Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of Federal Law dated 27.07.2006 No. 152-FZ “On personal data” (hereinafter – the “Law on Personal Data”) and determines the procedure of personal data processing and measures to ensure personal data security taken by RusHOLTS AZS Co. Ltd. (hereinafter – the “Operator”).
1.1. Respect of human and civil rights and freedoms when processing personal data, including protection of the right to privacy, personal and family secrets is viewed by the Operator as the most important goal and prerequisite for its operation.
1.2. The Operator’s personal data processing policy (hereinafter – the “Policy”) shall be applied to all information that can be obtained by the Operator about visitors of http://onlinecup.ru/.
2. General definitions used in the Policy:
2.1. Automated personal data processing — personal data processing by means of computer technology.
2.2. Personal data blocking — temporary termination of personal data processing (with the exception of cases when processing is needed for personal data rectification).
2.3. Website — pooled graphic and information materials, as well as computer and data base programs that ensure their accessibility in the Internet at http://onlinecup.ru/.
2.4. Personal data information system — the aggregate of personal data contained in data bases and information technologies and technical equipment that ensure their processing.
2.5. Personal data depersonalization — activity that makes it impossible to determine, without the use of additional information, which user or another personal data subject the particular personal data belong to.
2.6. Personal data processing — any action (operation) or combination of actions (operations) performed in respect of personal data by using automation tools or without the use of such tools, including collection, recording, systematization, accumulation, storage, keeping current (updating, alteration), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator — a public authority, municipal authority, juridical or natural person that arranges and/or performs personal data processing on its own or in conjunction with other persons, and determines the purpose of personal data processing, the scope of personal data to be processed, actions (operations) performed in respect of personal data.
2.8. Personal data — any information directly or indirectly related to the identified or identifiable User of http://onlinecup.ru/.
2.9. Personal data permitted by the personal data subject to be disseminated — personal data the access to which was granted by the personal data subject to an unlimited number of persons by giving consent to processing of personal data allowed by the personal data subject to be disseminated in the manner stipulated by the Law on Personal Data (hereinafter – “personal data allowed for dissemination”).
2.10. User — any visitor of http://onlinecup.ru/.
2.11. Provision of personal data — actions aimed at disclosure of personal data to a particular person or scope of persons.
2.12. Dissemination of personal data — any actions aimed at disclosure of personal data to an indefinite number of persons (transfer of personal data) or at making personal data known to an indefinite number of persons, including public disclosure of personal data in mass media, placing in data telecommunications networks or providing access to personal data by any other method.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, foreign natural or foreign juridical person.
2.14. Destruction of personal data — any actions as a result of which personal data are irretrievably destroyed making it impossible to subsequently restore their contents in the personal data information system and/or material carriers of personal data are destroyed.
3. The Operator’s basic rights and responsibilities
3.1. The Operator shall be entitled to:
— obtain from the personal data subject reliable information and/or documents containing personal data;
— in the event of revocation of consent to personal data processing by the personal data subject, as well as in case of submission of an application demanding that personal data processing be stopped, the Operator shall be entitled to continue personal data processing without the consent of the personal data subject if there are grounds specified in the Law on Personal Data.
— independently determine the makeup and list of adequate and appropriate measures to ensure performance of obligations stipulated in the Law on Personal Data and regulations adopted in accordance with the said Law, unless otherwise provided by the Law on Personal Data or other federal laws.
3.2. The Operator shall undertake to:
— provide to personal data subject at his/her request the information regarding his/her personal data processing;
— arrange personal data processing in due process stipulated by the applicable laws of the Russian Federation;
— respond to applications and inquiries of personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
— submit the required information to the authorized body for protection of rights of personal data subjects at the request of the said body within 10 days as of the date of receipt of such an inquiry;
— publish or in any other way provide unlimited access to this Personal Data Processing Policy;
— take legal, organizational and technical measures for protection of personal data from illegal or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in respect of personal data;
— stop transfer (dissemination, provision, access) of personal data, stop processing and destroy personal data pursuant to the procedure and in cases stipulated by the Law on Personal Data;
— perform other duties stipulated by the Law on Personal Data.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects shall be entitled to:
— obtain information related to processing of his/her personal data, with the exception of cases stipulated by federal laws. Information shall be submitted to the personal data subject in an intelligible form, it must not contain personal data related to other personal data subjects, with the exception of cases when there are legal grounds for disclosure of such personal data. The list of information and the procedure for its obtaining is set by the Law on Personal Data;
— demand that the Operator keep current his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or if they are not necessary for the declared purpose of processing, as well as to take statutory measures for protection of his/her rights;
— lay down the condition of prior consent when processing personal data in order to promote goods, works and services on the market;
— revoke consent to personal data processing, as well as to submit a demand that personal data processing be stopped;
— appeal in the authorized privacy authority or in court the Operator’s wrongful actions or omissions when processing his/her personal data;
— for exercising other rights stipulated by the laws of the Russian Federation.
4.2. Personal data subjects shall undertake to:
— submit to the Operator reliable information about themselves;
— inform the Operator about keeping current (updating, alteration) their personal data.
4.3. Persons who have transferred to the Operator unreliable information about themselves or about another personal data subject without the consent of the latter, shall be legally responsible in accordance with the laws of the Russian Federation.
5. Principles of personal data processing
5.1. Personal data processing shall be effected on a legal and fair basis.
5.2. Personal data processing shall be limited to achievement of specific, prior determined and legal goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed.
5.3. Consolidation of data bases containing personal data whose processing is effected for incompatible purposes is not allowed.
5.4. Only personal data that serve the purposes of their processing shall be subject to processing.
5.5. The contents and scope of processed personal data shall comply with the declared purposes of processing. Redundancy of the processed personal data in relation to the declared purposes of their processing is not allowed.
5.6. When processing personal data, accuracy of personal data shall be ensured, as well as their sufficiency, and where necessary – their relevance with respect to the purposes of personal data processing. The Operator shall take necessary steps and/or ensure that these steps be taken in order to delete or revise incomplete or inaccurate data.
5.7. Personal data storage shall be effected in a form that enables identification of personal data subject for no longer than needed for the purposes of personal data processing, if the period of personal data storage is not stipulated by a federal law or agreement to which the personal data subject is a party, beneficiary or guarantor. When data processing purposes have been achieved, or if the achievement of these purposes is no longer needed, the processed personal data shall be destructed or depersonalized, unless otherwise provided for by the Federal Law.
6. Purposes of personal data processing
The purpose of processing is providing access of the User to services, information and/or materials contained on the website Personal data surname, name, patronymic
Legal grounds Federal Law “On information, information technologies and data protection” dated 27.07.2006 No. 149-FZ
Types of personal data processing Collection, recording, systematization, accumulation, storage, destruction and depersonalization of personal data
Sending information letters to email address
7. Conditions of personal data processing
7.1. Personal data processing shall be effected with the consent of the personal data subject for processing of his/her personal data.
7.2. Personal data processing is necessary in order to achieve the purposes stipulated by the international treaty of the Russian Federation or the law, to exercise the functions, powers and obligations assigned to the Operator by the laws of the Russian Federation.
7.3. Personal data processing is necessary for administration of justice, execution of a judicial act, an act of another body or official, enforceable in accordance with the laws of the Russian Federation regarding enforcement proceedings.
7.4. Personal data processing is necessary for performance of an agreement to which the personal data subject is a party, beneficiary or guarantor, as well as for conclusion of an agreement at the initiative of the personal data subject or an agreement to which the personal data subject shall be a beneficiary or guarantor.
7.5. Personal data processing is necessary for realization of rights and legitimate interests of the Operator or third parties, or for reaching socially significant goals, provided that there is no violation of rights or freedoms of the personal data subject.
7.6. Personal data processing shall be effected in respect of data the access to which was granted to an unlimited number of people by the personal data subject or at his/her request (hereinafter – “free access personal data”).
7.7. Personal data processing shall be effected in respect of data subject to publication or mandatory disclosure in accordance with the Federal Law.
8. The procedure of collection, storage, transfer and other types of personal data processing
Security of personal data processed by the Operator shall be ensured by way of implementation of legal, organizational and technical measures required in order to fully comply with the requirements of the applicable laws in the sphere of personal data protection.
8.1. The Operator shall ensure safety of personal data and take every possible step to prevent access of unauthorized persons to personal data.
8.2. The User’s personal data shall never, under no circumstances be transferred to third persons, with the exception of cases related to enforcement of the applicable laws, or in case when the personal data subject has given consent to the Operator for transfer of the data to a third party for performance of obligations under a civil agreement.
8.3. Should inaccuracies be detected in personal data, the User can update them on his/her own, by emailing a notification to the Operator to firstname.lastname@example.org with a notice of “Personal data updating.”
8.4. The period of data processing shall be determined by the achievement of purposes for which the personal data were collected, if no other period is stipulated by the agreement or applicable laws.
The User may at any time revoke his/her consent to personal data processing by emailing a notification to the Operator to email@example.com with a notice of “Revocation of consent to personal data processing.”
8.5. All information that is collected by third-party services, including payment systems, means of communication and other service providers, shall be stored and processed by the specified persons (Operators) in accordance with their User Agreements and Privacy Policies. Personal data subject and/or with the said documents. The Operator shall not be responsible for steps taken by third parties, including service providers specified in this clause.
8.6. Restrictions for transfer (except for provision of access) set by the personal data subject, as well as for processing or conditions of processing (except for obtaining access) of personal data allowed for dissemination shall not apply in the event of personal data processing in governmental, social or other public interests determined by the laws of the Russian Federation.
8.7. The Operator shall ensure privacy of personal data during their processing.
8.8. The Operator shall ensure personal data storage in a form that enables identification of personal data subject for no longer than needed for the purposes of personal data processing, if the period of personal data storage is not stipulated by the Federal Law, agreement to which the personal data subject is a party, beneficiary or guarantor.
8.9. The conditions for termination of personal data processing may include achievement of personal data processing purposes, expiry of consent of the personal data subject, revocation of consent by the personal data subject or a demand for termination of personal data processing, as well as detection of the fact of wrongful processing of personal data.
9. List of activities performed by the Operator with the obtained personal data
9.1. The Operator shall effect collection, recording, systematization, accumulation, storage, keeping current (updating, alteration), retrieval, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion and destruction of personal data.
9.2. The Operator shall effect automated processing of personal data and obtaining and/or transmission of the obtained information via data telecommunications networks or without such transmission.
10. Cross-border transfer of personal data
10.1. Prior to the beginning of cross-border transfer of personal data, the Operator shall undertake to notify the authorized body for protection of the rights of personal data subjects on his/her intention to effect cross-border transfer of personal data (such notification shall be sent separately from the notification on his/her intention to effect personal data processing).
10.2. Prior to the submission of the above-mentioned notification, the Operator shall undertake to obtain the relevant data from the foreign state authorities, foreign natural persons, foreign juridical persons to whom the cross-border transfer of personal data is planned.
11. Privacy of personal data
The Operator and other persons who have gained access to the personal data shall undertake to refrain from disclosing to third persons and dissemination of personal data, unless otherwise stipulated by the Federal Law.
12. Final provisions
12.1. The User may get any explanations for the issues of interest relating to processing of his/her personal data by addressing the Operator via email firstname.lastname@example.org.
12.2. This document shall reflect any changes made by the Operator in the Personal Data Processing Policy. The Policy shall be valid indefinitely until its substitution with a new version.
12.3. The current version of the Policy is freely accessible in the Internet at http://onlinecup.ru/privacy.