Confidentiality Policy and Personal Data Processing on the website kgerus.me as amended on the 2nd November 2020
- Current policy is developed in accordance with the Federal Law of July 27, 2006 N152-FZ “On personal data” and other regulations, governing activity of personal data operators and applies to all personal data that can be received from the Personal Data Subject using the website kgerus.me (hereinafter – “Website”).
- This Policy determines the procedure for processing personal data and measures to ensure the security of personal data of the website kgerus.me users in order to protect the rights and freedoms of a person and citizen when processing his/her personal data, including protecting the rights to privacy, personal and family secrets.
- Use of the Website means the unconditional consent of a User with the terms of this Policy and the indicated terms of receiving and processing his personal information. In case of disagreement with these conditions, the User must refrain from using the Website.
Definitions and abbreviations
- “Personal data” is any information relating directly or indirectly to specific or identifiable individual (to the subject of personal data) using the Website.
- “Operator of personal data” is the individual entrepreneur Ekaterina Anatolievna Gerus, ОГРНИП 3207 74600234782
- “Subject of personal data (User)” is an individual who has access to the website kgerus.me and is using the information, materials and products of the Website via internet.
- “Website” is a collection of logically related web pages, accessible on the Internet using the unique address: kgerus.me and/or its sub-domains.
- “IP-address” is a unique network address of a node in a computer network through which the User gains access to the Website.
- “Cookies” is a small piece of data sent by a web server and stored on a user’s computer, which the web client or web browser sends to the web server each time in an HTTP request when trying to open the page of the corresponding site.
- “Service” is an offer presented on the Website.
- “Processing of personal data” is any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
- “Automated processing of personal data” is processing of personal data using computing tools.
- “Blocking of personal data” is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
- “Destruction of personal data” are actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Processing of personal data
- Operator ensures protection of the processed personal data from unauthorized access and disclosure, unlawful use and loss according to the requirements of the Federal Law of July 27, 2006 N152-FZ.
- At the consent of a User the Operator processes the personal data (with automated or without automated computing tools).
- The Operator receives all personal data from the User himself. The Operator does not check reliability of data, provided by the User. The personal data are provided voluntarily.
- The Personal data obtained by the Operator from a User include:
- Name and/or Surname and/or Father name;
- Telephone number;
- Email address;
- Data that is automatically transmitted to the services of the Website in the course of their use using the software installed on the User’s device, including the IP-address, cookie data, information about the User’s browser (or other program through which the services are accessed), technical characteristics of the hardware and software used by the User, the date and time of access to the services, the addresses of the requested pages and other similar information.
- The User’s personal data may be used for the following purposes:
- Establishing feedback with the User, including sending notifications, requests regarding the use of the Website, the provision of services, processing requests and applications from the User;
- Monitoring and improving the quality and usability of services;
- Conducting statistical and other studies based on anonymized data;
- Distribution of information.
- The Operator has the right to transfer personal data and other data of the User to third parties, and the User agrees to this, in order to sell its services.
- The storage of Personal Data is provided on the electronic medium to ensure protection from their unlawful use or loss.
- Destruction of personal data stored on the electronic medium is carried our by deleting the data. If required, the electronic medium is destroyed.
- The Operator has no right to use the Personal data for purposes outside of this Policy.
- Processing of personal data of Users is carried out without limitations in time.
Personal data protection
- According to the requirements of the regulations the Operator is obliged to take the necessary legal, organizational and technical measures or ensure protection of personal data.
- The key measures used by the Operator to protect the data are:
- appoint a person responsible for processing Personal data, who is organising processing of Personal data, educating and instructing, internal controlling to ensure the workers to comply with the requirements for Personal data protection;
- Define the relevant risks for security of Personal data during their processing and develop the measures to protect the Personal data;
- Define the rules for access to the processed Personal data;
- Assign individual passwords for employees to access the information system according to their responsibilities;
- Comply with rules to ensure security of Personal data and avoid unauthorized access to them;
- Detect the facts of unauthorized access to Personal data and take measures to react and protect;
- Restore Personal data modified or destroyed as a result of an unauthorized access;
- Educate workers, who are processing Personal data, about Russian regulations regarding Personal data, including requirements for protection of Personal data, documents describing the Operator’s policy for processing personal data and local acts regarding processing of Personal data.
- Control and audit to ensure protection of Personal data.
- The Operator has right to make changes to the text of the current Policy without consent of a User.
- If the Policy is modified the date of the latest changes is shown in the heading of the Policy. The new version of the Policy is valid from the date of its publication on the Website, unless otherwise is written in the new version of the Policy.
- All proposals and questions regarding this Policy should be addressed to firstname.lastname@example.org
- Current Policy is published on the page http://kgerus.me/en/enprivacy/.