The Privacy and Personal Data Processing Policy (hereinafter referred to as the Policy) applies to all information that EP Lobanov M.A. (hereinafter the Administrator) may receive about third parties using the site at the Internet address www.tovga.ru
Using the Site means the User's unconditional consent to this Policy and the conditions for processing his personal information specified in it, in case of disagreement with these conditions, the User must refrain from using the Site.1. TERMS AND DEFINITIONS
1.1. In this Policy and the resulting or related relations between the Parties, the following terms and definitions apply:
Administrator – individual entrepreneur Lobanov M.A., who owns and administers the Site with the domain name www.tovga.ru
Website – an electronic resource hosted on the Internet under the domain name www.tovga.ru.
Agreement-offers – an agreement (public offer) for compensation legal services provision, posted on the Site, containing an offer addressed to one or several people, expressed via advertising or in any other way, which quite clearly expresses the intention of the person who made such an offer to consider himself to have entered into an agreement with the User who will accept this offer by paying for services via the Site.
Personal data – information about the User, directly or indirectly related to him, stored by the Administrator in any form and available to him, meeting the sign of sufficiency to identify a particular User, both by itself and in combination with other information.
Processing of personal data – any actions (operations) with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of personal data.
Provision of personal data – actions aimed at the transfer of personal data to a certain circle of people, in particular to the partners of the Administrator (transfer of personal data).
Use of personal data – actions that give rise to legal consequences for the subjects of Personal data, expressed in the commission of the Administrator or third parties who have gained access to them without the consent of the subject of Personal data to make decisions or perform other actions that in any other way affect the rights and freedoms the subject of Personal data or other people.
Confidentiality of personal data – the institution of non-dissemination of Personal data by the Administrator or third parties who have gained access to them without the consent of the subject of Personal data, which is generally binding on the Administrator and other people dealing with personal data.
2.2. This Policy establishes the procedure for processing the User's personal data.
2.3. This Policy has been developed to ensure the protection of the rights and freedoms of a person and citizen during the processing of his Personal Data.
2.6. The Administrator is a person who independently or jointly with other people organizes and/or carries out the Processing of Personal Data, as well as determines the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data. The provision of Personal Data is carried out by the User using the Site and (or) via telephone services, e-mail using their own information and technical means of data transmission.
2.7. The User confirms that he independently decides on the provision of his personal data and agrees to their processing freely, by his own will and in his own interest. Acceptance of the terms of this Policy by the User is consent to the Processing of personal data. The User confirms that the consent to the Processing of personal data is specific, informed and conscious.
2.8. The Administrator has the right to send information, including advertising messages, brochures, probes and other promotional material to the User's e-mail and mobile phone with his consent, expressed by performing actions that uniquely identify this subscriber and allow him to reliably establish his will to receive the message. The User has the right to refuse to receive advertising and other information without explaining the reasons for the refusal by informing the Administrator of his refusal by sending an appropriate application using the feedback service installed on the Site. Service messages informing the User about the order of the Administrator's services and the stages of its processing and execution are sent automatically and cannot be rejected by the User.
2.10. Personal data cannot be used for causing property and moral harm to citizens, making it difficult to exercise the legal rights and freedoms of a person and a citizen. 3. STRUCTURE AND OBTAINING OF THE USER'S PERSONAL DATA
- personal data (last name, first name, patronymic, etc.);
- E-mail address;
- passport data;
- registration address;
- residence address;
- phone number;
- bank details, if it is necessary to return the money paid;
3.2. The Administrator has the right to use "Cookies" technology. "Cookies" do not contain confidential information and are not transferred to third parties.
3.3. The Administrator receives information about the visitor's IP to the Site and information about the link from which website the visitor came from. This information is not used to identify the visitor.
3.4. The Administrator receives all personal data of the User directly from the User or his representative. In case of obtaining consent to the Processing of personal data from a representative of the subject of personal data, the Administrator checks the authority of this representative to give consent to the Processing of personal data on behalf of the subject of Personal data. 4. PROCESSING AND STORAGE OF THE USER'S PERSONAL DATA
4.1. The processing of personal data in the interests of the User consists in obtaining, systematizing, accumulating, storing, clarifying (updating, changing), using, providing, depersonalizing, blocking, destroying and protecting against unauthorized access.
4.3. The processing of the User's personal data is carried out by the method of mixed processing.
4.4. The processing of the User's personal data can only be accessed by people authorized by the Administrator to work with the User's personal data and who have signed the Non-Disclosure Agreement for the User's personal data.
4.5. The list of people having access to the User's personal data is determined by the Administrator's order.
4.6. The storage of personal data should be carried out in a form that allows to determine the subject of personal data, no longer than required by the purposes of the Processing of personal data. The processed personal data is subject to destruction or depersonalization upon achievement of the purposes of processing or in case of loss of the need to achieve these purposes. 5. USE AND TRANSFER OF USER'S PERSONAL DATA
5.2. When transferring the User's personal data, the Administrator must comply with the following requirements:
- warn people receiving the User's personal data that these data can only be used for the purposes for which they are reported, and require these people to confirm that this rule has been observed. People receiving the User's personal data are obliged to observe the confidentiality regime. This Policy does not apply in case of depersonalization of personal data and in relation to public data;
5.3. It is not allowed to answer questions related to the transfer of information containing Personal Data via phone or fax.
5.4. The Administrator has the right to provide or transfer the User's Personal Data to third parties in the following cases:
- if the disclosure of this information is required to comply with the law, the execution of a judicial act;
- to assist in investigations carried out by law enforcement or other government agencies;
- to protect the legal rights of the User and the Administrator. 6. PROTECTION OF THE USER'S PERSONAL DATA FROM UNAUTHORIZED ACCESS
6.1. When processing the User's personal data the Administrator is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.
6.2. To effectively protect the User's Personal Data, it is necessary to:
- follow the procedure for obtaining, recording and storing the User's Personal Data;
- apply technical means of protection;
- familiarize all people involved in the receipt under signature, processing and protection of the User's Personal Data with the non-disclosure agreement of the User's Personal Data;
- bring to disciplinary responsibility employees guilty of violating the rules governing the Processing and protection of the User's Personal Data.
6.3. Admission to the User's Personal Data of the Administrator's employees who have not familiarized themselves with this Policy against signature is not allowed.
6.4. Protection of access to electronic databases containing the User's Personal Data is ensured by:
- use of licensed software products that prevent unauthorized access of third parties to the User's Personal Data;
- password system (passwords are set by the Administrator and communicated individually to employees who have access to the User's Personal Data).
6.5. Copying and making extracts of the User's personal data is allowed solely for official purposes with the written permission of the Administrator. 7. RESPONSIBILITIES OF THE ADMINISTRATOR
7.2. Receive User's personal data directly from him or via the Site. If the User's personal data can only be obtained from a third party, then the User must be notified of this in advance and consent must be obtained from him.
7.3. Not to receive or process the User's personal data about his race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, except as otherwise provided by law.
7.4. Provide access to his registration data to the User or his legal representative when applying or upon receipt of a request containing the number of the main document proving the identity of the User or his legal representative, information about the date of issue of the specified document and the authority that issued it, and the handwritten signature of the User or his legal representative. The request may be sent in electronic form and signed with an electronic digital signature according to the legislation of the Russian Federation. Information about the availability of personal data must be provided to the User in an accessible form and should not contain Personal data related to other subjects of Personal data.
Within a period not exceeding 7 (seven) working days from the date the subject of Personal Data or his representative provides information confirming that the Personal Data is incomplete, inaccurate or out of date, the Administrator is obliged to make the necessary changes to them. Within a period not exceeding 7 (seven) working days from the date of submission by the subject of Personal data or his representative of information confirming that such personal data are illegally obtained or are not necessary for the stated purpose of processing, the Administrator is obliged to destroy such Personal data. The Administrator is obliged to notify the subject of Personal data or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the Personal data of this subject were transferred.
7.5. Restrict the User's right to access their Personal Data if:
- the processing of Personal Data, including Personal Data obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
- the processing of Personal data is carried out by bodies that have detained the subject of personal data on suspicion of committing a crime, or charged the subject of Personal data in a criminal case, or applied a measure of restraint to the subject of Personal data before bringing charges, except for the cases provided for by the criminal procedure legislation of the Russian Federation, if it is allowed to familiarize the suspect or the accused with such Personal Data;
- provision of Personal data violates the constitutional rights and freedoms of other people.
7.6. Ensure the storage and protection of the User's Personal Data from their misuse or loss.
7.7. In case of revealing false Personal data or illegal actions with by the person responsible for the Processing of the User's personal data, at his appeal or at his request (or his legal representative or an authorized body for the protection of the rights of personal data's subjects), the Administrator is obliged to block Personal Data, relating to the relevant User, from the moment of such request or receipt of such request for the period of verification.
7.8. In case of confirmation of the fact of inaccuracy with Personal data, the Administrator, on the basis of documents submitted by the User or his legal representative or an authorized body for the protection of the rights of subjects of Personal data, or other necessary documents, is obliged to clarify Personal data and remove their blocking.
7.9. In case of detection of illegal actions with Personal Data, the Administrator, within a period not exceeding 3 (three) working days from the date of such detection, is obliged to eliminate the violations committed. If it is impossible to eliminate the committed violations, the Administrator, within a period not exceeding 10 (ten) working days from the date of detection of illegal actions with Personal Data, is obliged to destroy the Personal Data. The Administrator is obliged to notify the subject of Personal data or his legal representative about the elimination of the violations committed or the destruction of Personal data, and if the appeal or request was sent by the authorized body for the protection of the rights of Personal data's subjects, also to the specified body.
7.10. If the purpose of the Personal Data Processing is achieved, the Administrator is obliged to immediately stop the Personal Data Processing and destroy the relevant Personal Data within a period not exceeding 90 (ninety) days from the date of achievement of the Personal Data Processing goal.
7.11. In case when the User withdraws consent to the Processing of his Personal Data, the Administrator is obliged to stop their Processing or ensure the termination of such processing (if the processing of Personal Data is carried out by another person acting on behalf of the Administrator) and if the storage of Personal Data is no longer required for the purposes of Processing Personal Data, destroy Personal Data or ensure their destruction (if the processing of Personal Data is carried out by another person acting on behalf of the Administrator) within a period not exceeding 90 (ninety) days from the date of receipt of the said withdrawal. 8. USER'S RIGHTS
8.1. The User has the right to access the following information:
- information about himself, including information containing confirmation of the fact of the Processing of Personal Data, as well as the purpose of such Processing, methods of Processing personal data used by the Administrator;
- information about people (excluding the Administrator's employees) who have access to Personal Data or who may be granted such access on the basis of an agreement with the Administrator or on the basis of the current legislation of the Russian Federation;
- a list of processed Personal Data and the source of their receipt.
8.2. The User has the right to:
- determine the forms and methods of transfer of his Personal Data, limit the methods and forms of Personal Data Processing;
- withdraw consent to the Processing of Personal Data, prohibit the dissemination of Personal Data without his consent;
- require the Administrator to change information about himself;
- instruct the Administrator to clarify information about himself by sending a withdrawal of consent to the processing of Personal Data or a request for clarification / change of information by sending a message to the email address: firstname.lastname@example.org
8.3. If the User withdraws consent to the processing of Personal Data, the Administrator has the right to continue processing Personal Data without the User's consent if there are grounds specified in clauses 2-11 of part 1 of article 6, part 2 of article 10 and part 2 of article 11 of Federal Law No. 152-FL of 27 July 2006 "On personal data". 9. PRIVACY OF USER'S PERSONAL DATA
9.1. Information about the User's personal data is confidential.
9.2. The Administrator ensures the Confidentiality of Personal Data and is obliged to prevent the distribution to third parties for purposes contrary to the purposes of the Processing of Personal Data specified in this Policy, or if there is another legal basis.
9.3. People who have access to the User's Personal Data are required to comply with the Personal Data Confidentiality regime, they must be warned about the need to comply with the secrecy regime. In connection with the Confidentiality regime for personal information, appropriate security measures must be provided to protect data from accidental or unauthorized destruction, accidental loss, unauthorized access to them, alteration or distribution.
9.4. All measures of the Confidentiality of Personal Data during the collection, processing and storage of the User's Personal Data apply to all media (paper, electronic, etc.).
9.5. The Confidentiality of Personal Data regime is removed in cases of depersonalization. 10. LIABILITY FOR VIOLATION OF REGULATIONS GOVERNING THE PROCESSING OF USER'S PERSONAL DATA
10.1. The Administrator is liable for the Personal Data that is at his disposal, and establishes the personal liability of employees for compliance with the established regime of Personal Data Confidentiality.
10.2. Each employee who receives a document or other medium containing the User's Personal Data for work is personally liable for the safety of the information medium and the confidentiality of the Personal Data placed on it.
10.3. Any person may contact the Administrator with a complaint about a violation of this Policy. The Administrator is obliged to ensure the consideration of User's requests, applications and complaints, as well as to facilitate the fulfillment of the requirements of the competent authorities. Complaints and claims regarding compliance with Data Processing requirements are considered within 30 (thirty) days from the date of receipt.
10.4. People guilty of violating the rules governing the receipt, processing and protection of the User's Personal Data bear disciplinary, administrative, civil or criminal liability in according to Federal laws. 11. FINAL PROVISIONS