1. General provisions
This personal data processing policy is prepared in accordance with the requirements of the Federal Law dated July 27, 2006. No. 152-FZ "On Personal Data" (hereinafter the "Personal Data Law") and defines the personal data processing procedure and measures to ensure security of personal data collected by IVO HELORY Law Offices (hereinafter the "Operator").
1.1 The Operator's most important goal and prerequisite for carrying out its activities is to observe the rights and freedoms of individuals and citizens when processing their personal data, including the protection of rights to privacy, personal and family secrets.
1.2 This Operator's personal data processing policy (the "Policy") applies to all information the Operator may receive about visitors to the http://ihelory.ru/ website.
2. Key concepts used in the Policy
2.1 Automated processing of personal data means the processing of personal data by means of computer technology.
2.2 Blocking of personal data means temporary termination of the processing of personal data (unless the processing is necessary for clarification of personal data).
2.3 Website means a set of graphical and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the http://ihelory.ru/ network address.
2.4. Personal Data Information System means the totality of personal data contained in databases and the information technologies and hardware that carry out their processing.
2.5 Anonymization of personal data means actions which make it impossible to determine, without the use of additional information, whether personal data belongs to a particular User or another subject of personal data.
2.6 Processing of personal data means any action (operation) or sequence of actions (operations) performed with personal data, with or without the use of automation, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, or destruction of personal data.
2.7. Operator means a governmental authority, municipal authority, legal entity or individual, independently or jointly with other persons arranging and/or performing processing of personal data, as well as determining the purposes of personal data processing, composition of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal data means any information relating directly or indirectly to an identified or identifiable User of the http://ihelory.ru/ website.
2.9. Personal data permitted by the subject of personal data for distribution means personal data, access to which is provided by the subject of personal data to an unlimited number of individuals by giving consent to the processing of personal data permitted by the subject of personal data for distribution in the manner prescribed by the Personal Data Law (hereinafter, "personal data permitted for distribution").
2.10. User means any visitor to http://ihelory.ru/.
2.11. Provision of personal data means the actions aimed at the disclosure of personal data to a certain person or a certain range of persons.
2.12. Distribution of personal data means any actions aimed at the disclosure of personal data to an indefinite number of individuals (transfer of personal data) or making personal data available to an indefinite number of individuals, including the disclosure of personal data in the media, placing it on information and telecommunications networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data means the transfer of personal data to a foreign state, foreign individual or legal entity.
2.14. Destruction of personal data means any actions resulting in irretrievable destruction of personal data with impossibility to further restore the content of personal data in the Personal Data Information System, and/or destruction of personal data physical storage media.
3. Main rights and obligations of the Operator
3.1 Operator shall have the right to:
- obtain from the subject of personal data reliable information and/or documents containing personal data;
- in case the personal data subject withdraws consent to the processing of personal data, as well as in case of sending a request to terminate personal data processing, the Operator shall be entitled to continue the processing of personal data without the consent of the personal data subject, subject to the availability of the grounds specified in the Personal Data Law;
- independently determine the content and list of measures which are necessary and sufficient to ensure compliance with the obligations provided by the Personal Data Law and regulations adopted in accordance therewith, unless otherwise provided by the Personal Data Law or other federal laws.
3.2 Operator shall:
- provide to the personal data subject, at their request, information relating to the processing of their personal data;
- organize the processing of personal data in accordance with the procedure established by the applicable laws of the Russian Federation;
- respond to requests and enquiries of personal data subjects and their legal representatives, in accordance with the requirements of the Personal Data Law;
- provide the necessary information, upon request, to the competent authority for the protection of the rights of personal data subjects within 10 days from the date of receipt of such request;
- publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
- take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, and distribution of personal data, as well as from other unlawful actions in relation to personal data;
- cease the transfer (distribution, provision, access) of personal data, stop the processing and destroy personal data in the manner and instances as prescribed by the Personal Data Law;
- perform other duties stipulated by the Personal Data Law.
4. Main rights and obligations of subjects of personal data
4.1 Subjects of personal data shall be entitled:
- to receive information relating to the processing of their personal data, with the exceptions provided for by federal laws. The information shall be provided to subjects of personal data by the Operator in accessible form and shall not contain personal data relating to other subjects of personal data, except in the cases where there are legitimate grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it are set out in the Personal Data Law;
- to demand that the Operator update their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is irrelevant to the stated purpose of processing, and to take statutory measures to protect their rights;
- to impose the condition of prior consent when processing personal data for the purposes of promoting goods, works and services on the market;
- to withdraw consent to the processing of personal data and request the termination of personal data processing;
- to complain to the competent authority for the protection of the rights of subjects of personal data or in court against unlawful acts or omissions of the Operator in the processing of their personal data;
- to exercise other rights stipulated by the laws of the Russian Federation.
4.2 Subjects of personal data shall:
- provide the Operator with accurate data about themselves;
- notify the Operator of any updates or changes to their personal data.
4.3 Persons who have provided the Operator with inaccurate information about themselves, or information about another subject of personal data without the consent of the latter, shall be liable in accordance with the laws of the Russian Federation.
5. Personal data processing principles
5.1 Processing of personal data shall be lawful and fair.
5.2 Processing of personal data shall be limited to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection shall not be permitted.
5.3 Databases containing personal data that are processed for purposes that are incompatible with one another shall not be merged.
5.4 Only personal data that meets the purposes for which it is being processed shall be processed.
5.5 The content and scope of the processed personal data shall comply with the stated processing purposes. Processed personal data shall not be excessive in relation to the stated processing purposes.
5.6 When processing personal data, the accuracy of personal data, its sufficiency and, where necessary, its relevance in relation to the purposes of personal data processing shall be ensured. The Operator shall take the necessary measures and/or ensure that such measures are taken to delete or update incomplete or inaccurate data.
5.7 Personal data shall be stored in a form that makes it possible to identify the subject of personal data, for no longer than the purposes of personal data processing require, unless the storage period of personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. Processed personal data shall be destroyed or anonymized upon attainment of the processing objectives, or if it is no longer necessary to attain such objectives, unless otherwise provided for by federal law.
6. Personal data processing purposes
- Purpose of processing: conclusion, execution and termination of civil law contracts
- Personal data: first name, surname and patronymic
- email address
- telephone numbers
- Legal basis: Federal Law "On Information, Information Technologies and Information Security" dated July 27, 2006 No. 149-FZ
- Types of personal data processing: collection, recording, systematization, accumulation, storage, destruction and anonymization of personal data
7. Personal data processing conditions
7.1 Processing of personal data shall be subject to the consent of the subject of personal data to process their personal data.
7.2 Processing of personal data is necessary for the achievement of the purposes envisaged by an international treaty of the Russian Federation or by law, for the exercise of the functions, powers and duties imposed on the Operator by the laws of the Russian Federation.
7.3 Processing of personal data is necessary for administration of justice or execution of a judicial ruling or an order of another authority or official to be executed in accordance with the laws of the Russian Federation on enforcement proceedings.
7.4 Processing of personal data is necessary for the performance of a contract, to which the subject of personal data is a party, beneficiary or guarantor, as well as for the conclusion of an agreement at the initiative of the subject of personal data, or an agreement under which the subject of personal data will be a beneficiary or guarantor.
7.5 Processing of personal data is necessary for the exercise of the rights and lawful interests of the Operator and/or third parties, and/or for the achievement of socially important objectives, provided that the rights and freedoms of the subject of personal data are not infringed thereby.
7.6 Personal data to which access has been granted to the general public by the subject of personal data or at their request (hereinafter "publicly available personal data") shall be subject to processing.
7.7 Personal data that is to be published or mandatorily disclosed in accordance with a federal law shall be subject to processing.
8. Procedure for the collection, storage, transfer and other processing of personal data
The security of personal data processed by the Operator shall be ensured by implementing legal, organizational and technical measures necessary to comply fully with the requirements of applicable laws in the area of personal data protection.
8.1 The Operator ensures the safekeeping of personal data and takes all possible action to prevent access to personal data by unauthorized persons.
8.2 Under no circumstances will the personal data of the User be transferred to third parties, except as may be necessary to comply with effective law or if the subject of the personal data has given their consent to the Operator to transfer the data to a third party to perform their obligations under a civil law contract.
8.3 If inaccuracies in the personal data are identified, the User may update the personal data themselves by sending a notice to the Operator's email address email@example.com, marked "update of personal data".
8.4 The time frame for processing personal data is determined by achieving the purposes for which the personal data was collected, unless a different time frame is stipulated by the contract or applicable law.
The user may withdraw their consent to the processing of personal data at any time by giving notice to the Operator via email to the Operator's email address firstname.lastname@example.org, marked "withdrawal of consent to the processing of personal data".
8.6 The prohibitions established by the subject of personal data on the transfer (other than granting access) and on the processing or processing conditions (other than gaining access) of personal data authorized for distribution shall not apply where personal data is being processed for state, community and other public interests as defined by the laws of the Russian Federation.
8.7. The Operator shall ensure the confidentiality of personal data when processing such data.
8.8. The Operator shall store personal data in a form enabling the identification of the subject of personal data for no longer than the purposes of personal data processing require, unless the period of storage of personal data is established by federal law, or a contract to which the subject of personal data is a party, beneficiary or guarantor.
8.9 A condition for termination of personal data processing may be the achievement of the personal data processing objectives, expiration of the consent of the subject of personal data, withdrawal of consent by the subject of personal data or a request to terminate personal data processing, as well as the discovery of unlawful personal data processing.
9. List of actions performed by the Operator with the personal data received
9.1 The Operator shall collect, record, systematize, aggregate, store, clarify (update, modify), extract, use, transmit (distribute, provide, access), anonymize, block, delete and destroy personal data.
9.2 The Operator shall carry out automated processing of personal data with or without the receipt and/or transmission of received information via information and telecommunications networks.
10. Cross-border transfer of personal data
10.1 The Operator shall, prior to engaging in cross-border transfer of personal data, notify the competent authority for the protection of the rights of the subjects of personal data of its intention to transfer personal data across borders (such notification shall be sent separately from the notification of intention to process personal data).
10.2 The Operator shall, prior to submitting the above notification, obtain the relevant information from the foreign authorities, foreign individuals, and/or foreign legal entities to which the cross-border transfer of personal data is planned.
11. Confidentiality of personal data
The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the subject of personal data, unless otherwise stipulated by federal law.
12. Final provisions
12.1 The User may obtain any clarifications on their questions regarding the processing of their personal data by contacting the Operator by email at email@example.com.
12.2 This document will reflect any changes to the Operator's personal data processing policy. The Policy shall be valid indefinitely until replaced by a new version.
12.3 The current version of the Policy is publicly available.