Privacy Policy
PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA OF VISITORS TO THE CROOKED-ARMS.RU WEBSITE
1. General Provisions
1.1. This Privacy Policy regarding the processing of personal data (hereinafter - the Policy) is prepared in accordance with clause 2, part 1, article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 (hereinafter - the Law) and defines the position of the Website Administration (hereinafter - the Website Administration) in the field of processing and protection of personal data (hereinafter - Data), observance of the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.
2. Scope of Application
2.1. This Policy applies to Data obtained both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of Data, as well as caring about compliance with the constitutional rights of citizens of the Russian Federation and citizens of other states, the Website Administration ensures reliable protection of Data.
3. Definitions
3.1. Data means any information relating to a directly or indirectly identified or identifiable individual, i.e., such information includes, in particular: surname, first name, patronymic, email address, location, link to personal website or social networks, IP address.
3.2. Processing of Data means any action (operation) or set of actions (operations) with Data performed using automation tools and/or without the use of such means. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.
4. Legal Basis and Purposes of Data Processing
4.1. Processing and ensuring the security of Data by the Website Administration is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other federal laws of the Russian Federation that determine the cases and features of Data processing, guiding and methodological documents of FSTEC of Russia and FSB of Russia.
4.2. The subjects of Data processed by the Website Administration are:
4.2.1. Users and visitors of the website https://crooked-arms.ru/, owned by the Website Administration, including for the purpose of placing an order on the Website https://crooked-arms.ru/.
4.3. The Website Administration processes Data of subjects for the following purposes:
4.3.1. performance of functions, powers and duties assigned to the Website Administration by the legislation of the Russian Federation in accordance with federal laws,
4.3.2. Users for the purposes of:
4.3.2.1. - providing information about goods/services, ongoing promotions and special offers;
4.3.2.2. - analyzing the quality of the service provided and improving the quality of customer service;
4.3.2.3. - informing about the order status;
4.3.2.4. - execution of the contract, including the contract of sale, including concluded remotely on the Website, paid provision of services; provision of services, as well as accounting for services provided to consumers for mutual settlements;
4.3.2.5. - delivery of the ordered Product to the User who placed an order on the Website, return of goods.
5. Principles and Conditions of Data Processing
5.1. When processing Data, the Website Administration adheres to the following principles: Data processing is carried out on a lawful and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data upon request of authorized state bodies, legal proceedings; determination of specific lawful purposes before the start of processing (including collection) of Data; only those Data that are necessary and sufficient for the stated purpose of processing are collected; combining databases containing Data, the processing of which is carried out for incompatible purposes is not allowed; Data processing is limited to achieving specific, predetermined and lawful purposes; processed Data are subject to destruction or depersonalization upon achievement of processing purposes or in case of loss of the need to achieve these purposes, unless otherwise provided by federal law.
5.2. The Website Administration may include Data of subjects in publicly available sources of Data, while the Website Administration takes written consent of the subject to process his Data, or by expressing consent through the website form (checkbox), by clicking which the personal data subject expresses his consent.
5.3. The Website Administration does not process Data relating to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including professional unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which is used by the operator to establish the identity of the Data subject) is not processed by the Website Administration.
5.5. The Website Administration carries out cross-border data transfer. The Website Administration confirms that the foreign state, to whose territory personal data is transferred, ensures adequate protection of the rights of personal data subjects in accordance with the level of security determined by the Council of Europe Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data.
5.6. In cases established by the legislation of the Russian Federation, the Website Administration has the right to transfer Data to third parties (federal tax service, state pension fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The Website Administration has the right to entrust the processing of Data of Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these persons, including when agreeing with the user agreement and personal data processing policy posted on the website.
5.8. Persons processing Data on the basis of an agreement concluded with the Website Administration (operator's order) undertake to comply with the principles and rules of processing and protection of Data provided for by the Law. For each third party, the agreement defines a list of actions (operations) with Data that will be performed by the third party processing Data, the purposes of processing, the obligation of such person to maintain confidentiality and ensure Data security during their processing, requirements for the protection of processed Data in accordance with the Law are specified.
5.9. In order to fulfill the requirements of its contractual obligations, Data processing in the Website Administration is carried out both using and without using automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Website Administration is prohibited from making decisions based solely on automated Data processing that give rise to legal consequences in relation to the Data subject or otherwise affect his rights and legitimate interests.
6. Rights and Obligations of Data Subjects, as well as the Website Administration in terms of Data Processing
6.1. The subject whose Data is processed by the Website Administration has the right:
6.1.1. to receive from the Website Administration:
6.1.1.1. confirmation of the fact of Data processing and information about the availability of Data relating to the relevant Data subject;
6.1.1.2. information about the legal basis and purposes of Data processing;
6.1.1.3. information about the methods of Data processing used by the Website Administration;
6.1.1.4. a list of processed Data relating to the Data subject, and information about the source of their receipt;
6.1.1.5. information about the terms of Data processing, including the terms of their storage;
6.1.1.6. information about the procedure for exercising the rights by the Data subject;
6.1.1.7. other information provided for by the Law or other regulatory legal acts of the Russian Federation;
6.1.2. to require from the Website Administration:
6.1.2.1. clarification of their Data, their blocking or destruction if the Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
6.1.2.2. to withdraw their consent to Data processing at any time; to require the elimination of unlawful actions of the Website Administration in relation to their Data;
6.1.3. to protect their rights and legitimate interests, including compensation for damages and/or compensation for moral damage in court.
6.2. The Website Administration in the process of Data processing is obliged:
6.2.1. to provide the Data subject with information upon his request regarding the processing of his personal data, or to provide a refusal on legal grounds within thirty days from the date of receipt of the request from the Data subject or his representative;
6.2.2. to explain to the Data subject the legal consequences of refusing to provide Data, if the provision of Data is mandatory in accordance with federal law;
6.2.3. to take necessary legal, organizational and technical measures or ensure their adoption to protect Data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data;
6.2.4. to publish on the Internet and ensure unlimited access using the Internet to the document defining its policy regarding Data processing, to information about the implemented requirements for Data protection;
6.2.5. to provide Data subjects and/or their representatives with the opportunity to familiarize themselves with the Data free of charge when applying with a corresponding request within 30 days from the date of receipt of such a request;
6.2.6. to block unlawfully processed Data relating to the Data subject, or ensure their blocking (if Data processing is carried out by another person acting on behalf of the Website Administration) from the moment of application or receipt of a request for the period of verification, in case of detection of unlawful Data processing upon application of the Data subject or his representative or upon request of the Data subject or his representative or the authorized body for the protection of the rights of personal data subjects;
6.2.7. to clarify Data or ensure their clarification within 7 working days from the date of submission of information and remove the blocking of Data, in case of confirmation of the fact of inaccuracy of Data on the basis of information submitted by the Data subject or his representative;
6.2.8. to stop unlawful Data processing or ensure the termination of unlawful Data processing;
6.2.9. to stop Data processing or ensure its termination and destroy Data or ensure their destruction upon achievement of Data processing purposes, unless otherwise provided by the contract, the party to which, the beneficiary or guarantor of which is the Data subject, in case of achievement of Data processing purposes;
6.2.10. to stop Data processing or ensure its termination and destroy Data or ensure their destruction in case of withdrawal by the Data subject of consent to Data processing, if the Website Administration is not entitled to process Data without the consent of the Data subject;
7. Data Protection Requirements
7.1. The Website Administration, when processing Data, takes necessary legal, organizational and technical measures to protect Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.
7.2. Such measures in accordance with the Law, in particular, include:
7.2.1. appointment of a person responsible for organizing Data processing, and a person responsible for ensuring Data security;
7.2.2. development and approval of local acts on Data processing and protection;
7.2.3. application of legal, organizational and technical measures to ensure Data security:
7.2.4. determination of threats to Data security during their processing in personal data information systems;
7.2.5. application of organizational and technical measures to ensure Data security during their processing in personal data information systems, necessary to meet Data protection requirements;
7.2.6. application of information protection tools that have passed the conformity assessment procedure in the prescribed manner;
7.2.7. assessment of the effectiveness of measures taken to ensure Data security before putting the personal data information system into operation;
7.2.8. accounting of machine media of Data, if Data storage is carried out on machine media;
7.2.9. detection of facts of unauthorized access to Data and taking measures to prevent such incidents in the future;
7.2.10. restoration of Data modified or destroyed as a result of unauthorized access to them;
7.2.11. establishment of rules for access to Data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with Data in the personal data information system.
7.2.12. control over measures taken to ensure Data security and the level of protection of personal data information systems;
7.2.13. assessment of damage that may be caused to Data subjects in case of violation of Law requirements, the ratio of the specified damage and measures taken by the Website Administration aimed at ensuring the fulfillment of obligations provided for by the Law;
7.2.14. compliance with conditions that exclude unauthorized access to material media of Data and ensure Data safety;
8. Terms of Data Processing (Storage)
8.1. The terms of Data processing (storage) are determined based on the purposes of Data processing, in accordance with the term of the contract with the Data subject, requirements of federal laws, requirements of Data operators, on whose behalf the Website Administration processes Data, basic rules for the operation of organization archives, limitation periods.
8.2. Data, the processing (storage) period of which has expired, must be destroyed. Storage of Data after termination of their processing is allowed only after their depersonalization.
9. Procedure for Obtaining Clarifications on Data Processing Issues
9.1. Persons whose Data is processed by the Website Administration can obtain clarifications on issues of processing their Data by contacting the Website Administration through the feedback form.
10. Features of Processing and Protection of Data Collected by the Website Administration Using the Internet
10.1. The Website Administration processes Data received from users of the Website from the resource: https://crooked-arms.ru/ (hereinafter together - the Website) and when directly proceeding to place an Order.
10.2. Data Collection
There are two main ways in which the Website Administration receives Data using the Internet:
10.2.1. Data Provision (independent data entry):
10.2.1.1. surname
10.2.1.1. first name
10.2.1.1. patronymic
10.2.1.1. email address
10.2.1.1. link to personal website or social networks
10.3. Automatically Collected Information
The Website Administration may collect and process information that is not personal data:
10.3.1. location determination
10.3.2. IP address
10.3.3. information about Users' interests on the Website based on search queries entered by Website users about goods sold and offered for sale in order to provide relevant information to users when using the Website, as well as generalization and analysis of information about which sections of the Website and goods are in greatest demand among Website customers;
10.3.4. processing and storage of search queries of Website users in order to generalize and create customer statistics on the use of Website sections. The Website Administration automatically receives some types of information obtained in the process of interaction of users with the Website, email correspondence, etc. We are talking about technologies and services such as web protocols, cookies, web beacons, as well as applications and tools of the specified third party. At the same time, web beacons, cookies and other monitoring technologies do not make it possible to automatically receive Data. If a Website user, at his discretion, provides his Data, for example, when filling out a feedback form or when sending an email, then only then are the processes of automatic collection of detailed information launched for the convenience of using the Website and/or for improving interaction with Users.
10.4. Use of Data
The Website Administration has the right to use the provided Data in accordance with the stated purposes of their collection if there is consent of the Data subject, if such consent is required. The received Data in generalized and depersonalized form can be used to better understand the needs of buyers of goods and services sold by the Website Administration and improve the quality of service.
10.5. Data Transfer
The Website Administration may entrust Data processing to third parties exclusively with the consent of the Data subject. Also, Data may be transferred to third parties in the following cases: a) As a response to lawful requests from authorized state bodies, in accordance with laws, court decisions, etc. b) Data cannot be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining prior consent of the Data subject.
10.6. The Website contains links to other web resources where useful and interesting information for Website users may be located. At the same time, the effect of this Policy does not apply to such other websites. Users who follow links to other websites are recommended to familiarize themselves with the policies on Data processing posted on such websites.
10.7 A Website user may at any time withdraw their consent to Data processing by sending a message to the email address: bogolyubov.oleg@list.ru. After receiving such a message, the processing of the user's Data will be terminated, and his Data will be deleted, except in cases where processing may be continued in accordance with the law.
11. Final Provisions
11.1. This Policy is a local regulatory act of the Website Administration. This Policy is publicly available. The public availability of this Policy is ensured by its publication on the Website. This Policy may be revised in any of the following cases:
11.1.1. when the legislation of the Russian Federation in the field of processing and protection of personal data changes;
11.1.2. in cases of receiving instructions from competent state bodies to eliminate inconsistencies affecting the scope of the Policy;
11.1.3. by decision of the Website Administration;
11.1.4. when the purposes and terms of Data processing change;
11.1.5. when the organizational structure, structure of information and/or telecommunication systems changes (or new ones are introduced);
11.1.6. when new technologies for processing and protecting Data are applied (including transfer, storage);
11.1.7. when there is a need to change the Data processing process related to the Website's activities.
11.2. An integral part of this Policy is the Consent to the processing of personal data posted on the Website.
11.3. This Policy is in effect directly and in interconnection with the User Agreement posted on the Website.