1. General Provisions
Privacy and data protection policy is drawn in accordance with Federal Law of July 27, 2006 No. 152-ФЗ "On Personal Data" (hereafter referred to as the Personal Data Law
) and determines the procedure for personal data processing and actions to ensure security of personal data collected by Mallenom Systems LLC (hereafter referred as the Operator
1.1. For conducting its business activities, the Operator sets as its most important goal and condition to obey the human and civil rights and freedoms when processing the personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The presented policy regarding the processing of personal data (hereafter referred as the Policy
) applies to all information that the Operator can collect about visitors of https://eyecont.ru
website. 2. General terms used in the Policy
2.1. Automatic processing of personal data – is a processing of personal data by the means of computational equipment.
2.2. Blocking of personal data – is a temporal suspension of personal data processing (with exception for the cases when personal data processing is needed for updating the personal data).
2.3. Website – is a set of graphical and informational materials, and software and subroutines for computer and databases, ensuring their availability on the Internet at https://eyecont.ru
2.4. Personal data informational system – is a set of the personal data stored in the database, and informational technologies and technical means for the personal data processing.
2.5. Personal data sanitisation – are actions as a result of which it is impossible to determine without the use of additional information the ownership of personal data to a specific User or other subject of personal data.
2.6. Personal data processing – are any actions (operations) and set of actions (operations) performed with or without the use of automation tools for personal data; including collection, recording, systematisation, aggregation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator – is a state body, a municipal body, a legal entity or an individual that organises and (or) processes personal data independently or with other third party; as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.
2.8. Personal data – is any information related directly or indirectly to a specific and defined User of https://eyecont.ru
2.9. Personal data permitted by the subject of personal data for distribution – is the personal data, access of an unlimited number of people to which is provided by the subject of personal data by giving consent for the processing of personal data permitted by a subject of personal data for distribution in the manner specified by the Privacy and Data Protection Policy (hereafter referred to as the Personal Data Allowed for Distribution
2.10. User – is any visitor of https://eyecont.ru
2.11. Provision of personal data – are the actions aimed for disclosing of personal data to a certain person or a certain group of people.
2.12. Distribution of personal data – are any actions aimed for disclosing of personal data to indefinite group of people (transfer of personal data) or for inspection of the personal data of unlimited number of people, including disclosure of personal data in the media, making it available through information and telecommunication networks, or providing access to personal data in any other way.
2.13. Cross-boarder transfer of personal data – is the transfer of personal data on the territory of a foreign state to the authority of a foreign state, foreign individual or foreign legal entity.
2.14. Destruction of personal data – are any actions as a result of which the personal data is destroyed without possibility for the recovery of the personal data contents from the personal data information system; and (or) destruction of the stored physical copies of personal data. 3. Rights and responsibilities of the Operator
3.1. The Operator has the right to:
- receive reliable information and (or) documents containing personal data from the subject of personal data;
- continue processing of personal data if the subject of personal data withdraws consent to the processing of personal data when there are grounds specified in the Personal Data Law;
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfilment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other Federal laws.
3.2. The Operator must:
- provide the subject of the personal data with information regarding the processing of personal data upon request;
- organise processing of the personal data in accordance with the current legislation of the Russian Federation.
- respond to requests and inquiries from the subjects of personal data and their legal representatives in accordance with the Personal Data Law;
- report the requested information to the authority for the personal protection of the personal data subject's rights within 30 days after receipt of initial request from the authority;
- publish or provide through other means an unrestricted access to this Policy for the processing of personal data;
- take legal, organisational and technical measures to protect the personal data from unauthorised or accidental access, destruction, alteration, blocking, copying, distribution, and other illegal actions in relation to the personal data.
- stop the transfer (distribution, provision, access) of personal data, stop processing of personal data and destroy the personal data in the manner and cases provided by the Personal Data Law.
- fulfil other obligations in accordance with the Personal Data Law. 4. General rules and responsibilities of subjects of personal data
4.1. Subjects of personal data have the right to:
- receive information regarding processing of the personal data, with exception for the cases stated by Federal Law. The information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data related to the other subjects of personal data, unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Personal Data Law;
- request from the Operator to clarify the personal data, to block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for stated purpose of processing, as well as to take measures in accordance to the law for protecting personal rights;
- advance a condition of prior consent for personal data processing to promote the goods, work and services on the market;
- withdraw the consent for the processing of personal data;
- appeal to the authority for the protection of rights of the subject of personal data, or appeal in court against illegal actions or inactions of the Operator when processing the personal data;
- execute other rights in accordance with legislation of Russian Federation.
4.2. Subject of the personal data must:
- provide the Operator with reliable personal data;
- inform the Operator about clarification (update, change) of own personal data;
4.3. People who have provided the Operator with invalid information about themselves, or provided the Operator with information about third-party subject without proper consent from the latter are held responsible in accordance with the legislation of the Russian Federation. 5. The Operator can process the following personal data of the User
5.1. First Name, Middle Name and Last Name.
5.2. Email address.
5.3. Phone number.
5.4. Also, the site collects and processes anonymized visitors' data (including "Cookies") using Internet statistics services (Yandex Metrica, Google Analytics and others).
5.5. The above data hereafter in the text of the Policy is united under general concept of the Personal Data.
5.6. The processing of special categories of personal data concerning race, nationality, political views, religious and philosophical beliefs, intimate life is not being carried out by the Operator.
5.7. Processing of the personal data permitted for distribution from special categories of personal data specified in Part 1 of Article 10 of the Personal Data Law is allowed if the prohibitions and conditions stated in Article 10.1 of the Personal Data Law are followed.
5.8. The User's consent for the processing of personal data permitted for distribution is drawn up separately from other consents for the processing of the personal data. In this case the conditions follow Article 10.1 of the Personal Data Law. The requirements for such consent are established by the authority for protection of rights of the subject of personal data.
5.8.1. The User provides the Operator a consent for the processing of personal data permitted for distribution directly.
5.8.2. The Operator must publish information on the processing conditions, on the existence of prohibitions and conditions for the processing of personal data by unlimited number of people allowed for distribution no later than 3 working days from the moment of receipt of specialised consent from the User.
5.8.3. The transfer (distribution, provision, access) of personal data permitted by the subject of personal data for distribution must be stopped at any time at a request of the subject of personal data. This requirement includes (if any) First Name, Middle Name, Last Name, contact information (phone number, email address or postal address) of the subject of personal data, as well as list of personal data the processing of which must be terminated. The personal data specified in this requirement can be processed only by the Operator to whom it is sent.
5.8.4. Consent for the processing of personal data permitted for the distribution is not valid from the moment the Operator receives request specified in 5.8.3. of this Policy in relation to the processing of personal data. 6. Principles of the personal data processing
6.1. The processing of personal data is carried out on legal and fair basis.
6.2. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes for collecting personal data is not allowed.
6.3. It is not allowed to combine the databases containing personal data the processing of which is carried out for the purposes incompatible with each other.
6.4. Only personal data that meets purposes of their processing is subject of the processing.
6.5. The content and volume of the processed personal data correspond to the stated purposes of the processing. The redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed.
6.6. When processing the personal data, the accuracy, sufficiency and, if necessary, the relevance in relation to the purposes of the personal data processing are ensured. The Operator takes the necessary measures and/or ensures their acceptance to delete or clarify incomplete or inaccurate data.
6.7. The personal data storage is carried out in a form that makes it possible to determine the subject of personal data, for the period that is no longer than it is required for the purpose of the personal data processing – if the period of personal data storage is not specified by the Federal Law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is destroyed or sanitised when the processing goal is achieved, or in the case of loss of the need to achieve these goals, unless otherwise stated by the Federal Law. 7. Purposes for personal data processing
7.1. Purpose for processing of the User's personal data:
- informing the User by sending emails;
- clarifying details of the project, providing the User with effective technical support in case of any issues related to the use of the Website.
7.2. The operator also has the right to send the User notifications about new products and services, special offers and various events. The User can always refuse to receive informational messages by sending the Operator an email to the following address: "firstname.lastname@example.org
" with the following subject line: "Refusal to receive notifications about new products and services and special offers".
7.3. Anonymised data about the Users collected by using Internet statistics services are used to collect information about the actions of Users on the Website, improve the quality of the Website and its content. 8. Legal grounds for the processing of personal data
8.1. The legal grounds for the processing of personal data by the Operator are:
- Federal Law "On Information, Information Technologies and Protection of Information" of July 27, 2006 No. 149-ФЗ.
- Federal Laws, other legislations and regulations regarding personal data protection;
- consent from the Users for the processing of their personal data, for the processing of the personal data permitted for distribution.
8.2. The Operator processes the User's personal data only if it is provided and/or submitted to the User using special forms located on https://eyecont.ru
website or send to the Operator via an email. By filling out the corresponding forms and/or sending the personal data to the Operator, the User agrees with this Policy.
8.4. The subject of personal data independently decides to provide own personal data and gives consent freely, of his own free will and in his interest. 9. Terms for the personal data processing
9.1. The processing of personal data is performed with consent for processing of personal data from the subject of personal data.
9.2. The processing of personal data is necessary for achieving goals that are in line with international treaty and law of the Russian Federation; for meeting the requirements by the Operator for the duties, commissions and responsibilities imposed by the legislation of the Russian Federation.
9.3. The processing of personal data is necessary for admission of justice, execution of judicial act, act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings.
9.4 The processing of the personal data is necessary for fulfilment of agreement, to which the subject of personal data is a party or beneficiary or guarantor, as well as for concluding an agreement initiated by the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor.
9.5. The processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data.
9.6. The processing of personal data is carried out by unlimited number of people with granted access or with the access provided by the subject of personal data at the subject's request (hereafter referred to as the Publicly Available Personal Data).
9.7. The processing of personal data is carried out subject to publication or mandatory disclosure in accordance with Federal Law. 10. Procedure for collection, storage, transfer and other types of personal data processing
Security of the personal data processed by the Operator is ensured through implementation of legal, organisational and technical measures to fully comply with the requirements of the acting legislation for personal data protection.
10.1. The Operator ensures safety of personal data and takes all possible measures to exclude access to personal data of unauthorised individuals.
10.2. The User's personal data will never, under any circumstances, be transferred to third parties, with exception to cases related to the implementation of the current legislation, or if the subject of personal data has given the consent to the Operator to transfer the data to a third party to fulfil obligations under a civil contract.
10.3. In the event of finding inaccuracies in the personal data, the User can update it independently by sending a message to the following Operator's email address "email@example.com
" with the following subject line "Personal data update".
10.4. The period for processing of personal data is determined by the achievement of purpose for which the personal data was collected, unless another period is stated by the contract or current legislation. The User can revoke his consent for processing of personal data at any time by sending the Operator an email to the following address "firstname.lastname@example.org
" with the following subject line "Withdrawal of consent for processing of personal data".
10.6. Restrictions identified by the subject of personal data for the transfer (except for providing access) and for the processing or conditions for personal data processing (except for gaining access), allowed for distribution do not apply in the cases if personal data is being processed for state, public and other social interests determined by the legislation of the Russian Federation.
10.7. When processing the personal data, the Operator ensures the confidentiality of personal data.
10.8. The operator stores the personal data in a form that makes it possible to determine the subject of personal data only for the period that is required for the purpose of personal data processing, unless the storage period for personal data is specified by the Federal Law, a contract to which the subject of personal data is a party, beneficiary or guarantor.
10.9. Condition for terminating the processing of personal data can be an achievement of the purposes for the personal data processing, expiration of consent from the subject of personal data, or withdrawal of consent by the subject of personal data, as well as the identification of illegal processing of personal data. 11. The list of actions perform by the Operator for the received personal data
11.1. The operator collects, records, systemises, aggregates, stores, clarifies (updates, modifies), extracts, uses, transfers (distributes, provides, accesses), depersonalises, blocks, deletes and destroys personal data.
11.2. The Operator carries out automated processing of personal data with the receipt and/or transmission of the received information using information and telecommunication networks or without their use. 12. Cross-border transfer of personal data
12.1. Before beginning the cross-border transfer of personal data, the Operator must make sure that the foreign state,
to which territory the transfer of personal data will be performed, provides reliable protection of the rights of personal data subjects.
12.2. Cross-border transfer of personal data on the territory of foreign states that do not meet the above requirements can be carried out only with the written consent from the subject of personal data for the cross-border transfer of the personal data and/or fulfilment of agreement by the subject of personal data. 13 Confidentiality of personal data
The Operator and other third-parties who have received access to the personal data must not disclose and distribute the personal data without consent from the subject of personal data unless otherwise stated by the Federal Law. 14. The final clauses
14.1. The User can receive any clarifications regarding questions for the processing of personal data by contacting the Operator using the following email address "email@example.com
14.2. This document will reflect any changes in the personal data processing policy by the Operator. The Policy is valid indefinitely until it is replaced by a new version.
14.3. The current version of the Policy is openly available on the Internet at the following link: /privacy_policy