1. Terms and Definitions
1.1. Automated processing of personal data — processing of personal data using computer equipment.
1.2. Blocking of personal data — temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
1.3. Use of personal data — actions (operations) with personal data performed by the Operator for the purpose of making decisions or performing other actions that generate legal consequences in relation to the personal data subject or other persons, or otherwise affect the rights and freedoms of the personal data subject or other persons.
1.4. Depersonalization of personal data — actions as a result of which it becomes impossible, without the use of additional information, to determine the affiliation of personal data to a specific personal data subject.
1.5. Processing of personal data — any action or set of actions performed using automation tools or without the use of such tools with personal data, including: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.6. Personal Data Operator (operator) — CJSC “Carbo-ZAKK”, which carries out the processing of personal data, and also determines the purposes of processing personal data, the composition of personal data subject to processing, and the actions (operations) performed with personal data.
1.7. Personal data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject).
1.8. Platform — software used by the Operator, representing a set of interconnected web services and modules that constitute a unified space for providing services on the Internet.
1.9. Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons.
1.10. Distribution of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.
1.11. Website — a set of information, texts, graphic elements, design, images, photo and video materials and other results of intellectual activity, as well as computer programs contained in an information system ensuring the availability of such information on the Internet at the network address (including subdomains):
● https://carbo-zakk.ru
1.12. Personal Data Subject (PDS) — an individual to whom the personal data processed by the Operator belongs.
1.13. Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which material carriers of personal data are destroyed.
1.14. Cookie files — data that are automatically transmitted to the Operator during the use of the Website using software installed on the PDS device, including: IP address, geographic location, information about the browser and type of operating system of the PDS device, technical characteristics of equipment and software used by the PDS, date and time of access to the Website.
1.15. User — an individual who has visited and uses the Website.
2. General Provisions
2.1. This Personal Data Processing Policy (hereinafter — the Policy) has been developed in accordance with the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law dated July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection”, Federal Law dated December 29, 2012 No. 273-FZ “On Education in the Russian Federation”, Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter — the “Personal Data Law”) and regulatory legal acts of the Russian Federation adopted in accordance with them.
2.2. The Policy applies to all personal data processed by the Operator.
2.3. Concepts related to the processing of personal data are used in the meaning in which they are provided in Article 3 of the “Personal Data Law”, unless otherwise directly follows from the text of the Policy.
2.4. The purpose of developing this Policy is to determine the procedure for collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data processed by the Operator.
2.5. In fulfillment of the requirements of Part 2 of Article 18.1 of the Personal Data Law, this Policy is published in free access in the information and telecommunication network Internet on the Operator’s Website and in the Operator’s office at the address: 652523, Kemerovo Region–Kuzbass, Leninsk-Kuznetsky, Topkinskaya Street, 182.
2.6. In case of disagreement with the terms of the Policy, the PDS must immediately cease any use of the Website or transfer of personal data to the Operator in any other way, and also send the Operator a corresponding request to terminate the processing of his/her personal data previously transferred to the Operator.
2.7. This Policy:
● establishes the rules for processing by the Operator of personal data provided by clients, who, including, use the website and its individual services to receive services from the Operator, by employees of the Operator, its counterparties, as well as persons applying for vacant positions with the Operator;
● determines the purposes, legal grounds, procedure, and scope of the processed personal data;
● contains information about the implemented requirements for the protection of processed personal data;
● determines the procedure for interaction with personal data subjects upon receipt of requests from them.
3. Rights and Obligations of the Personal Data Operator
3.1. The Operator is obliged to:
3.2. Provide the personal data subject, within ten working days from the date of receipt of the request of the personal data subject, with the information provided for in clause 4.1.1 of the Policy. The period specified in this clause may be extended, but not more than by five working days, if the Operator sends to the personal data subject a reasoned notification indicating the reasons for extending the period for providing the requested information.
3.3. Take measures necessary and sufficient to ensure fulfillment of the Operator’s obligations предусмотренные by the “Personal Data Law”.
3.4. Take necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
3.5. Provide free of charge to the personal data subject or his/her representative the opportunity to ознакомиться with personal data relating to this personal data subject.
3.6. Within a period not exceeding seven working days from the date the personal data subject or his/her representative provides information confirming that the personal data are incomplete, inaccurate or outdated, the Operator is obliged to make the necessary changes to them.
3.6.1. Within a period not exceeding seven working days from the date the personal data subject or his/her representative provides information confirming that such personal data were unlawfully obtained or are not necessary for the declared purpose of processing, the Operator is obliged to destroy such personal data.
3.6.2. Notify the personal data subject or his/her representative of the changes made and measures taken and take reasonable measures to notify third parties to whom the personal data of this subject were transferred.
3.6.3. In case of detection of unlawful processing of personal data upon the request of the personal data subject or his/her representative, or at the request of the personal data subject or his/her representative, or of the authorized body for the protection of the rights of personal data subjects, the Operator is obliged to block unlawfully processed personal data relating to this personal data subject or ensure their blocking.
3.6.4. In case the personal data subject withdraws consent to the processing of his/her personal data, the Operator is obliged to cease their processing or ensure cessation of such processing.
3.6.5. Processing of personal data for the purpose of promoting goods, works, services on the market by means of direct contacts with a potential consumer using communication means is carried out by the Operator only subject to prior consent of the personal data subject.
3.6.6. In case personal data of the subject are received not from such subject, the Operator is obliged, except for cases established by the legislation of the Russian Federation, before the start of processing such personal data, to provide the personal data subject with the following information:
● name or surname, first name, patronymic and address of the Operator or his/her representative;
● purpose of processing of personal data and its legal basis;
● intended users of personal data;
● rights of the personal data subject established by this Federal Law;
● source of obtaining personal data.
3.6.7. The Operator also has other obligations предусмотренные by the current legislation of the Russian Federation.
3.7. The Operator has the right to carry out collection, processing, distribution of personal data of subjects within the limits specified in the consent of the PDS to such collection, processing, distribution.
3.8. The Operator is obliged to draw up a special act on destruction of personal data in cases of destruction of material carriers containing personal data, as well as in cases of destruction of personal data processed using automation tools, accompanied by unloading from the event log in the personal data information system.
3.9. The Operator is obliged to assess the degree of harm that may be caused to personal data subjects and draw up a corresponding act.
3.10. The Operator performs other obligations provided for by the legislation of the Russian Federation.
4. Rights and Obligations of the Personal Data Subject
4.1. The personal data subject has the right to:
4.1.1. Receive information concerning the processing of his/her personal data, including containing:
● confirmation of the fact of processing of personal data by the Operator;
● legal grounds and purposes of processing of personal data;
● purposes and methods of processing of personal data used by the Operator;
● name and location of the Operator, information about persons (except employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
● processed personal data relating to the relevant personal data subject, source of their receipt, unless another procedure for providing such data is provided by federal law;
● periods of processing of personal data, including periods of their storage;
● procedure for exercising by the personal data subject of the rights provided for by this Federal Law;
● information about completed or proposed cross-border data transfer;
● name or surname, first name, patronymic and address of the person carrying out processing of personal data on behalf of the Operator, if processing is entrusted or will be entrusted to such person;
● other information provided for by the “Personal Data Law” or other federal laws.
4.1.2. Demand from the Operator clarification of his/her personal data, their blocking or destruction in case the personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the declared purpose of processing, as well as take measures provided by law to protect his/her rights.
4.1.3. If the personal data subject believes that the Operator processes his/her personal data in violation of the requirements of the law or otherwise violates his/her rights and freedoms, the personal data subject has the right to appeal the actions or inaction of the Operator to Roskomnadzor or in court.
4.1.4. The personal data subject also has other rights provided for by the current legislation of the Russian Federation.
4.2. The right of the personal data subject to access his/her personal data may be restricted in accordance with federal laws, including if:
● processing of personal data, including personal data obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
● processing of personal data is carried out by bodies that detained the personal data subject on suspicion of committing a crime, or charged the personal data subject in a criminal case, or applied to the personal data subject a preventive measure before filing charges, except in cases provided for by the criminal procedural legislation of the Russian Federation, if familiarization of the suspect or accused with such personal data is allowed;
● processing of personal data is carried out in accordance with legislation on counteracting legalization (laundering) of proceeds from crime and financing of terrorism;
● access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties;
● processing of personal data is carried out in cases provided for by the legislation of the Russian Federation on transport security, in order to ensure stable and safe functioning of the transport complex, protection of the interests of the individual, society and the state in the field of the transport complex from acts of unlawful interference.
5. Purposes of Processing Personal Data
5.1. Processing of personal data is limited to achieving specific, predetermined and lawful purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.
5.2. Only personal data that meet the purposes of their processing are subject to processing.
5.3. Processing of personal data by the Operator is carried out for the following purposes:
● ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
● carrying out activities in accordance with the internal local acts of the Operator;
● maintaining personnel records management; assisting employees in employment, obtaining education and career advancement, ensuring personal safety of employees, controlling the quantity and quality of work performed, ensuring safety of property; attracting and selecting candidates for employment with the Operator; organizing registration of employees in the system of mandatory pension insurance;
● maintaining accounting records; filling out and submitting required reporting forms to executive authorities and other authorized organizations;
● carrying out civil law relations;
● ensuring safety of life, health and property of the Operator, as well as personal data subjects located on the territory (in the premises) of the Operator or to whom the Operator provides services remotely;
● advertising services/goods of the Operator;
● identification of the user on the website, providing the User with the opportunity to fully use the website;
● sending website materials, advertising information to the user’s email, to the User’s phone number in messengers “WhatsApp”, “Viber”, “Telegram”, etc. (upon expression of consent thereto);
● sending notifications and information to the user related to the use of the website, provision of services, as well as processing user requests and applications;
● establishing and maintaining communication between the User and the Operator, consulting on issues of providing company services;
● concluding contracts and fulfilling obligations to the User under them (in particular, the User Agreement, service agreements, other agreements);
● providing the User with effective technical support in case of problems related to use of the website;
● posting on the website, in official social network groups and other communities of the company on the Internet, other advertising and information sources for purposes not related to identifying the User: video materials obtained in the process of providing services, reviews left by the User about services provided by CJSC “Carbo-ZAKK”;
● statistical and other research based on depersonalized information provided by the User;
● improving the quality of services provided by the Operator.
6. Consent of the Personal Data Subject to the Processing of Personal Data
6.1. The personal data subject accepts the terms of the Policy and gives the Operator specific, subject-based, informed, conscious and unambiguous consent to the processing of his/her personal data under the conditions provided for by the Policy and the Law:
6.2. The PDS gives consent to the processing and distribution of his/her personal data as follows:
● by filling out the appropriate form for interaction with the Operator located on the Operator’s website. The PDS is considered to have provided consent to the processing of his/her personal data by clicking the corresponding button or placing the appropriate mark in a special field;
● by filling out the Consent to the Processing of Personal Data and the Consent to the Distribution of Personal Data on paper forms issued by the Operator;
● by participating in photo and video filming conducted by the Operator on the premises of the Operator;
● upon any use of the Website — with respect to personal data that are automatically transmitted to the Operator during the use of the Website by means of software installed on the PDS device. The PDS is considered to have provided consent to the processing of his/her personal data at the moment of starting to use the Website.
6.3. The consent of the PDS to the processing of his/her personal data by the Operator is valid from the date of granting consent to their processing and for the period necessary to achieve the purposes of personal data processing.
6.4. The PDS has the right to withdraw consent to the processing of personal data in the form and manner provided for in this Policy.
7. Personal Data Provided to the Operator
7.1. The content and scope of processed personal data must correspond to the declared purposes of processing provided for in Section 5 of this Policy. The processed personal data must not be excessive in relation to the declared purposes of their processing.
7.2. The Operator may process personal data of the following categories of personal data subjects.
7.2.1. Candidates for employment with the Operator:
● surname, first name, patronymic;
● gender;
● citizenship;
● date and place of birth;
● contact details;
● information about education, work experience, qualifications;
● biometric personal data, including a photograph provided when the personal data subject submits a resume;
● other personal data communicated by candidates in resumes and cover letters.
7.2.2. Employees and former employees of the Operator:
● surname, first name, patronymic;
● gender;
● citizenship;
● date and place of birth;
● image (photograph);
● passport details;
● residential registration address;
● actual residence address;
● contact details;
● individual taxpayer identification number;
● insurance number of the individual personal account (SNILS);
● information about education, qualifications, professional training and advanced training;
● marital status, presence of children, family relationships;
● information about employment activity, including presence of incentives, awards and/or disciplinary sanctions;
● military registration information;
● information about alimony deductions;
● information about income from the previous place of work;
● video recordings with the image of the PDS created on the territory (in the premises) of the Operator;
● other personal data provided by employees in accordance with the requirements of labor legislation.
7.2.3. Family members of employees of the Operator:
● surname, first name, patronymic;
● degree of kinship;
● year of birth;
● other personal data provided by employees in accordance with the requirements of labor legislation.
7.2.4. Clients of the Operator (individuals who have concluded a civil law contract with the Operator):
● surname, first name, patronymic;
● residential registration address and actual residence address;
● telephone number (home, mobile);
● passport details;
● email address;
● photo and video recordings with the image of the PDS created on the territory (in the premises) of the Operator;
● other personal data provided by clients and counterparties necessary for the conclusion and execution of civil law contracts.
7.2.5. Students of the Operator (persons studying with the Operator under contracts concluded between the Operator and the client):
● surname, first name, patronymic;
● gender;
● age;
● date of birth;
● information about place of study and education (name of educational institution, school and class, academic results);
● passport details (if available);
● registration address;
● health information (in case relevant certificates are provided);
● place of work, position;
● results of training with the Operator;
● biometric data including results of photo and video filming conducted by the Operator, as well as video recordings made using video surveillance cameras installed on the territory (in the premises) of the Operator.
7.2.6. Counterparties of the Operator:
● surname, first name, patronymic;
● passport details;
● contact details;
● place of work, position;
● OGRNIP (if available);
● bank details;
● video recordings with the image of the PDS created on the territory (in the premises) of the Operator;
● other personal data provided by counterparties necessary for the conclusion and execution of contracts with the Operator.
7.2.7. Users of the Operator’s website:
● surname, first name, patronymic;
● contact telephone number;
● email address (e-mail);
● place of work, position (if necessary);
● other categories of personal data automatically transmitted to the Operator during use of the Website by means of software installed on the PDS device, including cookie files.
7.3. Processing by the Operator of biometric personal data (information characterizing physiological and biological features of a person on the basis of which his/her identity can be established) is carried out in accordance with the legislation of the Russian Federation.
7.4. The Operator does not process special categories of personal data relating to racial or ethnic origin, political views, religious or philosophical beliefs, intimate life, except in cases provided for by the legislation of the Russian Federation.
8. Legal Grounds for Processing Personal Data
8.1. Processing of personal data of personal data subjects is carried out on the following legal grounds:
● Constitution of the Russian Federation;
● Civil Code of the Russian Federation;
● Labor Code of the Russian Federation;
● Tax Code of the Russian Federation;
● Federal Law dated 06.12.2011 No. 402-FZ “On Accounting”;
● Federal Law dated 15.12.2001 No.
● Federal Law dated 15.12.2001 No. 167-FZ “On Mandatory Pension Insurance in the Russian Federation.”
● Federal Law dated 27.07.2006 No. 152-FZ “On Personal Data.”
● Federal Law dated July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection.”
● Federal Law dated 29.12.2012 No. 273-FZ “On Education in the Russian Federation.”
● Decree of the Government of the Russian Federation dated 15.09.2008 No. 687 “On Approval of the Regulation on the Specifics of Processing Personal Data Carried Out Without the Use of Automation Tools.”
● Decree of the Government of the Russian Federation dated 01.11.2012 No. 1119 “On Approval of Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems.”
● Order of the FSTEC of Russia dated 18.02.2013 No. 21 “On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems.”
● Other applicable regulatory legal acts.
● Agreements concluded between the Operator and the Personal Data Subject and/or his/her employer.
● Consent of the Personal Data Subject to the processing of personal data.
● Local regulatory acts of the Operator in the field of personal data processing.
9. Processing of Personal Data
9.1. Processing of personal data of the PDS is carried out by the Operator using databases located on the territory of the Russian Federation.
9.2. Personal data are processed using automated and non-automated systems.
9.3. Processing of personal data is carried out with the consent of personal data subjects to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.
9.4. Processing of personal data includes the following actions performed by the Operator: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
9.5. Processing of personal data is carried out by:
● obtaining personal data orally and in writing directly from personal data subjects;
● obtaining personal data from publicly available sources;
● entering personal data into journals, registers and information systems of the Operator;
● using other methods of processing personal data.
9.6. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is not permitted unless otherwise provided by federal law. Consent to the processing of personal data permitted by the personal data subject for distribution shall be executed separately from other consents of the personal data subject for processing his/her personal data.
9.7. Transfer of personal data to bodies of inquiry and investigation, to the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
9.8. Storage of personal data is carried out (depending on which event occurs earlier):
● until the moment of their destruction by the Operator: in case of receipt from the PDS of withdrawal of consent to the processing of personal data or a request for destruction of personal data;
● until the expiration of the consent validity period or achievement of the purposes of personal data processing.
9.9. Distribution of personal data may be carried out by the Operator exclusively in the following cases:
● for the purpose of fulfilling obligations under a contract concluded between the Operator and the personal data subject or his/her employer;
● for the purpose of posting photo and video materials obtained in the course of providing services by the Operator under a civil law contract in various information sources;
● for the purpose of advertising the Operator’s services.
9.10. The Operator has the right to transfer personal data to third parties in compliance with the requirements of the current legislation of the Russian Federation.
9.11. The list of permitted methods of processing personal data by a third party: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction. A third party is prohibited from carrying out transfer and distribution of personal data.
9.12. Destruction of personal data is carried out by the Operator in the following cases:
● receipt from the PDS of withdrawal of consent to the processing of personal data;
● receipt from the PDS of a request for destruction of personal data;
● expiration of the consent validity period;
● expiration of the storage period of personal data in accordance with agreements between the Operator and the PDS.
10. Use and Processing of Users’ Cookie Files
10.1. Cookie files are used on the Website and its subdomains. Cookie files are small text files that, after the User views fragments of the Website, are stored on his/her device and automatically transmitted to the Operator during use of the Website by means of software installed on the User’s device. Cookie files allow the use of the Website to be made more convenient and personalized for the User.
10.2. When visiting the Website, the Operator requests the User’s consent to the use of cookie files by displaying a pop-up notification about the collection and processing of cookie data with a link to the Policy and buttons for accepting the processing terms or closing the pop-up notification. Such notifications mean that when visiting and using the Website, information may be stored in the browser on the User’s device that allows further identification of the User or device, remembering the session, or saving certain settings and preferences specific to the Website. Such information, after being saved in the browser and until the expiration of the established validity period or deletion from the device, will be sent with each subsequent request to the Website on behalf of which they were saved.
10.3. Acceptance by the User of the conditions for processing cookie files or closing the pop-up notification in accordance with the Policy is regarded as consent to the processing of cookie data on the Website.
10.4. The Operator may use the following types of cookie files:
● mandatory cookie files are necessary to ensure proper functioning of the Website and auxiliary services. Such cookie files allow determination of hardware and software of the User’s device and detection of errors in Website operation. This category of cookie files cannot be disabled;
● analytical cookie files are necessary to collect information about how the User uses the Website (for example, information about the User’s web browser). Such cookie files allow improvement of quality and consumer properties of the Website; improvement of navigation on the Website to make it more convenient for the User, as well as correction of technical errors as they arise and ensuring Website security;
● marketing cookie files are necessary to collect information about the User’s search preferences — pages visited, interests and actions of the User on various websites. These cookie files may also be used to limit the number of advertisements shown and unique offers for the User, and to assess the effectiveness of advertising campaigns conducted by LLC “Business Partner OT”.
10.5. Cookie files may contain technical information transmitted by the User’s device, including: User identifier; identifier of equipment and installed modules; IP address; MAC address; information about equipment, device (type of equipment; information about linking equipment to software; technical configuration of the device; information about the operating system; amount of device memory and free space; information about battery performance; information about the location (country, city) of the User’s device); information about software (software version; software identifier; usage parameters (including temporary); statistics of software function usage; date and time of last update); data on incoming/outgoing connection speed; information about errors occurring in software/software components (type and kind of error; time of occurrence; identifier of software and/or task during which the error occurred); logs; number of pages viewed; duration of stay on the Website; queries used by the User when navigating to the Website; pages from which transitions were made; information about User actions using the Website; other technical information transmitted by the device.
The composition of information that may be contained in cookie files depends on the type of cookie file, the device used by the User, and the software on the User’s device.
10.6. The Operator may process cookie files for the following purposes:
● ensuring full and correct functioning of the Website, storing User settings;
● ensuring Website security;
● development of products, services and services of CJSC “Carbo-ZAKK”;
● improving quality and convenience of Website use;
● analyzing User behavior to improve Website content and functionality;
● conducting analytical, statistical and other types of research (including marketing research);
● conducting advertising and marketing activities and campaigns.
10.7. The Operator carries out automated processing of cookie data, including using third-party metric and analytical programs, such as:
10.7.1. Web analytics service “Yandex.Metrica” (LLC “YANDEX”, 119021, Russia, Moscow, L. Tolstoy Street, 16):
● categories of processed data — page address; page referrer; page title; browser and its version; operating system and its version; device; screen height and width; presence of cookies; presence of JavaScript; time zone; browser language; screen color depth; width and height of browser client area; gender and age of visitors; visitor interests; geographic data; JavaScript events (recording user interaction with the website, including use of JavaScript API methods on the website); page load parameters; page view; visit; external link click; file download; bounce; time on website; scroll depth; IP address.
● purpose of data processing — ensuring full functioning of the Website; analytics of Website visits to improve Website quality and content, retargeting, conducting statistical research and reviews using the “Yandex.Metrica” service.
● category of personal data subjects — Website Visitors.
10.7.2. End-to-end analytics service “Roistat” (LLC “Business Analytics”, 109004, Moscow, Tagansky municipal district, Alexander Solzhenitsyn Street, 23a, building 1, premises III, room 1):
● categories of processed data — browser; date of call in the project owner’s time zone (if applications are sent via Roistat call tracking); dialed number (if applications are sent via Roistat call tracking); phone number (if applications are sent via Roistat call tracking); city name; country, region; visit date; Website domain; email specified by the User; yclid value — identifier of click on a Yandex.Direct advertisement; first visit number; visitor IP address; landing page; first-level source; ym_uid value assigned by Yandex.Metrica counter; name specified by the Visitor; method of application creation (Call Tracking, Lead Catcher, etc.); page from which the application was submitted; operating system; phone number specified by the User; page from which the User navigated; roistat_param tag values; source (marker); source (marker) value; utm_campaign tag value; utm_content tag value; utm_medium tag value; utm_source tag value; utm_term tag value; visit number.
● purpose of data processing — optimization of advertising campaigns and improvement of business efficiency by collecting and analyzing data, including data about Website Users and their actions, conducting statistical research and reviews using the “Roistat” service.
● category of personal data subjects — Website Visitors.
10.7.3. Pixel “VK Advertising” (LLC “V Kontakte”, 191024, Saint Petersburg, Khersonskaya Street, 12-14, letter A, premises 1-N):
● categories of processed data — information about authorized users of the VKontakte service; actions of Visitors on the Website; data on visits to Website pages; information about browser, device and operating system. The Pixel collects data only about users who are authorized in the social network, which allows linking their actions on the Website with their VKontakte profile.
● purpose of data processing — advertising optimization, accounting for audience behavior and broadcasting the most suitable advertising applications using the platforms “VKontakte Advertising” and “VK Advertising”.
● category of personal data subjects — Website Visitors.
10.7.4. Online quiz constructor “Marquiz” (LLC “Marquiz”, 115404, Moscow, Biryulyovskaya Street, 24, building 1, office 10A):
● categories of processed data — email address; phone number; surname; first name; patronymic; IP address; cookie files and similar technologies; data on Visitor’s use of the service; information about connection location to the service.
● purpose of data processing — ensuring communication and interaction between the Operator and Quiz Users, sending informational and advertising messages to Quiz Users, promoting goods, works, services of the Operator.
● category of personal data subjects — Website Visitors.
10.8. Mandatory cookie files necessary to ensure proper functioning of the Website, as well as to ensure Website security, cannot be disabled; however, the User may delete them after completing use of the Website. To manage cookie files using web browsers or devices, the User must use the instructions provided by the browser developer or device manufacturer used by the User.
10.9. Cookie files are placed on the User’s device. The User may independently manage cookie files by following instructions applicable to the User’s device and web browser. If the User is on the Website, the User may also avoid placement of cookie files on the User’s device by setting appropriate web browser settings. The storage period of “browser” cookie files is limited. However, similar technological solutions, such as local storage on the User’s device, do not have a built-in automatic deletion system after expiration of time, and therefore such files must be deleted by the User independently.
10.10. If the User does not agree with the processing of cookie files, he/she must accept the risk that in such case the functions and capabilities of the Website may not be available in full, and then choose one of the following options:
● independently configure the browser in accordance with its documentation or help so that it permanently does not allow acceptance and transmission of cookie data for any Websites;
● switch to a special “incognito” browser mode to use the Website with cookies until the browser window is closed or until switching back to normal mode;
● leave the Website to avoid further processing of cookies.
11. Measures Applied by the Operator to Protect Personal Data
11.1. The Operator takes necessary and sufficient legal, organizational and technical measures to protect information provided by the PDS from unlawful or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions by third parties.
11.2. The main organizational measures for the protection of personal data are:
● regulation of the composition of third parties whose services the Operator uses in the process of processing personal data;
● strict, selective and justified distribution of confidential information provided for access to them;
● proper organization of the process of destruction of confidential information;
● development and improvement of local acts of the Operator regulating personal data processing processes;
● appointment of a person responsible for personal data processing;
● approval of storage locations for materials containing personal data, as well as access to them by employees of the Operator;
● ensuring separate storage of personal data on different material carriers, the processing of which is carried out for different (incompatible) purposes, monitoring of unauthorized access to personal data and taking measures to prevent such incidents in the future;
● control over measures taken to ensure personal data security and the level of protection of personal data information systems.
11.3. As technical measures for the protection of personal data, the Operator uses antivirus protection, specialized means of protecting information from unauthorized access provided by relevant services and software used by the Operator in providing its services.
11.4. The Operator ensures interaction with the state system for detection, prevention and elimination of consequences of computer attacks on information resources of the Russian Federation, including informing the federal executive authority authorized in the field of security about computer incidents that resulted in unlawful transfer (provision, distribution, access) of personal data.
11.5. In case of establishing the fact of unlawful or accidental transfer (provision, distribution, access) of personal data that resulted in violation of the rights of personal data subjects, the Operator is obliged, from the moment such incident is detected by the Operator, the authorized body for the protection of the rights of personal data subjects or another interested person, to notify the authorized body for the protection of the rights of personal data subjects.
11.6. Information about computer incidents that resulted in unlawful or accidental transfer (provision, distribution, access) of personal data, in the manner established jointly by the federal executive authority authorized in the field of security and the authorized body for the protection of the rights of personal data subjects, shall be transmitted to the federal executive authority authorized in the field of security.
In case of establishing the fact of unlawful or accidental transfer (provision, distribution, access) of personal data that resulted in violation of the rights of personal data subjects, the Operator is obliged, from the moment such incident is detected by the Operator, the authorized body for the protection of the rights of personal data subjects or another interested person, to notify the authorized body for the protection of the rights of personal data subjects:
● within twenty-four hours about the incident, about the alleged causes that led to violation of the rights of personal data subjects, and about the alleged harm caused to the rights of personal data subjects, about measures taken to eliminate the consequences of the incident, and also provide information about the person authorized by the Operator to interact with the authorized body for the protection of the rights of personal data subjects on issues related to the identified incident;
● within seventy-two hours about the results of the internal investigation of the identified incident, as well as provide information about persons whose actions caused the identified incident (if any).
12. Updating, Correction, Deletion and Destruction of Personal Data, Responses to Requests of Subjects for Access to Personal Data
12.1. Confirmation of the fact of processing of personal data by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the “Personal Data Law”, are provided by the Operator to the personal data subject or his/her representative upon request or upon receipt of a request from the personal data subject or his/her representative.
12.2. The provided information does not include personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosure of such personal data.
12.3. The request must contain:
● number of the main document identifying the personal data subject or his/her representative, information about the date of issuance of the specified document and the issuing authority;
● information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing of personal data by the Operator;
● the essence of the request (demand);
● signature of the personal data subject or his/her representative.
12.4. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
12.5. The Operator considers the Appeal of the PDS in the following order:
The Appeal is registered in the Register of Appeals of PDS.
The presence of all mandatory requisites of the Appeal is checked.
The validity of the Appeal is checked.
A response to the Appeal is provided.
12.6. Depending on the essence of the Appeal, the response must contain:
● the information requested by the PDS about processed personal data;
● a reasoned refusal to provide the requested information about processed personal data;
● notification of actions performed with the personal data of the PDS based on his/her Appeal.
12.7. The response to the Appeal is sent in a form corresponding to the form of the Appeal of the PDS.
12.8. If the appeal (request) of the personal data subject does not reflect all necessary information in accordance with the requirements of the Personal Data Law or the subject does not have rights of access to the requested information, a reasoned refusal is sent to him/her.
12.9. The right of the personal data subject to access his/her personal data may be restricted in accordance with Part 8 of Article 14 of the Personal Data Law, including if access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.
12.10. In case inaccurate personal data are identified upon appeal of the personal data subject or his/her representative, or upon their request or upon request of Roskomnadzor, the Operator blocks personal data relating to this personal data subject from the moment of such appeal or receipt of the specified request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
12.11. In case confirmation of the inaccuracy of personal data, the Operator, based on information provided by the personal data subject or his/her representative, or Roskomnadzor, or other necessary documents, clarifies personal data and removes blocking of personal data.
12.12. In case unlawful processing of personal data is identified upon appeal (request) of the personal data subject or his/her representative or Roskomnadzor, the Operator blocks unlawfully processed personal data relating to this personal data subject from the moment of such appeal or receipt of the request.
12.13. Upon achievement of the purposes of personal data processing, as well as in case the personal data subject withdraws consent to their processing, personal data are subject to destruction if:
● otherwise is not provided for by a contract to which the personal data subject is a party, beneficiary or guarantor;
● the Operator is not entitled to carry out processing without consent of the personal data subject on the grounds provided by the Personal Data Law or other federal laws;
● otherwise is not provided by another agreement between the Operator and the personal data subject.
12.14. The PDS has the right to send to the Operator his/her requests and demands (hereinafter — Appeal), including regarding the use of his/her personal data, as well as withdrawal of consent to personal data processing. The Appeal may be sent in the following ways: delivered personally, sent by registered mail, sent in the form of an electronic document signed with an electronic signature.
13. Amendment of the Policy
13.1. The Operator reserves the right to make changes to the Policy. The PDS is obliged, upon each use of the Website or other interaction with the Operator, to familiarize himself/herself with the current text of the Policy.
13.2. The new version of the Policy comes into force from the moment of its approval and posting in the relevant section of the Operator’s website. Continued use of the Website or its services after publication of the new version of the Policy, as well as continued interaction with the Operator, means acceptance of the Policy and its terms by the PDS. In case of disagreement with the terms of the Policy, the PDS must immediately cease use of the Website and its services, cease interaction with the Operator and send a corresponding request to the Operator.
14. Information About the Operator
CJSC “Carbo-ZAKK”
Legal address:
Russia, Leninsk-Kuznetsky, Topkinskaya Street, 182
Actual address:
652523, Kemerovo Region, Leninsk-Kuznetsky, Topkinskaya Street, 182
Telephone: +7 (384 56) 38 377, 35 444
E-mail: carbo-zakk@carbo-zakk.ru
TIN/KPP: 4212014972/421201001
OGRN: 1024201307019
Settlement account: 40702810626180100229
Bank name: KEMEROVO BRANCH No. 8615 PJSC SBERBANK
Bank BIC: 043207612
Correspondent account: 30101810200000000612
Bank TIN: 7707083893
Bank KPP: 420502002
Tel/Fax: 8 (38456) 3-60-76 / 3-62-08
Director Malafievskaya Yu.Yu. /_________________
Person responsible for personal data processing __________________ /_______
