Personal data processing agreement

PRIVACY AGREEMENT

Personal data and privacy statement of mkm.ru

We value the trust placed by users and are aware of the responsibility to protect their privacy. In particular, we inform you about what information we collect when you use the mkm.ru page, why it is necessary and how it will be used to improve the user experience.

1. Introduction.

1.1. This document defines the policy of CJSC "MKM" (hereinafter referred to as the Company) in relation to the processing of personal data (hereinafter referred to as PD).

1.2. The company is the operator of personal data and this Policy has been developed in accordance with the current legislation of the Russian Federation on personal data, namely: Law on personal data No. 152-FZ dated 27.07.06; Decree of the Government of the Russian Federation No. 1119 dated 01.11.12 "On approval of requirements for the protection of personal data during their processing in personal data information systems"; Resolution of the Government of the Russian Federation No. 687 of 15.09.08 "On approval of the Regulation on the specifics of processing personal data without using automation tools."

1.3. This Policy applies to any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of PD.

2. Principles and purposes of PD processing.

PD processing is carried out on the basis of the following principles:

1) PD processing is carried out on a legal and fair basis;

2) PD processing is limited to the achievement of specific, predetermined and legal purposes;

3) the content and volume of processed personal data correspond to the stated purposes of processing. The processed PD are not redundant in relation to the stated purposes of processing;

4) when processing PD, the accuracy of PD is ensured and their sufficiency, if necessary, and the relevance of PD in relation to the stated purposes of their processing;

5) PD storage is carried out in a form that allows the PD subject to be determined no longer than the purpose of PD processing requires, if the PD storage period is not established by law, an agreement to which the PD subject is a party, beneficiary or guarantor;

6) processed PD are subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

The purposes of PD processing are:

1) conducting marketing campaigns, promoting products and services, assessing the quality of customer service;

2) the conclusion, execution and termination of civil contracts with individuals, legal entities and other persons;

3) a message to the PD subject about the victory in the competition and the prizes won;

4) sending news and information about promotions, news and services of the Company to the PD subject;

5) personalization of the site based on the search history and views of the PD subject;

6) to contact the employees of the Company with the PD subject for the purpose of consulting on the services and goods offered by the Company;

7) issuing commercial offers, invoices, concluding contracts for the provision of services and / or sale of goods;

8) for other purposes not prohibited by applicable law.

3. Conditions for PD processing.

3.1 PD processing is carried out in compliance with the principles and rules established by the Law on Personal Data. PD processing is carried out in the following cases:

1) PD processing is carried out with the consent of the PD subject to the processing of his PD;

2) PD processing is necessary to achieve the goals provided for by law, for the implementation and fulfillment of the functions, powers and duties imposed by the legislation of the Russian Federation on the operator;

3) PD processing is necessary for the execution of a contract, to which the PD subject is either a party or a beneficiary or a guarantor, as well as for concluding an agreement on the initiative of the PD subject or an agreement under which the PD subject will be a beneficiary or a surety;

4) PD processing is necessary to protect the life, health or other vital interests of the PD subject, if obtaining the consent of the PD subject is impossible;

5) PD processing is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the PD subject;

6) PD processing is carried out for statistical or other research purposes, subject to mandatory depersonalization of PD. An exception is the processing of personal data in order to promote goods, works, services on the market by making direct contacts with a potential consumer using communication means;

7) PD processing is carried out, access to an unlimited number of persons, to which the PD subject is provided or at his request.

3.2. The Company may include PD of subjects in publicly available sources of PD, while the Company takes the subject's written consent to the processing of his PD.

3.3. The company carries out cross-border transfer of PD only to the territory of foreign states that provide adequate protection of the rights of PD subjects.

3.4. Making decisions based solely on automated processing of personal data that generate legal consequences in relation to the subject of personal data or otherwise affecting his rights and legitimate interests is not carried out.

3.5. In the absence of the need for the subject's written consent to the processing of his PD, the consent of the subject may be given by the PD subject or his representative in any form that allows the receipt of the fact of its receipt.

3.6. The Company undertakes and obliges other persons who have gained access to PD not to disclose to third parties and not to distribute PD without the consent of the PD subject, unless otherwise provided by federal law.

3.7. When filling out the feedback form on the Company's website, it is recognized that the PD subject has given his consent to the processing of the personal data provided by him.

4. Obligations of the Company.

In accordance with the requirements of the Law on Personal Data, the Company is obliged to:

1) provide the PD subject, upon his request, with information regarding the processing of his PD, or legally provide a refusal within 30 days from the date of receipt of the request from the PD subject or his representative;

2) at the request of the PD subject, clarify, block or delete the processed PD if the PD is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing within a period not exceeding 7 working days from the date the PD subject or his representative provides the information confirming these facts;

3) notify the PD subject of the PD processing if the PD was not received from the PD subject. The exceptions are the following cases:

- the PD subject is notified of the processing of his PD by the Company;

- PD received by the Company in connection with the performance of an agreement, the party to which is either the beneficiary or the guarantor of which the PD subject is or on the basis of federal law;

- PD are made publicly available by the PD subject or obtained from a publicly available source;

- The company processes PD for statistical or other research purposes, if this does not violate the rights and legitimate interests of the PD subject;

- providing the PD subject with the information contained in the Notification of PD processing violates the rights and legitimate interests of third parties;

4) if the purpose of PD processing is achieved, immediately stop PD processing and destroy the corresponding PD within a period not exceeding 30 days from the date of achieving the purpose of PD processing, unless otherwise provided by an agreement to which the PD subject is a party, beneficiary or guarantor, by another agreement between the Company and the PD subject, or if the Company is not entitled to process PD without the consent of the PD subject on the grounds provided for by the Law on Personal Data or other laws;

5) if the PD subject revokes his consent to the processing of his PD, stop PD processing and destroy PD within a period not exceeding thirty days from the date of receipt of the said revocation, unless otherwise provided by an agreement between the Company and the PD subject. The Company is obliged to notify the PD subject about the destruction of PD;

6) in the event of a request from the PD subject to terminate the processing of PD received in order to promote goods, works, services on the market, immediately stop processing PD.

5. Measures to ensure the security of PD during their processing.

5.1. When processing PD, the Company takes the necessary legal, organizational and technical measures to protect PD from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD.

5.2. Ensuring PD security is achieved by the following measures:

1) identification of threats to the security of PD during their processing in PD information systems;

2) the use of organizational and technical measures to ensure the security of PD during their processing in PD information systems, necessary to meet the requirements for PD protection, the implementation of which is ensured by the levels of PD security established by the Government of the Russian Federation;

3) application of procedures for assessing the conformity of information protection means that have passed in the prescribed manner;

4) assessment of the effectiveness of measures taken to ensure the safety of personal data prior to the commissioning of the information system of personal data;

5) accounting of machine carriers of personal data;

6) detection of facts of unauthorized access to personal data and taking measures;

7) restoration of PD, modified or destroyed due to unauthorized access to them;

8) control over the measures taken to ensure the security of PD and the level of security of PD information systems.

6. Rights of the PD subject.

In accordance with the Law on Personal Data, the PD subject has the right:

1) obtain information regarding the processing of personal data by the Company, namely:

- confirmation of the fact of PD processing by the Company;

- legal grounds and purposes of PD processing by the Company;

- the methods of PD processing used by the Company;

- processed PD related to the relevant PD subject, the source of their receipt, unless another procedure for submitting such data is provided for by law;

- terms of PD processing by the Company, including the terms of their storage;

- the procedure for the exercise by the PD subject of the rights provided for by the Law on Personal Data;

- information on the carried out or expected cross-border data transfer;

- other information provided for by the Law on Personal Data or other federal laws;

2) require the Company to clarify its PD, block or destroy it if PD is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;

3) withdraw consent to the processing of personal data in cases provided by law.

7. Procedure for the exercise of rights.

7.1. The application of the PD subject to the operator in order to exercise his rights established by the Law on Personal Data is carried out in writing in the prescribed form during a personal visit to the Company of the PD subject or his representative.

7.2. The response to the appeal is sent to the PD subject in writing by mail to the address specified in the appeal.

7.3. The term for the formation of a response and transfer to the post office for shipment cannot exceed 30 days from the date of receipt of the appeal by the operator.

7.4. The term for making the necessary changes to the PD, which are incomplete, inaccurate or irrelevant, cannot exceed 7 working days from the date the PD subject or his representative provides information confirming that the PD is incomplete, inaccurate or irrelevant.

7.5. The term for the destruction of PD that is illegally obtained or is not necessary for the stated purpose of processing cannot exceed 7 working days from the date the PD subject or his representative provides information confirming that PD is illegally obtained or is not necessary for the stated purpose of processing.

8. Restrictions on the rights of PD subjects.

8.1. The right of the PD subject to access his PD is limited if the provision of PD violates the rights and legitimate interests of others.

8.2. If the information regarding the processing of PD, as well as the processed PD were provided for familiarization with the PD subject at his request, the PD subject has the right to send a repeated request in order to obtain information regarding the processing of PD, and familiarize himself with such PD no earlier than 30 days after sending an initial request, unless a shorter period is established by federal law, a regulatory legal act adopted in accordance with it or an agreement to which the PD subject is either a party or a beneficiary or guarantor.

8.3. The PD subject has the right to send a repeated request to the Company in order to obtain information regarding the processing of PD, as well as in order to familiarize himself with the processed PD before the expiration of the period specified in clause 8.2 if such information and (or) processed PD were not provided to him for familiarization in full following the results of consideration of the initial request. A re-request must contain the justification for sending a re-request.

9. Changes to the Privacy Policy.

Please note that this Policy may change from time to time. We do not intend to limit the scope of your rights arising from this Privacy Policy without your explicit permission. We will post changes to the Privacy Policy on this page. If the changes are significant, we will notify you in a more explicit way.