Personal data processing policy

1. General provisions

This personal data processing policy is developed as specified by Federal Law No. 152-FZ On Personal Data dated 27.07.2006 (hereinafter referred to as the ‘Law on Personal Data’) and specified the personal data processing procedure and personal data security measures taken by the sole proprietor Armen Albertovich Arakelian (hereinafter referred to as the ‘Operator’).
1.1. The Operator sets the respect for human rights and freedoms during personal data processing, including protection of the right to personal and family privacy, as the overriding priority and condition of transacting business.
1.2. This Operator’s personal data processing policy (hereinafter referred to as the ‘Policy') applies to all http://innalevke-en.com/ website visitor details available to the Operator.

2. Basic Policy concepts

2.1. Automated processing of personal data is personal data processing by means of computer aids.
2.2. Blocking of personal data is temporary termination of personal data processing (except where the processing is required for personal data rectification).
2.3. Website is set of graphic and information materials and programs for computer and databases making such materials available on the Internet at address http://innalevke-en.com/.
2.4. Personal data information system is totality of the personal data contained in databases and the information technologies and hardware enabling personal data processing.
2.5. Depersonalization of personal data is actions making it impossible to determine whether personal data belongs to a specific user or other subject of personal data without additional information.
2.6. Personal data processing is any action/operation or set of actions/operations performed on personal data using automation means or without them, including personal data collection, recording, systematization, accumulation, storage, rectification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, removal and destruction.
2.7. Operator is public authority, municipal authority, legal entity or natural person organizing and/or performing processing of personal data organizing personal data processing as well as specifying the purposes of personal data processing, scope of the personal data subject to processing, and actions/operations performed on personal data independently or jointly with other persons.
2.8. Personal data is any information directly or indirectly related to a specific or definable http://innalevke-en.com/ website user.
2.9. Personal data allowed by the subject of personal data for distribution is personal data made by the subject of personal data accessible to an unlimited range of persons by giving consent to the processing of the personal data allowed by the subject of personal data for distribution using the procedure stated in the Law on Personal Data (hereinafter referred to as the ’personal data allowed for distribution’).
2.10. User is any http://innalevke-en.com/ website visitor.
2.11. Personal data sharing is actions aimed at personal data disclosure to a specific person or range of persons.
2.12. Distribution of personal data is any actions aimed at personal data disclosure to an uncertain range of persons (personal data sharing) or personal data provision for review by an unlimited range of persons, including personal data publication in mass media or placement in information/telecommunication networks or provision of access to personal data by any other way.
2.13. Cross-border transfer of personal data is personal data transfer to the territory of a foreign state, foreign state authority, foreign natural person or foreign legal entity.
2.14. Destruction of personal data is any actions resulting in permanent destruction of personal data and preventing the subsequent restoration of the personal data content in the personal data information system and/or destruction of the physical storage media containing the personal data.

3. The Operator’s basic rights and duties

3.1. The Operator has the right to:
– Obtain valid information and/or documents containing personal data from the subject of personal data
– Continue the processing of personal data without the personal data subject’s consent if the subject of personal data withdraws its consent to personal data processing, provided that there grounds specified in the Law on Personal Data
– Independently specify a list of the measures that are necessary and sufficient for ensuring the performance of the duties listed in the Law on Personal Data or regulations adopted in accordance with the Law on Personal Data unless otherwise prescribed by the Law on Personal Data or other federal laws
3.2. The Operator shall:
– Provide the subject of personal data with details of its personal data processing at its request
– Organize personal data processing using the procedure prescribed in the current laws of the Russian Federation
– Respond to applications and requests from subjects of personal data or their legal representatives in accordance with the Law on Personal Data
– Submit necessary information to the agency authorized to protect the rights of the personal data subject at the request of such agency within 30 days of receipt of such request
– Publish or otherwise provide unlimited access to this Personal Data Processing Policy
– Take legal, organizational or technical measures for personal data protection against unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution or other unlawful actions in respect of personal data
– Stop the transfer (distribution, provision, access) of personal data or stop the processing and destroy the personal data using the procedure and in the cases described in the Law on Personal Data
– Fulfill other duties prescribed by the Law on Personal Data

4. Basic rights and duties of subjects of personal data

4.1. The subjects of personal data have the right to:
– Obtain information on processing of their personal data except for cases listed in the federal laws. The Operator shall provide the information to the subject of personal data in an intelligible form, and it shall contain no personal data relating to other subjects of personal data except where there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it are stated in the Law on Personal Data
– Request that the Operator rectify its personal data, its blocking or destruction if it is incomplete, outdated or inaccurate, is illegally obtained or is not required for the stated processing purpose, as well as to take statutory measures for protection of its rights
– Request prior consent when processing personal data for promotion of goods, works or services in the market
– Withdraw the consent to personal data processing
– Appeal against the Operator’s unlawful actions or inaction during processing of its personal data in the agency authorized to protect the rights of personal data subjects or in court
– Exercise other rights provided for in the laws of the Russian Federation
4.2. The subjects of personal data shall:
– Submit valid data on themselves to the Operator
– Inform the Operator on rectification (updating, modification) of their personal data
4.3. The persons who have provided invalid information on themselves or information about other subject of personal data without its consent to the Operator shall be liable in accordance with the laws of the Russian Federation.

5. The Operator may process the following personal user data:

5.1. Surname, first name, middle name.
5.2. E-mail address.
5.3. Phone numbers.
5.4. Depersonalized visitor data (including cookie files) will be collected and processed on the site using Internet statistics services (Yandex Metrics, Google Analytics, etc.) as well.
5.5. The above listed data are united by the general concept of Personal Data further in the Policy text.
5.6. The Operator does not process special categories of personal data such as race, national identity, political views, religious or philosophical beliefs, and intimate life.
5.7. The processing of the personal data allowed for distribution from the special categories listed in Part 1, Article 10 of the Law on Personal Data is allowed, provided that the prohibitions and conditions stated in Article 10.1 of the Law on Personal Data are respected.
5.8. The User’s consent to the processing of personal data allowed for distribution shall be documented separately from other consents to the processing of its personal data. The conditions listed, in particular, in Article 10.1 of the Law on Personal Data shall be satisfied in that case. The requirements for the content of such consent are established by the agency authorized to protect the rights of personal data subjects.
5.8.1 The User shall submit its consent to processing of the personal data allowed for distribution directly to the Operator.
5.8.2 The Operator shall publish information on processing conditions and existence of prohibitions or restraints on the processing of the personal data allowed for distribution by an unlimited range of persons within three working days of the receipt of said User’s consent.
5.8.3 The transfer (distribution, provision, access) of the personal data allowed by the subject of personal data for distribution shall be terminated upon personal data subject’s request at any time. Such request shall include the personal data subject’s surname, first name, middle name (if any), and contact information (phone number, e-mail address or postal address), and list the personal data whose processing is to be terminated. The personal data specified in such request can only be processed by the Operator it is sent to.
5.8.4 The consent to processing of the personal data allowed for distribution shall lose effect from the receipt of the request to stop the personal data processing specified in paragraph 5.8.3 of this Policy by the Operator.

6. The principles of personal data processing

6.1. The personal data shall be processed on a legal and fair basis.
6.2. The personal data processing is limited by achieving concrete, predefined and legal goals. The personal data processing that is inconsistent with the purposes of personal data collection is not allowed.
6.3. The integration of databases containing personal data processed for incompatible purposes is not allowed.
6.4. Only personal data matching the purposes of its processing is subject to processing.
6.5. The content and volume of the personal data being processed shall match the stated purposes of processing. The redundancy of the personal data being processed in relation to stated purposes of its processing is not allowed.
6.6. Personal data accuracy, sufficiency, and relevance for processing purposes shall be ensured during personal data processing. The Operator shall take necessary measures and/or ensure that necessary measures are taken to remove or rectify the incomplete or inaccurate data.
6.7. The personal data shall be stored in a form enabling the identification of the subject of personal data and no longer than required for personal data processing purposes if the period of personal data storage is not specified in the federal law or a contract where under the subject of the personal data is a party, a beneficiary or a guarantor. The processed personal data shall be destroyed or depersonalized upon reaching the processing purposes or when the necessity of reaching such purposes is lost unless otherwise prescribed by the federal law.

7. The purposes of personal data processing

7.1. The User’s personal data shall be processed for the purpose of:
– Informing the user by sending e-mails
– Informing the user by means of phone calls
7.2. The Operator also has the right to send notices of new products and services, special offers, and various events to the User. The User always can opt out of receiving information messages by e-mailing a letter marked as Waiver of notices of new products and services and special offers to the Operator’s address of info@innalevke.com.
7.3. The users’ depersonalized data collected using the Internet statistics services are used to collect information about user actions on the website and to improve the website quality and its content.

8. Legal grounds for personal data processing

8.1. The legal grounds for personal data processing by the Operator are:
– List the legal regulations governing the relations associated with your activities. For example, if your activities are connected with information technologies, in particular website creation, then Federal Law No. 149-FZ On Information, Information Technologies, and Information Protection dated 27.07.2006 can be specified here
– The Operator's incorporation documents
– Contracts concluded between the Operator and the subject of personal data
– Federal laws or other legal regulations on personal data protection
– The Users’ consents to the processing of their personal data and personal data allowed for distribution
8.2. The Operator shall only process the User’s personal data if the User has entered it or sent independently via special forms located on the website https://innalevke.com/or e-mailed to the Operator. By filling the forms and/or sending its personal data to the Operator, the User expresses consent with this Policy.
8.3. The Operator shall process the User’s depersonalized data in the event that it is allowed in the User’s browser settings (the saving cookies and use of the JavaScript technology are switched on).
8.4. The subject of personal data shall independently decide to provide its personal data and give the consent of its own free will and volition and for its own benefit.

9. The personal data processing conditions

9.1. The personal data shall be processed with the personal data subject’s consent to the processing of its personal data.
9.2. The processing of personal data is required for reaching the goals listed in an international treaty of the Russian Federation or law for fulfilling the functions, powers and duties assigned to the Operator by the laws of the Russian Federation.
9.3. The processing of personal data is required to deliver justice and to secure the execution of court rulings or rulings of other bodies or officials that are subject to execution according to the laws of the Russian Federation on enforcement proceedings.
9.4. The processing of personal data is required to perform a contract where under the subject of personal data is a party, a beneficiary or a guarantor or to conclude a contract at the initiative of the subject of personal data or a contract where under the subject of personal data will be the beneficiary or the guarantor.
9.5. The processing of personal data is required for the Operator or third parties to exercise their rights or to pursue legitimate interests or to achieve socially significant purposes provided that the personal data subject’s rights and freedoms are not violated.
9.6. Personal data shall be processed if the subject of the personal data has provided access to an unlimited range of persons or at its request (hereinafter referred to as the ‘publicly available personal data’).
9.7. The personal data that is subject to publication or mandatory disclosure according to the federal law shall be processed.

10. The procedure for collection, storage, transfer, and other types of personal data processing

The safety of the personal data processed by the Operator shall be secured by legal, organizational and technical measures required to completely fulfill the requirements of the current legislation on personal data protection.
10.1. The Operator shall ensure the safety of personal data and take all possible measures preventing unauthorized persons from access to personal data.
10.2. The User’s personal data shall never, under no circumstances, be transferred to third parties except where required for legislative execution or where the subject of personal data has given consent to the Operator to data transfer to a third party for performance of obligations under a civil contract.
10.3. If inaccuracies are found in the personal data, the User can update the date independently, by e-mailing a notice marked as Personal data updating to the Operator’s address of info@innalevke.com.
10.4. The term of personal data processing shall be determined by achieving the goals for which the personal data was collected unless otherwise provided for in the contract or current legislation. The User can withdraw its consent to personal data processing at any time by e-mailing a notice marked as Withdrawal of consent to personal data processing to the Operator’s address of info@innalevke.com.
10.5. The entire information gathered by third-party services, including payment systems, means of communication, and other service providers, shall be stored and processed by said persons (Operators) in accordance with their User Agreement and Confidentiality Policy. The subject of personal data and/or the User shall independently review said documents in due time. The Operator shall bear no liability for actions of the third parties, including the service providers specified in this paragraph.
10.6. The prohibition of personal data transfer (except access provision) and processing as well as processing conditions (except access receipt) for the personal data allowed for distribution are ineffective for personal data processing for the state or public benefit as specified in the laws of the Russian Federation.
10.7. The Operator ensures the confidentiality of the personal data during processing.
10.8. The Operator shall store personal data in a form enabling the identification of the subject of personal data and no longer than required for personal data processing purposes if the period of personal data storage is not specified in the federal law or a contract where under the subject of the personal data is a party, a beneficiary or a guarantor.
10.9. The achievement of the personal data processing goals, expiration of the personal data subject’s consent, consent withdrawal by the subject of personal data as well as discovery of unlawful processing of personal data can be the condition of personal data processing termination.

11. List of the actions performed by the Operator on the personal data received

11.1. The Operator shall collect, record, systematize, accumulate, store, rectify (update, modify), retrieve, use, transfer (distribute, provide, access), depersonalize, block, remove and destroy the personal data.
11.2. The Operator shall perform an automated processing of personal data receipt and/or transfer of the information received via information/telecommunication networks or without such transfer.

12. Cross-border transfer of personal data

12.1. Prior to cross-border transfer of personal data, the Operator shall make sure that the foreign state to whose territory the personal data is supposed to be transferred ensures a reliable protection of the personal data subjects’ rights.
12.2. The cross-border transfer of personal data to the territory of foreign states failing to meeting the above-stated requirements can only be carried out provided that the subject of personal data has given consent in writing to cross-border transfer of its personal data and/or it is required under a contract where under the subject of personal data is a party.

13. The confidentiality of personal data

The Operator and other persons who have got access to personal data may not disclose the personal data to the third parties or distribute it without the personal data subject’s consent unless otherwise provided for in the federal law.

14. Final provisions

14.1. The user can receive any explanations on processing of its personal data by addressing the Operator via e-mail info@innalevke.com.
14.2. Any changes to the personal data processing policy made by the Operator will be reflected in this document. The policy shall stay in effect permanently till replacement with a new version.
14.3. The current version of the Policy is freely available on the Internet at http://innalevke-en.com/privacy.