Saint-Petersburg
Mon-Fri 10-18
info@rocksoft.ru

PD Processing Policy

Terms and accepted abbreviations

  • Personal data (PD) is any information related directly or indirectly to a specific or identifiable individual (PD subject).
  • Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
  • Automated processing of personal data is the processing of personal data using computer technology.
  • The Personal Data Information System (ISPS) is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
  • Personal data made publicly available by the subject of personal data is PD, access to which is provided to an unlimited number of persons by the subject of personal data or at his request.
  • Blocking of personal data is the temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).
  • Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
  • A cookie is a piece of data that is automatically stored on your computer's hard drive every time you visit a website. Thus, a cookie is a unique browser identifier for a website. Cookies allow you to store information on the server and help you navigate the web more easily, as well as allow you to analyze the site and evaluate the results. Most web browsers allow the use of cookies, but you can change the settings to refuse cookies or track the way they are sent. However, some resources may not work correctly if cookies are disabled in the browser.
  • Web marks. On certain web pages or emails, the Operator may use the "web tagging" technology common on the Internet (also known as "tags" or "precise GIF technology"). Web tags help to analyze the effectiveness of websites, for example, by measuring the number of site visitors or the number of "clicks" made on key positions of a site page.
  • Operator is an organization that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
  • The user is an Internet user.
  • The site is a real resource rocksoft.ru owned by the company, and the widgets and applications hosted on it.

General provisions

  • This Policy regarding the processing of personal data (hereinafter referred to as the Policy) It is compiled in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ dated July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing and applies to all personal data that the Operator can receive from the User during their use in the network of the Internet Site.
  • The Operator ensures the protection of the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data".
  • The Operator has the right to make changes to this Policy. When making changes, the date of the last revision update is indicated in the Policy header. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
  • The Operator is obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with Part 2 of Article 18.1. FZ-152.

Principles of personal data processing

  • The processing of personal data by the Operator is carried out on the basis of the following principles:
    • legality and fair basis;
    • restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
    • preventing the processing of personal data incompatible with the purposes of collecting personal data;
    • preventing the merging of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
    • processing only those personal data that meet the purposes of their processing;
    • compliance of the content and volume of the processed personal data with the stated purposes of processing;
    • preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
    • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
    • destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law.

Processing of personal data

  • All PD should be obtained from the PD subject himself. If the subject's PD can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him.
  • The operator must inform the PD subject about the purposes, intended sources and methods of obtaining PD, the nature of the PD to be received, the list of actions with PD, the period during which the consent is valid and the procedure for its withdrawal, as well as the consequences of the PD subject's refusal to give written consent to receive them.
  • Documents containing PD are created by receiving PD over the Internet from the PD subject while using the Site.
  • The operator performs PD processing in the presence of at least one of the following conditions:
    • The processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
    • The processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law, to carry out and fulfill the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;
    • The processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official to be executed in accordance with the legislation of the Russian Federation on enforcement proceedings;
    • The processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as for the conclusion of an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
    • The processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
    • Personal data is processed, access to which is provided to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as publicly available personal data);
    • The processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
  • The operator can process PD for the following purposes:
    • raising awareness of the PD subject about the Operator's products and services;
    • conclusion of contracts with the PD subject and their execution;
    • informing the PD subject about the Operator's news and offers;
    • identification of the PD subject on the Site;
    • ensuring compliance with laws and other regulatory legal acts in the field of personal data.
  • Categories of personal data subjects. PD of the following PD subjects are processed:
    • Individuals who have civil relations with the Operator;
    • Individuals who are Users of the Site;
  • PD processed by the Operator:
    • data received from Site Users.
  • Personal data is processed by:
    • – using automation tools;
    • – without using automation tools.
  • Storage of PD.
    • PD of subjects can be obtained, further processed and transferred to storage both on paper and in electronic form.
    • PD recorded on paper media are stored in lockable cabinets or in lockable rooms with limited access rights.
    • PD of subjects processed using automation tools for different purposes are stored in different folders.
    • It is not allowed to store and place documents containing PD in open electronic catalogs (file sharing sites) in the ISPD.
    • The storage of PD in a form that allows to identify the subject of PD is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them.
  • Destruction of PD.
    • The destruction of documents (media) containing PD is carried out by burning, crushing (crushing), chemical decomposition, transformation into a shapeless mass or powder. Shredder is allowed to destroy paper documents.
    • PD on electronic media is destroyed by erasing or formatting the media.
    • The fact of destruction of PD is documented by the act of destruction of media.
  • Transmission of PD.
    • The operator transfers the PD to third parties in the following cases:
      • – the subject has expressed his consent to such actions;
      • – the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

Personal data protection

  • In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (NWPD), consisting of subsystems of legal, organizational and technical protection.
  • The subsystem of legal protection is a set of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the NWPD.
  • The subsystem of organizational protection includes the organization of the management structure of the NWPD, the licensing system, information protection when working with employees, partners and third parties.
  • The subsystem of technical protection includes a complex of technical, software, software and hardware tools that ensure the protection of PD.
  • The main PD protection measures used by the Operator are:
    • Identification of current threats to the safety of PD during their processing in the ISPD and the development of measures and measures to protect PD.
    • Development of a policy regarding the processing of personal data.
    • Setting rules for access to PD processed in ISPD
    • Setting individual passwords for employees' access to the information system in accordance with their work responsibilities.
    • The use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure.
    • Compliance with the conditions that ensure the safety of PD and exclude unauthorized access to them.
    • Detection of unauthorized access to personal data and taking measures.
    • Restoration of PD modified or destroyed due to unauthorized access to them.
    • Training of the Operator's employees directly engaged in the processing of personal data on the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.
    • Implementation of internal control and audit.

Basic rights of the PD subject and obligations of the Operator

  • The basic rights of a PD subject.
    • confirmation of PD processing by the Operator;
    • legal grounds and purposes of PD processing;
    • goals and methods of PD processing used by the Operator;
    • the name and location of the Operator, information about persons (except for employees of the Operator) who have access to PD or to whom PD may be disclosed on the basis of an agreement with the Operator or on the basis of a federal law;
    • terms of processing of personal data, including the terms of their storage;
    • the procedure for the exercise by a PD subject of the rights provided for by this Federal Law;
    • the name or surname, first name, patronymic and address of the person processing PD on behalf of the Operator, if processing is or will be entrusted to such a person;
    • contacting the Operator and sending requests to him;
    • appeal against the actions or omissions of the Operator.
    • The Site user can withdraw his consent to the processing of PD at any time by sending an e-mail to the e-mail address: info@rocksoft.ru. Upon receipt of such a message, the processing of the User's PD will be terminated and his PD will be deleted, except in cases where processing can be continued in accordance with the law.
    • Responsibilities of the Operator.
      • when collecting PD, provide information about the processing of PD;
      • in cases where the PD was not received from the PD subject, notify the subject;
      • if the subject refuses to provide PD, the consequences of such refusal are explained to the subject;
      • publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of PD, to information about the implemented requirements for the protection of PD;
      • take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;
      • provide answers to requests and appeals from PD subjects, their representatives and the authorized body for the protection of the rights of PD subjects.

Features of processing and protection of data collected using the Internet

  • There are two main ways in which an Operator receives data via the Internet:
    • Provision of PD by PD subjects by filling out Website forms;
    • Automatically collected information.
    • information about the interests of Users on the Site based on the entered search queries of Site users about services and goods sold and offered for sale in order to provide relevant information to Users when using the Site, as well as generalization and analysis of information about which sections of the Site, services, goods are in the greatest demand among Site Users;
    • processing and storing Site Users' search queries in order to summarize and create statistics on the use of Site sections.
  • The Operator automatically receives some types of information received during User interaction with the Site, e-mail correspondence, etc. We are talking about technologies and services such as cookies, Web tags, as well as applications and User tools.
  • At the same time, Web tags, cookies and other monitoring technologies do not make it possible to automatically receive PD. If the User of the Site provides his personal data at his discretion, for example, when filling out a feedback form, then only then the processes of automatic collection of detailed information are launched for the convenience of using the Site and / or to improve interaction with Users.

Final provisions

  • This Policy is a local regulatory act of the Operator.
  • This Policy is publicly available. The general availability of this Policy is ensured by publication on the Operator's Website.
  • This Policy may be revised in any of the following cases:
    • when changing the legislation of the Russian Federation in the field of personal data processing and protection;
    • in cases of receiving instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy
    • by the decision of the Operator;
    • when changing the goals and deadlines of PD processing;
    • when changing the organizational structure, the structure of information and/or telecommunication systems (or introducing new ones);
    • when using new technologies for processing and protecting PD (including transmission, storage);
    • if there is a need to change the PD processing process related to the Operator's activity.
  • In case of non-compliance with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Russian Federation.