Security policy of the online store "VERETENO"
General provision
The operator's policy regarding the processing of personal data (hereinafter – the Policy) is developed in accordance with the Federal law of 27.07.2006. No. 152-FZ " on personal data "(hereinafter-FZ-152).
This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in the online store "VERETENO" (hereinafter – the Operator) in order to protect the rights and freedoms of man and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
The following basic concepts are used in the Policy:
personal data (PD) – any information relating to directly or indirectly defined or identifiable individual (subject of personal data);
information system of personal data (Ispdn) - a set of personal data contained in databases and Providing their processing of information technologies and technical means;
automated processing of personal data – the processing of personal data by means of computer technology;
blocking of personal data - the temporary cessation of processing of personal data (except if the processing is necessary for the refinement of PD);
depersonalization of PD-actions, as a result of which it is impossible to determine without the use of additional information belonging to a Specific PD subject PD;
PD processing - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of PD;
operator - a state body, a municipal body, a legal entity or a natural person, independently or jointly with other persons organizing and (or) carrying out the processing of PD, as well as determining the purpose of processing PD, the composition of PD to be processed, actions (operations) performed with personal data;
personal data – any information relating to directly or indirectly defined or identifiable natural person (subject of PD);
provision of PD – actions aimed at disclosure of PD to a certain person or a certain circle of persons;
distribution of PD - actions aimed at disclosure of PD to an indefinite circle of persons (transfer of PD) or familiarization with personal data of an unlimited number of persons, including publication of PD in the media, placement in information and telecommunication networks or provision of access to personal data in any other way;
cross-border transfer of PD - transfer of PD to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity;
destruction of PD-actions as a result of which it is impossible to restore the content of PD in Ispdn and (or) as a result of which the material carriers of PD are destroyed.
The company is obliged to publish or otherwise provide unrestricted access to this operator's policy regarding the processing of PD in accordance with part 2 of article 18.1. FZ-152.
Principles of processing of personal data
PD processing at the Operator is carried out on the basis of the following principles:
- legality and fair basis;
- limiting the processing of PD to the achievement of specific, predetermined and legitimate goals;
- preventing the processing of PD that is incompatible with the purposes of collecting PD;
- preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- processing only those PD that meet the objectives of their processing;
- compliance of the content and volume of the processed PD to the declared purposes of processing;
- prevent the processing of personal data, excessive in relation to the declared purposes of their processing;
- ensuring the accuracy, sufficiency and relevance of PD in relation to the purposes of processing PD;
- destruction or anonymisation of personal data when the purposes of processing or in case of loss necessary to achieve these goals, in case of impossibility of elimination of violations Operator PDN, unless otherwise provided by Federal law.
Conditions for personal data processing
The operator performs PD processing in the presence of at least one of the following conditions:
- PD processing is carried out with the consent of the PD subject to the processing of its PD;
- PD processing is necessary for achievement of the purposes provided by the international agreement of the Russian Federation or the law, for implementation and performance of the functions, powers and duties assigned by the legislation of the Russian Federation to the operator;
- processing of PD is necessary for justice, execution of the judicial act, the act of other body or the official which are subject to execution according to the legislation of the Russian Federation about Executive production;
- the processing of personal data necessary for the execution of the contract to which either the beneficiary or the guarantor for whom is the data subject, as well as for the contract at the initiative of the data subject or of the contract under which the data subject will be the beneficiary or surety;
- processing of PD is necessary for the exercise of the rights and legitimate interests of the operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of PD;
- PD processing is carried out, the access of an unlimited number of persons to which is provided by the PD subject or at his request (hereinafter-publicly available personal data);
- carried out the processing of personal data subject to publication or mandatory disclosure in accordance with Federal law.
Privacy Of Personal Data
The operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the PD subject, unless otherwise provided by Federal law
Public sources of PD
In order to provide information, the Operator may create publicly available sources of PD of PD subjects, including directories and address books. The public sources of PD with the written consent of the subject of PD may include his surname, name, contact phone numbers, e-mail address and other personal data reported by the subject of PD. Data on the subject of PD must be excluded from public sources of PD at any time at the request of the subject of PD, the authorized body for the protection of the rights of subjects of PD or by a court decision.
Special categories of personal data
Processing by the Operator of special categories of PD relating to race, nationality, political views, religious or philosophical beliefs, health, intimate life, is allowed in cases where:
- the subject of PD has agreed in writing to the processing of their PD;
- personal data made publicly available by the PD subject;
- processing of PD is carried out in accordance with the legislation on state social assistance, labor legislation, the legislation of the Russian Federation on pensions for state pension provision, on labor pensions;
- PD processing is necessary to protect the life, health or other vital interests of the PD subject or the life, health or other vital interests of other persons and obtaining the consent of the PD subject is impossible;
Biometric personal data
Information that characterize the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity-biometric personal data - can be processed by the Operator only with the consent of the subject of PD in writing
The processing of personal data of citizens of the Russian Federation
In accordance with article 2 of the Federal law of 21 July 2014 N 242-FZ "On amendments to certain legislative acts of the Russian Federation in terms of clarifying the order of processing of personal data in informational-telecommunications networks" when collecting personal data, including through information-telecommunication network "Internet", the operator is obliged to provide recording, systematization, accumulation, storage, clarification (updating, changing), extraction of personal data of Russian citizens using databases located on the territory of the Russian Federation, except:
- PD processing is necessary for achievement of the purposes provided by the international agreement of the Russian Federation or the law, for implementation and performance of the functions, powers and duties assigned by the legislation of the Russian Federation to the operator;
- processing of PD is necessary for justice, execution of the judicial act, the act of other body or the official which are subject to execution according to the legislation of the Russian Federation about Executive production (further-execution of the judicial act);