Personal data processing policy

GENERAL PROVISIONS

1.1 PURPOSE OF THE DOCUMENT

This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in accordance with clause 2 of part 1 of article 18.1 of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On personal data" and defines the basic principles, goals, conditions and methods of processing personal data (hereinafter referred to as PD), categories of PD subjects and processed PD, the rights and obligations of the individual entrepreneur Maria Dmitrievna Korobova (hereinafter referred to as the Company) when processing PD, the rights of PD subjects, as well as measures taken in the Company to ensure PD security when implementing the established in the Charter of Activities

1.2 REFERENCES

- Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

- Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems."

The processing and security of PD in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data", the Labor Code of the Russian Federation, by-laws, and other federal laws of the Russian Federation that determine the cases and features of PD processing, guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.

1.3 SCOPE

This Policy applies to all personal data that the Company may receive while users use the Company's websites, place orders, make purchases and / or otherwise interact with the Company (hereinafter referred to as the Services).

This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, depersonalization, destruction of PD, carried out as with the use of computer technology (automation equipment), including with the use of information and telecommunication networks, and without the use of such means.

The use of the Company's Services means the consent of the PD subject to this Policy and the conditions for processing his personal data specified therein. For specific Services, the Company may publish additional provisions in addition to this Policy.

The Company's websites may contain links to other websites that may contain useful and interesting information for users, including links to websites of the Company's partner networks, advertisers and their subsidiaries. However, this Policy does not apply to such other sites. Users who follow links to other sites are advised to familiarize themselves with the policies on the processing of personal data on such sites.

1.4 ABBREVIATIONS USED

ISPDN - Personal data information system

PD - Personal data

RF - Russian Federation

1.5 USED TERMS AND DEFINITIONS

Automated processing of personal data - processing of personal data using computer technology.

Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

Subject of personal data - an individual who has personal data directly or indirectly defining it.

IP Maria Dmitrievna Korobova - within the framework of this Policy, we mean the totality of legal entities that are directly or indirectly under the control of the company IP Maria Dmitrievna Korobova (128 Savushkina St., St. Petersburg, Russia))

1.6 APPROVAL AND REVISION

This Policy comes into force from the moment of its approval by the General Director of the Company and is valid indefinitely.

The company is reviewing the provisions of this Policy and updating them as necessary, as well as in the following cases:

- when changing the provisions of the legislation of the Russian Federation in the field of personal data;

- when it becomes necessary to change the process of processing personal data related to the activities of the Company;

- in cases of receiving instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;

- by decision of the management of the Company.

When changes are made, the date of the last revision is indicated. The new edition is introduced by the order of the General Director of the Company.

Unrestricted access to the Policy is ensured by publishing it on the Company's website on the Internet or in another way.

This Policy is mandatory for familiarization and execution by all persons admitted to the processing of personal data in the Company, and by persons participating in the organization of processes for processing and ensuring the security of personal data in the Company.

2. PRINCIPLES OF PROCESSING PERSONAL DATA OF PERSONAL DATA SUBJECTS

2.1 GENERAL PROCESSING PROCEDURE

When organizing PD processing, the Company is guided by the following principles:

• PD processing is carried out on a legal and fair basis;

• PD processing is limited to the achievement of specific, predetermined and legal purposes;

• it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;

• only PD that meet the purposes of their processing are subject to processing;

• the content and volume of processed personal data correspond to the stated purposes of processing;

• when processing PD, the accuracy of PD is ensured, their sufficiency and relevance in relation to the purposes of PD processing;

• processed PD are subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

The company in its activities proceeds from the fact that the subject of PD provides accurate and reliable information, during interaction with the Company, notifies the representatives of the Company about changes in their PD.

3. PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA OF THE COMPANY'S SUBJECTS

The Company processes PD in accordance with contractual obligations (execution of agreements, contracts and obligations), general business activities of the Company, as well as in accordance with the requirements of the legislation of the Russian Federation in the field of PD.

The personal data that the website user provides to the Company may be processed for the following purposes:

- fulfillment of obligations under agreements concluded between the Company and the user (including for providing information, placing orders, selling and delivering goods by the Company);

- administration of user accounts on sites, mobile applications;

- receiving feedback on the Company's goods / services (including via SMS messages, emails, phone calls) and subsequent analysis of the data received;

- providing additional information about the Company (including information about activities, goods / services sold) through SMS messages, emails, phone calls, including for advertising and marketing purposes by providing the user with information about goods and services that may interest;

- market research and analysis, analysis of preferences in relation to goods and services offered by the Company (including by monitoring actions on websites, in mobile applications used by the Company);

- determination of the need for events and their format (including promotional promotional events);

- to provide the user with access to participate in interactive services, at the request of the user;

- ensuring the most effective display of the content of the Company's sites for the user, as well as measuring and studying the effectiveness of advertising that the Company displays for site visitors.

The Company does not process special categories of PD, biometric and publicly available PD. The list of processed personal data is determined by the current legislation of the Russian Federation, as well as by local documents of the Company.

4. TERMS OF PROCESSING PERSONAL DATA OF PERSONAL DATA SUBJECTS AND ITS TRANSFER TO THIRD PARTIES

The company processes PD of PD subjects in accordance with internal regulatory documents developed in accordance with the requirements of the legislation of the Russian Federation in the field of PD. When processing personal data of subjects, the Company is guided by the provisions of the Federal Law of the Russian Federation dated July 27, 2006 No. 152-FZ "On Personal Data".

Personal data of users received and processed by the Company

Within the framework of this Policy, "personal user data" means:

• last name, first name, patronymic, date of birth, delivery address (s), contact information (phone, e-mail); floor;

• technical information, including the Internet protocol (IP) address that was used when connecting the user's computer to the Internet, login and password, type and version of the user's browser, time zone, types and versions of auxiliary programs built into the browser, operating system and platform;

• information about the user's visit, including the route with full unified information resource locators (URL) when going to the Company's website, when navigating and leaving it (including date and time); products that the User has viewed or for which he has made a search; page response timeout, loading errors, duration of visiting certain pages, information about working with the page (scrolling, mouse clicks and hovering the mouse pointer), methods used when leaving the page;

• type of device from which access to sites or mobile applications administered / used by the Company is carried out;

• geolocation of the IP address;

• information about the address (s) of the user's account (s) in social networks; information about the Company's products purchased directly from the Company or from retailers of the Company's products;

• place of purchase of the Company's goods (including indicating the retail store (s) or the network of retail stores where the Company's goods are purchased);

• information on the degree of satisfaction with the Company's goods / services, information on preferences in relation to the Company's goods, services offered by the Company;

• information about actions on sites, in mobile applications administered / used by the Company;

• data contained in reviews about the Company, goods / services of the Company (including reviews provided by telephone, e-mail, SMS messages).

The company does not make decisions that give rise to legal consequences in relation to users or otherwise affect their rights and legitimate interests, based solely on automated processing of personal data.

When processing the personal data of the subject, their confidentiality, integrity and availability are ensured. The transfer of PD to third parties for the fulfillment of contractual obligations is carried out only with the consent of the PD subject, and in order to comply with the requirements of the legislation of the Russian Federation - within the framework of the procedure established by the legislation.

Transfer and disclosure of personal data of the website user to third parties

With respect to the user's personal data, confidentiality is maintained, except for the processing of personal data, access to an unlimited number of persons to which is provided by the user, or at his request.

The company has the right to transfer the user's personal data to third parties in the following cases:

• the user has provided in the prescribed form consent to such actions.

• the order to process PD is carried out on the basis of an agreement concluded with this person, developed taking into account the requirements of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data".

PD may be transferred to third parties in accordance with the purposes specified in this Policy, including the following purposes:

- implementation of administrative and technical support for the Company's website, as well as server support for the Company's business applications, including data storage;

- delivery of orders for goods and samples of the Company's products;

- collection and analysis of the preferences of personal data subjects in relation to the goods and services of the Company, the implementation of advertising and newsletters by e-mail in the case of placing an order and / or in the case of a user's subscription,

- performing the functions of a call center within the framework of processing orders for the Company's goods, as well as receiving feedback on the Company's goods / services (including via SMS messages, emails, phone calls) and the subsequent analysis of the data received, in accordance with the purposes of processing Company data;

- provision of information about the Company (including information about activities, goods / services sold) through SMS messages, emails, phone calls;

- receiving feedback on the Company's goods / services (including via SMS messages, emails, phone calls, if the user subscribes) and subsequent analysis of the data received, assistance in holding events (including promotional promotional activities) ...

The company may entrust the processing of PD to another person if the following conditions are met:

- received in the prescribed form the consent of the PD subject to order the processing of PD to another person;

- the order to process PD is carried out on the basis of an agreement concluded with this person, developed taking into account the requirements of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data".

PD may be transferred to third parties in accordance with the purposes specified in this Policy, including the following purposes:

- implementation of administrative and technical support for the Company's website, as well as server support for the Company's business applications, including data storage;

- delivery of orders for goods and samples of the Company's products;

- provision of information about the Company (including information about activities, goods / services sold) through SMS messages, emails, phone calls;

The company may entrust the processing of PD to another person if the following conditions are met:

- received in the prescribed form the consent of the PD subject to order the processing of PD to another person;

The person processing PD on behalf of the Company is obliged to comply with the principles and rules for PD processing and is responsible to the Company. The Company is responsible to the PD subject for the actions of an authorized person to whom the Company has entrusted the PD processing.

Disclosure of personal data of the website user to our partners

Information that Facebook collects and transmits to companies

All Facebook tools and functions available on our sites are governed by Facebook's data processing policy, which contains information about the user's rights and the services available to him. By using the company's website, the user can:

• enter the site using the login from the Facebook site. if the user performs such an action, then he agrees that the company will access his profile data from the Facebook website;

• use the buttons "like" and "share" information with Facebook

• consent to the collection of information about cookies on the site, which helps to track information about the user's activity, including information about the type of device connected to the Internet, about the company's services used by the user, about the purchases made and the advertisements viewed, regardless of whether there is the user has an account on the social network Facebook and whether he is connected to it.

when the user uses these services of the social network Facebook, the company collects data that helps:

• show the user advertisements on Facebook (or on instagram, messenger or any other service owned by Facebook) that are in his interests;

• evaluate and analyze the performance of our websites / apps and advertisements.

The company may use the personal information provided by the user on the site (such as first name, last name, email address, gender and phone number) to identify the user on Facebook (or on Instagram, Messenger or any other service owned by Facebook) in order to show the user information in which he is most interested. At the same time, Facebook does not transfer the user's personal data and deletes such data immediately after the above goals are achieved. When a user uses Google's advertising services on our website or application, Google may have access to the data that the user provides using such services. For more information on how Google may use this data, please refer to Google's privacy policy.

5. PROCESSING OF PERSONAL DATA OF CITIZENS OF THE RUSSIAN FEDERATION

In accordance with Article 2 of the Federal Law of July 21, 2014 No. 242-FZ "On Amendments to Certain Legislative Acts of the Russian Federation in terms of clarifying the procedure for processing personal data in information and telecommunication networks" when collecting personal data, including through information and telecommunication network "Internet", the Company provides recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases:

• PD processing is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or by law, for the implementation and implementation of the functions, powers and duties assigned by the legislation of the Russian Federation to the Company;

• PD processing is necessary for the administration of justice, the execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;

• PDN processing is necessary for the execution of the powers of federal executive bodies, bodies of state extra-budgetary funds, executive bodies of state power of the constituent entities of the Russian Federation, local governments and the functions of organizations involved in the provision of state and municipal services, respectively, provided for by Federal Law No. 210 of July 27, 2010 -FZ "On the organization of the provision of state and municipal services", including the registration of the subject of personal data on a single portal of state and municipal services and (or) regional portals of state and municipal services;

• PD processing is necessary for the professional activities of a journalist and (or) the legitimate activities of the media or scientific, literary or other creative activities, provided that this does not violate the rights and legitimate interests of the subject of personal data

6. CROSS-BORDER TRANSFER OF PERSONAL DATA

The company is obliged to make sure that the foreign state, to whose territory it is supposed to transfer PD, provides adequate protection of the rights of PD subjects, prior to the start of such transfer.

Cross-border transfer of PD on the territory of foreign states that do not provide adequate protection of the rights of PD subjects can be carried out in the following cases:

• availability of written consent of the PD subject for the transboundary transfer of his PD;

• execution of an agreement to which the PD subject is a party.

7. RIGHTS OF THE SUBJECT TO ACCESS AND CHANGE ITS PERSONAL DATA

To ensure compliance with the rights of PD subjects established by law, the Company has developed and introduced a procedure for working with requests and requests from PD subjects, as well as the procedure for providing PD subjects with information established by the legislation of the Russian Federation in the field of PD. The Company takes reasonable measures to maintain the accuracy and relevance of the Company's PD, as well as to remove obsolete and other inaccurate or unnecessary PD. The user is responsible for providing accurate PD information, as well as for updating the provided PD in case of any changes.

This procedure ensures the observance of the following rights of the PD subject:

- the right to receive information regarding the processing of personal data of the corresponding PD subject, including containing:

• confirmation of the fact of PD processing;

• legal grounds and purposes of PD processing;

• the purposes and methods of PD processing used by the Company;

• the name and location of the Company, information about persons (except for employees of the Company) who have access to PD or to whom PD can be disclosed on the basis of an agreement with the Company or on the basis of other requirements of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ " About personal data ";

• processed PD related to the relevant PD subject, the source of their receipt, unless another procedure for submitting such PD is provided for by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• terms of PD processing, including the terms of their storage;

• the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• information on ongoing or expected transboundary PD transfer;

• name or surname, first name, patronymic and address of the person performing the PD processing on behalf of the Company, if the processing is entrusted or will be entrusted to such a person;

• other information provided for by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data" or other requirements of the legislation in the field of personal data.

- the right to clarify, block or destroy their PD if the PD is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as the right to take measures provided for by the legislation of the Russian Federation in the field of PD to protect their rights.

The user can exercise the above rights by sending a written request to the official address of the Company: 197374, St. Petersburg, Deputatskaya st., 9B, for the individual entrepreneur Maria Dmitrievna Korobova marked “request for personal data” or to the company's email address: info @ eatloverow.store

... The request can also be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

The request of the PD subject must contain the number of the main document proving the identity of the PD subject or his representative, information on the date of issue of the said document and the issuing authority, information confirming that the PD subject is in relations with the Company (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of PD processing by the Company, the signature of the PD subject or his representative.

At the same time, the user's withdrawal of consent to PD processing entails the deletion of the user's account from the website, as well as the destruction of records containing PD in the Company's PD processing systems, which may make it impossible to further provide the user with the Company's services.

8. OBLIGATIONS AND RIGHTS OF THE COMPANY

In accordance with the requirements of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data", the Company undertakes:

• carry out the processing of personal data in compliance with the principles and rules stipulated by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• not to disclose to third parties and not to distribute PD without the consent of the PD subject, unless otherwise provided by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• provide evidence of obtaining the consent of the PD subject to the processing of his PD or evidence of the existence of grounds according to which such consent is not required;

• carry out PD processing only with the written consent of the PD subject, in cases stipulated by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• provide the PD subject or his representative upon request with information regarding the processing of PD of the corresponding PD subject, or provide a reasoned refusal to provide this information, containing a link to the provisions of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data", within the period , not exceeding thirty days from the date of application of the PD subject or his representative;

• explain to the PD subject the legal consequences of refusing to provide his PD, if the provision of PD is mandatory in accordance with the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

• take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;

• make changes to the processed PD at the request of the PD subject or his representative, in case of confirmation of the fact of inaccuracy of the processed PD of the corresponding PD subject within seven working days;

• block the processing of personal data in case of detection of illegal processing when the subject of personal data or his representative applies, if blocking of personal data does not violate the rights and legitimate interests of the corresponding subject of personal data or third parties;

• destroy the PD of the corresponding PD subject within a period not exceeding ten working days, if it is impossible to ensure the legality of PD processing, unless another period is established by the current legislation;

• notify the PD subject or his representative about all changes concerning the corresponding PD subject;

• keep a register of applications of PD subjects, which records all requests and applications of the PD subject or his representative;

• stop processing and destroy the PD of the corresponding PD subject, if the goal of PD processing is achieved within a period not exceeding thirty days from the date of achieving the purpose of PD processing, unless otherwise provided by an agreement to which the PD subject is a party, beneficiary or guarantor, by another agreement between the Company and the subject of personal data, or the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws;

• stop PD processing and destroy the PD of the corresponding PD subject, if the PD subject revokes his consent to process his PD within a period not exceeding thirty days from the date of receipt of the said revocation, unless otherwise provided by an agreement between the Company and the PD subject.

In accordance with the provisions of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data", the Company has the right to:

- carry out PD processing without the consent of the PD subject if there are grounds specified in Articles 6, 10, 11 of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";

- refuse to the PD subject in the execution of the request / repeated request, if the PD subject was provided with a reasoned response about the refusal to fulfill such a request;

9. MEASURES TAKEN TO PROTECT THE PERSONAL DATA OF SUBJECTS

The company takes the necessary and sufficient organizational and technical measures to protect the personal data of PD subjects from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.

Personal data security measures applied by the Company:

• appointment of a person responsible for organizing PD processing;

• issuance of documents defining the Company's policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation in the field of personal data, eliminating the consequences of such violations;

• assessment of harm that may be caused to PD subjects in case of violation of the legislation of the Russian Federation in the field of PD, the ratio of this harm and measures taken to ensure compliance with the legislation of the Russian Federation in the field of PD;

• familiarization of the Company's employees who are directly involved in PD processing with the provisions of the legislation of the Russian Federation in the field of PD, including the requirements for PD protection, documents defining the Company's policy regarding PD processing, local acts on PD processing, and (or) training of these employees ;

• identification of threats to the security of personal data during their processing in personal data information systems (hereinafter - ISPDN);

• application of organizational and technical measures to ensure the security of personal data during their processing in ISPD, necessary to meet the requirements for the protection of personal data, the implementation of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation;

• application of the procedure for assessing the conformity of information protection means that have passed in accordance with the established procedure;

• assessment of the effectiveness of measures taken to ensure the safety of PD prior to the commissioning of PDIS;

• accounting of machine carriers of personal data;

• detection of facts of unauthorized access to personal data and taking measures;

• restoration of PD, modified or destroyed due to unauthorized access to them;

• establishment of rules for access to PD processed in ISPD, as well as ensuring registration and accounting of all actions performed with PD in ISPD;

• control over the measures taken to ensure the security of PD and the level of security of the PDIS.

10. PERSON RESPONSIBLE FOR THE ORGANIZATION OF THE PROCESSING OF PERSONAL DATA IN THE ORGANIZATION

The company appoints a person responsible for organizing PD processing.

The person responsible for organizing PD processing receives instructions directly from the General Director of the Company.

The person responsible for organizing the processing of PD is obliged to:

• to exercise internal control over the observance by the Company and its employees of the legislation of the Russian Federation in the field of personal data, as well as internal organizational and administrative documents of the Company on the processing and protection of personal data;

• to bring to the attention of the Company's employees the provisions of the legislation of the Russian Federation in the field of personal data, local acts on the processing of personal data, requirements for the protection of personal data;

• participate in the revision of the internal organizational and administrative documents of the Company on the processing and protection of personal data;

• organize the reception and processing of requests and requests from PD subjects or their representatives and (or) monitor the reception and processing of such requests and requests;

• perform other duties and bear other rights specified in the relevant local document of the Company.

Other duties and rights of the Person Responsible for organizing the processing of personal data are determined in the local document of the Company "Management of the official responsible for organizing the processing of personal data".

11. RESPONSIBILITY FOR IMPLEMENTATION OF POLICIES

Employees of the Company who process PD, as well as those responsible for organizing and ensuring the security of PD in the Company bear disciplinary, civil and administrative or criminal liability in accordance with the current legislation of the Russian Federation for violation of the provisions of this Policy, local acts of the Company, and other requirements provided for the legislation of the Russian Federation in the field of personal data.

0 item(s) - 0.00р.

Personal data processing policy