1. General provisions

1.1. This Policy of Individual Entrepreneur Irson I. Lazareva regarding the processing of personal data (hereinafter referred to as the Policy) was developed in compliance with the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data "(hereinafter referred to as the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms when processing their personal data, including protecting the rights to privacy, personal and family secrets.

1.2. The Policy applies to all personal data processed by Individual entrepreneur Lazareva Irson Igorevna (OGRNIP 323623400017007, TIN 620550975930, e-mail: irsonl@yandex.ru, registration address: Ryazan region, Russian Federation).

1.3. The Policy applies to relations in the field of personal data processing that have arisen with the Operator both before and after the approval of this Policy.

1.4. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published freely in the information and telecommunications network of the Internet on the Operator's website.

2. Terms and abbreviations used

Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data).

Personal data authorized for distribution by the subject of personal data is personal data that an unlimited number of persons have access to by the subject of personal data by giving consent to the processing of personal data authorized by the subject of personal data for distribution.

Personal data operator (operator) – a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and / or performs the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Processing of personal data – any action (operation) or a set of actions
(operations) with personal data performed with or without the use of automation tools. The processing of personal data includes, but is not limited to:

- collecting data;

- recording;

- systematization;

- accumulation;

- storage;

- clarification (update, change);

- extract;

- usage;

- transfer (provision, access);

- distribution;

- depersonalization;

- blocking;

- delete;

- destruction.

Automated processing of personal data – processing of personal data using computer technology.

Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons.

Blocking of personal data – temporary termination of the processing of personal
data (except in cases where the processing is necessary to clarify personal
data).

Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Depersonalization of personal data – actions that make
it impossible to determine whether
personal data belongs to a specific personal data subject without using additional information.

Personal data information system – a set
of personal data contained in databases and providing their processing, information technologies and technical means.

Cross-border transfer of personal data – transfer of personal data on
the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

3. Procedure and conditions for processing and storing personal data

3.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

3.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Russian Federation.

3.3. Consent to the processing of personal data authorized for distribution by the personal data subject is issued separately from other consents of the personal data subject to the processing of his / her personal data.

3.4. Consent to the processing of personal data authorized for distribution by the personal data subject may be provided to the operator:

- directly;

- using the information system of the authorized body for the protection of the rights of personal data subjects.

3.5. The Operator performs both automated and non-automated processing of personal data.

3.6.Employees of the Operator whose official
duties include the processing of personal data are allowed to process personal data.

3.7. Personal data is processed by::

- receiving personal data orally and in writing directly with
the consent of the personal data subject to the processing or dissemination of his / her personal data;

- entering personal data in the Operator's logs, registers and information systems
;

- use of other methods of processing personal data.

3.8. Personal data may not be disclosed or disseminated to third parties without the consent of the personal data subject, unless otherwise provided for by federal law.

3.9. The transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.

3.10. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including::

- identifies threats to the security of personal data when processing them;

- adopt local regulations and other documents regulating relations in the field of personal data processing and protection;

- appoints persons responsible for ensuring the security of personal data in
the Operator's structural divisions and information systems;

- creates the necessary conditions for working with personal data;

- organizes accounting of documents containing personal data;

- organizes work with information systems that process
personal data;

- stores personal data in conditions that ensure their safety and
prevent unauthorized access to them;

- organizes training of the Operator's employees who process personal
data.

3.11. The Operator stores personal data in a form that makes it possible to determine the subject of personal data, no longer than the purposes of processing personal data require, unless the period of storage of personal data is established by federal law, contract or agreement.

3.12. When collecting personal data, including through the information and telecommunication network Internet, the Operator ensures recording, systematization,
accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the Law on Personal Data.

3.13. Types of data and purposes of personal data processing:

3.13.1. Types of PD processed by the Operator:

- FULL NAME

- phone number

- email address

- links to pages in social networks

3.13.2. Only personal data that meets the purposes of their processing are subject to processing. The Operator processes personal data for the following purposes::

- ensuring compliance with the Constitution, federal laws and other regulatory
legal acts of the Russian Federation;

- implementation of its activities;

- implementation of civil law relations;

- maintaining accounting records;

- notification of the PD subject about changes and additions to the services provided under the contract with it,

- receiving feedback, reviews, and recommendations from the Subject,

- conducting surveys for effective communication with existing and potential customers of the Operator.

3.14. Categories of personal data subjects.

The PD of the following PD subjects is processed:

- individuals who have civil relations with the Operator.

3.15. PD processed by the Operator:

- data obtained during the implementation of civil law relations.

3.16. Storage of personal data.

3.16.1. Personal data of subjects can be obtained, further processed and transferred for storage both on paper and in electronic form.

3.16.2. PD recorded on paper is stored in lockable cabinets or in lockable rooms with restricted access rights.

3.16.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.

3.16.4. It is not allowed to store and place documents containing PD in open electronic directories (file sharing sites) in the ISPD.

3.16.5. The storage of PD in a form that allows the identification of the PD subject is carried out no longer than the purposes of their processing require, and they are subject to destruction when the processing goals are achieved or if they are no longer necessary to achieve them.

3.17. Destruction of PD.

3.17.1. Destruction of documents (media) containing PD is carried out by burning, crushing (crushing), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.

3.17.2. PD on electronic media is destroyed by erasing or formatting
the media.

3.17.3. The fact of destruction of PD is documented by the act on the destruction of media.

4. Personal data protection

4.1.In accordance with the requirements of regulatory documents, the Operator has created
a personal data protection system (FDD) consisting of subsystems of legal, organizational and technical protection.

4.2. The legal protection subsystem is a set of legal, organizational
, administrative, and regulatory documents that ensure the creation, operation, and improvement of the NWPD.

4.3. The subsystem of organizational protection includes the organization of the management structure of the FDD, the licensing system, and information protection when working with employees, partners, and third parties.

4.4. The technical protection subsystem includes a set of technical,software,
software and hardware tools that provide PD protection.

4.4. The main PD protection measures used by the Operator are::

4.5.1. Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, provides training and instruction, and internal control over the compliance of the institution and its employees with the requirements for the protection of personal data.

4.5.2. Identification of current threats to the security of PD when processing them in the ISPD and development of measures and measures to protect PD.

4.5.3. Development of a personal data processing policy.

4.5.4. Establishing rules for access to the PD processed in the ISPD, as well as ensuring registration and accounting of all actions performed with the PD in the ISPD.

4.5.5. Setting individual passwords for employees ' access to the information system in accordance with their work responsibilities.

4.5.6. Use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure.

4.5.7. Certified antivirus software with regularly updated databases.

4.5.8. Compliance with the conditions that ensure the safety of personal data and exclude
unauthorized access to them.

4.5.9. Detection of unauthorized access to personal data and taking measures.

4.5.10. Restore PD files that were modified or destroyed due
to unauthorized access to them.

4.5.11. Training of the Operator's employees who directly process
personal data on the provisions of the Russian Federation legislation on personal data, including requirements for personal data protection, documents defining the Operator's policy on personal data processing, and local acts on personal data processing.

4.5.12. Implementation of internal control and audit.

5. Basic rights of the PD subject and Operator's obligations

5.1. Basic rights of the PD subject.

The subject has the right to access his personal data and the following information:

- confirmation of the fact of PD processing by the Operator;

- legal grounds and purposes of PD processing;

- goals and methods of PD processing used by the Operator;

- the name and location of the Operator, information about persons (with the exception of employees of the Operator) who have access to the PD or to whom the PD may be disclosed on the basis of a contract with the Operator or on the basis of a federal law;

- terms of processing of personal data, including the terms of their storage;

- procedure for the exercise by the PD subject of the rights provided for in this Federal Law;

- name or surname, first name, patronymic and address of the person performing PD processing on behalf of the Operator, if processing is or will be assigned to such person;

- contacting the Operator and sending them requests;

- appeal against the Operator's actions or omissions.

5.2. Operator's Obligations.

The operator must:

- when collecting personal data, provide information about the processing of personal data;

- if the PD was not received from the PD subject, notify the subject;

- when refusing to provide PD to the subject, the consequences of such refusal are explained;

- publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information about the implemented requirements for the protection of personal data;

- take the necessary legal, organizational and technical measures or ensure their adoption to protect the PD from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of the PD, as well as from other illegal actions in relation to the PD;

- provide answers to requests and appeals of PD subjects, their representatives and the authorized body for the protection of the rights of PD subjects.

6. Updating, correcting, deleting and destroying
personal data, responding to requests from subjects
for access to personal data

6. Updating, correcting, deleting and destroying personal data, responding to requests from subjects for access to personal data

6.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Personal Data Law, are provided by the Operator to the personal data subject or his representative when applying or receiving a request from the personal data subject or his representative.

The information provided does not include personal data related to other personal data subjects, except in cases where there are legal grounds for disclosure of such personal data.

The request must contain:

- number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority;

- information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional word designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator;

- signature of the personal data subject or his representative.

The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

If the request (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him.

The right of a personal data subject to access his / her personal data may be restricted in accordance with Part 8 of Article 14 of the Personal Data Law, including if the personal data subject's access to his / her personal data violates the rights and legitimate interests of third parties.

6.2. If inaccurate personal data is identified when a personal data subject or his representative applies, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the subject personal data or third parties.

If the fact of inaccuracy of personal data is confirmed, the Operator, based on information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.

6.3. In case of detection of illegal processing of personal data when applying (requesting) a personal data subject or his representative or Roskomnadzor, the Operator blocks illegally processed personal data related to this personal data subject from the moment of such request or receipt of the request.

6.4. If the purposes of personal data processing are achieved, as well as if the personal data subject withdraws consent to their processing, personal data is subject to destruction if:

- otherwise is not provided for in the contract to which the personal data subject is a party, beneficiary or guarantor;

- the operator does not have the right to process personal data without the consent of the subject on the grounds provided for by the Law on Personal Data or other federal laws;

- no other agreement between the Operator and the personal data subject provides otherwise.

7. Operator's Banking details:

Individual entrepreneur Lazareva Irson Igorevna

OGRNIP 323623400017007

TIN 620550975930

Address: Ryazan region, Russian Federation

E-mail: irsonl@yandex.ru