Personal Data Processing Policy
Published on the Website on April 20, 2018
This Personal Data Processing Policy (hereinafter "the Policy") defines the general principles and procedure for personal data processing and measures to ensure their security in Individual Entrepreneur A.A. Andreyeva.
TERMS AND DEFINITIONS
The following terms shall have the meanings given below:
a) The Data are other data about the User (not included in the definition of Personal Data).
b) The Legislation is the current legislation of the Russian Federation.
c) The Personal Data Processing is any action (operation) or a combination of actions (operations) carried out with Personal Data with or without automation tools including acquisition, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (including transfer to third parties), depersonalization, blocking, deletion, or destruction of Personal Data.
d) The Operator is Individual Entrepreneur A.A. Andreyeva (TIN / KPP: 237303851368), which independently or together with other persons organizes and (or) carries out personal data processing, as well as determines the goals of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data.
e) The Personal Data are any information relating directly or indirectly to a specific or defined individual (User).
f) The User is a person who entered into a contractual relationship with the Operator.
g) The Website is the website located on the Internet at https://en.artlife-fest.com/
h) The Special Categories of Personal Data are Personal Data related to race, ethnical identity, political views, religious or philosophical beliefs, health condition or private life.
i) The Personal Data Owner is an individual who is the User to whom Personal Data are related.
1. GENERAL PROVISIONS
1.1. This Personal Data Processing Policy is developed in accordance with the provisions of Federal Law No. 152-FZ On Personal Data of July 27, 2006 (as amended and supplemented) and other laws and regulations and defines the procedure of handling the Users' Personal Data and (or) the Personal Data transmitted by the Users and requirements for ensuring the Data security.
1.2. Measures aimed to ensure security of personal data shall be an integral part of the Operator's activities.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of Personal Data (Data) by the Operator is carried out in accordance with the following principles:
2.1.1. Legitimacy and fair basis of Personal Data (Data) Processing. The Operator shall take all necessary measures to meet the Legislation requirements, shall not process Personal Data in cases where it is not permitted by the Legislation, and shall not use Personal Data to the detriment of the User.
2.1.2. Processing only those Personal Data (Data) that meet the previously announced processing goals. Compliance of the content and volume of the Personal Data being processed with the stated processing goals. Prevention of Personal Data processing incompatible with the goals of Personal Data acquisition, as well as excessive in relation to the stated processing goals.
The Operator shall process Personal Data solely for the purpose of fulfilling contractual obligations with respect to the User.
2.1.3. Ensuring accuracy, sufficiency and relevance of Personal Data (Data) in relation to the goals of processing Personal Data (Data). The Operator shall take all reasonable measures to maintain the relevance of the processed Personal Data, including but not limited to the exercise of the right of each Personal Data Owner to receive its Personal Data for review and to require that the Operator clarify, block or destroy them if the Personal Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the processing goals stated above.
2.1.4. Storage of Personal Data (Data) in the form that allows to identify the Personal Data (Data) User and no longer than required by the goals of Personal Data processing, unless the Personal Data storage period is determined by federal legislation or an agreement, which the Personal Data User is a party or a beneficiary to.
2.1.5. Inadmissibility of consolidating the databases of Personal Data Information Systems (Data) created for incompatible goals.
3. TERMS AND CONDITIONS OF PERSONAL DATA PROCESSING
3.1. Personal Data Processing by the Operator shall be allowed in the following cases:
3.1.1. If the User agrees to the processing of his Personal Data.
3.1.2. When the Owner's Personal Data are transmitted by the User in cases provided for in the User agreement. The User guarantees that he has previously received consent from the Personal Data Owner to transfer the data to the Operator.
3.1.3. Personal Data are subject to publication or mandatory disclosure in accordance with the Legislation.
3.1.4. The Operator shall not disclose to third parties or disseminate Personal Data without the User's consent unless otherwise provided by Legislation.
3.1.5. The Operator shall not process Personal Data of special categories related to race, ethnical identity, political views, religious or philosophical beliefs, health condition or private life of the Personal Data Owner or to his membership in public associations, except for cases expressly provided for by the Legislation.
3.1.6. The Operator shall not carry out cross-border transfer of the Users' Personal Data, except for cases expressly provided for by the Legislation.
3.1.7. The Operator shall not make decisions that entail legal consequences with respect to the User or otherwise affect the rights and legitimate interests of the Users, based solely on automated processing of Personal Data. Data with legal implications or affecting the rights and legitimate interests of Users shall be verified by authorized employees of the Operator before use.
4. ACQUISITION AND PROCESSING OF PERSONAL DATA AND OTHER DATA
4.1. The Operator shall collect and store only those Personal Data that are necessary for interaction with the User. Personal Data acquisition can be carried out both through the Website and at social and professional events.
4.2. The list of Personal Data of the User (individual), whose processing requires consent:
a) Full name
b) Telephone number
c) IP address
d) E-mail address.
4.3. Personal Data may be used for the following purposes:
4.3.1. Provision of services to the User.
4.3.2. User Identification.
4.3.3. Interaction with the User.
4.3.4. Sending of advertising materials, information and inquiries to the User through postal notifications.
4.3.5. Conducting statistical and other research including User satisfaction surveys.
4.4. The Operator undertakes to use Personal Data in accordance with Federal Law No. 152-FZ On Personal Data of July 27, 2006 and the Operator's internal documents.
4.5. The User Personal Data or other Data shall be confidential except when these data are publicly available.
4.6. The Operator shall have the right to keep an archive copy of Personal Data and other Data.
4.7. The Operator shall have the right to transfer the User Personal Data or other Data to the following persons without the User's consent:
4.7.1. Government bodies including bodies of inquiry and investigation and local government bodies at their motivated request.
4.7.2. The Operator's partners in order to fulfill contractual obligations with respect to the User.
4.7.3. In other cases expressly stipulated by the current legislation of the Russian Federation.
4.8. The Operator shall have the right to transfer Personal Data and other Data to third parties not specified in Section 4.6 of this Policy in the following cases:
4.8.1. The User has given his consent to such actions.
4.8.2. The transfer is necessary as part of the Website use by the User or as part of the provision of services to the User.
4.9. The Operator carries out automated processing of Personal Data and other Data.
4.10. The User confirms that the data of third parties are entered into the System with prior consent of such third parties.
5. MODIFICATION OF PERSONAL DATA
5.3. The User may at any time modify (update, supplement) Personal Data by sending a written notification to the Operator.
5.4. The User shall at any time have the right to delete Personal Data by using the 'Unsubscribe from the Newsletter' link.
6. CONFIDENTIALITY OF PERSONAL DATA
6.3. The Operator shall ensure confidentiality of the Personal Data processed by the Operator in the manner stipulated by the Legislation. Confidentiality is not required with respect to:
6.3.1. Personal Data after their anonymization.
6.3.2. Personal Data, access to which is provided to an unlimited number of persons by the User or at the User's request (hereinafter "Personal data made publicly available by the User").
6.3.3. Personal Data subject to publication or mandatory disclosure in accordance with the Legislation.
7. USER CONSENT TO PERSONAL DATA PROCESSING
7.1. The User shall decide whether to provide his Personal Data to the Operator and agree to the processing of his Personal Data freely, by his will and in his interest. Consent to Personal Data processing shall be specific, informed and conscious and be provided by the User at the time of his registration on the Operator's Website, as well as be in any form that allows to confirm the fact of its receipt, unless otherwise provided by the Legislation.
7.2. The Personal Data of persons who entered into contractual obligations with the Operator, contained in the unified state registers of legal entities and individual entrepreneurs, are open and public, with the exception of information on the number, date of issue and the authority that issued the identity document of an individual. Confidentiality and consent to processing of such Personal Data are not required.
8. RIGHTS OF PERSONAL DATA OWNERS
8.1. The User shall have the right to receive information regarding processing of his Personal Data. The User shall have the right to require the Operator to update his Personal Data, block or destroy them if the Personal Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as the right to take measures to protect his rights prescribed by law.
8.2. If the User considers that the Operator is processing his Personal Data in violation of the Legislation or otherwise violates the User's rights and freedoms, the User shall have the right to appeal the actions or inaction of the Operator to the authorized body responsible for protection of rights of Personal Data Owners or in court.
8.3. The User shall have the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court.
9. THIRD PARTY PERSONAL DATA USE BY USERS
9.1. When using the Website, the User shall have the right to enter data of third parties for subsequent use.
9.2. The User undertakes to obtain prior consent of the Personal Data Owner for use of his Personal Data on the Website.
9.3. The Operator undertakes to take appropriate measures to ensure security of third party Personal Data entered by the User.
10. OTHER PROVISIONS
10.1. This Policy and relations between the User and the Operator arising out of this Policy application shall be governed by the Law of the Russian Federation.
10.2. Any disputes shall be settled in accordance with the Legislation in the Operator's jurisdiction.
Before appealing to court, the User shall follow the mandatory pre-trial procedure and send an appropriate written claim to the Operator. The claim turnaround time is 30 (thirty) business days.
10.3. If for some reason one or more provisions of the Policy are declared invalid or having no legal force, it shall not affect the validity or applicability of the remaining provisions of the Privacy Policy.
10.4. The Operator shall have the right to modify this Policy (in whole or in part) unilaterally without prior approval of the User at any time. All changes shall take effect on the day following the day of publication of such changes on the Website.
10.5. The User undertakes to track changes to the Privacy Policy independently by reviewing its current version.
This Personal Data Processing Policy (hereinafter "the Policy") defines the general principles and procedure for personal data processing and measures to ensure their security in Individual Entrepreneur A.A. Andreyeva.
TERMS AND DEFINITIONS
The following terms shall have the meanings given below:
a) The Data are other data about the User (not included in the definition of Personal Data).
b) The Legislation is the current legislation of the Russian Federation.
c) The Personal Data Processing is any action (operation) or a combination of actions (operations) carried out with Personal Data with or without automation tools including acquisition, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (including transfer to third parties), depersonalization, blocking, deletion, or destruction of Personal Data.
d) The Operator is Individual Entrepreneur A.A. Andreyeva (TIN / KPP: 237303851368), which independently or together with other persons organizes and (or) carries out personal data processing, as well as determines the goals of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data.
e) The Personal Data are any information relating directly or indirectly to a specific or defined individual (User).
f) The User is a person who entered into a contractual relationship with the Operator.
g) The Website is the website located on the Internet at https://en.artlife-fest.com/
h) The Special Categories of Personal Data are Personal Data related to race, ethnical identity, political views, religious or philosophical beliefs, health condition or private life.
i) The Personal Data Owner is an individual who is the User to whom Personal Data are related.
1. GENERAL PROVISIONS
1.1. This Personal Data Processing Policy is developed in accordance with the provisions of Federal Law No. 152-FZ On Personal Data of July 27, 2006 (as amended and supplemented) and other laws and regulations and defines the procedure of handling the Users' Personal Data and (or) the Personal Data transmitted by the Users and requirements for ensuring the Data security.
1.2. Measures aimed to ensure security of personal data shall be an integral part of the Operator's activities.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of Personal Data (Data) by the Operator is carried out in accordance with the following principles:
2.1.1. Legitimacy and fair basis of Personal Data (Data) Processing. The Operator shall take all necessary measures to meet the Legislation requirements, shall not process Personal Data in cases where it is not permitted by the Legislation, and shall not use Personal Data to the detriment of the User.
2.1.2. Processing only those Personal Data (Data) that meet the previously announced processing goals. Compliance of the content and volume of the Personal Data being processed with the stated processing goals. Prevention of Personal Data processing incompatible with the goals of Personal Data acquisition, as well as excessive in relation to the stated processing goals.
The Operator shall process Personal Data solely for the purpose of fulfilling contractual obligations with respect to the User.
2.1.3. Ensuring accuracy, sufficiency and relevance of Personal Data (Data) in relation to the goals of processing Personal Data (Data). The Operator shall take all reasonable measures to maintain the relevance of the processed Personal Data, including but not limited to the exercise of the right of each Personal Data Owner to receive its Personal Data for review and to require that the Operator clarify, block or destroy them if the Personal Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the processing goals stated above.
2.1.4. Storage of Personal Data (Data) in the form that allows to identify the Personal Data (Data) User and no longer than required by the goals of Personal Data processing, unless the Personal Data storage period is determined by federal legislation or an agreement, which the Personal Data User is a party or a beneficiary to.
2.1.5. Inadmissibility of consolidating the databases of Personal Data Information Systems (Data) created for incompatible goals.
3. TERMS AND CONDITIONS OF PERSONAL DATA PROCESSING
3.1. Personal Data Processing by the Operator shall be allowed in the following cases:
3.1.1. If the User agrees to the processing of his Personal Data.
3.1.2. When the Owner's Personal Data are transmitted by the User in cases provided for in the User agreement. The User guarantees that he has previously received consent from the Personal Data Owner to transfer the data to the Operator.
3.1.3. Personal Data are subject to publication or mandatory disclosure in accordance with the Legislation.
3.1.4. The Operator shall not disclose to third parties or disseminate Personal Data without the User's consent unless otherwise provided by Legislation.
3.1.5. The Operator shall not process Personal Data of special categories related to race, ethnical identity, political views, religious or philosophical beliefs, health condition or private life of the Personal Data Owner or to his membership in public associations, except for cases expressly provided for by the Legislation.
3.1.6. The Operator shall not carry out cross-border transfer of the Users' Personal Data, except for cases expressly provided for by the Legislation.
3.1.7. The Operator shall not make decisions that entail legal consequences with respect to the User or otherwise affect the rights and legitimate interests of the Users, based solely on automated processing of Personal Data. Data with legal implications or affecting the rights and legitimate interests of Users shall be verified by authorized employees of the Operator before use.
4. ACQUISITION AND PROCESSING OF PERSONAL DATA AND OTHER DATA
4.1. The Operator shall collect and store only those Personal Data that are necessary for interaction with the User. Personal Data acquisition can be carried out both through the Website and at social and professional events.
4.2. The list of Personal Data of the User (individual), whose processing requires consent:
a) Full name
b) Telephone number
c) IP address
d) E-mail address.
4.3. Personal Data may be used for the following purposes:
4.3.1. Provision of services to the User.
4.3.2. User Identification.
4.3.3. Interaction with the User.
4.3.4. Sending of advertising materials, information and inquiries to the User through postal notifications.
4.3.5. Conducting statistical and other research including User satisfaction surveys.
4.4. The Operator undertakes to use Personal Data in accordance with Federal Law No. 152-FZ On Personal Data of July 27, 2006 and the Operator's internal documents.
4.5. The User Personal Data or other Data shall be confidential except when these data are publicly available.
4.6. The Operator shall have the right to keep an archive copy of Personal Data and other Data.
4.7. The Operator shall have the right to transfer the User Personal Data or other Data to the following persons without the User's consent:
4.7.1. Government bodies including bodies of inquiry and investigation and local government bodies at their motivated request.
4.7.2. The Operator's partners in order to fulfill contractual obligations with respect to the User.
4.7.3. In other cases expressly stipulated by the current legislation of the Russian Federation.
4.8. The Operator shall have the right to transfer Personal Data and other Data to third parties not specified in Section 4.6 of this Policy in the following cases:
4.8.1. The User has given his consent to such actions.
4.8.2. The transfer is necessary as part of the Website use by the User or as part of the provision of services to the User.
4.9. The Operator carries out automated processing of Personal Data and other Data.
4.10. The User confirms that the data of third parties are entered into the System with prior consent of such third parties.
5. MODIFICATION OF PERSONAL DATA
5.3. The User may at any time modify (update, supplement) Personal Data by sending a written notification to the Operator.
5.4. The User shall at any time have the right to delete Personal Data by using the 'Unsubscribe from the Newsletter' link.
6. CONFIDENTIALITY OF PERSONAL DATA
6.3. The Operator shall ensure confidentiality of the Personal Data processed by the Operator in the manner stipulated by the Legislation. Confidentiality is not required with respect to:
6.3.1. Personal Data after their anonymization.
6.3.2. Personal Data, access to which is provided to an unlimited number of persons by the User or at the User's request (hereinafter "Personal data made publicly available by the User").
6.3.3. Personal Data subject to publication or mandatory disclosure in accordance with the Legislation.
7. USER CONSENT TO PERSONAL DATA PROCESSING
7.1. The User shall decide whether to provide his Personal Data to the Operator and agree to the processing of his Personal Data freely, by his will and in his interest. Consent to Personal Data processing shall be specific, informed and conscious and be provided by the User at the time of his registration on the Operator's Website, as well as be in any form that allows to confirm the fact of its receipt, unless otherwise provided by the Legislation.
7.2. The Personal Data of persons who entered into contractual obligations with the Operator, contained in the unified state registers of legal entities and individual entrepreneurs, are open and public, with the exception of information on the number, date of issue and the authority that issued the identity document of an individual. Confidentiality and consent to processing of such Personal Data are not required.
8. RIGHTS OF PERSONAL DATA OWNERS
8.1. The User shall have the right to receive information regarding processing of his Personal Data. The User shall have the right to require the Operator to update his Personal Data, block or destroy them if the Personal Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as the right to take measures to protect his rights prescribed by law.
8.2. If the User considers that the Operator is processing his Personal Data in violation of the Legislation or otherwise violates the User's rights and freedoms, the User shall have the right to appeal the actions or inaction of the Operator to the authorized body responsible for protection of rights of Personal Data Owners or in court.
8.3. The User shall have the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court.
9. THIRD PARTY PERSONAL DATA USE BY USERS
9.1. When using the Website, the User shall have the right to enter data of third parties for subsequent use.
9.2. The User undertakes to obtain prior consent of the Personal Data Owner for use of his Personal Data on the Website.
9.3. The Operator undertakes to take appropriate measures to ensure security of third party Personal Data entered by the User.
10. OTHER PROVISIONS
10.1. This Policy and relations between the User and the Operator arising out of this Policy application shall be governed by the Law of the Russian Federation.
10.2. Any disputes shall be settled in accordance with the Legislation in the Operator's jurisdiction.
Before appealing to court, the User shall follow the mandatory pre-trial procedure and send an appropriate written claim to the Operator. The claim turnaround time is 30 (thirty) business days.
10.3. If for some reason one or more provisions of the Policy are declared invalid or having no legal force, it shall not affect the validity or applicability of the remaining provisions of the Privacy Policy.
10.4. The Operator shall have the right to modify this Policy (in whole or in part) unilaterally without prior approval of the User at any time. All changes shall take effect on the day following the day of publication of such changes on the Website.
10.5. The User undertakes to track changes to the Privacy Policy independently by reviewing its current version.