POLICY REGARDING THE PROCESSING OF PERSONAL DATA

1. General provisions

1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by “MGBOT” Limited Liability Company (hereinafter referred to as the Operator).

1.2. The policy was developed in accordance with Paragraph 2 of Part 1 of Article 18.1 of the Federal law dated July 27, 2006 № 152-FZ "On Personal Data" (hereinafter referred to as the Federal law "On Personal Data").

1.3. The policy contains information subject to disclosure in accordance with Part 1 of Article 14 of the Federal Law “On Personal Data” and is a publicly available document.

1.4. Basic concepts used in the Policy:

personal data — any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data);

personal data operator (operator) — a legal entity, independently or jointly with other persons, organizing and (or) carrying out the processing of personal data, as well as defining the purposes of processing of personal data, composition of personal data subject to processing, actions (operations) performed with personal data;

subject of personal data — a natural person whose personal data is processed by the operator;

processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, destruction of personal data;

1.5. Basic rights and obligations of the operator and the subject(s) of personal data. The subject of personal data has the right to:

  • receive personal data relating to this subject and information relating to their processing;
  • clarify, block or destroy his personal data in the event that they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
  • withdraw his consent to processing of personal data;
  • protect his/her rights and legitimate interests, including compensation for damages and compensation for moral harm in court;
  • appeal the actions or omissions of the Operator to the authorized body for protection of the rights of subjects of personal data or in court.
  • in order to exercise their rights and legitimate interests, the subjects of personal data have the right to contact the Operator or to send a request personally or though a representative. The request must contain the information specified in Part 3 of Article 14 of the Federal Law “On Personal Data”.

The Operator is obliged to:

- when collecting personal data, provide the subject of personal data at his/her request with the following information: 1) confirmation of the fact of processing of personal data by the operator; 2) legal grounds and purposes for processing of personal data; 3) the purposes and methods used by the operator for processing of personal data; 4) name and location of the operator, information about persons (except employees of the operator) who have access to personal data or to whom personal data can be disclosed on the basis of a contract with the operator or on the basis of federal law; 5) processed personal data relating to the relevant subject of personal data, the source of their receipt, if another procedure for submission of such data is not provided by federal law; 6) the time limits for processing of personal data, including the period of their storage; 7) the procedure for exercising by of the subject of personal data of his/her rights provided for by this Federal Law; (8) information on the carried out or proposed transboundary data transfer; (9) the name or surname, first name, patronymic and address of the person carrying out the processing of personal data on behalf of the operator, if the processing is or will be entrusted to such person.

2. Purposes of personal data collection

The Operator processes personal data of customers in the context of legal relations with the Operator, regulated by Part Two of the Civil Code of the Russian Federation dated January 26, 1996 № 14-FZ.

The Operator processes personal data of customers in order to comply with the laws of the Russian Federation, as well as in order to:

  • inform about new products, special promotions and offers;
  • conclude and execute the terms of the contract.

3. Legal basis for processing of personal data

The legal basis for processing of personal data is a set of legal acts, pursuant to which the operator performs the processing of personal data, namely, the Charter of the Operator, the Civil Code of the Russian Federation (Part Two) dated 26.01.1996 N 14-FZ, the Law of the Russian Federation dated 07.02.1992 N 2300-1 “On Protection of Consumer Rights”, contracts concluded between the operator and the subject of personal data.

The Operator processes personal data of customers with their consent provided by customers and/or their legal representatives, by performing implicative actions on this website, including, but not limited to, by placing an order, registering a personal account, subscribing to the newsletter, in accordance with this Policy.

4. Scope and categories of personal data processed, categories of subjects of personal data

The Operator processes personal data of customers and contractors of the operator (natural persons); representatives/employees of customers and contractors of the operator (legal entities).

The Operator processes the following personal data of customers and contractors of the operator (natural persons): Surname, first name, patronymic; Date of birth; Address; Contact phone number; E-mail address; Passport data (when issuing documents for return of goods).

The Operator processes the following personal data of representatives/employees of customers and contractors of the operator (legal entities): Surname, first name, patronymic; Date of birth; Address; Contact phone number; E-mail address; Passport data (in order to certify the authority of the representative according to the power of attorney).

5. Procedure and conditions of processing of personal data

The Operator processes personal data on a legal and fair basis for performance of the functions, powers and duties assigned by law, the exercise of rights and legitimate interests of the Operator, Operator's employees and third parties.
The Operator receives personal data directly from the subjects of personal data.

The Operator processes personal data in automated and non-automated ways, with the use of computer equipment and without the use of such tools.
Actions for processing of personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

The Operator appoints a person responsible for organization of the processing of personal data to perform the duties stipulated by the Federal Law “On Personal Data” and the normative legal acts accepted in accordance with it.
The Operator applies a set of legal, organizational and technical measures to ensure the security of personal data in order to ensure the confidentiality of personal data and their protection from illegal actions:

  • provides unlimited access to the Policy, a copy of which is placed at the address of the Operator's location, and can also be posted on the Operator's website (if any);
  • in pursuance of the Policy, approves and implements the document “Regulations on processing of personal data” (hereinafter referred to as the Regulations) and other local acts;
  • familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
  • permits the admission of employees to personal data processed in the Operator's information system, as well as to their material carriers only for the performance of labor duties;
  • establishes the rules of access to personal data processed in the Operator's information system, as well as ensures registration and recording of all actions with them;
  • determines security threats of personal data during their processing in the Operator's information system;
  • applies organizational and technical measures and uses information security tools necessary to achieve the established level of security of personal data;
  • detects the facts of unauthorized access to personal data and takes measures to respond, including recovery of personal data modified or destroyed because of unauthorized access to them;
  • evaluates the effectiveness of the measures taken to ensure the security of personal data prior to commissioning of the Operator's information system;
  • carries out internal control of compliance of processing of personal data with the Federal Law “On Personal Data” and the normative legal acts adopted in accordance with it, the requirements for protection of personal data, the Policy, Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security during processing in the Operator information system.

The Operator processes personal data of customers no longer than required by the purposes of processing of personal data, unless otherwise provided by the requirements of the legislation of the Russian Federation.

6. Updating, rectification, deletion and destruction of personal data, responses to requests of subjects for access to personal data
In case of confirmation of inaccuracy of personal data or illegality of their processing, personal data shall be updated by the operator, and processing shall be terminated accordingly.

Upon achievement of the purposes of processing of personal data, as well as in case of withdrawal of consent by the subject of personal data to processing of personal data, the personal data shall be destroyed if:

  • otherwise is not provided by the contract, the party, the beneficiary or the guarantor to or under which the subject of personal data is;
  • the operator is not entitled to processing without the consent of the subject of personal data on the grounds stipulated by the Federal Law “On Personal Data” or other federal laws;
  • otherwise is not provided by another agreement between the operator and the subject of personal data.

The operator is obliged to inform the subject of personal data or his/her representative about the processing of the personal data of such subject upon the request of the latter.

7. Information about the Operator:

Name: “MGBOT” Limited Liability Company

Legal address: 196105, St. Petersburg, Sveaborgskaya Str. 12, room 54N, office 1; OGRN 1177847064570.