Policy of handling and protecting personal data of “Ginza Project”, LLC, clients
Agreement to handling of personal data
I (from here on – the Client) give my consent to handling of my personal data, having provided my information to the “Ginza Project Group”, LLC, website
ITN: 7841369720 (from here on – the Company) http://ginzadelivery.ru (from here on – the Website), by means of filling in “Feedback” sections, registration forms, filling in and using other services provided by the Website, the Client thus:
1. Acknowledges that all the provided data is personal.
2. Acknowledges and confirms that the current Agreement has been fully read, and that conditions of handling the personal data, the text of the Agreement and conditions of handling the data are fully clear.
3. Gives permission to handle personal information by the Website, as part of the Agreement between the Client and “Ginza Project Group”, LLC.
Promises to fulfill the current Agreement, and is in full agreement with terms and conditions of data handling, without exceptions and limitations.
The Client allows the personal data to be handled, namely the actions stipulated in p3 art 1 of Federal Law #152-F3 (from 27.07.2006) “On personal data”, and acknowledges that by giving this consent the Client acts freely, upon goodwill and personal interest.
The Client entitles “Ginza Project Group”, LLC to:
conduct the following activities with the personal data: gathering and accumulation, systematization, storage within legally determined terms (but not less than three years after the Client ceases to use the services), clarification (update, alterations), usage, distribution (including domestic distribution within the Russian Federation as well as cross-border distribution), depersonalization, blocking, deletion of personal data and providing the data to partners of “Ginza Project Group”, LLC.
which have the corresponding agreements with “Ginza Project Group”, LLC
to exchange personal data, and third parties with the aim to fulfill the current Agreement, handing data over upon a court request – including third parties, adhering to measures which protect personal data from unauthorized usage.
DEFINITIONS AND DESCRIPTIONS
1.1 Personal data – any information related to a physical person (or information defining the person), including first and family names, date and place of birth, street address, email address, phone number (home and cell), other information.
1.2 Handling of personal data – actions with personal data, including gathering, recording, systematization, accumulation, storage, clarification (updates, alterations), usage, extraction, distribution (including domestic distribution within the Russian Federation as well as cross-border distribution), depersonalization, blocking, deletion.
1.3 Confidentiality of personal data – necessary for regulation of a responsible individual who acquires access to personal data, and requirement to prevent distribution of data without the Client’s consent or other legal basis.
1.4 Distribution of personal data – actions aimed at handing over of data to a certain group of persons (handing over of personal data) or providing personal data to undefined group of persons, including publishing those in mass media, placement of the data in information and telecommunication networks or allowing access to data by any other method.
1.5 Usage of personal data – actions (operations) with personal data, aimed at making decisions or other actions entailing legal consequences towards the bearers of personal data, or concerning rights and liberties of other individuals in any way.
1.6 Blocking of personal data – temporary suspension of gathering, systematization, accumulation, usage, distribution of personal data, including exchange.
1.7 Deletion of personal data – actions after which it’s impossible to restore personal data within the system of personal data, or leading to elimination of material storage of personal data.
1.8. Depersonalization of personal data – actions, as a result of which it becomes impossible to determine the attribution of personal data to an individual without using additional information.
1.9. Publicly available personal data – personal data with access to it given to undetermined group of individuals upon consent of the Client or which are not subjected to Federal Laws on confidentiality.
1.10. Information – details (messages, data) regardless of their presentation.
1.11 the Client (individual bearing personal data) – individual, consumer of products/services provided by “Ginza Project Group”, LLC, or user of the Website.
1.12 Operator – state body, municipal body, legal body or an individual, which either on one’s own or in collaboration with other entities/individuals is engaged in handling personal data, as well as defining goals of handling personal data, the composition of personal data subjected to handling, actions performed with personal data. Within the framework of the current Agreement, by “Ginza Project Group”, LLC, bears the title of the Operator,
ITN: 7841369720, as well as other organizations which have active or future agreements with the Operator to realize the goals of handling personal data of the Client(s), defined by the terms of the current Agreement – namely, to provide the Client through various means of communication with promotion information of the Operator etc, as well as agreements on holding sociological and other studies, including researching the index of Client(s) satisfaction with the products and services provided by the Operator, which could be conducted either by the Operator or through third parties – with the aim of generating email lists.
2. GENERAL TERMS
2.1 The current Policy of handling and protecting personal data of “Ginza Project Group”, LLC, clients (from here on – the Provision) has been compiled in accordance with the Constitution of the Russian Federation, Civic Code of the Russian Federation, the Federal Law “On information, information technologies and protection of information”, Federal Law “On personal data”, other pieces of legislation active on the territory of the Russian Federation.
2.2. The goal of the Provision – determining the order of handling and protecting personal data of all the Clients of the Company, data of which are subjected to handling, based on the Operator’s authority; providing the protection of rights and liberties of an individual and a citizen while handling personal data, including protection of one’s rights to untouchability of personal life, personal and family confidentiality, as well as determining responsibility for employees with access to personal data – for failure to comply with norms regulating handling and protection of personal data.
3. PRINCIPLES OF HANDLING OF PERSONAL DATA
3.1 Handling of personal data by the Company is based on following principles:
3.1.1. legality of goals and means of handling personal data, as well as good will;
3.1.2. correspondence between the goals of handling the personal data and the goals pre-determined before the handling of personal data, as well as the Company’s authority;
3.1.3. correspondence between volume and nature of handled personal data, as well as means of handling personal data, with declared goals of handling personal data;
3.1.4. authenticity of personal data, its applicability and sufficiency for the goals of handling, unacceptability of handling personal data deemed excessive to the declared goals;
3.1.5. legitimacy of organizational and technical means to provide protection of personal data;
3.1.6. continuity of raising the knowledge of the Company’s employees in the sphere of providing protection of personal data while handling it;
3.1.7. determination to continuously improve the system of protecting personal data.
4. GOALS OF HANDLING PERSONAL DATA
4.1 Handling of personal data by the Company is aimed at:
4.1.1 planning operational activities of the Company’s departments;
4.1.2 usage for automatization of processes of forming primary documents (contracts, payment bills, universal exchange documents, various Acts, invoices etc);
4.1.3 identification of the Client upon inquiries with the Company via telephone or electronic means of communication;
4.1.4 identification of the Client while conducting basic actions by the Company, stipulated in the regulations;
4.1.5 usage for automatization of paperwork generation for business processes of selling foods;
4.1.6 forming unified Client database for automatization of marketing and service tasks;
4.1.7 enabling promotional activities of the Company;
4.1.8 automatization and optimization of the Company’s operational activities;
4.1.9 maintenance and actualization of the Client database;
4.1.10 acquiring and researching statistical data on volume of sales and quality of services;
4.1.11 conducting marketing programs;
4.1.12 studying specifics of the food market;
4.1.13 conducting surveys and research aimed at determining satisfaction/dissatisfaction of clients and continuous improvement of provided services;
4.1.14 informing clients by means of communication channels (SMS, multimedia messages through mobile apps etc) about the Company’s products, services, bonus and service events, promotional and feedback actions etc;
4.1.15 advertising and other forms of promoting goods and services of the Operator in the market by means of direct contacts with bearers of personal data;
4.1.16 promotion of goods and services provided by “Ginza Project Group”, LLC;
4.1.17 providing the Client with notifications, informational messages, promotional materials (included, but not limited to: invitations to events, information about new products and services and other information related to “Ginza Project Group”, LLC, and its partners) by means of direct contacts with the Client through various communication methods (included, but not limited to: regular and electronic mail, phone, sms, fax, the Internet);
4.1.18 technical support at processing of information, documents and personal data, both using automated and non-automated methods;
4.2 Handling of personal data is also done within automated information systems. The composition of personal data, processed within the Company’s automated system of personal data, must correspond with the tasks and goals of collecting, handling and using personal data.
5. THE ACQUISITION OF PERSONAL DATA
5.1 All personal data of the Client is acquired personally upon a written consent or in electronic form, after reading the Agreement and pushing a corresponding button, with the exception of cases stipulated within the legislation of the Russian Federation.
5.2 The agreement by the Client for usage of personal data is stored at the Company in a written and/or electronic form.
5.3 The agreement by the Client for handling of personal data has no time limit, and is also effective within 10 years after secession of business relations between the Client and the Company. After this period, the effectiveness of the Agreement is prolonged every five years, unless there are conditions for recalling it.
5.4 If the Client’s personal data can only be acquired from a third party, the Client has to be notified in advance and provide a written consent. A third party, providing the Client’s personal data, has to have a consent of the Client to provide the Company with personal data. The Company must obtain confirmation from a third party providing the Client’s personal data that the data is provided upon the Client’s consent. The Company must sign an Agreement with the third parties regarding confidentiality of the Client’s personal data.
5.5 The Company must inform the Client of goals, presumed sources and methods of acquiring personal data, as well as of the nature of acquired personal data and consequences of the Client’s refusal to produce a written consent on acquisition of personal data.
5.6 Handling of the Client’s personal data without consent can only be performed when:
5.6.1 Personal data is publicly accessible.
5.6.2 Upon the request of state bodies in cases stipulated by Federal Laws.
5.6.3 Handling of personal data is done upon Federal Law, determining its goal, conditions of acquisition of personal data and group of individuals, personal data of which are subjected to handling, as well as defining the authority of the Operator.
5.6.4 Handling of personal data is aimed at generating and fulfilling an agreement, one side of which is the bearer of the personal data – the Client.
5.6.5 Handling of personal data is made for statistic goals, upon the necessary condition of de-personification of personal data.
5.6.6 In other cases stipulated by law.
5.7 The Company has no right to obtain and handle the Client’s personal data regarding race, nationality, political views, religious or philosophical views, health condition and personal life.
6. STORAGE OF PERSONAL DATA
6.1 Handwritten personal data of the Client is stored inside a strongbox.
6.2 Electronic personal data of the Client is stored within the Company’s local network, in electronic folders and files of the Company’s server.
6.3 Documents containing the Client’s personal data are stored in lockers (strongboxes), providing safety from unsanctioned access. At the end of a working day, all documents containing the Client’s personal data are put into lockers (strongboxes), providing safety from unsanctioned access.
6.4 Safety of access to electronic databases containing personal data of the Clients is provided by:
Using licensed anti-virus and anti-hacking software, preventing unsanctioned access to the Company’s local network.
Distribution of access rights among user accounts.
Password system at the local network level. Passwords are set by the Company’s System Administrator and are given individually to employees with access to the Client’s personal data.
6.5 Unsanctioned access to a PC which stores personal data of the Clients is blocked by passwords, which are determined by System Administrator and are not distributable.
6.6 Copying and making extracts from personal data of the Clients is permitted only for internal service tasks and only with a written consent by the Company’s General Director.
6.7 Responses to written inquiries from other companies regarding the Clients’ personal data are only given upon written consent of the Client, unless stipulated by law. The responses are put on the Company’s official paper, and in a volume which prevents excessive exposure of the Client’s personal data.
7. HANDLING OF PERSONAL DATA
7.1 The bearer of personal data provides authentic data to the Company.
7.2 Only employees of the Company authorized to work with the Client’s personal data and have signed an Agreement on non-disclosure of personal data of the Client have access to handling of the Client’s personal data.
7.3 The name-by-name list of the Company’s employees with access to the Clients’ personal data is determined in a decree signed by the Company’s General Director.
7.4 Handling of the Client’s personal data can only be conducted within the goals set by the Provision and in adherence to laws and other regulations of the Russian Federation.
7.5 While determining the volume and content of the handled personal data, the Company adheres to the Constitution of the Russian Federation, law on personal data and other Federal Laws.
8.1 The Company assesses the damages which could be done to bearers of personal data and determines threats to safety of personal data. Responding to determined real threats, the Company will implement sufficient organizational and technical means, including means of protecting information, revealing cases of unauthorized access, restoring personal data, determining rules of access to personal data, as well as control and estimation of effectiveness of undertaken measures.
8.2 The company hires personnel responsible for organization of handling and providing security for personal data.
8.3 The Company has developed, introduced and implemented “The Provision on personal data” for its employees.
8.4 The Company continuously raises the quality of personal data security by means of internal checks. It also fixes any irregularities and security lapses in the shortest times possible
8.5 Management of the Company realizes the necessity of and is keen on providing security for personal data handled within the basic activities of the Company, based on both the existing legislation of the Russian Federation and business risks evaluation viewpoint.
By providing personal data, the Client agrees to receive SMS, emails (to a specified address), phone calls (to a specified number) from “Ginza Project Group”, LLC, and partners of “Ginza Project Group”, LLC, with the latest news and information on special offers.
The current Agreement is not limited by time, starting with providing personal information, and can be recalled by the Client by means of an inquiry to the Website administration with provisions stated in article 14 of the “On personal data” Law.
Handling of personal data can also be ceased if the Client sends a written statement to firstname.lastname@example.org or by mail to “Ginza Project Group”, LLC’s address.
“Ginza Project Group”, LLC, bears no responsibility for usage (both legal and illegal) by third parties of Information provided by the Client to the Website, including its distribution done in any possible way.
“Ginza Project Group”, LLC, reserves the right to alter the existing Agreement. The date of the latest alteration is included into the text of the newer version. The altered version becomes effective as soon as its published, unless stated otherwise in the amended text of the Agreement. The effective text can always be found on the website. The existing provisions are a public document and are available on the Website of “Ginza Project Group”, LLC.