Version 2, April 8, 2019
1. GENERAL PROVISIONS
1.1. This confidentiality policy (hereinafter the “Policy”) is published by “Eco-Vector” LLC, OGRN 1099847039907, INN/KPP 7806423692/784101001, located at: Office 1N, Bldg. 3A, Aptekarsky Lane, Saint Petersburg (hereinafter the “Operator”), to govern the processing of the personal data of any user of the Operator’s site (hereinafter the “User”).
1.2. The Policy has been developed and published by the Operator in accordance with item 2, part 1, Article 18.1 of the Federal Law dated July 27, 2006, No. 152-FZ “On personal data” (hereinafter the FL “On personal data”).
1.3. The Policy has been developed to conform with the legal requirements on personal data processing and protection, and aims to ensure the protection of human and citizen rights and freedoms during the processing of personal data, including the protection of rights to personal and family privacy.
1.4. The Policy contains information subject to disclosure in accordance with part 1, Article 14 of the FL “On personal data” and is a public document available at: www.eco-vector.com.
1.5. To keep the Policy updated with regard to personal data processing, the Operator is entitled to modify the Policy at any time by publishing the appropriate revisions. The Policy can only be changed by publishing its revised version on the Site.
2. BASIC TERMS
2.1. Personal data — any information that is directly or indirectly related to a specific individual (subject of personal data).
2.2. Personal data processing — any activity (operation) or combination of activities (operations) performed by means of automation equipment or without such equipment, including acquisition, recording, systematization, accumulation, storage, clarification (update, revision), retrieval, use, transfer (distribution, providing access), depersonalization, blocking, deletion, and disposal of personal data.
2.3. Operator of personal data — an entity that independently or together with other parties arranges and/or performs personal data processing, as well as determining the goals of personal data processing, the data content subject to processing, and activities (operations) that use Users’ personal data.
2.4. Personal data confidentiality — of the Operator and any other parties given access to the personal data to neither disclose them to any third parties nor distribute them without the User’s consent, unless otherwise specified by Federal Law.
2.5. Site — entirety of programs for electronic computing machines and other information contained in the information system, accessed via the data telecommunication network (Internet) and located at www.eco-vector.com. The Site can provide links to other Internet resources. The Operator is not liable for the confidentiality of information placed by the User on any of these other sites.
3. USER RIGHTS
3.1. The User is entitled:
3.1.1. To receive personal data relating to the User, as well as information regarding data processing;
3.1.2. To clarify, block, or dispose personal data that are incomplete, obsolete, incorrect, illegally received, or not required for the stated purpose of processing;
3.1.3. To recall their consent to personal data processing;
3.1.4. To protect their rights and legal interests, including recovery of losses and compensation for moral harm in a court of law;
3.1.5. To appeal against actions or omissions of the Operator to the authorized body protecting the rights of personal data subjects or to a court of law.
4. BASES FOR PERSONAL DATA PROCESSING
4.1 The Operator shall process personal data only on the legal and fair bases of fulfilling its functions, authority, and obligations under legislation, and of implementing the rights and legal interests of the Operator and the User.
4.2 The Operator shall receive personal data directly from the User and shall process the data only with the User’s consent. The Operator shall receive the User’s personal data when the User interacts with some functions of the Site.
5. USER PERSONAL DATA PROCESSING
5.1. The Policy shall establish the Operator’s obligations of nondisclosure and ensuring protection of the confidentiality of personal data provided by the User when using the Site.
5.2. The Operator shall process Users’ personal data for the purpose of meeting RF legislation and regulations, as well as for such purpose(s) as follows:
5.2.1. Providing Users with an access to special information.
5.2.2. Processing requests on the Operator’s Site.
5.3. Users shall be asked to indicate their consent to the Operator processing their personal data by ticking a box under the personal data acquisition form on the Site.
5.4. Categories of personal data collected by the Operator for achieving the goals specified in item 5.2 of the Policy:
5.4.1. Last name
5.4.2. First name
5.4.4. Residential address
5.4.5. Contact phone number
5.4.6. Email address
5.4.7. User ID stored in cookie
5.5. The Operator shall not process special categories of the User’s personal data.
5.6. The Operator shall not process biometric categories of the User’s personal data.
5.7. The Policy shall only apply to the information processed during use of the Site. The Operator shall not monitor and shall not be liable for information processing by the sites and services of third parties accessed by Users through links available on the Site.
5.8. The Operator shall not verify the authenticity of personal data provided by the User, and shall not have the possibility to evaluate the User’s ability to act. However, the Operator shall proceed on the premise that the User provides accurate and sufficient personal data and keeps the data updated.
6. PROCESSING OF USERS’ PERSONAL DATA USING COOKIE FILES
6.1. Cookie files transferred by Users’ equipment can be used for providing Users with customized functions on the Site, for personal advertising shown to Users, for statistical and research purposes, and for Site improvement.
6.2. Users are aware that the hardware and software they use to access websites can prohibit operations with cookie files (for all sites or specific sites) and allow the deletion of previously received cookie files.
6.3. The Operator is entitled to limit certain Site functions to Users that permit cookie files to be stored.
6.4. The structure, content, and technical parameters of cookie files shall be determined by the Operator and can be changed without prior notification of Users.
6.5. Counters placed on the site or in Site applications can be used for analysis of Users’ cookie files, for the acquisition and processing of statistical information about Site use, and for ensuring the serviceability of the entire Site and particular individual functions. Technical parameters of the counters’ operation shall be determined by the Operator and can be changed without prior notification of Users.
7. CONDITIONS OF PROCESSING USERS’ PERSONAL DATA
7.1. Users’ personal data shall only be processed until the processing goals have been achieved.
7.2. The Operator shall process Users’ personal data by automated methods using computer equipment.
7.3. Personal data processing shall include acquisition, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, providing access), depersonalization, blocking, deleting, and disposal.
7.4. The confidentiality of personal data shall be protected, except where Users voluntarily provide information about themselves for public access by an unlimited range of people.
7.5. The Operator is entitled to transfer the User’s personal data to third parties in the following cases:
7.5.1. The User provided consent for such operations;
7.5.2. Transfer is required for the User’s use of certain Site functions or to fulfill a certain agreement or contract;
7.5.3. Transfer is stipulated by Russian or any other valid legislation within the scope of the procedure established by the legislation;
7.5.4. Such transfer falls within a (complete or partial) sales or business transfer whereby the purchaser assumes all the liabilities of complying with the Policy regarding collected personal data;
7.5.5. Processing of Users’ personal data produces depersonalized statistical data that are transferred to third parties for research, work performance, or rendering services under the Operator’s direction;
7.5.6. Transfer to authorized government bodies of the Russian Federation is based and in accordance with the procedure established by valid legislation of the Russian Federation.
7.6. The Operator shall conform with the following government legislation when processing Users’ personal data:
7.6.1. The FL “On personal data”;
7.6.2. Decree of the Government of the Russian Federation dated 01.11.2012, No. 1119 “On approval of requirements to personal data protection when processing in the personal data information systems”;
7.6.3. Order of the Federal Service for Technical and Export Control of Russia dated February 18, 2013, No. 21 “On approval of the content and composition of organizational and technical measures for ensuring personal data safety when processing in the personal data information systems”;
7.6.4 Order of the FSS of Russia dated 10.07.2014, No. 378 “On approval of the content and composition of organizational and technical measures for ensuring personal data safety during processing in the personal data information systems using cryptographic protection of information required for meeting requirements established by the Government of the Russian Federation to personal data protection of each level of security.”
7.7. The Operator shall implement organizational and technical measures required to protect Users’ personal data against illegal or accidental access, disposal, modification, blocking, copying, distribution, and any other illegal actions of third parties.
7.8. The Operator shall, together with the User, implement all required measures to prevent losses or any other consequences resulting from the loss or disclosure of personal data.
8. MANDATORY DATA STORAGE
8.1. The Users’ rights specified in the Policy can be limited in accordance with the requirements of valid legislation. In particular, such limitations can stipulate the Operator’s obligation to keep information revised or deleted by the User for the period specified by the legislation, and/or to submit such information to the state authority in accordance with the legally established procedure.
9. INFORMATION ABOUT ENSURING PERSONAL DATA SAFETY
9.1. The Operator shall appoint the person in charge of overseeing personal data processing, with responsibility for fulfilling the duties specified in the FL “On personal data” and in the regulatory enactments adopted in connection therewith.
9.2. The Operator shall use the set of legal, organizational, and technical provisions for ensuring personal data safety, confidentiality, and protection against illegal actions by:
9.2.1. Establishing rules on access to personal data processed in the Operator’s information system, as well as ensuring the registration and recording of all operations involving the data;
9.2.2. Assessing the potential harm to Users should the FL “On personal data” be violated;
9.2.3. Determining safety risks to personal data during processing in the Operator’s information system;
9.2.4. Implementing the organizational and technical measures and information protection means required to achieve the mandated level of personal data security;
9.2.5. Detecting factors of unauthorized access to personal data and implementing response measures, including the recovery of personal data modified or disposed due to unauthorized access;
9.2.6. Assessing the effectiveness of measures for ensuring personal data safety prior to making them operational in the Operator’s information system;
9.2.7. Performing internal monitoring of the compliance of personal data processing with the FL “On personal data,” regulatory enactments adopted in connection therewith, personal data protection requirements, the Policy, Provision, and any other local acts, including the monitoring of personal data safety measures and the level of security during processing in the Operator’s information system.
10. INFORMATION ABOUT OPERATOR
10.1. The database containing the personal data of Users, as citizens of the Russian Federation, is located in the territory of the Russian Federation.
10.2. To implement their rights and legal interests, Users are entitled to apply to the Operator personally or through a representative via the address stated in item 1.1 of the Policy or the email address specified on the Site. Each request shall contain the information stated in part 3, Article 14 of the FL “On personal data.”