PRIVACY POLICY

1. General Provisions

1.1 This Privacy Policy of the Individual Entrepreneur Pokrovskaya Julia Viktorovna, OGRNIP: 308715408700132, TIN: 710704694590, (hereinafter - "Operator") determines the procedure for processing personal data and measures to ensure the security of personal data.

The Policy is developed in fulfillment of the requirements of para. 2 ч. 1 part 1 of Article 18.1 of the Federal Law dated 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter - the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms in the processing of personal data, including the protection of the right to privacy, personal and family secrecy.

1.2 Pursuant to the requirements of paragraph 2 of Article 18.1 of the Law on Personal Data, this Policy is published in free access in the information and telecommunication network Internet on the Operator's website: https://novo-alesovo.site.

1.3 The legal basis for personal data processing is a set of legal acts, pursuant to which and in accordance with which the Operator processes personal data. The legal basis for personal data processing is: application, public offer, Civil Code, Federal Law No. 38-FZ "On Advertising", including the Federal Law of the Russian Federation dated July 27, 2006 No. 149-FZ "On Information, Information Technologies and Information Protection".

2. Terms and accepted abbreviations

Personal data - any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data).
Personal data authorized by the subject of personal data
for dissemination - personal data, access to which is granted by the subject of personal data to an unlimited circle of persons by giving consent
to the processing of personal data authorized by the personal data subject for dissemination.
Personal data operator (operator) - a state authority, municipal authority, legal or natural person, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
Processing of personal data means any action (operation) or set of actions (operations) with personal data, performed with or without the use of means of automation. Processing of personal data includes, but is not limited to:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (update, change);
- extraction;
- utilization;
- transfer (provision, access);
- distribution;
- depersonalization;
- blocking;
- deletion;
- destruction.
Automated processing of personal data - processing of personal data by means of computer equipment.
Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
Blocking of personal data - temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data).
to clarify personal data).
Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Personal data depersonalization - actions as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information.
Personal data information system - a set of personal data contained in databases and ensuring their processing, information technologies and technical means.
Cross-border transfer of personal data - transfer of personal data to the territory of a foreign country to a foreign government authority, a foreign individual or a foreign legal entity.

3. Procedure and conditions of personal data processing
3.1 Processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
3.2 Personal data processing is carried out with the consent of personal data subjects to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
3.3 Consent to the processing of personal data is provided when filling out special subscription forms on the Operator's website, when making an application for the conclusion of the relevant service contract (acceptance of the public offer) or directly when paying for services under the said contract (acceptance of the public offer) by checking a special "checkbox" and "I agree to the processing of my personal data.
3.4 Consent to the processing of personal data authorized by the personal data subject for dissemination is executed separately from other consents of the personal data subject to the processing of his/her personal data.
3.5 The transfer of the subject's personal data to third parties is prohibited. The exceptions are:
3.5.1. Transmission with the consent of the user.
3.5.2. Transmission to authorized bodies in accordance with the law.
3.5.3. Transfer of personal data to the Operator's partners or service providers - companies that process personal data according to a special document - Operator's order.
3.5.4 Transfer of personal data to the bodies of inquiry and investigation, Federal Tax Service, Pension Fund, Social Insurance Fund and other authorized executive authorities and organizations shall be carried out in accordance with the requirements of the legislation of the Russian Federation;
3.5.5. Transfer of personal data to persons providing legal defense of the Operator or third parties in case of violation of their rights or threat of violation of their rights, including violation of laws or regulatory documents.
3.5.6 The recipient of Operator's services or the visitor of the Website as a subject of personal data is notified and gives his/her consent to the objective necessity to allow access to his/her personal data for the Operator's software and third parties (partners or service providers of the Operator) arising in the course of operation of the Website and receipt of Operator's services. This access is provided exclusively for the purposes defined by this Policy.
3.6 Partners and service providers acting on behalf of the Operator and on the basis of respective agreements concluded with the Operator:
Joint Stock Company "amoCRM", TIN: 7709477879, KPP: 773101001, 5157746087681, Legal address: 121205, Moscow, territory of the innovation center "Skolkovo", Bolshoi Boulevard, 42, pg. 1, floor 4, room 1448, rm. 6

Actual address: 109004 Nikoloyamskaya str., 28/60, p. 1, bld. 1, e-mail address:support@amocrm.ru.

Limited Liability Company "Sistema Getkurs" TIN 9731055900, KPP 773101001, OGRN 1197746675170, Legal address: 121205, Moscow, territory of Skolkovo Innovation Center, Bolshoi Boulevard, 42, bldg. 1, room 1122, r.m.8, e-mail address: support@getcourse.ru.

3.7 The Operator performs both automated and non-automated processing of personal data.
3.8 The Operator does not intentionally process personal data of minors. The Provider recommends using the website to persons who have reached the age of 18. Responsibility for the actions of minors, including their purchase of services on the Site, lies with the legal representatives of minors. All visitors under the age of 18 must obtain the permission of their legal representatives before providing any personal information about themselves.
If the Operator becomes aware that it has obtained personal information about a minor without the consent of the legal representatives, such information will be deleted as soon as possible.
3.9 In general, the Operator does not verify the reliability of personal information provided by personal data subjects and does not exercise control over their legal capacity. The risk of providing unreliable personal data, including the provision of third party data as his/her own, is borne by the subject of personal data.
3.10. The Operator assumes that:
3.10.1 The subject of personal data provides reliable and sufficient personal information in an up-to-date state.
3.10.2 The subject of personal data is familiarized with this Policy and expresses his/her informed and informed consent to it.
3.11. The Operator shall take the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, dissemination and other unauthorized actions, including:
- determines threats to the security of personal data during its processing;
- adopts local normative acts and other documents regulating relations in the field of personal data processing and protection;
- appoints persons responsible for ensuring the security of personal data
in structural subdivisions and information systems of the Operator;
- creates necessary conditions for working with personal data;
- organizes accounting of documents containing personal data;
- organizes work with information systems in which personal data are processed;
- stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
- organizes training of the Operator's employees processing personal data.

4. Purposes of personal data processing

4.1 Only personal data that meet the purposes of processing are subject to processing. The website processes your personal data for the following purposes:

Objectives

Categories of subjects
List of personal data
Categories of PDs

Actions with PD
Terms of processing
Registration on the Site
Client (private person)
- FULL NAME;
- phone number;
- e-mail;
- Telegram nickname

General/others

Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use.
Within 5 years from the date of the last activity on the Operator's Website
Providing an opportunity to use the Operator's goods, works and services
- Customer (individual);
- Client's representative (physical person)
- FULL NAME;
- e-mail address;
- Telegram nickname
- contact phone number;
- IP address;
- Cookies data (necessary)
- password from the Operator's website;
- Information on site visits provided by statistics services.
General
Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use.
- Contract validity period
- 5 years upon expiration of the contract
- Until revocation of consent to processing

Obtaining feedback, reviews and recommendations from the Subject, conducting surveys for effective communication with existing
and potential clients of the Operator.

- Client (physical person);
- Client's representative (physical person)

- FULL NAME;
- phone number;

General
Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, usage
Until revocation of consent to data processing

Information and promotional mailings

Counterparty - Client/Partner (natural person), representative of the counterparty (natural person), user of the counterparty, Webinar participant.

- information about visits to the site, domains and subdomains

- IP address;

- Cookies data;

- FULL NAME;

- phone number;

General/other
Automated collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use.
Prior to withdrawal of consent to data processing
Selection of Contractors under the service contract
Applicants
- FULL NAME;
- date of birth;
- information on education;
- information on work experience;
- residential address;
- contact phone number;
- e-mail address

General/other
Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use
Termination (early termination) of a service contract

Conclusion, execution, amendment and termination of the contract with contractors, where the Operator is a party to the contract.


Contractor (physical person);
Contractor's representative (physical person)


- FULL NAME;
- data of passport or other identity document;
- TIN;
- SNILS number;
- registration address;
- contact phone number;
- e-mail address;
- bank details

General/other
Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use

- Contract validity period

- Termination of the Operator's activity

Preparation and submission of statutory reports, including payment of statutory taxes and contributions

Counterparty (physical person);

Counterparty's representative (physical person)

- FULL NAME;
- data of passport or other identification document;
- SNILS number;
- TIN;
- registration address;
- contact phone number;
- e-mail address;
- date of birth


General/other
Automated collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use, distribution

- Contract period;
- 5 years upon expiration of the contract

Processing of appeals, complaints, requests, messages sent by the Operator and the Subject to each other.

Counterparty (physical person);
Counterparty's representative (physical person)
- FULL NAME;
- phone number;
- e-mail$
Telegram nickname$
- message text (if the message text contains personal data).
General
Automated collection, recording, systematization, accumulation, storage, clarification (update, modification), retrieval, use, dissemination
- Until withdrawal of consent to data processing;
- 5 years after the expiration of the agreement


4.2 The Operator's website uses cookies and visitor data from visitor statistics services (IP address; information from cookies, browser information, time of access to the site, address of the page where the advertising block is located, referrer (address of the previous page) and other data).
With the help of this data, information is collected about the visitors' actions on the Site in order to improve its content, improve the functionality of the Site and, as a result, to create quality content and services for visitors.
The subject of personal data can at any time change the settings of his browser so that all cookies are blocked or notification of their sending is carried out. At the same time, the data subject must understand that some of the Operator's functions and services will not work properly.

5. Storage and destruction of personal data

5. Storage and destruction of personal data
5.1 The Operator shall store personal data in a form that allows identification of the subject of personal data for no longer than required for the purposes of personal data processing, unless the period of personal data storage is established by federal law, contract or agreement.
5.2 Personal data of subjects may be received, further processed and transferred for storage both on paper and electronically.
5.3 Personal data recorded on hard copies shall be stored in locked cabinets or in locked rooms with limited access rights.
5.4 Personal data of subjects processed using automation tools for different purposes shall be stored in different folders.
5.5 It is not allowed to store and place documents containing personal data in open electronic catalogs (file exchangers) in the personal data information system.
5.6 Storage of personal data in a form that allows to identify the subject of personal data is not longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of necessity in their achievement.
5.7 In case of a request for deletion or withdrawal of consent to processing, or due to achievement of the purposes of personal data processing, the Operator undertakes to stop processing personal data and destroy personal data within a period not exceeding 10 calendar days from the date of withdrawal of consent or achievement of the purpose of personal data processing.
5.8 The term may be extended, but not more than for 5 working days in case of sending a motivated notice indicating the reasons for extension.
5.9. Personal data is destroyed by erasing it from the database, formatting the media or by mechanically damaging hard disks.
If personal data was processed in a non-automated way, it can be destroyed by burning, crushing (shredding), chemical decomposition.
The procedure for documenting the destruction of personal data is determined by the operator independently. To destroy personal data, a special commission is usually convened and, based on the results of its activities, an act on the destruction of personal data is drawn up.
5.10. Destruction of personal data is performed in case of:

• provision by the user of information confirming that personal data are illegally obtained or are not necessary for the stated purpose of processing - within 7 working days from the date of submission of such information (part 1 of Article 14, part 3 of Article 20 of the Law No. 152-FZ);
• detection of unlawful processing of personal data - within 10 working days (part 3 of article 21 of the Law N 152-FZ);
• revocation of personal data by the User - within 30 days (part 5, Article 21, paragraph 5 of the Law N 152-FZ;
• achievement of the purpose of personal data processing - within 30 days (part 4, Article 21, paragraph 4 of the Law N 152-FZ);
• expiration of the period of storage of personal data - within 30 days (part 4 of Article 21, paragraph 4 of the Law N 152-FZ).

6. Personal data protection

6.1 The personal data protection system complies with the requirements of the Resolution of the Government of the Russian Federation No. 1119 dated November 1, 2012 "On Approval of the Requirements for Personal Data Protection during Processing in Personal Data Information Systems". In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPS) consisting of legal, organizational and technical protection subsystems.
6.2 The legal protection subsystem is a set of legal, organizational, administrative and regulatory documents ensuring the creation, operation and improvement of the SPPS.
6.3 The organizational protection subsystem includes the organization of the NWPA management structure, permitting system, information protection when working with employees, partners and third parties.
6.4 The technical protection subsystem includes a set of technical, software, hardware and software means ensuring the protection of personal data.
6.5 The main personal data protection measures used by the Operator are:
6.5.1 Appointment of the person responsible for personal data processing, who organizes personal data processing, training and instruction.
6.5.2 Determination of actual threats to personal data security during their processing in the information system of personal data and development of measures and activities for personal data protection.
6.5.3 Developing a policy on personal data processing.
6.5.4 Establishing the rules of access to personal data, as well as ensuring the registration and accounting of all actions performed with personal data.
6.5.5 Establishing individual passwords for employees' access to the information system in accordance with their duties.
6.5.6 The use of information protection means that have passed the conformity assessment procedure in accordance with the established procedure.
6.5.7 Certified anti-virus software with regularly updated databases. 6.5.8.
6.5.8 Observance of conditions ensuring safety of personal data and excluding unauthorized access to them.
6.5.9. Detection of facts of unauthorized access to personal data and taking measures.
6.5.10. Restoration of personal data modified or destroyed due to unauthorized access to it.
6.5.11. Training of the Operator's employees directly involved in personal data processing on the provisions of the Russian legislation on personal data, including personal data protection requirements, documents defining the Operator's policy on personal data processing, local acts on personal data processing.
6.5.12. Internal control and audit.

7. Basic rights of the personal data subject and obligations of the Operator

7.1 The subject of personal data has the right:
- to receive personal data relating to the subject and information concerning their processing;
- to clarify, block or destroy his/her personal data if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
- to withdraw his/her consent to the processing of personal data;
- to protect his/her rights and legitimate interests, including compensation of losses and moral damages in court;
- to appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.
7.2 In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request personally or with the help of a representative to the Operator's e-mail address: Tulazemlya@inbox.ru. The request must contain the information specified in part 3 of Article 14 of the Federal Law "On Personal Data".
7.3 The request shall contain:
- number of the main identity document of the personal data subject or his/her representative, information about the date of issue of the said document and the issuing authority;
- information confirming the personal data subject's participation in relations with the Operator (contract number, date of contract conclusion, conventional word designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
- signature of the personal data subject or his/her representative.
7.4 The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the appeal (request) of the personal data subject does not reflect all necessary information in accordance with the requirements of the Law on personal data or the subject does not have access rights to the requested information, a reasoned refusal shall be sent to him/her.
7.5 The right of a personal data subject to access his/her personal data may be restricted in accordance with part 8 of Article 14 of the Personal Data Law, including if the personal data subject's access to his/her personal data violates the rights and legitimate interests of third parties.
7.6 In case inaccurate personal data is revealed upon application of the personal data subject or his/her representative or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such application or receipt of the said request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
7.7 If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information submitted by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, shall clarify the personal data within seven working days from the date of submission of such information and lift the blocking of personal data.
7.8 In case of detection of unlawful processing of personal data upon application (request) of a personal data subject or his/her representative or Roskomnadzor, the Operator shall block unlawfully processed personal data related to this personal data subject from the moment of such application or request.

8. Liability of the Parties

8.1 The Operator, who fails to fulfill its obligations, is liable for losses incurred by the User due to unauthorized use of personal data in accordance with the legislation of the Russian Federation.
8.2 In case of leakage of personal data of the subject of personal data, the Operator is obliged to notify the relevant state authorities about the leakage of personal data and the results of the investigation of this leakage, within the terms stipulated by the current legislation of the Russian Federation.

9. Final provisions

9.1 The Operator has the right to amend this Policy without the consent of the subjects of personal data.
9.2 The new Policy comes into force from the moment of its posting on the Website, unless otherwise provided for by the new version of the Policy on Processing and Protection of Personal Data.

10. Operator's requisites

Individual Entrepreneur Pokrovskaya Julia Viktorovna
TIN: 710704694590
OGRNIP: 308715408700132
Current account:
40802810100960000759
Bank name: PAO BANK "BANK URALSIB"
BIK: 044525787
Corr. account: 30101810100000000787
Email: Tulazemlya@inbox.ru