Privacy policy

The policy of processing personal data of an individual entrepreneur Malakhova N.A.

1. Principal provisions

1.1. The policy of processing personal data of an individual entrepreneur Malakhova N.A. (further Entrepreneur) defines the main goals, methods, conditions and principles of processing personal data of subjects and processed personal data, the functions of the Entrepreneur in the processing of personal data, the rights of subjects of personal data, as well as the implemented requirements for the protection of personal data.

 

1.2. The personal data processing policy complies with the requirements of the Constitution of the Russian Federation, legislative and other regulatory acts of the Russian Federation, in particular:

- The Labor Code of the Russian Federation;

- Federal Law No. 152-ФЗ “On Personal Data” dated July 27, 2006;

- Decree of the President of the Russian Federation No. 188 “On approval of the List of Confidential Information” dated March 6, 1997;

- Decree of the Government of the Russian Federation No. 687 “On approval of the Regulation on the peculiarities of the processing of personal data carried out without the use of automation” dated September 15, 2008;

- Decree of the Government of the Russian Federation No. 512 “On approval of requirements for tangible media of biometric personal data and technologies for storing such data outside personal data information systems” dated July 6, 2008;

- Decree of the Government of the Russian Federation No. 1119 “On approval of the requirements for the protection of personal data during their processing in personal data information systems” dated 01.11.2012;

- other regulatory legal acts of the Russian Federation and regulatory documents of authorized bodies of governmental authorities.

 

1.3. Any local regulatory documents of the Entrepreneur containing issues of processing personal data of personal data subjects are developed on the basis of this Personal Data Processing Policy.

 

1.4. Terms and definitions used in the Policy of processing personal data:

- Personal data - any information relating, directly or indirectly, to a specific or determined individual (personal data subject).

- Information – data (messages, details) regardless of the form of their provision.

- Operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) committed with personal data.

- Processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

- Automated processing of personal data - processing of personal data with a computer technology.

- Provision of personal data - actions aimed at the disclosure of personal data to a specific person or a certain circle of persons.

- Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons.

- Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual or a foreign legal entity.

- Blocking of personal data - temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).

- Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

- Anonymization of personal data - actions that make it impossible without the use of additional information to determine the ownership of personal data to a specific subject of personal data.

- Information system of personal data - a set of personal data contained in databases and ensuring their processing of information technologies and technical means.

 

1.5. Personal data processed by the Entrepreneur:

1.5.1. In the framework of the present Policy of processing personal data, personal data refers to information that the buyer, or counterparty, or distributor, or other person who registers, or purchases goods or services from the Entrepreneur without registration, on the shikstore.ru website, provides about itself when registering (creating an account), or without registration, on the Site or in the process of using the Site. Personal data that is mandatory for provision is requested by the Site when registering or using the Site without registration. Other information is provided by the buyer, or counterparty, or distributor, or other person at his discretion.

1.5.2. The Entrepreneur does not verify the accuracy of personal data provided by the buyer, or counterparty, or distributor and other person, however, it is assumed that this person provides reliable and sufficient personal data.

1.5.3. Providing personal data, the buyer or counterparty, or distributor, or other person confirms that this information was provided to them voluntarily, consciously, of their own free will and in their interests.

 

2. Principles, goals and conditions of processing of personal data:

2.1. The Entrepreneur, being the operator of personal data, carries out the processing of personal data of the personal data subjects - individuals who are clients of the Entrepreneur, partners of the Entrepreneur, counterparties of the Entrepreneur, distributors of the Entrepreneur and other persons entering into legal relations with the Entrepreneur.

 

2.2. Processing of personal data is carried out by the Entrepreneur taking into account the need to ensure the protection of the rights and freedoms of personal data subjects, including the protection of the right to privacy, personal and family secrets, based on the following principles:

- the processing of personal data is carried out by the Entrepreneur on a legal and fair basis;

- the processing of personal data is limited to the achievement of specific, predetermined and legitimate goals;

- personal data processing that is incompatible with the purposes of collecting personal data is not allowed;

- it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;

- only personal data that are consistent with the purposes of their processing are subject to processing;

- the content and volume of the processed personal data corresponds to the declared processing goals. The redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed;

- when processing personal data, the accuracy of personal data is ensured, its adequacy, and, if necessary, its relevance to the purposes of processing personal data.

- storage of personal data is carried out in a form that allows to determine the personal data subject, no longer than that is required by the purpose of processing personal data, unless the storage period of personal data is established by federal law, an agreement to which the beneficiary or guarantor is the personal data subject;

- processed personal data is destroyed or depersonalized when the processing goals are achieved or if the need to achieve these goals is lost, unless otherwise provided by federal law.

 

2.3. Personal data is processed by the Entrepreneur in order to:

- ensure compliance with the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation, local regulatory acts of the Entrepreneur;

- implement the functions, powers and duties assigned by the legislation of the Russian Federation to the Entrepreneur, including the provision of personal data to state authorities;

- prepare, conclude, execute and terminate the contracts with contractors;

- fulfill the rights and legitimate interests of the Entrepreneur, in the framework of the activities provided by the Charter and other local regulatory acts of the Entrepreneur, or of third parties, or achieve socially significant goals;

-  other legal purposes.

2.4. The list of personal data processed by the Entrepreneur is determined in accordance with the legislation of the Russian Federation and the local regulatory acts of the Entrepreneur, taking into account the purposes of processing personal data specified in the current Policy of processing personal data.

2.5. The processing of special categories of personal data regarding race, nationality, political views, religious or philosophical beliefs, intimate life is not carried out by the Entrepreneur.

2.6. When processing personal data, the Entrepreneur:

- takes measures necessary and sufficient to ensure compliance with the requirements of the legislation of the Russian Federation and local regulatory acts of the Entrepreneur in the field of personal data;

- takes legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;

- appoints the person responsible for organizing the processing of personal data of the Entrepreneur;

- carries out familiarization of the employees of the Entrepreneur directly processing personal data with the provisions of the legislation of the Russian Federation and the local regulatory acts of the Entrepreneur in the field of personal data, including the requirements for the protection of personal data, and the training of these employees;

- publishes on the Website or otherwise provides unlimited access to the current Policy for the processing of personal data;

- informs, in the established manner, personal data subjects or their representatives about the availability of personal data related to the relevant personal data subjects, provides an opportunity to familiarize themselves with these personal data when applying and (or) receiving requests from the said personal data subjects or their representatives, if otherwise is not established by the legislation of the Russian Federation;

- stops processing and destroys personal data in cases stipulated by the legislation of the Russian Federation in the field of personal data;

- performs other actions stipulated by the legislation of the Russian Federation in the field of personal data.

2.7. Processing of personal data is carried out by the Entrepreneur with the consent of the personal data subject to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data.

2.8. The Entrepreneur, without the consent of the personal data subject, does not disclose to third parties and does not disseminate personal data, unless otherwise provided by the legislation of the Russian Federation.

2.9. The Entrepreneur may use the personal data of the subject of personal data for the following purposes:

2.9.1. Communication with the subject of personal data, including the method of sending notifications, requests and information regarding the work with the Site, the provision of services, the sale of goods, to the subject of personal data, as well as for the processing of requests and requests from the subject of personal data;

2.9.2. Informing the subject of personal data on the activities of the Entrepreneur, including goods, products and services provided by the Entrepreneur;

2.9.3. Conducting statistical and other studies based on anonymized data;

2.9.4. Improving the quality of the Site, ease of use, development of new projects;

2.10. Filling out the appropriate form on the Site means the unconditional consent of the personal data subject with the terms of the current Policy of processing

personal data.

2.11. The Entrepreneur stores the personal data of the buyer, or counterparty, or distributor, or other person who is the personal data subject, in compliance with the requirements of the legislation of the Russian Federation and ensures their proper safety. The Entrepreneur takes the necessary and sufficient organizational and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other illegal actions of third parties with it.

2.12. With regard to personal data, confidentiality is maintained, except for cases when the personal data subject voluntarily provides information about himself for general access to an unlimited number of people.

2.13. Personal data, according to the Federal Law of the Russian Federation "On Personal Data" dated July 27, 2006 N 152-ФЗ, is processed by the Entrepreneur only in connection with the conclusion and execution of contracts to which the personal data subject is a party.

2.14. The Entrepreneur has the right to entrust the processing of personal data to another person, with the consent of the personal data subject, on the basis of an agreement concluded with this person. The contract should contain a list of actions (operations) with personal data that will be performed by the person processing the personal data, the purpose of processing, the obligation of such a person to maintain the confidentiality of personal data and ensure the security of personal data during their processing, as well as the requirements for the protection of processed personal data in accordance with Article 19 of the Federal Law "On Personal Data".

3. Processing of personal data

3.1. The Entrepreneur collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.

3.2. Methods of processing personal data by the Entrepreneur:

- manual processing of personal data;

- automated processing of personal data with the transfer of information received through information and telecommunication networks or without it;

- mixed processing of personal data.

3.3. Personal data subjects have the right to:

- get full information about their personal data processed by the Entrepreneur;

- get access to their personal data, including the right to receive a copy of any record containing their personal data, with the exception of cases provided for by the legislation of the Russian Federation;

- clarify their personal data, block or destruct them in case personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;

- withdraw the consent to the processing of personal data;

- take measures prescribed by law to protect their rights;

- exercise other rights provided for by the legislation of the Russian Federation.

3.4. Measures necessary and sufficient to ensure the fulfillment by the Entrepreneur of the operator’s obligations stipulated by the legislation of the Russian Federation in the field of personal data include:

- appointment of a person responsible for organizing the processing of personal data;

- adoption of local regulations and other documents in the field of processing and protection of personal data;

- the organization of training for employees of the Entrepreneur, who occupy positions during the replacement of which personal data is processed;

- obtaining the consent of the personal data subjects on the processing of their personal data, with the exception of cases provided for by the legislation of the Russian Federation;

- the separation of personal data processed without the use of automation from other information, in particular by fixing them on separate material storage media for personal data, in special sections;

- ensuring separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;

- a ban on the transfer of personal data through open communication channels, computer networks of the Internet without applying the measures established by the Entrepreneur to ensure the security of personal data (with the exception of generally available and (or) anonymized personal data);

- storage of material carriers of personal data in compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them;

- implementation of internal control of the conformity of the processing of personal data to the Federal Law “On Personal Data”;

- other measures provided for by the legislation of the Russian Federation in the field of personal data.

3.5. For each category of personal data subjects, the goals of processing their personal data are defined:

3.5.1. The processing of personal data of representatives of legal entities and individual entrepreneurs - contractors, distributors and partners is carried out in order to interact with customers - legal entities and individual entrepreneurs on logistics issues, payments, contract execution, to send letters about the existence of overdue debts and other legally significant messages, implementation E-mail newsletters, training in various fields, as well as the exchange of necessary information.

3.5.2. The processing of personal data of individuals with whom the Entrepreneur concludes civil law contracts is carried out in order to ensure compliance with the requirements of civil, pension, insurance, tax laws and other requirements of the current legislation of the Russian Federation in connection with the emergence, amendment and termination of civil law relations, including monitoring the quality and quantity of services rendered / work performed, goods sold, ensuring the safety of the Entrepreneur’s property.

3.5.3. Processing of personal data of customers - consumers (individuals), including Buyers of products of the Entrepreneur and visitors to the Site are made for the following purposes:

- Fulfillment of the obligations of the Entrepreneur in the framework of the concluded agreements (including the provision of services, placing orders, sale and delivery of goods);

- Providing additional information about the Entrepreneur (including information on activities, sold goods / services) through SMS messages, emails, phone calls;

- receiving feedback regarding the goods / services of the Entrepreneur (including through SMS messages, emails, phone calls) and subsequent analysis of the data received;

- study and analysis of the market (including by monitoring the actions on the Site, in the mobile application used by the Entrepreneur);

- carrying out events (including events of an advertising nature);

- analysis of preferences regarding the goods of the Entrepreneur, the services offered by the Entrepreneur (including by monitoring the actions on the Site, in the mobile application used by the Entrepreneur);

- administration of the user account on the Site, in the mobile application used by the Entrepreneur;

- sending advertising and newsletters (including in relation to goods / services sold by the Entrepreneur, the activities of the Entrepreneur) by e-mail, via SMS, phone calls and other means of communication confirmed with the subject of personal data.

3.6. Cross-border transfer of personal data:

3.6.1. The entrepreneur is obliged to make sure that the foreign state into whose territory it is supposed to transfer personal data provides adequate protection of the rights of the personal data subjects before such a transfer begins.

3.6.2. Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of subjects of personal data may be carried out in the following cases:

- the written consent of the personal data subject to the cross-border transfer of his personal data;

- execution of an agreement to which the subject of personal data is a party;

- provided for by international treaties of the Russian Federation;

- in other cases stipulated by the legislation of the Russian Federation.

3.7. The Entrepreneur has the right to amend the current Personal Data Processing Policy. When making changes in the current edition, the date of the last update is indicated. The new version of the Personal Data Processing Policy comes into force from the moment it is posted, unless otherwise provided by the new version of the Personal Data Processing Policy. The current edition is constantly available on the page at: https://shikstore.ru/policy-personal-data/

3.8. Entities whose personal data are processed by the Entrepreneur can contact on issues of interest, as well as for the exercise of their rights by e-mail: sales@shikstore.ru.