Privacy policy for the handling of personal user data
1. Terms and definitions
Personal data — any information related to an individual (User) identified or determined on the basis of such information. In other words, such information, in particular, can include any information provided by the user: last name, first name, patronymic, phone number, email address, as well as other information.
Processing of personal data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access) depersonalization, blocking, deletion, or destruction of personal data. At the same time, the transfer is carried out in accordance with the legal requirements of the authorized bodies or in accordance with the terms of the contract, upon signing which the User gives his consent to such processing.
Confidentiality of personal data — a mandatory requirement for employees of the Company who are allowed to process personal data of users to comply with the rules of their processing, storage, and not allow their dissemination without the consent of the subject or other legal grounds, as well as ensuring the necessary security regime for the user’s personal data by the Company.
Use of personal data — actions (operations) with personal data aimed at identifying the User in order to provide access to the Site and obtain confirmation of the accuracy of the information provided by the User. Destruction of personal data — actions that make it impossible to restore the content of personal data in the Company’s automated customer registration and accounting system, or destruction of tangible personal data carriers. Data destruction is carried out in relation to Customers with whom there are no valid contracts and the period of storage of their data has expired, or at the request of the Customer who withdraws his consent to the processing of personal data.
Information — information (messages, data) regardless of the form of their presentation.
Company — a legal entity that is the owner of the Website-JSC ” Development Corporation of the Republic of Bashkortostan; TIN 0274153834; OGRN 1110280005110.
Website — a website located at https://oezalga.ru /
Publicly available personal data — personal data that an unlimited number of people have access to with the consent of the subject or that, in accordance with federal laws, are not subject to the requirement of confidentiality.
Operator — A Company that processes personal data of users of the Site in order to respond to User requests through the feedback form on the Site, as well as determines the purposes of processing personal data, the composition of personal data, actions (operations) performed with personal data, the procedure for storing and destroying personal data of users.
User — a Site user. The User is the subject of personal data upon filling out the form on the Site in accordance with the established procedure.
A cookie is a small piece of data that is sent by the website server and stored on the User’s device. It is used to store certain data about you, such as any settings and preferences.
2. General provisions
2.1. This Privacy Policy for working with personal data of site users https://oezalga.ru/ owned by JSC “Development Corporation of the Republic of Bashkortostan” (hereinafter-the Privacy Policy), developed in accordance with paragraph 2, Part 1, Article 18.1. of Federal Law 152-FZ “On Personal Data”. The Privacy Policy defines the procedure and conditions for processing personal data, is aimed at protecting the rights and freedoms of a person and citizen when processing their personal data and measures to ensure personal data, namely all information that the Operator can receive about the User when the latter fills out the feedback form on the Operator’s Website.
2.2. Information on personal data processing
The Operator processes personal data on a legal and fair basis in order to perform the functions, powers and duties assigned by law, exercise the rights and legitimate interests of the Operator, employees of the Operator and third parties. The Operator receives personal data directly provided by the User.
2.3. Information about the terms of use of the site
2.3.1. Users ‘ use of the Operator’s site and provision of their personal data to the Operator means their unconditional consent to this Policy and the terms of processing of the User’s personal data.
2.3.2. In case of disagreement with the terms of the Policy, the User must stop using the Operator’s website.
2.3.3. The Operator collects, uses and protects personal data that the User provides to the Operator when using the Operator’s website (hereinafter referred to as the” Site”) from any device and when communicating with the Operator in any form, in accordance with this Policy.
2.3.4. The Operator does not verify the accuracy of personal data provided by the User to the Site.
3. Main provisions
3.1. Subject of the Policy
3.1.1. This Policy sets out the Operator’s obligations for non-disclosure and ensuring the confidentiality of personal data.
3.1.2. Personal data allowed for processing under this Policy is provided by the User by filling out feedback forms in the Operator’s software module on the Site:
3.1.2.1. the User’s last name, first name, patronymic (including separately and in case of changes);
3.1.2.2. the User’s contact phone number;
3.1.2.3. e-mail address (e-mail)
3.1.2.4. IP addresses, cookies (cookies);
3.1.2.5. as well as any other information related to the User’s identity that the User wishes to leave on the Site, including, but not limited to: details of the identity document and other documents submitted by the User, citizenship, date of birth place of birth, registration address, actual place of residence, link to your personal website and social media profile, information about your profession, place of work, position, education and income, and other personal information.
3.1.3. Personal data entered by the User in the feedback form is automatically transmitted to the Operator.
3.1.4. Any other personal information not specified above is subject to safe storage and non-distribution, except in cases stipulated by the current legislation of the Russian Federation.
3.2. Principles of personal data
processing The processing of personal data by the Operator is carried out on the basis of the following principles:
3.2.1. legality and fair basis;
3.2.2. limiting the processing of personal data to achieve specific, pre-defined and legitimate goals;
3.2.3. preventing the processing of personal data that is incompatible with the purposes of personal data collection;
3.2.4.
3.2.5. processing only those personal data that meet the purposes of their processing;
3.2.6. compliance of the content and scope of the processed personal data with the stated purposes of processing;
3.2.7. prevention of processing of personal data that is redundant in relation to the stated purposes of their processing;
3.2.8. ensuring that the content and scope of the processed personal data correspond to the stated purposes of processing; accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
3.2.9. destruction or depersonalization of personal data upon achieving the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate the violations of personal data committed, unless otherwise provided by federal law.
3.3. Conditions for personal data processing
The Operator processes personal data if at least one of the following conditions is met:
3.3.1. personal data processing is carried out with the User’s consent to the processing of their personal data;
3.3.2. personal data processing is necessary to achieve the goals of performing and fulfilling the functions, powers and responsibilities assigned to the operator by the legislation of the Russian Federation;
3.3.3. the processing of personal data is necessary for the performance of a contract to which the User is a party, concluded on the User’s initiative;
3.3.4. the processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that the rights and freedoms of the User are not violated;
3.3.5. the processing of personal data is carried out data subject to publication or mandatory disclosure in accordance with federal law.
3.4. Purposes
of collecting personal data The Operator may use the User’s personal data for the following purposes:
3.4.1. establishing feedback with the User, including sending notifications, requests, providing services, processing requests and requests from the User.
3.4.2. providing the User with effective customer and technical support in case of problems related to the use of the Site.
3.4.3. consideration of the application for the purpose of studying the issue of the possibility of placing production, etc.
3.5. Methods and terms of personal data processing
3.5.1. The User’s personal data is processed without any time limit, in any legal way, including in personal data information systems using automation tools or without using such tools.
3.5.2. The User agrees that the Operator has the right to transfer personal data to third parties authorized by the Company to: processing of personal data on the basis of a contract.
3.5.3. The User’s personal data may be transferred to the authorized state authorities of the Russian Federation only on the grounds and in accordance with the procedure established by the legislation of the Russian Federation.
3.5.4. The Operator takes the necessary organizational and technical measures to protect the User’s personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties
. 3.5.5. The User’s consent may be revoked by submitting a written application to the Operator indicating the data specified in Article 14 of the Law “On Personal Data Protection”. personal data”.
3.6. Confidentiality of personal data
3.6.1. The Operator uses the information received from the User exclusively for the purposes specified in clause 3.4 of this Policy.
3.6.2. Ensure that confidential information is kept secret, not disclosed without the User’s prior written permission, as well as not to sell, exchange, publish, or otherwise disclose the User’s transferred personal data, except in cases stipulated by the legislation of the Russian Federation.
3.6.3. Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure usually used to protect this type of information in the existing business environment.
3.6.4. Block personal data related to the relevant User from the moment of application or request of the User, or his legal representative or authorized body for the protection of Users ‘ rights for the period of verification, in case of detection of unreliable personal data or illegal actions.
3.7. Cookies
3.7.1. Cookies are used to analyze usage data and information of interest to the User.
3.7.2. To provide map search functionality, the Operator’s website uses the external Yandex Maps mapping service, which is embedded on the site’s pages. Yandex may collect the following categories of personal information about the User when using the Operator’s website/services:
– geolocation information —
– electronic data (HTTP headers, IP address, cookies, web beacons/pixel tags, browser ID data, hardware and software information);
— date and time of access to the Operator’s website/services. Yandex also uses cookies and web beacons (including pixel tags) to collect personal information and link such personal information to the User’s device and web browser.
3.7.3.The Operator’s website uses the web analytics services Yandex.Metrica and Google Analytics to recognize user preferences, as well as sections of the Operator’s site that are particularly popular. This allows the Operator to more purposefully build the content of pages in accordance with the interests and requests of the User, improving the quality of the content offered. Yandex processes the received information to evaluate the User’s use of the site, compile reports on site activity for the Operator, and provide other services. Yandex processes information in accordance with the procedure set out in the Yandex.Metrica terms of use. Google Analytics allows us to collect and analyze information about how Users interact with the Operator’s website. Cookies are also used when it is received.
4. User Rights
4.1. The User, when making a decision to provide his personal data, acts freely, voluntarily and in his own interest, unconditionally expressing his consent.
4.2. The User has the right to receive information from the Operator regarding the processing of personal data, if such right is not restricted in accordance with the legislation of the Russian Federation. The User has the right to request the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.
5. Ensuring the security of personal data
5.1. The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation in the field of personal data protection.
5.2. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
5.2.1 appointing officials responsible for organizing the processing of personal data;
5.2.2 limiting the number of persons who have access to personal data; issuing internal regulatory documents of the Operator on ensuring the protection of personal data and their processing, as well as establishing procedures, aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating their consequences;
5.2.3 familiarizing those responsible for organizing the processing of personal data with the requirements of federal legislation and internal regulatory documents of the Operator for processing personal data; organization of accounting, storage and circulation of information carriers;
5.2.4 differentiation of users ‘ access to information resources and software and hardware means of information processing;
5.2.5 registration and recording of actions of users of personal data information systems; use of anti-virus tools and means of restoring the personal data protection system;
5.2.6 organization of a restricted access mode to personal data processing premises on the Operator’s territory.
5.3. The Operator is not liable in case of loss or disclosure of the User’s personal data, if they:
5.3.1. became public before their loss or disclosure by the Operator;
5.3.2. were received by the Operator from a third party before their transfer to the Operator by the User;
5.3.3.were disclosed with the User’s consent.
6. Dispute
Resolution 6.1. Before applying to the court with a claim for disputes arising from the relationship between the Site User and the Operator, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
6.2. The recipient of the claim, within 30 (thirty) calendar days from the date of receipt of the claim, notifies the claim applicant in writing of the results of the claim review.
6.3.The current legislation of the Russian Federation applies to this Policy and the relations between the User and the Operator.
7. Additional conditions
7.1. All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
7.2. The Operator has the right to make changes to this Policy without the User’s consent.
7.3. The new version of the Policy comes into force from the moment it is posted on the Site.