1. General
1.1. This Policy regarding the processing of personal data (hereinafterthe Policy) of GUMINAGRO LLC
registered address: 624022, Sverdlovsk region, Sysert urban district, Sysert, Karla Libknechta str. 72, Room 72 (hereinafter referred to as the Operator) is an official document, which defines the general principles, purposes and procedure for processing personal data of users of the website guminagro.ru (hereinafter referred to as the Site), as well as information about the implemented personal data protection measures.
1.2. The Policy is developed in accordance with the legislation of the Russian Federation in the field of personal data.
1.3. This Policy applies exclusively to the Site. The Operator does not control and is not responsible for third party websites to which the User can access via links available on the Site.
1.4. The Operator’s processing of personal data of other categories ofpersonal data subjects is regulated by other local regulatory documents of the Operator.
1.5. This Policy comes into force from its approval and is valid indefinitely, until it is replaced by a new Policy.
2. Key Terms and Definitions
2.1. The following terms are used in this Policy:
2.1.1. Personal data information system is a personal data aggregate contained in databases and information technologies and technical equipment ensuring their processing.
2.1.2. Processing of personal data is any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data.
2.1.3. Personal data operator (operator) is a public authority, municipal authority, legal or natural person, independently or jointly with other persons organising and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
2.1.4 Personal data are any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data);
2.1.5. Aite User is any person visiting the site and using information, materials and services of the site.
2.1.6. Site is a set of interconnected web pages on the Internet at a unique address (URL), as well as its sub-domains.
2.1.7. Cookies are a small piece of data sent by a web server and stored on the User’s computer, which a web client or web browser sends to the web server in an HTTP request each time it tries to open a page of the respective website.
2.1.8. IP address is a unique network address of a node in a computer network through which the User accesses the website.
3. Personal data processing procedure, terms and conditions
3.1 The basis for processing of personal data of the Site users is consent to personal data processing. The Site users give their consent to the processing of their personal data in the following cases:
when filling out the feedback form / ordering a callback on the Site;
when subscribing to the newsletter;
when making an application.
3.2 If a User does not agree with the terms and conditions of this Policy, the use of the Site and/or any Services available through the use of the Site shall be immediately terminated.
3.3 The personal data of the Site Users shall be processed for the following purposes:
promotion of goods, works, services;
establishment of feedback with the User of the Site, as well as processing of requests and applications from the User;
providing technical support services to users;
subscription to the newsletter;
to keep statistics and analyse the Site performance.
3.4 The list of users’ personal data processed on the Site with automation means:
surname, first name, patronymic;
telephone number
e-mail address;
place of work or company name;
any other information that the user has decided to provide.
3.5 To keep statistics and analyse the Site performance, the Operator processes with Google Analytics and Yandex.Metrica metric services such data as:
IP address;
browser information;
data from cookies;
access time;
referrer (address of the previous page).
3.6 Google Analytics, which is a web analysis tool of Google Inc. registered at Parkway Amphitheatre, Mountain View, California 94043, USA (hereinafter referred to as Google) for the permanent optimisation of the Site. Google Analytics deals with cookies and creates pseudonymised usage profiles that allow us to analyse Users' use of the Site. The information stored in such cookies (e.g. browser type/version, operating system used, referrer URL, hostname of the computer accessing, time of the request to the server) is usually transmitted and stored on Google’s servers. To block Google Analytics, you can download and install an add-on at http://tools.google.com/dlpage/gaoptout?hl=ru. For more information, please see Google’s privacy policy: https://www.google.com/intl/ru/policies/privacy.
3.7 The Yandex.Metrika service available at http://api.yandex.com/metrika, which allows various services and applications of the User to interact with the Yandex.Metrika service of Yandex LLC, registered at 16 Lev Tolstoy St., Moscow, 119021 (hereinafter referred to as Yandex). Yandex.Metric works with cookies and creates pseudonymous usage profiles that allow analysing Users’ use of the Site. The information stored in such cookies (e.g. browser type/version, operating system used, referrer URL, host name of the computer accessing, server request time) is usually transmitted and stored on Yandex servers. To block Yandex.Metrics, you can download and install the add-on at https://yandex.com/support/metrica/general/opt-out.html?lang=ru For more information, please refer to Yandex Privacy Policy: https://yandex.ru/legal/confidential/?lang=ru.
3.8 If Google Analytics and Yandex.Metrics are blocked, some functions of the Site may become unavailable.
3.9 No processing of biometric personal data and special categories of personal data concerning race, ethnic origin, political views, religious or philosophical beliefs, state of health, intimate life is carried out on the Site.
3.10. The Operator does not check the reliability of the information provided by the User and assumes that the User provides reliable and sufficient information, controls its relevance.
3.11. The Operator performs the following actions with personal data: collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
3.12. Personal data shall be stored in a form that allows to identify the subject of personal data for no longer than required by the purposes of personal data processing.
3.13. The condition for termination of personal data processing may be the achievement of the purposes of personal data processing, expiration of the term of personal data processing, revocation of the consent of the Site user to the processing of his/her personal data, as well as detection of unlawful processing of personal data.
3.14. The term of storage of personal data of the Site users is 1 year from the date of the last sending of data.
4. Measures to ensure personal data security
4.1 The security of personal data processed by the Operator is ensured by legal, organisational, technical and software measures necessary and sufficient to ensure the requirements of the legislation of the Russian Federation.
4.2 The Operator shall take the following measures to ensure personal data security
appointment of persons responsible for organisation of processing and ensuring protection of personal data;
limiting the number of the Operator’s employees having access to personal data;
determining the level of personal data protection during processing in personal data information systems;
Establishing rules for differentiating access to personal data processed in personal data information systems and ensuring registration and accounting of all actions performed with personal data;
restricting access to the premises where the main technical means and systems of personal data information systems are located and where non-automated processing of personal data is performed;
keeping records of machine carriers of personal data;
organisation of backup and recovery of personal data information systems and personal data modified or destroyed due to unauthorised access to them;
establishing requirements to the complexity of passwords for access to personal data information systems;
application of the procedures of conformity assessment of the information protection means, which have passed in accordance with the established procedure;
implementation of anti-virus control, prevention of introduction of malicious programmes (virus programmes) and software bookmarks into the corporate network;
organisation of timely updating of the software used in the information systems of personal data and information protection means;
regular assessment of the effectiveness of the measures taken to ensure personal data security;
detecting the facts of unauthorised access to personal data and taking measures to identify the causes and eliminate possible consequences;
control over the measures taken to ensure personal data security and security levels of personal data information systems.
5. Rights of the Site users
5.1 The Site User has the right to receive information regarding the processing of his/her personaldata, including information containing:
confirmation of the personal data processing by the Operator;
legal grounds and purposes of personal data processing;
the purposes and methods of personal data processing applied by the Operator;
name and location of the Operator, information about persons (except for the Operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
personal data being processed relating to the relevant personal data subject, the source of their obtaining, unless another procedure for submission of such data is provided for by the federal law;
the terms of personal data processing, including the terms of their storage;
the procedure for exercising by the subject of personal data of the rights provided for by the federal law Personal Data;
information on the realised or supposed trans-border transfer of personal data;
name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be assigned to such a person;
other information stipulated by the federal law Personal Data or any other federal laws.
5.2 The Site User has the right to demand from the Operator to clarify his/her personal data, block or destroy them in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his/her rights.
5.3 The Site User has the right to request in a structured, universal and machine-readable format a list of his/her personal data provided to the Operator for processing, and to instruct the Operator to transfer his/her personal data to a third party if there is a corresponding technical possibility. In this case, the Operator shall not be liable for any actions of the third party that are subsequently performed with the personal data.
5.4 All questions regarding the processing of personal data should be communicated to the following e-mail address: guminagro@mail.ru.
6. Responsibility
6.1 The User is fully responsible for compliance with the provisions of the existing law of the Russian Federation, including but not limited to the laws on advertising, on the protection of copyright and neighbouring rights, on the protection of trademarks and service marks, including full responsibility for the content and form of materials, in case of quoting and other use of information obtained in connection with the use of the Site services.
7. Miscellaneous
7.1 The Operator has the right to amend this Policy unilaterally in case of changes in the regulatory legal acts of the Russian Federation, as well as at its own discretion.
7.2 Control over the fulfilment of the requirements of this Policy shall be exercised by the person responsible for the organisation of personal data processing.
7.3 Persons guilty of violating the norms governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by the legislation of the Russian Federation.
