PERSONAL DATA PROCESSING POLICY
1.2. This Policy applies to all information that the Operator may receive about visitors to the website https://yboom.ru.
2.2. Blocking of Personal Data – the temporary cessation of personal data processing (except where processing is required to clarify personal data).
2.3. Website – a collection of graphic and informational materials, as well as software and databases, ensuring their availability on the internet at the network address https://yboom.ru.
2.4. Personal Data Information System – a set of personal data contained in databases, along with information technologies and technical tools that make it possible to process such data.
2.5. Depersonalization of Personal Data – actions whereby it becomes impossible to determine, without additional information, that personal data is associated with a specific User or other subject of personal data.
2.6. Processing of Personal Data – any action (operation) or set of actions (operations) performed with or without the use of automated means with personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator – a state body, municipal body, legal or natural person that, independently or jointly with others, organizes and/or carries out the processing of personal data, and determines the purposes of personal data processing, the scope of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal Data – any information relating directly or indirectly to an identified or identifiable User of the website https://yboom.ru.
2.9. Personal Data Allowed by the Personal Data Subject for Distribution – personal data to which an unlimited number of persons have access, provided directly by the subject of personal data through consent for the processing of personal data intended for distribution, in accordance with the Personal Data Law (hereinafter, “personal data allowed for distribution”).
2.10. User – any visitor to the website https://yboom.ru.
2.11. Provision of Personal Data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of Personal Data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited group of persons, including publication in mass media, posting on information and telecommunications networks, or providing access to personal data in any other way.
2.13. Cross-Border Transfer of Personal Data – transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign natural person, or a foreign legal entity.
2.14. Destruction of Personal Data – any actions that cause personal data to be irreversibly destroyed, making it impossible to restore the personal data content in the personal data information system, and/or result in the destruction of physical media on which personal data is stored.
5.2. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Personal data processing that is incompatible with the purposes of collecting personal data is not permitted.
5.3. The merger of databases containing personal data that are processed for purposes incompatible with each other is not permitted.
5.4. Only personal data that meet the processing objectives shall be processed.
5.5. The content and scope of the personal data being processed shall be consistent with the stated purposes of the processing. The processing of redundant personal data in relation to the stated purposes is not permitted.
5.6. When processing personal data, the accuracy of the personal data, its sufficiency, and, if necessary, relevance with respect to the purposes of personal data processing must be ensured. The Operator shall take necessary measures and/or ensure that such measures are taken to delete or clarify incomplete or inaccurate data.
5.7. Personal data shall be stored in a form that allows identification of the personal data subject no longer than required by the purpose of the personal data processing, unless a longer storage period is required by federal law, or by a contract to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data shall be destroyed or depersonalized upon achieving the purposes of processing or if there is no further need to achieve these purposes, unless otherwise provided by federal law.
7.2. Personal data processing is necessary to achieve purposes provided for by an international treaty of the Russian Federation or by law, for the Operator to fulfill functions, powers, and obligations imposed by Russian law.
7.3. Personal data processing is necessary for the administration of justice, the execution of a court ruling, or the ruling of another authority or official, enforceable under Russian law on enforcement proceedings.
7.4. Personal data processing is necessary for the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for entering into a contract on the personal data subject’s initiative or a contract under which the personal data subject will be a beneficiary or guarantor.
7.5. Personal data processing is necessary for the Operator or third parties to exercise their rights or legitimate interests or for socially significant purposes, provided this does not violate the rights and freedoms of the personal data subject.
7.6. The processing involves personal data that has been made publicly accessible by the personal data subject or at their request (hereinafter, “publicly accessible personal data”).
7.7. The processing involves personal data that must be published or disclosed in accordance with federal law.
8.1. The Operator ensures the safekeeping of personal data and takes all possible measures to prevent unauthorized persons from gaining access to personal data.
8.2. The User’s personal data will never be disclosed to third parties under any circumstances, except as required by applicable law or if the personal data subject has given the Operator consent to transfer the data to a third party for the performance of obligations under a civil law contract.
8.3. If any inaccuracies in personal data are detected, the User may update the data independently by sending a notification to the Operator at the Operator’s email address: beefit.russia@gmail.com, with the subject line “Updating Personal Data.”
8.4. The period of personal data processing is determined by the time required to achieve the purposes for which the personal data was collected, unless otherwise specified by a contract or applicable law. The User may, at any time, withdraw his/her consent to the processing of personal data by sending a notification to the Operator via email at beefit.russia@gmail.com with the subject line “Withdrawal of Consent to Personal Data Processing.”
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by those parties (Operators) in accordance with their User Agreement and Privacy Policy. The personal data subject must review these documents on their own. The Operator is not responsible for the actions of third parties, including service providers mentioned in this paragraph.
8.6. Any restrictions imposed by the personal data subject on the transfer (other than granting access), as well as on the processing or conditions of processing (other than allowing access) of personal data intended for distribution, do not apply if personal data is processed in the interests of the state, society, or other public interests as defined by Russian law.
8.7. When processing personal data, the Operator ensures the confidentiality of personal data.
8.8. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than is required by the purposes of personal data processing, unless a longer storage period is prescribed by federal law or by a contract to which the personal data subject is a party, beneficiary, or guarantor.
8.9. Personal data processing may be terminated upon the achievement of the personal data processing objectives, upon the expiration of the personal data subject’s consent, upon withdrawal of consent by the personal data subject, upon a request to cease processing personal data, or upon discovery of unlawful personal data processing.
9.2. The Operator carries out automated processing of personal data with the receipt and/or transmission of the resulting information via information and telecommunications networks or without such networks.
10.2. Before submitting the above-mentioned notice, the Operator must obtain the relevant information from the foreign government authorities, foreign individuals, and foreign legal entities to whom it intends to transfer personal data.
12.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.
- General Provisions
- This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is drafted in accordance with the requirements of Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 (hereinafter, the “Personal Data Law”) and establishes the procedure for processing personal data and measures to ensure the security of personal data implemented by Sole Proprietor (ИП) Artem Vladimirovich Pchelnikov (hereinafter, the “Operator”).
1.2. This Policy applies to all information that the Operator may receive about visitors to the website https://yboom.ru.
- Basic Terms Used in the Policy
2.2. Blocking of Personal Data – the temporary cessation of personal data processing (except where processing is required to clarify personal data).
2.3. Website – a collection of graphic and informational materials, as well as software and databases, ensuring their availability on the internet at the network address https://yboom.ru.
2.4. Personal Data Information System – a set of personal data contained in databases, along with information technologies and technical tools that make it possible to process such data.
2.5. Depersonalization of Personal Data – actions whereby it becomes impossible to determine, without additional information, that personal data is associated with a specific User or other subject of personal data.
2.6. Processing of Personal Data – any action (operation) or set of actions (operations) performed with or without the use of automated means with personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator – a state body, municipal body, legal or natural person that, independently or jointly with others, organizes and/or carries out the processing of personal data, and determines the purposes of personal data processing, the scope of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal Data – any information relating directly or indirectly to an identified or identifiable User of the website https://yboom.ru.
2.9. Personal Data Allowed by the Personal Data Subject for Distribution – personal data to which an unlimited number of persons have access, provided directly by the subject of personal data through consent for the processing of personal data intended for distribution, in accordance with the Personal Data Law (hereinafter, “personal data allowed for distribution”).
2.10. User – any visitor to the website https://yboom.ru.
2.11. Provision of Personal Data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of Personal Data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited group of persons, including publication in mass media, posting on information and telecommunications networks, or providing access to personal data in any other way.
2.13. Cross-Border Transfer of Personal Data – transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign natural person, or a foreign legal entity.
2.14. Destruction of Personal Data – any actions that cause personal data to be irreversibly destroyed, making it impossible to restore the personal data content in the personal data information system, and/or result in the destruction of physical media on which personal data is stored.
- Operator’s Primary Rights and Obligations
- Receive from the subject of personal data reliable information and/or documents containing personal data;
- Continue processing personal data without the subject’s consent if the subject withdraws consent to personal data processing or submits a request to terminate personal data processing, provided there are grounds for such processing set forth in the Personal Data Law;
- Independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations established by the Personal Data Law and relevant regulations, unless otherwise provided by the Personal Data Law or other federal laws.
- Provide the subject of personal data, upon his/her request, with information regarding the processing of his/her personal data;
- Organize the processing of personal data in accordance with the requirements of current Russian legislation;
- Respond to requests and inquiries from personal data subjects and their lawful representatives as required by the Personal Data Law;
- Provide the authorized body for the protection of the rights of personal data subjects with any necessary information within 10 days from the date of receiving a request from such body;
- Publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
- Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions;
- Cease transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and in cases prescribed by the Personal Data Law;
- Fulfill other obligations stipulated by the Personal Data Law.
- Rights and Obligations of Personal Data Subjects
- Receive information regarding the processing of their personal data, except in cases specified by federal laws. Such information shall be provided in an accessible form, and shall not include personal data relating to other personal data subjects unless there is a lawful basis for disclosing such data. The list of such information and the procedure for obtaining it are established by the Personal Data Law;
- Request that the Operator clarify (update or modify) their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, obtained unlawfully, or is not necessary for the stated purpose of processing. They may also take legal steps to protect their rights;
- Require prior consent to the processing of personal data for the purposes of marketing goods, works, or services;
- Withdraw consent to personal data processing and submit a request to terminate personal data processing;
- File a complaint with the authorized body for the protection of personal data subjects’ rights or seek judicial remedy for unlawful actions or omissions of the Operator in the processing of his/her personal data;
- Exercise other rights provided for under the laws of the Russian Federation.
- Provide the Operator with accurate personal data about themselves;
- Inform the Operator of any clarifications (updates, changes) to their personal data.
- Principles of Personal Data Processing
5.2. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Personal data processing that is incompatible with the purposes of collecting personal data is not permitted.
5.3. The merger of databases containing personal data that are processed for purposes incompatible with each other is not permitted.
5.4. Only personal data that meet the processing objectives shall be processed.
5.5. The content and scope of the personal data being processed shall be consistent with the stated purposes of the processing. The processing of redundant personal data in relation to the stated purposes is not permitted.
5.6. When processing personal data, the accuracy of the personal data, its sufficiency, and, if necessary, relevance with respect to the purposes of personal data processing must be ensured. The Operator shall take necessary measures and/or ensure that such measures are taken to delete or clarify incomplete or inaccurate data.
5.7. Personal data shall be stored in a form that allows identification of the personal data subject no longer than required by the purpose of the personal data processing, unless a longer storage period is required by federal law, or by a contract to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data shall be destroyed or depersonalized upon achieving the purposes of processing or if there is no further need to achieve these purposes, unless otherwise provided by federal law.
- Purposes of Personal Data Processing
Purpose of Processing | Personal Data | Legal Grounds | Types of Processing |
Providing the User with access to services, information, and/or materials on the website | Surname, first name, patronymic (if any) Email address Telephone number(s) | Charter/founding documents of the Operator | Collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data |
- Conditions for Personal Data Processing
7.2. Personal data processing is necessary to achieve purposes provided for by an international treaty of the Russian Federation or by law, for the Operator to fulfill functions, powers, and obligations imposed by Russian law.
7.3. Personal data processing is necessary for the administration of justice, the execution of a court ruling, or the ruling of another authority or official, enforceable under Russian law on enforcement proceedings.
7.4. Personal data processing is necessary for the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for entering into a contract on the personal data subject’s initiative or a contract under which the personal data subject will be a beneficiary or guarantor.
7.5. Personal data processing is necessary for the Operator or third parties to exercise their rights or legitimate interests or for socially significant purposes, provided this does not violate the rights and freedoms of the personal data subject.
7.6. The processing involves personal data that has been made publicly accessible by the personal data subject or at their request (hereinafter, “publicly accessible personal data”).
7.7. The processing involves personal data that must be published or disclosed in accordance with federal law.
- Procedure for Collecting, Storing, Transferring, and Other Types of Processing Personal Data
8.1. The Operator ensures the safekeeping of personal data and takes all possible measures to prevent unauthorized persons from gaining access to personal data.
8.2. The User’s personal data will never be disclosed to third parties under any circumstances, except as required by applicable law or if the personal data subject has given the Operator consent to transfer the data to a third party for the performance of obligations under a civil law contract.
8.3. If any inaccuracies in personal data are detected, the User may update the data independently by sending a notification to the Operator at the Operator’s email address: beefit.russia@gmail.com, with the subject line “Updating Personal Data.”
8.4. The period of personal data processing is determined by the time required to achieve the purposes for which the personal data was collected, unless otherwise specified by a contract or applicable law. The User may, at any time, withdraw his/her consent to the processing of personal data by sending a notification to the Operator via email at beefit.russia@gmail.com with the subject line “Withdrawal of Consent to Personal Data Processing.”
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by those parties (Operators) in accordance with their User Agreement and Privacy Policy. The personal data subject must review these documents on their own. The Operator is not responsible for the actions of third parties, including service providers mentioned in this paragraph.
8.6. Any restrictions imposed by the personal data subject on the transfer (other than granting access), as well as on the processing or conditions of processing (other than allowing access) of personal data intended for distribution, do not apply if personal data is processed in the interests of the state, society, or other public interests as defined by Russian law.
8.7. When processing personal data, the Operator ensures the confidentiality of personal data.
8.8. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than is required by the purposes of personal data processing, unless a longer storage period is prescribed by federal law or by a contract to which the personal data subject is a party, beneficiary, or guarantor.
8.9. Personal data processing may be terminated upon the achievement of the personal data processing objectives, upon the expiration of the personal data subject’s consent, upon withdrawal of consent by the personal data subject, upon a request to cease processing personal data, or upon discovery of unlawful personal data processing.
- List of Actions Carried Out by the Operator with Collected Personal Data
9.2. The Operator carries out automated processing of personal data with the receipt and/or transmission of the resulting information via information and telecommunications networks or without such networks.
- Cross-Border Transfer of Personal Data
10.2. Before submitting the above-mentioned notice, the Operator must obtain the relevant information from the foreign government authorities, foreign individuals, and foreign legal entities to whom it intends to transfer personal data.
- Confidentiality of Personal Data
- Final Provisions
12.2. Any changes to the Operator’s personal data processing policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is available online at https://beefit22.ru/konfidencialnost_eng.