INFO
PERSONAL DATA PROCESSING POLICY
1. General Provisions
1.1. This Policy of Individual Entrepreneur Polina Vitalievna Gruzdeva regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of the Federal Law of 27.07.2006 N 152-FZ "On Personal Data" (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his or her personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The Policy applies to all personal data processed by Individual Entrepreneur Polina Vitalievna Gruzdeva (hereinafter referred to as the Operator, Individual Entrepreneur Polina Vitalievna Gruzdeva).
1.3. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Operator's website (https://nereta.store and their subdomains (hereinafter collectively referred to as the "Site").
1.5. Basic concepts used in the Policy:
personal data - any information related to a directly or indirectly determined or determinable individual (subject of personal data);
personal data operator (operator) - individual entrepreneur Polina Vitalievna Gruzdeva, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;
personal data processing - any action (operation) or set of actions (operations) with personal data, performed with the use of automation tools or without their use. The processing of personal data includes, among other things:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (updating, modification);
- retrieval;
- use;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- destruction;
- automated processing of personal data - processing of personal data using computer technology;
- dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
- provision of personal data - actions aimed at disclosing personal data to a specific person or a specific number of persons;
- blocking of personal data - temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
- destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible carriers of personal data are destroyed;
- depersonalization of personal data - actions that make it impossible to determine the ownership of personal data by a specific personal data subject without the use of additional information;
- personal data information system - a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
1.6. Basic rights and obligations of the Operator.
1.6.1. The Operator has the right to:
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data stipulated by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations stipulated by the Law on Personal Data;
if the subject of personal data revokes consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.
1.6.2. The Operator is obliged to:
organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
notify the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this body of the necessary information within 10 working days from the date of receipt of such a request. This period may be extended, but not more than by five working days. To do this, the Operator must send Roskomnadzor a reasoned notice indicating the reasons for extending the period for providing the requested information;
in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation, including informing it of computer incidents that entailed the illegal transfer (provision, distribution, access) of personal data.
1.7. Basic rights of the personal data subject. The personal data subject has the right to:
Receive information regarding the processing of his personal data, except for cases stipulated by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and it must not contain personal data related to other personal data subjects, except for cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
Require the Operator to clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect his rights;
Appeal to Roskomnadzor or in court against the illegal actions or inaction of the Operator when processing his personal data.
1.8. Control over compliance with the requirements of this Policy is carried out personally by the Operator.
1.9. Liability for violation of the requirements of the legislation of the Russian Federation and regulations in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. Purposes of collecting personal data
2.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed.
2.2. Only personal data that meets the purposes of their processing are subject to processing.
2.3. The Operator processes personal data for the following purposes:
2.3.1. Identification of the party within the framework of agreements and contracts with the Site, platform, messenger, social networks and the Operator.
2.3.2. Providing the user with personalized services, rights to use RIA, services, and other values.
2.3.3. Communication with the user, including sending notifications, requests and information regarding the use of the Site, platform, messenger in terms of providing services/acquiring rights to use RIA, as well as processing requests and applications from the user.
2.3.4. Improving the quality of the Site, platform, messenger, ease of use, developing new services/RIA.
2.3.5. Targeting educational materials/services, various RIA.
2.3.6. Conducting statistical and other research based on the provided data.
2.3.7. Conclusion, execution and termination of civil contracts with individuals, legal entities, sole proprietors and other persons, in cases stipulated by applicable law.
2.3.8. Detection, prevention, mitigation of consequences and investigation of fraudulent or other illegal actions against the Operator.
3. Legal grounds for processing personal data
3.1. The legal basis for processing personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
The Constitution of the Russian Federation;
The Civil Code of the Russian Federation;
other regulatory legal acts governing relations related to the activities of the Operator.
3.2. The legal basis for processing personal data is also:
an offer agreement concluded between the Operator and the subject of personal data;
the consent of the subject of personal data to the processing of their personal data.
4. The volume and categories of personal data processed,
categories of subjects of personal data
4.1. The content and volume of personal data processed must correspond to the stated purposes of processing, stipulated in Section 2 of this Policy. The personal data processed must not be excessive in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. The Operator's clients (individuals):
last name, first name, patronymic;
date and place of birth;
passport details;
registration address at the place of residence;
contact details;
bank account number;
other personal data provided by clients and counterparties (individuals), necessary for the conclusion and execution of contracts.
4.2.5. Representatives of the Operator's clients (legal entities):
last name, first name, patronymic;
passport details;
contact details;
other personal data provided by representatives of clients, necessary for the conclusion and execution of contracts.
4.3. The Operator processes biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his or her identity can be established) in accordance with the legislation of the Russian Federation.
5. Procedure and conditions for processing personal data
5.1. The Operator processes personal data in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of personal data subjects to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Russian Federation.
5.3. The Operator carries out both automated and non-automated processing of personal data.
5.4. The processing of personal data is carried out by:
receiving personal data in oral and written form directly from personal data subjects;
receiving personal data from publicly available sources;
entering personal data into the Operator's information systems;
using other methods of processing personal data.
5.5. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is prohibited, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the subject of personal data for distribution is drawn up separately from other consents of the subject of personal data to the processing of his personal data.
5.6. The operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
identifying threats to the security of personal data during their processing;
adopting local regulations and other documents governing relations in the field of processing and protecting personal data;
appointing persons responsible for ensuring the security of personal data;
creating the necessary conditions for working with personal data;
organizing the accounting of documents containing personal data;
organizing work with information systems in which personal data are processed;
stores personal data under conditions that ensure their safety and exclude unauthorized access to them.
5.7. The operator stores personal data in a form that allows identifying the subject of personal data, for no longer than required by the purposes of processing personal data, unless the storage period of personal data is established by federal law, agreement, consent.
5.8. When collecting personal data, including via the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.
6. Updating, correcting, deleting, destroying
personal data and terminating their processing,
responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the personal data subject or his representative within 10 working days from the date of the request or receipt of the request from the personal data subject or his representative. This period may be extended, but not more than by five working days. To do this, the Operator should send the personal data subject a reasoned notice indicating the reasons for extending the period for providing the requested information.
The request must contain:
the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the said document and the issuing authority;
information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
the signature of the personal data subject or his representative.
The Operator provides the information specified in Part 7 of Article 14 of the Law on Personal Data to the personal data subject or his representative in the form in which the relevant request or appeal was sent, unless otherwise specified in the request or appeal.
If the request (appeal) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
The right of the personal data subject to access his personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the personal data subject's access to his personal data violates the rights and legitimate interests of third parties.
6.2. In the event that inaccurate personal data is discovered upon an appeal by the personal data subject or his representative or at their request or at the request of Roskomnadzor, the Operator blocks the personal data related to this personal data subject from the moment of such appeal or receipt of the specified request for the verification period, if blocking the personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
In the event that the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data.
6.3. In the event of detection of unlawful processing of personal data upon request (application) of the personal data subject or his/her representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data related to this personal data subject from the moment of such application or receipt of the request.
6.4. If the Operator, Roskomnadzor or another interested party discovers an unlawful or accidental transfer (provision, distribution) of personal data (access to personal data) that has resulted in a violation of the rights of personal data subjects, the Operator:
within 24 hours - notifies Roskomnadzor of the incident that has occurred, the presumed causes that resulted in the violation of the rights of personal data subjects, the presumed harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
within 72 hours - notifies Roskomnadzor of the results of the internal investigation of the identified incident and provides information about the persons whose actions caused it (if any).
6.5. Upon achieving the goals of personal data processing, as well as in the event of the personal data subject's withdrawal of consent to their processing, the personal data are subject to destruction, unless:
otherwise provided by the agreement to which the personal data subject is a party, beneficiary or guarantor;
the operator has no right to carry out processing without the consent of the personal data subject on the grounds stipulated by the Personal Data Law or other federal laws;
otherwise not provided by another agreement between the Operator and the personal data subject.
6.6. If the personal data subject applies to the Operator with a request to terminate the processing of personal data within a period not exceeding 10 working days from the date of receipt by the Operator of the relevant request, the processing of personal data is terminated, except for cases stipulated by the Personal Data Law. The specified period may be extended, but not more than by five working days. To this end, the Operator must send the personal data subject a reasoned notice indicating the reasons for the extension of the period.
7. Dispute Resolution
7.1. If no agreement is reached, the dispute will be referred to the judicial authority at the Operator's place of registration in accordance with the current legislation of the Russian Federation.
7.2. The current legislation of the Russian Federation shall apply to this Policy on the processing of personal data and the relations between the personal data subject and the Operator.
8. Additional conditions
8.1. The Operator has the right to make changes to this Policy on the processing of personal data without the consent of the personal data subjects. This document will reflect any changes to the Operator's personal data processing policy. The Policy is valid indefinitely until it is replaced by a new version.
8.2. The new version of the Personal Data Processing Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.
8.3. The invalidity of individual provisions of this Policy, if such is recognized by a decision of a court or other authorized state body, does not entail its invalidity as a whole.
9. Operator details
IP Gruzdeva Polina Vitalievna
INN 772790821587
info@nereta.store
1. General Provisions
1.1. This Policy of Individual Entrepreneur Polina Vitalievna Gruzdeva regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of the Federal Law of 27.07.2006 N 152-FZ "On Personal Data" (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his or her personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The Policy applies to all personal data processed by Individual Entrepreneur Polina Vitalievna Gruzdeva (hereinafter referred to as the Operator, Individual Entrepreneur Polina Vitalievna Gruzdeva).
1.3. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Operator's website (https://nereta.store and their subdomains (hereinafter collectively referred to as the "Site").
1.5. Basic concepts used in the Policy:
personal data - any information related to a directly or indirectly determined or determinable individual (subject of personal data);
personal data operator (operator) - individual entrepreneur Polina Vitalievna Gruzdeva, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;
personal data processing - any action (operation) or set of actions (operations) with personal data, performed with the use of automation tools or without their use. The processing of personal data includes, among other things:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (updating, modification);
- retrieval;
- use;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- destruction;
- automated processing of personal data - processing of personal data using computer technology;
- dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
- provision of personal data - actions aimed at disclosing personal data to a specific person or a specific number of persons;
- blocking of personal data - temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
- destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible carriers of personal data are destroyed;
- depersonalization of personal data - actions that make it impossible to determine the ownership of personal data by a specific personal data subject without the use of additional information;
- personal data information system - a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
1.6. Basic rights and obligations of the Operator.
1.6.1. The Operator has the right to:
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data stipulated by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations stipulated by the Law on Personal Data;
if the subject of personal data revokes consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.
1.6.2. The Operator is obliged to:
organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
notify the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this body of the necessary information within 10 working days from the date of receipt of such a request. This period may be extended, but not more than by five working days. To do this, the Operator must send Roskomnadzor a reasoned notice indicating the reasons for extending the period for providing the requested information;
in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation, including informing it of computer incidents that entailed the illegal transfer (provision, distribution, access) of personal data.
1.7. Basic rights of the personal data subject. The personal data subject has the right to:
Receive information regarding the processing of his personal data, except for cases stipulated by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and it must not contain personal data related to other personal data subjects, except for cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
Require the Operator to clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect his rights;
Appeal to Roskomnadzor or in court against the illegal actions or inaction of the Operator when processing his personal data.
1.8. Control over compliance with the requirements of this Policy is carried out personally by the Operator.
1.9. Liability for violation of the requirements of the legislation of the Russian Federation and regulations in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. Purposes of collecting personal data
2.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed.
2.2. Only personal data that meets the purposes of their processing are subject to processing.
2.3. The Operator processes personal data for the following purposes:
2.3.1. Identification of the party within the framework of agreements and contracts with the Site, platform, messenger, social networks and the Operator.
2.3.2. Providing the user with personalized services, rights to use RIA, services, and other values.
2.3.3. Communication with the user, including sending notifications, requests and information regarding the use of the Site, platform, messenger in terms of providing services/acquiring rights to use RIA, as well as processing requests and applications from the user.
2.3.4. Improving the quality of the Site, platform, messenger, ease of use, developing new services/RIA.
2.3.5. Targeting educational materials/services, various RIA.
2.3.6. Conducting statistical and other research based on the provided data.
2.3.7. Conclusion, execution and termination of civil contracts with individuals, legal entities, sole proprietors and other persons, in cases stipulated by applicable law.
2.3.8. Detection, prevention, mitigation of consequences and investigation of fraudulent or other illegal actions against the Operator.
3. Legal grounds for processing personal data
3.1. The legal basis for processing personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
The Constitution of the Russian Federation;
The Civil Code of the Russian Federation;
other regulatory legal acts governing relations related to the activities of the Operator.
3.2. The legal basis for processing personal data is also:
an offer agreement concluded between the Operator and the subject of personal data;
the consent of the subject of personal data to the processing of their personal data.
4. The volume and categories of personal data processed,
categories of subjects of personal data
4.1. The content and volume of personal data processed must correspond to the stated purposes of processing, stipulated in Section 2 of this Policy. The personal data processed must not be excessive in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. The Operator's clients (individuals):
last name, first name, patronymic;
date and place of birth;
passport details;
registration address at the place of residence;
contact details;
bank account number;
other personal data provided by clients and counterparties (individuals), necessary for the conclusion and execution of contracts.
4.2.5. Representatives of the Operator's clients (legal entities):
last name, first name, patronymic;
passport details;
contact details;
other personal data provided by representatives of clients, necessary for the conclusion and execution of contracts.
4.3. The Operator processes biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his or her identity can be established) in accordance with the legislation of the Russian Federation.
5. Procedure and conditions for processing personal data
5.1. The Operator processes personal data in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of personal data subjects to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Russian Federation.
5.3. The Operator carries out both automated and non-automated processing of personal data.
5.4. The processing of personal data is carried out by:
receiving personal data in oral and written form directly from personal data subjects;
receiving personal data from publicly available sources;
entering personal data into the Operator's information systems;
using other methods of processing personal data.
5.5. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is prohibited, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the subject of personal data for distribution is drawn up separately from other consents of the subject of personal data to the processing of his personal data.
5.6. The operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
identifying threats to the security of personal data during their processing;
adopting local regulations and other documents governing relations in the field of processing and protecting personal data;
appointing persons responsible for ensuring the security of personal data;
creating the necessary conditions for working with personal data;
organizing the accounting of documents containing personal data;
organizing work with information systems in which personal data are processed;
stores personal data under conditions that ensure their safety and exclude unauthorized access to them.
5.7. The operator stores personal data in a form that allows identifying the subject of personal data, for no longer than required by the purposes of processing personal data, unless the storage period of personal data is established by federal law, agreement, consent.
5.8. When collecting personal data, including via the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.
6. Updating, correcting, deleting, destroying
personal data and terminating their processing,
responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the personal data subject or his representative within 10 working days from the date of the request or receipt of the request from the personal data subject or his representative. This period may be extended, but not more than by five working days. To do this, the Operator should send the personal data subject a reasoned notice indicating the reasons for extending the period for providing the requested information.
The request must contain:
the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the said document and the issuing authority;
information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
the signature of the personal data subject or his representative.
The Operator provides the information specified in Part 7 of Article 14 of the Law on Personal Data to the personal data subject or his representative in the form in which the relevant request or appeal was sent, unless otherwise specified in the request or appeal.
If the request (appeal) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
The right of the personal data subject to access his personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the personal data subject's access to his personal data violates the rights and legitimate interests of third parties.
6.2. In the event that inaccurate personal data is discovered upon an appeal by the personal data subject or his representative or at their request or at the request of Roskomnadzor, the Operator blocks the personal data related to this personal data subject from the moment of such appeal or receipt of the specified request for the verification period, if blocking the personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
In the event that the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data.
6.3. In the event of detection of unlawful processing of personal data upon request (application) of the personal data subject or his/her representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data related to this personal data subject from the moment of such application or receipt of the request.
6.4. If the Operator, Roskomnadzor or another interested party discovers an unlawful or accidental transfer (provision, distribution) of personal data (access to personal data) that has resulted in a violation of the rights of personal data subjects, the Operator:
within 24 hours - notifies Roskomnadzor of the incident that has occurred, the presumed causes that resulted in the violation of the rights of personal data subjects, the presumed harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
within 72 hours - notifies Roskomnadzor of the results of the internal investigation of the identified incident and provides information about the persons whose actions caused it (if any).
6.5. Upon achieving the goals of personal data processing, as well as in the event of the personal data subject's withdrawal of consent to their processing, the personal data are subject to destruction, unless:
otherwise provided by the agreement to which the personal data subject is a party, beneficiary or guarantor;
the operator has no right to carry out processing without the consent of the personal data subject on the grounds stipulated by the Personal Data Law or other federal laws;
otherwise not provided by another agreement between the Operator and the personal data subject.
6.6. If the personal data subject applies to the Operator with a request to terminate the processing of personal data within a period not exceeding 10 working days from the date of receipt by the Operator of the relevant request, the processing of personal data is terminated, except for cases stipulated by the Personal Data Law. The specified period may be extended, but not more than by five working days. To this end, the Operator must send the personal data subject a reasoned notice indicating the reasons for the extension of the period.
7. Dispute Resolution
7.1. If no agreement is reached, the dispute will be referred to the judicial authority at the Operator's place of registration in accordance with the current legislation of the Russian Federation.
7.2. The current legislation of the Russian Federation shall apply to this Policy on the processing of personal data and the relations between the personal data subject and the Operator.
8. Additional conditions
8.1. The Operator has the right to make changes to this Policy on the processing of personal data without the consent of the personal data subjects. This document will reflect any changes to the Operator's personal data processing policy. The Policy is valid indefinitely until it is replaced by a new version.
8.2. The new version of the Personal Data Processing Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Policy.
8.3. The invalidity of individual provisions of this Policy, if such is recognized by a decision of a court or other authorized state body, does not entail its invalidity as a whole.
9. Operator details
IP Gruzdeva Polina Vitalievna
INN 772790821587
info@nereta.store
