Personal Data Processing Policy1. General provisions
This Personal Data Processing Policy is formulated in accordance with the Federal Law of 27.07.2006 No. 152-FL "On Personal Data" (hereinafter - “Law on Personal Data”) and determines the procedure for personal data processing and the measures undertaken by IE Saranchuk Tatiana (hereinafter - "Operator") to ensure the security of personal data.
1.1. The Operator prioritizes the respect for human and civil rights and freedoms in the processing of personal data, including protecting rights to privacy, and personal and family secrets.
1.2. This Operator's policy regarding personal data processing (hereafter - "Policy") is applicable to all information that the Operator may obtain about visitors to the website
https://smartpeople.agency/eng.
2. Key concepts used in the Policy
2.1. "Automated processing of personal data" - the processing of personal data using computer equipment.
2.2. "Blocking of personal data" - the temporary suspension of personal data processing, except for cases when processing is necessary to clarify personal data.
2.3. "Website" - a collection of graphic and informational materials, computer programs, and databases, ensuring their availability on the Internet at
https://smartpeople.agency/eng.
2.4. "Personal data information system" - a set of personal data contained in databases, including the information technologies and technical means ensuring their processing.
2.5. "Depersonalization of personal data" - actions that make it impossible to determine without using additional information whether personal data belong to a particular User or other subject of personal data.
2.6. "Processing of personal data" - any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data.
2.7. "Operator" - state or municipal authority, legal entity or individual that independently or jointly with other persons organizes and/or carries out processing of personal data, and determines the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data.
2.8. "Personal Data" - any information related directly or indirectly to a specific or identifiable User of the website
https://smartpeople.agency/eng.
2.9. "Personal data authorized by the subject of personal data for dissemination" - personal data which an unlimited number of persons have access to by the personal data subject by giving consent to the processing of personal data authorised by the personal data subject for dissemination in the manner prescribed by the Personal Data Law (hereinafter - personal data authorised for dissemination).
2.10. "User" - any visitor of the website
https://smartpeople.agency/eng.
2.11. "Provision of personal data" - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
2.12. "Dissemination of personal data" - any actions aimed at disclosure of personal data to an indefinite number of people (transfer of personal data) or at familiarization of personal data to an unlimited number of people, including disclosure of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way.
2.13. "Cross-border transfer of personal data" - transfer of personal data to the territory of a foreign country to a foreign government authority, a foreign individual or a foreign legal entity.
2.14. "Destruction of personal data" - any actions resulting in the irreversible destruction of personal data with the impossibility of further recovery of the content of personal data in the personal data information system and/or the destruction of physical carriers of personal data.
3. Basic rights and obligations of the Operator
3.1 The Operator has the right to:
- Request and receive reliable information and/or documents containing personal data from the subject;
- In case the personal data subject revokes his/her consent to the processing of personal data, as well as if he/she submits a request to stop the processing of personal data, the Operator has the right to continue the processing of personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law;
- Independently determine the composition and list of measures necessary and sufficient to ensure the fulfilment of the obligations stipulated by the Personal Data Law and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2 The Operator shall:
- Provide personal data subjects with information about the processing of their personal data upon request;
- Organize personal data processing in accordance with the established procedures of the Russian Federation's legislation;
- Respond to appeals and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law.
- Provide the authorized body for the protection of the rights of personal data subjects the required information within 10 days from the date of receipt of a request;
- Publicly disclose this Personal Data Processing Policy and ensure unrestricted access to it;
- Implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, dissemination, and other unlawful actions;
- Cease the transfer (dissemination, provision, access) of personal data, cease processing and destroy personal data in the manner and cases stipulated by the Personal Data Law;
- Fulfill other obligations stipulated by the Personal Data Law.
4. Basic rights and obligations of personal data subjects
4.1 Personal data subjects have the right to:
- Receive information regarding the processing of their personal data, except as restricted by federal laws. Information should be provided to the subject of personal data by the Operator in an accessible form and should not contain personal data relating to other subjects of personal data, unless there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
- Request the Operator to clarify, block, or destroy their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or are not necessary for the stated processing purpose, and take measures provided by law to protect their rights;
- Require a condition of prior consent for the processing personal data of marketing goods, works and services;
- Withdraw consent to personal data processing and request the termination of personal data processing;
- Appeal to the authorized body for the protection of the rights of personal data subjects or in court against the Operator's unlawful actions or omissions in processing their personal data.
- Exercise other rights provided by Russian Federation legislation.
4.2 Personal data subjects are obligated to:
- Provide accurate and updated data about themselves to the Operator;
- Inform the Operator about any clarification (update, amendment) of their personal data;
4.3 Individuals who provide Operator with false information about themselves or about another personal data subject without consent of the latter, are liable in accordance with the laws of the Russian Federation.
5. Principles of personal data processing
5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. Personal data processing is limited to achieving specific, predetermined, and legitimate objectives. Processing that is incompatible with the purposes of data collection is not permitted.
5.3. Combining databases containing personal data processed for incompatible purposes is prohibited.
5.4. Only personal data that fulfills the purposes it is processed is processed.
5.5. The content and scope of processed personal data correspond to the declared processing purposes. Redundancy of processed personal data beyond the declared purposes is not permitted.
5.6. During personal data processing аccuracy, sufficiency, and, where necessary, relevance of personal data to the purposes of processing must be ensured. The Operator is responsible for taking necessary measures to delete or rectify incomplete or inaccurate data.
5.7. Personal data is stored in a form that allows identification of the subject of personal data for no longer than required by the personal data processing purposes, unless the period of storage of personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. Processed personal data must be destroyed or depersonalized upon fulfilling the processing purposes or when it is no longer necessary to achieve these purposes, unless otherwise provided by federal law.
6. Purposes of personal data processing
The processing of personal data is aimed at clarifying order details, which include:
- Personal data (surname, first name, patronymic);
- Email address;
- Telephone numbers;
The legal basis - contracts concluded between the Operator and the personal data subject.
Types of personal data processing include collection, recording, systematization, accumulation, storage, destruction, and depersonalization of personal data.
7. Conditions of personal data processing
7.1. Personal data is processed with the consent of the personal data subject to its processing.
7.2. Personal data processing is necessary to fulfill purposes provided by an international treaty of the Russian Federation or by law, to fulfill the functions, powers and duties assigned to the Operator by the Russian Federation legislation.
7.3. Personal data processing is necessary for administering justice, executing judicial acts, acts of other bodies or an official subject to execution in accordance with the Russian enforcement legislation.
7.4. Personal data processing is necessary for the execution of a contract involving the personal data subject as a party, beneficiary, or guarantor, or for the conclusion of a contract at the initiative of the personal data subject or a contract whereby the personal data subject is a beneficiary or guarantor.
7.5. Personal data processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties, or for the achievement of socially significant purposes, as long as it does not violate the rights and freedoms of the personal data subject.
7.6. Personal data processing an unlimited number of people have access to by the personal data subject or at his/her request (hereinafter - “publicly available personal data”) is carried out.
7.7. Personal data processing required to be published or mandatory disclosed in accordance with federal law is carried out.
8. Procedures for the collection, storage, disclosure, and other types of processing of personal data
The Operator ensures the security of processed personal data by implementing necessary legal, organizational, and technical measures in full compliance with current personal data protection legislation.
8.1. The Operator commits to safeguarding personal data and adopts all feasible measures to prevent unauthorized access to the data.
8.2. Personal data is not transferred to third parties, except as required by law or with the explicit consent of the data subject for fulfillment of obligations under civil contracts.
8.3. Users may update inaccurate personal data by sending an email to the Operator at hello@smartpeople.agency/ with the subject "Personal Data Update".
8.4. The processing term of personal data is defined by the accomplishment of the purposes for which the data was collected, unless a different term is stipulated by a contract or applicable law. Users may withdraw their consent for data processing at any time by emailing the Operator at hello@smartpeople.agency/ with the subject "Withdrawal of consent to personal data processing".
8.5. Information collected by third-party services, such as payment systems, communication tools, and other service providers, is stored and processed by these entities in accordance with their User Agreements and Privacy Policies. The Operator is not responsible for the actions of these third parties including the service providers referred to in this paragraph.
8.6. Restrictions imposed by the personal data subject regarding the transfer (except for granting access) or processing (except for obtaining access) of personal data authorized for dissemination do not apply in cases of processing for state, public, or other public interests as defined by Russian Federation legislation.
8.7. The Operator ensures the confidentiality of personal data during processing.
8.8. Personal data is stored in a format that allows identification of the data subject no longer than it is required by the processing purposes, unless a longer period is mandated by federal law or a contract the personal data subject is a party, beneficiary or guarantor.
8.9. Personal data processing may cease upon achieving the processing purposes, expiry or withdrawal of the data subject's consent, a request to terminate processing, or detection of unlawful data processing.
9. List of actions performed by the Operator with the received personal data
9.1. The Operator engages in various activities with personal data, including:
- Collection, recording, systematization, accumulation, and storage;
- Clarification (update, change);
- Extraction, utilization, and transfer (dissemination, provision, access);
- Depersonalization, blocking, deletion, and destruction.
9.2. The Operator conducts automated processing of personal data, which may involve receiving and/or transmitting the data via information and telecommunication networks.
10. Cross-border transfer of personal data
10.1. Prior to initiating cross-border transfer of personal data, the Operator must notify the authorized body for personal data subject rights protection of its intent to conduct such transfer. This notification must be distinct from any notification regarding the intention to process personal data.
10.2. Before sending this notification, the Operator is obliged to obtain necessary information from foreign authorities, individuals, or legal entities to whom the data is intended to be transferred.
11. Confidentiality of personal data
All individuals with access to personal data, including the Operator, are required to maintain confidentiality and are prohibited from disclosing or disseminating personal data to third parties without the subject's consent, except as required by federal law.
12. Final provisions
12.1. Users seeking clarification regarding the processing of their personal data can contact the Operator via email at hello@smartpeople.agency/.
12.2. Any changes to the Operator's personal data processing policy will be reflected in this document. The Policy remains effective indefinitely until superseded by a new version.
12.3. The current version of the Policy is publicly accessible on the Internet at
https://smartpeople.agency/privacy