Policy regarding the processing of personal data

1. General Provisions

This personal data processing policy has been drawn up in accordance with the requirements of the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) and determines the procedure for processing personal data and measures to ensure the security of personal data taken by Dmitriy K. Ignatiev (hereinafter referred to as the Operator).
1.1. The operator sets as its most important goal and condition for the implementation of its activities observance of the rights and freedoms of man and citizen in the processing of his personal data, including protecting the rights to privacy, personal and family secret.
1.2. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator can receive about website visitors https://thumber.ru.

2. Basic concepts used in the Policy

2.1. Automated processing of personal data - processing of personal data using computer technology.
2.2. Blocking of personal data - suspension of processing personal data (unless the processing is necessary to clarify personal data).
2.3. Website - a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet via a network https://thumber.ru.
2.4. Information system of personal data - a set of data contained in databases of personal data, and information technologies providing their processing and technical means.
2.5. Depersonalization of personal data - actions, as a result of which cannot be determined without additional information personal data to a specific User or other subject of personal data.
2.6. Processing of personal data - any action (operation) or aggregate actions (operations) performed with the use of automation tools or without use of such means with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator - a state body, municipal body, legal or an individual who, independently or jointly with other persons, organizes and (or) processing personal data, as well as determining the purposes of processing personal data, composition of personal data to be processed, actions (operations), committed with personal data.
2.8. Personal data - any information relating directly or indirectly to to a specific or identifiable Website User https://thumber.ru.
2.9. Personal data authorized by the subject of personal data for distribution, - personal data, access of an unlimited circle of persons to which provided by the subject of personal data by giving consent to the processing of personal data authorized by the subject of personal data for dissemination in the manner provided for by the Law on Personal Data (hereinafter referred to as personal data permitted for distribution).
2.10. User - any visitor to the website https://thumber.ru.
2.11. Providing personal data - actions aimed at disclosure personal data to a certain person or a certain circle of persons.
2.12. Dissemination of personal data - any action aimed at disclosure of personal data to an indefinite circle of persons (transfer of personal data) or to familiarize with the personal data of an unlimited number of persons, including the disclosure personal data in the media, placement in information and telecommunication networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign natural or foreign legal entity.
2.14. Destruction of personal data - any action that results in personal data is destroyed irretrievably with the impossibility of further recovery the content of personal data in the personal data information system and (or) material carriers of personal data are destroyed.

3. Basic rights and obligations of the Operator

3.1. The operator has the right:
– receive reliable information from the subject of personal data and/or documents containing personal data;
– in case the personal data subject revokes consent to processing personal data The operator has the right to continue processing personal data without the consent of subject of personal data if there are grounds specified in the Law on Personal Data data;
– independently determine the composition and list of measures necessary and sufficient for ensuring the fulfillment of the obligations provided for by the Law on Personal Data and normative legal acts adopted in accordance with it, unless otherwise provided Personal Data Act or other federal laws.
3.2. Operator must:
- provide the subject of personal data, at his request, with information, concerning the processing of his personal data;
– organize the processing of personal data in the manner prescribed the current legislation of the Russian Federation;
– respond to requests and requests from personal data subjects and their legitimate representatives in accordance with the requirements of the Personal Data Law;
– report to the authorized body for the protection of the rights of personal data subjects at the request of this authority, the necessary information within 30 days from the date of receipt of such request;
- publish or otherwise provide unrestricted access to this Policy regarding the processing of personal data;
– take legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, providing, distributing personal data, as well as from other illegal actions in relation to personal data;
– stop the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and in cases provided for by the Personal Data Law;
– perform other duties stipulated by the Personal Data Law.

4. Basic rights and obligations of personal data subjects

4.1. Subjects of personal data have the right:
– receive information regarding the processing of his personal data, for except as otherwise provided by federal law. Information provided to the subject of personal data by the Operator in an accessible form, and they should not contain personal data relating to other subjects of personal data, with the exception of where there are legitimate grounds for disclosing such personal data. Scroll information and the procedure for obtaining it is established by the Law on Personal Data;
– require the operator to clarify his personal data, block them or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and take legal measures to protect their rights;
– put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market;
– to withdraw consent to the processing of personal data;
– appeal to the authorized body for the protection of the rights of personal data subjects or in a judicial proceeding, illegal actions or omissions of the Operator in processing it personal data;
- to exercise other rights provided for by the legislation of the Russian Federation.
4.2. Subjects of personal data are obliged to:
– provide the Operator with reliable data about yourself;
– inform the Operator about the clarification (update, change) of their personal data.
4.3. Persons who provided the Operator with false information about themselves or information about another subject of personal data without the consent of the latter, are liable in in accordance with the legislation of the Russian Federation.

5. The Operator may process the following personal data of the User

5.1. Last name, first name, patronymic.
5.2. Email address.
5.3. The site also collects and processes anonymous data about visitors (including cookies) using Internet statistics services (Yandex Metrika and Google Analytics and others).
5.4. The above data further in the text of the Policy are united by the general concept Personal data.
5.5. Processing of special categories of personal data relating to racial, nationality, political opinions, religious or philosophical beliefs, intimate life, the Operator is not carried out.
5.6. Processing of personal data permitted for dissemination, from among special categories of personal data specified in Part 1 of Art. 10 of the Law on Personal data is allowed if the prohibitions and conditions provided for in Art. 10.1 of the Law on personal data.
5.7. Consent of the User to the processing of personal data authorized for distribution, is issued separately from other consents to the processing of his personal data. At the same time, the conditions provided for, in particular, Art. 10.1 of the Law on personal data. Requirements for the content of such consent are established by the authorized body for the protection of the rights of subjects of personal data.
5.7.1 Consent to the processing of personal data authorized for distribution, the User provides the Operator directly.
5.7.2 The operator is obliged, no later than three working days from the date of receipt the specified consent of the User to publish information on the conditions of processing, on the availability prohibitions and conditions on the processing by an unlimited circle of persons of personal data permitted for distribution.
5.7.3 Transfer (distribution, provision, access) of personal data, permitted by the subject of personal data for distribution, must be terminated in any time at the request of the subject of personal data. This requirement should include surname, name, patronymic (if any), contact information (phone number, address e-mail or postal address) of the subject of personal data, as well as a list personal data, the processing of which is subject to termination. Specified in this requirement personal data can only be processed by the Operator to whom it is sent.
5.7.4 Consent to the processing of personal data authorized for distribution, ceases to be valid from the moment the Operator receives a request, specified in clause 5.7.3 of this Policy regarding the processing of personal data.

6. Principles of personal data processing

6.1. The processing of personal data is carried out on a lawful and fair basis basis.
6.2. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. It is not allowed to process personal data, incompatible with the purposes of collecting personal data.
6.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
6.4. Only personal data that meet the purposes of their processing are subject to processing. processing.
6.5. The content and scope of the processed personal data correspond to stated purposes of processing. Redundancy of processed personal data is not allowed in relation to the stated purposes of their processing.
6.6. When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the goals processing of personal data. The operator takes the necessary measures and / or provides them acceptance to delete or clarify incomplete or inaccurate data.
6.7. The storage of personal data is carried out in a form that allows you to determine subject of personal data, no longer than required by the purposes of processing personal data data, if the period of storage of personal data is not established by federal law, contract, the party to which, the beneficiary or the guarantor of which is the subject personal data. The processed personal data is destroyed or depersonalized by achievement of the purposes of processing or in the event of a loss of the need to achieve these purposes, if otherwise provided by federal law.

7. Purposes of personal data processing

7.1. The purpose of processing the User's personal data:
– informing the User by sending emails;
– conclusion, execution and termination of civil law contracts;
– granting access to the User to services, information and/or materials contained on the website https://thumber.ru.
7.2. The Operator also has the right to send notifications to the User about new products and services, special offers and various events. User always may refuse to receive informational messages by sending a letter to the Operator at e-mail [email protected] marked "Opt out of notifications about new products and services and special offers."
7.3. Non-personal data of Users collected using the services Internet statistics are used to collect information about the actions of Users on the site, improve the quality of the site and its content.

8. Legal grounds for the processing of personal data

8.1. The legal grounds for the processing of personal data by the Operator are:
list the legal acts regulating relations related to with your activities, for example, if your activities are related to information technologies, in particular with the creation of websites, then here you can specify the Federal Law "On information, information technologies and information protection" dated 07/27/2006 N 149-FZ;
– statutory documents of the Operator;
– agreements concluded between the operator and the subject of personal data;
– federal laws, other legal acts in the field of protection of personal data;
– consent of the Users to the processing of their personal data, to the processing personal data permitted for distribution.
8.2. The Operator processes the User's personal data only if they are filling and / or sending by the User independently through special forms, located on the site https://thumber.ru or sent to the Operator by e-mail. Filling out the relevant forms and / or by sending his personal data to the Operator, the User expresses his consent to this Policy.
8.3. The Operator processes anonymized data about the User if it is allowed in the User's browser settings (enabled the saving of "cookies" and use of JavaScript technology).
8.4. The subject of personal data independently decides on providing his personal data and gives consent freely, by his will and in his interest.

9. Conditions for the processing of personal data

9.1. The processing of personal data is carried out with the consent of the subject personal data for the processing of his personal data.
9.2. The processing of personal data is necessary to achieve the goals, provided for by an international treaty of the Russian Federation or by law, for the implementation assigned by the legislation of the Russian Federation to the operator of functions, powers and responsibilities.
9.3. The processing of personal data is necessary for the administration of justice, execution of a judicial act, act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
9.4. The processing of personal data is necessary for the performance of the contract by the party which either the beneficiary or the guarantor for which is the subject of personal data, as well as to conclude an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor.
9.5. The processing of personal data is necessary for the exercise of rights and legal interests of the operator or third parties or to achieve socially significant goals when provided that the rights and freedoms of the subject of personal data are not violated.
9.6. Processing of personal data, unlimited access persons to whom it is provided by the subject of personal data or at his request (hereinafter - publicly available personal data).
9.7. Processing of personal data subject to publication or mandatory disclosure under federal law.

10. The procedure for collecting, storing, transferring and other types of processing of personal data

Security of personal data processed by the Operator, is ensured through the implementation of legal, organizational and technical measures necessary for full compliance with the requirements of the current legislation in the field of protection personal data.
10.1. The operator ensures the safety of personal data and accepts all possible measures to prevent access to personal data by unauthorized persons.
10.2. The User's personal data will never, under any circumstances, be transferred to third parties, with the exception of cases related to the execution of the current legislation or if the subject of personal data has given consent to the Operator to the transfer of data to a third party for the fulfillment of obligations under civil law contract.
10.3. In case of detection of inaccuracies in personal data, the User may update them independently by sending a notification to the Operator at the address Operator's e-mail [email protected] marked "Updating personal data".
10.4. The term for processing personal data is determined by the achievement of the goals, for which personal data were collected, unless a different period is provided by the contract or current legislation.
The user can revoke his consent at any time to the processing of personal data by sending a notification to the Operator via electronic mail to the Operator's email address [email protected] marked "Review consent to the processing of personal data".
10.5. All information collected by third party services, including payment systems, means of communication and other service providers, is stored and processed by the specified persons (Operators) in accordance with their User agreement and Privacy Policy. Subject of personal data and/or User is obliged to independently familiarize themselves with these documents in a timely manner. The operator does not responsibility for the actions of third parties, including those specified in this clause service providers.
10.6. Prohibitions on transfer established by the subject of personal data (except granting access), as well as the processing or conditions of processing (other than receiving access) personal data permitted for dissemination do not apply in cases processing of personal data in the state, public and other public interests, determined by the legislation of the Russian Federation.
10.7. The operator ensures confidentiality when processing personal data personal data.
10.8. The operator stores personal data in a form that allows determine the subject of personal data, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law, agreement, a party to which, a beneficiary or a guarantor under which is the subject of personal data.
10.9. The condition for terminating the processing of personal data may be achievement of the purposes of processing personal data, expiration of the consent of the subject personal data or withdrawal of consent by the subject of personal data, as well as identifying unlawful processing of personal data.

11. List of actions performed by the Operator with the received personal data

11.1. The operator collects, records, systematizes, accumulates, stores, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.
11.2. The operator carries out automated processing of personal data with receiving and/or transmitting the received information via information and telecommunication networks or without it.

12. Cross-border transfer of personal data

12.1. The operator prior to the start of the cross-border transfer of personal data is obliged to make sure that the foreign state into whose territory it is supposed to carry out the transfer of personal data, reliable protection is provided rights of personal data subjects.
12.2. Cross-border transfer of personal data in the territory of foreign states that do not meet the above requirements can be carried out only in the case of availability of written consent of the subject of personal data for cross-border transfer his personal data and/or performance of the contract to which the subject is a party personal data.

13. Privacy Policy

The operator and other persons who have access to personal data are obliged not to disclose to third parties and not distribute personal data without the consent of the subject personal data, unless otherwise provided by federal law.

14. Final Provisions

14.1. The user can get any clarifications on issues of interest, regarding the processing of his personal data, by contacting the Operator via electronic [email protected].
14.2. This document will reflect any changes to the processing policy personal data by the Operator. The policy is valid indefinitely until it is replaced by a new version.
14.3. The current version of the Policy is freely available on the Internet at /en/privacy.