Privacy statement
1. General
This privacy statement, drawn up in accordance with the requirements of the Federal Law of 27.07.2006. No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law), defines the procedure for personal data processing and the measures taken by OOO Digital Evolution (hereinafter referred to as “the Operator”) to ensure the security of personal data.
1.1. The Operator considers the observance of human and civil rights and freedoms during the processing of personal data, including the protection of the rights to privacy, personal and family secrecy to be the most important goal and condition of the Operator’s activities.
1.2.This Operator's privacy policy (hereinafter referred to as “the Policy”) applies to all information that the Operator may obtain about the visitors of the website https://tehzor.com.
2. Basic concepts used in the Policy statement
2.1. Automated processing of personal data means processing of personal data by means of computer technology.
2.2. Blocking of personal data means temporary cessation of personal data processing (except for cases when processing is needed for personal data specification).
2.3. Website means a collection of pages of information at the network address https://tehzor.com with related content, as well as computer programs and databases, ensuring their availability on the Internet.
2.4. Personal data information system means a collection of personal data stored in databases as well as hardware and software used for their processing.
2.5. De-identification of personal data means actions that result in the impossibility to determine the belonging of personal data to a particular User or other data subject without resorting to additional information (in some sources referred to as “anonymization” or “depersonalization of personal data”).
2.6. Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, rectification (updating, alteration), retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, de-identification, restriction, erasure or destruction.
2.7. Operator means a natural person or legal entity, state or municipal authority, agency or other body which, independently or jointly with others, organizes and(or) carries out processing of personal data, as well as determines the purposes of the processing of personal data, the categories of personal data subject to processing, the operations performed on personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of https://tehzor.com.
2.9. Personal data allowed by the data subject to be disseminated means the personal data to which an unlimited number of persons have been given access by the data subject by consenting to the processing of personal data in the manner prescribed by the Personal Data Law (hereinafter referred to as personal data allowed for dissemination).
2.10. User means any visitor of the website https://tehzor.com (hereinafter also referred to as ‘data subject’).
2.11. Provision of personal data means any actions related to making the personal data available to a definite person or a definite group of persons.
2.12. Dissemination of personal data means any actions related to the making of the personal data available to an indefinite number of persons (transfer of personal data), including disclosure of the personal data in mass media, their publication in information and telecommunication networks or any other ways of providing access to the personal data.
2.13. Cross-border transfer of personal data means transfer of personal data into the territory of a foreign state, to a foreign government authority, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data means any actions resulting in personal data being irretrievably erased, with the impossibility of further recovery of their content in the personal data information system, and(or) in the tangible medium of personal data being destroyed.
3. General rights and obligations of the Operator
3.1. The Operator shall have the following rights:
– to obtain reliable information and(or) documents containing personal data from the data subject;
– in case the data subject withdraws his/her consent to personal data processing, the Operator has the right to continue personal data processing without the consent of the data subject there being legal grounds specified in the Personal Data Law;
– to independently determine the composition and range of measures necessary and sufficient to ensure the fulfillment of obligations laid down in the Personal Data Law and normative legal acts adopted in accordance with that law, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator shall:
– upon the data subject’s request, provide that data subject with information regarding the processing of his/her personal data;
– organize the processing of personal data in accordance with the procedure established by the current legislation of the Russian Federation;
– respond to appeals and requests of data subjects and their legal representatives as required by the Personal Data Law;
– upon the request of the authorized body for the protection of data subject rights, supply necessary information to that body within 30 days from the date of receipt of that request;
– publish or otherwise provide unrestricted access to this Policy on personal data processing;
– take legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, disclosure, dissemination of personal data, as well as from other unlawful actions against personal data;
– cease transfer (dissemination, disclosure, access) of personal data, stop processing and erase personal data in the manner and cases laid down in the Personal Data Law;
– fulfill other obligations laid down in the Personal Data Law.
4. General rights and obligations of data subject
4.1. Data subjects shall have the following rights:
– to receive information regarding the processing of their personal data, except as otherwise provided for by federal laws. That information shall be provided to the data subject by the Operator in an accessible form and shall not contain personal data relating to other data subjects, except where there are legal grounds for disclosure of such personal data. The range of information and the procedure for obtaining that information is established by the Personal Data Law;
– to require the Operator to rectify, block or erase their personal data supplied before in case the personal data is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
– to impose the condition of prior consent to processing their personal data for the purposes of market promotion of goods, work and services;
– to withdraw the consent to the processing of their personal data;
– to appeal against unlawful acts or inaction of the Operator in the processing of their personal data to the authorized body for the protection of data subject rights or in court;
– to exercise other rights provided for by the legislation of the Russian Federation.
4.2. Data subjects shall be obliged:
– to provide the Operator with reliable data about themselves;
– to notify the Operator about updating and(or) alteration of their personal data.
4.3. Persons who have provided the Operator with inaccurate information about themselves or information about another data subject without the consent of the latter shall be held liable in accordance with the legislation of the Russian Federation.
5. The Operator may process the following personal data of the User:
5.1. Surname, first name, patronymic (if any).
5.2. E-mail address.
5.3. Telephone numbers.
5.4. The website also collects and processes de-identified data about the visitors (including cookies) using Internet statistics services (Yandex Metrica, Google Analytics, etc.).
5.5. The aforementioned data are hereinafter united by the general term “personal data”.
5.6. The Operator shall not process special categories of personal data concerning race, ethnicity, political opinions, religious or philosophical beliefs, private life.
5.7. Processing of personal data allowed for dissemination from the list of special categories of personal data specified in Article 10.1 of the Personal Data Law is allowed in case the prohibitions and conditions provided for in Article 10.1 of the Personal Data Law are observed.
5.8. The User's consent to the processing of his/her personal data allowed for dissemination shall be obtained separately from other consents to the processing of his/her personal data. In this case, the conditions stipulated by the Personal Data Law, by Article 10.1 of that law in particular, shall be observed. The requirements for the content of such consent statement shall be established by the authorized body for the protection of data subject rights.
5.8.1 The Operator shall obtain the consent to the processing of personal data allowed for dissemination directly from the User.
5.8.2 Within three working days from the moment of obtaining the said consent of the User, The Operator shall be obliged to publish information about the conditions of processing, prohibitions and conditions for the processing of personal data allowed for dissemination to an unlimited number of persons.
5.8.3 The transfer (dissemination, disclosure, access) of personal data allowed by the data subject for dissemination shall be terminated at any time at the request of the data subject. This request shall include the surname, first name, patronymic (if any), contact details (telephone number, e-mail address or postal address) of the data subject, as well as the list of personal data whose processing is to be terminated. The personal data specified in the said request may be processed only by the Operator to whom it has been provided.
5.8.4 The consent to the processing of personal data allowed for dissemination shall cease to have effect upon receipt of the request specified in clause 5.8.3 of this Policy on Personal Data Processing.
6. Principles relating to processing of personal data
6.1. Personal data shall be processed lawfully and fairly.
6.2. Personal data shall be collected and processed for specified, predetermined and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
6.3. Databases containing personal data processed for incompatible purposes shall not be merged.
6.4. Only the personal data that meet the purposes of their processing shall be processed.
6.5. The content and amount of processed personal data shall correspond to the stated purposes of processing. The processed personal data shall be limited to what is necessary in relation to the purposes for which they are processed.
6.6. The Operator shall ensure that personal data are accurate, sufficient and, where necessary, kept up to date, having regard to the purposes for which they are processed, as well as shall take the necessary measures and/or ensure that such measures are taken to erase or rectify incomplete or inaccurate data.
6.7. Personal data shall be kept in a form which permits the identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed, unless the period for storage of the personal data is established by federal laws or a contract to which the data subject is a party, beneficiary or guarantor. The personal data processed by the Operator shall be erased or de-identified when the purposes of that processing are achieved or in case the achievement of those purposes is no longer necessary, unless otherwise provided for by federal laws.
7. Purposes of personal data processing
7.1. The Operator shall process the User's personal data for the following purposes:
– to provide consultations to the User;
– to grant the User access to the services, information and/or materials contained on the website https://tehzor.com;
– to inform the User via e-mails;
– to establish feedback with the User particularly through sending notifications and inquiries regarding the use of the website https://tehzor.com, as well as delivering services, processing requests and applications from the User.
7.2. The Operator shall also have the right to send newsletters about new products and services, special offers and various events to the User. The User may refuse to receive the said newsletters at any time by sending a letter to the Operator to the e-mail address info@tehzor.ru with the subject "Refusal to receive newsletters".
7.3. The de-identified data of Users collected through Internet statistics services shall be intended to collect information about Users' actions on the website, to improve the quality of the website and its content.
8. Legal basis of personal data processing
8.1. The Operator shall process personal data on the basis of:
– the Operator's constitutional documents;
– Federal Law "On Information, Information Technologies and the Protection of Information" of 27.07.2006 No. 149-FZ;
– other federal laws and legal acts in the field of personal data protection
– the Users' consents to the processing of their personal data, to the processing of personal data allowed for dissemination.
8.2. The Operator shall process the User's personal data provided that those data are obtained directly from the User via special forms located on the website https://tehzor.com or sent to the Operator by e-mail. By filling in the said forms and(or) sending his/her personal data to the Operator, the User accepts this Policy.
8.3. The Operator shall process de-identified data about the User in case the User's browser settings allow that (cookies and JavaScript technology enabled).
8.4. The data subject shall independently decide on the provision of his/her personal data and give consent freely and in his/her own interest.
9. Conditions for personal data processing
9.1. The processing of personal data shall be carried out with the consent of the data subject to the processing of his/her personal data.
9.2. The processing of personal data shall be required for achieving purposes stipulated by an international agreement or by a law of the Russian Federation, or for exercise and fulfillment of the functions, powers and obligations imposed on the Operator by the legislation of the Russian Federation.
9.3. The processing of personal data shall be required for administration of justice or enforcement of a judicial act or an act of another body or official subject which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings.
9.4. The processing of personal data shall be required for performance of an agreement to which the data subject is a party, beneficiary or guarantor, as well as for conclusion of an agreement initiated by the data subject or an agreement under which the data subject shall be a beneficiary or guarantor.
9.5. The processing of personal data shall be required for realization of the rights and legitimate interests of the Operator or third parties or for the performance of the task carried out in the public interest, provided that this not cause the rights and freedoms of the data subject to be violated.
9.6. The processing of personal data shall be carried out provided that access to those data has been granted by the data subject or at his/her request (hereinafter referred to as publicly available personal data).
9.7. The personal data subject to publication or mandatory disclosure in accordance with federal law shall be processed.
10. Framework for collection, storage, transfer and other types of personal data processing
The security of personal data processed by the Operator shall be ensured by implementing legal, organizational and technical measures which are necessary for full compliance with the requirements of the current legislation in the field of personal data protection.
10.1. The Operator shall ensure safety of personal data and take all possible measures to exclude access to personal data by unauthorized persons.
10.2. Under no circumstances, the User's personal data shall be transferred to third parties, except in cases related to the execution of the current legislation or if the data subject has given his/her consent to the Operator to transfer the data to a third party for the fulfillment of the Operator’s obligations under a civil law contract.
10.3. If any inaccuracies are detected in his/her personal data, the User may update those data independently by sending a notice to the Operator to the Operator's e-mail address info@tehzor.ru with the subject "Personal data update".
10.4. The period for personal data processing shall be determined by the achievement of the purposes for which the personal data have been collected, unless another period is stipulated by the contract or applicable law.
The User may withdraw his/her consent to the processing of personal data at any time by sending a notice to the Operator to the e-mail address info@tehzor.ru with the subject "Withdrawal of consent to personal data processing"
10.5. All information which is collected by third-party services, including payment systems, means of communication and other service providers, is stored and processed by these persons (Operators) in accordance with the User Agreement and Privacy Policy thereof. The data subject and(or) User shall be obliged to familiarize himself/herself with the said documents in a timely manner. The Operator shall not be responsible for the actions of third parties, including the service providers specified in this clause.
10.6. The prohibitions established by the data subject on the transfer (except for granting access), as well as on the processing or conditions of processing (except for access) of the personal data allowed for dissemination shall not apply in cases when personal data are processed in the state and(or) public interests defined by the law of the Russian Federation.
10.7. The Operator shall observe the confidentiality of personal data and ensure that personal data remain secure while being processed.
10.8. The Operator shall store personal data in a form that allows to identify the data subject for no longer than required by the purposes for which the personal data are processed, unless the period for personal data storage is established by federal laws or a contract to which the data subject is a party, beneficiary or guarantor.
10.9. The condition for termination of personal data processing may be the achievement of the purposes for which the personal data are processed, the expiration of the data subject's consent or withdrawal of that consent by the data subject, as well as detection of unlawful processing of the personal data.
11. List of actions performed by the Operator with the obtained personal data
11.1. The Operator shall collect, record, systematize, accumulate, store, rectify (update, alter), retrieve, use, transfer (disseminate, disclose, grant access), de-identify, block, delete and erase personal data.
11.2. The Operator shall perform automated processing of personal data with receiving and(or) with or without transmitting the received information via information and telecommunication networks.
12. Cross-border transfer of personal data
12.1. Before commencing the cross-border transfer of personal data, the Operator shall be obliged to satisfy itself that the foreign state into whose territory personal data are to be transferred provides an adequate level of protection of data subject rights.
12.2. The cross-border transfer of personal data into the territories of foreign states which do not meet the above requirements may be carried out only in cases where the data subject consents in writing to the cross-border transfer of his/her personal data and(or) for the purpose of the fulfillment of a contract to which the data subject is a party.
13. Confidentiality of personal data
The Operator and other persons who have obtained access to personal data shall be obliged to refrain from disclosing to third parties and disseminating those personal data without the consent of the data subject, unless otherwise provided by federal laws.
14. Final provisions
14.1. The User may obtain any explanations and(or) clarifications on matters regarding the processing of his/her personal data by contacting the Operator via e-mail at info@tehzor.ru.
14.2. This statement will reflect any changes to the Operator's policy for personal data processing. The Policy is valid indefinitely until it is replaced by a new version.
14.3. The current version of the Policy is freely available on the Internet at https://tehzor.com.