Personal Data Processing Policy
This Personal Data Processing Policy of LLC "DiHouse” (hereinafter referred to as the Policy) is developed in order to implement the requirements of paragraph 2 of part 1 of Article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and is an internal document of LLC "DiHouse" (OGRN 107758508002, TIN 7709751313, legal address: 105066, Moscow, Dobroslobodskaya, 5), hereinafter referred to as the "Personal Data Operator" or the "Company"), which determines the procedure for actions in the field of personal data processing and protection..
diHouse is the collective name for the group of companies that represent LLC “DiHouse”, LLC “DiHouse ecom” and LLC "DiHouse Retail". The specific person (Company) processing the Personal Data Subject's personal data is determined depending on who provides the specific service.
Unless otherwise expressly stated in the text of the legal document, the relevant company LLC "DiHouse” is the Personal Data Operator — a person who independently or jointly with other persons organizes and/or processes your personal data, as well as determines the purposes of personal data processing, the composition of the processed personal data and specific actions (operations) with such personal data.
For independent determination of the Personal Data Operator, the Personal Data Subject may refer to the text of the legal document available to him (offer, terms of use, etc.) In case of questions regarding the determination of the Personal Data Operator, the Personal Data Subject may receive the necessary information by sending messages
to
info@di-house.ru.
1.2. The Policy has been developed in order to implement the requirements of the legislation in the field of processing and protection of personal data and defines the basic principles and approaches to the organization of the Personal Data Operator for processing and protection of personal data of Personal Data Subjects within the meaning of the Law on Personal Data.
1.3. The Policy applies to all actions related to the processing of personal data on the website www.di-house.ru (hereinafter referred to as the "Site") and in the information systems of the Personal Data Operator.
The Personal Data Operator has the right, for the purpose and under the conditions specified in this Policy, to entrust the processing of personal data of the Personal Data Subject in whole or in part:
1.4. Any Personal Data Subject has access to this Policy, including using the Internet.
1.5. The Personal Data Operator has the right to periodically update this Policy and has the right to unilaterally change its terms at any time. The Personal Data Operator recommends that you regularly check the content of this Policy for possible changes.
The Policy applies to all personal data received both before and after the enactment of this Policy.
1.6. Main Definitions Applied in the Policy:
— Personal Data Subject is an individual who is directly or indirectly determined or identifiable with the help of personal data, whose personal data is processed;
— Personal Data Operator - a person who independently or jointly with other persons organizes and (or) processes personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data. For the purposes of this Policy, the Company, when processing personal data, is the Personal Data Operator, unless otherwise expressly stated in the Policy;
— Confidentiality of personal data - protection of personal data from illegal and/or unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
— Personal data processing means any action (operation) or set of actions (operations) taken with automation tools or without them, including collection, recording, systematization, accumulation, storage, clarificaton (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
— Distribution of personal data means actions aimed at disclosing personal data to an undetermined number of persons;
— Provision of personal data - means actions aimed at disclosing personal data to a certain person or a certain set of persons;
— Personal data blocking means temporary personal data processing suspension (unless processing is necessary to clarify personal data);
— Destruction of personal data means actions that result in the impossibility of restoring the content of personal data in the personal data information system and (or) result in destruction of the personal data physical media;
— Anonymization of personal data is actions that make it impossible to determine the ownership of personal data to a specific subject of personal data without the use of additional information.
— Site Owner – Limited Liability Company "DiHouse" (OGRN 107758508002, TIN 7709751313, legal address: 105066, Moscow, Dobroslobodskaya Str., 5).
1.6.1. Other terms are used in this Policy in accordance with the meanings determined by the current legislation of the Russian Federation, unless otherwise expressly stated in the Policy.
2.1. Within the framework of this Policy, personal data means any information related directly or indirectly to the subject of personal data, including surname, name, patronymic, gender, age, date of birth, phone number, email addresses, postal addresses, registration address, address of residence, information on education, place of work, marital status, as well as other personal information of the Personal Data Subject. Personal data may also include data that is automatically transmitted during the use of the Site using the software installed on the device of the personal data subject, including IP address, cookie data, information about the browser of the personal data subject (or other program through which the Site is accessed), technical characteristics of the equipment and software used by the Personal Data Subject, date and time of access to the Site, addresses of the requested pages and other similar information.
This technical information may be collected by the Personal Data Operator when the Personal Data Subject visits the Site and used to ensure its performance, improve the quality of the services provided, correct errors and improve the user experience in general. At the same time, the Personal Data Operator does not pursue the goal of identifying a specific Personal Data Subject when he/she visits the Site.
2.1.1. Cookies are small files, usually consisting of letters and numbers, automatically downloaded and uploaded to the device when the Personal Data Subject accesses the Site. Cookies allow the Site to recognize the device of the Personal Data Subject and display the Site in accordance with the preferences of the Personal Data Subject.
If the Personal Data Subject wishes to prevent the use of cookies from his/her device, he/she may leave the Site or change the settings of his/her web browser. You can read the instructions for managing cookies for a specific browser at the following links: Yandex.Browser, Mozilla Firefox, Google Chrome, Safari, Microsoft Internet Explorer.
The data collected through cookies do not belong to special categories or biometric in accordance with Art. 10–11 of the Law “On Personal Data” and are processed in an automated way.
The basis for the processing of such technical information from the device of the Personal Data Subject is the consent to the processing of personal data provided by him by committing implicit actions, namely, the continuation of the use of the Site.
2.2. The Personal Data Operator processes personal data of the following categories of Personal Data Subjects:
— Employees, former employees and their close relatives;
— Candidates for filling vacant positions in the Company;
— Clients (authorized representatives of clients) of the Company;
— Authorized representatives/employees of the Company's counterparties;
— Users of the Site (individuals);
— Other individuals who have entered into relations with the Company in connection with the participation of such persons in the economic activities of the Company.
3.1. The legal basis for the processing of personal data is a set of legal acts, pursuant to which and in accordance with which the Company processes personal data, including, but not limited to, in accordance with:
— Constitution of the Russian Federation;
— Federal Law No.152-FZ of July 27, 2006 "On Personal Data";
— Civil Code of the Russian Federation;
— Decree of the Government of the Russian Federation of September 15, 2008 No. 687 "On approval of the Regulation on the peculiarities of personal data processing carried out without the use of automation tools";
— Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 "On approval of requirements for the protection of personal data when processing them in personal data information systems";
— Order of the FSTEC (Federal Service for Technical and Export Control) of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";
— Order of the FSTEC of Russia No. 55, FSB of Russia No. 86, Ministry of Information Communications of Russia No. 20 dated February 13, 2008 "On Approval of the Procedure for Classification of Personal Data Information Systems";
— the Charter and local acts of the Company;
— other regulatory legal acts regulating relations related to the commercial activities of the Company.
The processing of personal data is carried out by the Company reasonably and in good faith and on the basis of the following principles:
— Compliance of the purposes of personal data processing with the purposes predetermined and declared during the collection of personal data, as well as with the powers of the Company;
— Compliance of the scope and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data.
Personal data is processed by the Company including, but not limited to, for the following purposes:
— Performance of functions, powers and duties assigned to the Company by the legislation of the Russian Federation;
— Conducting the activities of the Company's organization in accordance with its charter;
— Ensuring compliance with legislative acts and other regulatory legal acts of the Russian Federation;
— Conclusion, execution of contracts and agreements within the framework of labor, civil and other relations;
— Identification of users of the Site;
— Improvement of the Company's products and services, as well as interaction with the Company's customers and counterparties;
— Keeping personnel records and accounting.
3.4. The Company does not process personal data relating to race, nationality, political views, religious, philosophical and other beliefs, health, personal life, membership in public associations, including trade unions.
4.1. The processing of personal data is carried out by the Company with the consent of the subjects of personal data to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
4.2. The processing of personal data is carried out by the Company in accordance with the requirements of the legislation of the Russian Federation in any legal way, including in personal data information systems using automation tools or without using such tools.
4.3. When processing personal data, the Company ensures the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of personal data processing. The Company takes the necessary legal, organizational and technical measures to protect personal data from illegal and (or) unauthorized access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
4.4. The processing of personal data is carried out by:
— Receipt of personal data in oral and written form directly from the subjects of personal data;
— Obtaining personal data from publicly available sources;
— Entering personal data into the Company's logs, registers and information systems;
— Use of other methods of processing personal data.
4.5. Employees of the Company whose official duties include the processing of personal data are allowed to process personal data.
4.6. The Company has the right to transfer personal data to third parties in the following cases:
— The personal data subject has agreed to such transfer;
— The transfer is made to employees of the Company, whose official duties include the processing of personal data, for use for the purposes specified in clause 3.3. of this Policy;
— The transfer is necessary for the conclusion, execution of contracts and agreements within the framework of labor, civil and other relations with the Company;
— the transfer is stipulated by Russian or other applicable legislation under procedures established by the legislation.
4.7. The processing and storage of personal data is carried out by the Company no longer than the purposes of processing personal data require, if there are no legal grounds for further processing.
4.8. Disclosure to third parties and distribution of personal data without the consent of the subject of personal data, unless otherwise provided by federal law, is not allowed.
4.9. Liability for violation of the requirements of the legislation of the Russian Federation and regulatory acts of the Company in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
5.1. The Personal Data Subject has the right to:
— Access to your personal data processed by the Company, as well as information about the legal grounds and purposes of personal data processing;
— Clarification, exclusion or correction by the Company of incomplete, incorrect, outdated, unreliable, illegally obtained or unnecessary personal data;
— Withdrawal of your consent to the processing of personal data;
— Protection of their rights and legitimate interests, including compensation for damages and compensation for moral damage in court;
— Appeal against the actions or inaction of the Company to the authorized body for the protection of the rights of Personal Data Subjects or in court.
5.2. The rights of Personal Data Subjects provided for in clause 5.1. of this Policy may be limited in accordance with the requirements of the legislation of the Russian Federation and (or) in cases where the Company processes personal data on legal grounds other than the consent of the Personal Data Subject.
6.1. In accordance with the requirements of the Law “On Personal Data”, the Company has the right to:
— Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law “On Personal Data” and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law “On Personal Data” or other federal laws;
— To entrust the processing of personal data to another person with the consent of the Personal Data Subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Company is obliged to comply with the principles and rules for the processing of personal data provided for by the Law “On Personal Data”;
— In case of withdrawal by the Personal Data Subject of consent to the processing of personal data, continue the processing of personal data without the consent of the Personal Data Subject if there are grounds specified in the Law “On Personal Data”.
6.2. In accordance with the requirements of the Law “On Personal Data”, the Company is obliged to:
— Use the received personal data exclusively for the purposes specified in this Policy;
— Organize the processing of personal data in accordance with the requirements of the Law “On Personal Data”;
— Ensure proper safe storage of personal data, not disclose personal data without the prior written consent of the Personal Data Subject, except as provided for by the legislation of the Russian Federation;
— To block personal data related to the relevant Personal Data Subject from the moment of application or request of the Personal Data Subject or his legal representative or the authorized body for the protection of the rights of Personal Data Subjects for the period of verification in case of revealing unreliable personal data or illegal actions;
— Delete the personal data of the Personal Data Subject if their storage period has expired or the Personal Data Subject has withdrawn consent to their processing;
— Respond to appeals and requests of Personal Data Subjects and their legal representatives in accordance with the requirements of the Law “On Personal Data”;
— Report the necessary information to the authorized body for the protection of the rights of Personal Data Subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media) at the request of this body within 10 (ten) days from the date of receipt of such a request.
7.1. The Company reserves the right to amend this Policy at any time at its discretion without the consent of Personal Data Subjects in order to further improve the system of protection against unauthorized access to personal data.
7.2. The new version of the Policy comes into force from the moment it is posted on the Site, unless it specifies a different date for its entry into force.
7.3. Unless otherwise provided by the legislation of the Russian Federation, the Company stops processing personal data (in relation to any of the stated purposes) and destroys them in the following cases:
— liquidation of the Company;
— reorganization of the Company, entailing the termination of its activities;
— the disappearance of the legal grounds for the processing of personal data and/or the achievement of the purposes of processing personal data.
7.4. In all other respects that are not directly reflected in the Policy, the Company is guided by the norms and provisions of the Law “On Personal Data”.
7.5. In case of additional questions related to the processing of personal data, Personal Data Subjects can contact the Company by sending messages to the address: info@di-house.ru indicating the subject-matter of the appeal: "My personal data".