Confidentiality agreement for the personal information on the website
https://rigelstrips.com (RIGEL Trade LP)
1. GENERAL TERMS
1.2. RIGEL Trade LP protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
1.3. Changing Policy
1.3.1. RIGEL Trade LP reserves the right to amend this Policy. When making changes, the date of the last revision of the edition is indicated in the Policy header. The new version of the Policy comes into power from the moment it is posted on the official website, unless otherwise provided by the new edition of the Policy.
1.5. Use of the website www.rigelstrips.com means the unconditional consent of the user to this Policy and to the terms of processing his personal information specified therein; in case of disagreement with these conditions, the user should refrain from using this resource.
1.6. This Policy applies only to the website www.rigelstrips.com and does not control and is not responsible for third-party sites, which can be accessed through the links available at www.rigelstrips.com. On such sites, other personal information may be collected or requested from the user, and other actions may also be performed.
1.7. The site in general does not verify the reliability of personal information, provided by its users, and does not control their legal capacity. However, the site www.rigelstrips.com assumes that the user provides reliable and sufficient personal information on the issues offered in the forms of this resource, and maintains this information in an up-to-date state.
2. TERMS AND ABBREVIATIONS
Personal data (PD) - any information related to a directly or indirectly determined individual (personal data subject) - including: name, surname, patronymic, registration address, telephone number, e-mail address. Personal data processing - any action (operation) or set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, updating (changing), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, destruction of personal data.
Automated processing of personal data - processing of personal data by means of computer facilities. Personal data information system (PDIS) - a set of personal data contained in databases and information technologies and technical means that provide its processing. Personal data made publicly available by the subject of personal data - PD, access of an unlimited circle of people, which is provided by the subject of personal data or at his request.
Blocking of personal data - temporary termination of the processing of personal data (except for the cases, when processing is necessary to clarify personal data).
Destruction of personal data is an action that makes it impossible to restore the contents of personal data in the information system and (or) as a result of which data carriers of personal data are destroyed.
Operator - an organisation, independently or jointly with other people, organizing the processing of personal data, as well as deciphering the purposes of processing personal data subject to processing, actions (operations) performed with personal data. The operator is a Rigel Trade LP, located at: 197110, St. Petersburg, Red cadet Street, 25, letter H, of. 418.
3. PROCESSING OF PERSONAL DATA
3.1. Obtaining the PD.
3.1.1. The Company receives personal data from the subject of the PD in the following ways:
– the entity grants the PD about itself independently upon leaving the application, ordering a return call, making a purchase or in another process of using the site.
– automatically receives data transmitted by the site www.rigelstrips.com in the process of its use by the subject of the PD using the software installed on the user's device, including the IP address, information from the cookie, information about the user's browser (or other program, using which he accesses the site), the access time, the address of the requested page.
3.2. Processing of PD.
3.2.1. Processing of personal data is carried out:
– with the consent of the subject of personal data to the processing of his personal data;
– in cases when the processing of personal data is necessary for the implementation and performance of the functions, powers and duties imposed by the legislation of the Russian Federation;
– in cases where the processing of personal data is carried out, the access of an unlimited circle of people is provided by the subject of personal data or at his request (hereinafter - personal data made by the public entity of personal data).
3.2.2. Objectives of processing personal data:
– identification of the party in the framework of agreements and contracts with the website;
– providing the user with personalized services, goods and other valuables;
– communication with the user, including sending notifications, requests and information regarding the use of the site, the provision of services, as well as the processing of requests and applications from the user;
– improving the quality of the site, the convenience of its use, the development of new products and services;
– targeting of advertising materials;
– conducting statistical and other studies based on the data provided;
– data transfer to third parties, for the purpose of carrying out the activities of the resource (for example, delivery of goods by courier, transport company, etc.);
– conclusion, execution and termination of civil law contracts with individuals, legal entities, individual entrepreneurs and other persons, in cases stipulated by the current legislation and/or the Charter of the enterprise
3.2.3. Categories of subjects of personal data.
The following PD subjects’ PD is processed:
– individuals who have expressed an intention to purchase the goods of RIGEL Trade LP or to obtain information about such goods.
3.2.4. PDs processed by the Operator:
– data obtained during the implementation of labor relations;
– data obtained for the selection of candidates for work;
– data obtained during the implementation of civil law relations.
3.2.5. Processing of personal data is conducted:
– using automation tools;
– without the use of automation tools.
3.3. Storage of PD.
3.3.1. PD of subjects can be obtained, processed further and transferred to storage both on paper carriers and electronically.
3.3.2. PDs, fixed on paper carriers, are stored in lockable cabinets or in lockable rooms with limited access rights.
3.3.3. PD of subjects, processed using automation tools for different purposes, are stored in different folders.
3.3.4. It is not allowed to store and place documents containing PD in open electronic catalogues (file sharing) in PDIS.
3.3.5. Storing PD in the form that allows you to determine the subject of PD, is carried out for no longer than required by the purpose of processing, and they are subject to destruction upon achievement of treatment objectives or in the event of a loss of the need to achieve them.
3.4. Destruction of PD.
3.4.1. Destruction of documents (carriers) containing PD is made by burning, crushing, chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, a shredder is allowed.
3.4.2. PDs on electronic carriers are destroyed by erasing or formatting the carrier.
3.5. Transfer of PD.
3.5.1. The operator transfers the PD to third parties in the following cases:
– the subject expressed his consent to such actions;
– the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
3.5.2. List of people to whom the PD is transferred.
Third parties, to whom PDs are transferred:
– Transport and courier companies - individuals and legal entities and their representatives with the purpose of fulfilling the obligation of RIGEL Trade LP to deliver the goods;
– operators of contextual advertising and other advertising organizations;
– banking institutions - for making settlements with PD entities;
– bodies of the Ministry of Internal Affairs of Russia in the cases established by the legislation.
4. PROTECTION OF PERSONAL INFORMATION
4.1. In accordance with the requirements of regulatory documents, the Operator has created a system for the protection of personal data (SPPD), consisting of legal, organizational and technical protection subsystems.
4.2. The legal protection subsystem is a set of legal, organizational and regulatory documents that ensure the creation, functioning and improvement of an SPPD.
4.3. The organizational protection subsystem includes the organization of the management structure of the SPPD, the permitting system, and the protection of information when working with employees, partners, and third parties.
4.4. The subsystem of technical protection includes a set of technical means, software, firmware, that provide protection of PD.
4.4. The main protection measures for PD used by the Operator are:
4.5.1. Appointment of the person responsible for handling the PD, which organises the processing of PD, training and briefing, internal control over the compliance of the institution and its employees with the requirements for the protection of PD.
4.5.2. Determination of actual threats to the safety of PDs during their processing in the PDIS and development of measures to protect the PD.
4.5.3. Development of a policy for the processing of personal data.
4.5.4. Establishment of access rules to PDs processed in the PDIS, as well as ensuring the registration and recording of all actions performed with PD in the PDIS.
4.5.5. Establishment of individual passwords for employees to access the information system in accordance with their production responsibilities.
4.5.6. The use of procedures that were passed in accordance with the established order for assessing the compliance of information protection means.
4.5.7. Certified antivirus software with regularly updated databases.
4.5.8. Compliance with the conditions ensuring the safety of the PD and excluding unauthorized access to it.
4.5.9. Detection of the facts of unauthorized access to personal data and taking measures.
4.5.10. Recovery of PD, modified or destroyed due to unauthorized access to it.
4.5.11. Teaching Operator’s employees, that are directly processing personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents that determine the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.
4.5.12. Implementation of internal control and audit.
5. MAIN RIGHTS OF THE SUBJECT AND THE OBLIGATIONS OF THE OPERATOR
5.1. Main rights of the subject of PD.
The subject has the right to access to his personal data and the following information:
– confirmation of the fact of the processing of the PD by the Operator;
– legal grounds and objectives for processing PD;
– objectives and methods of processing PD used by the Operator;
– the name and location of the Operator, information about the people (with the exception of the Operator's employees) who have access to the PD or who can be disclosed by the PD on the basis of a contract with the Operator or on the basis of a federal law;
– the terms of processing of personal data, including the terms of their storage;
– the procedure for the subject of the PD to exercise the rights provided for by this Federal Law;
– the name or surname, name, patronymic and address of the person carrying out the processing of the PD on behalf of the Operator, if the processing is entrusted or will be entrusted to such person;
– contacting the Operator and sending him requests;
– appeal against the actions or omissions of the Operator.
5.2. The subject of the PD can at any time change (update, supplement) the personal information or part of it, as well as the parameters of its confidentiality, leaving a statement to the website’s administration by e-mail: firstname.lastname@example.org
5.3. The user can at any time withdraw his consent to the processing of personal data, leaving an application to the website’s administration by e-mail: email@example.com
5.4. Operator Responsibilities.
The operator is obliged:
– when collecting PD, provide information on the processing of PD;
– in cases where the PD was not obtained from the subject of the PD, notify the subject;
– in case of refusal to provide the PD, the subject is explained the consequences of such refusal;
– to publish or otherwise provide unrestricted access to the document that defines its policy regarding the processing of PD, to information about the current requirements for the protection of PD;
– to take the necessary legal, organizational and technical measures or ensure their adoption to protect the PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions against PD;
– to give answers to inquiries and appeals of the subjects of the PD, their representatives and the authorised body for the protection of the rights of the subjects of the PD.
6. FEEDBACK. QUESTIONS AND SUGGESTIONS
6.1. All proposals or questions about this Policy should be sent by the Russian Post operator to the legal address of Rigel Trade LP