This personal data processing policy has been drawn up in accordance with the requirements of the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) and determines the procedure for processing personal data and measures to ensure the security of personal data taken by Individual Entrepreneur Selivanova Anastasia Viktorovna INN: 665914422337 OGRNIP: 323665800239633 (hereinafter referred to as the Operator).
1.1. The operator sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The processing of personal data is carried out lawfully and fairly, acting reasonably and in good faith and based on the principles:
the legality of the purposes and methods of processing personal data;
compliance of the purposes of processing personal data with the goals predetermined and stated when collecting personal data, as well as with the powers of the Operator;
compliance of the volume and nature of the personal data processed, methods of processing personal data for the purposes of processing personal data.
1.3. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the anaselivanova.com website.
1.4. The operator may process the following personal data of individuals (hereinafter referred to as the “Subject of Personal Data”, “Subject”):
· Full Name;
· E-mail address;
· phone number;
· delivery address of the Operator’s Goods;
· data on the services provided and provided to the Personal Data Subject, including the history of the Subject’s requests;
· history of requests from the Subject of personal data, including documents sent by the Subject when contacting the Operator of the Subject’s message.
1.5. When using the Site's services, the Operator also processes other anonymized data that is automatically transmitted during the use of the Site through software installed on the computer:
· information about the browser used (or other program used to access the site);
· IP address;
· cookie data.
1.6. The Operator guarantees that organizations external to the Operator do not have access to such data that can be used by the Operator, except in cases expressly provided for by the current legislation of the Russian Federation and these Regulations, and also except for the cases specified in clause 3.7 of these Regulations. Upon receipt of personal data not specified in this section, such data is subject to immediate destruction.
1.7. The Operator processes personal data of Personal Data Subjects by maintaining databases using automated, mechanical, and manual methods for the purposes of:
· processing orders, requests or other actions of the Personal Data Subject related to visiting the Site, ordering services, including, but not limited to, services for requesting prices for goods presented in catalogs;
· in case of the expressed consent of the Personal Data Subject, in order to promote the Operator’s goods, works and services on the market, notify about ongoing promotions, events, discounts, and conduct marketing campaigns of the Operator.
· for other purposes, if the relevant actions of the Operator do not contradict the current legislation, the activities of the Operator, and the consent of the Personal Data Subject has been obtained for the said processing.
1.7.4. The data specified in clause 1.4. of this Policy are processed for the purpose of performing Site analytics, tracking and understanding the principles of use of the Site by visitors, improving the functioning of the Site, solving technical problems of the Site, developing new products, expanding services, identifying the popularity of products and determining the effectiveness of advertising campaigns; ensuring security and preventing fraud, providing effective customer support.
1.8. The operator processes personal data by performing any action (operation) or set of actions (operations), including the following:
clarification (update, change);
transmission (distribution, provision, access);
1.9. When making payments, the personal information provided by the Subject (name, address, phone number, e-mail, bank card number) is not stored on the Operator’s Web server and is provided only to the partner bank. No information about payments, except for notification of payment, is transmitted by the Operator's partner bank. The security of payment processing, including Internet payments, is guaranteed by partner banks. All resources of partner banks comply with PCI DSS security standards and have all the necessary permits and certificates.
2. Collection, use and disclosure of personal data
2.1. The Operator receives and begins processing the Subject’s personal data from the moment of receiving his consent.
Consent to the processing of personal data can be given by the Personal Data Subject in any form that allows confirming the fact of receipt of consent, unless otherwise provided by federal law: in writing, orally or in another form provided for by current legislation, including through the performance of implied actions by the Personal Data Subject . If there is no consent of the Personal Data Subject to the processing of his personal data, such processing is not carried out.
2.2. Personal data of Personal Data Subjects is obtained by the Operator:
by personal transfer by the Subject of personal data when entering information into accounting forms in electronic form on the Site;
by personal transfer by the Subject of personal data when entering information electronically in the Operator’s messenger anaselivanova.com;
by other means that do not contradict the legislation of the Russian Federation and the requirements of international legislation on the protection of personal data.
2.3. Consent to the processing of personal data is considered to be provided through the performance by the Personal Data Subject of any action or combination of the following actions:
registration on the Operator’s Website;
placing on the Site in the appropriate form a mark indicating consent to the processing of personal data to the extent, for the purposes and in the manner provided for in the text proposed for review before obtaining consent;
communication of personal data in writing during the process of placing an order on the Site or by contacting the Operator at email@example.com.
2.4. Consent is considered received in the prescribed manner and is valid until the Personal Data Subject sends a corresponding application to terminate the processing of personal data at the location of the Operator.
2.5. The subject of personal data may at any time withdraw his consent to the processing of personal data, provided that such a procedure does not violate the requirements of the legislation of the Russian Federation. To revoke consent to the processing of personal data, the Personal Data Subject must send a message to the Operator at firstname.lastname@example.org.
If the Personal Data Subject withdraws consent to the processing of his personal data, the Operator must stop processing it or ensure the termination of such processing (if the processing is carried out by another person acting on behalf of the Operator) and in the event that the storage of personal data is no longer required for the purposes of their processing , destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding 30 (Thirty) days from the date of receipt of the said response, unless otherwise provided by the agreement to which the beneficiary or guarantor is a party under which the Personal Data Subject is, another agreement between the Operator and the Personal Data Subject, or if the Operator does not have the right to process personal data without the consent of the Personal Data Subject on the grounds provided for by Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 .or other federal laws.
2.6. If inaccuracies in personal data are identified, the User can update them by sending a message to the Operator at email@example.com.
3. Information about the implemented requirements for the protection of personal data
The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
3.1. The operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
3.3. In order to ensure the security of personal data during their processing, the Operator takes necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions against them. The operator ensures that all measures taken for the organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.
3.4. The operator applies necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including:
identification of threats to the security of personal data during their processing in personal data information systems;
application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation;
use of information security means that have passed the compliance assessment procedure in accordance with the established procedure;
assessment of the effectiveness of measures taken to ensure the security of personal data before the commissioning of the personal data information system;
accounting of computer storage media of personal data;
detecting facts of unauthorized access to personal data and taking measures;
restoration of personal data modified or destroyed due to unauthorized access to it;
carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring it to persons who do not have the right to access such information;
timely detection of facts of unauthorized access to personal data and taking the necessary measures;
preventing influence on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
3.5. In order to ensure compliance of the level of personal data protection with the requirements of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” and the Federal Law of July 27, 2006 N 149-FZ “On Information, Information Technologies and Information Protection,” the Operator does not disclose information about the specific means and measures used to ensure information security of personal data.
3.6. The Operator undertakes not to disclose information received from the Personal Data Subject. It is not considered a violation for the Operator to provide information to agents and third parties acting on the basis of an agreement with the Operator to fulfill obligations to the Personal Data Subject. There is no breach of obligation to disclose information in accordance with reasonable and applicable legal requirements.
4. Consent to receive information and advertising mailings
4.1. By leaving an Order on the Operator’s website, the Subject automatically agrees to receive newsletters/advertising information:
4.2. By giving consent specified in clause 4.1. of this Regulation, the Personal Data Subject confirms that he is acting of his own free will and in his own interests, as well as that the specified personal data is reliable.
4.3. The Subject understands that the Operator may use pixel-based retargeting on social networks for the following purposes:
to remind the Subject that he was interested in the Operator's brand/product (for example, a reminder about a special competition);
to offer to continue an action not completed on the Site (for example, pay for goods from the cart);
to exclude existing customers from the target audience of future advertising campaigns;
for the purpose of researching the audience that visits the Site.
5. Cross-border transfer of personal data
5.1. Before the start of cross-border transfer of personal data, the operator is obliged to ensure that the foreign state into whose territory it is intended to transfer personal data provides reliable protection of the rights of personal data subjects.
5.2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements can only be carried out if there is written consent of the subject of personal data to the cross-border transfer of his personal data and/or execution of an agreement to which the subject of personal data is a party.
6.1. The user can receive any clarification on issues of interest regarding the processing of his personal data by sending a message to the Operator at firstname.lastname@example.org.
6.2. This document will reflect any changes to the Operator’s personal data processing policy.
6.3. The policy is valid indefinitely until replaced by a new version. The current version of the Policy is freely available on the Internet at: anaselivanova.com/privacypolicy.