PERSONAL DATA PROCESSING AND PRIVACY POLICY REGARDING THE PROCESSING OF PERSONAL DATA.
Approved May 30, 2025
DEFINITIONS AND TERMS.
1.1. Website – a site on the Internet information and telecommunications network located on the domain name kimapro.ru
1.2. Operator – IP Sevostyanova K. A. (TIN: 9721194461; OGRN: 325330000009430).
1.3. Services — IT services provided by the Contractor (services in the field of information technology).
1.4. Subject of personal data (User) – a person who has provided the Operator with consent to the processing of his personal data.
GENERAL PROVISIONS.
1.5. This Operator Policy regarding the processing of personal data (hereinafter referred to as the Policy) is approved in accordance with the requirements of the Federal Law “On Personal Data” and applies to all personal data that the Operator may receive from the subject of personal data (hereinafter referred to as the User). The Policy determines the procedure for processing and protecting information about Users using the services of the Site.
1.6. The Policy applies to personal data obtained during the entire existence of the Site.
1.7. This Policy has been developed and used in accordance with the current legislation of the Russian Federation.
1.8. By using the Site, the User agrees with the terms of this Policy.
1.9. If the User disagrees with the terms of this Policy, the Services cannot be provided.
PERSONAL DATA PROCESSED BY THE OPERATOR.
2.1. Within the framework of this Policy, personal data is understood as: personal data received by the Operator for the execution of an agreement to which the User is a party, or a beneficiary or guarantor.
2.2. The terms and conditions for termination of processing and storage of the User’s personal data are determined in accordance with the procedure established by the legislation of the Russian Federation.
2.3. If the User withdraws consent to the processing of his personal data, the Operator undertakes to stop processing them or ensure the termination of such processing and, if the preservation of personal data is no longer required for the purposes of processing personal data, destroy personal data or ensure their destruction within a period not exceeding thirty days from the date of receipt of the said revocation, unless otherwise provided by the agreement to which the User is a party, beneficiary or guarantor.
2.4. The User provides the Operator with the following personal data:
- last name, first name, patronymic;
- contact phone number;
- electronic address (e-mail);
- passport details;
- data on individual entrepreneur or LLC.
2.5. The User may be asked to additionally provide the necessary data in order for the Operator to fulfill its obligations to the User arising from the agreement. The Operator has the right to request from the User in the form of an electronic file other additional information, which, at the Operator’s discretion, will be considered necessary and sufficient to identify such User, as well as to ensure the security of the User’s personal data, as well as to exclude any possible attempts at abuse, violation of the rights of third parties, to implement measures to secure the financial and property interests of third parties, etc.
2.6. The Operator has the right not to disclose to the User a number of information and circumstances related to the implementation of operational investigative activities by law enforcement agencies, both in relation to the User and in relation to third parties, if the specified information and circumstances may constitute a secret within the framework of the investigation.
2.7. The Operator acts reasonably and in good faith, believing that the User has all the necessary rights (legal capacity, legal capacity, including the ability to purchase services that have age restrictions or require special permissions from the User) allowing him to use the Site and services, and also believes that the User provides reliable information about himself to the extent necessary to provide the Services, and believes that the User transfers his personal data to the Operator after expressing consent to this Policy.
PURPOSES OF COLLECTION, PROCESSING AND STORAGE AND LEGAL BASIS FOR PROCESSING PERSONAL DATA.
3.1. The Operator collects, processes and stores the User’s personal data for the purposes of:
Fulfillment of contractual obligations, provision of services, ensuring the functioning and security of the site, as well as for the purposes provided for by law. This includes collecting data to identify users, processing orders, communicating with users, improving the quality of services, sending marketing materials and ensuring compliance with legal requirements.
Providing the User with information about the services provided by the Operator, special offers and other information on behalf of the Operator
Implementation and execution of the functions, powers and duties assigned by the legislation of the Russian Federation to the Operator on the basis and in accordance with Art. 23, 24 of the Constitution of the Russian Federation; Federal Law “On Personal Data”; Federal Law “On Information, Information Technology and Information Protection” and other requirements of the legislation of the Russian Federation in the field of processing and protection of personal data.
3.2. The collection of the User’s personal data is carried out when paying for Services, providing Services, as well as when the User uses the Site.
3.3. Personal data of Users is stored exclusively on electronic media.
3.4. The processing of personal data is carried out on the basis of the following principles: the legality of the purposes and methods of processing personal data; integrity; compliance of the purposes of processing personal data with the goals predetermined and stated when collecting personal data, as well as with the powers of the Operator; compliance of the volume and nature of the processed personal data, methods of processing personal data for the purposes of processing personal data; the inadmissibility of combining databases containing personal data created for incompatible purposes.
3.5. The Operator has the right to perform the following actions with the User’s personal data when processing them:
3.5.1. Gather;
3.5.2. Record;
3.5.3. Systematize;
3.5.4. Accumulate;
3.5.5. Keep;
3.5.6. To clarify;
3.5.7. extract;
3.5.8. Apply;
3.5.9.Transmit;
3.5.10. Depersonalize;
3.5.11. Block;
3.5.12.Delete;
3.5.13. Destroy.
3.6. The Operator has the right to process the User’s personal data in the following ways: Mixed processing of personal data.
BLOCKING, DEPERSONALIZATION OF USERS.
4.1. The procedure for blocking and unblocking personal data:
4.1.1. Blocking of personal data is carried out on the basis of a written application from the User sent to the email address: kimapro2024@mail.ru within 10 (ten) working days from the date of receipt of the application.
4.1.2. Blocking of personal data implies temporary termination processing of personal data (except when the processing necessary to clarify personal data).
4.1.3. Blocking of personal data can be temporarily lifted if this is required to comply with the legislation of the Russian Federation.
4.1.4. Unblocking of personal data is carried out with the written consent of the User (if there is a need to obtain consent) or an application User, sent to the email address: kimapro2024@mail.ru within 10 (ten) working days from the date of receipt of consent or application.
4.1.5. Reconsent User the processing of his personal data (if it is necessary to obtain it) entails the unblocking of his personal data.
4.2. Procedure for destroying personal data:
4.2.1. Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed, as well as termination of any access to personal data.
4.2.2. If the User's personal data is destroyed, the Operator's employees cannot access personal data.
4.2.3. Destroyed Personal Data cannot be restored. The operation of destroying personal data is irreversible.
4.2.4. The period for destruction of personal data corresponds to the period determined by the legislation of the Russian Federation (10 (ten) working days).
CONDITIONS FOR PROCESSING PERSONAL DATA AND THEIR TRANSFER TO THIRD PARTIES.
5.1. The operator processes personal data using automation tools and without the use of automation tools.
5.2. The Operator processes the User’s personal data only if it is filled out and/or sent by the User independently through special forms located on the Site. By filling out the appropriate forms and/or sending his personal data to the Operator, the User clearly and unambiguously voluntarily expresses his consent to this Policy, as well as all possible conditions of the Operator, if lack of agreement with them prevents further use of the Site and its services.
5.3. The Operator has the right to transfer the User’s personal data to third parties in the following cases:
5.3.1. The user has clearly and unambiguously expressed his consent to such actions.
5.3.2. The transfer is provided for by the current legislation of the Russian Federation within the established procedure.
5.3.3. The Operator has the right to provide his personal data to Partners and other third parties when, without transferring the User’s personal data, there is no other technical ability to fulfill obligations to the User.
USER RIGHTS.
6.1. The user has the right to receive information regarding the processing of his personal data, including containing:
6.1.1. Confirmation of the fact of processing of personal data by the Operator.
6.1.2. Legal grounds and purposes of processing personal data.
6.1.3. Methods of processing personal data used by the Operator.
6.1.4. Name and location of the Operator, information about persons (except for the Operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law.
6.1.5. The processed personal data related to the relevant User, the source of their receipt, unless a different procedure for the presentation of such data is provided for by federal law.
6.1.6. Terms for processing personal data, including storage periods.
6.1.7. The procedure for the User to exercise the rights provided for by this Federal Law.
6.1.8. Information about completed or intended cross-border data transfers.
6.1.9. Name or surname, first name, patronymic and address of the person processing personal data on behalf of the operator, if the processing has been or will be entrusted to such a person.
6.1.10. Information regarding the processing of the User's personal data provided to the User should not contain personal data related to other Users, unless there are legal grounds for disclosing such personal data.
6.2. In accordance with paragraph 3 of Art. 14 of the Federal Law “On Personal Data”, information regarding the processing of the User’s personal data can be provided to the User or his legal representative by the Operator upon application or upon receipt of a request from the User or his legal representative. The user has the right to send a corresponding request to the email address: kimapro2024@mail.ru:
6.2.1. The request must contain the number of the main document identifying the User or his representative, information about the date of issue of the specified document and the issuing authority.
6.2.2. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
6.3. The User has the right to demand that the Operator clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect his rights.
INFORMATION ABOUT IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA.
7.1. To protect payment card information, the Operator's payment partner uses secure networks, encryption or other protection of cardholder data, including physical and technical access control, monitoring and testing of security systems, as well as other methods of protecting information.
7.2. The Operator, in accordance with the current legislation of the Russian Federation, has developed and put into effect a set of organizational, administrative, functional and planning documents that regulate and ensure the security of processed personal data.
7.3. The circle of persons who have the right to process personal data has been determined, instructions have been developed for users on working with personal data, anti-virus protection, and actions in crisis situations.
7.4. Requirements for personnel and the degree of responsibility of employees for ensuring the security of personal data are determined.
7.5. Employees processing personal data were familiarized with the provisions of the legislation of the Russian Federation on ensuring the security of personal data and requirements for the protection of personal data, documents defining the Operator’s policy regarding the processing of personal data, local acts on the processing of personal data. Periodic training of these employees on the rules for processing personal data is carried out.
7.6. Necessary and sufficient technical measures have been taken to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions:
7.7. The Operator is not responsible for damage that may be caused by the User to third parties.
LIABILITY FOR VIOLATION OF STANDARDS GOVERNING THE PROCESSING AND PROTECTION OF PERSONAL DATA.
8.1. Employees of the Operator who are guilty of violating the rules governing the receipt, processing and protection of personal data bear disciplinary, administrative, civil or criminal liability in accordance with the current legislation of the Russian Federation and internal local acts of the Operator.
8.2. The operator bears civil and administrative liability for violation of legislation in the field of processing and protection of personal data.
ACCESS TO POLICY.
9.1. The electronic version of the current version of the Policy is posted on the Website.
UPDATED AND APPROVED POLICY
10.1. The Operator has the right to make changes to this Policy without the consent and notification of the User. The new version of the Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy.
10.2. The current legislation of the Russian Federation applies to this Policy and the relationship between the User and the Operator.
10.3. The current version of the Policy is valid until it is replaced by a new version.
OTHER SIGNIFICANT CONDITIONS:
11.1. Any legally significant documents (claims, statements, appeals) can be sent to the following email addresses:
11.1.1. To the Operator by email: kimapro2024@mail.ru.
11.1.2. To the User at the email address specified by the User when registering in the Service.
11.1.3. The period for responding to applications, claims and appeals is 10 (ten) calendar days.
11.1.4. The laws of the Russian Federation apply to relations related to this Policy, as well as those arising from it.
OPERATOR DETAILS.
Individual entrepreneur
Sevostyanova Kristina Aleksandrovna
Passport: Russian Federation, series 1717, number 557570
Issued by: OUFMS of Russia according to Vlad. region in Gus-Khrustalny district on August 21, 2017
Department code: 330-005
Registered at: 601554,
Vlad. region, Gus-Khrust. district, Urshelsky village, st. Voznesenskogo, 1, apt. 2
Postal address: 127253, Moscow, st. Pskovskaya, 5, k4, apt 184
Phone: +7 (915) 292-86-86
e-mail: kris_sun33@mail.ru , fls-rab-kris@mail.ru, kimapro2024@mail.ru
account: 40802810820000563354, Tochka Bank LLC
BIC: 044525104
code: 30101810745374525104
INN: 9721194461