1. General statements
This policy on processing and security of personal data (hereinafter - Policy) is developed in accordance with Article 18.1 of the Federal Law of 27.07.2006 № 152-FZ "On Personal Data" and is the main internal regulatory document of "Agros Expo Group" Limited Liability Company (hereinafter - Company), defining the key areas of its activities in the processing and security of personal data, the operator of which is the Company.
The Policy was developed in order to implement the requirements of the legislation in the field of processing and security of Personal Data and is aimed at ensuring protection of rights and freedoms of a person and a citizen when processing his/her Personal Data in the Company.
The following terms and definitions are used in this document:
- Automated processing of personal data - Processing of personal data by means of computer technology.
- Blocking of personal data - Temporary termination of personal data processing (except when processing is necessary to clarify personal data).
- Information system of personal data - The combination of personal data contained in databases of personal data and information technology and technical means ensuring the processing of personal data.
- Personal data depersonalization - Actions, as a result of which it becomes impossible, without the use of additional information, to determine the identity of the personal data to a particular personal data subject.
- Processing of personal data - Any action (operation) or a set of actions (operations) performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data.
- Operator - State authority, municipal body, legal entity or individual, independently or jointly with other persons, organizing and (or) carrying out processing of personal data, as well as determining the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
- Personal data - Any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
- Provision of personal data - Actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
- Website - a set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at the network address https://potato-horti.com/
- User - any visitor of https://potato-horti.com/ website.
- Transboundary transfer of personal data - Transfer of personal data to a foreign country to a foreign authority, a foreign individual or a foreign legal entity.
- Dissemination of personal data - Actions aimed at disclosure of personal data to an indefinite circle of persons.
- Destruction of personal data - Actions, in the result of which it becomes impossible to restore the content of personal data in information system of personal data and (or) as a result of which tangible media personal data is destroyed.
2. Principles and objectives of personal data processing
The Company processes Personal Data in a lawful and fair manner, and is limited to achieving specific, predetermined and legitimate objectives. Only Personal Data satisfying the purposes for which it is processed shall be processed. The content and scope of Personal Data processed by the Company shall comply with the stated processing purposes, and no excessive processing of Personal Data shall be permitted.
When processing Personal Data, the Company shall ensure accuracy, adequacy and, if necessary, relevance in relation to the purpose of Personal Data processing. The Company shall take necessary measures (shall ensure that they are taken) to remove or clarify incomplete or inaccurate Personal Data.
The Company shall store Personal Data in a form that allows identifying the subject of Personal Data no longer than required by the purposes of Personal Data processing, unless the term of personal data storage is established by federal law or an agreement, to which the subject of Personal Data is a party, beneficiary or guarantor. Processed Personal Data shall be destroyed or depersonalized upon attainment of the processing objectives or when it is no longer necessary to attain such objectives, unless otherwise provided for by federal law.
The purposes of processing, composition and contents of Personal Data, as well as categories of Personal Data subjects, whose data are processed by the Company, shall be contained in the Company's notice on processing Personal Data, sent to the authorized body for the protection of the rights of Personal Data subjects (Roskomnadzor), and updated in case they change.
In the course of its activities, the Company may provide and (or) assign processing of Personal Data to another person with the consent of the subject of Personal Data, unless otherwise provided for by federal law. In this case, the obligatory condition of providing and (or) entrusting the processing of Personal Data to another person is the obligation of the parties to respect the confidentiality and security of Personal Data during their processing.
The Company shall not place a subject's Personal Data in publicly available sources without his/her prior consent.
In the course of its business, the Company may transfer Personal Data across borders to foreign governments, foreign individuals or legal entities. In this case, the issues of adequate protection of the rights of the subjects of Personal Data and ensuring the security of their Personal Data in the cross-border transfer are the highest priority for the Company, which is implemented in accordance with the legislation of the Russian Federation on the processing of Personal Data.
The cross-border transfer of Personal Data to foreign countries that do not provide adequate protection for the rights of Personal Data subjects shall only take place if the subject of Personal Data consents in writing to the cross-border transfer of his/her Personal Data or performs an agreement to which the subject of Personal Data is a party, as well as in other cases provided for by law.
3. Scope and categories of processed personal data, categories of personal data subjects
- Full Name;
- E-mail address;
- Phone numbers;
- Year, month, date and place of birth;
- The address of the actual place of residence and registration at the place of residence and (or) at the place of stay;
- Information about education, profession, specialty and qualifications, details of education documents;
- The site also collects and processes anonymous data about visitors (including cookies) using Internet statistics services (Yandex Metrika and Google Analytics and others).
The above data further in the text of the Policy are united by the general concept of Personal data.
4. Purposes of personal data processing
The purpose of processing the User's personal data is to inform the User by sending emails; providing the User with access to the services, information and / or materials contained on the website.
The Operator also has the right to send notifications to the User about new products and services, special offers and various events. The User can always refuse to receive informational messages by sending an email to the Operator at firstname.lastname@example.org
with the note "Refusal to notify about new products and services and special offers".
Impersonal data of Users collected using Internet statistics services are used to collect information about the actions of Users on the site, improve the quality of the site and its content.
5. Legal grounds for the processing of personal data
The Operator processes the User's personal data only if they are filled in and / or sent by the User independently through special forms located on the website https://potato-horti.com/
. By filling out the relevant forms and / or sending their personal data to the Operator, the User expresses his consent to this Policy.
6. The procedure for collecting, storing, transferring and other types of processing of personal data
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
The Operator ensures the safety of personal data and takes all possible measures to exclude access to personal data of unauthorized persons.
The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of applicable law.
In case of detection of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator at the Operator's e-mail address email@example.com marked "Updating personal data".
The term for processing personal data is unlimited. The User may at any time withdraw his consent to the processing of personal data by sending the Operator a notification by e-mail to the Operator's email address firstname.lastname@example.org
marked "Withdrawal of consent to the processing of personal data".
7. Cross-border transfer of personal data
Before the start of the cross-border transfer of personal data, the operator is obliged to make sure that the foreign state to whose territory the transfer of personal data is supposed to be carried out provides reliable protection of the rights of subjects of personal data.
Cross-border transfer of personal data on the territory of foreign states that do not meet the above requirements can be carried out only if there is a written consent of the subject of personal data to the cross-border transfer of his personal data and / or execution of an agreement to which the subject of personal data is a party.
8. Final Provisions
Other rights and obligations of the Company as an operator of personal data are defined by the legislation of the Russian Federation in the field of personal data.
The User can receive any clarifications on issues of interest regarding the processing of his personal data by contacting the Operator via e-mail email@example.com
This document will reflect any changes in the policy of processing personal data by the Operator. The policy is valid indefinitely until it is replaced by a new version.
The current version of the Policy is freely available on the Internet at https://potato-horti.com/