Policy of personal data processing
1. General provisions, parties, purpose of the document
1.1. The current Privacy Policy and Processing of Personal Data (hereinafter referred to as the “Policy”) establishes the procedures and conditions for processing personal data by the individual entrepreneur Musakhanov Imran Kariomovich (TIN 263218861208, OGRNIP 314265121900417, email: [email protected]), acting in accordance with Russian legislation (hereinafter referred to as the “Operator” or “We”). This information pertains to an individual that can be obtained by the Operator directly from said individual or from their legal representative (hereinafter referred to as the “User”, “Subject of Personal Data”, or “You”), in the following contexts concerning the Subject of Personal Data:
a) When using the functions of the website https://imram-kriya.com, including all its domains, subdomains, and pages, their content, as well as internet services and software provided by the Operator for use on these websites (hereinafter referred to as the “Website”);
b) When implementing Operator’s rights and obligations established by agreements/contracts concluded between the Operator and the User;
c) When processing requests, complaints, inquiries, messages sent by the Operator and the User to each other.
d) When sending out informational materials, conducting free lectures, events by the Operator.
2. Legal grounds for processing personal data
2.1. The legal grounds for processing personal data are:
a) Consent to the processing of personal data, expressed in a manner established by law and this Policy;
b) agreements concluded between the Operator and the User;
c) Local regulatory acts of the Operator in the field of personal data.
2.2. The subject of personal data makes a decision on the provision of his personal data and gives consent to their processing freely, by his own will and in his own interest. The inaction of a personal data subject cannot be interpreted as consent. The consent for the processing of personal data must be specific, tangible, informed, conscious, and unambiguous. The consent to the terms of the Policy can be expressed by the subject of personal data through any of the following actions:
a) Entering into a contract with the Operator, such as, for example, a contract-offer for the provision of information consulting services; provided that the User is given the opportunity to familiarize himself/herself with the full text of this Policy at each data collection point.
b) Placing a symbol in a check-box (in an input field) on the Website next to the text: “I consent to the processing of personal data in accordance with the Terms, provided that the User is given the opportunity to familiarize themselves with the full text of this Policy at each point of data collection.”
3. Policy of personal data processing
3.1. The purpose of processing personal data, categories and list of processed personal data, categories of subjects, personal data of which are processed, methods and terms of processing and storage, procedure for destruction of personal data upon achieving the objectives of their processing or upon the occurrence of other legal grounds
3.1.1. Objective : authentication and registration of the subject’s personal data for the conclusion of a contract for the provision of informational-consulting services
- Categories and list of processed data: surname, name, patronymic, telephone number, email.
- Categories of subjects, personal data of which are processed: subjects of personal data – Users of the Website.
- Methods of processing: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, utilization, anonymization, transmission (access, provision), blocking, deletion, destruction of personal data.
- Processing and storage period: until receipt of a request from the data subject regarding termination of processing/withdrawal of consent or 5 (five) years.
- Procedure for the destruction of personal data when the purpose of their processing is achieved or when other legal grounds occur: the person responsible for the processing of personal data performs data erasure by overwriting method (replacing all storage units with “0”) with the preparation of an act on the destruction of personal data.
3.1.2. Objective: communication with the User, directing messages to the User, notifications, requests, responses, documents, messages of advertising or informational nature, promotion of the operator’s services on the market.
- Categories and list of processed data: name, surname, telephone number, email, social network handles (messenger links).
- Categories of subjects, personal data of which are processed: subjects of personal data – Users of the Website.
- Methods of processing: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, utilization, anonymization, blocking, deletion, destruction of personal data.
- Processing and storage period: until receipt of a request from the data subject regarding termination of processing/withdrawal of consent or 5 (five) years/withdrawal of consent or 5 (five) years.
- Procedure for the destruction of personal data when the purpose of their processing is achieved or when other legal grounds occur: the person responsible for the processing of personal data performs data erasure by overwriting method (replacing all storage units with “0”) with the preparation of an act on the destruction of personal data.
3.1.3. Objective: processing of appeals, complaints, requests, messages, sent by the Operator and the User to each other.
- Categories and list of processed data: surname, name, telephone number, email, message text (if the message text contains personal data), social network handles (messenger).
- Categories of subjects, personal data of which are processed: subjects of personal data – Users of the Website.
- Methods of processing: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, utilization, anonymization, transmission (access, provision), blocking, deletion, destruction of personal data.
- Processing and storage period: until receipt of a request from the data subject regarding termination of processing/withdrawal of consent or 5 (five) years/withdrawal of consent or 5 (five) years.
- Procedure for the destruction of personal data when the purpose of their processing is achieved or when other legal grounds occur: the person responsible for the processing of personal data performs data erasure by overwriting method (replacing all storage units with “0”) with the preparation of an act on the destruction of personal data.
3.1.4. Objective: reviews by the User about the services of the Operator.
- Categories and list of processed data: surname, name, message text (if the message text contains personal data), data of social media accounts of the User, data about the image: photographs, video recordings, other technical fixation of facial and body images.
- Categories of subjects, personal data of which are processed: subjects of personal data – Users of the Website.
- Methods of processing: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, utilization, anonymization, transmission (access, provision), blocking, distribution, deletion, destruction of personal data.
- Processing and storage period: until receipt of a request from the data subject regarding termination of processing/withdrawal of consent or 5 (five) years.
- Procedure for the destruction of personal data when the purpose of their processing is achieved or when other legal grounds occur: the person responsible for the processing of personal data performs data erasure by overwriting method (replacing all storage units with “0”) with the preparation of an act on the destruction of personal data.
3.1.5. Objective: promotion of goods, work, services.
- Categories and list of processed data: surname, name, patronymic, email address, nickname in social network (messenger).
- Categories of subjects, personal data of which are processed: subjects of personal data – Users of the Website.
- Methods of processing: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, utilization, anonymization, transmission (access, provision), blocking, distribution, deletion, destruction of personal data.
- Processing and storage period: until receipt of a request from the data subject regarding termination of processing/withdrawal of consent or 5 (five) years.
- Procedure for the destruction of personal data when the purpose of their processing is achieved or when other legal grounds occur: the person responsible for the processing of personal data performs data erasure by overwriting method (replacing all storage units with “0”) with the preparation of an act on the destruction of personal data.
3.1.6. The processing of personal data will be limited to the achievement of these specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purpose of processing is not allowed.
3.1.7. About cookie technology:
3.1.7.1. Cookies: – This is a fragment of data sent by the Operator’s server and stored on the Subject’s personal data device. The content of such a file may or may not relate to personal data, depending on whether the file contains personal data or anonymized technical data.
3.1.7.2. The subject of personal data has the right to prohibit the receipt of this data by its equipment or to restrict the receipt of this data. When refusing to receive such data or when limiting the data reception, some functions of the Site may work incorrectly. The subject of personal data is obliged to configure their equipment in such a way that it ensures an adequate mode of operation and level of data protection for cookies, and the Operator does not provide technological and legal consultations on similar matters.
3.2. Order and conditions for processing personal data
3.2.1. Processing of personal data – any action (operation) or combination of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of personal data. In the current Policy, goals for processing personal data, categories and list of processed personal data, categories of subjects, personal data being processed, methods and terms of processing and storage, procedure for destruction of personal data upon achieving the goals of their processing or upon the occurrence of other legal grounds for each objectives of processing are established.
3.2.2. The operator can process data using the specified methods (operations) both in information systems of personal data and without using automation tools.
3.2.3. The operator will process personal data for as long as necessary to achieve the specific objective of processing.
3.2.4. In case of withdrawal by the subject of personal data consent to the processing of personal data or expiration of the consent period, upon the subject’s request to terminate the processing of personal data, the Operator has the right to block the data and process them in an archived form for a period of 3 (three) years.
3.3. Measures to protect personal data
3.3.1. The operator takes all necessary measures to protect personal data from unauthorized, accidental, or unlawful destruction, loss, alteration, unethical use, disclosure, access, as well as other illegal forms of processing.
3.3.2. By default, personal information is processed automatically by equipment without access to it by anyone. If such access is necessary, the Operator provides access to personal data only to those individuals who need this information to ensure the purpose of processing. To protect and ensure the confidentiality of data, such individuals must commit to complying with internal legal rules and procedures, as well as implementing technical and organizational security measures regarding the processing of personal information.
3.3.3. When processing personal data without the use of automation tools, as well as during automated processing, sufficient security of the place where the processing of personal data takes place is ensured.
3.3.4. Disclosure of personal data can only be carried out in accordance with the current legislation of the Russian Federation at the request of the court, law enforcement agencies, and in other cases provided for by the legislation of the Russian Federation.
3.3.5. The operator does not verify the accuracy of the information provided by the data subject of personal data and assumes that the data subject of personal data, in accordance with the principle of good faith and the requirements of Article 19 of the Civil Code of the Russian Federation, provides accurate and sufficient information, takes care of the timeliness of making changes to the previously provided information, and updates the information.
3.4. Transfer of personal data to third parties and dissemination of personal data
3.4.1. The operator is able to transfer (by means of access and provision) personal data to the following third parties:
a) in relation to which a transfer (translation) of rights or obligations, or an innovation according to the corresponding agreement (for example, in case of property rights, in case of sale or other alienation of business as a whole or in part);
b) To any regulatory body, law enforcement agencies, central or local authorities, other official or government bodies or courts, to which the Operator is obliged to provide information upon request in accordance with applicable legislation.
c) To individuals who ensure the legal protection of the Operator’s rights or third parties in case of violation of their rights or threats to violate their rights, including violations of laws or regulatory documents.
d) In case the Subject of personal data has expressed consent to the transfer of personal data to a third party, or the transfer of personal data is required to fulfill an agreement or contract concluded with the Subject of personal data. This refers to cases where the User has allowed their equipment to receive, transmit, and store files using cookie technology, if such a file contains personal data.
3.4.2. The operator is able to transmit (by means of unlimited dissemination) personal data in the following cases:
a) The User himself allowed the free distribution of categories of personal data to an unlimited circle of persons.
3.5. Rights and obligations regarding personal data.
3.5.1. The subject of personal data is obliged to ensure the confidentiality of the provided information, the timeliness of making changes to the provided information, its updating. In case of non-compliance, the Operator is not responsible for non-performance of obligations, any damages, harm or losses.
3.5.2. “To exercise the right to access, correct, block, and delete personal data, the Data Subject is entitled to submit a written request to the Operator’s email address specified in this Policy.”
3.5.3. The main rights of the personal data subject:
- To request information about the processing of personal data.
- To withdraw consent for the processing of personal data.
- To require restrictions on the processing of personal data
- To require to cease processing personal data if it is provided for by applicable legislation and this Policy.
In cases provided for by applicable legislation, the Subject of personal data has other rights not specified above.
3.5.4. The subject of personal data is obliged to use the details from this Policy to submit requests regarding the implementation of the rights of the subject of personal data or complaints regarding the inaccuracy of information or the illegality of its processing. Such requests and complaints are considered within a period not exceeding 10 (ten) working days from the date of receipt by the Operator.
3.5.5. The subject of personal data has the right to withdraw consent for the processing of personal data at any time. To withdraw consent for the processing of personal data, the Data Subject sends a Notification in writing about the withdrawal of consent to the Operator to the email address specified in the requisites section of this Policy.
3.6. Rules for storage and processing of personal data of Russian citizens, rules on cross-border transfer of personal data
3.6.1. The operator processes personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
3.6.2. The Operator before starting cross-border transfer of personal data must ensure that the foreign state to whose territory the transfer of personal data is supposed to be carried out provides reliable protection of the rights of subjects of personal data and notify the authorized state body in the field of personal data about the intention to carry out cross-border transfer of personal data to the territory of foreign states that meet the specified requirements.
3.6.3. Operator until the beginning of cross-border transfer of personal data to the territory of a foreign state, in which reliable protection of the rights of subjects of personal data is not ensured, is obliged to obtain the permission of the state body authorized in the field of personal data to carry out cross-border transfer of personal data to the territory of such foreign states.
4. Change of Confidentiality Policy. Applicable legislation. Interpretation.
4.1. The Operator has the right to make changes to the current Policy. When changes are made to the current version, the date of the last update is indicated. The new edition of Politics comes into force from the moment of its placement, unless otherwise provided by the new edition of Politics. The forces lost by the editorial office are available in the archive at the address specified in the Policy.
4.2. The Operator informs the subjects of personal data who have previously expressed their consent to the Policy about the changes to the Policy, guided by the choice of the form of informing, based on the fact that the subject’s consent to the processing of personal data must be specific, tangible, informed, conscious, and unambiguous.
4.3. The place of expression of consent and the place of implementation of the Policy is always the location of the Operator, and the right applicable to the relations of the Operator and the Subject of personal data is always the right of Russia, regardless of where the Subject of personal data or equipment used by them is located. All disputes and disagreements are resolved at the location of the Operator, unless otherwise provided by law.
4.4. Policy begins to regulate the relationship between the Subject of personal data and the Operator from the moment of expression by the Subject of personal data of consent to its conditions and is valid indefinitely. The indefinite validity of the Policy as a document does not in any way mean the indefinite/no limitation of the period of personal data processing. Unilateral termination of the Policy at the will of one of the parties is not allowed.
4.5. Interpretation rules:
4.5.1. The terms ‘agreement’ and ‘contract’ are synonymous.
4.5.2. It is considered that the words “include”, “includes”, “including”, “for example”, “for instance”, “among others”, “such as” always require the phrase “but not limited to”, which does not restrict the general nature of those words.
4.5.3. It is considered that the words “or”/”or” are understood by default as enumeration, that is, analogous to “and”, if it does not directly follow from the context of the text that the word “or”/”or” denotes the choice of one of the options.
4.5.4. It is considered that the value of the Word used with a Capital letter does not differ from the value of the same word used with a lowercase letter/absence of time limits for the processing of personal data. Unilateral termination of the Policy at the will of one of the parties is not allowed.
5. Personal information of users that is received and processed by Websites
5.1. Within the framework of the current Policy under “personal user information” is understood:
5.1.1. Personal information that the user provides about themselves independently when submitting an application, making a purchase, registering (creating an account) or in another process of using the site.
5.1.2. Data that is automatically transmitted by Websites during their use with the help of installed software on the user’s device, including IP address, information from cookies, information about the user’s browser (or other program that provides access to the website), access time, requested page address.
5.2. This Policy applies only to the Websites and does not control or assume responsibility for third-party websites that the user can access through links available on the Websites. On such resources, the user may collect or request other personal information, as well as perform other actions.
5.3. In general, websites do not verify the accuracy of personal information provided by users and do not control their competence. However, Websites are based on the fact that the User provides reliable and sufficient personal information on the questions offered in the forms of these resources, and support this information in its current state.
6. Operator's Details
- Individual entrepreneur
- Musakhanov Imran Karimovich
- TIN 263218861208, OGRN 314265121900417.
- e-mail: [email protected]
6.1. Information for the implementation of personal data subject rights: The data subject may exercise all the rights granted to the data subject, as well as obtain clarifications on issues related to the processing of personal data by contacting the Operator at the Operator’s email address.