Personal data processing policy
PERSONAL DATA PROTECTION AND PROCESSING POLICY
OOO "Equart Group"
1. General Provisions
1.1. This Policy on the processing of personal data (hereinafter referred to as the Policy) has been drawn up in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ dated July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter referred to as data) that the Entrepreneur (hereinafter referred to as the Operator, Organization) may receive from a personal data subject who is a party to a civil law contract, from an Internet user (hereinafter referred to as the User) during his/her use of any of the websites, services, programs, products or services of Equart Group LLC, as well as from a personal data subject who is in relations with the Operator regulated by labor legislation (hereinafter referred to as the Employee).
1.2. The Operator ensures protection of processed personal data from unauthorized access and disclosure, unauthorized use or loss in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".
1.3. The Operator has the right to make changes to this Policy. When making changes, the date of the last update of the version is indicated in the heading of the Policy. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
2. Terms and Abbreviations
Personal data – any information related to a directly or indirectly defined or determinable individual (subject of personal data).
Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Personal data information system (PDIS) – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
Personal data made publicly available by the subject of personal data – personal data, access to which is provided to an unlimited number of persons by the subject of personal data or at his request.
Blocking of personal data is a temporary cessation of processing of personal data (except for cases when processing is necessary to clarify personal data).
Destruction of personal data is an action as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible media of personal data are destroyed.
Operator is an organization that independently or jointly with other persons organizes the processing of personal data, and also determines the purposes of processing of personal data subject to processing, actions (operations) performed with personal data. The Operator is Ekvarta Group LLC, located at the address: Moscow, intracity territory of the city of federal significance Lefortovo, ul. 2-ya Sinichkina, 9A, building 4, room 1N.
Operator's website - ekvarta.ru
3. Processing of personal data
3.1. Obtaining personal data.
3.1.1. All personal data should be obtained from the subject. If the subject's personal data can only be obtained from a third party, the subject must be notified of this or consent must be obtained from him.
3.1.2. The operator must inform the subject of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which consent is valid and the procedure for its revocation, as well as the consequences of the subject's refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
– copying original documents (passport, education document, TIN certificate, pension certificate, etc.);
– entering information into accounting forms;
– obtaining originals of the necessary documents (work record book, medical report, characteristics, etc.).
3.2. Processing of personal data.
3.2.1. Processing of personal data is carried out:
– with the consent of the personal data subject to the processing of his personal data;
– in cases where the processing of personal data is necessary for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation;
– in cases where personal data is processed, access to which is provided to an unlimited number of persons by the personal data subject or at his request (hereinafter referred to as personal data made publicly available by the personal data subject).
3.2.2. Purposes of processing personal data:
– implementation of labor relations;
– implementation of civil law relations;
– to contact the user in connection with filling out the feedback form on the website, including sending notifications, requests and information regarding the use of the store's website, processing, approval of orders and their delivery, execution of agreements and contracts;
– depersonalization of personal data to obtain depersonalized statistical data, which are transferred to a third party for research, performance of work or provision of services on behalf of the store.
3.2.3. Categories of personal data subjects.
The personal data of the following personal data subjects are processed:
– individuals who are in employment relationships with the Organization;
– individuals who have left the Organization;
– individuals who are job candidates;
– individuals who are in civil law relationships with the Organization;
– individuals who are Users of the Store Website.
3.2.4. Personal data processed by the Operator:
– data obtained in the course of employment relationships;
– data obtained for the selection of job candidates;
– data obtained in the course of civil law relationships;
– data received from Users of the Store Website.
3.2.5. Personal data is processed:
– using automation tools;
– without the use of automation tools.
3.3. Storage of personal data.
3.3.1. Personal data of subjects may be received, further processed and transferred for storage both on paper and in electronic form.
3.3.2. Personal data recorded on paper are stored in locked cabinets or in locked rooms with limited access rights.
3.3.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. Storage and placement of documents containing personal data in open electronic catalogues (file sharing services) in the ISPD is not permitted.
3.3.5. Storage of personal data in a form that allows identifying the subject of the personal data is carried out no longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the processing purposes or in the event of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. Documents (media) containing personal data are destroyed by burning, crushing (grinding), chemically decomposing, turning into a shapeless mass or powder. A shredder may be used to destroy paper documents.
3.4.2. Personal data on electronic media are destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is confirmed by a documented act on the destruction of media.
3.5. Transfer of personal data.
3.5.1. The operator transfers personal data to third parties in the following cases:
– the subject has expressed his consent to such actions;
– the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
3.5.2. List of persons to whom personal data are transferred.
– the Pension Fund of the Russian Federation for accounting (on legal grounds);
– tax authorities of the Russian Federation (on legal grounds);
– Social Insurance Fund of the Russian Federation (on legal grounds);
– territorial fund for compulsory medical insurance (on legal grounds);
– medical insurance organizations for compulsory and voluntary medical insurance (on legal grounds);
– banks for calculating wages (on the basis of an agreement);
– bodies of the Ministry of Internal Affairs of Russia in cases established by law;
– anonymized personal data of Users of the website of the online store are transferred to the contractors of the Store.
4. Personal data protection
4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPS), consisting of legal, organizational and technical protection subsystems.
4.2. The legal protection subsystem is a set of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the PDPS.
4.3. The organizational protection subsystem includes the organization of the PDPS management structure, the permit system, and the protection of information when working with employees, partners and third parties.
4.4. The technical protection subsystem includes a set of technical, software, software and hardware tools that ensure the protection of personal data.
4.4. The main measures to protect personal data used by the Operator are:
4.5.1. Appointment of a person responsible for personal data processing, who organizes the processing of personal data, provides training and instruction, and internal control over compliance by the institution and its employees with personal data protection requirements.
4.5.2. Identification of current threats to the security of personal data when processing them in the ISPD and development of measures and activities to protect personal data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishing rules for access to personal data processed in the ISPD, as well as ensuring the registration and accounting of all actions performed with personal data in the ISPD.
4.5.5. Establishing individual passwords for employee access to the information system in accordance with their work responsibilities.
4.5.6. Use of information security tools that have undergone the established procedure for assessing compliance.
4.5.7. Certified anti-virus software with regularly updated databases.
4.5.8. Compliance with conditions that ensure the safety of personal data and prevent unauthorized access to them.
4.5.9. Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Restoration of personal data modified or destroyed due to unauthorized access to them.
4.5.11. Training of the Operator's employees directly involved in the processing of personal data in the provisions of the Russian Federation legislation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on issues of processing personal data.
4.5.12. Implementation of internal control and audit.
5. Basic rights of the personal data subject and obligations of the Operator
5.1. Basic rights of the personal data subject.
The subject has the right to access his personal data and the following information:
– confirmation of the fact of personal data processing by the Operator;
– legal grounds and purposes of personal data processing;
– purposes and methods of personal data processing used by the Operator;
– name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
– terms of personal data processing, including storage periods;
– the procedure for exercising the rights provided for by the Federal Law by the personal data subject;
– name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
– contacting the Operator and sending him requests;
– appealing against the actions or inactions of the Operator.
5.2. Operator's Responsibilities.
The Operator is obliged to:
– provide information on the processing of personal data when collecting personal data;
– notify the subject if the personal data was not received from the subject of the personal data;
– explain the consequences of such refusal to the subject in case of refusal to provide personal data;
– publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information on the implemented requirements for the protection of personal data;
– take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
– respond to requests and appeals from personal data subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.
6. Principles of personal data processing
  • 6.1. The Operator shall process personal data in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:
  • legality and fair basis;
  • limitation of personal data processing to the achievement of specific, predetermined and legitimate purposes;
  • prevention of processing of personal data incompatible with the purposes of collecting personal data;
  • prevention of merging of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
  • processing only those personal data that meet the purposes of their processing;
  • compliance of the content and volume of processed personal data with the stated purposes of processing;
  • prevention of processing of excessive personal data in relation to the stated purposes of their processing;
  • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
  • destruction or depersonalization of personal data upon achievement of the purposes of their processing or in the event of loss of the need to achieve these purposes, if the Operator is unable to eliminate the committed violations of personal data, unless otherwise provided by federal law.
7. Legal grounds for processing personal data
7.1. The legal basis for processing personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
The Constitution of the Russian Federation;
The Labor Code of the Russian Federation;
The Civil Code of the Russian Federation;
The Tax Code of the Russian Federation;
Federal Law of December 6, 2011 No. 402-FZ "On Accounting";
other regulatory legal acts governing relations related to the activities of the Operator.
7.2. The legal basis for processing personal data also includes:
agreements concluded with the Subject of personal data;
the consent of the Subject of personal data to the processing of personal data.
8. Volume, categories and conditions of personal data processed, categories of personal data subjects in relation to the purposes of personal data processing
  1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted. Only personal data that meet the purposes of their processing are subject to processing.
  2. The content and volume of personal data processed must correspond to the stated purposes of processing provided for in this section. The personal data processed must not be excessive in relation to the stated purposes of their processing. Personal data are processed by the Operator for the purposes of:
  • ensuring compliance with the labor legislation of the Russian Federation (assistance to employees in finding employment, obtaining education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)
  • preparation, conclusion and execution of contracts
  • offering and promoting own products and brand on the market by implementing marketing (advertising, PR) activities and sales promotion
  • processing incoming requests from the Site
  • keeping statistics of visits to the Site
  1. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:
  • Operator's employees
  • Operator's contractors
  • Operator's clients
  • Operator's Website visitors

  1. Processing of personal data for the purpose of ensuring compliance with the labor legislation of the Russian Federation.
  2. In accordance with this section of the Policy, the Operator determines the categories and list of personal data to be processed, the categories of subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for the destruction of personal data upon achieving the purpose of their processing or upon the occurrence of other legal grounds in relation to such a purpose as "ensuring compliance with the labor legislation of the Russian Federation (including assistance to employees in finding employment, obtaining education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, ensuring compliance with laws and other regulatory legal acts)".
  3. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such category(ies) of subjects of personal data as:
  • Operator employees
  1. The operator processes the following categories and list of personal data of employees for the purpose specified in this section of the Policy:
а) The processing of general (other) categories of personal data of employees is carried out in accordance with the following list:
  • last name, first name, patronymic
  • residential address
  • education
  • profession
  • passport details
  • contact phone
  • income
  • position
  • TIN
  • SNILS
  • marital status
б) the processing of special categories of personal data of employees is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
  • health information
  • nationality
в) the processing by the Operator of biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
  • facial image data obtained using photo-video devices
  1. The Operator carries out mixed processing of employees' personal data for the purpose specified in this section of the Policy with transfer via the internal network, with transfer via the Internet.
  2. The list of actions performed by the Operator with employees' personal data for the purpose specified in this section of the Policy: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), blocking, deletion, destruction.
  3. The processing of employees' personal data does not require obtaining the relevant consent, provided that the volume of personal data processed by the Operator corresponds to the purpose of ensuring compliance with the labor legislation of the Russian Federation specified in this section of the Policy, on the basis of paragraph 2 of part 1 of article 6 of the Law on Personal Data.
  4. When concluding an employment contract, employees provide the Operator with the following documents containing their personal data:
  5. passport or other identity document;
  6. work record book and (or) information about work activity, except in cases where the employment contract is concluded for the first time;
  7. document confirming registration in the individual (personalized) accounting system, including in the form of an electronic document;
  8. military registration documents - for military personnel and persons subject to conscription for military service;
  9. document on education and (or) qualifications or availability of special knowledge - when applying for a job that requires special knowledge or special training;
  10. other documents in accordance with the requirements of the law.
  11. In the case of the initial conclusion of an employment contract with employees, the work record book, state pension insurance certificate are issued by the Operator.
  12. In the event that other documents are required for the employment of employees in accordance with the law, the Operator contacts the persons applying for a job with a request to provide such documents containing their personal data.
  13. The operator stores the personal data of employees in a form that allows identifying the subjects of personal data for no longer than required by the purpose of processing personal data specified in this section of the Policy, unless the storage period for personal data is established by federal law.
  14. The operator processes the personal data of dismissed employees in cases and within the timeframes stipulated by the legislation of the Russian Federation. Such cases include, among other things, the processing of personal data within the framework of accounting and tax accounting, including to ensure the safety of documents necessary for calculating, withholding and transferring taxes.
  15. The operator is obliged to store accounting documentation for the timeframes established in accordance with the rules for organizing state archival affairs, but the minimum storage period cannot be less than 5 (five) years.
  16. Upon expiration of the timeframes determined by the legislation of the Russian Federation, personal files of employees and other documents are transferred to archival storage for a period of 50 years.
  17. The consent of employees to the processing of their personal data in cases stipulated by paragraphs 4.4.11. - 4.4.13. of the Policy is not required.
  18. The Operator shall not disclose to third parties or distribute personal data of employees for the purpose specified in this section of the Policy without the consent of employees, unless otherwise provided by the legislation of the Russian Federation.
  19. When transferring personal data of employees, the Operator must comply with the following requirements:
  • it is prohibited to disclose personal data of employees to a third party without the written consent of the employees, except in cases where this is necessary to prevent a threat to the life and health of employees, as well as in cases established by the current legislation of the Russian Federation;
  • an employee who transfers personal data of the Operator's employees is obliged to warn persons receiving personal data of employees that this data may only be used for the purposes for which it was communicated, and to require these persons to confirm compliance with this rule. Persons receiving personal data of the Operator's employees are obliged to maintain their confidentiality. This provision does not apply to the exchange of personal data of employees in the manner established by the current legislation of the Russian Federation;
  • an employee who transfers personal data of the Operator's employees has the right to transfer their personal data to representatives of employees in the manner established by the Labor Code of the Russian Federation, and to limit this information only to those personal data of employees that are necessary for the said representatives to perform their functions.
  • the transfer of personal data of employees to the Pension and Social Insurance Fund of the Russian Federation (Social Fund of Russia) in the manner established by federal laws, in particular the Federal Law "On Compulsory Pension Insurance in the Russian Federation", the Federal Law "On the Fundamentals of Compulsory Social Insurance", the Federal Law "On Compulsory Medical Insurance in the Russian Federation" is carried out without the consent of employees.
  • The consent of employees is not required in cases of transfer by the Operator of personal data of employees to tax authorities, military commissariats, trade union bodies, as provided for by the current legislation of the Russian Federation, as well as upon receipt, within the framework of established powers, of reasoned requests from prosecutor's offices, law enforcement agencies, security agencies, from state labor inspectors in the exercise of state supervision and control over compliance with labor legislation and other bodies authorized to request information about employees in accordance with the competence provided for by the current legislation of the Russian Federation.
  1. The Operator does not perform cross-border transfer of employees' personal data for the purpose specified in this section of the Policy.
  2. The terms of processing and storing personal data for the purpose specified in this section of the Policy are established during the term of the employment contract and 5 (five) years after the termination of the employment contract.
  3. Processing of personal data for the purpose of preparing, concluding and executing contracts.
  4. In accordance with this section of the Policy, the Operator determines the categories and list of personal data to be processed, the categories of subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for destroying personal data upon achieving the purpose of their processing or upon the occurrence of other legal grounds in relation to such a purpose as "preparation, conclusion and execution of contracts".
  5. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such category(ies) of subjects of personal data as:
  • Operator's counterparties
  • Operator's clients
  1. The operator processes the following categories and list of personal data of counterparties and clients for the purpose specified in this section of the Policy:
а) processing of general (other) categories of personal data of counterparties and clients is carried out in accordance with the following list:
  • surname, name, patronymic
  • residential address
  • passport details
  • contact phone
  • e-mail address
  • full
б) processing of special categories of personal data of counterparties and clients is not carried out;
в) the processing of biometric personal data of clients (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is carried out in accordance with the requirements of the legislation of the Russian Federation, namely:
  • facial image data obtained using photo-video devices
  1. The Operator carries out mixed processing of personal data of counterparties, clients for the purpose specified in this section of the Policy with transfer via the internal network, with transfer via the Internet.
  2. The list of actions performed by the Operator with personal data of counterparties, clients for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
  3. The processing of personal data of counterparties, clients does not require obtaining the relevant consent, provided that the volume of personal data processed by the Operator corresponds to the purpose of preparing, concluding and executing a civil contract specified in this section of the Policy, based on paragraph 5 of part 1 of article 6 of the Law on Personal Data.
  4. The Operator does not disclose to third parties or distribute personal data of counterparties, clients for the purpose specified in this section of the Policy without the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation.
  5. The Operator does not carry out cross-border transfer of personal data of counterparties, clients for the purpose specified in this section of the Policy.
  6. The terms of processing and storing personal data for the purpose specified in this section of the Policy are established during the term of the agreement with the client and 5 (five) years after the termination of such agreement.
  7. Processing of personal data for the purpose of offering and promoting own products and brand on the market by implementing marketing (advertising, PR) activities and sales promotion.
  8. In accordance with this section of the Policy, the Operator determines the categories and list of personal data processed, the categories of subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for destroying personal data upon achieving the purpose of their processing or upon the occurrence of other legal grounds in relation to such a purpose as "offering and promoting own products and brand on the market by implementing marketing (advertising, PR) activities and sales promotion".
  9. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to the following category(ies) of personal data subjects:
  • Operator's clients
  • Operator's Website visitors
  1. The operator processes the following categories and list of personal data of clients and visitors for the purpose specified in this section of the Policy:
а) processing of general (other) categories of personal data of clients and visitors is carried out in accordance with the following list:
  • surname, name, patronymic
  • contact phone
  • e-mail address
  • gender
б) processing of special categories of personal data of clients and visitors is not carried out;
в) the processing of biometric personal data of clients and visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which his or her identity can be established) is not carried out.
  1. The Operator carries out mixed processing of personal data of clients, visitors for the purpose specified in this section of the Policy with transfer via the internal network, with transfer via the Internet.
  2. The list of actions performed by the Operator with personal data of clients, visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
  3. The processing of personal data of clients, visitors for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent for such processing.
  4. The Operator does not disclose to third parties or distribute personal data of clients, visitors for the purpose specified in this section of the Policy without the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation.
  5. The Operator does not carry out cross-border transfer of personal data of clients, visitors for the purpose specified in this section of the Policy.
  6. The terms of processing and storing personal data of visitors for the purpose specified in this section of the Policy are established from the moment of receiving personal data of visitors until the moment of achieving the purpose of processing personal data - offering and promoting one's own products and brand on the market by implementing marketing (advertising, PR) activities and sales promotion.
  7. Processing of personal data for the purpose of processing incoming requests from the Site.
  8. In accordance with this section of the Policy, the Operator determines the categories and list of personal data being processed, the categories of subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for destroying personal data upon achieving the purpose of their processing or upon the occurrence of other legal grounds in relation to such a purpose as "processing incoming requests from the Site".
  9. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such category(ies) of subjects of personal data as:
  • visitors to the Operator's Website
  1. The operator processes the following categories and list of personal data of visitors for the purpose specified in this section of the Policy.
а) The processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
  • surname, name, patronymic
  • contact phone
  • e-mail address
б) processing of special categories of personal data of visitors is not carried out;
в) The processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is not carried out.
  1. The Operator carries out mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transfer via the internal network, with transfer via the Internet.
  2. The list of actions performed by the Operator with personal data of visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
  3. The processing of personal data of visitors for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent for such processing.
  4. The Operator does not disclose to third parties or distribute personal data of visitors for the purpose specified in this section of the Policy without the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation.
  5. The Operator does not carry out cross-border transfer of personal data of visitors for the purpose specified in this section of the Policy.
  6. The terms of processing and storage of personal data of visitors for the purpose specified in this section of the Policy are established from the moment of receipt of personal data of visitors until the moment of achieving the purpose of processing personal data - processing incoming applications from the Site.
  7. Processing of personal data for the purpose of maintaining statistics of visits to the Site.
  8. In accordance with this section of the Policy, the Operator determines the categories and list of personal data to be processed, the categories of subjects whose personal data are processed, the methods, terms of their processing and storage, the procedure for the destruction of personal data upon achieving the purpose of their processing or upon the occurrence of other legal grounds in relation to such a purpose as "maintaining statistics of visits to the Site".
  9. For the purpose specified in this section of the Policy, the Operator processes personal data belonging to such category(ies) of subjects of personal data as:
  • visitors to the Operator's Website
  1. The operator processes the following categories and list of personal data of visitors for the purpose specified in this section of the Policy:
а) The processing of general (other) categories of personal data of visitors is carried out in accordance with the following list:
  • information collected through metric programs
б) processing of special categories of personal data of visitors is not carried out;
в) The processing of biometric personal data of visitors (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is not carried out.
  1. The Operator carries out mixed processing of personal data of visitors for the purpose specified in this section of the Policy with transfer via the internal network, with transfer via the Internet.
  2. The list of actions performed by the Operator with personal data of visitors for the purpose specified in this section: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
  3. The processing of personal data of visitors for the purpose specified in this section of the Policy is carried out subject to obtaining prior consent for such processing.
  4. The Operator does not disclose to third parties or distribute personal data of visitors for the purpose specified in this section of the Policy without the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation.
  5. The content of the consent of visitors must be specific, objective, informed, conscious and unambiguous, that is, contain information that allows an unambiguous conclusion to be made about the purposes, methods of processing indicating the actions performed with personal data, the volume of personal data processed.
  6. The Operator does not perform cross-border transfer of personal data of visitors for the purpose specified in this section of the Policy.
  7. The terms of processing and storing personal data of visitors for the purpose specified in this section of the Policy are established from the moment of receiving the personal data of visitors until the moment of achieving the purpose of processing the personal data - maintaining statistics of visits to the Site.
  8. Procedure for processing personal data of visitors using COOKIE files
  9. Cookies transferred to the technical devices of the Subject of personal data can be used to provide the Subject of personal data with personalized functions of the Site, for personalized advertising that is shown to the Subject of personal data, for statistical and research purposes, as well as to improve the operation of the Site.
  10. The Subject of personal data understands that the equipment and software used by them to visit sites on the Internet may have the function of prohibiting operations with cookies (for any sites or for certain sites), as well as deleting previously received cookies.
  11. The Operator has the right to establish that the provision of certain functions of the Site is possible only on condition that the acceptance and receipt of cookies is permitted by the Subject of personal data.
  12. The structure of the cookie file, its content and technical parameters are determined by the Operator and may be changed without prior notice to the Personal Data Subject.
  • Counters placed on the website or the Website application may be used to analyze the cookies of the Personal Data Subject, to collect and process statistical information about the use of the Website, and to ensure the operability of the Website as a whole or its individual functions in particular. The technical parameters of the counters are determined by the Operator and may be changed without prior notice to the Personal Data Subjects.
  1. Procedure for collecting and storing personal data
  2. When collecting personal data, including via the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
  3. Persons who have transferred information about another Personal Data Subject to the Operator, including via the Site, without the consent of the subject whose personal data were transferred, are liable in accordance with the legislation of the Russian Federation.
  4. The Operator stores personal data in a form that allows identifying the subject of personal data, no longer than required for the purposes of processing personal data, unless the storage period for personal data is established by federal law, an agreement to which the Personal Data Subject is a party, beneficiary, or guarantor.
  5. The Operator strictly adheres to the principles of data minimization and data processing timeframes. The processed personal data are subject to destruction in the event of:
  • achievement of the purposes of personal data processing;
  • revocation of consent to the processing of personal data or expiration of the consent to the processing of personal data;
  • loss of the need to achieve the purposes of personal data processing;
  • exclusion of the Operator from the Unified State Register of Individual Entrepreneurs.
After the expiration of the specified periods, the Operator may process personal data if the processing is necessary for the Operator to comply with the legislation of the Russian Federation.
  1. Protection of personal data
  2. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
  • identifies threats to the security of personal data during their processing;
  • adopts local regulations and other documents governing relations in the field of processing and protecting personal data;
  • appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
  • creates the necessary conditions for working with personal data;
  • organizes the accounting of documents containing personal data;
  • organizes work with information systems in which personal data is processed;
  • stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
  • organizes training for the Operator's employees processing personal data.
  1. Updating, correcting, deleting and destroying personal data, responding to requests from subjects for access to personal data
  2. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the Personal Data Subject or their representative upon request or upon receipt of a request from the Personal Data Subject or their representative within 10 (ten) business days from the date of receipt of the request. The information provided does not include personal data related to other Personal Data Subjects, except in cases where there are legal grounds for disclosing such personal data.
  3. The request must contain:
  • the number of the main document certifying the identity of the Personal Data Subject or his/her representative, information on the date of issue of the said document and the body that issued it;
  • information confirming the participation of the Personal Data Subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
  • signature of the Personal Data Subject or his/her representative.
  1. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
  2. If the request (request) of the Personal Data Subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
  3. The right of the Personal Data Subject to access his personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of the Personal Data Subject to his personal data violates the rights and legitimate interests of third parties.
  4. In the event that inaccurate personal data is detected upon the request of the Personal Data Subject or his representative or at their request or at the request of Roskomnadzor, the Operator blocks the personal data related to this Personal Data Subject from the moment of such request or receipt of the said request for the verification period, if the blocking of the personal data does not violate the rights and legitimate interests of the Personal Data Subject or third parties.
  5. In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the subject of personal data or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data. Personal data are subject to destruction by the Operator in the following cases:
  • achievement of the purposes of personal data processing;
  • revocation by the subject of personal data of consent to the processing of their personal data;
  • detection of illegal actions with personal data, as well as in other cases stipulated by the current legislation of the Russian Federation.
  1. In the event that the purpose of personal data processing is achieved, the Operator undertakes to stop processing personal data or ensure its termination (if the processing of personal data is carried out by another person acting on behalf of the Operator) and destroy the PD or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of achieving the purpose of personal data processing, unless otherwise provided by an agreement to which the subject of personal data is a party, beneficiary or guarantor, another agreement between the Operator and the subject of personal data, or if the Operator does not have the right to process personal data without the consent of the subject of personal data. If the personal data subject has withdrawn their consent to the processing of personal data, the Operator undertakes to stop their processing or ensure the termination of such processing (if the personal data is processed by another person acting on behalf of the Operator) and if the storage of personal data is no longer required for the purposes of processing personal data, to destroy the personal data or ensure their destruction (if the personal data is processed by another person acting on behalf of the Operator) within a period not exceeding thirty days from the date of receipt of the said revocation, unless otherwise provided by an agreement to which the personal data subject is a party, beneficiary or guarantor, or by another agreement between the Operator and the personal data subject, or if the Operator does not have the right to process personal data without the consent of the personal data subject. In the event of detection of unlawful processing of personal data carried out by the Operator or a person acting on behalf of the Operator, and the impossibility of ensuring the lawfulness of the processing of personal data, the Operator undertakes to destroy such personal data or ensure their destruction within a period not exceeding ten working days from the date of detection of the unlawful processing of personal data. The Operator undertakes to notify the subject of personal data or his representative of the destruction of personal data, and in the event that the appeal of the subject of personal data or his representative or the request of the authorized body for the protection of the rights of personal data subjects were sent by the authorized body for the protection of the rights of personal data subjects, also the said body.
  2. Final Provisions
  3. The Operator has the right to send the Personal Data Subject advertising and informational messages via e-mail, SMS and push notifications only subject to prior consent to receive advertising in accordance with Part 1 of Article 18 of the Federal Law of 13.03.2006 No. 38-FZ "On Advertising". Consent to receive advertising messages from the Operator via e-mail, SMS and push notifications is provided in writing or in electronic form by checking the appropriate box on the Website.
  4. The Personal Data Subject has the right to refuse to receive advertising messages by clicking on the appropriate link in the e-mails received from the Operator, by sending a notice of refusal to receive advertising messages to the support service at the address of the Operator's location: Moscow, intracity territory of the city of federal significance Lefortovo, st. 2-ya Sinichkina, 9A, building 4, room 1N. or by contacting the Operator with a corresponding request at the email address info@ekvartagroup.ru
  5. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is posted at the address of the Operator’s location, freely available on the Internet information and telecommunications network on the Website.
Вернуться на главную