This Personal Data Processing Policy (hereinafter referred to as the Policy) defines the general principles and procedure for processing personal data of site users and measures to ensure their security in the Limited Liability Company "TRANSGAZ".
1. TERMS AND DEFINITIONS
The parties use the following terms with the meanings specified below:
Legislation — current legislation of the Russian Federation.
Processing of personal data (processing) — any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Personal data.
Operator —
Personal data — any information relating to directly or indirectly a certain or identifiable person or a certain group of persons.
Website — a website owned by the Operator and located on the Internet at the address https://transgas.ltd.
Personal data subject (User) — an individual using and/or intending to use the Site who provided Personal Data for its processing by the Operator.
2. GENERAL PROVISIONS
2.1. The policy was developed in accordance with the provisions of the Federal Law of July 27, 2006 №
2.2. The processing of Personal Data by the Operator is carried out in accordance with the following principles:
2.2.1. Legality and fair basis for processing Personal Data. The Operator takes all necessary measures to comply with the requirements of the Law, does not process Personal Data in cases where this is not permitted by Law, and does not use Personal Data to harm the User.
2.2.2. Processing only those Personal Data that meet the previously announced purposes of their processing. Compliance of the content and volume of processed Personal Data with the stated purposes of processing. Preventing the processing of Personal Data that is incompatible with the purposes of collecting Personal Data, as well as excessive in relation to the stated purposes of their processing. The Operator processes Personal Data solely for the purposes specified in clause 4.2 of the Policy.
2.2.3. Ensuring the accuracy, sufficiency and relevance of Personal data in relation to the purposes of processing Personal data. The Operator takes all reasonable measures to maintain the relevance of the processed Personal Data, including, but not limited to the exercise of the right of each Subject to receive their Personal Data for review and to demand from the Operator their clarification, blocking or destruction (deletion) in the case if the Personal Data is incomplete, out of date, inaccurate, illegally obtained or is not necessary for the processing purposes stated above.
2.2.4. Storage of Personal Data in a form that makes it possible to identify the User of Personal Data, no longer than required by the purposes of processing Personal Data, if the storage period for Personal Data is not established by Federal Legislation, an agreement to which the User of Personal Data is a party or beneficiary.
2.2.5. It is inadmissible to combine Personal Data Information System databases created for incompatible purposes.
3. CONDITIONS FOR PROCESSING PERSONAL DATA
3.1. Processing of Personal Data is permitted:
- in the User’s consent to the processing of his Personal data;
- in cases when the processing of Personal DataThis data is necessary for the conclusion and execution of an agreement to which the User is a party or beneficiary or guarantor;
- if there are other grounds provided for by the Federal Law "On Personal Data" and other Legislation.
3.2. Consent is given by the User by filling out the electronic form located on the Site, activating the card registration procedure and completing the bonus card registration procedure by sending information.
3.3. The User decides to provide his Personal Data to the Operator and agrees to their processing freely, of his own free will and in his own interest. The User acknowledges that the consent he provides to the processing of Personal Data is specific, substantive, informed, conscious and definite and is given at the time of his registration on the Operator’s Website at the time of filling out the appropriate electronic form for card activation, and also in any form that allows you to confirm the fact of its receipt, unless otherwise established by law.
3.4. By providing consent to the processing of Personal Data, the User confirms that he has reached
3.5. In the event that, when using the Site, the User fills in/provides Personal data of third parties, then the User must first obtain the appropriate consent of the Personal Data Subject for their use through the Site. The User is solely responsible for the lack of such consent and is obliged to compensate the Operator for losses associated with the lack of consent.
3.6. By providing Users with the opportunity to use the Site, the Operator, acting reasonably and in good faith, believes that the User:
3.6.1. Has all the necessary powers allowing him to register and activate a bonus card on the Site and use it.
3.6.2. Understands that some types of information transferred by him to other Users cannot be deleted by the User himself.
3.7. The Operator does not verify the accuracy of the information received (collected) about Users, except in cases where such verification is necessary for the purposes of fulfilling the provisions of the applicable Legislation and/or obligations to the User.
4. PROCESSING OF PERSONAL DATA AND OTHER DATA
4.1. The operator processes only those Personal Data that are necessary to achieve the goals specified in paragraph. 4.2 Policies
4.2. The Operator processes Personal Data for the following purposes:
4.2.1. Informing the User about the services and offers of the Operator or the Operator's partners, including through advertising, newsletters and calls.
4.2.2. Conducting statistical and other research̆ based on anonymized personal data.
4.2.3. Monitoring and improving the quality of services of the Operator.
4.2.4. Participation in the Bonus program, receiving discounts and privileges.
4.3. The categories of Personal Data Subjects include
— informing clients and customer representatives about the services of the Operator and Operator’s partners, including through advertising, newsletters and calls:
| Category of personal data | List of processed personal data | Processing method |
|---|---|---|
| General (other personal data) |
— last name, first name, patronymic; |
Automated |
— conducting statistical and other research based on anonymized personal data:
| CategoryType of personal data | List of processed personal data | Processing method |
|---|---|---|
| General (other personal data) |
— date and place of birth; |
Automated |
— control and improvement of the quality of the Operator’s services:
| Category of personal data | List of processed personal data | Processing method |
|---|---|---|
| General (other personal data) |
— last name, first name, patronymic; |
Automated |
— participation in the bonus program;
| Category of personal data | List of processed personal data | Processing method |
|---|---|---|
| General (other personal data) |
— last name, first name, patronymic; |
Automated |
The period of processing and storage of the specified personal data is determined by the achievement of the purpose of their processing, the moment of withdrawal of consent to the processing of personal data by the subject of personal data, as well as the requirements of the Legislation.
4.4. Processing of Personal Data on the Website is carried out both with and without the use of automation tools.
4.5. The Operator has the right to transfer the User’s Personal Data without the User’s consent to the following persons:
4.5.1. State bodies, including the bodies of inquiry and investigation, and local authorities at their motivated request.
4.5.2. To partners of the Operator for the purpose of fulfilling contractual obligations to the User and the legally established obligations of the Operator.
4.5.3. In other cases directly provided for by the Legislation.
4.6. The Operator has the right to transfer Personal Data to third parties not specified in paragraph. 4.5 of this Policy, in the following cases:
4.6.1. The user has expressed his consent to such actions.
4.6.2. The transfer is necessary within the framework of the User's use of the Site.
4.6.3. The transfer occurs as part of the sale or other transfer of a business (in whole or in part), and all obligations to comply with the terms of this Policy are transferred to the acquirer.
4.7. Security of access to information systems containing Personal Data is ensured by a password system. Passwords are set by authorized employees of the Operator and are individually communicated only to the Operator employee who has access to the Personal Data for whom it was set. The Operator and other persons who have access to Personal Data are obliged to comply with the Legislation in the field of personal data, local regulations of the Operator, not to disclose to third parties and not to distribute Personal Data without the consent of the Personal Data Subject, unless otherwise provided law.
4.8. The Operator does not process biometric Personal Data, as well as special categories of Personal Data relating toowl, political views, religious or philosophical beliefs, health status, intimate life.
4.9. The site uses cookie technology — small text files placed on the Users’ computer for the purpose of analyzing their user activity. The information collected using cookies cannot identify the User. The Operator will process this information to evaluate the User’s use of the Site and compile reports on the Site’s activities. The user may refuse the use of cookies by selecting the appropriate settings in their browser, but this may affect the operation of some functions of the Site.
4.10. The Operator is not responsible for the websites of third parties, to which Users can follow links available on the Site, as well as for the voluntary transfer by Users of Personal data, password and/or login to third parties.
5. UPDATE, CORRECTION, DELETION, DESTRUCTION AND TERMINATION OF PROCESSING OF PERSONAL DATA
5.1. The User may at any time change (update, supplement) Personal data, information about himself, provided that such changes and corrections contain current and reliable information, by sending a written application to the Operator or independently making changes in his personal account on the Website.
5.2. The user has the right to delete Personal Data at any time.
5.3. The Operator is obliged to stop processing Personal Data or ensure the termination of processing of Personal Data by a person acting on behalf of the Operator: - in the event of detection of unlawful processing of Personal Data carried out by the Operator or a person acting on behalf of the Operator, within a period not exceeding 3 ( three) working days from the date of detection of unlawful processing - in the case of the User’s withdrawal of consent to the processing of his Personal data (within a period not exceeding 30 (thirty) days from the date of receipt of the revocation), if the storage of Personal data is no longer ;required for the purposes of processing Personal data; - in the case of achieving the purpose of processing Personal data and to destroy Personal data or ensure their destruction (within a period not exceeding 30 (thirty) days from the date of achieving the purpose of processing personal data. ;if it is not possible to destroy Personal Data within the specified period, the Operator blocks such Personal Data or ensures its blocking and ensures the destruction of Personal Data within a period of no more than six months, unless another period is established by federal laws.
5.4. The processed Personal Data is subject to destruction or depersonalization upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
5.5. In the event that a Personal Data Subject contacts the Operator with a request to terminate the processing of Personal Data, the Operator, within a period not exceeding 10 (ten) working days from the date of receipt of the corresponding request, is obliged to stop their processing or ensure the termination such processing (if such processing is carried out by the person processing personal data), except for cases provided for by law. The specified period may be extended, but not by more than 5 (five) working days if the operator sends a motivated notification to the Personal Data Subject indicating the reasons for extending the period for providing the requested information.
5.6. After the expiration of the regulatory storage period for documents containing Personal Data, or upon the occurrence of other legal grounds, the documents are subject to destruction.
6. CONFIDENTIALITY AND SECURITY OF PERSONAL DATA
6.1. The Operator ensures the confidentiality of the Personal Data processed by it in the manner prescribed by law. Confidentiality is not required in relation to:
6.1.1. Personal data after its depersonalization;
6.1.2. Publicly available Personal Data;
6.1.3. Personal data subject to publication or mandatory disclosure in accordance with Law.
6.2. It is not a violation of the confidentiality of Personal Data if the Operator provides information to third parties acting on the basis of an agreement with the Operator to fulfill obligations to the User.
6.3. Measures to ensure the security of Personal data are an integral part of theoperator's identity. Ensuring the security of personal data is achieved, in particular, but not limited to the following measures:
6.3.1. Determining security threats to Personal data during their processing in personal data information systems.
6.3.2. Application of the necessary legal, organizational and technical measures to ensure the security of Personal Data and evaluation of the effectiveness of the measures taken.
6.3.3. Publication by the Operator of documents defining the Operator’s policy regarding the processing of personal data, other local regulations on issues of processing Personal data and familiarization of the Operator’s employees with the requirements of the Legislation and local regulations in the field of personal data processing.
6.3.4. Appointment of a person responsible for organizing the processing of Personal Data.
6.3.5. Implementation of internal control and (or) audit of compliance of processing of Personal data.
6.3.6. An assessment of the harm that may be caused to Personal Data Subjects in the event of a violation of the Law on Personal Data, its correlation with the measures taken by the Operator aimed at ensuring the fulfillment of the obligations assigned to the Operator.
6.3.7. Other measures to ensure the confidentiality of Personal Data.
6.4. The operator and other persons who have access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by current legislation.
7. RIGHTS OF PERSONAL DATA SUBJECTS. ANSWERS TO USER INQUIRIES
7.1. The subject of personal data has the right to receive information regarding the processing of his Personal Data in the manner and to the extent provided for by the Legislation. When the Operator receives a corresponding application or request, the Operator is obliged to inform the User or his representative information about the availability of Personal Data relating to the relevant Personal Data Subject, and also provide them with the opportunity to familiarize themselves with this Personal Data when contacting within 10 ( ten) working days from the date of receipt of the request or provide a reasoned refusal to provide information or review. The specified period may be extended, but not by more than 5 (five) working days if the operator sends a motivated notification to the Personal Data Subject indicating the reasons for extending the period for providing the requested information.
7.2. The User has the right to demand from the Operator clarification of his Personal Data, its blocking or destruction (deletion) in the event that the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also accept the provided legal measures to protect your rights. Within a period not exceeding 7 (seven) business days from the date the Personal Data Subject or his representative provided information confirming that the Personal Data is incomplete, inaccurate or irrelevant, the Operator is obliged to make the necessary changes to them. Within a period not exceeding 7 (seven) business days from the date of submission of information confirming that such Personal Data was illegally obtained or is not necessary for the stated purpose of processing, the Operator is obliged to destroy such Personal Data. The Operator is obliged to notify the User or his representative about the changes made and the measures taken and to take reasonable measures to notify third parties to whom the Personal Data of this Subject has been transferred.
7.3. The user has the right to withdraw his consent to the processing of Personal Data at any time. When the Personal Data Operator receives a request containing the withdrawal of consent to the processing of Personal Data, the Operator is obliged to delete the Personal Data within 30 (thirty) calendar days from the date of its receipt.
7.4. The User has the right to access to his/her Personal Data and to copy it, as well to transfer Personal Data to another platform/service.
7.5. If the User believes that the Operator is processing his Personal Data in violation of the requirements of the Legislation or otherwise violates his rights and freedoms, the User has the right to appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of Personal Data Subjects or in court.
8. OTHER PROVISIONS
8.1. This Policy and the relationship between the User and the Operator arising in connection with the application of the Policy are subject to the law of the Russian Federation.
8.2. All possible disputes are subject to resolution in accordance with the Legislation at the place of registration of the Operator. Before going to court, the User must comply with the mandatory pre-trial procedure and send the corresponding claim to the Operator in writing. The response period for a claim is 30 (thirty) working days.
8.3. If for one reason or another one or more provisions of the Policy are found to be invalid or unenforceable, this will not affect the validity or applicability of the remaining provisions of the Privacy Policy.
8.4. The Operator has the right to change this Policy (in whole or in part) unilaterally at any time without prior agreement with the User. All changes come into force on the next day after they are posted on the Site.
8.5. The user undertakes to independently monitor changes in the Policy by familiarizing himself with the current edition.
OPERATOR CONTACT INFORMATION
OGRN: 1162536098680
TIN: 2515012579
To exercise his rights, the User has the right to contact the Operator at the email address marketing@transgas.ltd.