Privacy policy
Policy of processing and protection of personal data by the Limited Liability Company "SEC" (as amended on May 15, 2018)
Table of contents:
General provisions
Terms and definitions
Purposes of personal data processing
Data to be processed
Grounds for personal data processing
Principles and conditions of personal data processing
Storage and protection of personal data
Transfer of personal data
Rights of personal data subjects
Final provisions
1. General provisions
The purpose of this document, approved for execution by Order No. 1-PD of the SEC Limited Liability Company (TIN: 5258135690; KPP: 525743001; OGRN: 1037739042912; address (location): 603076, region. Nizhny Novgorod, Nizhny Novgorod, Lenin Avenue, 48, room P1) (hereinafter referred to as SEC LLC) is the declaration and definition of SEC LLC's policy in the field of personal data processing and protection (hereinafter referred to as the Policy).
This personal data processing and protection policy is aimed at protecting the rights and interests of personal data subjects, including protecting personal data from unauthorized access, misuse or loss, and protecting human rights and freedoms when processing personal data, including protecting the rights to privacy, personal and family secrets.
This Policy provides the following basic information about personal data processing processes:
- principles and conditions of personal data processing;
- purposes of personal data processing;
- grounds for processing personal data;
- the procedure for processing personal data;
- conditions for the transfer of personal data to third parties;
- information about the organization of access to personal data;
- measures to respect the legitimate rights of personal data subjects;
- measures to ensure the security of personal data.
This Policy complies with the requirements applicable by the legislation of the Russian Federation, including, but not limited to, the requirements of the following legislative acts:
- The Constitution of the Russian Federation;
- The Civil Code of the Russian Federation;
- Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";
- Council of Europe Convention on the Protection of Natural Persons with regard to Automated Processing of Personal Data (Strasbourg, January 28, 1981);
- Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection";
- Federal Law of the Russian Federation of March 13, 2006 No. 38-FZ "On Advertising";
- Order No. 21 of the Federal Service for Technical and Export Control of the Russian Federation dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to ensure the Security of Personal Data during their Processing in Personal Data Information Systems."
This Policy is mandatory for review and execution by all persons authorized to process personal data in the personal data information system.
The current version of the Policy is stored at the location of SEC LLC, sales offices and divisions of SEC LLC, and is also posted on the website located on the Internet at: https://ворота-саксэс.рф/pdn - in the public domain and comes into force from the moment of approval by the order of the limited liability Company "SEC" and placement, unless otherwise provided by the new version of the Policy.
This Policy may be supplemented by separate conditions for the collection, processing and protection of personal data of individuals in separate regulatory documents published by the Limited Liability Company "SEC". In this case, these documents will contain information that these provisions complement this Policy.
2. Terms and definitions
In order to provide a uniform and unambiguous interpretation of the terms of this personal data processing and protection policy, the following meanings and definitions of terms and concepts used in the personal data processing and protection policy have been established:
The Policy is a document defining the policy of the Limited Liability Company "SEC" regarding the processing and protection of personal data.;
Personal data is any information related directly or indirectly to a specific or identifiable natural person, which makes it possible to uniquely identify this individual.;
Operator — a state body, municipal body, legal entity or individual, individual entrepreneur, independently or jointly with other persons organizing and (or) carrying out the collection and (or) processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data with data. In accordance with this Policy, the operator is the limited liability company SPK (TIN: 5258135690; KPP: 525743001; OGRN: 1037739042912; address (location): 603076, region. Nizhny Novgorod, Nizhny Novgorod, Lenin Avenue, 48, room P1);
Partner — a third party with whom the Operator is in a civil law relationship and who processes the personal data subject's data within the framework established by such civil law relations and ensures the independent protection of the personal data received, or a third party with whom the personal data subject is in a legal relationship.;
Cross—border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.;
Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated personal data processing is the processing of personal data using computer technology;
Use of personal data — actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences with respect to the personal data subject or other persons or otherwise affecting the rights and freedoms of the personal data subject or other persons;
Dissemination of personal data — actions aimed at the transfer of personal data to a certain circle of persons (transfer of personal data) or to familiarize with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
Blocking of personal data is the temporary cessation of the collection, systematization, accumulation, use, dissemination of personal data, including their transfer;
Destruction of personal data — actions as a result of which it is impossible to restore the content of personal data in the personal data information system or as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific subject without using additional information.;
Publicly available personal data is personal data to which an unlimited number of persons have access with the consent of the subject or which, in accordance with federal laws, is not subject to confidentiality requirements.;
The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.;
A personal data subject is an individual who is directly or indirectly identified or identified using personal data.;
Confidentiality of information is a mandatory requirement for a person who has access to certain information not to transfer such information to third parties without the consent of the personal data subject.;
Localization is the use of databases located on the territory of the Russian Federation in the processing of personal data.;
A database is an objective form of presentation and organization of a set of data, systematized in such a way that this data can be found and processed using information technologies and computer equipment located on a server (computer);
Website — a website (a collection of web pages) located on the Internet at the following web address: https://ворота-саксэс.рф/pdn /, representing a set of data and commands, as well as reproducible audiovisual displays, activated sequentially by the personal data subject to obtain a result;
Cookies are text files placed on the device that the personal data subject uses to access the Website. They contain information that is collected from the device and sent back to the software product each time they are visited.;
A computer device is a mobile device or personal computer running operating systems and allowing information to be processed and transmitted.
3. Purposes of personal data processing
The Operator processes personal data of personal data subjects exclusively for the following purposes defined by this Policy:
Ensuring the functioning of the Operator's information systems and the fulfillment of civil law obligations:
Table of contents:
General provisions
Terms and definitions
Purposes of personal data processing
Data to be processed
Grounds for personal data processing
Principles and conditions of personal data processing
Storage and protection of personal data
Transfer of personal data
Rights of personal data subjects
Final provisions
1. General provisions
The purpose of this document, approved for execution by Order No. 1-PD of the SEC Limited Liability Company (TIN: 5258135690; KPP: 525743001; OGRN: 1037739042912; address (location): 603076, region. Nizhny Novgorod, Nizhny Novgorod, Lenin Avenue, 48, room P1) (hereinafter referred to as SEC LLC) is the declaration and definition of SEC LLC's policy in the field of personal data processing and protection (hereinafter referred to as the Policy).
This personal data processing and protection policy is aimed at protecting the rights and interests of personal data subjects, including protecting personal data from unauthorized access, misuse or loss, and protecting human rights and freedoms when processing personal data, including protecting the rights to privacy, personal and family secrets.
This Policy provides the following basic information about personal data processing processes:
- principles and conditions of personal data processing;
- purposes of personal data processing;
- grounds for processing personal data;
- the procedure for processing personal data;
- conditions for the transfer of personal data to third parties;
- information about the organization of access to personal data;
- measures to respect the legitimate rights of personal data subjects;
- measures to ensure the security of personal data.
This Policy complies with the requirements applicable by the legislation of the Russian Federation, including, but not limited to, the requirements of the following legislative acts:
- The Constitution of the Russian Federation;
- The Civil Code of the Russian Federation;
- Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";
- Council of Europe Convention on the Protection of Natural Persons with regard to Automated Processing of Personal Data (Strasbourg, January 28, 1981);
- Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection";
- Federal Law of the Russian Federation of March 13, 2006 No. 38-FZ "On Advertising";
- Order No. 21 of the Federal Service for Technical and Export Control of the Russian Federation dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to ensure the Security of Personal Data during their Processing in Personal Data Information Systems."
This Policy is mandatory for review and execution by all persons authorized to process personal data in the personal data information system.
The current version of the Policy is stored at the location of SEC LLC, sales offices and divisions of SEC LLC, and is also posted on the website located on the Internet at: https://ворота-саксэс.рф/pdn - in the public domain and comes into force from the moment of approval by the order of the limited liability Company "SEC" and placement, unless otherwise provided by the new version of the Policy.
This Policy may be supplemented by separate conditions for the collection, processing and protection of personal data of individuals in separate regulatory documents published by the Limited Liability Company "SEC". In this case, these documents will contain information that these provisions complement this Policy.
2. Terms and definitions
In order to provide a uniform and unambiguous interpretation of the terms of this personal data processing and protection policy, the following meanings and definitions of terms and concepts used in the personal data processing and protection policy have been established:
The Policy is a document defining the policy of the Limited Liability Company "SEC" regarding the processing and protection of personal data.;
Personal data is any information related directly or indirectly to a specific or identifiable natural person, which makes it possible to uniquely identify this individual.;
Operator — a state body, municipal body, legal entity or individual, individual entrepreneur, independently or jointly with other persons organizing and (or) carrying out the collection and (or) processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data with data. In accordance with this Policy, the operator is the limited liability company SPK (TIN: 5258135690; KPP: 525743001; OGRN: 1037739042912; address (location): 603076, region. Nizhny Novgorod, Nizhny Novgorod, Lenin Avenue, 48, room P1);
Partner — a third party with whom the Operator is in a civil law relationship and who processes the personal data subject's data within the framework established by such civil law relations and ensures the independent protection of the personal data received, or a third party with whom the personal data subject is in a legal relationship.;
Cross—border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.;
Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated personal data processing is the processing of personal data using computer technology;
Use of personal data — actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences with respect to the personal data subject or other persons or otherwise affecting the rights and freedoms of the personal data subject or other persons;
Dissemination of personal data — actions aimed at the transfer of personal data to a certain circle of persons (transfer of personal data) or to familiarize with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
Blocking of personal data is the temporary cessation of the collection, systematization, accumulation, use, dissemination of personal data, including their transfer;
Destruction of personal data — actions as a result of which it is impossible to restore the content of personal data in the personal data information system or as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific subject without using additional information.;
Publicly available personal data is personal data to which an unlimited number of persons have access with the consent of the subject or which, in accordance with federal laws, is not subject to confidentiality requirements.;
The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.;
A personal data subject is an individual who is directly or indirectly identified or identified using personal data.;
Confidentiality of information is a mandatory requirement for a person who has access to certain information not to transfer such information to third parties without the consent of the personal data subject.;
Localization is the use of databases located on the territory of the Russian Federation in the processing of personal data.;
A database is an objective form of presentation and organization of a set of data, systematized in such a way that this data can be found and processed using information technologies and computer equipment located on a server (computer);
Website — a website (a collection of web pages) located on the Internet at the following web address: https://ворота-саксэс.рф/pdn /, representing a set of data and commands, as well as reproducible audiovisual displays, activated sequentially by the personal data subject to obtain a result;
Cookies are text files placed on the device that the personal data subject uses to access the Website. They contain information that is collected from the device and sent back to the software product each time they are visited.;
A computer device is a mobile device or personal computer running operating systems and allowing information to be processed and transmitted.
3. Purposes of personal data processing
The Operator processes personal data of personal data subjects exclusively for the following purposes defined by this Policy:
Ensuring the functioning of the Operator's information systems and the fulfillment of civil law obligations: