2-12 MARCH 2019

XXIX World Winter Universiade 2019 in Krasnoyarsk

Privacy policy

1. General Provisions.

1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data are processed by the Individual Entrepreneur Mikhail Dmitrievich Moiseyev (hereinafter referred to as the Operator).

1.2. The policy was developed in accordance with clause 2 of Part 1 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").

1.3. The policy contains information to be disclosed in accordance with Part 1 of Art. 14 of the Federal Law "On Personal Data", and is a public document.

2. Information about the operator.

2.1. The operator operates at: Russia, Krasnoyarsk city, Vzletnaya street, house 18.

3. Information about the processing of personal data.

3.1. The operator processes personal data on a legal and fair basis for the performance of the functions, powers and duties entrusted to him by law, the implementation of the rights and legal interests of the Operator, employees of the Operator and third parties.

3.2. The operator receives personal data directly from the subjects of personal data (hereinafter - PDN).

3.3. The operator processes personal data in automated and non-automated ways, using computer facilities and without using such means.

3.4. Personal data processing activities include collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion and destruction.

4. Processing of customer's personal data.

4.1. The operator processes personal data of clients within the framework of legal relationships with the Operator, regulated by Part 2 of the Civil Code of the Russian Federation of January 26, 1996 No. 14-FZ, (hereinafter referred to as "customers").

4.2. The operator processes personal data of clients in order to comply with the norms of the legislation of the Russian Federation, as well as with the aim:

    
reception of applications and applications from the PDN subject;
    
inform about new products, special promotions and offers;
    
conclusion and execution of the terms of the contract.

4.3. The operator processes personal data of customers with their consent provided by clients and / or their legal representatives by performing conclusive acts on this website, including, but not limited to, ordering, registration in the personal account, subscription to the mailing, in accordance with this Policy.

4.4. The operator processes the personal data of the clients no longer than the purposes of processing personal data require, unless otherwise stipulated by the requirements of the legislation of the Russian Federation.

4.5. The operator can process the following personal data of clients: - Surname, name, patronymic; - Address; - Contact phone number; - E-mail address.

4.6. Special categories of personal data are not processed:

4.6.1. relating to race, nationality;

4.6.2. political views, religious or philosophical convictions;

4.6.3. health and intimate life.

5. Information about the security of personal data.

5.1. The operator, while processing personal data, takes the necessary legal, organizational and technical measures or ensures their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in concerning personal data.

5.2. Measures to ensure the safety of personal data when processing them, used by the Operator, are planned and implemented in order to ensure compliance with the requirements specified in Article 19 of the Federal Law "On Personal Data".

5.3. In accordance with Article 18.1 of the Federal Law 152, the Operator independently determines the composition and list of measures necessary and sufficient to ensure compliance with the requirements of the law. The operator in particular took the following measures:

    
appointed as responsible for the organization of PDD processing;
    
developed and implemented local acts on the issues of processing PDN, as well as local acts that establish procedures aimed at preventing and detecting violations of established procedures for processing PDN and eliminating the consequences of such violations;
    
legal, organizational and technical measures are taken to ensure the safety of the PDN in accordance with Article 19 of the Federal Law-152;
    
an internal control of compliance with the processing of PD-FZ-152 and the regulatory legal acts adopted in accordance therewith, the requirements for protection of the PDE, the policy of the Operator regarding the processing of the PDE, the local acts of the Operator;
    
an assessment is made of the harm that may be caused to the subjects of personal data in the event of a violation of FZ-152, the ratio of this harm and measures taken by the operator aimed at ensuring the fulfillment of the duties stipulated in FZ-152;
    
Operator's employees who directly handle the PDD are familiar with the provisions of the Russian Federation legislation on PDD, including requirements for the protection of PDDs, documents defining the Operator's policy regarding the processing of PDD, local acts on handling PDN;

In addition to the requirements of 152-FZ "On Personal Data", the Operator carries out a set of measures aimed at protecting information about customers, employees and counterparties.

6. Rights of subjects of personal data.

6.1. The subject of personal data has the right:

    
to receive personal data relating to this subject and information regarding their processing;
    
to clarify, block or destroy his personal data in case they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
    
to revoke his consent to the processing of personal data;
    
to protect their rights and legitimate interests, including compensation for damages and compensation for moral harm in the courts;
    
to appeal against actions or omissions of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.

6.2. To realize their rights and legitimate interests, personal data subjects have the right to apply to the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law "On Personal Data".

7. Rules for processing personal data

1. The processing of personal data by the Operator shall be carried out on a lawful basis.

2. The processing of personal data by the Operator shall be limited to the achievement of specific, predefined and legitimate purposes. It is not allowed to process personal data incompatible with the purposes of collecting personal data.

3. It is not allowed to combine databases containing personal data, processing of which is carried out for purposes incompatible with each other.

4. Processing is subject only to personal data, which meet the purposes of their processing.

5. The content and volume of processed personal data must comply with the stated processing objectives. Processed personal data should not be excessive in relation to the stated purposes of their processing.

6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, the relevance to the purposes of processing personal data should be ensured. Responsible for the processing of personal data by the Operator, must take the necessary measures to remove or update incomplete or inaccurate personal data.

7. Measures aimed at identifying and preventing violations provided for by law are:

a) implementation of internal control over the compliance of personal data processing with the norms of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter referred to as the "Federal Law") and normative legal acts adopted in accordance therewith;

b) an assessment of the harm that may be caused to the subjects of personal data in the event of a violation of the Federal Law, the ratio of this harm and the measures taken by the Operator aimed at ensuring the fulfillment of the duties provided for by the Federal Law;

c) to familiarize employees who directly process personal data with the provisions of the Russian Federation legislation on personal data, including requirements for the protection of personal data, and (or) train employees.

8. Ensuring the security of personal data is achieved, in particular:

a) identification of threats to the security of personal data when processing them in personal data information systems;

b) the use of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems required to meet the requirements for the protection of personal data, the fulfillment of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation;

c) carrying out in accordance with the established procedure procedures for assessing the compliance of information protection means;

d) an assessment of the effectiveness of measures taken to ensure the security of personal data prior to putting into operation an information system for personal data;

e) taking into account the computer carriers of personal data;

e) detection of the facts of unauthorized access to personal data and taking measures to prevent them;

g) restoration of personal data, modified or destroyed due to unauthorized access to them;

h) establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal information system.

9. The purpose of processing personal data by the Operator is to ensure compliance with laws and other regulatory legal acts.

10. The storage of personal data must be in the form allowing to determine the subject of personal data, no longer than the purpose of processing personal data requires, if the period of storage of personal data is not established by the Federal Law, the contract to which the subject of personal data is a party. Processed personal data are subject to destruction or depersonalization upon achievement of processing objectives or in case of loss of the need to achieve these goals, unless otherwise provided by the Federal Law.

11. In case of revealing illegal processing of personal data carried out by the Operator within a period not exceeding three working days from the date of this detection, he must stop illegal processing of personal data. If it is impossible to ensure the correctness of personal data processing, the Operator must destroy such personal data within a period not exceeding ten working days from the date of revealing illegal processing of personal data. On the elimination of violations or the destruction of personal data The operator must notify the subject of personal data or his representative, and if the request of the subject of personal data or his representative or the request of the authorized body for the protection of the rights of subjects of personal data were sent by the authorized body for the protection of the rights of subjects of personal data , also specified body.

12. In the event that the purpose of processing personal data is achieved, the Operator shall cease processing personal data and destroy personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract to which the personal data subject is a party, by another agreement between Operator and subject of personal data or if the Operator is not entitled to process personal data without the consent of the subject of personal data, on the grounds, friction of the Federal Law or other federal laws.

13. In the event of the subject's withdrawal of personal data from consent to the processing of his personal data, the Operator must stop processing personal data and destroy personal data within a period not exceeding three working days from the date of receipt of the said withdrawal, unless otherwise provided by the agreement between the Operator and the personal data subject. On destruction of personal data by the Operator is obliged to notify the subject of personal data not later than three working days from the date of destruction.

14. In the absence of the possibility of destruction of personal data during the periods specified above, the Operator shall block such personal data and ensure the destruction of personal data within a period not exceeding six months, unless another period is established by federal laws.