POLICY ON PROCESSING AND PROTECTION OF PERSONAL DATA
Date of publication of the current version:June 18, 2018
Policy in the field of processing and protection of personal data (hereinafter – the Policy) is developed by Individual entrepreneur Vlasova Ksenia Borisovna (hereinafter – the Administrator) in accordance with the Federal Law of 27.07.2006 № 152-FZ “On Personal Data” (hereinafter – the Law) and other normative legal acts in the field of personal data.
The Policy shall be used in conjunction with the relevant consent to process personal data (hereinafter, the “Consent”) posted on the Internet at https://momslab.app/ (hereinafter, the “Service”).
Terms used in the Policy shall be interpreted as defined in the Agreement.
1.1 This Policy defines the procedure of processing and protection of personal information by the Administrator, both with and without the use of automated means.
1.2 The use of the Service implies unconditional agreement with this Policy and the terms of processing of personal data specified therein. In case of disagreement with the Policy, the use of the Service must be immediately terminated.
1.3 This Policy applies to all personal data of individuals processed by the Administrator, as well as processes related to the processing of personal data. Such processes may include, but are not limited to: collection, recording, systematization, accumulation, storage, clarification (update, change), copying, extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal and destruction of personal data.
1.4 The Administrator publishes the Policy on the Service, as well as provides unlimited access to it to any person who personally contacted the Administrator.
1.5 The Administrator does not verify the accuracy of the personal data provided by the individual and his legal capacity. The individual guarantees that all data is true, up-to-date and does not violate the legislation of the Russian Federation.
1.6 The Administrator is the operator of personal data in respect of information relating to any individual using the Service. (hereinafter – the Subject of personal data).
2. The purposes of processing of personal data
2.1 The Administrator carries out processes related to processing of personal data for the purposes of:
2.1.1. registration and identification of the User on the Service;
2.1.2. Establishing and maintaining communication with the User;
2.1.3. provide access to the Service and Content;
2.1.4. providing Consultations;
2.1.5. sending informational and other messages to the User’s Email;
2.1.6. making the Service available and safe; 2.1.7;
2.1.7. compliance with the requirements of Russian laws.
3. The list of personal information, to the processing of which consent is given
3.1. general personal data: name, surname, patronymic, age, e-mail address, phone number, photograph;
3.2 Other information processed by the Administrator: IP-address, type of operating system, browser type, geographical location, Internet service provider, information about using the Service (including information about the visited pages), information automatically obtained when accessing the Service (including cookies), other information obtained as a result of the User’s actions.
4 Processing of Personal Data
4.1 The Subject of personal data provides their personal data to the Administration by filling in the forms on the Site.
4.2 The automated collection of information about the Subject of personal data occurs with the help of technologies and services: web-protocols, cookies, web-tags, which are run only when you enter data.
4.3 The storage and use of personal data is carried out:
4.3.1 On duly protected electronic media using automated systems, except in cases where non-automated processing of personal data is necessary in accordance with the legislation of the Russian Federation;
4.3.2. Using a database located in the territory of states, ensuring adequate protection of personal data;
4.3.3 Not longer than required by the purposes of their processing or within the period of consent of the Personal Data Subject.
4.4 Personal data shall be transferred to third parties to achieve the above purposes, as well as to perform the Administration’s contractual obligations. In this case, third parties are obliged to use personal data only in accordance with the Policy and the Offer.
4.5 The Administration does not transfer personal data to third parties without the consent of the Subject of personal data, except in cases where the transfer is made to ensure compliance with the legislation of the Russian Federation; prevention, suppression of illegal actions of the Subject of personal data and protection of legitimate interests of the Administration and third parties.
4.6 The transfer of personal data and destruction of personal data occurs in the case of:
4.6.1. existence of a threat to the security of the Service;
4.6.2. violation of the terms of the Policy and the Agreement by the Subject of personal data;
4.6.3. expiration of the storage period of personal data;
4.6.4. on the request of the Subject of personal data.
4.7. Processed personal data shall be destroyed or depersonalized immediately after deletion of the account of the Subject of personal data.
5. Rights of the subject of personal data
5.1 The subject of personal data has the right to receive information about the processing of personal data, including
5.1.1. confirmation of the fact of processing of personal data;
5.1.2. legal basis for processing of personal data;
5.1.3. purposes and methods of personal data processing used by the Administrator;
5.1.4. processed personal data related to the relevant Personal Data Subject, and the source of obtaining such data, unless otherwise provided by the laws of the Russian Federation;
5.1.5. terms of processing of personal data, including terms of their storage;
5.1.6. procedure for exercise of rights, stipulated by the legislation of the Russian Federation;
5.1.7. information on executed or supposed trans-border transfer of data;
5.1.8. information about persons to whom personal data may be disclosed on the basis of the agreement with the Administrator or in accordance with the laws of the Russian Federation;
5.1.9. name or full name and address of the person processing personal data by order of the Administrator, if processing is or will be assigned to such person
5.1.10. other information stipulated by the laws of the Russian Federation.
5.2 The subject of personal data has the right to receive the information specified in the first paragraph of this section, an unlimited number of times by sending the Administrator a corresponding request in the manner prescribed by the section “Appeals of the Subject of personal data”.
6. Duties of the Administrator
6.1 In accordance with the requirements of the Law, the Administrator shall:
6.1.1 Provide, upon request of the Subject of personal data, information on processing of his/her personal data or a reasonable refusal;
6.1.2 Take measures necessary and sufficient to ensure fulfillment of obligations under the Law;
6.1.3. Upon the request of the Personal Data Subject, clarify processed personal data, block or delete it if it is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the stated processing purpose;
6.1.4 Ensure lawfulness of personal data processing. If it is impossible to ensure lawfulness of personal data processing, the Administrator shall destroy or ensure destruction of such personal data within 10 (Ten) working days from the date of detection of unlawful processing of personal data;
6.1.5 In case of withdrawal of consent to processing of personal data by the Personal Data Subject, to stop processing and destroy it within a period not exceeding 30 (Thirty) working days from the date of receipt of this withdrawal, except in cases where processing may be continued in accordance with the law.
7. Details of the implemented requirements for the protection of personal data
7.1 Protection of personal data processed by the Administrator is ensured by implementation of legal, organizational and technical measures necessary and sufficient for satisfaction of legal requirements in the field of protection of personal data.
7.2 Legal measures include:
7.2.1. development of local acts of the Administrator, implementing the requirements of Russian legislation (including the Policy for Processing and Protection of Personal Data, with its placement on the Service);
7.2.2. refusal from any ways of personal data processing that do not comply with the purposes predetermined by the Administrator.
7.3 Organizational measures include:
7.3.1 Appointment of a person responsible for organizing the processing of personal data;
7.3.2. limitation of staff of the Administrator, who have access to personal data, and organization of permissive system of access to personal data;
7.3.3. familiarization of the Administrator’s employees with the provisions of the legislation of the Russian Federation on personal data, including requirements for protection of personal data, with local acts of the Administrator on the processing of personal data, training of these employees.
7.4 Technical measures include:
7.4.1. Identification and authentication of access subjects;
7.4.2. application of cryptographic protection means to information containing personal data;
7.4.3. intrusion detection (prevention). 7.5.
7.5 The Administrator undertakes and obliges third parties, in case of transferring to them the right to process the personal data of the Subject of personal data, to observe the confidentiality regime in relation to such personal data and not to use them without the consent of the Subject of personal data, except as provided by the Policy.
8. Limitation of the Policy validity
8.1 This Policy is valid exclusively for the Service and is not applicable to other Internet resources.
8.2 Administrator is not responsible for the actions of third parties who have access to the Subject’s personal data through the fault of the latter.
9. Appeals of the Subject of personal data
9.1 Subject of personal data has the right to submit their requests to the Administrator, including requests regarding the use of personal data in writing or electronically.
9.2 Requests shall contain the following information:
9.2.1. Information about the User’s identity document;
9.2.2. information confirming the contractual relations between the User and the Administrator;
9.2.3. User’s signature.
9.3. The Administrator shall consider and send the answer to the received request within 30 (thirty) days from the receipt of the request.
9.4. All correspondence received by the Administrator from the Subject of personal data (requests in written or electronic form) is related to the information of limited access and shall not be disclosed without his written consent.
10. Amendments to this Policy
10.1. the Administrator shall be entitled to make changes in this Policy as may be necessary. Mandatory revision of the Policy shall be carried out in case of significant changes in international or national legislation in the field of personal data. The new version of the Policy enters into force from the moment it is posted on the Service.
11. Contact Information and Details of the Administrator
Individual Entrepreneur Ksenia Vlasova
REGISTRY NUMBER 317774600122559
Address: 125373, Moscow, Pokhodnyi proezd, 3, building 2