Personal Data Processing Policy

1. Introduction:

1.1. The most important condition for the implementation of the goals of the site https://bazaub.ru/ (hereinafter referred to as the operator) is to ensure the necessary and sufficient level of information security of information, including personal data.

1.2. The Policy regarding the processing of personal data by the operator (hereinafter referred to as the regulation) defines the procedure for the collection, storage, transfer and other types of processing of personal data by the operator, as well as information about the implemented requirements for the protection of personal data.

1.3. The policy is developed in accordance with the current legislation of the Russian Federation.

 

2. Composition of personal data:

2.1. Information constituting personal data is any information related directly or indirectly to a specific or identifiable individual (subject of personal data).

2.2. All personal data processed by the operator is confidential, strictly protected information in accordance with the legislation.

3. Purposes of personal data processing:

3.1. Personal data is processed by the operator for the purposes of registration of labor and other contractual relations, personnel, accounting, tax accounting, according to the requirements provided for in Article 22 of Federal Law No. 152-fz of 27.06.2006, 85-90 of the Labor Code of the Russian Federation, as well as for the purpose of organizing and conducting by the operator (including with the involvement of third parties) loyalty programs, marketing and / or advertising campaigns, research, surveys and other events; providing other services to personal data subjects; promotion of the services and/or products of the operator and / or the operator's partners on the market by making direct contacts with the operator's customers through various means of communication, including, but not limited to, by phone, e-mail, mailing lists, on the Internet, etc.; for other purposes, if the operator's actions do not contradict the current legislation.

3.2. The Operator, in order to properly perform its duties, processes the following personal data necessary for the proper performance of contractual obligations:

* personal data of individuals and legal entities, including, but not limited to, customers, regular customers, customers of services provided by the site.

4. The procedure for the collection, storage, transfer and other types of processing of personal data:

4.1. The processing of personal data, carried out without the use of automation tools, is carried out in such a way that in relation to each category of personal data, it is possible to determine the storage locations of personal data (material carriers). the operator has established a list of persons who process personal data or have access to it. The Operator ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.

4.2. The processing of personal data carried out using automation tools is carried out subject to the following actions: the operator carries out technical measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information; security tools are configured to detect the facts of unauthorized access to personal data in a timely manner; the technical means of automated processing of personal data are isolated in order to prevent the impact on them, as a result of which their functioning may be disrupted; the operator backs up the data in order to be able to immediately restore personal data modified or destroyed as a result of unauthorized access to them; carries out constant monitoring to ensure the level of protection of personal data.

4.3 The personal data Operator transfers personal data to third parties only for the proper performance of contractual obligations.

5. Information about the implemented requirements for the protection of personal data:

5.1. The Operator takes the following measures: determines threats to the security of personal data during their processing; has the right to initiate proceedings and draw conclusions on the facts of non-compliance with the conditions for storing personal data carriers, the use of information protection tools that may lead to a violation of the confidentiality of personal data or other violations that lead to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations; has a description of the personal data protection system.

6. Rights and obligations of the operator:

6.1. The personal data operator has the right to:

* defend their interests in court;

* provide personal data of subjects to third parties, if this is provided for by the current legislation (tax, law enforcement agencies, etc.);

* refuse to provide personal data in cases provided for by law;

* use the personal data of the subject without his consent, in cases provided for by law.

7. Rights and obligations of the personal data subject:

7.1. The subject of personal data has the right to

* request clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;

* request a list of your personal data processed by the operator and the source of their receipt;

* receive information about the terms of processing of your personal data, including the terms of their storage;

* require notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made to them;

* appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or omissions in the processing of their personal data;

* to protect their rights and legitimate interests, including compensation for damages and (or) compensation for non-pecuniary damage in court.

8. Final provisions:

8.1. this policy is subject to changes and additions in the event of new legislative acts and special regulatory documents on the processing and protection of personal data.