Personal data processing policy
1. General provisions
1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by an individual entrepreneur Sokolov Pavel Anatolyevich (hereinafter referred to as the Operator). This establishes the procedure for obtaining, protecting, storing, processing and transferring personal data of Buyers, applies to all information that the site administration can receive about users while using the site.
1.2. The policy was developed in accordance with the provisions of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as the Federal Law “On Personal Data”), as well as Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and on the protection of information”, other normative and by-laws regulating relations related to the processing of personal data.
1.3. The Policy is a public document subject to publication and disclosure in accordance with the Federal Law "On Personal Data".
1.4. The Policy governs the processing of the personal data of the Buyers, which in the Policy means capable subjects of personal data (individuals) who have the necessary legal capacity and have provided their personal data in order to realize the possibility of using extended access to the website, its functionality, services and materials, as well as for conclusion (formation of an offer to conclude) and (or) execution of a contract of sale and (or) other related contracts in the online store, if the processing of such personal data is necessary for the execution of contracts.
1.5. Online store - an electronic service, through the functionality of which the Buyer has the opportunity to place an Order for the Goods in accordance with the terms of the Offer. Access to the online store can be carried out by the Buyer using the website in accordance with the Offer.
1.6. Offer - a public offer of the Seller to any Buyer to conclude an agreement on the retail sale of the Goods on its terms. The offer is public by virtue of paragraph 2 of Article 437 of the Civil Code of the Russian Federation. The offer is available to an unlimited circle of persons through its placement by the Seller in the online store.
1.7. Internet site - a site located on the Internet at: jethome.ru, through which the Buyer has the opportunity to access the functionality of the Online Store.
1.8. Site Administration - the operator and employees authorized by the operator to manage the site, who determine the composition of the Buyers' personal data, the purposes of collecting personal data, their processing and storage.
2. Information about the operator. Site administration rights.
2.1. The operator processing personal data is the individual entrepreneur Sokolov Pavel Anatolyevich (legal address 197227, St. Petersburg, Silver Boulevard 15, acting on the basis of registration certificate No. 310784734400477).
2.2. The site administration has the right to establish requirements for the composition of the personal data of the Buyers, which must be provided for the use of the site;
2.3. The site administration does not verify the accuracy of the personal data provided by the Buyers of the site, believing that they act in good faith and keep information about their personal data up to date.
2.4. The site administration is not responsible for the voluntary transfer by the Buyers of their contact details, password or login to third parties.
2.5. The site administration is not entitled to receive and process the personal data of the Buyers about their political, religious and other beliefs and private life.
2.6. The site administration, at its own expense, ensures the protection of the Buyers' personal data from misuse or loss in the manner prescribed by the legislation of the Russian Federation.
2.7. The site administration takes measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it. The site administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it. Such measures include, in particular:
- appointment of a person responsible for organizing the processing of personal data;
- publication of documents that define the site's policy regarding the processing of personal data, local acts on the processing of personal data, defining for each purpose of processing personal data categories and a list of processed personaldata, categories of subjects whose personal data are processed, methods, terms of their processing and storage, the procedure for the destruction of personal data upon reaching the goals of their processing or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation Federation, elimination of the consequences of such violations. Such documents and local acts cannot contain provisions restricting the rights of Buyers, as well as imposing powers and obligations on the site administration that are not provided for by the legislation of the Russian Federation;
- application of legal, organizational and technical measures to ensure the security of personal data;
- implementation of internal control and (or) audit of the compliance of the processing of personal data with the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the site's policy regarding the processing of personal data, local acts of the site;
- an assessment of the harm that may be caused to Buyers in the event of a violation of the Federal Law "On Personal Data", the ratio of the specified harm and the measures taken by the site administration aimed at ensuring the fulfillment of the obligations provided for by the Federal Law "On Personal Data";
- familiarization of site employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the site's policy regarding the processing of personal data, local acts on the processing of personal data , and (or) training of these employees.
3. Personal data.
3.1. Personal data is any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
3.2. The Operator processes the following personal data of Buyers and (or) Buyers:
3.2. 1. Surname, name and patronymic (if available);
3.2.2. Passport data and data of other identification documents;
3.2.3. Date of birth;
3.2. 4. Gender;
3.2.5. Address of residence, registration and (or) stay;
3.2.6. Goods delivery address;
3.2.7. Email address;
3.2. 8. Phone number;
3.2.9. information about the history of purchases, including the names of the purchased goods / services and their cost, as well as information about interests based on data about the behavior of the Buyer on the Internet, in the networks of telecommunications and Internet operators
3.2.9. Information specified in section 4 of the Policy, which in some cases may be qualified as personal data.
3.3. If the Operator processes only certain information specified in clause 3.2 of the Policy, taking into account their specifics, such information (their totality) may not be recognized as personal data in accordance with the Federal Law "On Personal Data". In this case, the processing of such information is carried out subject to the provisions of the Policy, however, certain restrictions and requirements established in relation to personal data may not apply.
3.4. The volume of personal data processed by the Operator of Buyers cannot exceed the amount of personal data specified in 3.2 of the Policy (subject to section 4 of the Policy).
3.5. Each Buyer independently determines the amount of his personal data, consent to the processing by the Operator of which he gives.
3.6. The Operator, having no objective opportunity and legal grounds for this, does not verify the accuracy of the personal data provided by the Buyers. The Operator assumes that the Buyer provides up-to-date and reliable personal data.
3.7. The Website may contain links to websites of third parties. The Operator is not responsible for the accuracy, completeness and reliability of the information posted on the websites of third parties, and is not responsible for the processing and confidentiality of personal data and other information transmitted by the Buyers on the websites of third parties.
4. Other confidential data when using the Website.
4.1. When using the Website, cookies (Cookies) may be automatically transmitted to the Operator by the Buyer.
4.2. Cookies are pieces of data stored in the browser of a computer, mobile phone or other smartphone, through which you visit websites on the Internet.
4.3. By means of cookies, the Operator may receive the following information from the Buyer: IP address, MAC address, external source of redirection to the Website (including backlinks), php session identifier, identification number of the invitation to the Website as part of referral Pprograms, about the software and equipment used by the Buyer for working on the Internet, about communication channels, about information and materials transmitted and received using the Internet site, about the behavior of the Buyer on the Internet site, as well as other information of a similar nature.
4.4. The buyer has the opportunity to independently delete cookies, as well as prohibit their transmission, using the functionality of the browser he uses.
4.5. Using the Website, the Buyer expresses his consent to the transfer of cookies insofar as he has not implemented the opportunity specified in clause 4.4 of the Policy with respect to the Website.
4.6. In order to improve the quality of the service and ensure the possibility of legal protection, the site administration has the right to store log files about the actions taken by the Buyers as part of the use of the site.
5. Information about the processing of personal data.
5.1. The Operator processes personal data on a legal and fair basis to perform the functions, powers and duties assigned by law, to exercise the rights and legitimate interests of the Operator, Buyers and third parties.
5.2. The operator processes personal data both with the use of automation tools and without the use of such tools.
5.3. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion and destruction.
5.4. The Operator can analyze the Buyer's preferences and monitor consumer behavior using third-party analytics services.
5.6. The Operator processes the personal data of the Buyers for no longer than is required by the purposes of processing personal data, unless otherwise provided by the requirements of the current legislation. The processing of personal data of Buyers is terminated ahead of schedule in case of withdrawal of consent to the processing of personal data.
5.7. After the termination of the processing of the Buyer's personal data provided for in clause 5.6 of the Policy, personal data is subject to destruction in compliance with the requirements established by applicable law.
5.8. Buyers' personal data is stored electronically in the site's personal data information system, as well as in archival copies of the site's databases.
5.9. When storing the Buyers' personal data, organizational and technical measures are taken to ensure their safety and exclude unauthorized access to them. Only employees of the site administration who are allowed to work with the personal data of the Buyers and have signed an agreement on non-disclosure of the personal data of the Buyers can have access to the processing of the personal data of the Buyers. The list of site employees who have access to the personal data of the Buyers is approved by order.
5.10. The site administration may transfer the Buyers' personal data to third parties only if it is necessary in order to prevent a threat to their life and health, as well as in cases established by law.
5.12. When transferring personal data of Buyers, the site administration warns the persons receiving this information that these data can be used only for the purposes for which they are reported, and requires these persons to confirm in writing that this condition has been complied with.
6. Purposes of personal data processing.
6.1. The Operator processes the Buyers' personal data for the following purposes:
6.1. 1. Compliance with legal requirements;
6.1.2. Observance of the rights and legitimate interests of consumers;
6.1.3. Ordering goods by Buyers, if the processing of such personal data is necessary for placing orders for goods;
6.1. 4. Conclusion and execution of the terms of civil law contracts, if the processing of such personal data is necessary for the conclusion and (or) execution of contracts;
6.1.5. Implementation by Buyers of the possibility of using extended access to the Internet site, their functionality, services and materials;
6.1.6. Identification, authorization and registration of Buyers on the Internet site;
6.1.7. Informing about goods, services, special promotions, including advertising, and offers of the Operator and third parties at the discretion of the Operator, including through advertising and (or) information mailings and notifications sent by e-mail, by telephone (including telephone calls and sending text messages), as well asmeans of using instant messengers (messaging programs using the Internet).
6.1. 8. Providing Buyers with effective customer support;
6.1.9. Analysis of the quality of services provided and improvement of the quality of customer service, including through telephone and other surveys.
6.2. For the purposes specified in clause 6.1 of the Policy, personal data specified in clause 3.2 of the Policy may be processed, with the exception of personal data specified in sub-clauses 3.2.2 and 3.2.5 of the Policy, which may be processed only for the purposes specified in sub-clauses 6.1. 1 - 6.1. 4 Policies.
6.3. In order to process the personal data of the Buyers specified in clause 6.2 of the Policy, the Operator, in accordance with the procedure established by the current legislation and on the basis of the consent received in accordance with the Policy, to process the personal data of the Buyers has the right to provide the personal data of the Buyers to third parties. Such third parties have the right to process the personal data of the Buyers in the amount not exceeding that provided by the Policy and subject to strict compliance with the requirements of the Federal Law "On Personal Data".
7. Consent to the processing of personal data.
7.1. The operator processes the personal data of the Buyers with the consents they provide.
7.2. The Operator ensures that Buyers receive express, specific, substantive, informed, conscious, unambiguous and free consents to the processing of their personal data.
7.3. The Buyer's consent to the processing of his personal data can be provided by the Buyer (received by the Operator) in the following ways:
7.3. 1. Written consent of the Buyer, made in a simple written form and (or) in the form of an electronic document signed with an electronic signature in accordance with Federal Law No. 63-FZ of April 6, 2011 "On Electronic Signature";
7.3.2. Consent given at the moment of clicking the "Register" button on the Website, next to the statement "By clicking the "Register" button, I give my consent to the collection and processing of my personal data in accordance with the Policy regarding the processing of personal data."
7.3.3. Consent given at the moment of clicking the "Place an order" button on the website, next to the statement "By clicking the "Place an order" button, I give my consent to the collection and processing of my personal data in accordance with the Policy and accept the terms of the Offer." p>
7.4. The processing of personal data permitted by the Buyer for distribution is carried out on the basis of a separate consent of the Buyer, issued in accordance with the requirements of the Federal Law "On Personal Data".
8. Rights of the subject of personal data.
8.1. The subject of personal data has the following rights:
8.1. 1. To receive personal data relating to this subject and information regarding their processing. The site administration provides Buyers with free free access to their personal data, including the right to receive copies of any record containing their personal data, except as required by law;
8.1.2. To clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
8.1.3. To withdraw his consent to the processing of personal data;
8.1. 4. To protect their rights and legitimate interests, including damages and compensation for moral damage in court;
8.1.5. To appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.
8.2. In order to exercise their rights and legitimate interests, the subject of personal data has the right to contact the Operator or send a request personally or with the help of a representative to the address specified in clause 2.1 of the Policy, or by e-mail from the e-mail address, information about which was previously provided to the Operator, to the following email address of the Operator: firstname.lastname@example.org
9. Information about ensuring the security of personal data by the Operator.
9.1. The operator is responsible for organizing the processing of personal data in order to fulfill the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.
9.2. The operator applies the following set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:
9.2. 1. Provides unlimited access to the Policy, a copy of which is posted at the address of the Operator, the Policy is also posted electronically on the Internetayte;
9.2.2. In pursuance of the Policy, approves and puts into effect the document "Regulations on the processing of personal data" (hereinafter referred to as the "Regulations") and other local acts;
9.2.3. Familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
9.2. 4. Allows employees to access personal data processed in the Operator's information system, as well as to their material carriers only for the performance of work duties;
9.2.5. Sets the rules for access to personal data processed in the Operator's information system, as well as ensures registration and accounting of all actions with them;
9.2.6. Assesses the harm that may be caused to the subjects of personal data in case of violation of the Federal Law "On Personal Data";
9.2.7. Determines threats to the security of personal data during their processing in the information system of the Operator;
9.2. 8. Applies organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;
9.2.9. Carries out the detection of facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them;
9.2. 10. Evaluates the effectiveness of measures taken to ensure the security of personal data before commissioning the Operator's information system;
9.2. 11. Carries out internal control over the compliance of the processing of personal data with the Federal Law "On Personal Data", the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Policy, the Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level security during processing in the information system of the Operator.
9.3. Requirements for premises where personal data is processed:
9.3. 1. Placement of equipment for personal data information systems, special equipment and protection of premises where personal data is processed, organization of a security regime in these premises should ensure the safety of personal data carriers and information protection means, as well as exclude the possibility of uncontrolled entry or stay in these premises unauthorized persons.
9.3.2. Premises in which the technical means of personal data information systems are located or personal data carriers are stored must comply with the fire safety requirements established by the current legislation of the Russian Federation.
9.3.3. In addition to the above measures for special equipment and protection of premises where cryptographic means of protecting information are installed or stored, additional requirements are implemented, determined by the methodological documents of the Federal Security Service of Russia.
9.4. Documents containing personal data Buyers and subject to destruction:
- on paper - destroyed by shredding in a shredder;
- in electronic form - are erased from information media or the media on which information is stored are physically destroyed.
9.5. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of Buyers are subject to disciplinary, material, civil, administrative and criminal liability in the manner prescribed by the current legislation of the Russian Federation.
9.6. Moral damage caused to the Buyer as a result of a violation of his rights, a violation of the rules for processing personal data established by the Federal Law "On Personal Data", as well as requirements for the protection of personal data established in accordance with the said Federal Law, is subject to compensation in accordance with the legislation of the Russian Federation. Compensation for moral damage is carried out regardless of compensation for property damage and losses incurred by the Buyer.
10. Change Policy.
10.1. The Operator reserves the right to amend the Policy at any time. The use by the Buyer of the Internet site, after making any changes to the current Policy, means acceptance of these changes.