1. Definition of Terms
1.1.1. “Site Administration (hereinafter -” Site Administration “) – authorized to manage the site employees who organize and (or) carry out the processing of personal data, and also determines the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
1.1.2. “Personal data” – any information relating directly or indirectly to a specific or designated individual (subject of personal data).
1.1.3. “Personal data processing” – any action (operation) or set of actions (operations) performed using automation means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.4. “Confidentiality of personal data” is a requirement that the operator or other persons who have access to personal data comply with the requirement not to allow their distribution without the consent of the subject of personal data or the availability of other legal grounds.
1.1.5. “Site User” (hereinafter referred to as “User”) is a person having access to the Site via the Internet and using the Site.
1.1.6. “Cookies” is a small piece of data sent by a web server and stored on the user’s computer, which the web client or web browser sends to the web server each time in an HTTP request when trying to open the page of the corresponding site.
1.1.7. “IP-address” is a unique network address of a node in a computer network built over IP.
2. General provisions
2.4. The site administration does not verify the accuracy of personal data provided by the Site User.
3.2.1. surname, name, patronymic of the User;
3.2.2. the contact phone number of the User;
3.2.3. e-mail address (e-mail);
3.2.4. address of use;
3.3. The site protects data that is automatically transmitted in the process of viewing ad units and when visiting pages:
– IP address;
– information from cookies;
– information about the browser (or another program that provides access to display ads);
– access time;
– the address of the page where the ad unit is located;
– referrer (address of the previous page).
3.3.1. Disabling cookies may make it impossible to access parts of the site that require authorization.
3.3.2. The site collects statistics on the IP-addresses of its visitors. This information is used to identify and solve technical problems and control the legality of the actions of visitors.
. Purpose of processing personal user data
4.1. The User’s personal data may be used by the site administration in order to:
4.1.1. Identification of the User registered on the site.
4.1.2. Providing the User with access to personalized resources of the Site.
4.1.3. Establishing feedback with the User, including sending notifications, inquiries regarding the use of the Site, provision of services, processing requests and requests from the User.
4.1.4. Create an account if the User has agreed to create an account.
4.1.5. Notifications of the Site User about the status of the Site use.
4.1.6. Processing and receiving payments.
4.1.9. Providing the User with effective customer and technical support in case of problems related to the use of the Site.
4.1.10. Providing the User with information on product updates, special offers, pricing information, newsletters and other information on behalf of the Site or on behalf of Art2Dec SoftLab partners.
4.1.11. Implementation of promotional activities aimed at attracting the attention of the User to the products and services of the Site.
4.1.12. Providing access to the User to the sites or services of the Site’s partners in order to obtain products, updates and services.
4.1.13. marketing activities, incl. assess service levels, monitor traffic and measure the popularity of various products and services.
5. Methods and terms of processing personal information
5.1. The processing of personal data of the User is carried out without time limit, in any legal way, including in the information systems of personal data using automation tools or without the use of such tools.
5.2. The User agrees that the Site Administration has the right to transfer personal data to third parties, in particular, courier services, postal organizations, telecommunications operators, in order to fulfill the order of the User, issued on the Site in order to inform and attract the attention of the User about the conditions of service, promotions, new products,.
5.3. The personal data of the User may be transferred to the authorized bodies of state power of the Russian Federation only on the grounds and in the manner established by the legislation of the Russian Federation.
5.4. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
5.5. The site administration takes the necessary organizational and technical measures to protect the personal information of the User from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.6. The site administration together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the personal data of the User.
6. Consent to the processing of personal data
6.1. The collection and processing of personal data is carried out with the consent of the Users, except as required by law.
6.2. The consent of the User to the processing of personal data is deemed obtained when they provide personal data freely, by their own will and in their interest, and is confirmed by clicking the button “I have read and agree to the Terms of Service” when registering on the site.
6.3. Disagreement with the processing of personal data is expressed by refusing to use the site.
6.4. The user has the right to cancel the previously given consent to the processing of personal data by sending a message on the feedback form posted on the website. In case of receiving a message about the cancellation of consent to the processing of personal data of the User, the Site Administration takes immediate measures to exclude the personal data of the User from the database and terminates their processing in any way, except as required by law.
6.5. If the cancellation of consent to the processing of personal data is made by the User before the execution of the placed and confirmed order, the use of the personal data is terminated after the execution of the order.
7. Obligation to protect personal data
The site administration undertakes to:
7.3. Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure commonly used to protect this type of information in existing business transactions.
7.4. Perform blocking of personal data relating to the relevant User from the moment of the request or request of the User or his legal representative or authorized body for the protection of the rights of subjects of personal data for the period of verification, in case of unreliable personal data or illegal actions.
8. Measures to ensure the security of personal data during their processing
8.1. When processing personal data, the Site Administration takes the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data .
The site administration provides recording, systematization, accumulation, storage, clarification (updating, changing), retrieving personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation
8.2. In order to protect personal data, the Site Administration takes the following measures:
– Identification and authentication of users who are employees of the operator
– Identity management, including creation, assignment, destruction of identifiers
– Management of authentication tools, including storage, issuance, initialization, blocking of authentication tools and taking measures in case of loss and (or) compromise of authentication tools
– Identification and authentication of users who are not employees of the operator (external users)
– Protection of feedback when entering authentication information
Access control for access subjects to access objects
– Management (establishment, activation, blocking and destruction) of user accounts
– Implementation of the necessary methods, types and rules of access control
– Management of information flows between devices, segments of an information system, as well as between information systems
– Separation of powers (roles) of users, administrators and persons ensuring the operation of the information system
– The assignment of the minimum necessary rights and privileges to users, administrators and persons ensuring the operation of the information system
– Restriction of unsuccessful attempts to enter the information system
– Blocking a session of access to the information system after a specified time of inactivity (inactivity) of the user or upon his request
– Allow (prohibit) user actions allowed before identification and authentication
– Implementation of secure remote access of subjects of access to objects of access through external information and telecommunication networks
– Regulation and control of the use of wireless access technologies in the information system
– Regulation and control of the use of mobile technical means in the information system
– Management of interaction with third-party information systems
Security Event Registration
– Definition of security events to be registered, and the timing of their storage
– Determination of the composition and content of information about security events to be registered
– Collecting, recording and storing information about security events during the established storage time
– Protect security event information
– Implementation of anti-virus protection
– Update the database of signs of malicious computer programs (viruses)
Control (analysis) of personal data security:
– Identification, analysis of information system vulnerabilities and prompt elimination of newly identified vulnerabilities
– Monitoring the installation of software updates, including software updates of information security tools
– Monitoring the performance, settings and the correct functioning of the software and information security tools
– Control of the composition of hardware, software and information security tools
Protection of virtualization environment:
– Identification and authentication of access subjects and access objects in the virtual infrastructure, including administrators of virtualization management
– Managing access of access subjects to access objects in a virtual infrastructure, including inside virtual machines
– Registration of security events in the virtual infrastructure
– Implementation and management of anti-virus protection in a virtual infrastructure
– Split virtual infrastructure into segments
Protection of technical equipment:
– Control and management of physical access to technical means, means of information protection, means of ensuring functioning
– Placement of information output (display) devices, excluding unauthorized viewing
Protection of an information system, its facilities, communication and data transmission systems:
– Ensuring the protection of personal data from disclosure, modification and imposition (input of false information) during its transmission (preparation for transmission) via communication channels that have a location outside the controlled area, including wireless communication channels
– Protection of wireless connections used in the information system
Managing the configuration of an information system and personal data protection system: – Identification of persons allowed to act on making changes to the configuration of an information system and personal data protection system and systems for the protection of personal data to ensure the protection of personal data and the coordination of changes in conf information system configurations with an official (employee), responsible for ensuring the security of personal data
9. Additional Terms