policy privacy
1. GENERAL PROVISIONS
1.1. This document defines the policy of Individual Entrepreneur Sulina Alina Vitalievna (hereinafter referred to as the Operator) regarding the processing of personal data (hereinafter referred to as the Policy).
1.2. The policy on the processing of personal data has been developed in accordance with the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as the Personal Data Law), as well as in accordance with other federal laws and subordinate acts of the Russian Federation that define the instances and specifics of processing personal data and ensuring the security and confidentiality of such information (hereinafter referred to as Personal Data Legislation). The processing of personal data is carried out on the territory of the Russian Federation.
1.3. Upon providing their personal data to the Operator, natural persons become personal data subjects. Personal data subjects enter into relations with the Operator solely of their own free will and initiative.
1.4. The Operator protects personal data and takes appropriate measures to safeguard the personal data received from personal data subjects in accordance with the current legislation of the Russian Federation.
1.5. This Policy has been developed to implement the requirements of personal data legislation and applies to all actions and operations performed by the Operator with the personal data of personal data subjects, including, but not limited to: personal data received from visitors to the website on the internet at https://sulinadesign.ru/ (hereinafter referred to as the Website), the terms of use of which reference this Policy (hereinafter referred to as personal data subjects or PD subjects).
1.6. The Policy establishes the purposes of personal data processing, the classification of personal data and personal data subjects, and defines the procedure and conditions for processing personal data and measures to ensure the security of personal data in relation to information that the Operator may receive from personal data subjects, including visitors (hereinafter referred to as the User) during their use of the Website.
1.7. In accordance with this Policy, the Operator processes personal data both with and without the use of automation tools. The Operator may not process personal data with the purpose of causing material or moral harm to personal data subjects or hindering the exercise of their rights and freedoms. The processing of personal data must be carried out until the lawful, specific, and predetermined purposes are achieved, and must be performed with respect to those personal data and only to the extent that they correspond to the purposes of processing.
1.8. The Operator does not disclose personal data to third parties or disseminate it without the consent of the personal data subject (unless otherwise provided by federal law of the Russian Federation).
1.9. In cases where the Operator entrusts the processing of personal data to other persons, all requirements of the Personal Data Law stipulated for entrusting the processing of personal data to third parties are complied with.
1.10. The provisions of this Policy form the basis for organizing the Operator's work on personal data processing, including the development of internal regulatory documents governing the Operator's personal data processing, and are mandatory for the Operator to comply with.
1.11. The use of the Website and the provision of personal data to the Operator signify the User's unconditional consent to this Policy and the terms of personal data processing. In case of disagreement (full or partial) with the terms of the Policy, the User must stop using the Website.
1.12. The Website https://sulinadesign.ru/ (hereinafter referred to as the Website) may contain hyperlinks to other websites provided by third parties. The Operator does not control third-party websites or the information posted on third-party websites. The Operator is not responsible for the protection and confidentiality of any information provided by a personal data subject on third-party websites after they have left the Operator's website.
1.13. The Operator receives personal data directly provided by the User. The transfer of personal data by the User to the Operator through web forms for data collection (applications, feedback, subscriptions, etc.) signifies the User's consent to the transfer of their personal data.
1.14. The Operator does not verify the authenticity of the personal data provided. All information provided by the User that allows their direct or indirect identification is considered by the Operator as correct personal data.
1.15. The User confirms that all data they have provided belongs personally to them and that in the event of providing information about other individuals, they confirm that they are transferring personal data with the consent of those individuals to the Operator on the basis of Part 8, Article 9, Clause 5, Part 1, Article 6 of the Personal Data Law.
1.16. The Operator does not control and is not responsible for the websites of third parties that the User may access via links available on the Website.
1.17. The Operator uses "cookies" technology to create statistical reports. When the User visits the Website, the Operator, through cookies, determines which pages the User has visited, what was downloaded, the name of the User's Internet service provider's domain, the country, and the selected transitions from one page to another, as well as the addresses of third-party websites from which the transition to the Website was made. The information contained in cookies is not personal data, as it does not contain the User's email address or any personal information about the User.
1.18. The Operator conducts its business at the address: Russia, 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31.
1.19. In case of any questions regarding this Policy, the User may contact the person responsible for organizing the processing of personal data by sending an email to hello@sulinadesign.com with the subject line "Personal Data Request".
1.20. All matters not regulated by this Personal Data Processing Policy are governed by the current legislation of the Russian Federation.
1.21. The Operator undertakes to comply with the norms of the legislation of the Russian Federation in the field of personal data protection and processing.
1.2. The policy on the processing of personal data has been developed in accordance with the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as the Personal Data Law), as well as in accordance with other federal laws and subordinate acts of the Russian Federation that define the instances and specifics of processing personal data and ensuring the security and confidentiality of such information (hereinafter referred to as Personal Data Legislation). The processing of personal data is carried out on the territory of the Russian Federation.
1.3. Upon providing their personal data to the Operator, natural persons become personal data subjects. Personal data subjects enter into relations with the Operator solely of their own free will and initiative.
1.4. The Operator protects personal data and takes appropriate measures to safeguard the personal data received from personal data subjects in accordance with the current legislation of the Russian Federation.
1.5. This Policy has been developed to implement the requirements of personal data legislation and applies to all actions and operations performed by the Operator with the personal data of personal data subjects, including, but not limited to: personal data received from visitors to the website on the internet at https://sulinadesign.ru/ (hereinafter referred to as the Website), the terms of use of which reference this Policy (hereinafter referred to as personal data subjects or PD subjects).
1.6. The Policy establishes the purposes of personal data processing, the classification of personal data and personal data subjects, and defines the procedure and conditions for processing personal data and measures to ensure the security of personal data in relation to information that the Operator may receive from personal data subjects, including visitors (hereinafter referred to as the User) during their use of the Website.
1.7. In accordance with this Policy, the Operator processes personal data both with and without the use of automation tools. The Operator may not process personal data with the purpose of causing material or moral harm to personal data subjects or hindering the exercise of their rights and freedoms. The processing of personal data must be carried out until the lawful, specific, and predetermined purposes are achieved, and must be performed with respect to those personal data and only to the extent that they correspond to the purposes of processing.
1.8. The Operator does not disclose personal data to third parties or disseminate it without the consent of the personal data subject (unless otherwise provided by federal law of the Russian Federation).
1.9. In cases where the Operator entrusts the processing of personal data to other persons, all requirements of the Personal Data Law stipulated for entrusting the processing of personal data to third parties are complied with.
1.10. The provisions of this Policy form the basis for organizing the Operator's work on personal data processing, including the development of internal regulatory documents governing the Operator's personal data processing, and are mandatory for the Operator to comply with.
1.11. The use of the Website and the provision of personal data to the Operator signify the User's unconditional consent to this Policy and the terms of personal data processing. In case of disagreement (full or partial) with the terms of the Policy, the User must stop using the Website.
1.12. The Website https://sulinadesign.ru/ (hereinafter referred to as the Website) may contain hyperlinks to other websites provided by third parties. The Operator does not control third-party websites or the information posted on third-party websites. The Operator is not responsible for the protection and confidentiality of any information provided by a personal data subject on third-party websites after they have left the Operator's website.
1.13. The Operator receives personal data directly provided by the User. The transfer of personal data by the User to the Operator through web forms for data collection (applications, feedback, subscriptions, etc.) signifies the User's consent to the transfer of their personal data.
1.14. The Operator does not verify the authenticity of the personal data provided. All information provided by the User that allows their direct or indirect identification is considered by the Operator as correct personal data.
1.15. The User confirms that all data they have provided belongs personally to them and that in the event of providing information about other individuals, they confirm that they are transferring personal data with the consent of those individuals to the Operator on the basis of Part 8, Article 9, Clause 5, Part 1, Article 6 of the Personal Data Law.
1.16. The Operator does not control and is not responsible for the websites of third parties that the User may access via links available on the Website.
1.17. The Operator uses "cookies" technology to create statistical reports. When the User visits the Website, the Operator, through cookies, determines which pages the User has visited, what was downloaded, the name of the User's Internet service provider's domain, the country, and the selected transitions from one page to another, as well as the addresses of third-party websites from which the transition to the Website was made. The information contained in cookies is not personal data, as it does not contain the User's email address or any personal information about the User.
1.18. The Operator conducts its business at the address: Russia, 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31.
1.19. In case of any questions regarding this Policy, the User may contact the person responsible for organizing the processing of personal data by sending an email to hello@sulinadesign.com with the subject line "Personal Data Request".
1.20. All matters not regulated by this Personal Data Processing Policy are governed by the current legislation of the Russian Federation.
1.21. The Operator undertakes to comply with the norms of the legislation of the Russian Federation in the field of personal data protection and processing.
2. KEY TERMS, CONCEPTS, AND DEFINITIONS
2.1. For the purposes of applying and interpreting this Policy, the key terms defined below are used (unless otherwise expressly stated in the Policy). In the text of the Policy, these terms may be capitalized or in lowercase, in the singular or plural.
2.1.1. Personal data (PD) - any information relating directly or indirectly to an identified or identifiable natural person (personal data subject).
2.1.2. Personal data operator (Operator) - Individual Entrepreneur Sulina Alina Vitalievna, OGRNIP: 321366800062490, INN: 366227059207, legal address: 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31, who manages the Website and provides Services to Users.
2.1.3. Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.1.4. Automated processing of personal data - the processing of personal data using computer technology.
2.1.5. Non-automated processing of personal data - the processing of personal data carried out with the direct participation of a person without the use of automation tools.
2.1.6. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons.
2.1.7. Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.1.8. Blocking of personal data - temporary suspension of personal data processing (except in cases where processing is necessary to clarify the personal data).
2.1.9. Destruction of personal data - actions that make it impossible to restore the content of personal data in a personal data information system and/or as a result of which the physical carriers of personal data are destroyed.
2.1.10. Anonymization of personal data - actions that make it impossible to determine the ownership of personal data to a specific personal data subject without the use of additional information.
2.1.11. Personal data information system (PDIS) - a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.1.12. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to a state authority of a foreign state, a foreign natural person, or a foreign legal entity.
2.1.13. Public source of personal data - an object where publicly available data is located (directories, address books, etc.).
2.1.14. Publicly available personal data (personal data made publicly available by the personal data subject) - personal data that, as a result of the personal data subject's actions aimed at making information about themselves publicly available, has become accessible to an unlimited number of persons. The action of the personal data subject is expressed either in a request to someone to post personal data in a place accessible to an unlimited number of persons or in the independent posting of this information.
2.1.15. Restricted-access personal data - personal data of personal data subjects that are subject to protection in the manner established by the legislation of the Russian Federation.
2.1.16. Special categories of personal data - personal data of personal data subjects concerning racial, ethnic origin, political views, religious or philosophical beliefs, health status, intimate life, and criminal record.
2.1.17. Biometric personal data - information characterizing the physiological and biological features of a personal data subject, on the basis of which their identity can be established and which are used by the Operator to establish the identity of the personal data subject.
2.1.18. Confidentiality of personal data - a mandatory requirement for the Operator and other persons who have gained access to personal data not to disclose personal data to third parties or disseminate it without the consent of the personal data subject, unless otherwise provided by federal law.
2.1.19. Information carrier containing PD - any physical object capable of storing (carrying) information in its structure for a sufficiently long time for transmission in time and space:
2.1.20. Personal data subject - a natural person who is directly or indirectly identified or identifiable through personal data.
2.1.21. Client - a natural or legal person who has applied to the Operator for the provision of services.
2.1.22. Counterparty - an adult who has entered into a civil law contract with the Operator or intends to enter into such a contract, as well as a person who is a representative of a legal entity that has entered into or intends to enter into a civil law contract with the Operator.
2.1.23. Civil law contract (Contract) - an agreement between the Operator and a natural person (or persons) or a legal entity (or entities) on the establishment, modification, or termination of civil rights and obligations.
2.1.24. Personal data security - the state of protection of personal data, characterized by the ability of users, technical means, and information technologies to ensure the confidentiality, integrity, and availability of personal data during their processing in personal data information systems.
2.1.25. Personal data protection regime - legally established rules that define restrictions on access to personal data, the procedure for their transfer, and the conditions for their storage.
2.1.26. Personal data protection - a set of technical, organizational, and organizational-technical measures aimed at protecting information related to an identified or identifiable personal data subject based on such information.
2.1.27. Permission for personal data processing - the procedure for formalizing the right to access personal data.
2.1.28. Access to personal data - the possibility of processing personal data.
2.1.29. Collection of personal data - obtaining personal data directly from the primary source, i.e., from the personal data subject.
2.1.30. PD Legislation - the Constitution of the Russian Federation, Federal Law No. 152, and other regulatory legal acts governing relations related to the processing of PD.
2.1.31. User - a person who has access to and uses the Website via the Internet and has provided their personal data to the Operator by filling out feedback forms, placing orders, subscribing to announcements, or receiving reference information.
2.1.32. Operator's Website - the website https://sulinadesign.ru/, as well as other currently existing Operator websites, the terms of use of which refer to this Policy, as well as any development thereof and/or the addition of new ones, including subdomains of the Website, the terms of use of which refer to this Policy, as well as application programming interfaces (APIs) used to implement legal relations between the Operator and PD subjects.
2.1.33. Services - programs, services, products, functions, interfaces, web forms hosted on the Website, including, but not limited to:
2.1.34. Cookie files - data that is transferred during the use of the Website using software installed on the PD subject's device, including IP address, information about the browser (or other program through which the Website is accessed), technical characteristics of the equipment and software used by the PD subject, the date and time of access to the Website, the date and time of acceptance of offers posted on the Website, information about the history of purchases on the Website, as well as when using the Services, the addresses of the requested pages, and other similar information.
2.1.1. Personal data (PD) - any information relating directly or indirectly to an identified or identifiable natural person (personal data subject).
2.1.2. Personal data operator (Operator) - Individual Entrepreneur Sulina Alina Vitalievna, OGRNIP: 321366800062490, INN: 366227059207, legal address: 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31, who manages the Website and provides Services to Users.
2.1.3. Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.1.4. Automated processing of personal data - the processing of personal data using computer technology.
2.1.5. Non-automated processing of personal data - the processing of personal data carried out with the direct participation of a person without the use of automation tools.
2.1.6. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons.
2.1.7. Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.1.8. Blocking of personal data - temporary suspension of personal data processing (except in cases where processing is necessary to clarify the personal data).
2.1.9. Destruction of personal data - actions that make it impossible to restore the content of personal data in a personal data information system and/or as a result of which the physical carriers of personal data are destroyed.
2.1.10. Anonymization of personal data - actions that make it impossible to determine the ownership of personal data to a specific personal data subject without the use of additional information.
2.1.11. Personal data information system (PDIS) - a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
2.1.12. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to a state authority of a foreign state, a foreign natural person, or a foreign legal entity.
2.1.13. Public source of personal data - an object where publicly available data is located (directories, address books, etc.).
2.1.14. Publicly available personal data (personal data made publicly available by the personal data subject) - personal data that, as a result of the personal data subject's actions aimed at making information about themselves publicly available, has become accessible to an unlimited number of persons. The action of the personal data subject is expressed either in a request to someone to post personal data in a place accessible to an unlimited number of persons or in the independent posting of this information.
2.1.15. Restricted-access personal data - personal data of personal data subjects that are subject to protection in the manner established by the legislation of the Russian Federation.
2.1.16. Special categories of personal data - personal data of personal data subjects concerning racial, ethnic origin, political views, religious or philosophical beliefs, health status, intimate life, and criminal record.
2.1.17. Biometric personal data - information characterizing the physiological and biological features of a personal data subject, on the basis of which their identity can be established and which are used by the Operator to establish the identity of the personal data subject.
2.1.18. Confidentiality of personal data - a mandatory requirement for the Operator and other persons who have gained access to personal data not to disclose personal data to third parties or disseminate it without the consent of the personal data subject, unless otherwise provided by federal law.
2.1.19. Information carrier containing PD - any physical object capable of storing (carrying) information in its structure for a sufficiently long time for transmission in time and space:
- physical carrier (paper, film and photographic film, magnetic tape, etc.);
- electronic information carrier (external flash drive, removable hard disk drive, flexible magnetic disk, and optical compact disk).
2.1.20. Personal data subject - a natural person who is directly or indirectly identified or identifiable through personal data.
2.1.21. Client - a natural or legal person who has applied to the Operator for the provision of services.
2.1.22. Counterparty - an adult who has entered into a civil law contract with the Operator or intends to enter into such a contract, as well as a person who is a representative of a legal entity that has entered into or intends to enter into a civil law contract with the Operator.
2.1.23. Civil law contract (Contract) - an agreement between the Operator and a natural person (or persons) or a legal entity (or entities) on the establishment, modification, or termination of civil rights and obligations.
2.1.24. Personal data security - the state of protection of personal data, characterized by the ability of users, technical means, and information technologies to ensure the confidentiality, integrity, and availability of personal data during their processing in personal data information systems.
2.1.25. Personal data protection regime - legally established rules that define restrictions on access to personal data, the procedure for their transfer, and the conditions for their storage.
2.1.26. Personal data protection - a set of technical, organizational, and organizational-technical measures aimed at protecting information related to an identified or identifiable personal data subject based on such information.
2.1.27. Permission for personal data processing - the procedure for formalizing the right to access personal data.
2.1.28. Access to personal data - the possibility of processing personal data.
2.1.29. Collection of personal data - obtaining personal data directly from the primary source, i.e., from the personal data subject.
2.1.30. PD Legislation - the Constitution of the Russian Federation, Federal Law No. 152, and other regulatory legal acts governing relations related to the processing of PD.
2.1.31. User - a person who has access to and uses the Website via the Internet and has provided their personal data to the Operator by filling out feedback forms, placing orders, subscribing to announcements, or receiving reference information.
2.1.32. Operator's Website - the website https://sulinadesign.ru/, as well as other currently existing Operator websites, the terms of use of which refer to this Policy, as well as any development thereof and/or the addition of new ones, including subdomains of the Website, the terms of use of which refer to this Policy, as well as application programming interfaces (APIs) used to implement legal relations between the Operator and PD subjects.
2.1.33. Services - programs, services, products, functions, interfaces, web forms hosted on the Website, including, but not limited to:
- access to electronic content on a free and/or paid basis;
- access to search and navigation tools of the Website;
- access to information about goods and services and information about the terms of acquisition;
- other types of services implemented on the pages of the Website.
2.1.34. Cookie files - data that is transferred during the use of the Website using software installed on the PD subject's device, including IP address, information about the browser (or other program through which the Website is accessed), technical characteristics of the equipment and software used by the PD subject, the date and time of access to the Website, the date and time of acceptance of offers posted on the Website, information about the history of purchases on the Website, as well as when using the Services, the addresses of the requested pages, and other similar information.
3. PURPOSES OF PERSONAL DATA COLLECTION AND PROCESSING
3.1. To ensure compliance with the labor legislation of the Russian Federation.
3.2. To ensure compliance with the tax legislation of the Russian Federation.
3.3. To conduct personnel and accounting records.
3.4. To promote goods, works, and services in the market.
3.5. To prepare, conclude, and execute a civil law contract.
3.6. To ensure communication with the personal data subject, including establishing feedback with the User, including sending notifications, messages, requests, and information related to the use of the Website, the provision of Services and/or the use of Services, the execution of agreements and contracts with the User), processing requests and orders from the User.
3.2. To ensure compliance with the tax legislation of the Russian Federation.
3.3. To conduct personnel and accounting records.
3.4. To promote goods, works, and services in the market.
3.5. To prepare, conclude, and execute a civil law contract.
3.6. To ensure communication with the personal data subject, including establishing feedback with the User, including sending notifications, messages, requests, and information related to the use of the Website, the provision of Services and/or the use of Services, the execution of agreements and contracts with the User), processing requests and orders from the User.
3.7. To collect cookie files for website traffic analysis, content personalization, user settings memory, and functional improvement.
4. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
4.1. The legal grounds for processing personal data are:
- "The Labor Code of the Russian Federation" dated December 30, 2001, No. 197-FZ, "The Tax Code of the Russian Federation," and other regulatory legal acts of the Russian Federation that regulate labor, civil law, tax, and other legal relations;
- the Operator's internal regulatory acts;
- contracts concluded between the Operator and the personal data subject;
- the consent of personal data subjects to the processing of their personal data;
- the processing of personal data is necessary to achieve the purposes stipulated by an international treaty of the Russian Federation or by law, for the exercise and performance of the functions, powers, and duties assigned to the operator by the legislation of the Russian Federation;
- the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or a beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor. A contract concluded with a personal data subject may not contain provisions that restrict the rights and freedoms of the personal data subject.
5. CATEGORIES OF PERSONAL DATA SUBJECTS
5.1. Categories of subjects whose personal data are processed:
5.2. Personal data includes any information relating directly or indirectly to an identified or identifiable natural person (PD Subject), processed by the Operator to achieve predetermined purposes, including, but not limited to:
5.2.1. For the purposes specified in Section 3 of the Policy, the Personal Data Subject expresses their consent to the processing of the following personal data:
5.2.2. For the purposes specified in Section 3 of the Policy, the Operator, with the Consent of Users of the Website and related websites, processes the following personal data:
5.3. The content and scope of the processed personal data correspond to the declared purposes of processing. For each purpose of personal data processing, the Operator approves the scope, categories, and lists of processed personal data, categories of personal data subjects, as well as the methods, terms of their processing and storage, and the procedure for the destruction of personal data upon achievement of the processing purposes or upon the occurrence of legal grounds.
- Employees;
- Counterparties;
- Representatives of counterparties;
- Clients;
- Beneficiaries under contracts;
- Website visitors;
- Other categories of personal data subjects whose personal data are processed.
5.2. Personal data includes any information relating directly or indirectly to an identified or identifiable natural person (PD Subject), processed by the Operator to achieve predetermined purposes, including, but not limited to:
5.2.1. For the purposes specified in Section 3 of the Policy, the Personal Data Subject expresses their consent to the processing of the following personal data:
- last name, first name, patronymic (listed together or separately);
- date of birth;
- month of birth;
- year of birth;
- income;
- place of birth;
- gender;
- email address;
- residential address;
- registration address;
- phone number;
- SNILS (Individual Insurance Account Number);
- TIN (Taxpayer Identification Number);
- citizenship;
- details of the identity document;
- bank card details;
- current account number;
- profession;
- position;
- information about employment (including work experience, current employment data with the name and current account of the organization);
- attitude to military service, information on military registration;
- information on education;
- other personal data.
5.2.2. For the purposes specified in Section 3 of the Policy, the Operator, with the Consent of Users of the Website and related websites, processes the following personal data:
- last name, first name, patronymic (listed together or separately)
- phone number;
- and any information related to the User's identity that the User wishes to leave on the Website.
5.3. The content and scope of the processed personal data correspond to the declared purposes of processing. For each purpose of personal data processing, the Operator approves the scope, categories, and lists of processed personal data, categories of personal data subjects, as well as the methods, terms of their processing and storage, and the procedure for the destruction of personal data upon achievement of the processing purposes or upon the occurrence of legal grounds.
6. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING
6.1. The Operator processes personal data in compliance with the principles and rules stipulated by the Personal Data Law. The Operator processes personal data (PD) if at least one of the following conditions is met:
6.2. The Operator does not disclose personal data to third parties or disseminate it without the consent of the personal data subject (unless otherwise provided by federal law of the Russian Federation).
6.3. The Operator does not process special categories of personal data concerning racial, ethnic origin, political views, religious or philosophical beliefs, health status, intimate life, or criminal record.
6.4. The Operator does not process biometric personal data containing information that characterizes the physiological and biological features of a person, allowing their identity to be established.
6.5. The Operator does not perform cross-border transfers of personal data.
6.6. The Operator does not make decisions that create legal consequences in relation to the personal data subject or otherwise affect the rights and legitimate interests of the subjects, based solely on automated personal data processing. Data that has legal consequences or affects the rights and legitimate interests of the personal data subject are subject to verification by the Operator before their use.
6.7. The Operator does not place the personal data of a personal data subject in public sources without their prior consent.
6.8. The Operator has the right to transfer personal data of personal data subjects to third parties for processing under a mandate agreement, including hosting providers, in compliance with the conditions of confidentiality and the requirements for entrusting the processing of personal data stipulated by the Personal Data Law.
6.9. The Operator processes personal data both with and without the use of automation tools, fulfilling the requirements for automated and non-automated personal data processing stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it.
6.10. For the purposes specified in Section 3 of this Policy, the Operator has the right to perform any actions (operations) or a set of actions (operations), with or without the use of automation tools, stipulated in Clause 3, Part 1, Article 3 of the Personal Data Law, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, anonymization, blocking, deletion, destruction, and transfer (dissemination, provision, access) of personal data to third parties in compliance with measures that ensure the protection of personal data from unauthorized access, to the extent necessary to achieve the purposes of the Consent given by the personal data subject.
6.11. The terms of personal data processing are determined taking into account:
6.12. The term of validity of the personal data subject's consent to the processing of their personal data is determined by the moment the Operator receives a written notification from the personal data subject to withdraw their consent to the processing of personal data.
6.13. Information related to personal data that has become known to the Operator is confidential information and is protected by law.
- the processing of PD is carried out with the consent of the personal data subject to the processing of their personal data;
- the processing of personal data is necessary to achieve the purposes of exercising and performing the functions, powers, and duties assigned to the Operator by the legislation of the Russian Federation;
- the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or a beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor. A contract concluded with a personal data subject may not contain provisions that restrict the rights and freedoms of the personal data subject, establish cases of processing personal data of minors, unless otherwise provided by the legislation of the Russian Federation, or contain provisions that allow the inaction of the personal data subject as a condition for concluding the contract.
6.2. The Operator does not disclose personal data to third parties or disseminate it without the consent of the personal data subject (unless otherwise provided by federal law of the Russian Federation).
6.3. The Operator does not process special categories of personal data concerning racial, ethnic origin, political views, religious or philosophical beliefs, health status, intimate life, or criminal record.
6.4. The Operator does not process biometric personal data containing information that characterizes the physiological and biological features of a person, allowing their identity to be established.
6.5. The Operator does not perform cross-border transfers of personal data.
6.6. The Operator does not make decisions that create legal consequences in relation to the personal data subject or otherwise affect the rights and legitimate interests of the subjects, based solely on automated personal data processing. Data that has legal consequences or affects the rights and legitimate interests of the personal data subject are subject to verification by the Operator before their use.
6.7. The Operator does not place the personal data of a personal data subject in public sources without their prior consent.
6.8. The Operator has the right to transfer personal data of personal data subjects to third parties for processing under a mandate agreement, including hosting providers, in compliance with the conditions of confidentiality and the requirements for entrusting the processing of personal data stipulated by the Personal Data Law.
6.9. The Operator processes personal data both with and without the use of automation tools, fulfilling the requirements for automated and non-automated personal data processing stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it.
6.10. For the purposes specified in Section 3 of this Policy, the Operator has the right to perform any actions (operations) or a set of actions (operations), with or without the use of automation tools, stipulated in Clause 3, Part 1, Article 3 of the Personal Data Law, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, anonymization, blocking, deletion, destruction, and transfer (dissemination, provision, access) of personal data to third parties in compliance with measures that ensure the protection of personal data from unauthorized access, to the extent necessary to achieve the purposes of the Consent given by the personal data subject.
6.11. The terms of personal data processing are determined taking into account:
- the established purposes of personal data processing;
- the duration of contracts with personal data subjects and the consent of personal data subjects to the processing of their personal data;
- the terms defined by the legislation of the Russian Federation on archival matters.
6.12. The term of validity of the personal data subject's consent to the processing of their personal data is determined by the moment the Operator receives a written notification from the personal data subject to withdraw their consent to the processing of personal data.
6.13. Information related to personal data that has become known to the Operator is confidential information and is protected by law.
6.14. The Operator uses the information received from the personal data subject exclusively for the purposes of personal data processing.
7. RIGHTS OF PERSONAL DATA SUBJECTS
7.1. A personal data subject, when deciding to provide their personal data, acts freely, of their own free will, and in their own interest, unconditionally expressing their consent.
7.2. Consent to the processing of personal data can be given personally by the personal data subject or their representative, either in writing or by entering personal data into the fields of the feedback web form on the website.
7.3. Consent to the processing of personal data obtained by acceding to the Consent to Personal Data Processing posted on the Internet at https://sulinadesign.ru/ is considered executed in simple written form.
7.4. A personal data subject has the right to receive information from the Operator concerning the processing of their personal data, unless such right is restricted in accordance with the legislation of the Russian Federation.
7.5. A personal data subject has the right to demand that the Operator clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the declared purpose of processing, and also to take measures provided by law to protect their rights and legitimate interests.
7.6. To obtain this information, the personal data subject can send a written request to the address: Russia, 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31, in the manner established by Article 14 of the Personal Data Law. The request can also be sent to the email address hello@sulinadesign.com in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
7.2. Consent to the processing of personal data can be given personally by the personal data subject or their representative, either in writing or by entering personal data into the fields of the feedback web form on the website.
7.3. Consent to the processing of personal data obtained by acceding to the Consent to Personal Data Processing posted on the Internet at https://sulinadesign.ru/ is considered executed in simple written form.
7.4. A personal data subject has the right to receive information from the Operator concerning the processing of their personal data, unless such right is restricted in accordance with the legislation of the Russian Federation.
7.5. A personal data subject has the right to demand that the Operator clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the declared purpose of processing, and also to take measures provided by law to protect their rights and legitimate interests.
7.6. To obtain this information, the personal data subject can send a written request to the address: Russia, 394088, Voronezh region, Voronezh city, blvd. Pobedy, bldg. 31, in the manner established by Article 14 of the Personal Data Law. The request can also be sent to the email address hello@sulinadesign.com in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
8. ENSURING PERSONAL DATA SECURITY
8.1. The Operator takes necessary and sufficient organizational and technical measures to protect the personal information of the personal data subject from unlawful or accidental access, destruction, modification, blocking, copying, dissemination, as well as from other unlawful actions of third parties, including:
8.2. To prevent unauthorized access to personal data, the Operator has implemented the following requirements for personal data protection:
8.3. In accordance with Government Decree No. 687 of September 15, 2008, persons who process personal data without the use of automation tools are informed of the features and rules for such processing, and local acts establish the locations for storing personal data and the list of persons who process personal data.
- the issuance of local acts on matters of personal data processing and security, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
- the appointment of individuals responsible for PD processing, the implementation of internal control and/or an audit of the compliance of PD processing with legislation, the policy, and local acts of the operator, the assessment of possible harm, and the use of information security tools that have passed the conformity assessment procedure in accordance with the requirements of the legislation of the Russian Federation in the field of information security;
- the detection of unauthorized access incidents;
- the restoration of personal data;
- the establishment of rules for access to personal data;
- the implementation of internal control over the compliance of personal data processing with PD legislation, the operator's policy on personal data processing, and the operator's local acts;
- conducting harm assessment measures in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to personal data subjects in case of violation of PD legislation, and the correlation of said harm with the measures taken by the operator aimed at fulfilling the obligations stipulated by this Federal Law;
- the application of legal, organizational, and technical measures to ensure the security of personal data, including:
- identifying threats to the security of personal data during their processing in personal data information systems;
- applying information security tools that have passed the conformity assessment procedure in the established manner;
- applying information security tools that have passed the conformity assessment procedure and have a function for the destruction of information;
- assessing the effectiveness of measures taken to ensure the security of personal data before the commissioning of the personal data information system.
8.2. To prevent unauthorized access to personal data, the Operator has implemented the following requirements for personal data protection:
- a person responsible for organizing the processing and ensuring the security of personal data has been appointed;
- the safety of personal data carriers is ensured;
- access of personal data subjects to information resources and hardware and software for information processing is differentiated;
- the operation of approved software and/or its components is carried out, and control over its installation and updating is ensured;
- an audit is conducted to verify the compliance of the applied information protection measures with the legislation of the Russian Federation in the field of personal data processing and protection and to assess their effectiveness.
- a regime is organized to ensure the security of the premises in which the information system is located, which prevents the possibility of uncontrolled penetration or presence in these premises of persons who do not have the right to access them;
- a document defining the policy regarding personal data processing and information about the implemented requirements for the protection of personal data is posted on the stand and the website.
8.3. In accordance with Government Decree No. 687 of September 15, 2008, persons who process personal data without the use of automation tools are informed of the features and rules for such processing, and local acts establish the locations for storing personal data and the list of persons who process personal data.
9. FINAL PROVISIONS
9.1. The Operator bears civil, administrative, and other liability for non-compliance with the principles and conditions of personal data processing of natural persons, as well as for the disclosure or unlawful use of personal data in accordance with the legislation of the Russian Federation.
9.2. The Policy is publicly available and is subject to posting on the Operator's official Website, or unlimited access to this document is otherwise ensured.
9.3. The Operator has the right to amend this Policy. The provisions of this Policy are subject to updating in the event of changes in the legislation of the Russian Federation on personal data. The new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy. The current version is permanently available on the page at: https://sulinadesign.ru/policy-privacy.
9.4. This Policy and the relationship between the PD Subject and the Operator arising from the application of the Policy are subject to the law of the Russian Federation.
9.5. The Policy is the property of the Operator.
9.6. The Operator has the right to amend this Policy without the consent of personal data subjects, in particular, Users.
9.7. The new Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.
9.2. The Policy is publicly available and is subject to posting on the Operator's official Website, or unlimited access to this document is otherwise ensured.
9.3. The Operator has the right to amend this Policy. The provisions of this Policy are subject to updating in the event of changes in the legislation of the Russian Federation on personal data. The new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy. The current version is permanently available on the page at: https://sulinadesign.ru/policy-privacy.
9.4. This Policy and the relationship between the PD Subject and the Operator arising from the application of the Policy are subject to the law of the Russian Federation.
9.5. The Policy is the property of the Operator.
9.6. The Operator has the right to amend this Policy without the consent of personal data subjects, in particular, Users.
9.7. The new Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.