1. General Provisions.
This Policy regarding the processing of personal data (hereinafter referred to as the "Policy") of the limited liability company "NODE-PROXY" (LLC "NODE-PROXY", INN 2224218222, OGRN 1262200001513, Russian Federation, Altai Krai, Sadgorodskaya str., 14, office 201 — hereinafter referred to as the "Operator") has been developed in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" in order to ensure the protection of human and civil rights and freedoms when processing their personal data, including the protection of the right to privacy, personal and family secrets.
The website may contain links to resources of other service providers. This Policy regarding the processing of personal data does not apply to the resources of third parties. It is recommended to review the privacy policy of the relevant resource before providing your personal data.
The Site and its content are intended exclusively for persons who have reached the age of 18. The Operator does not intentionally collect and process personal data of minors. By staying on the site, you confirm that you are of legal age. If a fact of processing of personal data of a minor is discovered, such data shall be subject to termination of processing and destruction at the request of a legal representative or upon the Operator's own discovery.
The legal basis for the processing of personal data is the consent of the personal data subject to the processing of personal data, the offer agreement concluded through acceptance (payment or other actions) by the user.
Data processing is necessary for the conclusion and execution of the offer agreement, to which the user (personal data subject) is a party.
The Operator reserves the right to make changes to this Policy.
2. Basic Concepts.
Personal data – any information relating directly or indirectly to a specific or identifiable individual (personal data subject).
Personal data subject - an individual to whom the personal data relates and who is directly or indirectly identified by it.
Personal data operator (operator) – a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.
Processing of personal data – any action or set of actions performed with personal data using automation tools or without using such tools.
Automated processing of personal data – processing of personal data by means of computer technology.
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons.
Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons.
Blocking of personal data – temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data).
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the physical media of personal data are destroyed.
Depersonalization of personal data – actions as a result of which it becomes impossible without using additional information to determine the ownership of personal data to a specific personal data subject.
3. Procedure for Processing Personal Data. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects Processed within the Framework of the Stated Purposes of Processing.
The Operator processes personal data, limiting itself to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.
3.1 Processing of personal data for the purpose of concluding and fulfilling the terms of the offer agreement to which the personal data subject is a party
Includes the following categories of personal data: full name, email address, other technical data (cookies, IP address, log files, device information, browser).
Categories of personal data subjects for this purpose: clients and site visitors.
The basis for processing personal data is the consent of the personal data subject, the conclusion and execution of the offer agreement to which the personal data subject is a party, and the Civil Code of the Russian Federation.
Processing of personal data includes: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, provision, depersonalization, blocking, deletion, destruction. Processing occurs in an automated manner.
3.2 Processing of personal data for the purpose of conducting marketing analytics
Includes the following categories of personal data: data collected via metric programs.
Categories of personal data subjects for this purpose: clients and site visitors.
The basis for processing personal data is the consent of the personal data subject.
Processing of personal data includes: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, provision, depersonalization, blocking, deletion, destruction. Processing occurs in an automated manner.
3.3 Processing of personal data for the purpose of promoting goods, works, and services on the market
Includes the following categories of personal data: email address and information collected by metric programs.
Categories of personal data subjects for this purpose: clients and site visitors.
The basis for processing personal data is the consent of the personal data subject.
Processing of personal data includes: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, provision, depersonalization, blocking, deletion, destruction. Processing occurs in an automated manner.
4. Automatically Collected Personal Data.
The site uses the following cookies in its operation: necessary (mandatory for site functionality, navigation, and security); technical (to remember selected settings, which makes using the site more convenient); analytical (collection of information about site traffic to evaluate effectiveness and optimize site operation); marketing (analyze user interests for personalized offers); session (exist only during the current session, necessary for shopping, navigating between pages without re-authorization); persistent (stored on the user's hard drive, allow identifying the user as unique with saved settings during repeat visits).
The use of cookies ensures the correct operation of the personal account, automatic authorization, saving of user's personal settings, study of user behavior, the possibility of personalized offers, which makes the use of the site by the client as convenient as possible.
The user can disable the collection of cookie data in their browser settings; in this case, only mandatory cookies, without which it is impossible to use the resource, will function.
In addition to cookies, the site server registers information about the user's visit in log files. This is a standard technical procedure that actually records the device's presence on the site. The necessary data is used to ensure the security and stability of the site within the framework of fulfilling obligations under the offer agreement to which the personal data subject is a party.
5. Transfer to Third Parties.
Yandex Metrica (YANDEX LLC, INN 7736207543, OGRN 1027700229193, 119021, Russian Federation, Moscow, Lev Tolstoy str., 16) is used for marketing analytics.
Data collected via the service is used to analyze user activity, evaluate the use of the site by users, which affects the improvement of the resource's operation.
The user can disable the operation of this service by disabling cookies in their browser settings.
Processing of information is carried out by Yandex in accordance with the terms of use of the Yandex Metrica service, available at yandex.ru
For data processing, the Operator uses computing power and services of the certified provider "TIMEWEB.CLOUD" (TIMEWEB.CLOUD LLC, INN 7810945525, OGRN 1227800052215, legal address: 420500, Russian Federation, Republic of Tatarstan, Verkhneuslonsky District, Innopolis City, Universitetskaya str., 7, office 605). Data processing is carried out on secure servers located on the territory of the Russian Federation.
For payment processing, a third-party payment service "Robokassa" (Robokassa LLC, INN 5047063929, OGRN 1055009302215, 115054, Russian Federation, Moscow, Stremyanny Lane, 26) is used. Collection and processing of data is carried out on the side of this resource; we recommend reviewing the privacy policy of the payment service.
This Operator (LLC "NODE-PROXY") does not process, store, or have access to bank card data.
6. Rights and Obligations of the Operator
6.1 The Operator is obliged to:
- take measures necessary and sufficient to ensure compliance with the requirements of the legislation of the Russian Federation and the Operator's local regulations in the field of personal data;
- issue local regulations defining the Operator's policy regarding the processing of personal data;
- appoint a person responsible for organizing the processing of personal data;
- determine employees who have access to personal data of personal data subjects;
- familiarize employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the processing of personal data; internal documents defining the policy regarding the processing of personal data, local acts on the processing of personal data;
- apply legal, organizational and technical measures to protect personal data;
- in cases provided for by federal law, carry out the processing of personal data only with the consent of the personal data subject;
- block unlawfully processed personal data, stop processing and destroy personal data in accordance with the legislation of the Russian Federation;
- provide personal data subjects, upon their request, with information relating to the processing of their personal data, in accordance with the procedure established by the legislation of the Russian Federation;
- provide information to the personal data subject in an accessible form, which should not contain personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data;
- upon the subject's request, familiarize them with their rights in the field of processing and protection of personal data;
- carry out internal control and/or audit of the compliance of personal data processing with the legislation of the Russian Federation on personal data, requirements for the protection of personal data, the Policy regarding the processing of personal data, and the Operator's local acts.
6.2. The Operator has the right to:
- engage third parties in the processing of personal data and/or transfer personal data to them on the basis of an agreement concluded with that person to achieve the purposes specified in this Policy, including for the execution of the offer agreement to which the personal data subject is a party;
- provide personal data of subjects to third parties if this is provided for by the current legislation of the Russian Federation or an agreement (offer agreement) with the subject, as well as on the basis of consent, if such is necessary under the law;
- refuse to provide personal data in cases provided for by the legislation of the Russian Federation, with a reasoned response stating the reason for the refusal within the time limits established by law;
- require the personal data subject to provide reliable information about their personal data;
- receive timely notification from the personal data subject of changes to their personal data.
7. Rights and Obligations of the Personal Data Subject.
7.1 The personal data subject has the right to:
- receive information concerning the composition of their personal data and the procedure for its processing;
- access their personal data;
- request the clarification of personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing;
- withdraw consent to the processing of their personal data, written in free form through the personal account, or by sending a request to the email address marked "Withdrawal of Consent";
7.2 Personal data subjects are obliged to:
- provide accurate information about themselves to the extent necessary for the purpose of processing;
- inform the Operator about the clarification (updating, change) of their personal data.
8. Security Information.
The Operator takes the necessary legal, organizational and technical measures aimed at protecting personal data. A person responsible for organizing the processing of personal data has been appointed, local regulations governing work with personal data have been developed and approved, access of unauthorized persons to personal data has been excluded, antivirus protection is used, and access rights are differentiated. Also, the security of the infrastructure is ensured by information protection tools of a certified provider that have passed conformity assessment.
9. Terms and Conditions for Termination of Personal Data Processing.
The period of processing of personal data is determined by the achievement of the purposes for which they were collected, but is limited by the statute of limitations (3 years according to the Civil Code of the Russian Federation), as well as the requirements of the Tax Code of the Russian Federation (5 years according to the Tax Code of the Russian Federation, Federal Law No. 402-FZ of December 6, 2011 "On Accounting").
Also, personal data is destroyed in the event of liquidation of the Operator's legal entity; on the basis of a written request from the personal data subject with a requirement to stop processing their personal data (withdrawal of consent). In such cases, personal data is destroyed within 30 days.