Personal Data Processing Policy1. General ProvisionsThis Personal Data Processing Policy has been developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” and defines the rules for processing personal data, as well as the protection measures implemented by Individual Entrepreneur Daniil Igorevich Vetrov (hereinafter — the “Operator”).
1.1. The Operator considers the protection of human rights and freedoms in the processing of personal data to be a top priority of its activities, including the protection of privacy and personal and family secrets.
1.2. This Policy applies to all information the Operator receives regarding visitors of the website:
https://smartexpat.pro/eng.
2. Key Terms and Definitions2.1. Automated processing of personal data — any operations performed on personal data using computer systems.
2.2. Blocking of personal data — temporary suspension of data processing (except when data clarification is required).
2.3. Website — a collection of graphic elements, texts, software and databases accessible at
https://smartexpat.pro/eng.
2.4. Personal data information system — databases containing personal data and the technologies used to process them.
2.5. Depersonalization of personal data — actions preventing the identification of a user without additional information.
2.6. Personal data processing — any action performed with personal data: collection, storage, systematization, transfer, deletion, depersonalization, etc.
2.7. Operator — a state authority, legal entity or individual that organizes the processing of personal data and determines its purposes.
2.8. Personal data — any information about a user of
https://smartexpat.pro/eng that allows personal identification.
2.9. Personal data made publicly available by the subject — information the subject has made public on the basis of consent.
2.10. User — any individual visiting the website
https://smartexpat.pro/eng.
2.11. Provision of personal data — transfer of data to a limited group of persons.
2.12. Dissemination of personal data — disclosure of data to an unlimited number of persons.
2.13. Cross-border transfer of personal data — transfer of data to recipients in another country.
2.14. Destruction of personal data — complete deletion of data without the possibility of recovery.
3. Operator’s Rights and Obligations3.1. The Operator is entitled to:— request accurate personal data and documents from the user;
— continue processing personal data after consent withdrawal, if required by law;
— independently define the necessary data security measures in accordance with legislation.
3.2. The Operator is obliged to:— provide personal data subjects with information regarding the processing of their personal data;
— process personal data in accordance with the law;
— respond to requests from personal data subjects;
— submit inquiries to authorized state bodies when required;
— publish the current Policy publicly;
— ensure the security and protection of personal data;
— terminate processing and destroy data in cases established by law;
— comply with all other obligations determined by legislation.
4. Rights and Obligations of Personal Data Subjects4.1. Personal data subjects have the right to:— receive information regarding the processing of their personal data;
— request clarification, blocking or deletion of data;
— provide prior consent for data processing for marketing purposes;
— withdraw consent to data processing;
— appeal the Operator’s actions to supervisory authorities or court;
— exercise other rights established by law.
4.2. Personal data subjects shall:— provide accurate and up-to-date information to the Operator;
— report any changes in personal data.
4.3. Individuals who provide false data or data of third parties without consent bear responsibility.5. Principles of Personal Data Processing5.1. Data is processed lawfully and fairly.
5.2. Processing is limited to legitimate and specific purposes.
5.3. Combining databases with incompatible processing purposes is prohibited.
5.4. Only data necessary to achieve stated goals may be processed.
5.5. Personal data must correspond to the processing purposes; excess collection is prohibited.
5.6. The Operator ensures accuracy and relevance of personal data.
5.7. Data storage must not exceed the period necessary to achieve processing purposes.
6. Purposes of Personal Data ProcessingThe main purpose of processing: informing users through email newsletters.
Personal data used:
— full name;
— phone number.
Legal grounds include the Operator’s statutory documents.
Types of processing include:
— collection, recording, storage, systematization, destruction, depersonalization;
— sending informational emails to users’ email addresses.
7. Conditions for Personal Data ProcessingProcessing is carried out:
7.1. with the consent of the subject;
7.2. to fulfill legal obligations;
7.3. to comply with judicial acts;
7.4. to execute agreements with the user;
7.5. to protect the Operator’s interests without violating user rights;
7.6. using publicly available data;
7.7. in cases when disclosure is required by law.
8. Personal Data Processing ProcedurePersonal data security is ensured by legal, technical and organizational measures.
8.1. The Operator takes measures to prevent third-party access to personal data.
8.2. Transfer to third parties is allowed only as required by law or with the subject’s consent.
8.3. Users may update their data by sending a request to:
smartexpates@gmail.com.
8.4. Data processing duration is determined by processing purposes unless otherwise required by law or contract.
8.5. Information collected by third-party services is stored and regulated by their privacy policies.
8.6. Restrictions on data dissemination do not apply in cases established by Russian law.
8.7. Confidentiality is maintained during personal data processing.
8.8. Data storage period must not exceed the time necessary to achieve processing purposes.
8.9. Processing may be terminated due to achievement of objectives, consent withdrawal, or violation detection.
9. Personal Data Actions9.1. The Operator performs: collection, systematization, storage, retrieval, transfer, blocking, deletion and destruction of personal data.
9.2. Processing may be performed using automated systems.
10. Cross-Border Data Transfer10.1. The Operator must notify the authorized authority before cross-border transfer.
10.2. Prior to transfer, the Operator ensures that foreign jurisdictions have adequate data protection guarantees.
11. ConfidentialityThe Operator and individuals with access may not disclose personal data without the subject’s consent except when required by law.
12. Final Provisions12.1. The user may request clarification by email:
smartexpates@gmail.com.
12.2. This Policy is valid indefinitely until replaced by a new version.
12.3. The current version is available at:
https://smartexpat.pro/politeng