Confidentiality policy
PRIVACY POLICY
Version No. 2 dated April 08, 2019
1. General provisions
1.1. A Privacy policy (hereinafter referred to as the Policy) is published by Eco-Vector LLC, OGRN 1099847039907, INN/KPP 7806423692/784101001, address: Aptekarskiy per, d. 3, lit. A, k, office 1H, Saint-Petersburg, Russian Federation (hereinafter referred to as the Operator) in order to inform subjects of personal data (hereinafter referred to as Users), about the Operator’s policy regarding personal data.
1.2. The Policy has been developed and published by the Operator in accordance with paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152-FZ On Personal Data dated July 27, 2006 (hereinafter referred to as the Federal Law On Personal Data).
1.3. The Policy has been developed to implement legal requirements for processing and protecting PD and to protect rights and freedoms of persons and citizens in processing their PD, including rights to privacy, personal and family secrets.
1.4. The Policy contains information subject to disclosure in accordance with Part 1 of Article 14 of the Federal Law On Personal Data and represents a public document which is located at: www.eco-vector.com.
1.5. To keep up-to-date status of documents defining the Operator's PD processing, the Operator has right to change this Policy at any time by publishing the appropriate changes. This Policy may be changed only by posting the version amended on the Site.
2. Terms and Definitions
2.1. Personal data (PD) refer to any information which is directly or indirectly related to a specific or identifiable individual (a PD subject).
2.2. Processing of PD refers to any action (operation) or set of actions (operations) performed with or without automation tools including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of PD.
2.3. An Operator of PD refers to an individual or organization who organizes and/or processes PD as well as determine purposes of PD processing, contents of PD to be processed, and actions (operations) related to PD, independently or in cooperation with other entities.
2.4. Confidentiality of PD refers to obligation of the Operator and other persons who have received access to PD not to disclose PD to third parties and not to distribute PD without consent of a PD subject, unless otherwise provided by federal laws.
2.5. A Site refers to a set of computer programs and other information contained in the information system accessed via the Internet and located at: www.eco-vector.com. The Site may contain links to other web resources. The Operator is not responsible for confidentiality of information posted by Users on such resources.
3. User Rights
3.1. A User has right:
-
3.1.1. To receive User’s PD and information regarding their PD processing,
-
3.1.2. To clarify, block, or destroy their PD if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing,
-
3.1.3. To withdraw their consent to PD processing,
-
3.1.4. To protect their rights and legal interests, including legal compensation for losses and compensation for moral damage,
-
3.1.5. To complain against the Operator’s action or inaction to the authorized body or a court for protecting rights of PD subjects.
4. Reasons for processing personal data
4.1 The Operator shall process PD on a legal and fair basis to perform legal functions, powers, and duties as well as to exercise rights and legal interests of the Operator and Users.
4.2 The Operator receives PD directly from Users and processes these PD only with consent of the User. The Operator receives the User's PD when the User is interacting with certain functions of the Site.
5. Processing of personal data of users
5.1. This Policy establishes obligations of the Operator for non-disclosure and protecting confidentiality of PD provided by the User when using the Site.
5.2. The Operator processes PD of Users to comply with laws of the Russian Federation, as well as for the following purposes:
-
5.2.1. Providing Users with access to special information,
-
5.2.2. Processing applications on the Operator's Website,
5.3. The Operator processes PD of Users in accordance with Users’ consent obtained by putting a special mark (“tick”) in the field under the Personal Data Collection Form on the Site.
5.4. Categories of PD collected by the Operator to achieve purposes specified in clause 5.2. Policies:
-
5.4.1. Surname.
-
5.4.2. Name.
-
5.4.3. Middle name.
-
5.4.4. Residence address.
-
5.4.5. Contact number.
-
5.4.6. E-mail.
-
5.4.7. User ID stored in the cookie.
5.5. The Operator does not process any special categories of Users’ PD.
5.6. The Operator does not process biometric categories of Users' PD.
5.7. This Policy applies only to information processed as part of using the Website. The Operator does not control and is not responsible for any information processing by third-party websites and services which can be accessed by Users via links available at the Website.
5.8. The Operator does not verify the accuracy of PD provided by the User and is not able to assess its legal capacity. However, the Operator assumes that the User provides reliable and sufficient PD and keeps them up to date.
6. Processing of users’ personal data using cookies
6.1. Cookies transmitted to Users' devices can be used to provide Users with personalized functions of the Website, to show personalized advertising for Users, to achieve statistical and research purposes, and to improve the Website.
6.2. Users are aware that equipment and software they use to visit websites may have function of prohibiting cookie operations (for any or certain sites), as well as deleting previously received cookies.
6.3. The Operator has right to make certain functions of the Website available to Users only if they have permitted acceptance and receipt of cookies.
6.4. The structure of a cookie file, its contents and technical parameters are determined by the Operator and may change without prior notice to Users.
6.5. Website or application counters can be used to analyze Users' cookies, collect, and process statistical information about the use of the Website, as well as to ensure general Website operation or some functions. Technical parameters of counters are determined by the Operator and may be changed without prior notice to Users.
7. Terms and conditions for processing personal data of users
7.1. Processing PD of Users is limited by the period necessary for achieving purposes of PD processing.
7.2. The Operator processes PD of Users in an automated computerized way.
7.3. PD processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of PD.
7.4. Confidentiality of Users’ PD is maintained, except cases where Users voluntarily provide information about themselves for unlimited public access.
7.5. The Operator has right to transfer Users’ PD to third parties as follows:
-
7.5.1. Users have provided their consent to such actions,
-
7.5.2. Transfer is necessary for Users to use certain functions of the Website or to execute a certain agreement or contract,
-
7.5.3. Transfer is provided for to comply with Russian or other applicable laws as defined by law,
-
7.5.4. Such transfer occurs as part of the sale or other business transfer (in whole or in part), while the transferee shall be committed to comply with this Policy regarding PD received,
-
7.5.5. Depersonalization of PD results in anonymized statistical data which are transferred to a third party for providing research, activities, or services on behalf of the Operator,
-
7.5.6. PD of Users may be transferred to authorized state bodies of the Russian Federation as defined by current laws of the Russian Federation.
7.6. When processing PD of Users, the Operator is guided by:
-
7.6.1. Federal Law No. 152-FZ On Personal Data dated July 27, 2006,
-
7.6.2. Decree of the Government of the Russian Federation No. 1119 On approval of requirements for protecting personal data when processing in personal data information systems dated November 1, 2012,
-
7.6.3. Order of the Federal Service for Technical and Export Control (FSTEC) of Russia No. 21 On approval of composition and content of organizational and technical measures to ensure security of personal data when processing in personal data information systems dated February 18, 2013,
-
7.6.4 By Order of the Federal Security Service of Russia No. 378 On approval of composition and content of organizational and technical measures to ensure security of personal data when processing in personal data information systems using cryptographic information protection tools necessary to fulfill requirements established by the Government of the Russian Federation for each of the security levels to protect personal data dated July 10, 2014:
-
7.6.5. The Operator takes necessary organizational and technical measures to protect the User's PD from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, or other illegal actions of third parties.
-
7.6.6. Together with Users, the Operator takes all necessary measures to prevent losses or other negative consequences caused by loss or disclosure of personal data.
8. Mandatory data storage
8.1. According to this Policy, Users may have limited rights, as defined in current laws. Such restrictions may include obligation of the Operator to keep information changed or deleted by Users, for the period established by law, and/or transfer such information to state body, as defined by law.
9. Information about protecting personal data security
9.1. The operator assigns a person responsible for organizing the processing of personal data to fulfill obligations defined by the Federal Law On Personal Data and related regulations.
9.2. The operator applies a set of legal, organizational, and technical measures to ensure PD security and confidentiality and protect PD from illegal actions:
-
9.2.1. Establishes rules for access to PD being processed in the information system of the Operator, as well as ensures recording and accounting of all related actions,
-
9.2.2. Assess damage that may be caused to Users in case of violating the Federal Law On Personal Data,
-
9.2.3. Determines PD security risks when processing PD in the information system of the Operator,
-
9.2.4. Takes organizational and technical measures and uses information security tools necessary to achieve the established level of PD security,
-
9.2.5. Monitors unauthorized access to PD and takes responsive measures, including restoration of PD modified or destroyed due to unauthorized access,
-
9.2.6. Evaluates effectiveness of measures taken to ensure PD security prior implementing the Operator's information system,
-
9.2.7. Carries out internal control for compliance of PD processing requirements as defined in the Federal Law On Personal Data, related regulations, requirements for PD protection, Policy, statements, and other local acts, including control over measures taken to ensure security of PD and PD security level when processing in the information system of the Operator.
10. Information about the Operator
10.1. The database with PD of Users who are citizens of the Russian Federation, is in the Russian Federation.
10.2. To exercise their rights and legal interests, Users have right to contact the Operator by sending a request personally or with the help of a representative at the address specified in clause 1.1. of the Policy or to the email specified on the Website. The request must contain the information specified in Part 3 of Article 14 of the Federal Law On Personal Data.