POSITION
on the processing and protection of personal data (privacy policy)
(as of 01.01.21)
1.1. This Regulation on the processing and protection of personal data in the project of Confectionery Masterpieces LLC TIN: 3827066123, PSRN: 1213800014911 (hereinafter referred to as the Regulation) was developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as the Federal Law “On Personal Data”) and regulatory legal acts of the Russian Federation adopted in accordance with them .
1.2. The purpose of developing this Regulation is to determine the procedure for collecting, recording, systematizing, accumulating, storing, clarifying (updating, changing), extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying personal data processed by LLC " Confectionery Masterpieces (hereinafter referred to as the Project, Operator) when providing services.
1.3. This Regulation applies to all Project sites that contain links to this Regulation, regardless of how they are used or accessed, including access from mobile devices, including: nataly-school.ru, including all subdomains (hereinafter referred to as the Site).
1.4. By these Regulations, the recipient of the Operator's services or the visitor of the Site as a subject of personal data is notified and agrees to the objective need that arises during the operation of the Site and the receipt of the Operator's services to allow access to their personal data for the Operator's software and third parties (partners or service providers of the Operator). This access is provided solely for the purposes defined by these Regulations (clause 3.1.1.).
1.5. In case of disagreement of the subject of personal data in whole or in part with the terms of this Regulation, the use of the Site and its services must be immediately terminated.
2. Composition of personal data
2.1. The Project processes personal data of individuals who have purchased the Project's training course (or other paid service), as well as subscribed to an e-mail or SMS mailing list through the appropriate subscription forms on the Project Website.
2.2. List of personal data processed in the Project: - first name, last name, patronymic; - e-mail address (e-mail); - cell phone number; - residence address. In addition to the information specified in this paragraph, the Operator also registers data on purchases made by the subject of personal data in the Project.
2.3. The Project website uses cookies (Cookies) and data about visitors from traffic statistics services (IP address; information from cookies, information about the browser, access time to the site, address of the page on which the ad block is located, referrer (address of the previous page) and others data).
With the help of this data, information is collected about the actions of visitors on the site in order to improve its content, improve the functionality of the site and, as a result, create high-quality content and services for visitors.
The subject of personal data can at any time change the settings of his browser so that all cookies are blocked or notifications are made about their sending. At the same time, the subject must understand that some functions and services of the Project will not be able to work properly.
2.4. The Operator does not intentionally process personal data of minors. The Contractor recommends using the site to persons over 18 years of age. Responsibility for the actions of minors, including their purchase of services on the Site, lies with the legal representatives of minors. All visitors under the age of 18 are required to obtain permission from their legal representatives before providing any personal information about themselves.
If the Operator becomes aware that he has received personal information about a minor without the consent of legal representatives, then such information will be deleted as soon as possible.
3.1 General requirements for the processing of personal data
3.1.1. The processing of personal data in the Project is carried out for the following purposes:
a) for the proper execution of the contract for the provision of paid services for the training program purchased by the Project client (for the selected package of services), or other paid services of the Operator, including by email and sms mailing to the email and phone number indicated by the relevant subject of personal data when payment for the Operator's services;
b) to identify the subject of personal data;
c) to improve and personalize the services of the Project;
d) to provide advertising and marketing materials of the Project, including through email and sms mailings to the email and phone number specified by the relevant subject of personal data when filling out the subscription (purchase) forms on the Operator's website;
e) to detect, prevent, mitigate and investigate fraudulent or illegal
actions against the Operator.
3.1.2 Only those personal data that meet the purposes of their processing are subject to processing (clause 3.1.1.). Personal data cannot be used for the purpose of causing property and moral damage to the subjects of personal data.
3.2. Receiving personal data
3.2.1. The processing of personal data in the Project is carried out for the period necessary to fulfill the purposes for which they were collected, in any legal way, including in personal data information systems using automation tools or without using such tools (mixed processing) via the Internet.
3.2.2. All personal data is provided (collected) directly from the subject of personal data.
The subject independently decides on the provision of his personal data and agrees to their processing by the Project freely, of his own free will and in his own interest.
3.2.3. The consent specified in clause 3.2.2 of this Regulation also means the consent of the subject to transfer to third parties, to entrust the processing of his personal data to third parties, the consent of the subject to cross-border data transfer via the Internet (when such transfer is necessary for the effective provision of services by the Project or necessary to achieve other goals established by these Regulations), as well as to receive email and sms mailings within the framework of the paid services agreement concluded with the Operator or to receive advertising and marketing materials of the Project.
At the same time, under the cross-border transfer of data, the Parties mean the transfer of data to third parties both in countries with an adequate level of data protection, and not related to such countries. In any case, the necessary level of protection of personal data is provided by the Operator by complying with the conditions specified in clause 3.4 of these Regulations.
3.2.4. Consent to the processing of personal data is provided when filling out special subscription forms on the Operator's website, when making an application for the conclusion of the relevant service agreement (acceptance of a public offer) or directly when making payment for services under the specified agreement (acceptance of a public offer) by putting a "tick" in a special "checkbox" "I agree to the processing of my personal data." In this case, a separate written consent is not required.
3.2.4. For the convenience of using the Site or receiving the services of the Operator, personal data can be obtained automatically using special software, including from third parties (for example, social networks) with notification of the subject of personal data before sending a request for their receipt in this way and for which goals.
3.2.5. Consent to the processing of personal data can be withdrawn by the subject of personal data at any time by contacting the Project support service by email. address: support@nataly-school.ru.
In this case, in the event of withdrawal of consent to the processing of personal data:
- The Project does not guarantee that, in the event of such a request, the Project's services, which have not yet been rendered at the time of receipt of the said feedback, will be properly rendered.
- Deleted data may be stored on third party systems: caches, search engines, interconnected proxy servers, etc.
3.3. Rights and obligations of the parties in the processing of personal data
3.3.1. Subjects of personal data are obliged to provide the Project with only reliable personal data and promptly report changes in their personal data. At the same time, the Operator does not verify the accuracy of personal data, and does not exercise control over the legal capacity of personal data subjects, and proceeds from the fact that the subject provides reliable and sufficient personal information on the issues proposed in the registration (subscription, payment) form, and maintains this information in up to date.
The risk of providing false personal data is borne by the subject of personal data.
3.3.2. Each subject of personal data has the right: - to receive full information about their personal data and to free free access to their personal data, except as otherwise provided by applicable law; - to receive information regarding the processing of his personal data, - to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights; - other rights provided for by the legislation of the Russian Federation.
3.3.3. The subject of personal data has the right to make the necessary changes to the personal data specified during registration on the Site by sending an appropriate application to the Project support service support@nataly-school.ru or independently in the personal account in the closed section of the Site (the corresponding server
isa) used by the Operator for data processing.
3.3.4. The project is obliged to provide the subject of personal data free of charge with the opportunity to get acquainted with the personal data relating to this subject, as well as to make the necessary changes to them when the subject of personal data provides information confirming that the personal data is incomplete, outdated, inaccurate or illegally obtained. The Operator is obliged to notify the subject or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the personal data of this subject were transferred.
3.3.5. Consideration of the request of the subject regarding his personal data is carried out by the Operator within 30 (thirty) calendar days from the date of such request, unless another period is established by these Regulations.
At the same time, all correspondence on such requests is carried out through the Project support service by sending messages to the email address of the subject of personal data specified when contacting.
3.4. Transfer of personal data
3.4.1. For the purpose of efficient processing of personal data, proper execution of the agreement concluded between the Operator and the subject of personal data, the Project has the right to entrust the processing of personal data to other legal entities or individuals on the basis of an agreement (hereinafter referred to as the Project's instruction), including through cross-border data transmission via the Internet. At the same time, a separate consent of the subject of personal data for such a transfer is not required.
The person processing personal data on behalf of the Project is obliged to comply with the principles and rules for the processing of personal data provided for by the legislation of the Russian Federation on personal data and is responsible for violation of the confidentiality of such data that occurred through his fault.
3.4.2. Transfer of personal data of subjects with whom it interacts
The Project is carried out only for the proper fulfillment of obligations under the concluded contracts (agreements), under which the Project and these entities interact.
3.4.3. When transferring the personal data of the subject, the Operator is obliged to warn the persons receiving the personal data of the subjects that these data can be used only for the purposes for which they are reported, and require these persons to ensure the confidentiality of the received personal data.
3.5. Storage of personal data
3.5.1. The storage of personal data is carried out in electronic form in the relevant information systems of personal data placed in databases on the territory of the Russian Federation.
3.5.2. The storage of personal data is carried out in a form that allows you to determine the subject of personal data in a timeframe that ensures compliance with and achievement of the purposes of processing personal data established by this Regulation.
3.5.2. The storage of personal data is carried out with access restriction, including by creating appropriate access levels.
3.5.3. Personal data contained in different electronic databases and processed for different purposes are stored separately.
3.6. Termination of processing and destruction of personal data
3.6.1. In case of revealing inaccurate personal data when contacting a personal data subject, the Project is obliged to block personal data related to this personal data subject from the moment of such a request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
3.6.2. If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the subject of personal data, is obliged to clarify personal data within 7 (seven) working days from the date of submission of such information and remove the blocking of personal data.
3.6.3. In case of detection of illegal processing of personal data carried out by the Project, the latter, within a period not exceeding 3 (three) working days from the date of this detection, is obliged to stop the illegal processing of personal data. If it is impossible to ensure the legality of the processing of personal data, the Project, within a period not exceeding 10 (ten) working days from the date of detection of illegal processing of personal data, is obliged to destroy such personal data. The Project is obliged to notify the subject of personal data about the elimination of the violations committed or the destruction of personal data.
3.6.4. In the event that the subject of personal data withdraws consent to their processing, the Project is obliged to stop processing them and, if the storage of personal data is no longer required for the purposes of processing personal data, destroy personal data within a period not exceeding thirty working days from the date of receipt of the said withdrawal.
3.6.5. The project has the right to continue using personal data about the subject after considering the withdrawal of consent to their processing, ensuring the depersonalization of such information.
3.6.6. The operator sends a notification about the results of consideration of the requests of personal data subjects specified in this section through the support service support@nataly-school.ru by sending messages to the email of the personal data subject specified in the request.
4. Protection of personal data
4.1. When processing personal data, the Project takes the necessary legal, organizational and technical measures to prevent unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions in relation to personal data.
4.2. Ensuring the security of personal data is achieved, in particular:
- evaluation of the effectiveness of measures to ensure the security of personal data before the use of such measures;
- detection of facts of unauthorized access to personal data and taking measures to eliminate them and prevent repetition;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
- checking the availability in the contracts concluded in the Project, and including, if necessary, clauses on ensuring the confidentiality of personal data in the contracts;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
4.3. Third parties who have received access to personal data on behalf of
Operator, undertake to take the necessary organizational and technical measures to ensure the confidentiality of such information on their personal device, from which they process personal data.
5. Responsibility for disclosure of confidential information containing personal data
5.1. Third parties who have gained access to the personal data of the subjects of personal data of the Project and are guilty of violating their confidentiality shall be liable in accordance with the procedure established by the legislation of the Russian Federation, including in accordance with the agreements concluded with the Operator, under which such access was provided.
5.2. The operator is not responsible for the possible misuse of personal data and causing any damage to the subject of personal data that occurred as a result of:
- technical problems in software and hardware
and networks beyond the control of the Operator;
- in connection with the intentional or unintentional use of the Operator's Website,
for their intended purpose by third parties;
- failure to ensure the confidentiality of access passwords or intentional transfer of access passwords, other information from the Site by the subject of personal data when receiving the services of the Operator (using the Site) to other persons who do not have access to this information; - illegal actions of third parties to access the Site data, incl. personal data.
5.3. The Operator is not responsible for the processing of personal data of third parties that the recipient of the Operator's services reported as their own. In this case, the recipient of the Operator's services, who provided false data, bears the risk of being held liable.
5.4. The Operator does not control and is not responsible for the processing of information by third-party websites, to which the subject of personal data can follow the links available on the Operator's Website.
6. Dispute Resolution
6.1. Before going to court with a claim on disputes arising from the relationship between the subject of personal data and the Operator, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
6.2 The recipient of the claim, within 30 (thirty) calendar days from the date of receipt of the claim, notifies the claimant in writing of the results of the consideration of the claim.
6.3. If an agreement is not reached, the dispute will be referred to the judicial authority at the place of registration of the Operator in accordance with the current legislation of the Russian Federation.
6.4. The current legislation of the Russian Federation applies to this Privacy Policy and the relationship between the subject of personal data and the Operator.
7. Additional terms
7.1. The operator has the right to make changes to this Privacy Policy without the consent of the subjects of personal data.
7.2. The new Privacy Policy comes into force from the moment it is posted on the site, unless otherwise provided by the new version of the Privacy Policy.
7.3. Suggestions and comments for making changes to the Privacy Policy should be sent to support@nataly-school.ru.
7.4. The invalidity of certain norms of this Regulation, if such is recognized by a decision of a court or other authorized state body, does not entail its invalidity as a whole.
7.5. When using the processing of personal data, the Operator does not specifically checks for the existence of a special regime for the processing of personal data established by the legislation of the countries whose jurisdiction includes individual recipients of the Operator's services or persons who have provided their data in the subscription form on the Site. If the personal data subject is a resident of a state with a special personal data protection regime, for example, in the European Economic Area (EEA), and accesses the Site from European countries, the Operator takes all reasonable measures to ensure compliance with such requirements of personal data protection legislation established by the respective state. To do this, the subject of personal data is obliged to notify the Operator of the existence of a special regime for the protection of his personal data by contacting the support service at support@nataly-school.ru.
8. Details of the Operator
Name: LLC «Confectionery Masterpieces»
Legal address: 664038, Irkutsk district, Molodezhny settlement, st. Country 10V
TIN: 3827066123
PSRN: 1213800014911
Settlement account: 40702810802500103882
Correspondent account: 30101810845250000999
BIC: 044525999
Name of the bank: POINT OF PJSC BANK «FC OTKRITIE»
E-mail: support@nataly-school.ru