+7 (800) 351-19-01
Main
Personal Data Processing Policy

Personal Data Processing Policy

1. General provisions

This personal data processing policy has been drawn up in accordance with the requirements of the Constitution of the Russian Federation, the Labor Code of the Russian Federation, Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 No. 149-FZ, Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" and defines the procedure for processing personal data and measures to to ensure the security of personal data of The Centre of Technical Equipment LLC (hereinafter referred to as the Operator).

  1. The operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets.
  2. This Operator's Personal Data Processing Policy (hereinafter referred to as the Policy) applies to all information that the Operator may receive about website visitors https://centr-to.com.
  3. The provisions of the Policy serve as the basis for the development of local regulations governing the processing of personal data of employees of The Centre of Technical Equipment LLC and other subjects of personal data in The Centre of Technical Equipment LLC.

2. Basic concepts used in the Policy

  1. Automated personal data processing is the processing of personal data using computer technology;
  2. Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data);
  3. A website is a collection of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at a network address https://centr-to.com;
  4. Personal data information system is a set of personal data contained in databases and information technologies and technical means that process them;
  5. Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific User or another personal data subject without using additional information;
  6. Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
  7. Operator – a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
  8. Personal data is any information related directly or indirectly to a specific or identifiable User of the Website https://centr-to.com;
  9. A user is any visitor to a website https://centr-to.com;
  10. Providing personal data is an action aimed at disclosing personal data to a specific person or a specific group of people;
  11. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;
  12. Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
  13. Destruction of personal data – any actions as a result of which personal data is permanently destroyed with the impossibility of further restoring the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

3. Basic rights and obligations of the Operator

The operator has the right to:

  1. Receive reliable information and/or documents containing personal data from the personal data subject;
  2. If the personal data subject withdraws consent to the processing of personal data, as well as sending a request to terminate the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject, provided there are grounds specified in the Personal Data Act.;
  3. Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.

The operator must:

  1. To provide the personal data subject, upon his request, with information related to the processing of his personal data;
  2. Organize the processing of personal data in accordance with the procedure established by the current legislation of the Russian Federation;
  3. Respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Act;
  4. To inform the authorized body for the protection of the rights of personal data subjects at the request of this body of the necessary information within 10 days from the date of receipt of such request;
  5. To publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
  6. Take legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data;
  7. Stop transferring (distributing, providing, accessing) personal data, stop processing and destroy personal data in accordance with the procedure and cases provided for by the Law on Personal Data;
  8. Perform other duties stipulated by the Law on Personal Data.

4. Basic rights and obligations of personal data subjects

Subjects of personal data have the right to:

  1. receive information regarding the processing of his personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
  2. to require the operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take legal measures to protect their rights;
  3. to put forward a condition of prior consent when processing personal data in order to promote goods, works and services on the market;
  4. to revoke consent to the processing of personal data, as well as to send a request to terminate the processing of personal data;
  5. to appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or omissions of the Operator during the processing of his personal data;
  6. to exercise other rights provided for by the legislation of the Russian Federation.

The subjects of personal data are obliged to:

  1. provide the Operator with reliable personal information;
  2. inform the Operator about the clarification (updating, modification) of your personal data.

Persons who have provided the Operator with false information about themselves or information about another personal data subject without the latter's consent are liable in accordance with the legislation of the Russian Federation.

5. The Operator may process the following personal data of the User

  1. Last name, first name, patronymic;
  2. Phone number;
  3. Email address;
  4. Also on site is the collection and processing of anonymous data about visitors (including cookies) using Internet statistics (Yandex Metricа and Google Analytics and others).
  5. The above data is further combined in the text of the Policy by the general concept of Personal Data.

6. Purposes of personal data processing

  1. The purpose of processing the User's personal data is to inform the User by sending emails; to provide the User with access to the services, information and/or materials contained on the website.
  2. The Operator also has the right to send notifications to the User about new products and services, special offers and various events. The User can always refuse to receive information messages by sending an email to the Operator at the following email address: sale@centr-to.ru marked "Disclaimer of notifications about new products and services and special offers".
  3. Anonymized User data collected using Internet statistics services is used to collect information about User actions on the site, improve the quality of the site and its content.
  4. Compliance with the requirements of the legislation on determining the procedure for processing and protecting personal data of citizens who are clients or counterparties of The Centre of Technical Equipment LLC (hereinafter referred to as personal data subjects).
  5. For other purposes.

7. Legal grounds for personal data processing

Personal data is processed on the basis of the following federal laws and regulations:

  1. The Constitution of the Russian Federation.
  2. Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
  3. Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 N 149-FZ.
  4. Resolution No. 1119 of November 1, 2012 on the approval of requirements for the protection of personal data during their processing in personal data information systems.
  5. Order No. 55 of the FSTEC of Russia, No. 86 of the FSB of Russia, and No. 20 of the Ministry of Information and Communications of Russia dated February 13, 2008 "On Approval of the Procedure for Classifying Personal Data Information Systems".
  6. FSTEC of Russia Order No. 21 dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems".
  7. Roskomnadzor Order No. 996 dated September 05, 2013 "On Approval of Requirements and methods for depersonalization of personal data".
  8. Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.

8. The procedure for collecting, storing, transferring and other types of personal data processing

The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.

  1. The Operator processes the User's personal data only if it is filled in and/or sent by the User independently through special forms located on the website https://centr-to.com. By filling out the appropriate forms and/or sending their personal data to the Operator, the User agrees with this Policy.
  2. The Operator processes depersonalized User data if this is allowed in the User's browser settings (the storage of cookies and the use of JavaScript technology are enabled).
  3. The operator ensures the safety of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.
  4. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of current legislation.
  5. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator's email address sale@centr-to.ru marked "Updating personal data".
  6. The period of processing personal data is unlimited. The User can revoke his consent to the processing of personal data at any time by sending an e-mail notification to the Operator's e-mail address sale@centr-to.ru marked "Withdrawal of consent to the processing of personal data".

9. Cross-border transfer of personal data

  1. Prior to the start of the cross-border transfer of personal data, the operator must ensure that the foreign State into whose territory the transfer of personal data is to be carried out ensures reliable protection of the rights of personal data subjects.
  2. The cross-border transfer of personal data on the territory of foreign states that do not meet the above requirements can only be carried out if the personal data subject agrees in writing to the cross-border transfer of his personal data and/or the execution of a contract to which the personal data subject is a party.

10. Final provisions

  1. The User can receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator via e-mail sale@centr-to.ru.
  2. This document will reflect any changes to the Operator's personal data processing policy. The policy is valid indefinitely until it is replaced by a new version.
  3. The current version of the Policy is freely available on the Internet at the following address https://centr-to.com/policy.