PERSONAL DATA PROCESSING POLICY
- General Provisions
This personal data processing policy has been compiled in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, hereinafter referred to as the “Personal Data Law”, and defines the procedures for processing personal data and measures to ensure the security of such data by Joint Stock Company Development Corporation of the Republic of Bashkortostan (TIN 0274153834), located at 450077, Ufa, Republic of Bashkiria, Verkhnetorgovaya Sq., building 6, floor 2, offices 1-6. Hereinafter, the company will be referred to as “Operator”.
1.1 The Operator’s most important goal is to observe human and civil rights and freedoms when processing personal information, including protection of privacy, personal, and family secrets.
1.2 This Operator’s policy regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information that the Operator may receive about visitors to the website https://oezalga.ru/.
- Basic concepts used in the Policy
2.1 Automated processing of personal data – processing of personal information using computer technology.
2.2 Blocking of personal data – temporary termination of processing of personal info (except in cases where it is necessary for clarification).
2.3 Website – a set of graphics and info materials, as well as software and databases that make them available on the internet at https://oezalga.ru/.
2.4 Personal data info system – collection of personal details stored in databases and info technologies and tech tools that ensure their management.
2.5 Depersonalisation of private data – steps that prevent identifying users or other subjects from their personal details without additional info.2.6. Personal data processing – any action (operation) or set of actions performed with or without automation tools on personal data, including collecting, recording, organizing, storing, clarifying (updating, modifying), extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting and destroying personal data.
2.6. Processing of personal data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), de-personalization, blocking, deletion and destruction of personal information.
2.7 Operator – a state body, municipality, legal entity, or individual, either independently or jointly with others, organizing and/or processing of personal data, as well as defining the purposes of data processing, the composition of data to be processed and actions (operations performed on data.
2.8 Personal data – any information directly or indirectly related to a specific identifiable user of the website https://www.oezalga.com/
2.9. Personal data authorized for dissemination by the subject of personal data – personal data that the subject gives consent to disclose to an unlimited number of people.
2.10 A user is any visitor to https://oezalga.ru.
2.11 Provision of personal information – actions aimed at revealing personal information to a specific person or a group of people.
2.12 Dissemination of personal data – any actions aimed at disclosing personal data to an unlimited number of people (transfer of personal data) or making personal data available to an infinite number of people, including disclosing personal information in the media, posting it on information and telecommunications networks, or providing access to it in any other way.
2.13 Cross-border transfer of personal information is the transfer of information to a foreign country to a government agency, an individual, or a legal entity outside the country.
2.14 Destruction of personal data – any actions as a result of which personal data is permanently destroyed, with the inability to further restore the content of the personal data in the personal information system and / or the material carriers of the personal are destroyed.
- Basic rights and obligations of the Operator
3.1. The Operator has the right to:
— receive reliable information and/or documents containing personal data from the subject of personal data;
— if the personal data subject withdraws consent to processing of personal data or sends a request to terminate processing, the Operator can continue processing personal data without consent if there are reasons specified in the law on personal data.
3.2. Operator is obligated to:
— provide the subject with information about processing of their personal data at their request.
— organize the processing of personal data in accordance with the procedures established by the current legislation of the Russian Federation;
— respond to requests and inquiries from personal data subjects and their legal representatives in compliance with the requirements of the Law on Personal Data;
— inform the authorized body for protection of the rights of personal data subjects upon request of this body about the necessary information within 10 days of receipt of the request;
— publish or otherwise make unrestricted access available to this Policy on the processing of personal information;
— take legal, organizational, and technical measures to protect personal information from unauthorized access, destruction, modification, blocking, copying, disclosure, distribution of personal information, as well as other illegal actions related to personal information.
— stop transferring (distributing, providing, accessing) personal data; stop processing and destroying personal data in the manner and in cases provided for by the Law on Personal Data;
— perform other duties as provided by the Law of Personal Data.
- Basic rights and obligations of personal data subjects
4.1 Personal data subjects have the right to:
— receive information regarding the processing of their personal data, except in cases provided for by federal laws. This information is provided to personal data subjects by the Operator in an accessible form and should not contain personal data related to other personal data subjects unless there are legitimate reasons for disclosure of such personal data. The list of information and procedure for obtaining it are established by the Law on Personal Data;
— require the operator to clarify their personal data or block or delete them if they are incomplete, outdated, inaccurate, obtained illegally or are not necessary for the intended purpose of processing. They also have the right, as provided by law, to take measures to protect their rights:
— to put forward the condition of prior consent when processing personal data to promote goods, works, and services on the market;
— to revoke consent for the processing of personal data and send a request to stop the processing;
— appeal to the authority for protection of personal data subject rights or to court against illegal actions or omissions of the operator during personal data processing;
— exercise other rights granted by the legislation of the Russian Federation.
4.2 The subjects of personal data must:
— provide reliable data about themselves to the operator;
— inform the operator about the clarification (update, modification) of their personal data.
4.3 Persons who provide the Operator with false information about themselves or information about other personal data subjects without their consent are liable in accordance with the legislation of the Russian Federation.
- Principles of Personal Data Processing
5.1. The processing of personal data shall be carried out on a legal and fair basis.
5.2. Processing of personal data is limited to achieving specific, predetermined, and legitimate goals. The processing is not permitted if it is incompatible with the purpose of collecting personal data.
5.3. Combining databases containing personal data whose processing is incompatible is prohibited.
5.4 Only personal data relevant to the intended purpose shall be processed.
5.5 The content and amount of processed personal data must correspond to the declared purposes of processing; redundancy of the processed data in relation to these purposes is prohibited.
5.6. When processing personal data, accuracy, sufficiency and, if necessary, relevancy of personal data in relation to the purpose of processing are ensured by the Operator. It takes necessary measures to delete or correct incomplete or inaccurate data.
5.7. Personal data is stored in a way that allows identification of the subject of data for as long as the purposes of processing require, unless a federal law or an agreement between the parties stipulates a different period. Upon completion of the goals of processing or loss of necessity, personal data is deleted or anonymized, unless otherwise specified by federal law.
- Purposes of personal data processing
| Purpose of processing | Providing the user with access to services, information and materials contained on the website. |
| Personal data |
|
| Legal grounds | Federal Law “On Information, Information Technologies and Information Protection”, dated July 27, 2006, No. 149-FZ |
| Types of personal data processing | Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data |
| Purpose of processing | Providing the user with access to services, information and materials contained on the website. |
| Personal data |
|
| Legal grounds | Federal Law “On Information, Information Technologies and Information Protection”, dated July 27, 2006, No. 149-FZ |
| Types of personal data processing | Sending information letters to an email address. |
| Purpose of processing | Collecting information about user actions on the website, improving the quality of the website and its content. |
| Personal data | · Cookie data,
· Information about the user’s browser (or other program that provides access to services), · Technical specifications of hardware and software used by users, · date and time of access to services, · addresses of requested pages |
| Legal grounds | Federal Law “On Information, Information Technologies and Information Protection”, dated July 27, 2006, No. 149-FZ |
| Types of personal data processing | Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data |
- Terms of Personal Data Processing
7.1. Personal data are processed with the consent of the person whose personal data are being processed.
7.2. Personal data processing is necessary to achieve goals provided by an international agreement or law of the Russian Federation, to perform functions, powers, and duties assigned by the legislation to the operator.
7.3. Personal data is processed for the administration of justice and execution of judicial acts, acts of other bodies or officials in accordance with legislation on enforcement proceedings of the Russian federation.
7.4 The processing of personal data is necessary for the execution of an agreement to which a personal data subject is a party, or beneficiary, or guarantor. It is also necessary for the conclusion of an agreement at the initiative of a personal data person or an agreement under which a personal information subject will be a beneficiary or a guarantor.
7.5 The processing of data is needed to exercise the rights and legitimate interests of operators or third parties, or to achieve social goals. At the same time, the rights and freedoms of a data subject should not be violated.
7.6 Personal information is processed if access to it is provided by a personal subject or at his request to an unlimited number of people (hereinafter – publicly available data).
7.7 Data subject to publication or mandatory disclosure under federal law is processed.
- The procedure for collection, storage, transfer, and other types of processing of personal data
The security of personal data processed by the Operator is ensured through implementation of legal, organizational, and technical measures necessary to comply fully with the requirements of current legislation on personal data protection.
8.1 The Operator ensures safety of personal information and takes all reasonable measures to prevent unauthorized access to personal information.
8.2 The User’s personal information will never be shared with third parties under any circumstances except in cases where it is related to compliance with current legislation or the user has consented to sharing the data with a third party for the fulfillment of obligations under a civil agreement.
8.3 In case of inaccuracies in personal data, the user can update them independently by sending a notification to the operator to the operator’s email address infokrrb@bashkortostan.ru, marked “Updating personal data.”
8.4 The period of processing of personal data is determined by the achievement of the purpose for which the personal data was collected, unless a different period is provided in the contract or by current legislation. The user can withdraw his consent to processing personal data at any time by sending an email to the operator via the email address infokrbb@bashkrtostan.
8.5 All information collected by third-party services, including payment systems and communication means, is stored and processed by the Operator in accordance with its User Agreement and Privacy Policy. Operators are not responsible for the actions of third parties.
8.6 Prohibitions on transfer (except access), processing or conditions for processing (except obtaining access) personal data for distribution do not apply to processing of personal data in state, public or other public interests as defined by Russian legislation.
8.7 The Operator ensures confidentiality of personal information while processing personal data.
8.8 The Operator stores personal data in a form that allows determining the subject of personal data for a period no longer than is required for processing personal data, unless the duration of storage is established by federal law or an agreement between the Operator and the subject of the personal data.
8.9 Conditions for termination of processing of personal data may include: achievement of the goals of processing, expiration of consent from the subject, withdrawal of consent, or request to stop processing. Also, unlawful processing may lead to termination.
- List of actions performed by the operator with the received personal data
9.1 The operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distributes, provides access), depersonalizes, blocks, deletes, and destroys personal data.
9.2 The operator performs automated processing of personal data, with or without receiving and / or transmitting the received information through information and telecommunications networks.
9.3 The procedure and grounds for destruction of personal information by the operator are determined by an internal act of the operator, taking into account the requirements set out in the law on personal data.
- Cross-border transfer of personal data
10.1 Prior to the start of cross-border transfer of personal data, the operator is obliged to notify the authorized body responsible for protecting the rights of data subjects about its intention to transfer personal data across borders (such notification is submitted separately from the notice of the intention to process personal data).
10.2 Before submitting this notification, the operator must obtain relevant information from authorities of a foreign country, foreign individuals and legal entities to which the transfer of personal information is planned.
- Confidentiality of Personal Data
The operator and other people who have access to personal information must not disclose or share personal information with third parties without consent of the data subject unless otherwise provided for by federal law.
- Final Provisions
12.1 The User can contact the Operator via email to receive any clarifications on issues related to the processing of their personal data.
12.2 This document will reflect any changes to the policy for the processing of personal data by the Operator. The policy remains valid until it is superseded by a new version.
12.3 The current version of the policy is freely available online at https://en.oezalga.ru/.