Terms of use

1. Introduction

1.1 This document defines the policy of the IE Vladykina Ksenia Yurievna (hereinafter referred to as the Company) in relation to the processing of personal data (hereinafter referred to as PD).
1.2 This Policy has been developed in accordance with the current legislation of the Russian Federation on personal data.
1.3 This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, carried out using automation and without using such means.

 

2. Principles of processing personal data

2.1 The processing of personal data is carried out on the basis of the following principles:

  • the processing of personal data is carried out on a legal and fair basis;

  • the processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed;

  • it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;

  • only those personal data that meet the purposes of their processing are subject to processing;

    the content and volume of processed personal data correspond to the stated processing purposes. The processed personal data are not redundant in relation to the stated purposes of processing;

  • when processing personal data, the accuracy of personal data and their sufficiency is ensured;

  • storage of personal data is carried out in a form that makes it possible to determine the subject of personal data no longer than the purpose of processing personal data requires, unless the storage period of personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data are subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3. Conditions for processing personal data

3.1 The processing of personal data is carried out in compliance with the principles and rules established by the Federal Law "On Personal Data".

Personal data processing is allowed in the following cases:

  • processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;

  • the processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law, for the implementation and fulfillment of the functions, powers and duties imposed by the legislation of the Russian Federation on the operator;

  • the processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;

  • the processing of personal data is necessary for the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as for concluding an agreement on the initiative of the subject of personal data or an agreement according to which the subject of personal data will be the beneficiary or guarantor;

  • the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject, if it is impossible to obtain the consent of the personal data subject;

  • processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;

  • processing of personal data is carried out for statistical or other research purposes, subject to the mandatory depersonalization of personal data. An exception is the processing of personal data in order to promote goods, works, services on the market by making direct contacts with a potential consumer using communications, as well as for political campaigning;

  • processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data, or at his request (hereinafter - personal data made publicly available by the subject of personal data);

  • processing of personal data subject to publication or mandatory disclosure in accordance with federal law.

3.2 The Company may include the personal data of subjects in publicly available sources of personal data, while the Company takes the subject's written consent to the processing of his personal data.
3.3 Biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to establish the identity of the subject of personal data) are not processed in the Company.
3.4 Making decisions on the basis of exclusively automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affecting his rights and legitimate interests is not carried out.
3.5 In the absence of the need for the subject's written consent to the processing of his personal data, the consent of the subject may be given by the subject of personal data or his representative in any form that allows him to receive the fact of its receipt.
3.6 The company has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person (hereinafter referred to as the operator's order). At the same time, the Company in the contract obliges the person who processes personal data on behalf of the Company to comply with the principles and rules for processing personal data provided for by this Federal Law.
3.7 If the Company entrusts the processing of personal data to another person, the Company bears responsibility to the subject of personal data for the actions of this person. The person who processes personal data on behalf of the Company is responsible to the Company.
3.8 The Company undertakes and obliges other persons who have access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.

 

4. Obligations of the company

4.1 In accordance with the requirements of Federal Law No. 152-FZ "On Personal Data"

The company is obliged:

  • provide the subject of personal data, upon his request, with information regarding the processing of his personal data, or legally provide a refusal;

  • at the request of the subject of personal data, clarify the processed personal data, block or delete if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;

  • keep a Register of requests from subjects of personal data, which should record requests from subjects of personal data to obtain personal data, as well as the facts of providing personal data on these requests;

  • notify the subject of personal data about the processing of personal data in the event that the personal data was not received from the subject of personal data.

  • The exceptions are the following cases:

  • the PD subject is notified of the processing of his PD by the relevant operator;

  • PD received by the Company on the basis of federal law or in connection with the execution of an agreement to which the PD subject is a party or beneficiary or guarantor;

  • PD made by the publicly available PD subject or obtained from a publicly available source;

  • providing the PD subject with the information contained in the Notification of PD processing violates the rights and legitimate interests of third parties.

  • If the purpose of processing personal data is achieved, immediately stop processing personal data and destroy the corresponding personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by an agreement to which the subject of personal data is a party, beneficiary or guarantor , by another agreement between the Company and the subject of personal data, or if the Company is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by No. 152-FZ "On Personal Data" or other federal laws.

  • If the subject of personal data withdraws consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said revocation, unless otherwise provided by an agreement between the Company and the subject of personal data. The Company is obliged to notify the subject of personal data about the destruction of personal data.

  • In the event of a request from the subject to terminate the processing of personal data in order to promote goods, works, services on the market, immediately stop processing personal data.

5. Measures to ensure the security of personal data during their processing

5.1 When processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data ...
5.2 Ensuring the security of personal data is achieved, in particular:

  • identification of threats to the security of personal data during their processing in personal data information systems;

  • the use of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for the protection of personal data, the implementation of which is ensured by the levels of personal data protection established by the Government of the Russian Federation;

  • application of the procedure for assessing the conformity of information protection means that have passed in the prescribed manner;

  • assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

  • taking into account machine carriers of personal data;

  • detection of facts of unauthorized access to personal data and taking measures;

  • restoration of personal data modified or destroyed due to unauthorized access to them;

  • establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;

  • control over the measures taken to ensure the security of personal data and the level of security of information systems of personal data.

  • Авторизация
  • Регистрация
Авторизация
Email
Password
Recover the password

Ещё нет аккаунта?

Регистрация
Email
Password
The password again

By clicking the Register button, I consent to the processing and transfer of my personal data

Уже есть аккаунт?

stik_reset_password_modal_caption

Email
Autumn selection in your mail!

Receive an autumn capsule from Fresh Dress in the mail and get inspired for new looks

By clicking the Subscribe button, I consent to the processing and transfer of my personal data

arrow
{'!msEcommerce' | snippet}