regarding the processing of customer personal data
individual businessman Markov Nikolai Alekseevich
1. General Provisions
1.1 This document was adopted pursuant to clause 2 of part 1 of article 18.1 of the Federal Law No. 152-ФЗ dated July 27, 2006 “On Personal Data” (hereinafter referred to as the Law “On Personal Data”) and determines the policy of individual entrepreneur Markov Nikolai Alekseevich (hereinafter Operator) in relation to the processing of personal data of clients when the Operator performs business (economic) activities, as well as procedures aimed at preventing and detecting violations of the legislation of the Russian Federation in the field of protection of persons ial data and elimination of the consequences of such violations.
1.2 Clients of the Operator in order to apply this Policy are the following individuals:
- visitors to Internet sites owned by the Operator and located at: https://locawallet.com/, https://lo.cards/, https://locards.ru/, https://locards.io/. (hereinafter - the site of the Operator);
- individuals who enter into agreements with the Operator of a civil nature, including providing their personal data in connection with the intention to conclude such an agreement or to receive information about the services provided by the Operator and other Operator activities;
- individuals acting as representatives (including managers) and employees of legal entities and individual entrepreneurs with whom the Operator enters into agreements of a civil legal nature, including providing their personal data in connection with the intention to conclude such an agreement or to receive information about services, rendered by the Operator and other activities of the Operator;
1.3 All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
This Policy does not apply to the processing and protection of personal data of employees of the Operator.
2. Terms and definitions
2.1 For the purposes of this Policy, the following basic terms are used:
- personal data - any information relating directly or indirectly to a specific or designated individual (subject of personal data);
- personal data processing - any action (operation) or a set of actions (operations) performed with the use of automation tools or without using such tools with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- distribution of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
- provision of personal data - actions aimed at disclosing personal data to a specific person or a specific circle of persons;
- information - information (messages, data) regardless of the form of their presentation.
2.2 The meaning of other concepts specified in this Policy is determined in accordance with the Law “On Personal Data”, other regulatory legal acts adopted in the field of personal data protection, as well as other norms of the legislation of the Russian Federation.
3. Purposes of processing personal data of clients, the procedure for providing and withdrawing consent from clients for the processing of personal data
3.1 The processing of customer personal data is carried out in order to:
- providing customers with information about the services provided by the Operator, the work performed by the Operator, products and other objects of civil rights realized by the Operator;
- consideration of issues related to the possibility of further cooperation between the Operator and the individual;
- conclusion and execution with an individual of contracts related to the entrepreneurial (economic) activities of the Operator;
- conclusion and execution with the legal entity of contracts related to the entrepreneurial (economic) activities of the Operator;
- the Operator carries out an analysis of the quality and volume of services rendered to them, work performed, goods sold.
3.2 The operator has the right to process personal data of clients with their consent, unless otherwise provided by law.
3.3 Consent to the processing of personal data can be executed by the client in the following ways:
- in simple written form by sending it directly to the address of the location of the Operator;
- in electronic form on the website of the Operator by affixing a sign on familiarization and agreement with this Policy on the relevant page of the website of the Operator;
- in a different way.
3.4 In the event that the client completes the consent in electronic form on the Operator’s site, the client agrees to Nikolay Alekseyevich Markov, an individual entrepreneur (TIN 263403162204, PSRN 308263503900040, place of residence: 50 years VLKSM, 18, sq. .155; place of business: Stavropol, Pirogov st., 42/1, off. 42) automated, as well as without the use of automation tools, the processing of his personal data, namely, the actions provided for in paragraph 3 of Article 3 of the Law Persian tional data. " In this case, the client agrees to the processing of personal data subject to the following conditions:
- a list of personal data for the processing of which consent is given:
- last name, name, patronymic;
- gender, age;
- date and place of birth;
- passport data of a citizen of the Russian Federation;
- driver's license data;
- data of the certificate of state registration of the vehicle;
- address of registration at the place of residence and address of actual residence;
- phone number (home, mobile);
If the client does not wish to consent to the processing of any personal data specified in this clause, he has the right after the consent has been filed on the Operator’s website to send him a corresponding notification by email to email@example.com
- the period during which the consent is valid: the consent to the processing of personal data is valid from the date of its registration on the Operator's site until the day of its withdrawal;
- method of revocation of consent: revocation of consent for the processing of personal data can be drawn up in a simple written form with the customer’s signature and date. A review issued in this way can be sent to the address of the location of the Operator, handed over to the authorized representative of the Operator against signature, or sent in a scanned form by e-mail to firstname.lastname@example.org.
3.5 Consent to the processing of personal data under the conditions set forth in paragraph 3.4 of this Policy is also considered provided by the client when sending any electronic message to the Operator using the Operator's website.
3.6 All the ways of concluding consent provided for in this Policy have the same legal value; Using one of the methods of consent is sufficient to express the will of the client.
4. Customer rights related to the processing of personal data
4.1 The client has the right to:
4.1.1 Access and view personal data.
4.1.2 Require the Operator to clarify, eliminate or correct incomplete, incorrect, obsolete, invalid, illegally obtained or not necessary personal data for the Operator.
4.1.3 Receive from Operator:
- information about persons who have access to personal data or who may be granted such access;
- list of processed personal data and the source of their receipt;
- terms for processing personal data, including terms of their storage;
- information on what legal consequences for the subject of personal data may entail the processing of his personal data.
4.1.4 Require the Operator to notify all persons to whom previously incorrect or incomplete personal data were communicated of all exceptions, corrections or additions made to them
4.1.5 Appeal against the authorized body for the protection of the rights of subjects of personal data or in court the illegal actions or omissions of the Operator in the processing and protection of his personal data.
4.1.6 Perform other actions stipulated by the legislation of the Russian Federation in the field of personal data protection.
4.2 All requests from the Client regarding the processing of his personal data can be sent to the operator by e-mail: email@example.com.
5. Access to personal data of clients and their protection
5.1 The list of persons having access to personal data by the client, including information systems of personal data, is established by order of the head of the Operator.
5.2 The right of access to the premises of the Operator where material personal data carriers are located, as well as the right of access to personal data information systems owned by the Operator, are exclusively provided to the persons listed in the list approved in accordance with clause 5.1 of this Policy. The access of other persons to such premises and to personal data information systems is provided in the presence and with the consent of persons who have access to personal data of clients.
5.3 Persons who have access to personal data of customers are required to:
- ensure the safety of material carriers of personal data, including by storing data of material carriers (including paper documents) in the premises at the address: Stavropol, ul. Pirogov, 42/1, of. 42;
- Comply with the restrictions on access to personal data information systems established by this Policy (including by setting passwords that provide access to the technical means of such information system);
- immediately notify the head of the Operator of all facts of unauthorized access to personal data and their illegal processing.
5.4 By order of the head of the Operator, an employee is appointed who is responsible for organizing the processing of personal data and ensuring the security of customer personal data in information systems, which ensures:
- internal control over the observance by the Operator and its employees of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, as well as the policy of the Operator regarding the processing of personal data, the local acts of the Operator;
- bringing to the notice of the Operator’s employees the provisions of the legislation of the Russian Federation on personal data, local acts on the processing of personal data, requirements for the protection of personal data;
- organizing the reception and processing of requests and requests from customers or their representatives and (or) monitoring the reception and processing of such requests and requests;
- accounting of computer-borne personal data by compiling and agreeing with the head of the Operator an appropriate written list of computer-aided media;
- timely detection of facts of unauthorized access to personal data of customers and the immediate communication of this information to the head of the Operator;
- avoidance of impact on the technical means with which the processing of personal data of customers is carried out, as a result of which their functioning may be impaired;
- recovery of personal data of customers modified or destroyed due to unauthorized access to them;
- constant control over ensuring the level of protection of personal customer data;
- when violations of the procedure for providing personal data of clients are detected, immediate suspension of the provision of personal data to users of the personal data information system until the causes of violations are identified and those causes are eliminated;
- reviewing and drawing up opinions on the facts of non-compliance with the storage conditions of material carriers of clients' personal data, use of information security tools that may lead to breaches of confidentiality of customers' personal data or other violations leading to a decrease in the level of protection of customers' personal data, development and adoption of measures to prevent possible dangerous consequences of such violations.
6. Responsibility for violation of the rules governing the processing of personal data
6.1 Persons guilty of violating the procedure for handling personal data of clients are subject to disciplinary, administrative, civil law or criminal liability in accordance with the requirements of the legislation of the Russian Federation.
7.1 This Policy enters into force upon its approval by the Head of the Operator.
7.2 Changes to this Policy are made by the decision of the head of the Operator. The changes entered into force upon approval of the new version of the Policy by the Head of the Operator.
7.3 By visiting the Operator's website, using the information posted on it, the Client acknowledges that they have read this Policy and agree to its terms.
7.4 This Policy is publicly available. The general availability of this Policy is ensured by the publication of its text in electronic form on the Operator’s website, as well as on paper at the address of the Operator’s location, with the opportunity for anyone interested to familiarize yourself with it.