Personal data processing policy

Personal data processing policy (PDF)

According to the Regulations on Trade Secrets, approved by Bufernaya Bukhta LLC dated December 6, 2017

1. General provisions

1.1. The personal data processing policy at Bufernaya Bukhta LLC (hereinafter referred to as the Policy) determines the procedure for processing and protection of Bufernaya Bukhta LLC (hereinafter referred to as Operator) and its affiliates information about individuals (hereinafter referred to as Users), which can be obtained by the Operator when using User of the services provided through the site lifehacker.ru and its subdomains *.lifehacker.ru and the site burninghut.ru and its subdomains *.burninghut.ru (hereinafter referred to as the Site).

1.2. This Policy is aimed at protecting the rights and freedoms of humans and citizens when processed by the Operator his personal data, including the protection of rights to privacy, personal and family secret.

1.3. This Policy has been developed in accordance with the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data” (hereinafter referred to as the Federal Law “On Personal Data”).

1.4. The Policy applies to all personal data of Users processed by the Operator using automation means and without the use of such means, received both before and after the approval of this Politicians.

1.5. The Policy contains information subject to disclosure in accordance with Part. 1 tbsp. 14 Federal Law “On Personal Data”.

1.6. The Policy is posted on the Operator’s Website at: https://lifehacker.ru/privacy, is a publicly accessible document and is required for review by persons transferring personal data to the Operator through the Site.

2. Terms and Definitions

Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).

Information - information (messages, data) regardless of the form of their presentation.

Personal data operator (operator) is a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Automated processing of personal data - processing of personal data using computer technology.

Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons.

Dissemination of personal data - actions aimed at disclosing personal data to an unknown number of persons.

Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

Blocking of personal data is a temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data).

Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data data in the personal data information system and (or) as a result of which material media of personal data are destroyed data.

Depersonalization of personal data - actions as a result of which it becomes impossible without the use additional information to determine whether personal data belongs to a specific subject of personal data data.

Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

3. Purposes of collecting personal data

3.1. In accordance with the requirements of the current legislation of the Russian Federation, the Operator determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data, organizes and carries out the processing of personal data, as well as organizes and ensures the protection of the processed personal data.

3.2. Information about the Operator.

Full name: Limited Liability Company "Bufernaya Bay".

Short name: Bufernaya Bay LLC.

OGRN 1087328004752, INN 7328054190, KPP 732501001.

Legal address and location: 432071, Ulyanovsk, st. Radishcheva, d. 70, 3rd floor.

3.3. The operator processes personal data in order to comply with the laws of the Russian Federation, including, but not limited to, for the following purposes:

3.3.1. User identification.

3.3.2. Sending the user notifications and information related to the use of the site, the provision of services, as well as processing the user’s requests and applications.

3.3.3. Information about new products, special promotions and offers.

3.3.4. Conducting competitions.

3.3.5. Formation of user authorization means used by him to access closed segments of the site.

3.3.6. Provide feedback to users of the Operator’s Website, including to receive users' opinions, questions regarding website information and information products of the Operator, as well as for sending them answers.

3.3.7. For other lawful purposes.

4. Legal grounds for processing personal data

4.1. The relations discussed in this Agreement related to the collection, storage, processing, distribution and protection of user information are regulated in accordance with the current legislation of the Russian Federation. The application of foreign law to them is possible only in cases provided for by the legislation of the Russian Federation and international agreements valid for the Russian Federation.

5. Principles, procedure and conditions for processing personal data

5.1. In its activities, the operator ensures compliance with the principles of processing personal data specified in Art. 5 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”, including:

5.1.1. Legality and fairness of the purposes and methods of processing personal data.

5.1.2. Compliance of the purposes of processing personal data with the goals predetermined and stated when collecting personal data, as well as with the powers of the Company.

5.1.3. Correspondence of the volume and nature of the processed personal data, methods of processing personal data to the purposes of their processing.

5.1.4. The reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data.

5.1.5. It is inadmissible to combine databases containing personal data created for incompatible purposes.

5.1.6. Storage of personal data must be carried out in a form that allows identifying the subject of personal data, no longer than required by the purposes of their processing, if the period storage of personal data is not established by federal law, an agreement to which the subject of personal data is a party, beneficiary or recipient data.

5.1.7. Destruction upon achievement of the purposes of processing personal data or in the event of loss of the need to achieve them, unless otherwise provided by federal law.

5.2. The operator processes personal data on a legal and fair basis to fulfill the assigned legislation of functions, powers and duties, exercise of rights and legitimate interests of the Operator, employees Operator and third parties.

5.3. The Operator processes personal data of Users with their consent provided by Users and/or their legal representatives by committing implied actions on the Operator’s Website, including, but not limited to, placing an order, registering in your personal account, subscribing to the newsletter, in accordance with this Politics.

5.4. The operator processes personal data in automated and non-automated ways, with and without the use of computer technology.

5.5. The operator may process the following personal data of clients:

5.5.1. Full Name.

5.5.2. Address.

5.5.3. Contact phone number.

5.5.4. E-mail address.

5.5.5. IP address.

5.6. Actions for processing personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

5.7. The operator does not verify the accuracy of personal data provided by users. The Operator assumes that the user provides personal data in his own interest without the intention of violating the rights and legitimate interests of third parties and the Operator or causing them losses.

5.8. The operator and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by the Federal law of the Russian Federation.

5.9. The Operator processes Users’ personal data no longer than required by the purposes of processing personal data, unless otherwise provided by the requirements of the legislation of the Russian Federation.

5.10. The destruction of personal data by the Operator is carried out in the manner and within the time limits provided for by the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data”.

5.11. To destroy personal data, the User can submit a corresponding request to [email protected] or delete his account from the Operator’s Website.

5.12. The content and scope of the personal data processed correspond to the stated purposes of processing. The personal data processed is not redundant in relation to the stated purposes of processing.

6. Information about ensuring the security of personal data

6.1. When processing personal data, the operator takes the necessary legal, organizational and technical measures or ensures their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.

6.2. Measures to ensure the security of personal data during their processing, applied by the Operator, are planned and are implemented in order to ensure compliance with the requirements given in Article 19 of the Federal Law-152 “On personal data."

6.3. In accordance with Article 18.1 of Federal Law-152, the Operator independently determines the composition and list of measures necessary and sufficient to ensure compliance with legal requirements. The operator has in particular taken the following measures:

6.3.1. Local acts on the processing of personal data have been introduced, as well as local acts establishing procedures aimed at preventing and identifying violations of established procedures for the processing of personal data and eliminating the consequences such violations.

6.3.2. Legal, organizational and technical measures are applied to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152.

6.3.3. Internal control is carried out regarding the compliance of the processing of personal data with Federal Law No. 152 and the regulations adopted in accordance with it. legal acts, requirements for the protection of personal data, the Operator’s policy regarding the processing of personal data, local regulations Operator.

6.3.4. An assessment of the harm that may be caused to personal data subjects in case of violation of Federal Law 152 is carried out, the relationship between the specified harm and the measures taken by the Operator aimed at ensuring the fulfillment of obligations, provided for by Federal Law-152.

6.3.5. The Operator’s employees directly involved in the processing of personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator’s policy regarding the processing of personal data, local regulations on the processing of personal data data.

6.3.6. In addition to the requirements of Federal Law No. 152 “On Personal Data,” the Operator carries out a set of measures aimed at protecting information about clients, employees and contractors.

7. Rights of personal data subjects

7.1. The subject of personal data has the right:

7.1.1. To receive personal data relating to this subject and information regarding their processing.

7.1.2. To clarify, block or destroy his personal data if they are incomplete, out of date, inaccurate, unlawfully obtained, or not necessary for the stated purpose processing.

7.1.3. Withdraw consent to the processing of personal data by sending a corresponding request to the Operator by mail or in person.

7.1.4. To protect your rights and legitimate interests.

7.2. To exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part. 3 tbsp. 14 Federal Law “On Personal Data”.

7.3. In the event that the subject of personal data believes that the Operator is processing his personal data in violation of the requirements of the Federal Law or otherwise violates his rights and freedom, the subject of personal data has the right to appeal against the actions or inaction of the Operator by contacting the authorized body for the protection of the rights of personal data subjects or in court ok.

7.4. The rights and obligations of the Operator are determined by current legislation and agreements of the Operator.

7.5. Suggestions and comments for changes to the Policy should be sent to [email protected]. The policy is updated as necessary.