Personal Data Processing Policy1. General This Personal Data Processing Policy complies with Federal Law No. 152-FZ, dated 27.07.2006, “On Personal Data” (hereinafter, “Personal Data Law”) and defines the rules for processing personal data and measures to ensure personal data safety adhered to by LLC BIG Filter (hereinafter, “Operator”).
Personal data of users (visitors) of the website
https://www.beylinbooks.сom/ are processed with their consent. Users provide their personal information voluntarily, thus fully consenting to automated and non-automated processing and use of their personal data by LLC BIG Filter under Article 9 of the Personal Data Law.
1.1 The Operator’s paramount objective is to uphold the human and civil rights and freedoms of users when processing their personal data, including protection of privacy, personal and family secrets.
1.2 This Policy applies to all information the Operator may receive about visitors of the website
https://www.beylinbooks.сom/.
1.3 The Policy applies solely to this website; the Operator is not responsible for third-party sites accessible via the links embedded in this website.
2. Definitions of principal concepts2.1 Automated processing: processing using computing technology.
2.2 Blocking of personal data: temporary suspension of personal data processing (except for rectification purposes).
2.3 Website: the complete set of graphics and information, as well as the software and databases ensuring online access to the web address
https://www.beylinbooks.сom/.
2.4 Personal data information system: the totality of the personal data stored in the databases combined with the information technologies and technical means ensuring their processing.
2.5 Anonymization: actions making it impossible to attribute personal data to an individual without additional information.
2.6 Personal data processing: any action (operation) or set of actions (operations) involving personal data, automated or manual, including collection, recording, systematization, accumulation, storage, rectification (updating, change), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, and destruction.
2.7 Operator: a government or municipal authority, a legal entity, or an individual that, alone or jointly with other entities/persons, organizes and/or carries out data processing, states the purposes of personal data processing, and determines the scope of personal data to be processed, as well as the actions/operations to be performed with personal data.
2.8 Personal data: any information directly or indirectly relating to an identified or identifiable user of the website
https://www.beylinbooks.сom/.
2.9 Personal data permitted for dissemination by the data subject: the personal data to which the data subject has provided public access by way of giving consent to the processing of their personal data permitted for dissemination in conformity with the Personal Data Law (hereinafter, personal data permitted for dissemination).
2.10 User — any visitor of the website
https://www.beylinbooks.сom/.
2.11 Provision of personal data: actions leading to disclosure of personal data to a certain individual or a certain circle of individuals.
2.12 Dissemination of personal data: any actions leading to disclosure of personal data to the general public (also termed transfer of personal data), including their publication in the mass media, telecommunication and social networks, or provision of access to personal data in any other way.
2.13 Cross-border personal data transfer: transfer of personal data into the territory of a foreign state to an authority of a foreign state, or to a foreign individual or legal entity.
2.14 Personal data destruction: any actions leading to irreversible deletion of personal data so that their subsequent restoration in the personal data system becomes impossible, or leading to the destruction of the physical storage media with personal data.
3. Operator’s principal rights and obligations3.1. The Operator has the right to:
— obtain accurate information and/or documents containing personal data from the data subject;
— in the event the data subject withdraws their consent to the processing of their personal data, or submits a request to terminate the processing of their personal data, the Operator may continue processing their personal data without the data subject’s consent on the grounds specified in the Personal Data Law;
— independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of its obligations under the Personal Data Law and ensuing regulatory legal acts, unless otherwise stipulated by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
— provide the data subject, upon request, with information related to the processing of their personal data;
— organize the processing of personal data in conformity with the effective legislation of the Russian Federation;
— respond to appeals and requests of data subjects and their legal representatives as required by the Personal Data Law;
— provide the authorized body for the protection of personal data subjects’ rights with necessary information upon request within 10 days from the date of receiving such a request;
— publish or otherwise ensure unrestricted access to this Policy concerning personal data processing;
— implement legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, disclosure, dissemination, as well as other unlawful actions regarding personal data;
— cease personal data transfer (dissemination, provision, access) and processing, and destroy personal data according to the procedure and in cases stipulated by the Personal Data Law;
— otherwise observe the Personal Data Law.
4. Principal rights and obligations of data subjects 4.1. Personal data subjects have the right to:
— receive information concerning the processing of their personal data, except in cases provided for by federal laws. The Operator must provide information to the data subject in an accessible form, excluding personal data of other subjects unless legally authorized. The list of such items of information and the procedure for obtaining it are established by the Personal Data Law;
— demand that the operator rectify, block, or destroy their personal data if the data are incomplete, outdated, inaccurate, obtained unlawfully, or not required for the declared processing purpose, and also take legal actions to protect their rights;
— set the condition that their prior consent must be required before their personal data may be processed for purposes of marketing goods and services;
— withdraw their consent to the processing of their personal data, and demand that processing of their personal data be terminated;
— file complaints with the authorized body for the protection of personal data subjects’ rights or with courts of law about wrongful acts or omissions by the Operator in processing their personal data;
— exercise their other rights under the law of the Russian Federation.
4.2. Personal data subjects are obliged to:
— provide the Operator with accurate data about themselves;
— notify the Operator, if necessary, of rectifications (updates, changes) to their personal data.
4.3. Individuals who provide the Operator with false information about themselves or with information about another data subject without the latter's consent shall bear responsibility under the law of the Russian Federation.
5. Principles of personal data processing 5.1. Personal data shall be processed on a lawful and fair basis.
5.2. Processing of personal data is limited by specific, predefined and lawful purposes. Personal data shall not be processed for purposes other than those for which they were collected.
5.3. It is not allowed to combine personal data databases in which the purposes of data processing are incompatible.
5.4. Only personal data that meet the purposes of processing are subject to processing.
5.5. The content and scope of processed personal data must correspond to the declared purposes. Excessive scope of personal data for processing relative to the stated purposes is not allowed.
5.6. During processing, accuracy, sufficiency, and —where necessary — relevance of the personal data concerning the processing purposes are ensured. The Operator takes and/or provides for necessary measures to delete or rectify incomplete or inaccurate data.
5.7. Personal data are stored in a way that permits identifying the data subject no longer than required by the purposes of data processing, unless a longer period is established by federal law or a contract to which the data subject is a party, beneficiary, or guarantor. Processed personal data must be destroyed or anonymized upon achievement of the processing purposes or loss of necessity, unless otherwise stipulated by federal law.
6. Categories and purposes of personal data processing. Legal grounds for processing. 6.1. The Operator may process personal data of website users.
6.2. The personal data processed by the Operator include:
- name;
- telephone number;
- email address.
Automatically collected data include:
- IP address, cookie data;
- the user’s browser information, technical characteristics of the user’s hardware and software; date and time of website access, addresses of requested pages, and other similar information.
6.3. The personal data listed in clause 6.2 are processed for the following purposes:
- identification of website users;
- providing users with access to services, information, and/or website materials;
- discussion of application details via email or telephone communications;
- sending informational emails to the user;
- improvement of website and service quality, access to services, targeting of advertising materials;
- establishing feedback, including notifications, requests regarding website use, services provided, processing of users’ applications and queries;
- responding to questions submitted via feedback form;
- confirming accuracy and completeness of personal data provided by the user;
- collecting cookies for targeted advertising.
6.4. Information about website users’ IP addresses is not used to identify website visitors.
6.5. Legal grounds for personal data processing:
- Federal Law No. 149-FZ “On Information, Information Technologies and Information Protection” dated 27.07.2006;
- Website consent to personal data processing.
7. Conditions for personal data processing 7.1. Personal data are processed with the data subject’s consent to the processing of their personal data.
7.2. Personal data processing is necessary to achieve the purposes established by an international treaty of the Russian Federation or by the Russian Federation’s law, to enable the Operator to exercise its legal powers and duties.
7.3. Personal data processing is necessary for the administration of justice, such as the execution of a judicial decision, or a ruling by another authority or official, under the Russian Federation’s law on enforcement proceedings.
7.4. Personal data processing is necessary for the implementation of a contract to which the data subject is a party, beneficiary, or guarantor, or for concluding a contract at the initiative of the data subject, or a contract of which the data subject is to be a beneficiary or guarantor.
7.5. Personal data processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties or for achieving socially important purposes, provided that the rights and freedoms of the data subject are not violated.
7.6. Processing applies to the personal data which have been made publicly available by the data subject or at their request (hereinafter, publicly accessible personal data).
7.7. Processing applies to personal data which are subject to publication or mandatory disclosure under federal law.
8. Procedure for personal data collection, storage, transfer, and other types of processing The safety of the personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with effective legislation on personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to personal data.
8.2. User personal data will never and under no conditions be transferred to third parties, except where required by law or if the data subject has given consent to transfer their data to a third party for the fulfillment of obligations under a civil law contract.
8.3. In case of inaccuracies in personal data, the user may update them independently by sending a notification to the Operator’s email address
info@bigfilter.com with the text “Personal data update.”
8.4. The personal data processing period is determined by the achievement of the purposes for which the data were collected, unless a different period is stipulated by contract or law.
The user may withdraw their consent to personal data processing at any time by sending a notification to the Operator’s email address
info@bigfilter.com with the text “Withdrawal of consent to personal data processing.”
8.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by those entities (Operators) according to their User Agreements and Privacy Policies. The Operator is not responsible for any actions by third parties, including the service providers mentioned herein.
8.6. Restrictions imposed by the data subject on transfer (except for providing access) or on processing conditions (except for obtaining access) of personal data authorized for dissemination do not apply in cases when personal data are processed in the interests of the state, society, or other public as determined by the Russian Federation’s law.
8.7. The Operator ensures confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form that makes the subject identifiable for no longer than required to achieve processing purposes, unless a longer retention period is prescribed by federal law or a contract of which the subject is a party, beneficiary, or guarantor.
8.9. Personal data processing may be terminated upon achievement of processing purposes, expiration of consent validity, withdrawal of consent, a request to terminate processing, or detection of unlawful personal data processing.
9. List of activities performed by the Operator with regard to collected personal data 9.1. The Operator carries out collection, recording, systematization, accumulation, storage, rectification (updating, changing), extraction, use, transfer (circulation, submission, access), anonymization, blocking, deletion, and destruction of personal data.
9.2. The Operator performs automated processing of personal data with or without receipt and/or transmission of information over data and telecommunications networks.
10. The Operator does not perform cross-border personal data transfers. 11. Confidentiality of personal data The Operator and other persons having access to personal data must not disclose or distribute personal data to third parties without the consent of the data subject, except as provided by federal law.
12. Final provisions 12.1. The user may obtain any clarifications on issues concerning the processing of their personal data by contacting the Operator via email at
info@bigfilter.com or in writing at: 198095, St. Petersburg, ul. Kalinina, 53, Litera B.
12.2. Any changes to the Operator's personal data processing policy will be reflected in this document. The Policy remains effective indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely accessible online at
https://www.beylinbooks.сom/policy_eng.
12.4. The Operator reserves the right to amend the Policy without the user’s consent.
12.5. If any provision of this Policy is deemed invalid or unenforceable for any reason, this shall not affect the validity or enforceability of the remaining provisions.