Regulations on processing personal data
other than employees of LLC Guardian Steklo Services, LLC Guardian Steklo Ryazan, LLC Guardian Steklo Rostov
1.1 These Personal Data Processing Regulations (the “Regulations”) determine the policy of LLC Guardian Steklo Services (17a, Uzhniy Promuzel District, Ryazan Region, Ryazan, 390011, Russia), LLC Guardian Steklo Ryazan (17a, Uzhniy Promuzel District, Ryazan Region, Ryazan, 390011, Russia), LLC Guardian Steklo Rostov (1, Sodruzhestva street, Krasny Sulin, Krasnosulinsky district, Rostov region,346353, Russia) - hereinafter “Guardian” - for processing the personal data of individuals other than Guardian employees. These Regulations will apply to personal data received by Guardian from third parties, including, but not limited to, users of Guardian web-sites and services (the “Users”), employees of Guardian's counterparties and other persons with whom Guardian communicates within the scope of its business activities (collectively the “Data Subjects”)
1.2 Guardian engages in personal data processing on the basis of these Regulations and other regulatory acts of the Russian Federation, including Federal Law No. 152-FZ of the Russian Federation dated 27 July 2006 "On Personal Data".
1.3 Personal data may be processed for the following purposes:
- for collaboration between Guardian and employers of Data Subjects on performing contractual obligations;
- for providing Data Subjects with information about goods and services of Guardian and its affiliates and about campaigns and events to be held, including for developing and issuing bespoke marketing proposals;
- for ensuring that Guardian performs its obligations to the Users under user agreements and the most effective collaboration is arranged between Guardian and the Users;
- for improving and enhancing the quality of Guardian services and web-sites;
- for achieving statistical and research objectives;
- for other purposes specified by Russian regulations.
1.4 The current version of the Regulations is available on the Internet at all times at: (https://www.guardian-russia.ru/personal-data-processing). Guardian may, from time to time, amend these Regulations to align them with the effective legislation of the Russian Federation and the personal data processing and protection methods it employs. If these Regulations are to be amended, Guardian shall notify the Data Subjects accordingly by posting the new version hereof on the web-site or, should it so choose, if significant changes are to be made to the key provisions hereof, by communicating this by email.
2 Composition of Processed Information
2.1 Data Subjects’ Personal Data
Data Subjects’ personal data may include:
- name, patronymic, surname;
- profession, employer and position;
- contact details;
- additional data provided by a Data Subject, such as date of birth, marital status, education, areas of interest and hobbies.
2.2 User Additional Data:
Guardian may also process the following User-related information, including:
2.2.1 additional data received when a web-site is accessed that include information about interaction with the web-site, the User’s subsequent actions thereon, details of the site through which the web-site is accessed, the duration of the visit made to the web-site and the time and date it is visited;
2.2.2 information automatically received when a Web-site is accessed (cookies).
Even though said information is processed in anonymised form, in doing so Guardian shall take the same steps to ensure data security and protection as when the Users’ personal data are processed
3 Processing Users’ Personal Data
3.1 Guardian processes personal data provided consent from the Data Subjects is provided by the time the personal data processing is launched. Personal data may be processed without the Data Subjects’ consent only on the conditions permitting such processing to be effected pursuant to Federal Law No. 152-FZ dated 27 July 2006 “On Personal Data”.
3.2 Guardian’s methods for processing the Data Subjects’ personal data include:
- collecting personal data via the Web-Site;
- recording, accumulating and storing personal data;
- adjusting (updating, changing) personal data;
- retrieving personal data;
- using and transferring (distributing, providing and accessing) personal data;
- cataloguing personal data;
- anonymising personal data and using anonymised personal data for statistical and marketing purposes;
- blocking personal data;
- deleting and destroying personal data.
3.3 Guardian may instruct another party to process personal data subject to receiving prior consent from the data subject. Guardian is liable to the data subject for said party’s actions.
3.4 Guardian may transfer personal data to a foreign territory within the limits and on the conditions specified in article 12 of Federal Law No. 152-FZ of the Russian Federation dated 27 July 2006 "On Personal Data”.
4 Personal Data Protection Measures
4.1 Guardian ensures confidentiality of the processed personal data, i.e., undertakes not to disclose personal data to third parties and not to distribute personal data without the consent of the Data Subject unless otherwise is specified by regulations of the Russian Federation.
4.2 In order to ensure confidentiality of Data Subjects’ personal data, Guardian shall specifically:
- ensure that the personal data are protected at the appropriate level in accordance with the Russian regulations;
- appoint a person responsible for personal data processing arrangements;
- establish rules for accessing personal data processed in a personal data information system and ensure that all operations with personal data in such system are registered and logged;
- ensure that media containing personal data are logged and protected; limit and control access to such media.
- use information protection facilities that have undergone due compliance assessment;
- ensure that instances of unauthorised access to personal data are identified and take steps to prevent them; ensure that personal data modified or destroyed as a result of unauthorised access are recovered;
- limit the number of persons with access to personal data; ensure that Guardian employees directly engaged in personal data processing familiarise themselves with the personal data regulations of the Russian Federation, including the personal data protection requirements and documents governing the operator's personal data processing policy, as well as with internal personal data processing regulations;
- at all times, check compliance by the personal data processing practices with regulatory acts of the Russian Federation, as well as with Guardian’s internal regulations.
4.3 If personal data are to be transferred to a third party, Guardian's contract with said party should contain the latter’s obligation to take all the personal data protection measures specified in clause 4. 2. of these Regulations; Guardian undertakes to check compliance with this provision.
5 Data Subject Rights
5.1 A Data Subject may request information pertaining to processing of their personal data in the manner specified by the Russian regulations.
5.2 A Data Subject may demand that the processed personal data be updated.
5.3 A Data Subject may, at any time, revoke its consent to the personal data being processed, in full or in part. If the above consent is revoked by the Data Subject, Guardian retains the right to process the personal data without the consent of the Data Subject in order to honour the rights and lawful interests of Guardian and third parties. Moreover, Guardian retains the right to process the Data Subjects’ anonymised data for statistical and other research purposes.
Any requests and claims, including the demands specified in section 5 of these Regulations are to be sent by a Data Subject in simple written form specifying the details prescribed by the effective personal data legislation of the Russian Federation to [email protected]