Personal data protection policy

This Regulation is governed by the Constitution of the Russian Federation, the Federal Law "On Information, Information Technologies and the Protection of Information" No. 149-FZ of July 27, 2006, the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006 and other regulatory legal acts.

  1. 1. General Provisions
    1. This Regulation is governed by the Constitution of the Russian Federation, the Federal Law "On Information, Information Technologies and the Protection of Information" No. 149-FZ of July 27, 2006, the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006 and other regulatory legal acts.
    2. The main concepts used in the Regulation:
    3. An online store is a website that sells goods via the Internet. It allows users to place an order for purchase online, in their browser, select a method of payment and delivery of the order, and pay for the order.
    4. Client – an individual, a consumer of the online store’s services, and a subject of personal data.
    5. Personal data – information stored in any format, related to a specific or determinable on the basis of such information natural person (subject of personal data), which by itself or in combination with other information available to the online store allows to identify the identity of the Client.
    6. Processing of personal data – actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data.
    7. Dissemination of personal data – actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or familiarizing an unlimited circle of persons with personal data, including disclosure of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way.
    8. Use of personal data – actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that generate legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons.
    9. Confidentiality of personal data is a mandatory requirement for the operator or other person who has access to personal data to prevent their dissemination without the consent of the subject of the personal data or the presence of another legal basis.
    10. This Regulation establishes the procedure for processing personal data of Clients, users of the Seller's online store, presented on the website «https://todayrust.ru/», including subdomains.
    11. The purpose of the Regulation is to ensure the protection of the rights and freedoms of a person and citizen when processing his personal data.
    12. Personal data is processed for the purpose of fulfilling the contract of sale of goods of the online store, one of the parties to which is the Client. The online store collects data only to the extent necessary to achieve the said purpose.
    13. Personal data may not be used for the purpose of causing property or moral harm to citizens or hindering the exercise of the rights and freedoms of citizens of the Russian Federation.
    14. This Regulation is approved by the General Director M.V. Kobilyansky and is mandatory for all employees who have access to the Client’s personal data.
  2. 2. Composition and receipt of personal data of Clients
    1. Personal data collected and processed by the online store includes:
      • other data specified by the Client when placing an order.
    2. All personal data is received by online store employees directly from the subject of personal data – Clients.
  3. 3. Processing and storage of personal data of Clients
    1. The processing of personal data by the online store in the interests of Clients consists of receiving, systematizing, accumulating, storing, clarifying (updating, changing), using, distributing, depersonalizing, blocking, destroying and protecting from unauthorized access.
    2. The consent of Clients to the processing of personal data is not required, since the processing of personal data is carried out for the purpose of fulfilling the purchase and sale agreement, one of the parties to which is the subject of personal data - the Client.
    3. The processing of personal data of Clients is carried out using the mixed processing method.
    4. Only employees of the online store who are authorized to work with the Client's personal data and who have signed the Agreement on Non-Disclosure of the Client's Personal Data may have access to the processing of the Client's personal data.
    5. The list of employees of the online store who have access to the personal data of Clients is determined by the order of the General Director Kobilyansky M.V.
    6. The storage period of personal data of the Clients of the online store is determined by Article 196 of the Civil Code of the Russian Federation "General limitation period" and is three years after the termination of the purchase and sale agreement.
    7. Personal data of Clients is stored in electronic form in the local computer network of the online store.
  4. 4. Use and transfer of personal data of Clients
    1. The use of personal data of Clients is carried out by the online store solely for the achievement of the goals defined in the purchase and sale agreement between the Client and the online store, in particular, for the sale and delivery of goods, as well as additional services.
    2. When transferring personal data of Clients, the online store must comply with the following requirements:
      • Warn persons receiving personal data of Clients that this data may be used only for the purposes for which it was communicated, and require these persons to confirm that this rule has been observed. Persons receiving personal data of Clients are obliged to observe the confidentiality regime. This provision does not apply in the case of anonymization of personal data and in relation to publicly available data.
      • Allow access to personal data of Clients only to specially authorized persons, and such persons must have the right to receive only those personal data that are necessary to perform specific functions.
    3. It is not permitted to answer questions related to the transfer of information containing personal data by telephone or fax.
    4. The online store has the right to provide or transfer personal data of Clients to third parties in the following cases:
      • If disclosure of this information is required to comply with the law, or to execute a judicial act;
      • To assist in investigations carried out by law enforcement or other government agencies;
      • To protect the legal rights of the Client and the online store;
      • To fulfill the requirements of the sales contract concluded with the Client, including the delivery of goods using the services of contractors (including the transfer of information to courier or postal delivery services).
  5. 5. Protection of personal data of Clients from unauthorized access
    1. When processing personal data of Clients, the online store is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.
    2. To effectively protect the personal data of Clients, it is necessary:
      • Comply with the procedure for receiving, recording and storing personal data of Clients;
      • Use technical means of security and signaling;
      • Conclude a Non-Disclosure Agreement with all employees involved in the receipt, processing and protection of the Client’s personal data;
      • Bring to disciplinary responsibility employees guilty of violating the rules governing the receipt, processing and protection of the Client's personal data.
    3. Access to personal data of Clients by employees of the online store who do not have properly executed access is prohibited.
    4. Protection of access to electronic databases containing personal data of Clients is ensured by:
      • Using licensed software products that prevent unauthorized access by third parties to the personal data of Clients;
      • Password system. Passwords are set by the system administrator and communicated individually to employees who have access to the personal data of Clients.
    5. Copying and making extracts of the Client's personal data is permitted exclusively for official purposes with the written permission of the General Director M.V. Kobilyansky.
  6. 6. Responsibilities of the online store
    1. Process personal data of Clients solely for the purpose of providing legitimate services to Clients.
    2. Obtain personal data of the Client directly from him or her or via the website. If the Client's personal data can only be obtained from a third party, the Client must be notified of this in advance and written consent must be obtained from him. Employees of the online store must inform Clients of the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the client's refusal to give written consent to receive it.
    3. Not to receive or process the Client’s personal data about his/her race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided by law.
    4. Provide access to their personal data to the Client or their legal representative upon request or upon receipt of a request containing the number of the main identity document of the Client or their legal representative, information on the date of issue of the said document and the issuing authority, and the personal signature of the Client or their legal representative. The request may be sent electronically and signed with an electronic digital signature in accordance with the legislation of the Russian Federation. Information on the availability of personal data must be provided to the Client in an accessible form and must not contain personal data related to other subjects of personal data.
    5. Limit the Client’s right to access his/her personal data if:
      • The processing of personal data, including personal data obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and the protection of law and order;
      • The processing of personal data is carried out by the bodies that have detained the subject of personal data on suspicion of committing a crime or brought charges against the subject of personal data in a criminal case, or applied a preventive measure to the subject of personal data prior to the presentation of charges, with the exception of cases provided for by the criminal procedure legislation of the Russian Federation, if the suspect or accused is allowed to become familiar with such personal data;
      • Providing personal data violates the constitutional rights and freedoms of others.
    6. Ensure the storage and protection of the Client’s personal data from unauthorized use or loss.
    7. In the event of detection of inaccurate personal data or illegal actions with them by the operator upon request or at the request of the subject of personal data or his legal representative or the authorized body for the protection of the rights of subjects of personal data, the operator is obliged to block the personal data related to the relevant subject of personal data, from the moment of such request or receipt of such request for the verification period.
    8. In the event of confirmation of the fact that personal data is inaccurate, the operator, on the basis of documents submitted by the subject of personal data or his legal representative or the authorized body for the protection of the rights of subjects of personal data, or other necessary documents, is obliged to clarify the personal data and remove their blocking.
    9. In the event of detection of illegal actions with personal data, the operator is obliged to eliminate the violations committed within a period not exceeding three working days from the date of such detection. In the event that it is impossible to eliminate the violations committed, the operator is obliged to destroy the personal data within a period not exceeding three working days from the date of detection of illegal actions with personal data. The operator is obliged to notify the subject of personal data or his legal representative of the elimination of the violations committed or the destruction of personal data, and in the event that the appeal or request was sent by the authorized body for the protection of the rights of subjects of personal data, also the said body.
    10. In the event that the purpose of processing personal data is achieved, the operator is obliged to immediately stop processing personal data and destroy the relevant personal data within a period not exceeding three working days from the date of achieving the purpose of processing personal data, unless otherwise provided by federal laws, and notify the subject of personal data or his legal representative of this, and in the event that the appeal or request was sent by the authorized body for the protection of the rights of subjects of personal data, also the said body.
  7. 7. Client Rights
    1. Access to information about oneself, including information confirming the fact of personal data processing, as well as the purpose of such processing; methods of personal data processing used by the online store; information about persons who have access to personal data or who may be granted such access; a list of personal data processed and the source of their receipt, the terms of processing personal data, including the terms of their storage; information about what legal consequences for the Client may result from the processing of his personal data.
    2. Determination of the forms and methods of processing his personal data.
    3. Restriction of methods and forms of personal data processing.
    4. Prohibition of distribution of personal data without his consent.
    5. Changing, clarifying, destroying information about oneself.
  8. 8. Confidentiality of personal data of Clients
    1. Information about the personal data of Clients is confidential.
    2. The online store ensures the confidentiality of personal data and is obliged to prevent its distribution to third parties without the consent of the Clients or the presence of other legal grounds.
    3. Persons who have access to personal data of Clients are obliged to observe the confidentiality regime, they must be warned about the need to observe the secrecy regime. In connection with the confidentiality regime of personal information, appropriate security measures must be provided to protect data from accidental or unauthorized destruction, accidental loss, unauthorized access to them, modification or distribution.
    4. All confidentiality measures during the collection, processing and storage of personal data of Clients apply to all information carriers, both paper and automated.
    5. The confidentiality regime of personal data is lifted in cases of depersonalization or inclusion of personal data in publicly available sources, unless otherwise specified by law.
  9. 9. Responsibility for violation of the rules governing the processing of personal data of Clients
    1. The online store is responsible for the personal information that is in its possession and establishes the personal responsibility of employees for compliance with the established confidentiality regime.
    2. Each employee who receives a document containing the Client's personal data for work is solely responsible for the safety of the medium and the confidentiality of the information.
    3. Any person may contact the management of the online store with a complaint about the violation of this Regulation. Complaints and applications regarding compliance with data processing requirements are considered within 5 days from the date of receipt.
    4. The employees of the online store are obliged to ensure that requests, applications and complaints from Clients are considered at the proper level, and also to facilitate the implementation of the requirements of the competent authorities.
    5. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of Clients shall bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.