Regulations on the processing and protection of personal data in personal databases owned by the seller
Contents
1. General concepts and scope of application
2. List of personal databases
3. Purpose of personal data processing
4. Procedure for processing personal data: obtaining consent, notification of rights and actions with personal data of the personal data subject
5. Location of the personal data base
6. Terms of disclosure of personal data to third parties
7. Protection of personal data: methods of protection, responsible person, employees who directly process and/or have access to personal data in connection with the performance of their official duties, personal data retention period
8. Rights of the personal data subject
9. Procedure for handling requests from the personal data subject
10. State registration of the personal data base
1. General concepts and scope of application
1.1. Definition of terms:
personal data base — a named collection of organized personal data in electronic form and/or in the form of personal data files;
responsible person — a designated person who organizes work related to the protection of personal data during its processing, in accordance with the law;
personal data base owner — a natural or legal person who, by law or by agreement with the subject of personal data, is granted the right to process such data, who approves the purpose of processing personal data in this database, establishes the composition of such data and the procedures for its processing, unless otherwise specified by law;
State Register of Personal Data Bases — a unified state information system for the collection, accumulation, and processing of information about registered personal data bases;
Publicly available sources of personal data — reference books, address books, registers, lists, catalogs, and other systematic collections of open information containing personal data that are posted and published with the knowledge of the personal data subject. Social networks and Internet resources in which the subject of personal data leaves their personal data are not considered publicly available sources of personal data (except in cases where the subject of personal data expressly states that the personal data is posted for the purpose of free distribution and use);
consent of the subject of personal data — any documented, voluntary expression of will by a natural person to give permission for the processing of their personal data in accordance with the stated purpose of their processing;
depersonalization of personal data — removal of information that allows a person to be identified;
processing of personal data — any action or set of actions performed in whole or in part in an information (automated) system and/or in personal data files related to the collection, registration, accumulation, storage, adaptation, modification, renewal, use, and dissemination (distribution, realization, transfer), depersonalization, destruction of information about a natural person;
personal data — information or a set of information about a natural person who is identified or can be specifically identified;
personal data controller — a natural or legal person who is granted the right to process personal data by the owner of the personal data or by law. A person who is entrusted by the owner and/or controller of the personal data to perform technical work with the personal data without access to the content of the personal data is not a personal data controller;
personal data subject — a natural person in relation to whom personal data is processed in accordance with the law;
third party — any person, except for the subject of personal data, the owner or administrator of the personal data base, and the authorized state body for personal data protection, to whom the owner or administrator of the personal data base transfers personal data in accordance with the law;
special categories of data — personal data on racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties and trade unions, as well as data concerning health or sex life.
1.2. These Regulations are binding on the responsible person and employees of the seller who directly process and/or have access to personal data in connection with the performance of their official duties.