1. General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been prepared in accordance with Clause 2.1 of Article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 (hereinafter referred to as the Law) and defines the position of the Site Administration (hereinafter referred to as the Site Administration) in the field of processing and protection of personal data (hereinafter referred to as Data), respect for the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.
2. Scope of application
2.1. This Policy applies to Data received both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of Data, as well as taking care of the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the site Administration ensures reliable data protection.
3. Definitions
3.1. Data means any information relating directly or indirectly to a specific or identifiable individual, i.e. such information, in particular, includes: surname, first name, patronymic, email address, location, link to a personal website or social networks, ip address.
3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and/or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other illegal actions with respect to Data.
4. Legal grounds and purposes of data processing
4.1. The processing and security of Data by the Site Administration is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other defining cases and features of data processing of federal laws of the Russian Federation, guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.
4.2. The subjects of the Data processed by the Site Administration are:
4.2.1. Users and visitors of the site https://www.btg-soft.ru owned by the Site Administration, including for the purpose of placing an order on the Site https://www.btg-soft.ru .
4.3. The site administration processes the Data of the subjects for the following purposes:
4.3.1. implementation of the functions, powers and duties assigned to the Site Administration by the legislation of the Russian Federation in accordance with federal laws,
4.3.2. Users for the purposes of: - providing information on goods/services, ongoing promotions and special offers; analyzing the quality of the service provided and improving the quality of customer service; informing about the order status; execution of the contract, including the contract of sale, including concluded remotely on the Website, paid provision of services; provision of services, as well as accounting for services rendered to consumers for mutual settlements; delivery of the ordered Goods to the User who made the order on the Website, return of the goods.
5. Principles and conditions of data processing.
5.1. When processing Data, the site Administration adheres to the following principles: data processing is carried out on a legal and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies, legal proceedings; determination of specific legitimate purposes before the start of processing (including collection) of Data; only those Data that are necessary and sufficient for the stated purpose of processing is collected; combining databases containing Data processed for purposes incompatible with each other is not allowed; data processing is limited to achieving specific, predetermined and legitimate goals; processed Data is subject to destruction or depersonalization upon achievement of processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
5.2. The site administration may include the Data of subjects in publicly available data sources, while the site Administration takes the written consent of the subject to the processing of his Data, or by expressing consent through the form of the site (checkbox), by clicking which the subject of personal data expresses his consent.
5.3. The site administration does not process Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which are used by the operator to establish the identity of the Data subject) are not processed by the site Administration.
5.5. The site administration carries out cross-border data transfer. The administration of the website confirms that the foreign state to whose territory the transfer of personal data is carried out ensures adequate protection of the rights of personal data subjects in accordance with the security level defined by the Council of Europe Convention on the Protection of Individuals with Automated Processing of Personal Data.
5.6. In cases established by the legislation of the Russian Federation, the Site Administration has the right to transfer Data to third parties (federal tax service, state pension fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The site administration has the right to entrust the processing of Data of Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these persons, including in agreement with the user agreement and the policy of processing personal data posted on the site.
5.8. Persons who process Data on the basis of an agreement concluded with the Site Administration (operator's instructions) undertake to comply with the principles and rules of data processing and protection provided for by Law. For each third party, the contract defines a list of actions (operations) with Data that will be performed by a third party engaged in data processing, the purposes of processing, establishes the obligation of such a person to respect confidentiality and ensure data security during their processing, specifies the requirements for the protection of processed Data in accordance with the Law.
5.9. In order to fulfill the requirements of its contractual obligations, Data processing in the Site Administration is carried out both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Site Administration is prohibited from making decisions based solely on automated data processing that generate legal consequences against the Data subject or otherwise affect his rights and legitimate interests.
6. Rights and obligations of data subjects, as well as the Site Administration in terms of data processing
6.1. The subject whose Data is processed by the Site Administration has the right to:
6.1.1. receive from the Site Administration: confirmation of the fact of data processing and information about the availability of Data related to the relevant Data subject; information on the legal grounds and purposes of data processing; information about the methods of data processing used by the Site Administration; list of processed Data related to the Data subject and information about the source of their receipt; information on the terms of data processing, including the terms of their storage; information on the procedure for the exercise of these rights by the subject; other information provided by Law or other regulatory legal acts of the Russian Federation;
6.1.2. require the Site Administration to: clarification of their Data, their blocking or destruction if the Data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing; withdraw your consent to data processing at any time; demand the elimination of illegal actions of the Site Administration in relation to its Data;
6.1.3. to protect their rights and legitimate interests, including compensation for damages and/or compensation for moral damage in court.
6.2. The site administration in the process of data processing is obliged to:
6.2.1. to provide the Data subject, upon his request, with information concerning the processing of his personal data, or to legally provide a refusal within thirty days from the date of receipt of the request of the Data subject or his representative;
6.2.2. explain to the Data subject the legal consequences of refusing to provide Data if the provision of Data is mandatory in accordance with federal law;