1. General Provisions
1.1. The policy for the processing of personal data (hereinafter - the Policy) determines the procedure for processing and protecting IP Smagina M.K. (hereinafter referred to as the Operator) and its affiliates information on individuals (hereinafter referred to as the Users), which can be obtained by the Operator when the User uses the services provided through the lady.decorexpro.com/en/ website and its subdomains * .lady.decorexpro.com/en/ (hereinafter referred to as the Website).
1.2. This Policy is aimed at protecting the rights and freedoms of man and citizen when the Operator processes his personal data, including the protection of the rights to privacy, personal and family secrets.
1.3. This Policy is developed in accordance with Federal Law of July 27, 2006 No. 152-ФЗ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").
1.4. The Policy applies to all personal data of Users processed by the Operator with the use of automation tools and without the use of such tools, received both before and after the approval of this Policy.
1.5. The policy contains information subject to disclosure in accordance with Part 1 of Art. 14 Federal Law “On Personal Data”.
1.6. The policy is posted on the Operator's Website at: https://lady.decorexpro.com/en/politika-obrabotki-personalnyh-dannyh, is a publicly available document and is required for review by persons transmitting personal data to the Operator through the Website.
2. Terms and definitions
Personal data - any information related to a directly or indirectly determined, or determined individual (subject of personal data).
Information - information (messages, data) regardless of the form of their presentation.
Personal data operator (operator) - a state body, municipal body, legal or natural person, independently or jointly with other persons, organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) committed with personal data.
Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data - processing of personal data using computer technology.
Providing personal data - actions aimed at the disclosure of personal data to a specific person or a certain circle of persons.
Distribution of personal data - actions aimed at the disclosure of personal data to an indefinite circle of persons.
Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to a foreign government authority, a foreign individual or a foreign legal entity.
Blocking of personal data - temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).
Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
Anonymization of personal data - actions that make it impossible without the use of additional information to determine the ownership of personal data to a specific subject of personal data.
Personal data information system - a set of personal data contained in databases and providing their processing of information technologies and technical means.
3. Purpose of collecting personal data
3.1. In accordance with the requirements of the current legislation of the Russian Federation, the Operator determines the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data, organizes and processes personal data, and also organizes and protects the processed personal data.
3.2. Information about the Operator:
Full name: lady.decorexpro.com/en/
3.3. The operator processes personal data in order to comply with the laws of the Russian Federation, including, but not limited to, the following purposes:
3.3.1. user identification;
3.3.2. sending the user notifications and information related to the use of the site, the provision of services, as well as the processing of user requests and applications;
3.3.3. informing about new products, special promotions and offers;
3.3.4. holding contests;
3.3.5. the formation of user authorization tools used by him to access the closed segments of the site;
3.3.6. providing feedback to users of the Operator’s Site, including for receiving opinions, questions from users of information on websites and information products of the Operator, as well as for sending answers to them;
3.3.7. for other legal purposes.
4. Legal grounds for the processing of personal data
4.1. The relations considered in this Agreement related to the collection, storage, processing, distribution and protection of user information are regulated in accordance with the current legislation of the Russian Federation. The application of the norms of foreign law to them is possible only in cases stipulated by the legislation of the Russian Federation and having international agreements valid for the Russian Federation.
5. Principles, procedure and conditions for the processing of personal data
5.1. The operator in his activities ensures compliance with the principles of processing personal data specified in art. 5 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data", including:
5.1.1. the legality and fairness of the purposes and methods of processing personal data;
5.1.2. compliance of the purposes of processing personal data with the goals previously defined and declared during the collection of personal data, as well as the powers of the Company;
5.1.3. compliance of the volume and nature of the processed personal data, the methods of processing personal data with the purposes of their processing;
5.1.4. the reliability of personal data, its sufficiency for the purposes of processing, the inadmissibility of the processing of personal data excessive in relation to the purposes stated during the collection of personal data;
5.1.5. inadmissibility of combining databases containing personal data created for incompatible purposes;
5.1.6. storage of personal data should be carried out in a form that allows to determine the subject of personal data, no longer than the purpose of their processing requires, if the storage period of personal data is not established by federal law, an agreement to which the beneficiary or recipient is a party, under which is the subject of personal data;
5.1.7. destruction upon achievement of the goals of processing personal data or in case of loss of need to achieve them, unless otherwise provided by federal law.
5.2. The Operator processes personal data on a legal and fair basis for the performance of the functions, powers and obligations assigned by law, the exercise of the rights and legitimate interests of the Operator, the Operator’s employees and third parties.
5.3.The Operator processes the personal data of the Users with their consent, provided by the Users and / or their legal representatives by performing specific actions on the Operator's Website, including, but not limited to, placing an order, registering in a personal account, subscribing to a newsletter, in accordance with this Policy .
5.4. The operator processes personal data in automated and non-automated ways, using computer technology and without using such tools.
5.5. The operator can process the following personal data of customers:
5.5.1. Full Name;
5.5.2. Address;
5.5.3. Contact telephone number;
5.5.4. E-mail address;
5.5.5. IP address
5.6. Actions to process personal data include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
5.7. The operator does not verify the accuracy of personal data provided by users. The operator assumes that the user provides personal data in his interest without the intention to violate the rights and legitimate interests of third parties and the operator or cause them losses.
5.8. The operator and other persons who have gained access to personal data are required not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by the Federal Law of the Russian Federation.
5.9. The operator processes the personal data of Users no longer than the purpose of processing personal data requires, unless otherwise provided by the requirements of the legislation of the Russian Federation.
5.10. Destruction by the Operator of personal data is carried out in the manner and terms stipulated by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.
5.11. The content and volume of processed personal data are consistent with the stated processing goals. The processed personal data is not redundant in relation to the stated processing purposes.
6. Information on ensuring the security of personal data
6.1. When processing personal data, the operator takes the necessary legal, organizational and technical measures or ensures their adoption to protect personal data from unlawful or accidental access to it, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in regarding personal data.
6.2. Measures to ensure the security of personal data during their processing, applied by the Operator, are planned and implemented in order to ensure compliance with the requirements specified in Article 19 of the Federal Law-152 “On Personal Data”.
6.3. In accordance with Article 18.1 of FZ-152, the Operator independently determines the composition and list of measures necessary and sufficient to ensure compliance with legal requirements. The operator in particular has taken the following measures:
6.3.1. Local acts on the processing of personal data were introduced, as well as local acts establishing procedures aimed at preventing and detecting violations of established procedures for processing personal data and eliminating the consequences of such violations;
6.3.2. legal, organizational and technical measures are applied to ensure the security of personal data in accordance with Article 19 of the Federal Law-152;
6.3.3. internal control is carried out of the conformity of the processing of personal data FZ-152 and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Operator’s policy regarding the processing of personal data, local acts of the Operator;
6.3.4. assesses the damage that may be caused to personal data subjects in case of violation of Federal Law-152, the ratio of the specified harm and measures taken by the operator to ensure the fulfillment of the obligations stipulated in Federal Law-152;
6.3.5.employees of the Operator who directly process personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents that determine the Operator’s policy regarding the processing of personal data, local acts on the processing of personal data;
6.3.6. In addition to the requirements of 152-ФЗ “On personal data”, the Operator carries out a set of measures aimed at protecting information about customers, employees and contractors.
7. Rights of subjects of personal data
7.1. The subject of personal data has the right:
7.1.1. to receive personal data related to this entity and information regarding their processing;
7.1.2. to clarify, block or destroy his personal data in the event that they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
7.1.3. withdraw consent to the processing of personal data by sending a corresponding request to the Operator by mail or by contacting in person;
7.1.4. to protect their rights and legitimate interests;
7.2. To exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain the information specified in part 3 of article 14 Federal Law “On Personal Data”.
7.3. If the personal data subject considers that the Operator is processing his personal data in violation of the requirements of the Federal Law or otherwise violates his rights and freedoms, the personal data subject has the right to appeal against the actions or inaction of the Operator by contacting the authorized body for the protection of the rights of personal data subjects or in court.
7.4. The rights and obligations of the Operator are determined by applicable law and agreements of the Operator.
7.5. Suggestions and comments for amending the Policy should be sent to chinateampro2015@gmail.com. The policy is updated as necessary.