Privaty policy

Limited Liability Company "Modern Fire Protection Systems"

1. General Provisions

1.1. This privacy policy is developed in accordance with the provisions of the Constitution of the Russian Federation, Federal Law No. 149-FZ dated July 27, 2006 "On Information, Information Technologies and Information Security," Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter - the Personal Data Law) and other regulatory legal acts in the field of personal data protection and processing, effective within the territory of the Russian Federation.

1.2. The following terms are used in this privacy policy:

• website - https://sspb-tungus.com/, located at the domain name sspb-tungus.com;
• website administration - authorized employees managing the website, determining the composition of users' personal data, the purposes of collecting personal data, their processing and storage;
• website user - an individual, a user of the website services, a subject of personal data, who voluntarily provided the necessary personal data;
• personal data - any information directly or indirectly related to a specific or identifiable individual (personal data subject);
• processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.

1.3. This privacy policy establishes the procedure for obtaining, protecting, storing, processing, and transferring users' personal data and applies to all information that the website administration may obtain about users during their use of the website.

This privacy policy does not apply to other websites and is not applicable to third-party websites. The website administration is not responsible for third-party websites to which users may navigate via links available on the website.

1.4. Personal data of website users includes: last name, first name, patronymic, email address, phone number, as well as information obtained through the collection and processing of anonymized data about visitors (including "cookies").

All personal data about users can only be obtained from the users themselves.

The personal data of website users is confidential information and cannot be used by the website administration or any other party for personal purposes.

1.5. The purposes of processing users' personal data: include the conclusion, execution, and termination of civil law relations, as well as the implementation of other functions imposed by law on the company processing personal data.

1.6. The website administration ensures users free access to their personal data, including the right to obtain copies of any records containing their personal data, except in cases provided by law.

1.7. The website administration develops measures to protect users' personal data.

2. Processing, Storage, and Transfer of Users' Personal Data

2.1. Processing of users' personal data is carried out exclusively for the purposes specified in paragraph 1.5 of this privacy policy.

2.2. Processing of personal data on the website is carried out both with the use of automation tools and without such use.

2.3. Categories of personal data subjects include:

2.3.1. Website users.

2.4. Users' personal data is stored in electronic form in the website's personal data information system, as well as in archival copies of the website's databases.

Personal data of website users on paper carriers is stored at the location of the website administration.

When storing users' personal data, organizational and technical measures are observed to ensure their safety and prevent unauthorized access to them.

Only employees of the website administration who have access to users' personal data and have signed an agreement on non-disclosure of users' personal data may process them.

The list of website employees with access to users' personal data is approved by the company's order.

2.5. The website administration may transfer users' personal data to third parties only if necessary to prevent threats to their lives and health, as well as in cases established by law.

2.6. The website administration is obliged to provide personal data of users only to authorized persons and only in the part necessary for them to fulfill their job responsibilities, in accordance with this privacy policy and the legislation of the Russian Federation.

2.7. When transferring users' personal data, the website administration informs the persons receiving this information that these data can be used only for the purposes for which they are provided and requires these persons to confirm compliance with this condition in writing.

2.8. Consent to the processing of personal data allowed by the website user for distribution is issued separately from other consents of the website user to the processing of his personal data. The website administration ensures the user has the possibility to determine the list of personal data for each category of personal data specified in the consent to the processing of personal data allowed by him for distribution.

2.9. In the consent to the processing of personal data allowed by the website user for distribution, he may establish prohibitions on the transfer (except for providing access) of these personal data by the website administration to an unlimited circle of persons, as well as prohibitions on the processing or conditions for the processing (except for obtaining access) of these personal data by an unlimited circle of persons.

2.10. The transfer (distribution, provision, access) of personal data allowed by the website user for distribution must be stopped at any time upon his request. The personal data specified in this request may be processed only by the website administration.

2.11. Other rights, obligations, and actions of the website administration employees whose job responsibilities include processing users' personal data are determined by job descriptions.

2.12. All information about the transfer of users' personal data is recorded to control the lawful use of this information by the persons who received it.

2.13. In order to improve service quality and ensure the possibility of legal protection, the website administration may store log files about the actions performed by users during their use of the website.

3. Requirements for Premises Where Personal Data Processing Takes Place

3.1. The placement of personal data information system equipment, special equipment, and security of premises where work with personal data is carried out, as well as the organization of the safety regime in these premises, must ensure the safety of personal data carriers and information protection means, and also exclude the possibility of uncontrolled penetration or presence in these premises by unauthorized persons.

3.2. Premises where personal data information system technical means are located or personal data carriers are stored must comply with the requirements of fire safety established by the current legislation of the Russian Federation.

3.3. In addition to the measures specified for special equipment and security of premises, additional requirements determined by the methodological documents of the Federal Security Service of Russia are implemented for the placement of cryptographic information protection means or their storage.

4. Rights and Obligations of the Website Administration.

4.1. The website administration may establish requirements for the composition of users' personal data that must be provided for using the website, while the website administration is guided by this privacy policy, the Constitution of the Russian Federation, and other federal laws.

4.2. The website administration does not verify the accuracy of the personal data provided by users of the website, assuming that they act in good faith and keep information about their personal data up to date.

4.3. The website administration is not responsible for the voluntary transfer by users of the website of their contact details, password, or login to third parties.

4.4. The website administration is not entitled to receive and process users' personal data about their political, religious, and other beliefs and private lives.

4.5. The website administration at its own expense ensures the protection of users' personal data from unauthorized use or loss in the manner established by the legislation of the Russian Federation.

4.6. The website administration takes measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance with it. The website administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance with it. Such measures, in particular, include:

• appointment of a responsible person for the organization of personal data processing;
• issuance of documents defining the website's policy on personal data processing, local acts on personal data processing, determining for each purpose of personal data processing the categories and list of processed personal data, categories of subjects whose personal data are processed, methods, terms of their processing and storage, procedure for the destruction of personal data upon achieving the purposes of their processing or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations. Such documents and local acts cannot contain provisions limiting the rights of website users, as well as imposing on the website administration powers and obligations not provided for by the legislation of the Russian Federation;
• application of legal, organizational, and technical measures to ensure the security of personal data;
• implementation of internal control and (or) audit of compliance with the processing of personal data with the Personal Data Law and regulatory legal acts adopted in accordance with it, requirements for the protection of personal data, the website's policy on personal data processing, local acts of the website;
• assessment of the harm that may be caused to users in case of violation of the Personal Data Law, the ratio of the specified harm and the measures taken by the website administration aimed at ensuring the fulfillment of obligations provided for by the Personal Data Law;
• familiarization of website employees directly engaged in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the website's policy on personal data processing, local acts on personal data processing, and (or) training of such employees. 

5. Users' Rights to Protect Their Personal Data

5.1. Website users, in order to ensure the protection of their personal data stored on the website, have the right to:

• receive full information about their personal data, their processing, storage, and transfer;
• determine their representatives for the protection of their personal data;
• require the exclusion or correction of inaccurate or incomplete personal data, as well as data processed in violation of this privacy policy and the legislation of the Russian Federation;
• require the website administration to notify all persons to whom the users' inaccurate or incomplete personal data were previously provided, about all exclusions, corrections, or additions made to them.

In cases where the website administration excludes or corrects users' personal data, users have the right to submit a written objection to the website administration with the corresponding justification.

5.2. Website users may independently limit the collection of information by third parties by using the standard privacy settings of the Internet browser they use to work with the website, and may at any time change, delete, or supplement the personal data they have provided.

5.3. If website users believe that the processing of their personal data is carried out in violation of the requirements of the Personal Data Law or otherwise violates their rights and freedoms, they have the right to appeal the actions or inaction of the website administration to the authorized body for the protection of the rights of personal data subjects or in a judicial procedure.

5.4. Website users may, at any time, independently edit the personal data they provided during registration or authorization in their personal account.

5.5. Website users should not waive their rights to maintain and protect the confidentiality of their personal data.

6. Procedure for the Destruction and Blocking of Personal Data

6.1. In the event of detecting the unlawful processing of personal data upon the user's request, the website administration blocks the unlawful processing of personal data related to this user from the moment of such request for the period of verification.

6.2. In the event of detecting inaccurate personal data upon the user's request, the website administration blocks the personal data related to this user from the moment of such request for the period of verification, if blocking the personal data does not violate the rights and legitimate interests of the user or third parties.

6.3. In the event of confirming the fact of the inaccuracy of personal data, the website administration, based on the information provided by the user or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and lifts the blocking of personal data.

6.4. In the event of detecting the unlawful processing of personal data carried out by the website administration, the website administration ceases the unlawful processing of personal data within a period not exceeding three working days from the date of detection of this fact.

6.5. In cases where it is impossible to ensure the legality of personal data processing, the website administration destroys such personal data within a period not exceeding ten working days from the date of detection of the unlawful processing of personal data.

6.6. The website administration notifies the user of the website about the elimination of the violations or about the destruction of personal data.

6.7. In case of establishing the fact of unlawful or accidental transfer (provision, distribution, access) of personal data that resulted in the violation of the user's rights, the website administration, from the moment of detection of such an incident by the website administration, the authorized body for the protection of the rights of personal data subjects, or other interested parties, notifies the authorized body for the protection of the rights of personal data subjects:

• within twenty-four hours about the incident, the presumed causes that led to the violation of the user's rights, the presumed harm caused to the user's rights, the measures taken to eliminate the consequences of the corresponding incident, as well as providing information about the person authorized by the website administration to interact with the authorized body for the protection of the rights of personal data subjects on issues related to the detected incident;
• within seventy-two hours about the results of the internal investigation of the detected incident, as well as providing information about the persons whose actions became the cause of the detected incident (if any).

6.8. In the event that the purpose of personal data processing is achieved, the website administration ceases the processing of personal data and destroys personal data within a period not exceeding thirty days from the date of achieving the purpose of personal data processing.

6.9. In case the user withdraws consent to the processing of his personal data, the website administration ceases their processing and, if the storage of personal data is no longer required for the purposes of personal data processing, destroys personal data within a period not exceeding thirty days from the date of receipt of the specified withdrawal.

6.10. In case the user requests the website administration to seize the processing of personal data, the website administration ceases their processing within a period not exceeding ten working days from the date of receipt of the corresponding request, except for cases provided by the Personal Data Law.

The specified period may be extended, but not more than five working days, in case the website administration sends a motivated notification to the user with an indication of the reasons for extending the period for providing the requested information.

6.11. In the event that it is impossible to destroy personal data within the period specified in paragraphs 6.4-6.10 of this privacy policy, the website administration blocks such personal data and ensures the destruction of personal data within a period not exceeding six months, unless otherwise established by federal laws.

6.12. After the expiration of the statutory storage period for documents containing the user's personal data or upon the occurrence of other legal grounds, the documents are subject to destruction.

6.13. The website administration creates an expert commission and conducts an expertise of the document's value.

6.14. As a result of this expertise, documents containing the user's personal data are subject to destruction:

• on paper carriers - are destroyed by recycling;
• in electronic form - are erased from information carriers or physically destroyed along with the carriers on which the information is stored.

7. Liability for Violations of Norms Regulating the Processing and Protection of Users' Personal Data

7.1. Persons guilty of violating the norms regulating the receipt, processing, and protection of users' personal data are held liable under disciplinary, material, civil , administrative, and criminal law in the manner established by the current legislation of the Russian Federation.

7.2. Moral harm caused to the user of the website due to the violation of his rights, the violation of the rules for processing personal data established by the Personal Data Law, as well as the requirements for the protection of personal data established in accordance with this Federal Law, is subject to compensation in accordance with the legislation of the Russian Federation. Compensation for moral harm is carried out regardless of compensation for property damage or the user's losses incurred.

8. Changes to the Privacy Policy

8.1. This privacy policy may be changed or terminated by the website administration unilaterally without prior notice to the user of the website. The new version of the privacy policy comes into force from the moment of its placement on the website, unless otherwise provided by the new version of the privacy policy.

8.2. The current version of the privacy policy is located on the website of the information and telecommunications network "Internet" at the address: https://sspb-tungus.com/politika-konfidentsialnosti/.