Privacy Policy of LLC “RED”
1. General Terms.
1.1. This Privacy Policy (hereinafter referred to as the "Policy") has been developed in accordance with the Constitution of the Russian Federation, the Labour Code of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter referred to as the "Personal Data Law"), Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and the Protection of Information", the Regulation on the specifics of processing personal data carried out without the use of automation tools, approved by Resolution of the Government of the Russian Federation No. 687 dated September 15, 2008, the Requirements for the protection of personal data during their processing in personal data information systems, approved by Resolution of the Government of the Russian Federation No. 1119 dated November 1, 2012, as well as other regulatory legal acts in the field of personal data protection.
1.2. This Policy establishes the procedure for processing personal data of the Operator’s consumers/clients (hereinafter also referred to as the "Company") and other personal data subjects for the purpose of ensuring the protection of human and civil rights and freedoms during the processing of their personal data, including the right to privacy, personal and family secrecy.
1.3. This Policy forms part of the system of measures implemented by the Company to protect the personal data being processed from unlawful or accidental access, destruction, alteration, blocking, copying, dissemination, as well as from other unlawful actions.
2. Terms and Definitions.
In accordance with applicable legislation, the following terms are used in this Policy:
personal data – any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data);
biometric personal data – information that characterizes the physiological and biological features of an individual, based on which the identity of the personal data subject can be established and which is used by the Operator for the purpose of identifying the subject of personal data;
operator – a state authority, municipal authority, legal entity, or natural person that, independently or jointly with others, organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the scope of personal data to be processed, and the actions (operations) performed with personal data. For the purposes of this Policy, the Operator shall mean Limited Liability Company “RED” (LLC “RED”);
processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools in relation to personal data, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer, depersonalization, blocking, deletion, or destruction of personal data;
personal data subject – a natural person whose personal data makes it possible to identify him or her, directly or indirectly;
dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
blocking of personal data – temporary suspension of the processing of personal data (except in cases where processing is necessary for the clarification of personal data);
destruction of personal data – actions that result in the impossibility of restoring the content of personal data in a personal data information system and (or) that lead to the destruction of the physical media containing personal data;
depersonalization of personal data – actions that make it impossible to determine, without the use of additional information, whether the personal data belongs to a specific personal data subject;
personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing;
automated processing of personal data – a processing of personal data by means of computer technology;
non-automated processing of personal data – a processing of personal data contained in a personal data information system or extracted from such a system, where actions such as the use, updating, transfer, or destruction of personal data with respect to each personal data subject are carried out with the direct involvement of a human;
cookies – a unique identifier of an Internet browser stored as a small file on the client’s device, which is used for authentication on the website and for storing preferences and settings;
Yandex.Metrica, AppMetrica – web analytics tools that help generate visual reports, record of visitors’ actions, track traffic sources, and evaluate the effectiveness of online and offline advertising.
3. Principles and Rules of Personal Data Processing
3.1. Personal data processing shall be conducted based on the following principles:
3.1.1. Personal data processing shall be carried out on a lawful and fair basis.
3.1.2. Personal data processing shall be limited to achieving specific, explicit, and legitimate purposes. Processing of personal data incompatible with the purposes for which the personal data was collected is prohibited.
3.1.3. It is prohibited to combine databases containing personal data if such data is processed for purposes that are incompatible with each other.
3.1.4. Only personal data that is relevant to the purposes of its processing shall be subject to processing.
3.1.5. The content and scope of the personal data being processed must correspond to the stated purposes of processing. The personal data being processed must not be excessive in relation to the stated purposes of processing.
3.1.6. When processing personal data, accuracy, sufficiency, and, where necessary, relevance of personal data to the purposes of processing must be ensured. The Operator shall take, or ensure the taking of, necessary measures to delete or clarify incomplete or inaccurate data.
3.1.7. The storage of personal data shall be carried out in a form that allows the identification of the personal data subject for no longer than is necessary for the purposes of processing, unless another period of storage of personal data is established by applicable law.
3.1.8. When storing personal data media, conditions must be observed that ensure the safety of personal data and prevent unauthorized access, theft, substitution, or destruction. Personal data media must be stored in lockable storage units (such as safes, cabinets, drawers, server racks, etc.) or premises equipped with locking devices that exclude the possibility of unauthorized copying of information and theft of storage media. Machine-readable media containing backup copies of personal data shall not be provided to ordinary users and shall be used exclusively for the restoration of personal data in the event of an emergency or failure of the primary data storage media. Backup media containing personal data must be stored in a designated locked storage unit or locked premises.
3.1.9. The personal data being processed shall be subject to destruction or anonymization upon the achievement of the purposes of processing or in the event that there is no longer a need to achieve such purposes, unless otherwise provided by federal law. The destruction of personal data (including personal data media) shall be carried out in accordance with the internal regulations of the Company. The destruction of personal data contained on physical (paper) media shall be carried out in accordance with the Company’s established records management and archiving rules. The destruction of paper-based personal data media not subject to such rules shall be performed by the responsible officer who created the media, through shredding, including with the use of paper shredding machines. The destruction of machine-readable personal data media shall be performed in a manner that prevents their further use or the recovery of confidential information (e.g., reformatting, overwriting, demagnetization, or physical destruction).
3.2. Automated processing of personal data shall be carried out in accordance with the following requirements:
3.2.1. The security of personal data during its processing in a personal data information system shall be ensured by means of a personal data protection system that neutralizes current threats as identified in accordance with Part 5 of Article 19 of the Federal Law “On Personal Data”.
3.2.2. The personal data protection system shall include organizational and/or technical measures determined with consideration of current threats to the security of personal data and the information technologies used in personal data information systems.
3.2.3. The selection of information security tools for the personal data protection system shall be carried out by the operator in accordance with regulatory legal acts adopted by the Federal Security Service of the Russian Federation and the Federal Service for Technical and Export Control.
3.2.4. The identification of the types of threats to the security of personal data relevant to the information system shall be carried out by the operator, taking into account the assessment of potential harm conducted in accordance with regulatory legal acts adopted pursuant to Part 5 of Article 19 of the Federal Law “On Personal Data.”
3.2.5. The operator shall ensure interaction with the state system for detecting, preventing, and elimination of the consequences of computer attacks on the information resources of the Russian Federation, including notifying the federal executive authority responsible for security about computer incidents that have resulted in the unlawful transfer (disclosure, dissemination, access) of personal data.
3.3. The processing of personal data without the use of automation tools shall be carried out in accordance with the following rules:
3.3.1. When personal data is processed without the use of automation tools, such data must be separated from other information, in particular, by recording it on separate tangible media of personal data (hereinafter referred to as “tangible media”), in special sections or in the margins of forms (templates).
3.3.2. When recording personal data on tangible media, it is not permitted to record on a single physical medium of personal data whose processing purposes are knowingly incompatible. For the processing of different categories of personal data without the use of automation tools, a separate physical medium must be used for each category of personal data.
3.3.3. Individuals engaged in the processing of personal data without the use of automation tools (including the operator’s employees or persons performing such processing under a contract with the operator) must be informed of the fact that they are processing personal data without the use of automation tools on behalf of the operator, the categories of personal data being processed, as well as the specific features and rules applicable to such processing as established by the regulatory legal acts of federal executive authorities, executive authorities of the constituent entities of the Russian Federation, and the internal legal acts of the Company.
3.3.4. When using standard document forms, the nature of the information in which implies or allows the inclusion of personal data (hereinafter referred to as the “standard form”), the following conditions must be met:
(a) the standard form or documents associated with it (such as completion instructions, cards, registers, and journals) must contain information regarding the purpose of processing personal data carried out without the use of automation tools, the name and address of the operator, the surname, first name, patronymic (if applicable), and address of the personal data subject, the source from which the personal data was obtained, the timeframes for the processing of personal data, a list of actions to be performed with the personal data during the course of processing, and a general description of the methods of personal data processing used by the operator.
(b) the standard form must provide a field in which the personal data subject may indicate their consent to the processing of personal data carried out without the use of automation tools, where written consent to such processing is required;
(c)
the standard form must be designed in such a way that each personal data
subject whose data is contained in the document has the opportunity to access
their own personal data without infringing upon the rights and legitimate
interests of other personal data subjects;
(d) the standard form must preclude the combination of fields intended for
entering personal data whose processing purposes are knowingly incompatible.
3.3.5. When maintaining logs (registers, books) containing personal data required for the one-time admission of the personal data subject to the territory where the Operator is located, or for other similar purposes, the following conditions must be observed:
(a) the necessity of maintaining such a log (register, book) must be established by an act of the operator, which shall include information on the purpose of personal data processing carried out without the use of automation tools, the methods of recording and the scope of information requested from personal data subjects, a list of persons (by name or position) who have access to the physical media and are responsible for maintaining and safeguarding the log (register, book), the timeframes for personal data processing, as well as information on the procedure for granting the personal data subject access to the territory where the operator is located without verifying the authenticity of the personal data provided by the personal data subject;
(b) copying of the information contained in such logs (registers, books) shall not be permitted;
(c) the personal data of each personal data subject may be entered into such a log (book, register) no more than once for each instance of the subject’s admission to the territory where the operator is located.
3.3.6. In cases where the purposes of processing personal data recorded on a single physical medium are incompatible, and the medium does not allow for the separate processing of personal data from other data recorded on the same medium, measures must be taken to ensure the separate processing of personal data, including, in particular:
(a) where it is necessary to use or transfer specific personal data separately from other personal data contained on the same physical medium, such personal data shall be copied in a manner that prevents the simultaneous copying of personal data not subject to use or transfer, and the copy of the relevant personal data shall be used or transferred.
(b) where it is necessary to destroy or block a portion of the personal data, the physical medium shall be destroyed or blocked, with prior copying of the information not subject to destruction or blocking, using a method that prevents the simultaneous copying of personal data subject to destruction or blocking.
3.3.7. The destruction or depersonalization of a portion of personal data, where permitted by the physical medium, may be carried out in a manner that precludes further processing of such personal data while preserving the possibility of processing other data recorded on the same physical medium (e.g., deletion, redaction).
3.3.8. The correction of personal data during processing without the use of automation tools shall be carried out by updating or modifying the data on the physical medium, or, if this is not technically feasible due to the characteristics of the physical medium, by recording information regarding the changes made on the same physical medium or by producing a new physical medium containing the specified personal data.
3.3.9. The primary sources of obtaining personal data are:
3.3.9.1. Provision of information by the personal data subject through completion of relevant forms on the website, by sending emails to the operator’s email addresses, or by transmission through telephone communication with the operator’s representative.
3.3.9.2. Automatic collection of information.
- The Operator collects and processes information regarding the interests of personal data subjects based on search queries entered on the websites https://redsolution.company/, https://robo.redsolution.company/, https://zip.redsolution.company/, as well as navigation through the website sections, generated during the personal data subject’s interaction with the website using cookies.
The personal data subject may, at their discretion, disable the use of cookies technology in their web browser; however, in doing so, certain website functions may not work or may function improperly.
- The operator uses software tools on the website, namely Yandex.Metrica and AppMetrica. The use of these software tools involves the collection of the user’s IP address; data about the browser through which the user accesses the website; the time zone of website visitors; geographic data of users; and information from cookies.
3.10. The processing of special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, or intimate life is prohibited, except in cases provided for by law.
3.11. The information characterizing the physiological and biological characteristics of a person, based on which their identity can be established (biometric personal data), and which are used by the Operator to verify the identity of the personal data subject, may only be processed with the written consent of the personal data subject, except in cases established by law.
3.12. The personal data subject has the right to receive, free of charge, information concerning the processing of their personal data, including information containing:
1) confirmation of the fact of personal data processing by the operator;
2) the legal grounds and purposes of personal data processing;
3) the purposes and methods of personal data processing applied by the operator;
4) the name and location of the operator, and information about persons (excluding the operator’s employees) who have access to the personal data;
5) the personal data being processed relating to the respective personal data subject, and the source of their receipt, unless otherwise provided by law;
6) the time periods for processing personal data, including retention periods;
7) the procedure for the personal data subject to exercise the rights provided by law;
8) the name or surname, first name, patronymic (if applicable), and address of the person processing personal data on behalf of the operator, if the processing is or will be entrusted to such person;
9) information on the methods by which the operator fulfills the obligations established by Article 18.1 of the Federal Law “On Personal Data”;
10) other information required by law.
4. Legal Grounds for the Processing of Personal Data.
4.1. The Operator processes personal data based on the grounds established by the Federal Law “On Personal Data,” including on the basis of:
- the consent of the personal data subject to the processing of their personal data;
- functions, powers, and duties assigned to the Operator by the legislation of the Russian Federation;
- the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for the conclusion of a contract at the initiative of the personal data subject or a contract under which the personal data subject will act as a beneficiary or guarantor;
- to exercise the rights and legitimate interests of the Operator or third parties, or to achieve socially significant purposes, provided that the rights and freedoms of the subject of personal data are not violated.
5. Protection of Personal Data.
5.1. The protection of personal data within the Company constitutes a system of measures ensuring the preservation, integrity, and confidentiality of personal data, and preventing unlawful or accidental access to, destruction, alteration, blocking, copying, dissemination, as well as other unlawful actions with respect to personal data. For the purpose of protecting personal data, the Company implements legal and organizational measures, as well as information and physical security measures. To ensure compliance of personal data processing with the Federal Law “On Personal Data,” the regulatory legal acts adopted pursuant thereto, and the Company’s internal regulatory documents on personal data processing, internal control procedures are established and carried out within the Company. Such measures include, among others, the following:
5.1.1. Appointment of a person responsible for organizing the processing of personal data;
5.1.2. Approval of the list of processed personal data;
5.1.3. Approval of the list of employee positions involving the processing of personal data;
5.1.4. 5Familiarization of employees authorized to process personal data with the provisions of the Russian Federation legislation on personal data, as well as with the operator’s internal regulations regarding the processing and protection of personal data;
5.1.5. Execution of a non-disclosure undertaking regarding personal data;
5.1.6. Approval of the list of premises in which personal data is processed, and the procedure for access to such premises;
5.1.7. Implementation of internal control over the processing of personal data;
5.1.8. Determination of the level of personal data protection during their processing in information systems, depending on the type and volume of personal data processed, as well as the type of potential threats.
5.1.9. Access to the processing of personal data within the information system is granted through the use of individual user accounts and complex access passwords;
5.1.10. The placement of information systems, use of specialized equipment, and organization of work involving personal data shall ensure the security of personal data storage media and information protection tools, as well as prevent unauthorized persons from being present in premises where personal data is processed and electronic personal data storage media are located;
5.1.11. Certified hardware and software are used for the protection and processing of personal data, along with the use of antivirus software;
5.1.12. The transfer of personal data over publicly accessible communication channels, including the Internet, without the use of specialized protection tools is prohibited;
5.1.13. Measures are in place to ensure the restoration of personal data that has been modified or destroyed as a result of unauthorized access;
5.1.14. Continuous monitoring of the effectiveness of the personal data protection system is carried out, the methods of personal data processing are regularly evaluated, and the means of personal data protection are continuously enhanced.
6. Obligations of the Company’s Employees in the Processing of Personal Data.
6.1. Access to personal data is permitted only to persons who directly use the personal data for official purposes; such persons shall have the right to receive only the personal data necessary to perform their specific functions.
6.2. Employees of the Company who process personal data in the course of performing their job duties are required to comply with this Policy and other internal regulatory documents of the Company concerning personal data processing and information security.
6.3. Employees of the Company are prohibited from distributing, disclosing, or communicating personal data that became known to them during their work at the Company to third parties, except in cases provided for by law.
7. Responsibility for Ensuring the Security of Personal Data.
7.1. Employees engaged in the processing of personal data bear individual responsibility for complying with the legal requirements governing such processing, as well as for adhering to this Policy and other internal regulatory documents of the Company concerning personal data processing and information security.
7.2. In the event of violations of personal data processing rules or unlawful disclosure thereof, the responsible persons shall be subject to disciplinary, administrative, civil, or criminal liability in accordance with applicable law.
Annex №1 to the
Privacy Policy of «RED LLC»
Purposes of personal data processing, categories of personal data subjects, categories and list of personal data processed.
|
Purpose of personal data processing |
Categories of personal data subjects |
Categories and list of personal data processed |
Legal basis for processing |
List of processing actions that may be performed with personal data |
Methods of processing personal data |
|
1. Implementation of rights and obligations within the framework of labor relations/arising from labor relations
|
Employees of the Company |
General: Last name, First name, Middle name (if any), Previous last name, Previous first name, Previous middle name (if any), Date of birth, Place of birth, Passport details or details of another identity document (series and number, name of the issuing authority, date of issue and division code), details of previously issued passports, Citizenship, Gender, Position, Address of actual place of residence, Address of registration at place of residence or stay, Date of registration at place of residence or stay, Personal email address, Corporate email address, Personal mobile phone number, Home phone number, Information on business qualities, Marital status, SNILS, TIN, Details of compulsory pension insurance, Details of the certificate of registration of an individual with the tax authority, Details of education, qualifications or availability of special knowledge; Information on work experience, Information on military registration of persons liable for military service and persons subject to conscription, Information on the current place of work (dates of hiring and transfers to another job, name of structural divisions, positions held (specialties, professions), Information on proficiency in foreign languages (name of foreign language, level of knowledge), Information on wages, Nature of work, Type of work (main or part-time), Date and grounds for dismissal, Details and content of the terms of the employment contract, Information on previous places of work, Information on advanced training; Information on professional retraining; Information on vacations, Information on social benefits, Information on hours worked, Bank card\bank account number for crediting wages and other payments, Amount of financial assistance, Information on bringing the subject to liability in cases and within the limits established by law. Special: Information on disability, Information on the state of health required within the framework of current legislation, Information concerning temporary disability. Biometric: Image of the subject (photo, video) |
Requirements of the Labor Code of the Russian Federation and other regulations (including local ones) adopted in pursuance of the Labor Code of the Russian Federation, employment contract, consent of the subject of personal data to the processing of his personal data |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, access, provision, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
Dismissed workers |
Last name, First name, Middle name (if any), Previous last name, Previous first name, Previous middle name (if any), Date of Birth, Place of Birth, Passport details or details of another identity document, details of previously issued passports, Citizenship, Gender, Position, Information on business qualities, Marital status, SNILS, INN, Details of compulsory pension insurance, Details of the certificate of registration of an individual with the tax authority, Details of education, qualifications or availability of special knowledge; Details of profession; Information on work experience, Information on military registration of persons liable for military service and persons subject to conscription for military service, dates of admission and transfers, names of structural divisions, positions held (specialties, professions), Information on proficiency in foreign languages (name of foreign language, level of knowledge), Information on wages, Nature of work, Type of work (main or part-time), Date and grounds for dismissal, Details and content of the terms of the employment contract, Information on advanced training; Information on professional retraining; Information on vacations, Information on social benefits, Information on hours worked, Information on bringing the subject to liability in cases and within the limits established by law. Special: Information on the state of health required under current legislation, Information concerning temporary disability. |
the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data, the processing of personal data is necessary to achieve the goals provided by law, to implement and fulfill the functions, powers and duties imposed on the operator by the legislation of the Russian Federation. |
Recording, Systematization, Accumulation, Storage, Clarification (updating, changing), Extraction, Use, Provision, Access, Depersonalization, Blocking, Deletion, Destruction |
Automated and non-automated |
|
|
Close relatives of the Company's employees |
General: Last name, First name, Middle name (if any), date of birth, place of birth, degree of relationship with the employee. |
Requirements of the Labor Code of the Russian Federation and other regulatory acts that must be fulfilled by the employer in relation to employees. |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), use, access, provision, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
|
2. Selection of candidates for vacant positions |
Candidates for vacant positions |
General: Last name, First name, Middle name (if any), Year of birth, Date of birth, Place of birth, Passport details or details of another identity document (series and number, name of the issuing authority, date of issue and unit code), Citizenship, Gender, Address of registration at the place of residence or stay, Personal e-mail address, Personal mobile phone number, Information on business qualities, Marital status, family composition (quantity), Information on education, qualifications or availability of special knowledge; Information on the profession; Information on work experience, Information on proficiency in foreign languages (name of foreign language, level of knowledge), Date and reasons for dismissal, Wage details, Information on previous places of work, Information on professional retraining; Information on bringing the subject to liability in cases and within the limits established by law. Special: Information on disability, Information on the state of health required under the current legislation. |
Consent to the processing of personal data |
Collection, recording, systematization, storage, clarification (updating, modification), use, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
3. Implementation of rights and obligations within the framework of concluded contracts with individuals or legal entities (with the exception of contracts provided for by labor legislation). |
- Individuals performing work/providing services under civil law contracts; - Individuals whose personal data is processed for the purpose of executing a contract under which they are a party (representative of a party), or a beneficiary or guarantor |
General: Last name, First name, Middle name (if any), Date of birth, Place of birth, Passport details or details of another identity document (series and number, name of the issuing authority, date of issue and department code), Address and date of registration at the place of residence or stay, Personal or corporate email address, Mobile phone number, Bank account number, Taxpayer Identification Number (INN). |
An agreement to which the subject of personal data is a party, beneficiary or guarantor, as well as for concluding an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be a beneficiary or guarantor; consent of the subject of personal data to the processing of his personal data. |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, access, provision, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
4. Implementation of corporate governance (corporate procedures) in the Company |
- Member of the Company; - General Director |
General: : Last name, First name, Middle name (if any), Date of birth, Place of birth, Passport details or details of other identity document (series and number, name of the issuing authority, date of issue and subdivision code), Citizenship, Taxpayer Identification Number (INN), Address and date of registration at place of residence or place of stay, Corporate email address, Corporate mobile phone number, Position, Information on ownership of shares in the Company |
Requirements of the legislation (including Federal Law of 08.02.1998 No. 14-FZ "On Limited Liability Companies"), consent to the processing of personal data |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, access, provision, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
5. Organization of access control to the Company's facilities |
Employees of the Company |
General: Last name, First name, Middle name (if any), Position, Date and time of arrival and departure. Biometric: Image of the subject |
consent to the processing of personal data |
Collection, recording, systematization, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction. |
Automated and non-automated |
|
Visitors of the Company |
General: Last name, First name, Middle name (if any), mobile phone number, Date and time of arrival and departure, Passport details or details of another identity document (series and number, name of the issuing authority, date of issue and department code), Information about the vehicle (make, model, year of manufacture and state registration number). |
Clause 7, Part 1, Article 6 of the Federal Law of 27.07.2006 N 152-FZ "On Personal Data" |
Collection, recording, systematization, storage, use, deletion, destruction. |
Non-automated |
|
|
6. Ensuring information security |
Employees of the Company |
General: Last name, First name, Middle name (if any), Last name (in transliteration), First name (in transliteration), Middle name (in transliteration), Position, Corporate email address, Login/ID in the corporate network, password |
consent to the processing of personal data |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, access, depersonalization, blocking, deletion, destruction of personal data. |
Automated |
|
7. Ensuring internal communication |
Employees of the Company, employees of other Companies |
General: Last name, First name, Middle name (if any), Position, Corporate email address, Corporate phone number Biometric: Image of the subject. |
consent to the processing of personal data |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, provision, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
8. Conclusion and execution of the sales contract (including informing about the order status; delivery of the ordered goods, return of the goods; informing and interaction in the form of feedback; informing and interaction via e-mail; sending a receipt) |
Consumers |
General: Last name, First name, Middle name (if any); date of birth; address; contact telephone number; email address. |
An agreement to which the personal data subject is a party, or a beneficiary or guarantor; the consent of the personal data subject to the processing of his personal data. |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |
|
9. Informing about new products, special promotions and offers; conducting incentive and advertising events; analyzing the quality of the service provided and improving the quality of service. |
Consumers |
General: Last name, First name, Middle name (if any); date of birth; address; contact telephone number; email address, information about consumer interests and preferences. |
Consent to the processing of personal data |
Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, depersonalization, blocking, deletion, destruction of personal data. |
Automated and non-automated |