Date of posting on the Website "25" October 2022
This Personal Data Processing Policy (hereinafter referred to as the Policy) defines the general principles and procedure for processing personal data of online store Users and measures to ensure their safety in the Geometry of Repair.
TERMS AND DEFINITIONS
The Parties use the following terms in the meaning given below:
a) Data – other data about the User (not included in the concept of personal data).
b) Legislation – the current legislation of the Russian Federation.
Operator – Repair Geometry, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
c) Personal data – any information relating directly or indirectly to a specific or identifiable individual (User).
User – a person who has access to the Website via the Internet and uses the Website of the online store.
d) Provision of personal data – actions aimed at disclosure of Personal Data to a certain person or a certain circle of persons.
e) Website – a website located on the Internet where the user leaves personal data.
f) The subject of personal data is the User (individual) to whom the Personal Data relate.
g) Transport companies – third parties providing courier services.
Other terms used in the Policy are interpreted in accordance with the Legislation of the Russian Federation.
1. GENERAL PROVISIONS
1.1. This Policy regarding the processing of personal data has been developed in accordance with the provisions of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (with amendments and additions), other legislative and regulatory legal acts and defines the procedure for working with Personal Data of Users and (or) transmitted by Users and requirements for ensuring their security.
1.2. Measures to ensure the security of personal data are an integral part of the Operator's activities.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of Personal Data by the Operator is carried out in accordance with the following principles:
2.1.1. Legality and fair basis of Personal Data processing. The Operator takes all necessary measures to comply with legal requirements, does not process Personal Data in cases where this is not permitted by Law, does not use Personal Data to the detriment of the User.
2.1.2. Processing only those Personal Data that meet the previously announced purposes of their processing. Compliance of the content and volume of the processed Personal Data with the stated purposes of processing. Preventing the processing of Personal Data that is incompatible with the purposes of collecting Personal Data, as well as redundant in relation to the stated purposes of their processing.
The Operator processes Personal Data solely for the purpose of fulfilling contractual obligations to the User.
2.1.3. Ensuring the accuracy, sufficiency and relevance of Personal Data in relation to the purposes of Personal Data processing. The Operator takes all reasonable measures to maintain the relevance of the processed Personal Data, including, but not limited to the exercise of the right of each Subject to receive their Personal Data for review and require the Operator to clarify, block or destroy them if the Personal Data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the purposes stated above processing.
2.1.4. Storage of Personal Data in a form that allows you to identify the User of Personal Data, no longer than the purposes of Personal Data processing require, unless the storage period of Personal Data is established by federal law, an agreement to which the User of Personal Data is a party or beneficiary.
2.1.5. The inadmissibility of combining databases of Personal Data Information systems created for incompatible purposes.
3. TERMS OF PERSONAL DATA PROCESSING
3.1. Processing of Personal Data by the Operator is allowed in the following cases:
3.1.1. If the User agrees to the processing of his Personal Data. Consent is given by accepting a Public Offer posted on the Website or by placing an Order, using the methods specified on the Website.
3.1.2. When transferring Personal data of the Subject of personal data by the User when making an order on the Website. The User guarantees that he has previously received consent from the Subject of personal data to transfer data to the Operator.
3.1.3. Personal data is subject to publication or mandatory disclosure in accordance with the Law.
3.2. The Operator does not disclose to third parties and does not distribute Personal Data without the User's consent, unless otherwise provided by Law. 3.3. The Operator does not process Personal Data belonging to special categories and relating to race and nationality, political views
of religious or philosophical beliefs, health status, intimate life of the Subject of personal data, membership of the Subject of personal data in public associations, except in cases expressly provided for by Law.
3.4. The Operator does not carry out Cross-border transfer of Personal Data of Users.
4. COLLECTION AND PROCESSING OF PERSONAL DATA AND OTHER DATA
4.1. The Operator collects and stores only those Personal Data that are necessary to provide services to the User for the sale of goods through the Site. At the same time, Personal Data can be collected both through the Website and in the Operator's office.
4.2. The Operator processes Personal Data for the following purposes:
4.2.1. Carrying out activities provided for by The Charter of the Company, the current legislation of the Russian Federation;
4.2.2. Fulfillment of the Operator's obligations to the User for the sale of goods, including payment processing, delivery of goods.
4.2.3. To communicate with Users, if necessary, including for sending notifications, information and requests related to the provision of services, as well as processing applications, requests and applications of Users;
4.2.4. To improve the quality of services provided by the Operator;
4.2.5. To promote services on the market by making direct contacts with Users;
4.2.6. To conduct statistical and other research based on depersonalized personal data.
4.3. For the purposes specified in clause 4.2. the Operator processes the following personal data:
Surname, first name and patronymic;
Details of the bank card from which the payment is made (name of the bank card holder, card number, CVV code);
User's IP address;
User's Browser Type;
The delivery address of the goods.
4.4. With respect to Personal Data and other User Data, their confidentiality is maintained, except in cases when the specified data is publicly available.
4.5. The Operator has the right to keep an archived copy of Personal Data and other Data, including after deleting the User's account.
4.6. The Operator has the right to transfer Personal Data and other User Data without the User's consent to the following persons:
4.6.1. State bodies, including bodies of inquiry and investigation, and local self-government bodies at their reasoned request.
4.6.2. To the Operator's Partners in order to fulfill contractual obligations to the User.
4.6.3. In other cases directly provided for by the current legislation of the Russian Federation.
4.7. The Operator has the right to transfer Personal Data and other Data to third parties not specified in clause 4.6 of this Policy in the following cases:
4.7.1. The User has expressed his consent to such actions.
4.7.2. The transfer is necessary as part of the User's use of the Site or the sale of goods to the User (including for the purpose of delivering goods);
4.7.3. The transfer takes place as part of the sale or other transfer of the business (in whole or in part), while all obligations to comply with the terms of this Policy are transferred to the acquirer.
4.8. The Operator performs automated and non-automated processing of Personal Data and other Data.
4.9. Access to Information Systems containing Personal Data is provided by a password system. Passwords are set by authorized employees of the Operator and are individually communicated to employees of the Operator who have access to Personal Data/Data.
4.10. The Operator transfers the processed information to transport (courier) companies on the basis of the User's consent (Article 9 of the Federal Law "On Personal Data").
4.11. The Operator is not responsible for improper processing of the User's personal data carried out by Transport Companies.
4.12. If the Personal data Operator receives a request containing the withdrawal of the personal data subject's consent to the processing of personal data, then within 30 (thirty) calendar days from the date of its receipt, the personal data must be deleted.
5. CHANGE OF PERSONAL DATA
5.1. The User can change (update, supplement) Personal Data at any time by sending a written application to the Operator.
5.2. The User has the right to delete Personal Data at any time/Data.
6. CONFIDENTIALITY OF PERSONAL DATA
6.1. The Operator ensures the confidentiality of the Personal Data/Data processed by it in accordance with the procedure provided for by Law. Confidentiality is not required in relation to:
6.1.1. Personal data after their depersonalization.
6.1.2. Personal data, access of an unlimited number of persons to which is provided by the User or at his request (hereinafter referred to as Personal Data made publicly available by the User).
6.1.3. Personal data subject to publication or mandatory disclosure in accordance with the Legislation.