Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy has been drawn up in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data", dated July 27, 2006 (further - the Law on Personal Data), and determines the procedure for processing personal data and on personal data security measures implemented by Jet Infosystems JSC (further - the Operator).
1.1. The operator sets as its most crucial goal, and as a condition for the implementation of its activities, the observance of human and civil rights and freedoms for the processing of personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Policy of the Operator with regards to personal data processing (further – the Policy) shall apply to all information that the Operator may obtain about https://jetinfosystems.eu/
2. Core concepts used in the Policy
2.1. Automated processing of personal data – processing of personal data using computer technology.
2.2. Blocking of personal data - temporary suspension of personal data processing (unless processing is required for the clarification of personal data).
2.3. Website - a set of graphic and informational materials, as well as computer software and databases, ensuring their availability on the Internet at the https://jetinfosystems.eu/
2.4. Personal Data Information System - a set of personal data contained in databases, and information technologies and the technical means for their processing.
2.5. Depersonalization of Personal Data – actions resulting in the impossibility to determine, without resorting to additional information, whether personal data belongs to a specific User or other subject of personal data.
2.6. Processing of Personal Data - any action (operation) or a set of actions (operations) performed with regard to personal data, using automated tools or without the use of such tools, including: collection, recording, systematization, accumulation, storage, clarification (update, amendment), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and erasure of personal data.
2.7. Operator - a state agency, municipal agency, legal entity or individual which, independently or jointly with other persons, arranges and (or) implements the processing of personal data, as well as determines the purposes of personal data processing, the scope of personal data subject to processing, actions (operations) performed with personal data.
2.8. Personal data - any information relating directly or indirectly to a specific or identifiable User of the https://jetinfosystems.eu/
2.9. Personal data, of which the subject of personal data, allows distribution – personal data, access to which (by an unlimited number of persons) is provided by the subject of personal data by providing his/her consent to personal data processing. The subject of such personal data allows distribution according to procedures set forth by the Law on Personal Data (further - Personal data allowed for distribution).
2.10. User - any visitor to the https://jetinfosystems.eu/
2.11. Provision of personal data - actions aimed at disclosing personal data to a certain person or a certain group of persons.
2.12. Distribution of personal data - any action aimed at disclosing personal data to an indefinite circle of persons (handover of personal data) or at acquaintance, by an unlimited number of persons, with the personal data, including disclosure of personal data in the media, posting on information and telecommunication networks, and/or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state and/or to the authority of a foreign state, as well as to a foreign individual or foreign legal entity.
2.14. Destruction of personal data – any action resulting in the irrevocable erasure of personal data without possibility of further restoration of personal data content within the personal data information system and/or deletion of material carriers of personal data.
3. Basic rights and obligations of the Operator
3.1. The Operator is entitled to:
– receive reliable information and/or documents containing personal data from the subject of personal data;
– if the subject of personal data withdraws consent to the processing of personal data, the Operator is entitled to continue personal data processing without the consent of the subject of personal data if the grounds for such continuation are specified in the Law on Personal Data;
– independently determine the scope and list of measures which are necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and other legal/regulatory acts adopted in accordance with the Law on Personal Data, unless otherwise stipulated by the Law on Personal Data, itself, or by other federal laws.
3.2. The Operator undertakes to:
– provide the subject of personal data, upon his/her request, with information regarding the processing of personal data;
- arrange the processing of personal data in accordance with the procedure set forth by current legislation in the Russian Federation;
- respond to requests and inquiries from the subjects of personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
- provide the authorized agency for the protection of the rights of the subjects of personal data with the information required by such agency within 30 days of the date of receipt of such request by the agency;
– publish or otherwise provide unrestricted access to this Personal Data Processing Policy;
– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, amendment, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
– stop the transfer (distribution, provision, access) of personal data, stop processing and erase personal data following the procedure and in cases set forth by the Law on Personal Data;
– perform other duties provided for under the Law on Personal Data.
4. Basic rights and obligations of subjects of personal data
4.1. The Subjects of Personal data subjects are entitled to:
– receive information with regard to the processing of personal data, with the exception of cases provided for under federal law. The information is provided to the subject of personal data by the Operator in an accessible way, and it should not contain personal data relating to other subjects of personal data, unless there are legal grounds for such disclosure. The list of information and the procedure obtaining it is established by the Law on Personal Data;
– request that the operator specifies their personal data, and blocks or destroys it, in such case as personal data is incomplete, outdated, inaccurate, obtained illegally or unnecessary for the stated purpose of processing, as well as to take measures provided by the law for the protection of their rights;
– put forward conditions of prior consent in such case as personal data is being processed with the aim of promoting goods, works and services on the market;
– withdraw consent for the processing of personal data;
– to appeal to the authorized body for the protection of the rights of subjects of personal data or to appeal, in court, any illegal action or inaction taken by the Operator in the course of processing their personal data;
– to exercise other rights provided for under Russian law.
4.2. The Subjects of Personal Data are obliged to:
– provide the Operator with reliable data on themselves;
– inform the Operator of any necessary specification (update, amendment) to their personal data.
4.3. Persons who have transferred to the Operator inaccurate information on themselves, or on another subject of personal data without the consent of the latter, shall be liable for their actions in accordance with the law of the Russian Federation.
5. The Operator can process the following User personal data:
5.1. Full Name.
5.2. Email address.
5.3. Phone numbers.
5.4. Year, month, date and place of birth.
5.6. Position, company, information on previous jobs.
5.7. The site also enables collection and processing of anonymous data on visitors (including cookie files) by using Internet statistics services (Yandex Metrika, Google Analytics, and others).
5.8. The above data are, hereinafter in the Policy, united under the general concept of Personal Data.
5.9. The Operator shall not carry out the processing of specific categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, or intimate life.
5.10. The processing of personal data permitted for distribution from special categories of personal data specified under Part 1 of Article 10 of the Law on Personal Data, shall be allowed if the prohibitions and conditions provided for under Article 10.1 of the Law on Personal Data are observed.
5.11. The User's consent to the processing of personal data permitted for distribution shall be formalized separately from other consents to the processing of personal data. In this case, the conditions are those provided for, in particular, by Article 10.1 of the Law on Personal Data. The requirements for the content of such consent are established by the authorized agency for the protection of the rights of subjects of personal data.
5.11.1 The User directly provides the Operator with consent for the processing of their personal data permitted for distribution.
5.11.2 The operator is obliged to publish – no later than three working days from the receipt of the specified consent User consent – information on the processing of any prohibitions on and conditions for the processing of personal data allowed for distribution by an unlimited number of persons.
5.11.3 The transfer (distribution, provision, access) of personal data permitted by the subject of personal data for distribution must be stopped at any time upon the request of the subject of personal data. This request must include the last name, first name, patronymic (if any), and contact information (phone number, e-mail address or postal address) of the subject of personal data, as well as a list of personal data subject to processing termination. The personal data specified in this requirement can be processed only by the Operator to whom the data are provided.
5.11.4 Consent to the processing of personal data permitted for distribution ceases to be effective from the moment the Operator receives a request as specified in clause 5.11.3 of this Policy with regards to the processing of personal data.
6. Principles for the Processing Personal Data
6.1. The processing of personal data is implemented on a fair and legal basis.
6.2. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. The processing of personal data incompatible with the purposes of such data collection is not allowed.
6.3. The combination of databases containing personal data processed for purposes incompatible with each other is not allowed.
6.4. Only personal data that meet the purposes of their processing shall be subject to processing.
6.5. The content and volume of personal data for processing shall comply with the stated purposes of processing. The redundancy of personal data for processing in relation to the stated purposes of their processing shall not be allowed.
6.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, their relevance with regard to the purposes of their processing, is ensured. The Operator shall take the required measures and/or ensures the adoption of such measures so as to remove or clarify incomplete or inaccurate data.
6.7. Personal data is stored in a form that enables the determination of the subject of personal data for no longer than the purpose of processing personal data requires, unless the storage period for such personal data is established by federal law, and/or an agreement to which the subject of personal data is a party, beneficiary or guarantor. Processed personal data is erased or depersonalized upon achievement of processing goals, or in such case as there is no further need to achieve these goals, unless otherwise provided by federal law.
7. Purposes of processing personal data
7.1. The purposes of processing Users' personal data include:
- informing the User by sending emails;
- providing the User with access to services, information and/or materials contained on the https://jetinfosystems.eu/
7.2. The Operator is also entitled to send notifications to the User on new products and services, special offers and various events. The user can always refuse to receive informational messages by sending an email to the Operator at email@example.com, with the note "Refusal of notifications on new products and services and special offers".
7.3. Ananymous User data collected through Internet statistics services are used to collect information on the actions of Users on the website, and to improve the quality of the website and its content.
8. Legal grounds for the processing personal data
8.1. The legal grounds for personal data processing by the Operator include:
- Federal Law N 149-FZ "On Information, Information Technologies and Information Protection" dated July 27, 2006;
- federal laws and other regulatory legal acts in the field of personal data protection;
- the consent of Users for the processing of their personal data and for the processing of personal data permitted for distribution.
8.2. The Operator processes the User's personal data only if it is competed and/or sent by the User themselves through dedicated forms located on the https://jetinfosystems.eu/
website, or sent to the Operator via e-mail. The User hereby agrees to this Policy by filling out appropriate forms and/or sending their personal data to the Operator.
8.4. The subject of personal data makes an independent decision on the provision of their personal data and gives consent freely, and in their own interest.
9. Conditions for processing personal data
9.1. Personal data is processed with the consent to processing of their personal data by the subject of such personal data.
9.2. The processing of personal data is required to achieve such goals as are provided for by the international treaty of the Russian Federation or by law, for the implementation of functions, powers and duties imposed by the legislation of the Russian Federation on the Operator.
9.3. The processing of personal data is required for the administration of justice, the execution of judicial acts, and/or acts of another agency or official, and subject to execution in accordance with the law of the Russian Federation on enforcement proceedings.
9.4. The processing of personal data is required for execution of agreements, to which the subject of personal data is a party, beneficiary or guarantor, as well as for concluding agreements initiated by the subject of personal data or agreements under which the subject of personal data us a beneficiary or guarantor.
9.5. The processing of personal data is required so as to exercise the rights and legitimate interests of the Operator and/or third parties, or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data.
9.6. The personal data are processed, access to an unlimited number of persons to which is provided by the subject of personal data or at their request (further – publicly available personal data).
9.7. The personal data is processed is subject to publication or mandatory disclosure in accordance with federal law.
10. Procedure for the collection, storage, transfer and other types of processing of personal data
The security of personal data processed by the Operator is ensured through the implementation of legal, organizational and technical measures which are required so as to ensure full compliance with the requirements of the current legislation in the field of personal data protection.
10.1. The operator ensures the safety of personal data and shall take all possible measures to ensure their safely and exclude access to personal data by unauthorized persons.
10.2. The User's personal data shall never, under any circumstances, be transferred to third parties, except in cases related to the implementation of current legislation or if the subject of personal data has provided the Operator with consent to transfer data to a third party in order to fulfill obligations under a civil contract.
10.3. In such case as inaccuracies in personal data are revealed, the User may update his/her data independently, by sending a notification to the Operator's e-mail address firstname.lastname@example.org, with the note "Personal data update".
10.4. The period for processing personal data is determined by the achievement of the purposes for which the personal data were collected, unless another period is provided for by the contract or current legislation.
The user can at any time revoke his/her consent to the processing of personal data by sending an e-mail notification to the email address of the Operator email@example.com with the note "Revocation of consent to the processing of personal data".
The prohibitions established by the subject of personal data on the transfer (except provision of access), as well as on processing or processing conditions (except gaining access) of personal data permitted for distribution, do not apply in cases of processing personal data in the interest of the state, public and other public interests as determined by the law of the Russian Federation.
10.7. When processing personal data, the operator shall ensure the confidentiality of personal data.
10.8. The operator stores personal data in a form that enables the determination of the subject of personal data for no longer than the purpose of processing personal data requires, unless the storage period for personal data is established by federal law, or by an agreement to which the subject of personal data is a party, beneficiary or guarantor.
10.9. Conditions for terminating the processing of personal data include the achievement of the purposes of processing personal data, the expiration of the consent of the subject of personal data or withdrawal of consent by the subject of personal data, as well as the identification of illegal processing of personal data.
11. List of actions performed by the Operator with personal data received from the subject/User
11.1. The operator collects, records, systematizes, accumulates, stores, clarifies (updates, amends), extracts, uses, transfers (distributes, provides access), depersonalizes, blocks, deletes and erases personal data.
11.2. The operator carries out automated processing of personal data with the receipt and/or transfer of the information received via information and telecommunication networks, or without such automated processing.
12. Cross-border transfer of personal data
12.1. Prior to initiating the cross-border transfer of personal data, the operator is obliged to ensure that the foreign state to whose territory the personal data is designated for transfer, provides reliable protection of the rights of subjects of the personal data for transfer to such foreign state.
12.2. Cross-border transfer of personal data to the territory of foreign states that do not comply with the above requirements can be carried out only if the subject provides written consent for the cross-border transfer of their personal data and/or by execution of an agreement to which the subject of personal data is a party.
13. Confidentiality of personal data
The operator and other persons who have gained access to personal data shall undertake not to disclose to third parties and not to distribute personal data without the consent of the subject of such personal data, unless such disclosure is otherwise provided for under federal law.
14. Final provisions
14.1. The User can receive any clarification he/she requests on issues of interest regarding the processing of their personal data, by contacting the Operator via e-mail at firstname.lastname@example.org.
14.2. This document shall reflect any changes to the Operator's personal data processing policy. The policy shall be valid indefinitely, until such time as it is replaced by a new version.
14.3. The current version of the Policy is freely available via Internet at https://jetinfosystems.eu/privacy/