1) personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);
2) operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) ) performed with personal data;
3) subject of personal data - an individual who is directly or indirectly identified or determined using personal data (Application User).
4) confidentiality of personal data - operators and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
5) processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
6) automated processing of personal data - processing of personal data using computer technology;
7) dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
8) provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
9) blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
10) destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed;
11) depersonalization of personal data - actions as a result of which it becomes impossible to determine the ownership of personal data to a specific subject of personal data without the use of additional information;
12) information system of personal data - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
13) cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
If the Application User provides the Operator with personal data of third parties, the User is responsible for informing the third party about the use of such data and for obtaining appropriate consent.
The processing of personal data is carried out on a legal and fair basis.
The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes.
Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
The content and volume of personal data processed correspond to the stated purposes of processing.
When processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data are ensured.
Personal data is stored in a form that makes it possible to identify the subject of personal data, no longer than required for the purposes of processing personal data.
The processed personal data is destroyed or anonymized upon achievement of the purposes of processing or in the event of the loss of the need to achieve these purposes.
In accordance with the principles of processing personal data, the Operator has determined the following purposes for processing personal data:
· ensuring the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets;
· conclusion, execution and termination of civil contracts with individuals, legal entities, individual entrepreneurs and other persons in cases provided for by current legislation;
· carrying out business activities;
· Conducting marketing research and providing services.
· establishing feedback with counterparties;
· sending notifications and requests regarding the use of the Application and the purchase of services, the provision of services, processing requests and applications from users, concluding a license agreement;
· identification of the Application User to provide the opportunity to use the functionality of the Application;
· creating an account to make purchases;
· providing effective customer and technical support in case of problems related to the use of the site;
· providing the User with information about updates, special offers, pricing information, newsletters and other information on behalf of the Operator.
· promotion of the Operator's goods, works, and services on the market by making direct contacts with potential consumers using communication means.
10. Measures to ensure the security of personal data
The operator takes the necessary legal, organizational and technical measures to ensure the security of personal data to protect it from unauthorized (including accidental) access, destruction, modification, blocking of access and other unauthorized actions. Such measures, in particular, include:
· appointment of employees responsible for organizing the processing and ensuring the security of personal data;
· publication of local regulations on the processing of personal data, familiarization of employees with them;
· ensuring the physical security of premises and processing facilities, access to the Application;
· restriction and delimitation of access of employees and other persons to personal data and processing means, monitoring of actions with personal data;
· identification of threats to the security of personal data during their processing, formation of threat models based on them;
· use of security tools (anti-virus tools, means of protection against unauthorized access), including those that have passed the conformity assessment procedure in the prescribed manner;
· accounting and storage of information media, excluding their theft, substitution, unauthorized copying and destruction;
· backup information for recovery;
· carrying out internal control over compliance with the established procedure, checking the effectiveness of measures taken, responding to incidents.