LIMITED LIABILITY COMPANY "FIRM "BIS"
March 10, 2021
Personal Data Processing Policy
1.1. The Personal Data Processing Policy (hereinafter referred to as the "Policy") is published and applied by LLC Firm BIS (hereinafter referred to as the "Operator") in accordance with clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
This Policy defines the procedure and conditions of the Operator in relation to the processing of personal data, establishes provisions aimed at compliance with the legislation of the Russian Federation concerning the processing of personal data.
All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
2. BASIC PROVISIONS
2.1. The purpose of personal data processing is: provision of services by the Operator on behalf of the subject of personal data.
2.2. The processing is organized by the Operator on the principles of:
* legality of the purposes and methods of processing personal data, integrity and fairness in the Operator's activities;
* the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that are redundant in relation to the purposes stated when collecting personal data;
* processing only those personal data that meet the purposes of their processing. The processed personal data should not be redundant in relation to the stated purposes of their processing;
* compliance of the content and volume of the processed personal data with the stated purposes of processing.
* the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
* ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of personal data processing. The operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
* storing personal data in a form that allows you to identify the subject of personal data, no longer than the purposes of personal data processing require;
* ensuring the recording, systematization, accumulation, storage, clarification (updates, changes), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
2.3. The Operator processes the following personal data
· * name, surname of the subject of personal data;
· phone number of the personal data subject;
* the email address of the personal data subject.
2.4. The personal data specified above are processed using automation tools and without the use of automation tools. When processing personal data without the use of automation tools, the Operator is guided by the Regulation on the specifics of processing personal data carried out without the use of automation tools, approved by Decree of the Government of the Russian Federation No. 687 of September 15, 2008.
2.5. When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data". The operator provides services by posting information on the zhivayaproda website.rus, which is a software "tilda" designed to create online sites. On the website tilda.cc The HTTPS extension to the HTTP protocol is used in order to increase security and protect information.
2.6. The Operator does not disclose or distribute personal data to third parties without the consent of the personal data subject, except in cases provided for by the current legislation of the Russian Federation and this Policy.
2.7. The assessment of the harm that may be caused to personal data subjects in case of violation by the Operator of the requirements of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" is determined in accordance with Articles 15, 151, 152, 1101 of the Civil Code of the Russian Federation.
2.7.1. The ratio of the specified harm and the measures taken by the Operator aimed at preventing, preventing and/or eliminating its consequences is determined in accordance with the Federal Law of the Russian Federation of 27.07.2006 N 152-FZ "On Personal Data".
2.8. Conditions for processing personal data by the Operator:
1) personal data is processed by the Operator after the subject of personal data accepts the offer for the provision of services.
2) according to paragraph 5 of Article 6 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", the subject of personal data accepts the offer on his own initiative and is a party and beneficiary under the contract concluded by him. A separate consent to the processing of the subject's personal data is not required in this case.
3) the terms of this Policy are available to users in the public domain, until the acceptance of the offer for the provision of services.
2.9. The storage of personal data of users is carried out in a form that allows determining the subject of personal data.
2.10. Personal data is subject to destruction upon achievement of processing purposes. The deletion of personal data is carried out by deleting the account, after which such a record cannot be restored.
2.11. Interaction with federal executive authorities on the processing and protection of personal data of subjects whose personal data is processed by the Operator is carried out within the framework of the legislation of the Russian Federation.
3. THIRD PARTIES INVOLVED IN THE PROCESSING OF PERSONAL DATA
3.1. IP Obukhov Nikita Valentinovich (https://tilda.cc /) TIN 732808545705, OGRN 309732819400022.
4. RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA
4.1. The Operator or his legal representative is responsible for the processing of personal data.
4.2. Responsible for the processing of personal data:
4.2.1.performs internal control over compliance with the legislation of the Russian Federation on personal data, including requirements for the protection of personal data;
4.2.2.controls the reception and processing of requests and requests of personal data subjects or their representatives;
4.2.3. takes measures to detect the facts of unauthorized access to personal data;
4.2.4. performs constant monitoring of ensuring the level of personal data security;
4.2.5. performs internal control and (or) audit of compliance of personal data processing with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and regulatory legal acts adopted in accordance with it.
5. THE PROCEDURE FOR ENSURING THE RIGHTS OF THE PERSONAL DATA SUBJECT BY THE OPERATOR
5.1. The personal data subjects or their representatives have rights under the Federal law of 27.07.2006 N 152-FZ "On personal data".
5.2. The operator ensures the rights of subjects of personal data in the manner prescribed in chapters 3 and 4 of the Federal law of 27.07.2006 N 152-FZ "On personal data".
5.3. The representative's authority to represent the interests of each of the data subject is confirmed by the relevant power of attorney.
5.4. The information specified in Part 7 of Article 22 of the Federal Law of 27.07.2006 N 152-FZ "On personal data" is provided to the subject of personal data in an accessible form without personal data relating to other subjects of personal data, except in cases where there are legitimate grounds for disclosure of such personal data, in electronic form. At the request of the subject of personal data, they can be duplicated on paper.
5.5. The information specified in Part 7 of Article 22 of the Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" is provided to the personal data subject or his representative upon personal request or upon receipt of a request from the personal data subject or his representative. The request must contain the number of the main document certifying the identity of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority, information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the processing of personal data by the Operator, the signature of the personal data subject or his representative. If technically possible, the request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
5.6. The right of the subject of personal data to access his personal data may be restricted in accordance with federal laws.
5.7. The Operator is obliged to provide free of charge to the subject of personal data or his representative the opportunity to get acquainted with personal data related to this subject of personal data at his location during working hours.