PERSONAL DATA POLICY
Personal data collection, storage, processing and protection policy (Personal data Policy)
These Rules are the official document of the Company that determines the procedure of processing and protecting information about Users of the Website https://www.stone-crafting.com/.
Relations related to the collection, storage, distribution and protection of User’s Personal data are governed by this Policy, other local regulations of the Company and the legislation of the Russian Federation.
The Company collects, uses and protects the Personal data that Users provide to the Company when using out Website from any device and when communicating with the Company in any form, in accordance with this Policy, as well as when concluding any contracts and agreements with the Company.
By using the Website and providing his/hers personal data, the User consents to the processing of his personal data in accordance with this Policy.
If the User disagrees with the terms of these Policy, the use of the Website and its services must be terminated immediately.
1.1. Personal data - any information relating directly or indirectly to a specific or identifiable person.
1.2. Processing of Personal data - any actions or a set of actions in relation to the User's personal data, including collection, recording, systematization, accumulation, storage, updating and modification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction, both with and without the use of systems for automated processing of personal data.
2.1. The Company's personal data processing policy is an official document and defines the basic principles, goals, conditions and methods of personal data processing, lists of subjects and personal data processed in the Company, the Company's functions in the processing of personal data, the rights of personal data subjects, as well as the requirements for protection of personal data.
2.2. The Policy is based on the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
2.3. The provisions of the Policy serve as the basis for the development of local regulations governing the processing of personal data of Users in the Company.
2.4. The purpose of this Policy is to ensure proper protection of Users' personal data from unauthorized access and illegal disclosure.
2.5. Relations related to the collection, storage, processing, distribution and protection of information about users of the Website are governed by this Policy, other official documents of the Company and the current legislation of the Russian Federation.
2.6. The current version of the Policy, which is a public document, is available to any Internet user by clicking on the link of the corresponding section of the Company's website. The company has the right amend this Policy. When making amendments to the Policy, the Company notifies users of this by posting a new version of the Policy on the Company's website no later than 10 days before the relevant amendments are enforced. Previous versions of the Policy are stored in the archive of the Contractor's Company documentation. At the same time, continuing to use the Website after making changes and / or additions to this Policy means that the User agrees with such changes and / or additions, in connection with which the Company undertakes to regularly notify the User about changes to the Policy posted on the Website. If the User does not agree to accept the new version of the Policy, he undertakes to contact the email address stone email@example.com with a notice of termination of the Agreement on the use of the Website. Based on this notification, the Company undertakes to destroy all previously collected personal data of the User.
2.7. In the event of a conflict between this Policy and other official documents of the Contractor's Company, this Policy shall be applied.
2.8. By visiting the Website, filling out feedback forms on the Website in the "Services" section of the Site, the User agrees to the terms of this Policy.
2.9. If the User disagrees with the terms of this Policy, the usage of the Website must be terminated immediately.
3.1. Providing services for the operation of the Website and its services, the Company, acting reasonably and in good faith, believes that the User:
3.1.1. has all the necessary rights to enable him to use the Website;
3.1.2. indicates truthful information about himself in the amount necessary to use the services of the website;
3.1.3. is informed of this Policy, expresses his consent to it and freely, by his own will and in his interest, assumes the rights and obligations specified in it.
4.1. The Company processes the Users' Personal data in order to fulfill the Company's obligations to the Users regarding the use of the Website, including:
4.1.1. Informing Users about the works and services and goods performed or being sold by the Company;
4.1.2. Conclusion with the Users of contracts for the performance of work, sales contracts and other contracts provided for by the legislation of the Russian Federation.
4.2. We process technical data for:
4.2.1. ensuring the functioning and security of the Website;
4.2.2. improving the quality of the Website.
4.3. The Company does not post personal data in any publicly available sources. The Company makes decisions that give rise to legal consequences in relation to Users or otherwise affect their rights and legitimate interests, on the basis of exclusively automated processing of its personal data only with the consent of the User in writing.
4.4. By virtue of Article 6 of the Federal Law of Russian Federation of July 27, 2006 No. 152 "On Personal Data", a separate User's consent to the processing of his personal data is not required. The company processes personal data with prior notification of the authorized body for the protection of the rights of subjects of personal data.
5.1. The processing of personal data by the Company is carried out using automation tools.
5.2. Processing and transmission of user data is performed using modern encryption methods (HTTPS, SSL / TLS protocols).
6.1. Users' Personal data collected by Company include:
6.1.1. provided by the Users and the minimum necessary for the User to fill out the feedback forms on the Website: name, mobile / home phone number, e-mail address, other Personal data that the User deemed necessary to indicate in the "comments to the order" column.
6.1.2. Surname, name, patronymic, information about bank details, data about the place of registration, other data that the User provided when concluding an agreement with the Company in written form.
6.1.3. technical data about the IP address, proxy server, operating system of the computer and Mobile device, web browser, add-ons, device identifier and capabilities and / or about the Internet service provider or mobile operator, location;
6.1.4. cookies and similar technologies (including web beacons, single-pixel images, advertising tags and device identifiers) to recognize the User and / or his device (s) within, outside and in general when using various Services and devices;
6.1.5. data on the geolocation of the User's devices;
6.1.6. The User cannot refuse to use and process his technical data specified in clauses 6.1.2-6.1.4 because this significantly complicates the functioning of the Website, makes it difficult and impossible to use the Website Services. If the User disagrees with the use of technical data, the use of the Website must be terminated immediately.
7.1. The processing of Personal data is carried out on the basis of the principles:
7.1.1. the legality of the purposes and methods of processing personal data;
7.1.2. good faith;
7.1.3. compliance of the purposes of processing personal data with the purposes predetermined and declared in the collection of personal data, as well as the powers of the Company;
7.1.4. correspondence of the volume and nature of the processed personal data, methods of processing personal data to the purposes of processing personal data. The Company undertakes not to collect or process the personal data of Users that are redundant in relation to the stated purposes of their processing;
7.1.5. the prohibition of combining databases containing personal data created for incompatible purposes;
7.1.6. the principle of ensuring the accuracy of personal data during their processing, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data. The Company undertakes to take the necessary measures or ensure their adoption to remove or clarify incomplete or inaccurate data;
7.1.7. The storage of Personal data should be carried out in a form that makes it possible to determine the subject of personal data, no longer than the purpose of processing personal data requires, unless the storage period for personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data are subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by Russian federal law.
8.1. The collection of the User's Personal data is carried out on the Website when filling out feedback forms, as well as when an individual concludes any agreements provided for by the civil legislation of the Russian Federation with the Company.
8.2. The personal data provided for in clause 6.1 of this Policy are provided by the User and are necessary for the correct provision of goods and works and informing the User about the goods and works of the Company.
9.1. The server with the personal data of the Website Users is located on the territory of the Russian Federation. The personal data of users is stored exclusively on electronic media and processed using automated systems, except for cases when manual processing of personal data is necessary in connection with compliance with legal requirements.
9.2. The Personal data of the Users are not transferred to any third parties, except for the cases expressly provided for in this Policy.
9.3. The provision of personal data of Users at the request of state bodies (police, prosecutors, courts and others) and local governments is carried out in the manner prescribed by law.
9.4. The Company does not entrust the processing of personal data of Users to other persons.
9.5. The Company does not carry out cross-border transfers of Users' personal data.
10.1. Destruction of Personal data - actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
10.2. The User's personal data are destroyed in the following cases:
10.2.1 The User sent a request to terminate the processing of personal data by sending a request in writing to the email address firstname.lastname@example.org.
11.1. Users have the right to:
11.1.1 require the Company to clarify its personal data, update, block or destroy it if such data is incomplete, outdated, unreliable, illegally obtained or is not necessary for the stated purpose of processing;
11.1.2 on the basis of a request, receive information from the Company regarding the processing of his personal data;
11.1.3 as well as other rights granted to them on the basis of the Russian Federal Law "On Personal Data".
12.1. The storage and processing of personal data is carried out during the entire period of the User Agreement.
13.1. The company takes technical, organizational and legal measures in order to ensure the protection of the User's personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.
13.2. The Company guarantees that it has passed the appropriate certification to ensure information security, conducted and systematically checks the technical aspects of the interaction of the system components of the Website, as well as checks the technical and information technology equipment for compliance with security standards.
13.3. The Company has adopted local acts on the security of personal data. Company employees who have access to personal data are familiar with this Policy and local acts on the security of personal data.
13.4. The company provides the following measures to protect the information stored on the server:
13.5.1 restricting network access to the server;
13.5.2 organization of monitoring the technical state of servers and levels of protection and information recovery;
13.5.3 appointment of officials responsible for organizing the processing and protection of personal data;
13.5.4 carrying out regular backup of information;
13.5.5 identification of threats to the security of personal data during their processing, the formation of threat models on their basis;
13.5.6 use, where necessary, means of firewalling, intrusion detection, security analysis and cryptographic information protection means;
13.5.7 organization of access control to the territory of the Company, security of premises with technical means for processing Personal data.
13.5.8 conducting an audit of User actions and timely detection of facts of unauthorized access to information;
13.5.9 installing and using anti-virus software (with updating the virus databases);
13.5.10 taking measures to limit the circle of persons who have access to the server where the personal data of the Users is stored.
4.1 Users have the right to send their requests to the Company regarding the processing of their personal data in writing to the email address email@example.com.
4.2.The request must contain the number of the main document proving the identity of the subject of personal data or his representative (passport, ID etc.) , information about the date of issue of the specified document and the issuing authority, information confirming the participation of the subject of personal data in relations with the operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of personal data processing by the operator, the signature of the personal data subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
14.3 The Company undertakes to consider and send a response to the User's request within 5 working days from the date of receipt of the request.
14.4 All correspondence received by the Company from Users (requests in writing or electronic form) refers to information of limited access and is not disclosed without the written consent of the User. Personal data and other information about the User who sent the request cannot be used without the express consent of the User other than to respond to the topic of the received request or in cases expressly provided for by law.
15.1 The company is constantly working to improve the quality of goods, works and services. This means that the Company receives new data and, over time, may create new ways to use the data.
15.2 The Company's services are constantly being improved. The company often implements new features that may require data collection. In the event that the Company begins to collect fundamentally different personal data or significantly changes the ways of using your data, the Company will notify the Users and also make changes to this Policy.
15.3 Other rights and obligations of the Company as a personal data operator are determined by the legislation of the Russian Federation in the field of personal data.
15.4 Company officials who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by federal laws.