1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of Russian laws, including but not limited to the Constitution of the Russian Federation, international treaties of the Russian Federation, federal laws, including without limitation Federal Law No. 152-FZ "On Personal Data" of 27 July 2006, by-laws, and other federal laws of the Russian Federation governing cases and nuances of processing of said personal data, and the Articles of Association and internal policies and procedures of RPC Ltd. (hereinafter referred to as the Controller).
1.1. The Controller may process personal data in cases and on legal basis as follows:
— personal data may only be processed with the consent of the data subject given in any form whatsoever that makes it possible to confirm its receipt;
— to achieve the objectives set forth by the laws of the Russian Federation in relation to the Controller, and powers and duties thereof.
1.2. The Controller’s overarching aim and standard of operation is to protect human and civil rights and liberties whenever their personal data is processed, including but not limited to the right to personal and family privacy.
1.3. This Controller’s Personal Data Processing Policy (hereinafter referred to as the Policy) shall apply to all and any information that the Controller may receive in relation to visitors of the website kinez.ru
.2. General Concepts used in the Policy
2.1. Automated Personal Data Processing shall mean processing of personal data using computer technology.
2.2. Blocking of Personal Data shall mean temporary suspension of processing of personal data (unless processing is required to clarify personal data).
2.3. Website shall mean the aggregate of graphic and information resources together with computer programs and databases ensuring their availability on the Internet at the network address kinez.ru
2.4. Personal Data Information System shall mean the aggregate of personal data stored in the databases together with hardware and software used for the processing thereof.
2.5. Anonymization of Personal Data shall mean actions of making it impossible to establish a connection between personal data and the User, or to a specific data subject without using additional information.
2.6. Processing of Personal Data shall mean any action (operation) or a set of actions (operations) performed with personal data using automation tools or without using such tools, including but not limited to collection, recording, classification, accumulation, storage, correction (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.7. Controller shall mean a state body, municipal body, legal entity or individual independently or jointly with other persons organizing the procession of and (or) processing personal data, as well as defining the purposes of processing personal data, the scope of personal data to be processed, and actions (operations) performed with personal data.
2.8. Personal Data shall mean any information directly or indirectly relating to any specific or identifiable User of the website kinez.ru
2.9. Personal Data Authorized by Data Subject for Distribution shall mean personal data accessible to the general public through the data subject’s consent to personal data processing and authorized for distribution in accordance with the procedure stipulated by the Personal Data Law (hereinafter - personal data authorized for distribution).
2.10. User shall mean any visitor of the website kinez.ru
2.11. Provision of Personal Data shall mean actions aimed at disclosing personal data to any specific person or any specific range of persons.
2.12. Distribution of Personal Data shall mean any actions aimed at disclosing personal data to the general public (transfer of personal data) or providing personal data to the general public, including but not limited to publication of personal data in mass media, posting in information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border Transfer of Personal Data shall mean any transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual or foreign legal entity.
2.14. Destruction of Personal Data shall mean any actions that result in permanent deletion of personal data with inability of further restoration of personal data in the personal data information system and (or) destruction of physical personal data storage devices.3. General Rights and Obligations of the Controller
3.1. The Controller shall have the right to:
— obtain true and reliable personal data and/or documents containing personal data from the data subject;
— resume personal data processing without the consent of the data subject on the grounds set forth in the Personal Data Law in the event the data subject withdraws his/her consent to personal data processing;
— qualify the structure and list of measures necessary and sufficient to ensure the performance of obligations provided for by the Personal Data Law and other relevant laws and regulations at its sole and absolute discretion, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Controller shall:
— as requested by data subject, provide him/her with information related to the processing of his/her personal data;
— process personal data in accordance with the procedure set forth by the current laws of the Russian Federation;
— respond to inquiries and requests from data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
— provide relevant information to the bodies authorized with the protection of the data subject personal rights within 10 days from the date of receipt of their request;
— publish or otherwise ensure unrestricted access to this Personal Data Processing Policy;
— take legal, managerial and engineering measures and procedures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, providing, distributing and any other illegal actions with respect to personal data;
— discontinue any personal data transfer (distribution, provision, access), terminate any processing and destroy personal data as and where stipulated by the Personal Data Law;
— perform other obligations stipulated by the Personal Data Law.4. General Rights and Obligations of Data Subjects
4.1. Data subjects shall have the right to:
— get information concerning the processing of their personal data, except in cases provided for by federal laws. Information provided to data subject by the Controller shall be in accessible form, which shall not contain any personal data related to other data subjects expect in cases where there are legal grounds for disclosure of such personal data. The list of information and the procedure to get it is set forth by the Personal Data Law;
— require that the Controller keep their personal data current and updated, block or destroy it if personal data is incomplete, outdated, inaccurate, obtained illegally or is not relevant for the stated purpose of processing, as well as take measures provided by law to protect their rights;
— set forth a condition of prior consent when processing personal data in order to commercialize goods, works and services;
— withdraw their consent to personal data processing and send a demand to terminate processing of personal data;
— appeal to the body authorized for data subject protection rights, or to appeal in court against any wrongful actions or omissions of the Controller when processing their personal data;
— exercise other rights provided for by the laws of the Russian Federation.
4.2. Data subjects shall:
— provide the Controller with true and valid personal data;
— notify the Controller of any correction (update, alteration) of their personal data.
4.3. Persons who have provided the Controller with false information about themselves or other data subject without consent of the latter shall bear responsibility as set forth by the laws of the Russian Federation.5. Rules of Personal Data Processing
5.1. Personal data shall be processed on a legal and fair basis.
5.2. Personal data shall be processed in keeping with achieving legal, predetermined, specifically stated purposes. No processing of personal data incompatible with the purposes of personal data collection shall be permitted.
5.3. Databases containing personal data processed for purposes incompatible with each other shall not be merged.
5.4. Only personal data that meet the purposes of processing shall be subject to processing.
5.5. The content and scope of the processed personal data shall comply with the stated purposes of processing. Unnecessary duplication of personal data being processed in relation to the stated purposes of processing shall be prohibited.
5.6. When processing personal data, the Controller shall ensure accuracy of personal data, its sufficiency, and, where necessary, relevance in relation to the purposes of processing. The Controller shall take the necessary measures and/or ensure their application to delete or update any incomplete or inaccurate data.
5.7. Non-anonymized personal data shall be stored only as long as is required for the purposes of data processing, unless the storage period is set forth by federal law, or a contract to which the data subject is a party, beneficiary or guarantor. The processed personal data shall be destroyed or anonymized upon reaching the purposes of processing or in case it is no longer necessary to reach said purposes, unless otherwise provided by federal law.6. Purposes of Personal Data Processing
Purpose of Processing
Providing the User with access to services, information and (or) resources on the website.
family name, first name, patronymic (or middle name), passport details, date of birth, sex, phone number, e-mail address, registration address, business address, delivery address, cookie), means and details of payment, place of residence and (or) address), information received in relation to placing or processing of orders of a website User (information regarding method of delivery of goods, method and status of payment for goods, and if end recipient of goods differs from Buyer, then family name, first name, patronymic (or middle name), address of delivery and phone number of consignee.
Purpose of Processing
Types of personal data processing
Providing the User with access to services, information and (or) resources on the website.
7. Terms of Personal Data Processing
- Collection, recording, classification, accumulation, storage, destruction and anonymization of personal data.
- Sending information letters to email address, sms, push notifications etc.);
7.1. Personal data may be processed with consent of data subject to their personal data being processed.
7.2. Personal data is being processed to reach the purposes set forth by international treaty of the Russian Federation or law, and to execute functions, powers and duties assigned to the Controller by the laws of the Russian Federation.
7.3. Personal data is being processed for the course of justice, to secure the execution of a court ruling, ruling of another body or official subject to execution in accordance with the laws of the Russian Federation on enforcement proceedings.
7.4. Personal data is being processed to perform a contract to which the data subject is a party, beneficiary or guarantor, and to execute a contract at the discretion of the data subject or a contract under which the data subject is to be beneficiary or guarantor.
7.5. Personal data is being processed to exercise the rights and legitimate interests of the controller or third parties or to achieve socially significant purposes, provided that the rights and liberties of data subject are not violated.
7.6. When data to be processed is personal data accessible to the general public through the data subject’s request (hereinafter — publicly available personal data).
7.7. When data to be processed is personal data subject to publication or mandatory disclosure in accordance with federal law.8. Procedure for the collection, storage, transfer and other types of personal data processing
Personal data processed by the Controller shall be protected through a number of legal, managerial and engineering measures required to ensure full compliance with the current privacy protection laws.
8.1. The Controller shall ensure safety of personal data and shall do whatever is necessary and possible to prevent unauthorized access to personal data.
8.2. User's personal data may not for any reason whatsoever be transferred to third parties, except for cases related to enforcement of current laws or if data subject consented to transfer of data to a third party to discharge obligations under a civil law treaty.
8.3. If there are any inaccuracy of personal data, User may update it by his/he own discretion providing the Controller with a notice at firstname.lastname@example.org titled “Updating of Personal Data.”
8.4. The term for personal data processing shall be limited by reaching the purposes for which personal data was collected, unless another term is stipulated by a contract or by current laws.
User may withdraw his/her consent to personal data processing at any time by sending a notice to the Controller via e-mail address email@example.com titled “Withdrawal of consent to personal data processing.”
8.6. Any restrictions applied by data subject to personal data transfer (other than gaining access) and to processing or terms of processing (other than gaining access) of personal data authorized for distribution, shall not apply in cases when personal data is processed for state, social and other public interests set forth by the laws of the Russian Federation.
8.7. When processing personal data, the Controller shall ensure its privacy.
8.8. The Controller shall store non-anonymized personal data only as long as is required for the purposes of data processing, unless the storage period is set forth by federal law, or a contract to which the data subject is a party, beneficiary or guarantor.
8.9. Personal data shall no longer be processed when achieving the goals of personal data processing, when the consent of the data subject expires, when the data subject withdraws his/her consent or files a claim to terminate data processing and in the event of unlawful processing of personal data.9. List of the Controller's procedures with personal data received
9.1. The Controller shall collect, record, classify, accumulate, store, correct (update, change), extract, use, transfer (distribute, provide access), anonymize, block, delete and destroy personal data.
9.2. The Controller shall apply automated personal data processing with or without the receipt and (or) transmission of information received via information and telecommunication networks.10. Cross-border Transfer of Personal Data
10.1. Prior to commencing any cross-border data transfer, the Controller shall notify a relevant authorized body for the protection of the rights of data subjects regarding its intention to transfer personal data cross-border (this notice shall be sent separately from a notice to process personal data).
10.2. Prior to filing the above-referenced notice, the Controller shall get relevant information from authorities of a foreign state, foreign individuals, and (or) foreign legal entities to which the cross-border transfer of personal data is planned.11. Privacy of Personal Data
The Controller and any other persons who got an access to personal data shall not distribute or disclose personal data without the consent of the data subject, unless otherwise provided by federal law.12. Final Provisions
12.1. Any User may contact the controller via email firstname.lastname@example.org
to get more details in relation to personal data processing.
12.2. This document will reflect any and all alterations to the Contractor’s personal data processing policy. The policy shall remain in force without limit of time until replaced by a new version.
12.3. The most recent version of the Policy is freely available on the Internet at kinez.ru https://kinez.ru/en/assent