User Agreement
1. general provisions
This Policy regarding the processing of personal data (hereinafter - "Policy") is prepared in accordance with paragraph 2, part 1, article 18.1 of the Federal Law of the Russian Federation "On Personal Data" № 152-FZ of July 27, 2006 (hereinafter - "Law") and defines the position of Smart Unit LLC in the field of processing and protection of personal data (hereinafter - "Data"), respect for the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrecy..
2. Scope of application
2.1. This Policy applies to Data collected both before and after the implementation of this Policy.
2.2. Realizing the importance and value of Data, as well as taking care to respect the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company ensures reliable protection of Data.
3. Definitions
3.1. Data means any information related to a directly or indirectly defined or identifiable natural person (citizen), i.e. such information, in particular, includes: surname, first name, patronymic, e-mail, phone number, ip address, Country, Region, City, City District, Index, Address, Company, Fax, E-mail, Commentary.
3.2. Data processing means any action (operation) or set of actions (operations) with Data performed with the use of automation tools and/or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unlawful and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data..
4. Legal basis and purposes of Data processing
4.1. The Company shall process and ensure the security of Data in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, bylaws, other federal laws of the Russian Federation defining the cases and peculiarities of Data processing, guiding and methodological documents of FSTEC of Russia and FSB of Russia.
4.2. The subjects of Data processed by the Company are: clients - consumers, including visitors to the website http://smart-erp.pro/ owned by the Company..
4.3. The Company shall process Data Subjects for the following purposes: to fulfill the functions, powers and duties assigned to the Company by the legislation of the Russian Federation in accordance with federal laws, including, but not limited to: Civil Code of the Russian Federation, Tax Code of the Russian Federation, Labor Code of the Russian Federation, Family Code of the Russian Federation, Federal Law dated 01.04.1996. No. 27-FZ "On Individual (Personified) Accounting in the Compulsory Pension Insurance System", Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006, Federal Law No. 53-FZ "On Military Duty and Military Service" dated 28.03.1998, Federal Law No. 31-FZ "On Mobilization" dated 26.02.1997. No. 31-FZ "On Mobilization Preparation and Mobilization in the Russian Federation", Federal Law No. 14-FZ "On Limited Liability Companies" dated 8.02.1998, Federal Law No. 2300-1 dated 07.02.1992 "On Protection of Consumer Rights", Federal Law No. 129-FZ "On Accounting" dated 21.11.1996. No. 129-FZ "On Accounting", Federal Law of 29.11.2010 No. 326-FZ "On Compulsory Medical Insurance in the Russian Federation", Customers - consumers in order to: provide information on goods/services, ongoing promotions and special offers; informing about the status of the order.;
5. Principles and conditions of Data processing
5.1. When processing Data, the Company adheres to the following principles: Data processing is carried out on a lawful and fair basis; Data is not disclosed to third parties or distributed without the Data subject's consent, except in cases requiring disclosure of Data at the request of authorized state authorities or legal proceedings; specific legitimate purposes are defined prior to processing (including collection) of Data; only those Data are collected that are necessary and sufficient for the stated purpose of processing; databases are merged; data are collected only for the purpose of data processing; data are collected only for the purpose of data processing; and data are collected only for the purpose of data collection..
5.2. The Company may include the Data of subjects in publicly available Data sources, whereby the Company takes the written consent of the subject to the processing of his/her Data, or by expressing consent through a website form, by clicking on which the personal data subject expresses his/her consent.
5.3. The Company does not process Data concerning race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.4. Biometric Data (information that characterizes physiological and biological features of a person, on the basis of which it is possible to establish his/her identity and which is used by the operator to establish the identity of the Data subject) is not processed in the Company.
5.5. The Company does not carry out cross-border transfer of Data.
5.6. In cases stipulated by the legislation of the Russian Federation, the Company may transfer Data to third parties (federal tax service, state pension fund and other state bodies) in cases stipulated by the legislation of the Russian Federation.
5.7. The Company has the right to entrust the processing of Data Subjects' Data to third parties with the consent of the Data Subject on the basis of an agreement concluded with such parties, including consent to the User Agreement and the Personal Data Processing Policy posted on the website.
5.8. Persons processing Data on the basis of a contract (operator's order) concluded with the Company undertake to comply with the principles and rules of Data processing and protection provided by the Law. For each third party, the contract defines the list of actions (operations) with Data to be performed by the third party processing the Data, the purposes of processing, establishes the obligation of the third party to maintain confidentiality and ensure the security of Data during their processing, and specifies the requirements for the protection of processed Data in accordance with the Law.
5.9. In order to fulfill the requirements of the applicable laws of the Russian Federation and its contractual obligations, the Company processes Data both with and without the use of automation tools. The totality of processing operations includes collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Company is prohibited from making decisions based solely on automated processing of Data that give rise to legal consequences in relation to the Data subject or otherwise affect his/her rights and legitimate interests, except in cases provided for by the legislation of the Russian Federation.
6. Rights and obligations of Data subjects and the Company with regard to the processing of Data
6.1. The Data Subject whose Data is processed by the Company has the right:
- receive from the Company: confirmation of the fact of Data processing and information on the availability of Data related to the respective Data subject; information on the legal basis and purposes of Data processing; information on the methods of Data processing applied by the Company; information on the name and location of the Company; information on persons (excluding Company employees) who have access to Data or to whom Data may be disclosed on the basis of a contract with the Company or on the basis of federal law; a list of Data processed related to the Data subject; information on the data being processed by the Company; and information on the data processing methods used by the Company.;
- demand from the Company: to clarify his Data, block or destroy it if it is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing; to withdraw his consent to the processing of Data at any time; to demand elimination of unlawful actions of the Company in relation to his Data; to appeal against actions or omissions of the Company to the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) or in court in the event that the Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
- to protect their rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court order.
6.2. In the process of Data processing, the Company is obliged to: provide the Data subject, upon his/her request, with information concerning the processing of his/her Data, or legally refuse to do so within thirty days from the date of receipt of the Data subject's or his/her representative's request; explain to the Data subject the legal consequences of refusing to provide Data, if the provision of Data is mandatory in accordance with federal law; provide the Data subject with the following information prior to the commencement of Data processing (if the Data is not received from the Data subject):
1) name or surname, name, patronymic and address of the Company or its representative;
2) the purpose of Data processing and its legal basis;
3) intended users of Data;
4) the rights of Data subjects as established by the Law;
5) take the necessary legal, organizational and technical measures or ensure that they are taken to protect Data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other unlawful actions in relation to Data; publish on the Internet and provide unrestricted access using the Internet to the document defining its policy regarding the processing of Data, to the information on the Data protection requirements being implemented;
Provide Data subjects and/or their representatives with the opportunity to familiarize themselves with the Data upon request within 30 days from the date of receipt of such a request; block unlawfully processed Data related to the Data subject or ensure their blocking (if the Data processing is carried out by another person acting on behalf of the Company) from the moment of request or receipt of a request for the period of verification, in case of detection of unlawful processing of Data upon request of the Data subject or his/her representative; cease unlawful processing of Data or ensure the cessation of unlawful processing of Data by a person acting on behalf of the Company, in case of detection of unlawful processing of Data carried out by the Company or a person acting on the basis of a contract with the Company, within a period not exceeding 3 working days from the date of such detection; cease processing of Data or ensure its cessation (if the processing of Data is carried out by another person acting on the basis of a contract with the Company) and destroy it
Data or ensure their destruction (if Data processing is carried out by another person acting under a contract with the Company) after the purpose of Data processing has been achieved, unless otherwise provided for in the contract to which the Data subject is a party, beneficiary or guarantor, if the purpose of Data processing has been achieved; terminate Data processing or ensure its termination and destroy Data or ensure their destruction if the Data subject revokes his/her consent to Data processing, if the Company does not have the right to carry out Data processing, or if the Data subject revokes his/her consent to Data processing, if the Company does not have the right to carry out Data processing.
7. Data protection requirements
7.1. When processing Data, the Company takes the necessary legal, organizational and technical measures to protect Data from unlawful and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.
7.2. Such measures in accordance with the Law, in particular, include: appointment of the person responsible for organizing Data processing and the person responsible for ensuring Data security; development and approval of local acts on Data processing and protection; application of legal, organizational and technical measures to ensure Data security:
• Identification of threats to the security of Data during their processing in personal data information systems;
• application of organizational and technical measures to ensure the security of Data during their processing in personal data information systems, necessary to meet the requirements for the protection of Data, the execution of which ensures the levels of Data protection established by the Government of the Russian Federation;
• use of information protection means that have passed the conformity assessment procedure in accordance with the established procedure;
• assessment of the effectiveness of the measures taken to ensure the security of Data prior to the commissioning of the personal data information system;
• accounting of machine data carriers, if the Data is stored on machine data carriers;
• detecting unauthorized access to Data and taking measures to prevent such incidents in the future;
• recovery of Data modified or destroyed due to unauthorized access to it;
• establishing the rules of access to Data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with Data in the personal data information system. control over the measures taken to ensure the security of Data and the level of protection of personal data information systems;
• assessment of the harm that may be caused to Data subjects in case of violation of the requirements of the Law, the correlation between this harm and the measures taken by the Company to ensure fulfillment of the obligations stipulated by the Law;
• observance of conditions preventing unauthorized access to the material carriers of Data and ensuring the safety of Data;
• familiarization of the Company's employees who directly process Data with the provisions of the Russian Federation Data legislation, including Data protection requirements, local acts on Data processing and protection, and training of Company employees.
8. Data processing (storage) timeframe
8.1. Data processing (storage) periods are determined based on the purposes of Data processing, in accordance with the term of the agreement with the Data subject, the requirements of federal laws, the requirements of Data operators, on behalf of whom the Company processes Data, the basic rules for the work of archives of organizations, and statutes of limitation.
8.2. Data whose processing (storage) period has expired shall be destroyed, unless otherwise provided for by federal law. Storage of Data after termination of their processing is allowed only after their depersonalization.
9. Procedure for obtaining explanations on data processing issues
9.1. Individuals whose Data is processed by the Company may obtain clarifications on the processing of their Data by contacting the Company in person or by sending a written request to the Company's registered office: 677000, Republic of Sakha (Yakutia), Yakutsk, GWP, P.O. Box 76. If an official request is sent to the Company, the text of the request must include: the surname, first name, patronymic of the Data Subject or his/her representative; the number of the main identity document of the Data Subject or his/her representative, information about the date of issue of this document and the issuing authority; information confirming the Data Subject's relationship with the Company; information for feedback in order for the Company to respond to the request; signature of the Data Subject (or his/her representative). If the request is sent electronically, it must be executed as an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
10. Peculiarities of processing and protection of Data collected by the Company using the Internet
10.1. The Company processes Data received from users of the Website from the resource: http://smart-erp.pro/ (hereinafter - the Website), as well as those received to the Company's e-mail addresses
10.2. Data collection There are two main ways in which the Company obtains Data via the Internet:
10.2.1. Provision of Data Provision of Data (self-entry of data): surname first name patronymic email phone number Country Region City City District City Idex Address Company Fax Email Commentary
10.2.2. Data Subjects by sending to the Company's e-mail address: info@simplexclinic.ru
10.3. Automatically collected information The Company may collect and process information that is not personal data: ip address information about the interests of users on the Site on the basis of entered search queries of users of the Site about the goods sold and offered for sale by the Company in order to provide relevant information to the Company's customers when using the Site, as well as the generalization and analysis of information about what sections of the Site and goods are in the greatest demand among the Company's customers; processing and storage of search queries; processing and storage of information about the interests of users on the Site. The Company automatically receives some types of information received in the course of users' interaction with the Site, e-mail correspondence, etc. This refers to technologies and services such as web protocols, cookies, web notes, and applications and tools of a specified third party. That said, web tags, cookies and other monitoring technologies do not automatically make it possible to receive Data. If a user of the Website provides their Data at their own discretion, for example when filling out a feedback form or sending an e-mail, only then are processes to automatically collect detailed information for the usability of the web sites and/or to improve user interactions triggered.
10.4. Use of Data The Company has the right to use the provided Data in accordance with the stated purposes of its collection with the consent of the Data subject, if such consent is required in accordance with the requirements of the legislation of the Russian Federation in the field of Data. The Data obtained in generalized and anonymized form may be used to better understand the needs of customers of goods and services sold by the Company and to improve the quality of service..
10.5. Data transfer The Company may entrust the processing of Data to third parties only with the consent of the Data subject. Data may also be transferred to third parties in the following cases: a) As a response to lawful requests of authorized public authorities, in accordance with laws, court decisions, etc. b) Data may not be transferred to third parties for marketing, commercial and other similar purposes, except with the prior consent of the Data subject..
10.6. The Site contains links to other web resources, which may contain useful and interesting information for the Site users. At the same time, this Policy does not apply to such other sites. Users who follow links to other websites are advised to familiarize themselves with the Data Processing Policies posted on such websites.
10.7. The Website User may withdraw his/her consent to the processing of Data at any time by sending a message to the Company's e-mail address: info@simplexclinic.ru, or by sending a written notice to the Company's address: 677000, Yakutsk, After receiving such a message, the processing of the User's Data will be terminated and his/her Data will be deleted, except for cases when the processing may be continued in accordance with the law. Final Provisions This Policy is a local regulatory act of the Company. This Policy is publicly available. Public availability of this Policy is ensured by publication on the Company's Website. This Policy may be revised in any of the following cases: in case of changes in the legislation of the Russian Federation in the field of processing and protection of personal data; in case of receiving instructions from competent state authorities to eliminate inconsistencies affecting the scope of the Policy; by decision of the Company's management; in case of changes in the purposes and terms of Data processing; in case of changes in the organizational structure, structure of information and/or telecommunication systems (or introduction of new ones); in case of application of new technologies; in case of changes in the structure of the Company's information and/or telecommunication systems (or introduction of new ones)..
In case of failure to comply with the provisions of this Policy, the Company and its employees shall be liable in accordance with the applicable laws of the Russian Federation. Control over compliance with the requirements of this Policy shall be exercised by persons responsible for the organization of the Company's Data processing, as well as for personal data security.