Personal data processing policy
By submitting this form through the Website, by checking the "I agree to the processing of personal data" box you (the data subject) agree to all the provisions of this Policy.
1. General provisions
1.2 This page contains data about information the Operator or third parties may receive when you use the Website. The Operator hopes that this information will help you make deliberate decisions about the information you provide about yourself.
1.3 The data the Operator receives on the Webite can be used to facilitate your use of the Website. The Website only collects general information that your browser provides voluntarily when you visit the Webite.
2. Terms of personal data processing
2.1 Personal data processing is subject to the principles and rules stated in the Federal Law dated 27.07.2006 No. 152-FZ (as amended and supplemented, effective from 01.03.2021) "On Personal Data" (as amended and supplemented, effective from 01.03.2021).
2.2З Personal data processing shall be permitted if it:
2.2.1. is carried out with your consent;
2.2.2. is necessary for the achievement of the purposes stipulated by an international treaty of the Russian Federation or by law, for the exercise and performance of the functions, powers and duties of the Operator;
2.2.3. is necessary for the conclusion and/or execution of the contract, a party/beneficiary/guarantor of which you are;
2.2.4. is necessary for the exercise of the rights and legal interests of the Operator or third parties, or to achieve socially important goals, provided that your rights and freedoms are not violated thereby;
2.2.5. is available to the general public, access to which is granted by you or at your request (hereinafter - personal data, made publicly available by the data subject);
2.2.6. is necessary to improve the Operator's customer service;
2.2.7. is subject to publication or compulsory disclosure in accordance with the relevant Federal Law.
2.3.The Operator may include your personal data in publicly available sources of personal data.
2.4 Decisions that produce legal consequences or otherwise affect your rights and legitimate interests shall not be made on the basis of solely automated processing of personal data.
2.5 If written consent to the processing of personal data is not necessary, consent may be given by you or your representative in any form.
2.6 The operator has the right to entrust the processing of personal data to another person, on the basis of an agreement concluded with that person. In this case, the Operator shall oblige the person processing personal data on behalf of the Operator to comply with the principles and rules of personal data processing stipulated by the relevant Federal Law.
2.7 If the Operator instructs another person to process personal data, the Operator shall be liable to you for the actions of that person. The person, who carries out the processing of personal data on behalf of the Operator is liable to the Operator.
2.8. The Operator shall be entitled to use personal data obtained using cookie technology and social plug-ins.
2.9 The operator shall be entitled to use the personal data for sending you newsletters.
2.10. The operator shall not disclose to third parties and shall not distribute personal data without your consent, unless otherwise stipulated by the relevant Federal Law.
3. Obligations of the Operator
In accordance with the requirements of Federal Law dated 27.07.2006 No. 152-FZ (ver. dated 30.12.2020) "On Personal Data" (as amended and supplemented, effective from 01.03.2021) the Operator shall:
3.1 Publish or otherwise provide unlimited access to this Policy.
3.2 Provide you, upon request, with information about the existence of personal data relating to you as a data subject, and allow familiarization with that personal data within thirty days from the date of receipt of the request.
3.3 In case of detection of unlawful processing of personal data by the Operator or by a person acting on behalf of the Operator, the Operator shall, within three working days from the date of such detection, terminate unlawful processing of personal data or ensure termination of unlawful processing of personal data by a person acting on behalf of the Operator.
3.3.1 If it is impossible to ensure lawfulness of personal data processing, the Operator shall destroy such personal data within ten days from the date of detection of unlawful personal data processing.
3.3.2 The Operator shall notify you about elimination of committed violations or destruction of personal data.
3.4 If the fact of inaccuracy of personal data is confirmed, the Operator shall, on the basis of information provided by you or your representative or the authorized body for protection of rights of data subjects, or other necessary documents, clarify personal data or ensure its clarification (if personal data processing is performed by another person acting on behalf of the Operator) within seven working days of submission of such information and remove blocking of personal data.
3.5. In case of withdrawal of your consent to processing of your personal data, stop processing of personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by a separate agreement.
3.5.1 The operator shall notify you about the destruction of personal data.
3.6. In the event of a request to cease processing of personal data for the purpose of promoting goods, works, services on the market, immediately cease processing of personal data.
4. Measures to ensure the security of personal data during its processing
4.1 When processing personal data, the Operator shall take necessary legal, organizational and technical measures for protection of personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
4.2 Ensuring security of personal data is achieved, in particular, by:
4.2.1. identification of threats to the security of personal data in the course of its processing in personal data information systems;
4.2.2. application of organizational and technical measures for security of personal data during its processing in personal data information systems, necessary for fulfillment of requirements to protection of personal data, implementation of which ensures levels of security of personal data established by the Government of the Russian Federation;
4.2.3. aplication of duly approved conformity assessment procedure for information protection means;
4.2.4. assessment of efficiency of personal data security measures taken before commissioning of the personal data information system;
4.2.5. accounting of machine-readable media of personal data;
4.2.6. detecting facts of unauthorized access to personal data and taking measures;
4.2.7. restoration of personal data, modified or destroyed as a result of unauthorized access to it;
4.2.8. establishment of rules of access to personal data processed in the personal data information system, as well as registration and accounting of all actions performed with personal data in the personal data information system;
4.2.9. control of measures taken to ensure security of personal data and security level of personal data information systems.
5. Final provisions
5.1 The Policy may be changed or terminated unilaterally by the Operator without prior notification.
5.2 The new version of the Policy shall come into force from the moment of its posting on the Website by the Operator, unless otherwise stipulated by the new version of the Policy.
5.3 The current version of the Policy is available on the Web site at https://www.luka-samara.ru/personal/samara.ru/politika_konfidentsialnosti/.