1. PURPOSE, SCOPE, AND TERMINOLOGY
1.1 This Personal Data Confidentiality Policy («the Policy») defines the purposes and general principles for processing the personal data of Users along with the measures taken to protect personal data at Kirovsky Zavod PJSC («the Operator»). It applies to all information that the Kirovsky Zavod website («the Site»), located at https://kzgroup.ru/, might obtain about Users during their use of the Site. The Policy is a publicly available, open-access document.
1.2 Once approved, the Policy is valid indefinitely after approval until it is replaced by a new version.
1.3 The Policy uses terms and definitions in accordance with their meanings as defined in the Federal Law No. 152-FZ, dated July 27, 2006, «On Personal Data», as well as, but not limited to:
kzgroup.ru – a website containing information about services and other valuable offerings for the User and the Service Provider, allowing the User to choose, order and receive the Services.
Site Administration – employees authorized to manage the Site. They act on behalf of the Operator to organize and (or) process personal data and determine the purposes for which personal data is processed, the composition of the personal data to be processed, and the actions (operations) performed with the personal data.
Personal data – any information relating directly or indirectly to a specific or identifiable individual (data subject).
Processing of personal data – any action (operation) or set of actions (operations) performed on personal data with or without the use of automation, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction.
Personal data confidentiality – the mandatory requirement for the Operator, or other entity with access to personal data, to ensure that such data is not disseminated without the consent of the data subject or other legal grounds.
User – the individual who has access to the Site via the Internet and who uses the Site.
Cookie – a small piece of data sent by a web server and stored on the User's computer. The web client or web browser sends cookies to the web server as an HTTP request whenever an attempt is made to open a page of the website in question.
An IP address – the unique network address of a node in a computer network built using the IP protocol.
2. GENERAL TERMS AND CONDITIONS
2.1. Use of the Site by the User is taken to mean that the User accepts this Confidentiality Policy and the terms and conditions for processing of the User's personal data. In case of disagreement with the terms of this Policy, the User must immediately stop using the Site.
2.2. This Policy applies only to the Site. The Site Administration (Operator) does not control and is not responsible for third-party websites that the User can access via links available on the Site. These third parties and their websites are not checked by the Site Administration for compliance with specific requirements (reliability, completeness, good faith, etc.). The Site Administration is not responsible for any information posted on third-party websites to which the User gains access through the Site or through a third-party website, including but not limited to any opinions or statements expressed on third-party websites. Links to any website, product, service, and/or information of a commercial or non-commercial nature posted on the Site do not constitute endorsement or recommendation of these products (services) by the Site Administration. If the User decides to leave the Site and go to third-party websites or use or install third-party programs, the User does so at his/her own risk, and from that moment onwards, this Policy no longer applies to the User.
2.3. The Site Administration does not verify the accuracy of the personal data provided by the User.
3. SUBJECT OF THE POLICY
3.1. This Policy establishes the Site Administration’s obligations concerning non-disclosure and protection of the confidentiality of the personal data that the User supplies at the request of the Site Administration in the process of the services that are provided by ordering via the Site and that can be unambiguously correlated with a specific individual (User) and his/her personal data.
This Policy does not apply to relations:
that arise from the processing of the personal data of the Operator's employees, since such relations are regulated by a separate local policy, which is also part of the general policy regarding personal data processing;
that are not covered by the Federal Law No. 152-FZ, dated July 27, 2006, “On Personal Data.”
3.2. The User provides the personal data that may be processed under this Policy by filling out registration forms on the Site (in any sections of the Site), or by other means that do not contradict the legislation of the Russian Federation and the requirements of international law on the protection of personal data.
Personal data includes the following information:
the User’s full name;
the User's contact telephone number;
the User’s email address;
the User’s interaction history, including the documents sent by the User when contacting the Operator.
3.3. When the services of the Site are used, the Site Administration also processes other anonymized data that is automatically transmitted during use of the Site through the software installed on the computer:
information about the browser used (or other program through which the Site is accessed);
the IP address;
information from cookies;
information about the browser (or other program that provides access to display ads);
the referrer (address of the previous page).
3.4. Disabling cookies may result in inability to access parts of the Site that require authorization.
3.5. Any other personal information not specified in this section shall be stored reliably and not disseminated, with the exception of cases provided for in clauses 5.6 and 5.7 of this Policy.
4. PURPOSES OF COLLECTING PERSONAL USER INFORMATION
4.1. The Site Administration may use the User’s personal data for the following purposes:
providing the User with access to the personalized resources of the Site (if personalized resources are available);
establishing contact with the User, including sending notifications and requests regarding the use of the Site, providing services, and processing requests and queries from the User;
confirming the accuracy and completeness of the personal data provided by the User;
providing the User with effective customer and technical support in case of problems related to use of the Site;
providing the User, with his/her consent, with product updates, special offers, price information, newsletters and other information on behalf of the Operator or on behalf of the Operator’s partners;
carrying out advertising activities with the consent of the User.
5. TIME LIMITS AND METHODS FOR PERSONAL INFORMATION PROCESSING AND SECURITY MEASURES
5.1. There is no time limit on processing of the User’s personal data. Data may be processed by any legal means, including in personal data information systems with or without the use of automation.
5.2. Only those employees who are entrusted with such a duty in accordance with their official (job) duties (Site Administration) are allowed to process personal data. The operator requires its employees to maintain confidentiality and ensure the security of personal data during processing.
5.3. In accordance with this Policy, the Operator may process personal data both independently and with the involvement of third parties.
5.4. If the processing of personal data is entrusted to third parties, the volume of personal data transferred to third parties for processing and the number of processing methods they use should be the minimum necessary for the third parties to fulfill their obligations to the Operator. Third parties are obliged to maintain the confidentiality of personal data and ensure the security of personal data during processing.
5.5. In the process of providing services, when carrying out internal activities within the company, the Site Administration uses both automated (with the application of computer technology) and non-automated (document-based) processing of personal data. Decisions that give rise to legal consequences in relation to the User or otherwise affect his/her rights and legitimate interests are not made on the basis of solely automated processing of personal data. Site Administration stores the User’s personal information in accordance with internal regulations.
5.6. Site Administration takes the necessary organizational and technical measures to protect the User’s personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, and other illegal actions by third parties, including but not limited to:
identifying threats to the security of personal data during processing in personal data information systems;
when processing data in personal data information systems, applying those organizational and technical measures to ensure the security of personal data that are necessary to meet the requirements for personal data protection, the implementation of which requirements ensures the levels of personal data protection established by the Government of the Russian Federation;
assessing the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of a personal data information system;
recording the number of computer-based personal data storage media;
detecting instances of unauthorized access to personal data in good time and taking appropriate measures;
recovering personal data that has been modified or destroyed as a result of unauthorized access;
taking measures to prevent unauthorized access to personal data and (or) the transfer of such data to entities that do not have the right to access this information;
preventing any interference with technical means of automated personal data processing that could disrupt their functionality;
establishing rules for access to personal data processed in the personal data information system, as well as ensuring that all actions performed with personal data in the personal data information system are registered and accounted for;
overseeing measures taken to ensure the security of personal data and the level of protection of personal data information systems.
5.7. The User agrees that the Site Administration has the right to transfer personal data to third parties, in particular courier services, postal organizations, and telecommunications operators, solely for the purpose of providing services to (fulfilling orders for) the User, where these services have been requested (ordered) on the Site or by other means.
5.8. The User’s personal data can be transferred to authorized government bodies of the Russian Federation only on the basis and in the manner established by the current legislation of the Russian Federation.
5.9. The Operator is obliged to inform the User of any instances where personal data has been lost or disclosed.
5.10. The Site Administration, together with the User, takes all the necessary measures to prevent losses or other negative consequences entailed by the loss or disclosure of the User’s personal data.
6. OBLIGATIONS OF THE PARTIES
6.1. The User is obliged:
to provide the information about personal data necessary to use the Site;
to update and supplement the information provided about personal data in case of changes to this information.
6.2. The Site Administration is obliged:
to use the information received solely for the purposes specified in section 4 of this Policy;
to ensure confidential information is stored secretly and not disclosed without the prior written permission of the User, and also not to sell, exchange, publish, or disclose in any other possible ways the User’s personal data conveyed to the Site Administration, unless provided for under clauses 5.7 and 5.8 of this Policy;
to take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure generally used to protect this kind of information in existing business transactions;
if inaccurate personal data or illegal actions come to light, to block personal data related to the relevant User for a verification period. The data shall be blocked from the moment contact or a request is made by the User or his/her legal representative or a body authorized to protect the rights of data subjects.
7. LIABILITY OF THE PARTIES
7.1. If the Site Administration has not fulfilled its obligations, it bears responsibility for losses incurred by the User in connection with the unlawful use of personal data, in accordance with the legislation of the Russian Federation, with the exception of cases provided for in clauses 5.7, 5.8, and 7.2 of this Policy.
7.2. In the event of loss or disclosure of confidential information, the Site Administration is not responsible if this confidential information:
entered the public domain before it was lost or disclosed;
was received from a third party before it was received by the Site Administration;
was disclosed with the consent of the User.
8. DISPUTE RESOLUTION
8.1. Before filing a suit in relation to disputes arising from the relationship between the User and the Site Administration, a claim (a written proposal for voluntary settlement of the dispute) must be submitted.
8.2. The recipient of the claim shall notify the maker of the claim in writing about the outcome of a review of the claim within 30 calendar days of its receipt.
8.3. If an agreement is not reached, the dispute will be referred to the courts in accordance with the current legislation of the Russian Federation.
8.4. The current legislation of the Russian Federation applies to this Policy and the relationship between the User and the Site Administration.
9. ADDITIONAL TERMS AND CONDITIONS
9.1. The Site Administration has the right to make changes to this Policy without the consent of the User.
9.2. The new Confidentiality Policy comes into force from the moment it is posted on the Site, unless otherwise stipulated by the new version of the Confidentiality Policy.
9.3. Any suggestions or questions about this Policy should be directed:
by post to the address: Office 6, Building 8-n, 47-Щ Prospekt Stachek, St Petersburg, 198097;
by email to the address: firstname.lastname@example.org.
9.4. The current Policy is available at https://kzgroup.ru//
By clicking Submit, you agree to the
processing of personal data