POLICY REGARDING THE PROCESSING OF PERSONAL DATA AT Peter Frost LLC 1. INTRODUCTION
1.1. The most important condition for the implementation of the goals of the activities of LLC "Peter Frost" (hereinafter LLC "Peter Frost" or the Operator) is to ensure the necessary and sufficient level of information security of information, which, among other things, includes personal data.
1.2. The policy regarding the processing of personal data in Peter Frost LLC (hereinafter referred to as the Regulation) determines the procedure for collecting, storing, transferring and other types of processing of personal data in Peter Frost LLC (hereinafter referred to as the Company), as well as information on the implemented protection requirements personal data.
1.3. The policy has been developed in accordance with the current legislation of the Russian Federation. 2. COMPOSITION OF PERSONAL DATA AND LIST OF ACTIONS WITH DATA
2.1. Information constituting personal data is any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data). A detailed list of personal data is recorded in the local regulatory documentation of Peter Frost LLC.
2.2. All personal data processed by Peter Frost LLC are confidential, strictly protected information in accordance with the law.
2.3. The list of actions with personal data, a general description of the personal data processing methods used by the operator: Collection, analysis, generalization, storage, modification, addition, transfer (without (or) with cross-border transfer to the territory of countries providing adequate protection), destruction of personal data. Automated / Manual / Mixed processing of personal data. 3. PURPOSE OF PROCESSING PERSONAL DATA
3.1. Personal data is processed by Peter Frost LLC in order to formalize labor and other contractual relations, personnel, accounting, tax records, on the grounds provided for in Article 22 of Federal Law No. 152-FZ dated June 27, 2006, 85-90 of the Labor Code of the Russian Federation, and also for the purpose of organizing and conducting Peter Frost LLC (including with the involvement of third parties) loyalty programs, marketing and / or promotions, research, surveys and other events; fulfillment by LLC Peter Frost of obligations under the contract for the retail sale of goods in retail stores of LLC Peter Frost, as well as in the Internet store of LLC Peter Frost www.peterfrost.ru
; promotion of services and / or goods of Peter Frost LLC and / or partners of Peter Frost LLC on the market by making direct contacts with customers of Peter Frost LLC using various means of communication, including, but not limited to, by phone , e-mail, mailing list, on the Internet, etc.; for other purposes, if the actions of Peter Frost LLC do not contradict the current legislation.
3.2. Peter Frost LLC, in order to properly fulfill its obligations as an Operator, processes the following personal data necessary for the proper fulfillment of contractual obligations:
• personal data of the Operator's employees who are in labor relations with the Operator;
• personal data of other individuals, including, but not limited to, those who are in contractual, civil law relations with the Operator, including, but not limited to, students, customers, participants in loyalty programs, consumers of services. 4. PROCEDURE FOR COLLECTING, STORING, TRANSFERING AND OTHER PROCESSING OF PERSONAL DATA
4.1. The processing of personal data, carried out without the use of automation tools, is carried out in such a way that for each category of personal data it is possible to determine the places of storage of personal data (tangible media). The Operator has established a list of persons processing personal data or having access to them. Separate storage of personal data (material media) is provided, the processing of which is carried out for various purposes. The Operator ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.
4.2. The processing of personal data carried out using automation tools is carried out subject to the following actions: The operator takes technical measures aimed at preventing unauthorized access to personal data and (or) their transfer to persons who do not have the right to access such information; security tools are configured to detect unauthorized access to personal data in a timely manner; technical means of automated processing of personal data are isolated in order to prevent impact on them, as a result of which their functioning may be disrupted; The Operator backs up data in order to be able to immediately restore personal data modified or destroyed due to unauthorized access to them; carries out constant monitoring of ensuring the level of protection of personal data. 5. DETAILS ABOUT THE REQUIREMENTS TO PROTECTION OF PERSONAL DATA.
5.1. The operator carries out the following activities: determines threats to the security of personal data during their processing, forms threat models based on them; develops, based on the threat model, a personal data protection system that ensures the neutralization of alleged threats using the methods and means of protecting personal data provided for the corresponding class of information systems; forms a plan for checking the readiness of new information security tools for use with drawing up conclusions on the possibility of their operation; carries out the installation and commissioning of information security tools in accordance with the operational and technical documentation; provides training to persons using information security tools used in information systems, the rules for working with them; keeps records of the information protection tools used, operational and technical documentation for them, personal data carriers; keeps records of persons admitted to work with personal data in the information system; monitors compliance with the conditions for the use of information security tools provided for by the operational and technical documentation; has the right to initiate proceedings and draw up conclusions on the facts of non-compliance with the conditions for storing personal data carriers, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations; has descriptions of the personal data protection system.
5.2. For the development and implementation of specific measures to ensure the security of personal data during their processing in the information system by the Operator or an authorized person, the information technology division of the Operator is responsible. Persons whose access to personal data processed in the information system is necessary to perform official (labor) duties are allowed to access the relevant personal data on the basis of a list approved by the Operator. Requests of users of the information system to receive personal data, as well as the facts of providing personal data on these requests, are recorded by automated means of the information system in the electronic journal of requests. The content of the electronic log of requests is periodically checked by the relevant officials (employees) of the Operator or an authorized person. If violations of the procedure for providing personal data are found, the Operator or an authorized person shall immediately suspend the provision of personal data to users of the information system until the causes of violations are identified and these causes are eliminated. 6. RIGHTS AND OBLIGATIONS OF THE OPERATOR
6.1. LLC "Peter Frost" as the Operator of personal data has the right to:
• defend their interests in court;
• provide personal data of the subjects to third parties, if it is provided for by the current legislation (tax, law enforcement agencies, etc.);
• refuse to provide personal data in cases provided for by law;
• use the personal data of the subject without his consent, in cases provided for by law. 7. RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT
7.1. The subject of personal data has the right:
• demand clarification of their personal data, their blocking or destruction if personal data is incomplete, outdated, unreliable, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
• require a list of their personal data processed by the Operator and the source of their receipt;
• receive information about the terms of processing of their personal data, including the terms of their storage;
• require notification of all persons who were previously informed of incorrect or incomplete personal data of all exceptions, corrections or additions made to them;
• appeal to the authorized body for the protection of the rights of subjects of personal data or in court against illegal actions or omissions in the processing of his personal data;
• to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court. 8. COOKIES
8.1. Cookies are small text files that are stored on your computer or mobile device when you visit the Company's websites. For the purposes of this section, the term "cookie" is used as an umbrella term for "cookies", "flash cookies" and "web beacons". These files do not take up much space and are automatically deleted when they expire. Some cookies are used until the end of the Internet session, others are stored for a limited period of time.
- Necessary cookies help you navigate the site and view some of its features (for example, this type of cookie helps to save the details of the shopping cart at all stages of the checkout). These files are necessary to implement the basic functionality of the site. They are stored throughout the session of browsing the site.
-Functional cookies allow you to improve the use of resources (for example, save and remind you of purchases, create a list). These files allow you to analyze the use of the site, measure and improve the level of performance. These cookies may be hosted by us or by third parties on our behalf (see email marketing opt-out policy) and persist for the duration of your browsing session.
- Cookies in advertising and social networks
• help preserve data about products and customer preferences, as well as carry out marketing activities in other directions. These cookies allow you to share data about, for example, what you like with advertisers, so that the Company's advertisements that a site visitor sees may be more relevant to your preferences (sometimes referred to as "targeting cookies").
• assist the Company in understanding the purchasing behavior of site visitors. This allows you to continue to improve the site, improve marketing messages, visitors (sometimes referred to as "performance cookies").
• These cookies are used to analyze opinions, allow us to recommend the site on social networks, send messages to the company, provide visitors with feedback to our other (potential) customers through ratings and product reviews (sometimes these cookies are called "interaction cookies").
8.4. What if the site visitor does not allow cookies to be used? Change your browser settings to delete or prevent certain cookies from being stored on a computer or mobile device without the visitor's consent. The "Help" section of the visitor's browser contains information on setting cookies. The visitor should refer to the browser instructions in order to learn more about how to adjust or change browser settings from each device that the visitor uses to visit the Site. 9. FINAL PROVISIONS
9.1. This Policy is subject to change, addition, if necessary, incl. in the event of the emergence of new legislative acts and special regulatory documents on the processing and protection of personal data.
9.2. This Policy is an internal document of Peter Frost LLC, and is subject to posting on the official website of Peter Frost LLC. In case of changes, bringing such changes to the general public is carried out by posting the Policy on the official website of Peter Frost LLC, taking into account such changes.
9.3. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for ensuring the security of personal data of Peter Frost LLC.