1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) is drawn up in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006, as well as other Russian regulations on protection and processing of personal data and acts with respect to all personal data (hereinafter referred to as Data) which OOO NPK Gemos Limited (hereinafter referred to as the Operator, the Company) may receive from the subject personal data that is a user of the site (hereinafter referred to as the User) on going to the address in the Internet http://www.mining-media.ru (further - Site).
1.2. The operator provides protection of the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
1.3. Changing Policy.
1.3.1. The operator has the right to make changes to this Policy. When you make changes to the Policy header, the date of the last revision of the edition is indicated. The new version of the Policy shall come into force from the moment of its posting on the Site, unless otherwise provided by the new edition of the Policy.
Personal data (PD) - any information related to a directly or indirectly defined or determined individual (subject of personal data).
Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transfer, depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data - processing of personal data by means of computer facilities.
Personal data information system (ISDN) - a set of personal data contained in databases and providing their processing of information technology and technical means.
Personal data made by the publicly available personal data subject is an AP, access by an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data - temporary termination of processing of personal data (except for cases when processing is necessary for specification of personal data).
Destruction of personal data is an action that makes it impossible to restore the contents of personal data in the personal data information system and (or) as a result of which material data carriers of personal data are destroyed.
Operator - an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purposes of processing personal data subject to processing, actions (operations) performed with personal data. The operator is LLC "NPK" Gemos Limited ", location: Moscow, Leninsky Prospect, 6 p. 3, room. 584, INN 7723083844, OGRN 1027739360440.
3.1. Obtaining the PD.
3.1.1. All PD should be obtained from the subject itself. If the subject's TA can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him.
3.1.2. The operator must inform the subject about the objectives, the proposed sources and methods of obtaining the PD, the nature of the PDs to be received, the list of actions with the PD, the period during which the consent is in force and the procedure for its withdrawal, as well as the consequences of the subject's refusal to give written consent to receive them.
3.1.3. PDs are transmitted by the subject for processing by the Operator by:
visits to the Site by the User;
filling in by the User of the feedback form on the Site (order a call, leave a review, register, place an order and others).
3.2. Processing of PD.
3.2.1. Processing of personal data is carried out:
with the consent of the subject of personal data to the processing of his personal data;
in cases where the processing of personal data is necessary for the implementation and performance of the functions, powers and duties imposed by the legislation of the Russian Federation;
in cases where the processing of personal data is carried out, the access of an unrestricted circle of persons to which is provided by the subject of personal data or at his request (hereinafter - personal data made by a public entity of personal data).
3.2.2. Objectives of processing personal data:
Increase the awareness of users of the Site about goods / works / services of the Company, provide relevant advertising information, optimize advertising, provide information support, advise, conduct marketing campaigns (including email and SMS notifications of news and promotions, etc. .), sending notifications about the statuses of applications, orders, orders, as well as in other cases of using the Site by the User.
3.2.3. Categories of subjects of personal data.
The following PD subjects are processed:
individuals - Users of the Site.
3.2.4. APs processed by the Operator:
surname, name, patronymic of the individual and / or individual entrepreneur, position held, e-mail address, contact phone number, address of location;
the source of the visit to the Site and information of the search or advertising request;
data about the user's device (among which the resolution, version and other attributes that characterize the user device);
Custom clicks, page views, field fillings, impressions and views of banners and videos;
data characterizing the auditor segments;
session parameters;
data on the time of visit;
information stored in the cookie,
IP address.
3.2.5. Processing of personal data is conducted:
using automation tools;
without the use of automation.
3.3. Storage of PD.
3.3.1. PD subjects received by the Operator, are further processed and transferred to storage electronically.
3.3.2. It is not allowed to store and place documents containing PD in open electronic catalogs (file sharing) in ISDN.
3.3.3. Storage AP in a form that allows you to determine the subject of AP, no longer than the purpose of processing requires, and they are subject to destruction upon achievement of treatment objectives or in the event of a loss of the need to achieve them.
3.4. Destruction of PD.
3.4.1. PD on electronic media are destroyed by erasing or formatting carriers.
3.4.2. The fact of destruction of the PD is documented by an act on the destruction of carriers.
3.5. Transfer of PD.
3.5.1. The operator transfers the PD to third parties in the following cases:
the subject expressed his consent to such actions;
the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
4.1. The main protection measures for PD used by the Operator are:
4.1.1. Appointment of the person responsible for handling the PD, which organizes the processing of PD, training and briefing, internal control over compliance by the Operator and his employees with the requirements for the protection of PD.
4.1.2. Determination of actual threats to the safety of PDs during their processing in the ISDN and development of measures and measures to protect the AP.
4.1.3. Development of a policy for the processing of personal data.
4.1.4. Establish rules for access to APs processed in the ISDN.
4.1.5. Establish access passwords for the Operator's employees in ISDN.
4.1.6. Compliance with the conditions ensuring the safety of the PD and excluding unauthorized access to them.
4.1.7. Detection of the facts of unauthorized access to personal data and taking measures.
4.1.8. Recovery of PD, modified or destroyed due to unauthorized access to them.
4.1.9. Training of employees of the Operator directly processing personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents that determine the operator's policy regarding the processing of personal data, local acts on the processing of personal data.
4.1.10. Implementation of internal control and audit.
5.1. Basic rights of the subject of PD.
The subject has the right to access his personal data and the following information:
confirmation of the processing of the PD by the Operator;
legal grounds and objectives for processing PD;
objectives and methods of processing PD used by the Operator;
the name and location of the Operator, information about the persons (with the exception of the Operator's employees) who have access to the AP or who can be disclosed by the AP on the basis of a contract with the Operator or on the basis of a federal law;
terms of processing of personal data, including the terms of their storage;
the procedure for the subject of the PD to exercise the rights provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
the name or surname, name, patronymic and address of the person carrying out the processing of the PO on behalf of the Operator, if the processing is entrusted or will be entrusted to such person;
contacting the Operator and sending him requests;
appeal against the actions or omissions of the Operator.
5.2. Obligations of the Operator.
The operator is obliged:
when collecting AP, provide information on the processing of AP;
in cases where PDs were obtained not from the subject of PD, notify the subject;
in case of refusal to provide a PD, the subject is explained the consequences of such refusal;
publish or otherwise provide unrestricted access to the document that defines its policy regarding the processing of APs to information on the applicable requirements for the protection of AP;
to take the necessary legal, organizational and technical measures or to ensure their adoption to protect the AP from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PoA, as well as from other illegal actions against AP;
to respond to inquiries and appeals of the subjects of the PD, their representatives and the authorized body for the protection of the rights of the subjects of the PoA.