«01» June 2021 г.
1. GENERAL PROVISIONS
1.2. The policy was developed and published by the Operator following clause 2, part 1 of Art. 18.1 of the Federal Law of July 27, 2006, No. 152-FZ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").
1.3. The policy was developed to implement the requirements of the legislation in the field of processing and protection of personal data and is aimed at ensuring the protection of the rights and freedoms of a person and citizen when processing his data, including the protection of the rights to privacy, personal and family secrets.
1.4. The policy contains information to be disclosed under Part 1 of Art. 14 of the Federal Law "On Personal Data", which is a publicly available document and is located at: http://garti.me.
1.5. To keep up to date the documents defining the Operator's policy with the processing of personal data, the Operator has the right to change this Policy at any time by publishing the appropriate changes. This Policy cannot be changed except by posting the modified document on the Site.
2.1. Personal Data means any information relating directly or indirectly to a specific or determined individual (Personal Data subject).
2.2. Personal Data Processing means any action (operation) or set of actions (operations) performed with personal data using automation facilities or without using such facilities, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3. Data Operator means a person who independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, their composition to be processed, actions (operations) performed with the personal data of Users.
2.4. Confidentiality of personal data
— it is the responsibility of the Operator or other person getting the access to the personal data, don't disclose to third parties, and not distribute them without the consent of the subject of personal data, unless otherwise provided by federal law.
2.5. Site - a set of programs for electronic computers and other information contained in the information system, access to which is provided through the information and telecommunications network Internet and located at: http://garti.me. The Site may contain links to other Internet resources. The Operator is not responsible for the confidentiality of information posted by the User on such resources.
3. USER RIGHTS
3.1.The user has a right:
3.1.1. To receive personal data related to the User and information regarding their processing;
3.1.2. To clarify, block or destroy the data if they are incomplete, outdated, inaccurate, illegally obtained, or are not necessary for the stated purpose of the processing;
3.1.3. To revoke his consent to the processing of personal data;
3.1.4. To protect their rights and legitimate interests, including compensation for damages and compensation for moral damage in court;
3.1.5. To appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.
4. BASIS FOR THE PERSONAL DATE PROCESSING
4.1 The Operator processes personal data on a legal and fair basis to fulfill the functions, powers, and duties assigned by law, to exercise the rights and legitimate interests of the Operator and the User.
4.2 The operator receives personal data directly from the User and processes them exclusively with the consent of the User. The Operator receives the User's data when interacting with certain functions of the Site.
5. PERSONAL DATA PROCESSING
5.1. This Policy establishes the obligations of the Operator to not disclose and ensure the protection of the confidentiality of personal data that the User provides, using the Site.
5.2. The Operator processes the personal data of Users to comply with the norms of the legislation of the Russian Federation, as well as for such purpose (s) as:
5.2.1. Сontract's conclusion and performance.
5.2.2. Informing about new goods and services.
5.2.3. Preparation of individual offers.
5.2.4. Advertising activities.
5.2.5. Processing applications on the Operator's Website.
5.3The Operator processes the personal data of the Users with their consent, obtained by putting a check in the box about his agreement with the terms of this Agreement.
5.4. Categories of personal data that the Operator collects to achieve the goals specified in clause 5.2. of this Policy:
5.4.3. Patronymic name.
5.4.4. Date of birth.
5.4.5. Residence address.
5.4.6. Contact phone number.
5.4.8. Audio recording of phone conversation.
5.5. The Operator does not process special categories of Users' data.
5.6.The Operator shall not process any biometric personal data.
5.7. This Policy applies only to information processed using the Site. The operator does not control and is not responsible for the processing of information by sites and services of third parties, to which Users can click on the links available within the Site.
5.8. The operator does not verify the accuracy of the personal data provided by the User and is unable to assess his legal capacity. However, the Operator assumes that the User provides reliable and sufficient personal data and keeps them up to date.
6. PERSONAL DATA PROCESSING CONDITIONS
6.1. The processing of the personal data of Users is limited by the period for achieving the processing goals.
6.2. The Operator processes the personal data of Users in an automated way using computer technology.
6.3. Actions for the processing of personal data include collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction
6.4. Concerning the personal data of Users, their confidentiality is maintained, except for cases of voluntary provision by Users of information about themselves for general access to an unlimited number of persons.
6.5. The Operator has the right to transfer the User's data to third parties in the following cases:
6.5.1. Users have agreed to such actions;
6.5.2. The transfer is necessary for the Users to use certain functions of the Site or to fulfill an agreement or contract;
6.5.3. The transfer is provided for by Russian or other applicable law within the framework of the procedure established by law;
6.5.4. Such a transfer takes place as part of the sale or other transfer of business (in whole or in part), while all obligations to comply with the terms of this Policy concerning the personal data received by him are transferred to the acquirer;
6.5.5 As a result of the processing of Users personal data by depersonalizing them anonymized statistical data were obtained, which are transferred to a third party for research, the performance of work, or provision of services on behalf of the Operator;
6.5.6. Users Personal data can be transferred to the authorized bodies of state power of the Russian Federation on the grounds and in the manner established by the current legislation of the Russian Federation.
6.6. When processing personal data of Users, the Operator is guided by:
6.6.1. Federal Law dated July 27, 2006, No. 152-FZ "On Personal Data";
6.6.2. Government's Decree of the Russian Federation dated 01.11.2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
6.6.3. Order of the Federal Service for Technical and Export Control of Russia dated February 18, 2013, No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";
6.6.4 Order of the Federal Security Service of Russia dated July 10, 2014, No. 378 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in information systems of personal data using cryptographic information protection tools necessary to fulfill the requirements established by the Government of the Russian Federation for the protection of personal data. data for each of the security levels ".
6.6.5. The operator takes the necessary organizational and technical measures to protect the User's data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
6.6.6. The Operator, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of personal data.
7. MANDATORY STORAGE OF DATE
7.1. The User's rights provided for in this Policy may be limited following the requirements of the current legislation. In particular, such restrictions may include the obligation of the Operator to save the information changed or deleted by the Users for the period established by law, and/or transfer such information per the legally established procedure to a state body.
8. PERSONAL DATE SECURITY INFORMATION
8.1. The operator appoints a person responsible for organizing the processing of personal data to fulfill the duties provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted under it.
8.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from illegal actions:
8.2.1. Establishes the rules for accessing personal data processed in the Operator's information system, and also ensures registration and accounting of all actions with them;
8.2.2. Assess the harm that may be caused to Users in case of violation of the Federal Law "On Personal Data";
8.2.3. Identifies threats to the security of personal data during their processing in the Operator's information system;
8.2.4. Applies organizational and technical measures and uses information protection tools necessary to achieve the established level of protection of personal data;
8.2.5. Detects facts of unauthorized access to personal data and takes response measures, including the recovery of personal data modified or destroyed due to unauthorized access to them;
8.2.6. Assess the effectiveness of measures taken to ensure the security of personal data before the commissioning of the Operator's information system;
8.2.7Carries out internal control over the compliance of the processing of personal data with the Federal Law "On Personal Data", the regulatory legal acts adopted following it, the requirements for the protection of personal data, the Policy, the Regulation and other local acts, including control over the measures taken to ensure the security of personal data and their level security during processing in the Operator's information system.
9. OPERATOR DETAILS
9.1. The database is containing the Users' personal data, who are citizens of the Russian Federation are located on the territory of the Russian Federation.
9.2. To exercise their rights and legitimate interests, Users have the right to contact the Operator by sending a request in person or with the help of a representative at the address specified in clause 1.1. of the Policy or to the email address indicated on the Site. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law "On Personal Data".