1. General Provisions
This privacy policy is executed in accordance with the requirements of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter as the Personal Data Law) and defines the procedure for personal data processing and measures to ensure the security of personal data taken by Individual Entrepreneur Ermakova Anna Yuryevna (hereinafter as the Controller).
1.1. The most important purpose of the Controller and condition for the implementation of its activities is to respect the rights and freedoms of human and citizen in the course of processing of his/her personal data, including to protect the rights to privacy, personal and family secrets.
1.2. This Controller' Privacy Policy (hereinafter as the Policy) applies to all information that Controller may obtain on the users of web site https://plot.am.
2. Terms and Definitions
2.1. Automated processing is the processing of personal data by means of computer.
2.2. Blocking is a temporary termination of the personal data processing (except in cases where processing is necessary to rectify personal data).
2.3. Web site is a set of graphics and information, as well as software that makes them available in the Internet at the web address https://plot.am.
2.4. Personal Data System is a set of personal data contained in databases, and software and hardware ensuring the processing of such personal data.
2.5. Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific User or other data subject without the use of additional information.
2.6. Processing is any action (operation) or set of actions (operations) which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, pseudonymisation, restriction, erasure or destruction.
2.7. Controller is a natural or legal person, public authority, or municipal body which, alone or jointly with others, arranges and/or carries out personal data processing, as well as determines the purposes of the personal data processing and scope of the personal data processed, and actions (operations) to be performed on personal data.
2.8. Personal data is any information relating to, directly or indirectly, identified or identifiable User of website https://plot.am.
2.9. Personal data authorized by the data subject for distribution are personal data, access to which the data subject provides to the general public by giving consent to the processing of such personal data in accordance with the procedure provided for by the Personal Data Law (hereinafter as Personal data authorized for distribution).
2.10. User is any visitor of web site https://plot.am.
2.11. Disclosure of personal data is any actions aimed at the disclosure of personal data to any certain person(s).
2.12. Dissemination of personal data is any actions aimed at the disclosure of personal data to a general public (transfer of personal data) or at the familiarization with the personal data by a general public , including the publication of personal data in the media, posting them in information and telecommunications networks or providing access to personal data in any other way.
2.13. Cross-border data transfer is transfer of personal data to the territory of a foreign state, to an authority of a foreign state, a foreign natural or legal person.
2.14. Destruction of personal data is any actions as a result of which personal data are permanently destroyed and cannot be further restored in the personal data system, and (or) the physical media with the personal data are destroyed as well.
3. Rights and Obligations of the Controller
3.1. The Controller is entitled to:
– obtain from the data subject accurate information and/or documents containing personal data;
– if the data subject withdraws his/her consent to the processing of personal data, the Controller is entitled to continue the personal data processing without the consent of the data subject, if there are grounds specified in the Personal Data Law;
– independently determine the scope and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law and regulations adopted in accordance with it, unless otherwise provided for by the Personal Data Law or other federal laws.
3.2. The Controller shall:
– provide the data subject, at his/her request, with information concerning the processing of his/her personal data;
– arrange the processing of personal data in accordance with the procedure established by the current Russian law;
– respond to the requests of the data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
– report to the authorized body for the protection of the data subjects' rights, at the request of such a body, the necessary information within 30 days from the date of receipt of such a request;
– publish or otherwise provide unrestricted access to this Privacy Policy;
– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, from destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unauthorized actions with personal data;
– stop the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided for by the Personal Data Law;
– perform other obligations provided for by Personal Data Law.
4. Rights and Obligations of the Data Subjects
4.1. The data subjects are entitled to:
– obtain information concerning the processing of his/her personal data, except cases provided for by the federal laws. The Controller shall provide such information to the data subject in a clear way, and it shall not contain the personal data of other data subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
– require the Controller to rectify personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of the processing, as well as to take legal measures to protect the data subjects' rights;
– set a condition of prior consent when personal data are processed in order to promote goods, works and services on the market;
– withdraw consent to the processing of personal data;
– appeal to the authorized body for the protection of the data subjects' rights or in court against illegal actions or inaction of the Controller during the processing of personal data;
– exercise other rights provided for by the Russian law.
4.2. The data subjects shall:
– provide the Controller true personal data;
– inform the Controller that the personal data shall be rectified (updated, changed).
4.3. Persons who have provided the Controller with false personal data, or provided personal data of another data subject without the latter's consent shall bear liability in accordance with the Russian law.
5. The Controller can process the following User's personal data
5.1. Last name, first name, patronymic
5.2. Email
5.3. Phone numbers.
5.4. information on the company, information on the projects, personal data.
5.5. Also, the web site collects and processed pseudonymized data on the visitors (including cookies) by means of web analytics services (Yandex Metrica, Google Analytics, and others).
5.6. All above mentioned data hereinafter referred to as Personal Data
5.7. Processing of special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, intimate life, is not carried out by the Controller.
5.8. Processing of personal data authorized for distribution and included in the special categories of personal data specified in Part 1, Article 10 of the Personal Data Law is allowed if the prohibitions and conditions provided for in Article 10.1 of the Personal Data Law are met.
5.9. The User's consent to the processing of his/her personal data authorized for distribution is executed separately from other consents to the processing of his/her personal data. In this case, the conditions provided for, in particular, in Article 10.1 of the Personal Data Law shall be met. The requirements for the content of such consent are established by the authorized body for the protection of the data subject' rights.
5.9.1 The User shall provide the Controller directly the consent to the processing of personal data authorized for distribution.
5.9.2 The Controller shall no later than three working days from the date of receipt of the User's consent, publish information on the processing conditions, on the prohibitions, if any, and conditions for the processing by general public of personal data authorized for distribution.
5.9.3 Transfer (distribution, provision, access to) of personal data authorized by the data subject for distribution shall be terminated at any time at the request of the data subject. This request shall include the last name, first name, patronymic (if any), contact information (phone number, email address or postal address) of the data subject, as well as a list of personal data which processing is subject to the termination. The personal data specified in this request can only be processed by the Controller, to whom the request is sent.
5.9.4 Consent to the processing of personal data authorized for distribution shall terminate upon receipt by the Controller of the request specified in pp. 5.9.3 of this Privacy Policy.
6. Principles of the personal data processing
6.1. Personal data processing shall be lawful and fair.
6.2. Personal data processing is limited to the achievement of specified, explicit and legitimate purposes. Personal data shall not be further processed in a manner that is incompatible with those purposes.
6.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for the purposes incompatible with each other.
6.4. Personal data shall be processed only for the stated purposes.
6.5. Scope and content of personal data processed shall be compatible with the stated purposes. The processed personal data shall not be excessive in relation to the stated purposes of their processing.
6.6. The processing of personal data ensures the accuracy of personal data, their sufficiency, and, if necessary, relevance with the purposes of personal data processing. The Controller shall take all necessary measures and/or ensure that they are taken to delete or rectify incomplete or inaccurate data.
6.7. Personal data shall be stored in a form that allows identifying the data subject no longer than the purposes of personal data processing require, unless the storage period of personal data is established by the federal law, an agreement to which the data subject is a party, beneficiary or guarantor. The processed personal data shall be destroyed or pseudonymized upon achievement of the processing purposes or if there is no need to achieve these purposes, unless otherwise provided by the federal law.
7. Purposes of the personal data processing
7.1. Purposes of the User's personal data processing:
– to inform User via emails;
– to detail order.
7.2. The Controller is also entitled to inform User on new products and services, special offers and events. The User can always unsubscribe from these messages by sending an email to the Controller at info@plot.am with subject "Unsubscribe from notifications about new products, services and special offers".
7.3. Pseudonymized data of the Users collected through web statistics services are necessary to collect information on the Users behavior on the web site, to improve quality and content of the web site.
8. Legal grounds of the personal data processing
8.1. The legal grounds for the personal data processing by the Controller are:
– Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 N 149-FZ;
– federal laws, other regulations on the personal data protection;
– consent of the Users to the processing of their personal data, to the processing of personal data authorized for distribution.
8.2. The Controller shall process the User's personal data only if they are filled in and/or submitted by the User independently through special forms on the web site https://plot.am or sent to the Controller via email. By filling out special forms and/or submitting his/her personal data to the Controller, the User agrees with this Policy.
8.3. The Controller shall process User's pseudonymized data, if this is allowed in the User's web browser settings (saving of cookies and use of JavaScript are enabled).
8.4. The data subject shall independently decide whether to provide his/her personal data and shall give his/her consent freely, of his/her own free will and in his/her own interest.
9. Conditions for personal data processing
9.1. The personal data shall be processed upon the data subject's consent.
9.2. The processing of personal data is necessary to achieve the purposes stipulated by an international agreement of the Russian Federation or a law, to carry out the functions, powers and duties assigned to the Controller by the Russian law.
9.3. The processing of personal data is necessary to deliver justice, to enforce court decision or an act of another body or official subject to enforcement in accordance with the Russian law on enforcement proceedings.
9.4. The processing of personal data is necessary to perform an agreement, to which the data subject is a party, beneficiary or guarantor, and to conclude an agreement on the initiative of the data subject or to conclude an agreement, under which the data subject is a beneficiary or guarantor.
9.5. The processing of personal data is necessary to exercise the rights and legitimate interests of the Controller or third parties or to achieve socially significant goals, provided that the rights and freedoms of the data subject are not violated.
9.6. There is a personal data processing, to which the data subjects has provided an access to a general public, or at his/her request (hereinafter as publicly available data).
9.7. There is a personal data processing, that are subject to publication or mandatory disclosure in accordance with the federal law.
10. Procedure for collecting, storing, transferring and other types of personal data processing
The security of personal data processed by the Controller is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current law on personal data protection.
10.1. The Controller shall ensure the security of personal data and take all possible measures to exclude unauthorized access to the personal data.
10.2. The User's personal data shall never, under no circumstances, be transferred to third parties, except in cases related to the implementation of current law or if the data subject has given his/her consent to the Controller to transfer data to a third party to fulfill obligations under a civil contract.
10.3. In case of any inaccuracies in personal data, the User can update them independently by sending an email to the Controller at info@plot.am with subject "Updating of personal data".
10.4. The term of personal data processing shall be limited by the achievement of the purposes, for which personal data were collected, unless another term is stipulated by an agreement or the current law.
The User can withdraw his/her consent to the personal data processing at any time by sending an email to the Controller at info@plot.am with subject "Withdrawal of the consent to the personal data processing".
10.5. All data collected by third-party services, including payment systems, communication facilities and other service providers, are stored and processed by these persons (Operators) in accordance with their User Agreement and Privacy Policy. The data subject and/or User shall independently and in time read these documents. The Controller shall not be responsible for the actions of third parties, including the service providers specified in this paragraph.
10.6. The bans imposed by the data subject on the transfer (other than granting access), as well as on the processing or conditions for the processing (other than obtaining access) of personal data authorized for distribution, shall not apply in cases of personal data processing in the state, public and other interests defined by the Russian law.
10.7. The Controller shall ensure the confidentiality of personal data in the course of their processing.
10.8. Personal data shall be stored in a form that allows identifying the data subject no longer than the purposes of personal data processing require, unless the storage period of personal data is established by the federal law, an agreement to which the data subject is a party, beneficiary or guarantor.
10.9. The condition for the termination of personal data processing may be achievement of the purposes of the personal data processing, expiration of the consent of the data subject or withdrawal of the consent by the data subject, as well as unlawful processing of the personal data.
11. List of actions performed by the Controller on the collected personal data
11.1. The Controller records, organises, structures, stores, rectifies (updates or alters), retrieves, uses, transfers by transmission, disclosure or granting access to, pseudonymizes, blocks, erases and destructs the personal data.
11.2. The Controller performs automated processing of personal data with or without receiving and/or transmitting the received data via information and telecommunication networks.
12. Cross-border data transfer
12.1. Prior to the cross-border transfer of personal data, the Controller shall ensure that the foreign state, to which the personal data are supposed to be transferred, provides an adequate protection of the data subjects' rights .
12.2. The cross-border transfer of personal data to the foreign states that do not meet the above requirements may be carried out only if the data subject has given written consent to such cross-border transfer of his/her personal data and/or for the purposes of an agreement, to which the data subject is a party.
13. Confidentiality of the personal data
The Controller and other persons having access to the personal data shall not to disclose to third parties and not to distribute personal data without the consent of the data subject, unless otherwise provided by the federal law.
14. Final Provisions
14.1. The User can get any explanations regarding the personal data processing, by sending email to the Controller at info@plot.am.
14.2. This document will include any changes to the Controller's Privacy Policy. The Policy is valid indefinitely until it is replaced by a new edition.
14.3. The latest edition of the Policy is publicly available in the Internet at https://plot.am/privacy.