Top.Mail.Ru

PERSONAL DATA PROCESSING POLICY of the Avica Management Company LLC (hereinafter referred to as the Policy)

1. BASIC TERMS USED IN THE POLICY:

1.1. Personal Data – any information relating to a directly or indirectly determined individual or person to be determined (Personal Data Subject);

1.2. Personal Data Processor (Data Controller) - in this Policy - Avica Management Company LLC; a legal entity, independently or jointly with other persons, organizing and (or) performing the processing of Personal Data, as well as determining the objectives of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data;

1.3. Personal Data Processing – any action (operation) or set of actions (operations) with Personal Data, performed with or without the use of automation tools. The Personal Data Processing includes, but is not limited to: collection; recording; systematization; accumulation; storage; refinement (updating, modification); extraction; use; transfer (distribution, provision, access); depersonalization; blocking; deletion; destruction.

1.4. Automated Processing of Personal Data – processing of personal data using computer equipment;

1.5. Personal data distribution – measures aimed at disclosing Personal Data to an indefinite range of persons;

1.6 Personal Data Providing – measures aimed at disclosing Personal Data to an indefinite range of persons or to a specific range of persons;

1.7. Personal Data Blocking – temporary termination of processing of personal data (except in cases when processing is necessary to refine Personal Data);

1.8. Personal Data Destruction – actions as a result of which it becomes impossible to restore the content of Personal Data in the PDIS and (or) as a result of which tangible media of Personal Data are destroyed;

1.9. Depersonalization of Personal Data – actions that make it impossible without the use of additional information to determine the ownership of Personal Data to a particular Personal Data Subject;

1.10. Personal Data Information System (PDIS) – a set of personal data contained in databases and ensuring their processing of information technologies and technical means;

1.11. Cross-Border Transfer of Personal Data – transfer of Personal Data to the territory of a foreign country to the authority of a foreign country, a foreign individual or a foreign legal entity.

1.12. websites of the Avica Management Company LLC (hereinafter referred as the Website) - pages located at: https://romanovdvor.com/ and http://romanovdvor.club/.


2. RESITALS

2.1. This Personal Data Processing Policy (hereinafter – the "Policy") is prepared in accordance with paragraph 2.1 of Art. 18.1 of the Federal Law of the Russian Federation "On Personal Data" N 152-FZ dated July 27, 2006 (hereinafter – "152-FZ") and defines the position of Avica Management Company LLC (hereinafter – the Data Processing Company) in the field of processing and protection of Personal Data, observance of the rights and freedoms of each person as well as well as the information on the implemented requirements to protection of Personal Data.

2.2 This Policy in the Organization determines the procedure for the collection, storage, transfer and other types of personal data processing, as well as the information about the implemented requirements for personal data protection.

2.3. Taking into account the importance and value of Personal Data, as well as taking care of the constitutional rights of citizens of the Russian Federation, as well as citizens of other Countries, the Data Processing Company ensures their reliable protection and security.

2.4. The security of Personal Data, the Data Processing Company considers as the protection of Personal Data from unauthorized or accidental access to the data, destruction, modification, blocking, copying, provision, distribution of Personal Data, as well as from other illegal actions in relation to Personal Data, and takes the necessary legal, organizational and technical measures to protect Personal Data.

2.5. The Policy is developed in accordance with the applicable laws of the Russian Federation, including in accordance with the requirements of the following:

1) Federal Law dated July 27, 2006 N 152-FZ "On Personal Data"

2) Law of the Russian Federation dated February 7, 1992 N 2300-1 "On Protection of the Rights of Consumers"

3) Federal Law "On information, information technologies and data protection" dated July 27, 2006 N 149-FZ

4) The Order of Federal Security Service of Russia from July 10, 2014 N 378 "On Approval of Composition and Content of Organizational and Technical Measures for Ensuring Personal Data Security during its processing in PDIS with the use of Means of Cryptographic Protection of Information, necessary for performance of the established Russian Federation Government security requirements of Personal Data for each of the levels of protection"

5) The Decree of the Russian Federation Government dated November 1, 2012 N 1119 "On the approval of requirements to protection of Personal Data during its processing in PDIS"

6) The Federal Law dated December 15, 2001, No. 167-FZ "On compulsory pension insurance"

7) Federal Law No. 27-FZ dated April 1, 1996 "On individual (personalized) registration with the system of compulsory persion insurance"

8) Other Federal constitutional laws, Federal laws, by-laws of the Russian Federation and recommendations defining the cases and peculiarities of Personal Data Processing, as well as the standards of International Laws and International Treaties.



3. COMPOSITION OF PERSONAL DATA, LIST OF MEASURES AND ACTIONS WITH DATA AND CLASSIFICATION OF PERSONAL DATA SUBJECTS

3.1. Information constituting Personal Data is any information relating to a directly or indirectly identified individual or an individual to be identified (Personal Data Subject) processed by the Data Processing Company in order to implement the legitimate pre-defined objectives.

3.1.1. The Data Processing Company shall process the following Personal Data:

1) Last Name, First Name, Patronymic

2) city

3) date of birth

4) phone number

5) E-mail address

6) occupation

7) workplace information

8) areas of interest

9) other information provided by the Personal Data Subject when signing up on the Website, when filling out the contact form, when sending emails to the Data Processing Company, or information reported by the Personal Data Subject to the Data Processing Company by phone.

3.2. All personal Data processed by the Data Processing Company are confidential, strictly protected information in accordance with the applicable laws.

3.3. List of measures and actions performed by the Data Processing Company with Personal Data: collection, analysis, generalization, storage, modification, addition, transfer (without (or) cross-border transfer to the territory of countries providing reliable protection), destruction of Personal Data, blocking, deletion, encryption.

3.4. The Data Processing Company uses a mixed processing of personal data - Automated and Manual Personal Data Processing.

3.5. The Data Processing Company, as the Data Controller for Personal Data, in order to properly perform its obligations, carries out the processing of Personal Data belonging to:

1) persons who have agreed to the processing of their Personal Data and subscribed to the newsletter, information and advertising mailings on the Website;

2) persons who provided their Personal Data on the website of Avica Management Company LLC for feedback;

3) individuals who are Applicants

4) individuals who are Employees

5) individuals engaged in the execution of works, provision of services, and concluded the civil contract with the Data Processing Company

6) individuals representing the interests of the Counterparty of the legal entity, regardless of the type of legal entity

7) individuals and individual entrepreneurs with whom Avica Management Company LLC enters into a civil contract; (hereinafter referred as the Personal Data Subjects)


4. PURPOSES OF PERSONAL DATA PROCESSING

4.1. Personal Data Processing for the Personal Data Subjects shall be carried out by the Data Processing Company for the following purposes:

1) compliance with the requirements of the Constitution of the Russian Federation, Federal Laws and other regulatory legal acts, internal regulations of Avica Management Company LLC;

2) registration of labor and other contractual relationships;

3) HR recordkeeping, accounting records, taxation management;

4) ensuring the conditions and procedures necessary for the employees of Avica Management Company LLC to perform their employment duties;

5) approval, conclusion, maintenance, amendment, termination of contracts with individuals, legal entities and individual entrepreneurs;

6) fulfillment of obligations of Avica Management Company LLC stipulated by the contracts concluded with individuals, legal entities and individual entrepreneurs;

7) improving the quality of the website of Avica Management Company LLC;

8) consultation and processing of requests and applications from Users of the Avica Management Company LLC website;

9) distribution of news, information and advertising messages to persons who have agreed to receive such messages from Avica Management Company LLC;

10) determining the preferences of website visitors, personalizing and improving the usability of the Website;


5. PROCEDURE FOR COLLECTION, STORAGE, TRANSFER AND OTHER TYPES OF PERSONAL DATA PROCESSING

5.1. When You provide Your data through the feedback form, email, letters or by phone You provide information on a voluntary basis. The Data Processing Company uses this information to answer Your question, to give feedback to potential customers and for other purposes provided in this Policy.

5.2. Even if you did not fill out the feedback form on our website, we have the opportunity to track the use of our website, including the duration of your stay on the website, the requests you used to clickthrough to the website, pages from which clickthrough was made, geographical location, types of mobile devices you are using. This information is not used to track information about individuals and does not allow their identification, but is used in the overall level in order to improve the use of the website and to plan marketing activities.

The processing of the above data by the Data Controller takes place using the specialized web applications - Google Analytics and Yandex.Metrika in accordance with the Guidelines, referenced below.

Personal Data Processing Guidelines by Google Analytics. Personal Data Processing Guidelines by Yandex.Metrika

5.3 Avica Management Company LLC shall not sell or transfer Personal Data of users of the websites - https://romanovdvor.com/ and http://romanovdvor.club/. The Data Processing Company only sends advertising information to those users who have subscribed to advertising and informational newsletters by filling out the appropriate form on the website. Users can refuse to receive the newsletter by clicking on the appropriate link "unsubscribe from the newsletter", or by contacting us about it via email info@avica.com, or by sending a registered letter by mail to: 125009, Moscow, 4 Romanov lane, buildg. 2

5.3. Personal Data Processing, performed without the use of automation tools, shall be carried out in such a way

shall be provided. The Data Processing Company ensures the safety of Personal Data and takes measures to prevent unauthorized access to Personal Data.

5.2. The processing of Personal Data performed using automation tools shall be carried out in accordance with Art. 19 of the Federal Law dated July 27, 2006 N 152-FZ "On Personal Data" and the requirements for the protection of Personal Data, the compliance of which ensures the levels of Personal Data protection established by the Government of the Russian Federation, including (but not limited to) subject to the following actions:

1) The Data Processing Company takes technical measures aimed at preventing unauthorized access to Personal Data and (or) its transferring to persons who do not have the right to access such information;

2) The Data Processing Company shall configure safety instruments for timely detection of unauthorized access to Personal Data;

3) The Data Processing Company isolates technical means of automated Personal Data Processing in order to prevent the impact on the data, as a result of which data functioning may be disrupted;

4) The Data Processing Company constantly monitors the security of personal data.

5.3. Personal Data shall not be disclosed to third parties and shall not be distributed without the consent of the Personal Data Subject, unless otherwise provided by the applicable laws of the Russian Federation. The Data Processing Company shall provide information in accordance with applicable laws, upon request, to any national and/or international regulatory body, law enforcement authorities, central or local executive bodies, other public authorities or courts. 5.3.1. By using the website https://romanovdvor.com/ and/or http://romanovdvor.club/, by filling out the feedback form on the website, you express your consent to the automated and manual processing of your Personal Data. Consent and this Policy are also provided for review before sending any feedback form on the website next to the corresponding form.

5.4. Avica Management Company LLC may transfer Personal Data internally among those employees who need Personal Data to fulfill the obligations provided for by a labor or civil contract in the event that

the data have been collected. Information about persons who have subscribed to the newsletter is retained until the Data Processing Company is notified that those persons no longer wish to receive the newsletter.

5.6. In order to achieve the purposes of personal data processing, the Data Processing Company has the right to sub-contract the processing of personal data to third parties with the consent of the Personal Data Subject, on the basis of an contract concluded with these third parties.

5.6.1. These third parties include: Terrasoft Distribution Center LLC, TIN 7725328680, Legal address: 15280, Moscow, Leninskaya Sloboda st., house No. 26, 2nd floor, block I office 1, www.terrasoft.ru

Privacy statement of Terrasoft Distribution Center LLC: https://www.terrasoft.ru/privacy-policy

Under the contract between the Data Processing Company and Terrasoft Distribution Center LLC, the Data Processing Company instructs Terrasoft Distribution Center LLC to process Personal Data, in particular, to perform the following actions: recording; systematization; accumulation; storage; depersonalization; blocking; destruction.

5.7. Third parties processing Personal Data on behalf of the Data Processing Company undertake to comply with the principles and guidelines for the processing and protection of Personal Data stipulated by the Federal Law 152-FZ, non-disclosure agreement and Contract concluded between the Data Processing Company and the relevant third party, as well as the terms of this Policy.

5.8. The periods of processing and storing Personal Data of the Personal Data Subjects shall be determined in accordance with this Policy, the applicable laws of the Russian Federation and other regulatory legal acts.



6. PERSONAL DATA PROCESSING PRINCIPLES

1) principles of legality and equity;

2) principles for limiting the processing of Personal Data, the principles of specific, predetermined, and legitimate purposes;

3) principles of ensuring the proper protection of Personal Data;

4) principles of conformity of purposes for processing Personal Data with the purposes, predetermined and declared when collecting Personal Data;

5) principles of correspondence of the volume, nature and methods of Personal Data Processing to the purposes of Personal Data Processing;

6) principles of the reliability of Personal Data, its sufficiency for processing purposes, the inadmissibility of the processing of Personal Data redundant in relation to the purposes declared when collecting Personal Data;

7) principles of inadmissibility of combining databases containing Personal Data, the processing of which is carried out for purposes incompatible with each other;

8) principles of storage of Personal Data in a form that allows to determine the Personal Data Subject, no longer than required by the purposes of its processing;

9) the principles of the destruction or depersonalization of Personal Data on implementing the purposes of their processing, if the period for storing Personal Data is not established by the laws of the Russian Federation, by the contract under which the Personal Data Subject is the Beneficiary or Guarantor;

10) principles of privacy and security of processed Personal Data.

measures to protect Personal Data from unauthorized or accidental access, destruction, modification, blocking, copying, providing, disseminating Personal Data, as well as from other illegal actions in relation to Personal Data.


7.2. The Data Processing Company shall take the following measures and conduct the following activities (but not limited to):

1) to organize a security regime for the premises where the information system is located that prevents the possibility of uncontrolled entry or stay in these premises by persons who do not have access to these premises;

2) to ensure the safety of Personal Data media;

3) to keep records of persons admitted to work with Personal Data in the information system;

4) to keep records of Personal Data storage media;

5) to use reliable means of information protection;

6) to set strong passwords on computers that process Personal Data and regularly update them

7) to install alarms and additional locks, metal doors, store documents in a safe and lockable fireproof cabinets

8) to carry out internal control over the compliance of Personal Data Processing with the Federal Law dated July 27, 2006 N 152-FZ "On Personal Data" and regulations adopted in accordance with it, and with the requirements for Personal Data protection, policies regarding Personal Data processing and other local regulations;

Personal Data";

10) to use means of cryptographic protection of information;

11) to transmit Personal Data only through secure Personal Data transmission channels;

12) to cooperate with organizations with a proven status of reliability and safety;

13) to take other measures approved by the laws of the Russian Federation and internal documents of Avica Management Company LLC

7.3. Persons whose access to Personal Data processed in the information system is necessary for performance of official (labor) duties shall be allowed to the corresponding Personal Data on the basis of the list approved by the authorized person in the Data Processing Company. Requests of users of the Information system to obtain Personal Data, as well as the facts of providing Personal Data on these requests are recorded by automated tools of the Information system in the electronic journal of requests. Upon detection of violations in the procedure of providing Personal Data, the authorized person shall immediately suspend the provision of Personal Data to users of the Information system until the causes of violations are identified and these causes are eliminated.


8. RIGHTS AND OBLIGATIONS OF THE DATA CONTROLLER

8.1. Avica Management Company LLC as the Personal Data Controller shall have the following rights:

1) to defend its interests in court;

2) to provide Personal Data of data subjects to third parties, if it is stipulated by the applicable laws

4) to process of lawfully obtained Personal Data in accordance with a predetermined purposes of processing of the Personal Data;

5) to modify, refine, destroy or block the Personal Data of the Personal Data Subjects in accordance with the requirements received from the Personal Data Subjects;

6) other rights stipulated by this Policy and the applicable laws of the Russian Federation


8.2. Avica Management Company LLC as the Personal Data Controller shall:

7) provide information regarding the processing of Personal Data to the Personal Data Subjects according to the relevant requirement of the Personal Data Subjects

8) in case of unlawful processing of Personal Data when requesting the Personal Data Subject or its representative, or at the request of the Personal Data Subject or its representative or the authorized body for protection of the rights of Personal Data Subjects, block unlawfully processed Personal Data relating to this subject of personal data, or provide data blocking (if the processing of Personal Data is carried out by third party acting on behalf of the Data Controller) from the moment of request or receipt of the specified request for the period of inspection;

9) in case of detection of inaccurate Personal Data when requesting the Personal Data Subject or its representative, or at the request of the Personal Data Subject or the authorized body for protection of the rights of Personal Data Subjects, block Personal Data relating to this subject of personal data, or provide data blocking (if the processing of Personal Data is carried out by third party acting on behalf of the Data Controller) from the moment of request or receipt of the specified request for the period of inspection, if the blocking of Personal Data does not violate the rights and legitimate interests

Data or its representative or an authorized body for the protection of the rights of Personal Data Subjects, or other necessary documents, refine Personal Data or ensure their refinement (if Personal Data are processed by third party acting on behalf of the Data Controller) within 7 (seven) business days from the date of submission such data and remove the blocking of Personal Data;

11) in case of detection unlawful processing of Personal Data performed by the Data Controller or a third party acting on behalf of the Data Controller, within a period not exceeding 3 (three) business days from the date of this detection, terminate unauthorized processing of Personal Data or ensure the termination of unlawful processing of Personal Data by a third party acting on behalf of the Data Controller. In the event that it is impossible to ensure the lawfulness of the processing of Personal Data, the Data Controller shall, within a period not exceeding 10 (ten) business days from the date of unlawful processing of Personal Data, destroy such Personal Data or ensure its destruction. The Data Controller is obliged to notify the Personal Data Subject or its representative about the elimination of the violations or the destruction of Personal Data, and if the Personal Data Subject or its representative request or the request of the authorized body for the protection of Personal Data are sent by the authorized body for the protection of Personal Data Subjects, also to notify the specified body.

12) in the case of achieving the purpose of processing of Personal Data, terminate the processing of Personal Data or ensure its termination (if the processing of Personal Data is carried out by a third party acting on behalf of the Data Controller) and to destroy Personal Data or ensure data destruction (if the processing of Personal Data is carried out by a third party acting on behalf of the Data Controller)

within 30 (thirty) days from the date of achievement of the purpose of processing Personal Data, unless otherwise provided by the contract, the party to which as a beneficiary or guarantor is the Personal Data Subject, other agreement between the Data Controller and the Personal Data Subject or if the Data Controller is not entitled to process Personal Data without the consent of the Personal Data Subject on the grounds stipulated by the applicable Federal Law or other Federal Laws.

13) in case of a withdrawal by the Personal Data Subject of consent to the processing of its Personal Data, the Data Controller shall terminate processing data or ensure the termination of data processing (if the processing of Personal Data is carried out by a third party, acting on behalf of the Data Controller),

in case of the said of a withdrawal, unless otherwise provided by the contract, the party to which as a beneficiary or guarantor is the Personal Data Subject, other agreement between the Data Controller and the Personal Data Subject or if the Data Controller is not entitled to process Personal Data without the consent of the Personal Data Subject on the grounds stipulated by the applicable Federal Law or other Federal Laws.

14) other obligations stipulated by this Policy and the applicable laws of the Russian Federation





9. RIGHTS OF THE PERSONAL DATA SUBJECTS

9.1. Personal Data Subjects shall have the right:

1) to require refinement of own Personal Data, its blocking or destruction if Personal Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and also to take measures provided by laws to protect own rights;

2) to request a list of own Personal Data processed by the Data Controller and the data source;

3) to receive information on the processing time of own Personal Data, including the storage period;

4) to require notification of all persons who have previously obtained incorrect or incomplete Personal Data of the Personal Data Subject, of all the exceptions, corrections or additions to the data;

5) appeal to the authorized body for the protection of the rights of Personal Data Subjects or to a court on the unlawful acts or omissions in the processing of Personal Data of this Personal Data Subject;




10. FINAL PROVISIONS


10.1. This Policy is subject to amendments and additions, as appropriate, in any of the following cases:

1) When making amendments to the laws of the Russian Federation in the field of processing and protection of Personal Data
2) In cases of obtaining instructions to eliminate inconsistencies affecting the scope of the Policy
3) By decision of the management of the Data Processing Company
4) When changing the purposes of Personal Data processing
5) When changing or introducing new organizational structure, structure of information and/or telecommunication systems
6) When applying new Personal Data processing technologies
7) In case of the need to change the procedure of processing Personal Data related to the activities of the Data Processing Company

10.2. This Policy is an internal document of the Data Processing Company, and is subject to posting on the official website of the Data Processing Company. In the case of amendments to this Policy, a restated version shall be made available to the public on the official website of the Data Processing Company.

10.3. Control over the compliance with the requirements of this Policy shall be carried out by the authorized person responsible for ensuring the security of Personal Data in the Data Processing Company.

Data of individuals, as well as for disclosure or unlawful usage of Personal Data in accordance with the applicable laws of the Russian Federation.




If you still have any questions we'll be happy to answer any of them! Email: info@avica.com

Correspondence address: 125009, Moscow, 4 Romanov lane, buildg. 2

Office phone number: 8 (495) 287-18-18





Best regards, UK Avica LLC