1. General Provisions
1.1. This Policy is carried out by IP Umejesi Emeke Collins (hereinafter referred to as the "Organization") in relation to the processing and protection of personal data of individuals (subjects of personal data) on the basis of Article 24 of the Constitution of the Russian Federation and Federal Law N 152-FZ "On Personal Data".
1.2. The Policy applies to all personal data (subjects) that may be obtained by the Organization in the course of its activities, including the Organization's clients.
1.3. The purpose of the Policy is to provide the persons providing their personal data with the necessary information to assess what personal data and for what purposes are processed by the Organization, what methods to ensure their security are implemented.
1.4. The policy ensures the protection of the rights and freedoms of subjects when processing their personal data with or without the use of automation tools, and also establishes the responsibility of persons with access to personal data for failure to comply with the requirements governing the processing and protection of personal data.
1.5. Clients, using the services of the Organization, having informed the Organization of their personal data, including through the mediation of third parties, acknowledge their consent to the processing of personal data in accordance with this Policy.
1.6. Consent to the processing of personal data may be withdrawn by the subject of personal data. If the subject of personal data withdraws consent to the processing of personal data, the operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified by applicable law or, otherwise, refuse to provide the service, if personal data is necessary to provide such services.
1.7. This Policy is subject to change by the Organization.
2. The concept and composition of personal data
2.1. For the purposes of this Policy, personal data means any information relating directly or indirectly to a specific individual (subject of personal data).
2.2. Depending on the subject of personal data, the Organization, in order to carry out its activities and fulfill its obligations, may process personal data of the following categories of subjects:
personal data of an employee of the Organization - information required by the Organization in connection with labor relations and relating to a specific employee.
Client data - information necessary for the Organization to fulfill its obligations under the contractual relationship with the Client and to comply with the requirements of the legislation of the Russian Federation.
personal data of the Client provided during registration on the taplink.ru website, including when the Client makes Orders.
data that is automatically transmitted to the Services in the process of using them using the software installed on the user's device, including IP address, cookie information, information about the user's browser (or other program that accesses the Services), access time , the address of the requested page.
3. Grounds and purposes of personal data processing
3.1. The Organization processes personal data in order to carry out its activities, including the provision of services to Clients. The organization has the right:
process the Client's personal data without obtaining the written consent of the subject of personal data in accordance with Article 6. Clause 1. Clause 5 of the Federal Law "On Personal Data", because the processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor.
to carry out the functions assigned to the Organization by the legislation of the Russian Federation in accordance with the Federal Law "On Personal Data" and other laws and regulations of the Russian Federation, as well as the Charter and regulations of the Organization;
collect and store the personal data of the Client necessary for the provision of services, the execution of agreements and contracts, the fulfillment of obligations to the Client.
3.2. The Organization may use the Client's personal data for the following purposes:
provision of services to the Client;
identification of the Client within the framework of agreements;
communication with the Client, if necessary, including sending offers, notifications, information and requests, both related and not related to the provision of services, as well as processing applications, requests and applications of the Client;
improving the quality of services provided by the Company;
targeting advertising materials;
conducting statistical and other research based on depersonalized data;
4. Terms of personal data processing
4.1. The terms for processing personal data are determined based on the purposes of processing in the information systems of the Organization, in accordance with the term of the contract, agreement with the subject of personal data.
5. The circle of persons admitted to the processing of personal data
5.1. To achieve the objectives of Article 3 of this Policy, only those employees of the Organization who are entrusted with such an obligation in accordance with their official (labor) duties are allowed to process personal data. Access to other employees may only be granted in cases provided for by law. The organization requires its employees to maintain confidentiality and ensure the security of personal data when they are processed.
5.2. The organization has the right to transfer personal data to third parties in the following cases:
The subject of personal data has expressly expressed his consent to such actions, including:
when providing services to Clients, he accepted the terms of the public contract-offer;
The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law;
At the same time, all obligations to comply with the conditions for ensuring the security of personal data in accordance with the current legislation of the Russian Federation and international agreements in relation to the data received by him are transferred to the acquirer.
6. Personal data processing methods
6.1. In the process of providing services, in the implementation of on-farm activities, the Organization uses automated and non-automated processing of personal data.
7. Implementation of personal data protection
7.1. The activities of the Organization for the processing of personal data in information systems are inextricably linked with the protection by the Organization of the confidentiality of the information received. All employees of the Organization are obliged to ensure the confidentiality of personal data, as well as other confidential information established by the Organization, unless this contradicts the current legislation of the Russian Federation.
7.2. The security of personal data during their processing in the information systems of the Organization is ensured using the information security system.
7.3. The exchange of personal data during their processing in the personal data information system is carried out through secure communication channels.
7.4. When processing personal data in the personal data information system of the Organization, the following is provided:
taking measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information;
application of firewalling;
physical protection of premises and technical means that allow the processing of personal data;
timely detection of facts of unauthorized access to personal data;
prevention of physical impact on the technical means of automated workplaces, as a result of which their functioning may be disrupted;
the possibility of immediate recovery of personal data modified and destroyed due to unauthorized access to them;
constant anti-virus control;
constant analysis of the security of personal data;
use of security attributes;
control of the integrity of the software environment for processing personal data;
other means and measures in accordance with the current legislation.