Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy has been drafted in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as the “Personal Data Law”) and determines the procedure for processing personal data and the measures taken by LLC Research and Development Center “Puteyets” (hereinafter referred to as the “Operator”) to ensure the security of personal data.
1.1.
The Operator considers respect for the rights and freedoms of individuals and citizens in the processing of their personal data to be a fundamental goal and condition of its activities, including the protection of the rights to privacy, personal and family secrets.
1.2.
This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://www.nicputeec.ru/.
2. Basic Terms Used in the Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of the processing of personal data (except where processing is necessary for clarification of personal data).
2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their accessibility on the Internet at https://www.nicputeec.ru/.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data — actions that make it impossible to determine, without additional information, the ownership of personal data by a specific User or other personal data subject.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state or municipal body, legal entity or individual that independently or jointly with others organizes and/or carries out the processing of personal data, as well as determines the purposes of processing, composition of personal data, and actions performed with personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website https://www.nicputeec.ru/.
2.9. Personal data permitted by the personal data subject for distribution — personal data to which the data subject grants access to an unlimited number of persons by giving consent to the processing of personal data permitted for distribution, in accordance with the Personal Data Law.
2.10. User — any visitor of the website https://www.nicputeec.ru/.
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or making personal data available to an indefinite circle of persons, including publication in mass media, posting in information and telecommunication networks, or otherwise providing access to personal data.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of that state, a foreign individual, or a foreign legal entity.
2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data, making it impossible to further restore their content in a personal data information system and/or the destruction of material media containing personal data.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
- receive from the data subject reliable information and/or documents containing personal data;
- continue processing personal data without the consent of the data subject in cases provided for by the Personal Data Law, even if the subject withdraws consent or requests to stop processing;
- independently determine the composition and list of measures necessary and sufficient to ensure compliance with the requirements of the Personal Data Law and related regulations.
- provide the data subject with information concerning the processing of their personal data upon request;
- organize the processing of personal data in accordance with the legislation of the Russian Federation;
- respond to requests from data subjects and their legal representatives as required by the Personal Data Law;
- provide necessary information to the authorized body for the protection of data subjects’ rights within 10 days of receiving a request;
- publish or otherwise ensure unrestricted access to this Policy;
- take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, or dissemination, as well as other unlawful actions;
- stop the transfer or processing and destroy personal data in the manner prescribed by the Personal Data Law;
- fulfill other obligations provided by the law.
4.1. Personal data subjects have the right to:
- obtain information concerning the processing of their personal data, except in cases provided by federal laws;
- demand that the Operator clarify, block, or destroy their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or not required for the stated purpose of processing;
- request prior consent for processing personal data for marketing purposes;
- withdraw consent to personal data processing and request termination of processing;
- appeal unlawful actions or omissions of the Operator to the authorized body or in court;
- exercise other rights established by Russian law.
- provide the Operator with accurate information about themselves;
- notify the Operator of any updates or changes to their personal data.
5. Principles of Personal Data Processing
5.1. Processing is carried out on a lawful and fair basis.
5.2. Processing is limited to the achievement of specific, pre-defined, and lawful purposes.
5.3. Combining databases containing personal data processed for incompatible purposes is not allowed.
5.4. Only personal data relevant to the purposes of processing are subject to processing.
5.5. The content and volume of personal data must correspond to the stated purposes of processing; excessive data collection is not permitted.
5.6. Accuracy, sufficiency, and relevance of personal data are ensured; incomplete or inaccurate data are deleted or corrected.
5.7. Personal data are stored no longer than necessary for processing purposes unless a longer period is required by law or contract. Upon achievement of processing purposes or loss of necessity, personal data are destroyed or depersonalized.
6. Purpose of Personal Data Processing
Purpose:
Conclusion, performance, and termination of civil law contracts.
Processed personal data:
- Surname, name, patronymic;
- Telephone numbers.
Contracts concluded between the Operator and the personal data subject.
Types of processing:
Collection; recording; systematization; accumulation; storage; destruction; depersonalization.
7. Conditions for Processing Personal Data
7.1. Processing is carried out with the consent of the personal data subject.
7.2. Processing is necessary to achieve goals provided by international treaties or Russian law.
7.3. Processing is necessary for the administration of justice or enforcement of legal acts.
7.4. Processing is necessary for the execution or conclusion of a contract involving the personal data subject.
7.5. Processing is necessary for the legitimate interests of the Operator or third parties, provided this does not violate the rights and freedoms of the subject.
7.6. Processing is carried out for publicly available personal data.
7.7. Processing is carried out for data subject to publication or mandatory disclosure under law.
8. Procedure for Collection, Storage, Transfer, and Other Processing of Personal Data
The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures required by applicable law.
8.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access.
8.2. Personal data will never be transferred to third parties, except as required by law or with the subject’s consent for contract performance.
8.3. If inaccuracies are found, the User may update their data by sending an email to puteec_puteec@mail.ru with the subject line “Update of personal data.”
8.4. The period of processing is determined by the achievement of purposes, unless otherwise established by contract or law.
The User may withdraw consent at any time by sending an email to puteec_puteec@mail.ru with the subject “Withdrawal of consent to personal data processing.”
8.5. Any information collected by third-party services (including payment systems, communication providers, etc.) is stored and processed by those parties in accordance with their own User Agreements and Privacy Policies. The Operator is not responsible for the actions of third parties.
8.6. Restrictions imposed by the data subject on transfer or processing of data permitted for distribution do not apply in cases of processing for state, public, or other purposes established by law.
8.7. The Operator ensures the confidentiality of personal data.
8.8. Personal data are stored no longer than necessary for processing purposes, unless otherwise required by law or contract.
8.9. Processing terminates upon achievement of purposes, expiration or withdrawal of consent, a request for termination, or discovery of unlawful processing.
9. List of Actions Performed by the Operator with Personal Data
9.1. The Operator collects, records, systematizes, accumulates, stores, updates (modifies), retrieves, uses, transfers (distributes, provides, grants access to), depersonalizes, blocks, deletes, and destroys personal data.
9.2. The Operator performs automated processing of personal data, with or without data transmission over information and telecommunication networks.
10. Cross-Border Transfer of Personal Data
10.1. Before starting cross-border data transfer, the Operator must notify the authorized body for personal data protection of its intent (this notification is separate from the general notification of data processing).
10.2. Before submitting such notification, the Operator must obtain necessary information from the foreign authorities, individuals, or legal entities to which data transfer is planned.
11. Confidentiality of Personal Data
The Operator and other persons who have gained access to personal data are obliged not to disclose or distribute them to third parties without the consent of the data subject, unless otherwise provided by federal law.
12. Final Provisions
12.1. The User may contact the Operator for any clarifications regarding the processing of their personal data by email at puteec_puteec@mail.ru.
12.2. Any changes to this Policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is publicly available on the Internet at https://www.nicputeec.ru/privacy_policy.
Leave your contact details, and our specialist will get in touch with you shortly
