1. TERMS AND DEFINITIONS
Personal data - any information related to the Subject of personal data, including last name, first name, patronymic, contact details (telephone, e-mail, postal address), location (country, city, region, etc.), date of birth, a photograph, a link to a personal website, links to pages on social networks, a bank card (card number, card expiration date, CVV2 or CVC2 or other security code) or an electronic wallet (number and other data necessary to pay for these services) .;
Operator - the administrator of the site https://realty.adaurum.ru
, who independently or jointly with other persons organizes the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Subject of personal data - a person to whom personal data relates;
Site - a site owned by the Operator and located on the Internet at https://realty.adaurum.ru
Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data - processing of personal data using computer technology;
Dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Blocking of personal data - temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);
Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
Depersonalization of personal data - actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing
2. GENERAL PROVISIONS
2.1. The Policy has been issued and applied by the Operator in accordance with paragraphs. 2 hours 1 tbsp. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").
2.2. This Policy determines the procedure and conditions of the Operator regarding the processing of personal data, establishes procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations related to the processing of personal data.
2.3. This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, carried out using automation tools and without use of such funds.
2.4. The purpose of processing personal data by the Operator is to obtain information about the Subject of personal data in connection with the promotion of goods, works, services of the Operator.
2.5. Personal data is not distributed or provided to third parties without the consent of the Personal Data Subject and is used by the Operator solely for the purposes specified in clause 2.4 of the Policy.
2.6. The processing of personal data is carried out in compliance with the principles and rules provided for by the Federal Law "On Personal Data" and this Policy.
3. RIGHTS OF THE OPERATOR AND THE SUBJECT OF PERSONAL DATA
3.1. The operator of personal data has the right:
- provide personal data of the Subjects to third parties, if this is provided for by applicable law (tax, law enforcement agencies, etc.);
- refuse to provide personal data in cases provided for by law;
- use the personal data of the Subject without his consent in cases provided for by law;
- The operator has other rights established by the Federal Law "On Personal Data".
3.2. The subject of personal data has the right:
- demand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurateand, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
- receive information about the terms of processing of their personal data, including the terms of their storage;
- demand notification of all persons who were previously informed of incorrect or incomplete personal data of all exceptions, corrections or additions made to them;
- appeal to the authorized body for the protection of the rights of the Subjects of personal data or in court against illegal actions or omissions in the processing of his personal data
- The subject of personal data has other rights established by the Federal Law "On Personal Data".
4. OBLIGATIONS OF THE OPERATOR
4.1. The processing of personal data by the Operator is carried out with the consent of the Subject of personal data, except as otherwise established by the legislation of the Russian Federation.
4.2. In cases established by the legislation of the Russian Federation in the field of personal data, the Operator is obliged to inform the Personal Data Subject or his representative, whose powers will be duly executed, information regarding the processing of the Personal Data of the Subject.
4.3. The operator bears other obligations established by the Federal Law "On Personal Data".
5. MEASURES TO ENSURE THE SECURITY OF PERSONAL DATA
5.1. When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data in accordance with Article 19 of the Federal Law "On Personal Data".
5.2. The operator takes the following measures to protect personal data:
- threats to the security of personal data are determined during their processing in information systems of personal data;
- organizational and technical measures are applied to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
- an assessment of the effectiveness of the measures taken to ensure the security of personal data is carried out before the commissioning of the personal data information system;
- measures are being taken to exclude the facts of unauthorized access to personal data;
- restoration of personal data modified or destroyed due to unauthorized access to them is carried out;
- rules for access to personal data processed in the information system are established, as well as registration and accounting of actions performed with personal data in the personal data information system;
- means of minimizing access rights, means of access control (identification and authentication of access subjects) and other protection measures are implemented and applied;
- control is exercised over the measures taken to ensure the security of personal data and the level of security of personal data information systems.
6. FINAL PROVISIONS
6.1. This Policy is approved by the Operator according to the standards of the Operator, is publicly available and is subject to posting on the official website of the Operator on the Internet.
6.2. The Policy is subject to change and / or addition in case of amendments to the current legislative acts and the emergence of new legislative acts, special regulatory documents on the processing and protection of personal data, the introduction of new technologies in ensuring the security of personal data.
6.3. The responsibility of the Operator's officials who have access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.