5. accounting of machine carriers of PD is carried out;

4.3.6. measures are taken to detect facts of unauthorized access to PD and appropriate measures are taken to prevent and exclude such access;

4.3.7. recovering PD modified or destroyed due to unauthorized access to them;

4.3.8. rules for access to PD processed in the PD information system are established, as well as registration and accounting of all actions performed with PD in ISPD;

4.3.9. control over the measures taken to ensure the security of PD and the level of security of ISPD;

4.3.10. in relation to each category of PD, the processing of which is carried out without the use of automation tools, the places of storage of PD (tangible media) are determined and a list of persons carrying out the processing of PD or having access to them is established;

4.3.11. separate storage of PD is provided, the processing of which is carried out without the use of automation tools for various purposes;

4.3.12. conditions are observed that ensure the safety of PD and exclude unauthorized access to PD, the processing of which is carried out without the use of automation tools. The list of measures that ensure such conditions, the procedure for their adoption, as well as the list of persons responsible for the implementation of such measures, are established by the Operator in a local act.

5. Basic rights of the subject of PD

5.1. The PD subject has the right to receive information from the Operator regarding the processing of his PD, including information containing:

  • confirmation of the fact of PD processing by the Operator;
  • legal grounds and purposes of PD processing;
  • the purposes and methods of PD processing used by the Operator;
  • the name and location of the Operator, information about persons (excluding employees of the Operator) who have access to PD or to whom PD may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
  • processed PD related to the relevant PD subject, the source of their receipt, unless a different procedure for the submission of such data is provided by federal law;
  • terms of processing personal data, including the terms of their storage;
  • the procedure for the exercise by the PD subject of the rights provided for by the Law;
  • information about the completed or proposed cross-border transfer of PD;
  • name or surname, first name, patronymic and address of the person processing PD on behalf of the Operator, if the processing is or will be entrusted to such a person;
  • other information provided by the Law or other federal laws.

5.2. The PD subject has the right to require the Operator to clarify its PD, block it or destroy it if the PD is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.

5.3. The PD subject has the right to apply to the Operator and send requests to him, as well as to appeal against the actions or inaction of the Operator. Processing of PD in order to promote goods, works, services on the market by making direct contacts with a potential consumer using means of communication, including by sending e-mails, is allowed only with the prior consent of the PD subject.

5.4. The PD subject has the right to receive information from the Operator regarding the processing of his personal data, unless such right is restricted in accordance with federal laws. To do this, it is enough to notify the Operator by e-mail address staf4all@gmail.com.

6. Final provisions

6.1. This Policy is a local regulation of the Operator. This Policy is public. The general availability of this Policy is ensured by publication on the Site and (or) in the Service.

6.2. The Operator has the right to make changes to the Policy without the consent of the User. When changes are made to the Policy, the revision number and date of the last change are indicated in the heading of the Policy. The new version of the Policy comes into force from the moment it is posted on the Site and in the Service, unless otherwise provided by the new version of the Policy.

6.3. Any suggestions or questions regarding this Policy should be submitted to staf4all@gmail.com.

6.4. The current Policy is posted on the Site at https://en.registrator.pl/privacy.