Personal data processing policy

1. TERMS

The Policy is a document defining the Operator's policy regarding the processing of personal data.

Personal data is any information related directly or indirectly to a specific or identifiable natural person (data subject).

The operator of personal data (Operator) is a limited liability company "Pravo Prosto" (420107, Republic of Tatarstan (Tatarstan), city of Kazan, Kazan, Spartakovskaya str., 2, room. 25), OGRN: 1181690021358; TAX ID: 1660309654.

Personal data processing is an action (operation) or a set of actions (operations) with personal data, the list of which is defined by this Policy.

Provision (or transfer) of personal data is an action aimed at disclosing personal data to a certain person or a certain circle of people.

Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.

Website – a website in the information and telecommunication network "Internet", located at: https://www.pravo-prosto.ru/konstruktor .

The Client is a personal data subject who has provided his personal data to the Operator when using the Website (including through the feedback form).

Cookies are anonymized electronic files containing information in the form of letters and numbers that are downloaded to the device from which the Site is accessed. The list of Cookies used is given in section 4.3 of the Policy.

2. General provisions

2.1. In this Policy, the Operator defines the conditions for the processing of personal customer data by the Operator.

2.2. This Policy has been developed in compliance with the requirements of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" (hereinafter referred to as No. 152-FZ, the "Law on Personal Data"), in order to ensure the security and confidentiality of personal data subjects, to specify the list of data that may be requested from Customers, and There are also ways for the Operator to process such data.

2.3. This Policy is a publicly available document and, in accordance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, is published in free access on the Internet information and telecommunications network on the Website.

2.4. The current version of the Policy comes into force from the moment of its publication in accordance with clause 2.3 of the Policy and is available at the place where it is posted. The Operator has the right to make changes to the Policy. The new version of the Policy comes into force from the moment of its publication, unless the new version of the Policy provides otherwise.

2.5. By accessing and/or using the Website, personal data subjects give the Operator consent to the processing of personal data to the extent and under the conditions provided for in this Policy, including the transfer and assignment of personal data processing to persons specified in the Policy.

2.6. Personal data is processed on the territory of the Russian Federation. There is no cross-border transfer of personal data.

2.7. Personal data may be processed using automation tools or without the use of such tools.

2.8. The Policy applies to the relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

3. Purpose of processing and list of personal data

Purpose: to conduct negotiations for the further conclusion and (or) execution of the contract
Categories and list of personal data processed
General personal information:
name;
phone number;
the email address.

Categories of personal data subjects whose data is processed
by clients

Methods and terms of personal data processing
the operator collects, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers, depersonalizes, blocks, deletes, and destroys personal data in accordance with clause 4.2 of the Policy;
personal data is collected when personal data is entered in the feedback form on the Website, when personal data is sent to the Operator's email address or via messengers, when communicating verbally by phone.;
in the case of a contract with the Operator, personal data is processed during the term of the contract between the Operator and the Client, as well as for 5 years from the date of its termination, including for the purpose of re-negotiation for the conclusion of a new contract.;
in case of non-conclusion of the contract with the Operator, personal data is processed for 5 years, including for the purpose of re-negotiation.;
the personal data subject has the right to withdraw consent to the processing of personal data before the end of the processing period. The withdrawal of consent is carried out by sending such a review to the Operator's email address.

Methods and terms of personal data
storage personal data storage is carried out taking into account ensuring their confidentiality;
personal data is stored electronically in a form that makes it possible to determine the subject of personal data no longer than the purpose of personal data processing requires, unless another period of personal data storage is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor.;
personal data is stored on the territory of the Russian Federation.

The procedure for the destruction of personal data upon achievement of the purposes of their processing or upon the occurrence of other legal grounds, the destruction of personal data upon achievement of the purpose of processing or upon termination of processing is carried out in accordance with the procedure established by Section 5 of the Policy.

Purpose: to keep statistics of Site visits

Categories and list of personal data processed
Cookies

Categories of subjects of personal data, whose data is processed
by individuals (Client)

Methods and terms of personal data processing
the operator collects, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers to persons providing web analytics services specified in clause 4.3 of the Policy, depersonalizes, blocks, deletes, and destroys personal data;
collection of personal data in accordance with clause 4.3 of the Policy;
The processing is carried out within 5 years, unless the completion of the processing goal occurs later.;
the personal data subject has the right to withdraw consent to the processing of personal data before the end of the processing period. The withdrawal of consent is carried out by sending such a review to the Operator's email address.

Methods and terms
of personal data storage personal data is stored subject to ensuring their confidentiality by the persons providing the cookie collection tools specified in clause 4.3 of the Policy;
personal data is stored electronically in a form that makes it possible to determine the subject of personal data no longer than the purpose of personal data processing requires, unless another period of personal data storage is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor.;
personal data is stored on the territory of the Russian Federation.

The procedure for the destruction of personal data upon achievement of the purposes of their processing or upon the occurrence of other legal grounds
The destruction of personal data upon achieving the purpose of processing or upon termination of processing is carried out in accordance with the procedure established by Section 5 of the Policy, taking into account the specifics provided for in clause 4.3 of the Policy.

4. Conditions of personal data processing

4.1. Legal grounds for personal data processing
The Operator processes personal data in the following cases::

subject to the consent of the personal data subject to the processing of his personal data;
The processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or beneficiary.

4.2. Transfer of personal data to third parties
The Operator does not transfer Clients' personal data to third parties, except in the following cases:
The operator has the right to collect, record and store personal data through server equipment (computing power) provided by the rightholder of the Tilda platform, Nikita Valentinovich Obukhov, an individual entrepreneur (OGRNIP 309732819400022) under the following conditions: https://tilda.cc/ru/terms/; https://tilda.cc/ru/privacy/;
When using Cookies according to clause 4.3 of the Policy.

4.3.
Cookies
1) The use of Cookies on the Tilda platform.

In order to maintain statistics on Site visits, the Operator may collect, use and otherwise process Cookies through the Tilda platform (https://tilda.cc/ru/terms /), on the technological basis of which the Website operates.

Cookies are primarily received for processing, including storage, by its copyright holder, Nikita Valentinovich Obukhov (OGRNIP 309732819400022), under the following conditions: https://tilda.cc/ru/privacy/.

Cookies used: files that collect statistical data about Website page views.

2) The use of cookies when using the Yandex.Metrica analytics counter.

The Site may use the Yandex.Metrica web analytics service provided by Yandex Limited Liability Company (16 Lva Tolstogo str., Moscow, 119021, Russia; OGRN: 1027700229193, TIN: 7736207543) (hereinafter referred to as Yandex).

Information about the user's use of the Website, collected using the cookie technology, is transmitted to Yandex. Yandex processes this information to evaluate the user's use of the Site, compile reports on the Site's activities, and provide other services. Yandex processes this information in accordance with the procedure specified in the Yandex.Metrica terms of use (https://yandex.ru /).

The list of Cookies used by the Yandex.Metrica web analytics service: https://yandex.ru/support/metrica/general/cookie-usage.html .

You can opt out of the collection of cookies by the Yandex.Metrica web analytics service by selecting the appropriate settings in your browser. You can also use the tool:
https://yandex.ru/support/metrika/general/opt-out.html .

The list of information collected by the Yandex.Metrica web analytics service:
https://yandex.ru/support/metrica/code/data-collected.html .

5. Updating, correction, deletion and destruction of personal data, responding to requests from subjects for access to personal data

5.1. The personal data subject has the right to access personal data that is processed by the Operator in accordance with this Policy.

5.2. The subject of personal data may receive information about the processing of his personal data by the Operator, as well as send a request to change his personal data or to terminate their processing by sending an appeal to the Operator via the email address почты:info@pravoprosto.com .

5.3. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the personal data subject or his representative within 10 working days from the date of request or receipt of a request from the personal data subject or his representative. This period may be extended, but not for more than five business days. To do this, the Operator should send a reasoned notification to the personal data subject indicating the reasons for extending the deadline for providing the requested information.

5.4. The information provided does not include personal data related to other subjects of personal data, except in cases where there are legitimate grounds for the disclosure of such personal data.

5.5. The request must contain:
the number of the main identity document of the personal data subject or his representative, information on the date of issue of the specified document and the issuing authority.;

information confirming the personal data subject's participation in the relationship with the Operator (contract number, date of conclusion of the contract, conditional designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;

signature of the personal data subject or his representative.

The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

The operator provides the information specified in Part 7 of Article 14 of the Law on Personal Data to the personal data subject or his representative in the form in which the relevant request or request is sent, unless otherwise specified in the request or request.

If the request of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, a reasoned refusal is sent to him.

5.6. The right of a personal data subject to access his/her personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data.

5.7.
Upon achieving the purposes of personal data processing, as well as in the event that the personal data subject withdraws consent to their processing, personal data is subject to destruction, unless
otherwise provided by the agreement to which the personal data subject is a party, beneficiary or guarantor.;
The operator does not have the right to process personal data without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other federal laws.;
no other agreement is provided for between the Operator and the personal data subject.

5.8.
The personal data subject has the right to withdraw consent to the processing of personal data before the end of the processing period. The withdrawal of consent is carried out by sending such a review to the Operator's email address. info@pravoprosto.com . When a personal data subject applies to the Operator with a request to terminate the processing of personal data, the processing of personal data is terminated, except in cases provided for by law.

5.9. Personal data is destroyed by deletion from the database in accordance with the requirements established by law.

6. Personal data protection measures

6.1. The Operator shall take measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and the regulatory legal acts adopted in accordance with it.

6.2. Measures taken by the Operator to ensure the fulfillment of obligations stipulated by the Law on Personal Data:

appointment of the person responsible for the organization of personal data processing;

the publication of this Policy, which defines for each purpose of personal data processing the categories and list of personal data being processed, the categories of subjects whose personal data is being processed, the methods and timing of their processing and storage, the procedure for destroying personal data when the purposes of their processing are achieved or when other legal grounds arise, as well as local acts establishing procedures aimed at prevention and detection of violations of the legislation of the Russian Federation, elimination of consequences of such violations;

taking the necessary legal, organizational and technical measures or ensuring their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data;

implementation of internal control and (or) audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, operator's policy regarding personal data processing, Operator's local acts;

assessment of the harm in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to personal data subjects in case of violation of the Law on Personal Data, the ratio of this harm and the measures taken by the Operator aimed at ensuring compliance with the obligations provided for by the Law on Personal Data;

if there are employees, the Operator's employees who directly process personal data are familiarized with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the operator's policy on personal data processing, local acts on personal data processing, and (or) training of these employees.

6.3.
Ensuring the security of personal data is achieved, in particular:

1) identification of threats to the security of personal data during their processing in personal data information systems;

2) the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation.;

3) the use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure;

4) assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

5) taking into account the machine storage of personal data;

6) detecting the facts of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents in them;

7) recovery of personal data modified or destroyed as a result of unauthorized access to them;

8) establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;

9) control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

7. Final provisions

7.1. The Policy does not apply to Internet sites and computer programs associated with the Site. The Operator cannot influence the standards of protection and data security of Internet sites and third-party computer programs. The owners of such Internet sites and computer programs are responsible for the processing of personal data.