Approved October 20, 2022
Company policy regarding the processing of personal data
1. General Provisions
1.1. This Policy of DOKAR Company regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of the law on personal data in order to ensure the protection of the rights and freedoms of a person and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This policy applies to all personal data processed by DOKAR (hereinafter referred to as the Operator).
1.3. The Policy applies to relationships in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. In compliance with the requirements of the law on personal data, this Policy is published in the public domain on the Operator’s website on the Internet information and telecommunications network.
1.5. Key concepts used in the Policy:
  • personal data - any information related to a directly or indirectly defined or determinable individual (subject of personal data);
personal data operator (operator) - a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;
  • personal data processing - any action (operation) or set of actions (operations) with personal data performed with the use of automation tools or without their use. The processing of personal data includes, among other things:
  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • clarification (updating, changing);
  • extraction;
  • use;
  • depersonalization;
  • blocking;
  • deletion;
  • destruction;
  • automated processing of personal data - processing of personal data using computer technology;
  • blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
  • destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible carriers of personal data are destroyed;
  • depersonalization of personal data - actions as a result of which it becomes impossible to determine the ownership of personal data to a specific subject of personal data without the use of additional information;
  • personal data information system - a set of personal data contained in databases and the information technologies and technical means that ensure their processing;
1.6. Basic rights and obligations of the Operator.
1.6.1. The operator has the right:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the subject of the personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the
Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law on Personal Data;
3) in the event of the personal data subject's withdrawal of consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
1.6.2. The operator is obliged to:
1) organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
2) respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
3) to notify the authorized body for the protection of the rights of personal data subjects, at the request of this body, of the necessary information within 30 days from the date of receipt of such request.
1.7. Basic rights of the personal data subject. The personal data subject has the right to:
1) receive information regarding the processing of his personal data, with the exception of cases stipulated by federal laws. Information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data related to other subjects of personal data, with the exception of cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
2) demand that the operator clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect his rights;
3) put forward the condition of prior consent when processing personal data for the purpose of promoting goods, works and services on the market;
4) appeal in court against the illegal actions or inaction of the Operator when processing his personal data.
1.8. Control over compliance with the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data by the Operator.
1.9. Responsibility for violation of the requirements of the legislation of the Russian Federation and the regulatory acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. Purposes of collecting personal data
2.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
2.2. Only personal data that meets the purposes of their processing are subject to processing.
2.3. The Operator processes personal data for the following purposes:
  • ensuring compliance with the Constitution, federal laws and other regulatory legal acts;
  • implementation of civil law relations;
  • processing customer requests in order to obtain information about the Operator's services;
  • analysis of customer actions on the Site and the functioning of the Site.
2.4. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
3. Legal grounds for processing personal data
3.1. The legal basis for the processing of personal data is a set of regulatory
legal acts, in pursuance of which and in accordance with which the Operator carries out
the processing of personal data, including:
  • Constitution;
  • Civil Code;
  • other regulatory legal acts governing relations related to the activities of the Operator.
3.2. The legal basis for processing personal data also includes:
  • agreements concluded between the Operator and personal data subjects;
  • consent of personal data subjects to the processing of their personal data.
4. Volume and categories of personal data processed, categories of personal data subjects
4.1. The content and volume of the personal data being processed must correspond to the declared purposes of processing, as provided in Section 2 of this Policy. The personal data being processed must not be excessive in relation to the declared purposes of their processing.
4.2. The Operator may process the personal data of the following categories of personal data subjects.
4.2.1. Individuals filling out the registration form on the Operator's Website in order to receive the Operator's services:
  • last name, first name, patronymic;
  • telephone;
  • e-mail;
  • other personal data processed using the Google Analytics and Yandex.Metrica Internet services.
4.2.2. Clients and contractors of the Operator (individuals):
  • last name, first name, patronymic;
  • contact details (phone, e-mail);
  • address of registration at the place of residence;
  • other personal data processed using the Internet services Google Analytics and Yandex.Metrica.
4.3. The Operator processes biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his/her identity can be established) in accordance with the law.
4.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except for cases provided for by law.
5. Procedure and conditions for processing personal data
5.1. The Operator processes personal data in accordance with the requirements of the law.
5.2. The personal data is processed with the consent of the personal data subjects to the processing of their personal data, and without such consent in cases stipulated by law.
5.3. The Operator carries out both automated and non-automated processing of personal data.
5.4. The Operator's employees whose job responsibilities include the processing of personal data are allowed to process personal data.
5.5. The personal data is processed by:
  • obtaining personal data in oral and written form directly from the personal data subjects;
  • obtaining personal data from publicly available sources;
  • entering personal data into the Operator's journals, registers and information systems;
  • using other methods of processing personal data.
5.6. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is prohibited, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the subject of personal data for distribution is drawn up separately from other consents of the subject of personal data for the processing of his
personal data. Requirements for the content of consent to the processing of personal data permitted by the subject of
personal data for distribution are established by law.
5.7. Transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation.
5.8. The operator takes the necessary legal, organizational and technical measures to protect
personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
  • determines threats to the security of personal data during their processing;
  • adopts local regulations and other documents governing relations in the field of processing and protection of personal data;
  • appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
  • creates the necessary conditions for working with personal data;
  • organizes the accounting of documents containing personal data;
  • organizes work with information systems in which personal data are processed;
  • stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
  • organizes training for the Operator's employees (if applicable) processing personal data.
5.9. The Operator stores personal data in a form that allows identifying the subject of personal data, no longer than required by the purposes of processing personal data, unless the storage period for personal data is established by federal law or an agreement.
6. Updating, correcting, deleting and destroying personal data, responding to requests from subjects to access personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in the Law on Personal Data, are provided by the Operator to the personal data subject or his representative upon request or upon receipt of a request from the personal data subject or his representative.
The information provided does not include personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.
The request must contain:
  • the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the said document and the body that issued it;
  • information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
  • signature of the personal data subject or his representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the request (appeal) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
The right of the personal data subject to access his personal data may be limited in accordance with the Law on Personal Data, including if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties.
6.2. In the event that inaccurate personal data is discovered upon the request of the personal data subject or his representative or at their request or at the request of supervisory authorities, the Operator blocks the personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if the blocking of the personal data does not violate the rights and legitimate interests of the personal data subject or third parties. In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject or his representative or other necessary documents, clarifies the personal data within seven business days from the date of submission of such information and removes the blocking of the personal data.
6.3. In case of detection of unlawful processing of personal data upon an appeal (request) of the personal data subject or his representative, the Operator blocks the unlawfully processed personal data related to this personal data subject from the moment of such appeal or receipt of the request.
6.4. Upon achievement of the purposes of processing personal data, as well as in case of withdrawal of consent to their processing by the personal data subject, personal data are subject to destruction, unless:
  • otherwise provided by the agreement to which the personal data subject is a party, beneficiary or guarantor;
  • the operator has no right to carry out processing without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
  • unless otherwise provided by another agreement between the Operator and the personal data subject.
Back
Made on
Tilda