February 4, 2020
This policy defines the policy of the private entrepreneur Filipp Igorevich Protsenko (hereinafter referred to as the Operator) in relation to the processing of personal data and contains information on the requirements for the protection of personal data implemented by the Operator. This policy applies to all personal data processed using the Service and that the Operator receives or may receive from the User.
1. GENERAL TERMS
1.1. The following terms and definitions for the purposes of this policy have the following meanings:
"Personal data" is any information relating to a specific person (owner of personal data) defined or determined on the basis of such information, including his/her last name, first name, middle name, year, month, date, and place of birth, address, email address mail, phone number, marital, social, property status, education, profession, income, other information. For the purposes of this policy, personal data means both information that the User provides about himself independently when using the Service, and information that is automatically transmitted to the Operator in the process of using the Service using the software installed on the User’s device, including the IP address, data cookies, information about the User’s browser, technical specifications of the equipment and software used by the User, the date and time of access to the Service, the addresses of the requested website pages and other similar information. In addition, personal information for the purposes of this policy also includes information about the User, the processing of which is provided for by the Agreement governing the use of the Service. Personal data refers to confidential information.
"Operator" is a private entrepreneur Filipp Igorevich Protsenko, OGRNIP (Primary State Registration Number of the Individual Entrepreneur) 312231115700151, INN (Tax identification number) 23650201778, with registered office address: ulitsa Sormovskaya 204, app 382, 350088, Krasnodar, processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
"User" is any physical person (owner of personal data), including acting on behalf of and in the interests of a legal entity who may, in the process of using the Service, provide the Operator with his/her personal data, either independently or through a legal entity represented by him that has agreed with the stated in the Agreement by the conditions either by signing it or by performing the explicit actions specified in it aimed at using the Service. In the context of this policy, the User also means persons whose personal data are processed by the Operator on behalf of the User of the Service contained in the Agreement.
"Service", "Personal data information system", "Information System" is a web service available on the Internet at https://irrisketch.com/ which is an online service for the design of automatic irrigation systems. The service includes a combination of information, other computer programs, databases, program codes underlying their know-how, algorithms, design elements, fonts, logos, as well as text, graphic, and other materials, as well as other results of intellectual activity.
"Agreement" is a license agreement/contract, a user or other agreement between the User and the Operator that governs the use of the Service and contains the instruction of the User to the Operator to process personal data concluded either by signing it or by performing specific actions specified therein aimed at the use of the Service.
"Personal data processing" is a license agreement/contract, a user or other agreement between the User and the Operator, which regulates the use of the Service and contains the instruction of the User to the Operator to process personal data concluded either by signing it or by performing specific actions specified therein aimed at the use of the Service.
"Automated processing of personal data" is the processing of personal data using computer technology.
"Non-automated processing of personal data", "Processing of personal data without the use of automation" is the processing of personal data contained in the personal data information system or extracted from such a system in cases when such actions are with personal data as the use, refinement, dissemination, destruction of personal data in relation to each of the personal data subjects is performed with the direct participation of a person.
"Distribution of personal data" are actions aimed at the disclosure of personal data to an indefinite circle of persons.
"Provision of personal data" are actions aimed at transferring personal data to a specific person or a specific circle of persons.
"Blocking of personal data" is a temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).
"Destruction of personal data" are actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
"Anonymization of personal data" are actions, as a result of which it is impossible to determine whether personal data belongs to a specific owner without using additional information.
"Use of personal data" are actions (operations) with personal data committed for the purpose of making decisions, transactions, or other actions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others persons.
"Publicly available personal data" is personal data access to an unlimited circle of persons to which is granted with the consent of the subject or to which, in accordance with applicable laws, the requirement of confidentiality does not apply.
"Confidentiality of personal data" is a requirement for compliance with a person who has access to personal data is a requirement not to allow their dissemination without the consent of the subject or other legal basis.
"Statistics" is information about the use of the Service, its modules, and the website in general collected using Counters, cookies, web beacons, and other similar technologies.
"Cookies", "cookie" is a small piece of data sent by the web server and stored on the device of the user of the website on which the Counter is installed. Cookies contain small chunks of text and are used to store information about browsers. They allow you to store and receive identification information and other information on computers, smartphones, phones, and other devices. The cookie specifications are described in RFC 2109 and RFC 2965. Other technologies are used for the same purpose, including data stored by browsers or devices, device identifiers, and other software. In this Agreement, all of these technologies are called cookies.
"Web beacons" are images in electronic form (single-pixel (1x1) or empty GIF images). Web beacons can help the Operator recognize certain types of information on the User’s device, for example, cookies, the time and date of viewing the page, and the description of the page where the web beacon is located.
"Counter" is a computer program that uses a piece of code installed on a website that is responsible for analyzing cookies and collecting statistical and personal data from this website. Personal data is collected in anonymized form.
"IP-address" is a number from the numbering resource of a data network built on the basis of the IP protocol (RFC 791), which uniquely identifies a terminal (computer, smartphone, tablet) when providing telematic communication services, including Internet access, other device or means of communication included in the information system and owned by the User.
"HTTP header" is a row in the HTTP message that contains a colon-separated name-value pair. The HTTP header format follows the common ARPA network text message header format described in RFC 822.
"Token" is a unique character set that identifies the User in accounts of third-party web services. The token allows an authorized connection to the Service using authorization through third-party web services (for example, social networks).
"Applicable law" is the legislation of the Russian Federation, as the legislation of the country where the Operator is registered or is a resident. In certain cases, applicable law may mean the legislation of the country where the User resides or is a resident of if such legislation establishes the priority of its rules over the rules of this Agreement.
1.2. All other terms and definitions found in the text of this policy are interpreted by the Parties in accordance with applicable law, current recommendations (RFC) of international standardization bodies on the Internet, and the usual rules for the interpretation of relevant terms on the Internet.
1.3. Terms and definitions used in this Agreement can be used both in the singular and in the plural, depending on the context, the terms can be spelled both in uppercase and lowercase letters.
1.4. The names of the headings (articles), as well as the design of this document, are intended only for the convenience of using the text of the Agreement and have no literal legal value.
1.5. This policy is developed in accordance with the requirements of applicable law in the field of personal data protection.
1.6. This policy defines the procedure and conditions for the processing of personal data by the Operator, including the procedure for transferring personal data to third parties, the features of manual processing of personal data, the procedure for accessing personal data, the system for protecting personal data, the procedure for organizing internal control and liability for violations in the processing of personal data, and also other issues.
1.7. This policy takes effect from the moment it is approved by the Operator and is valid indefinitely until it is replaced with a new policy.
1.8. The Operator has the right to make changes to this policy without the consent of the User. All changes to the policy are made by the regulatory act of the Operator.
1.9. This policy applies to all processes for the processing of personal data performed using the Service without using automation tools. The Operator does not control and is not responsible for websites owned by third parties to which the User can click on the links posted on the Service.
1.10. This policy is intended to show that the Operator, fulfilling the obligation established by the applicable law to protect the personal data of Users during their processing, informs the User in this policy that:
▪ for what purpose and how the Operator collects and processes personal data when the User uses the Operator's Service;
▪ what are the obligations of the Operator as a legal entity making a decision on the goals and methods of processing the personal data of the User;
▪ what are the rights of the User and what tools he/she can use to reduce the amount of processed personal data;
2. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
2.1. The Operator processes the personal data of the User guided by the requirements of the applicable law, as well as other applicable acts in the field of the Operator.
2.2. Processing of the User’s personal data is performed on the basis of and pursuant to the Agreement governing the use of the Service and other agreements or contracts concluded between the User and the Operator.
2.3. Processing of the User’s personal data may also be performed on the basis of his/her separate consent to such processing, which can also be expressed directly when using the Service by clicking on the appropriate button or by putting an indicator on the corresponding checkbox. The validity period of such consent of the User is indicated in its text.
3. PURPOSES FOR COLLECTION OF THE PERSONAL DATA
3.1. The Operator processes only those personal data that are necessary to use the Service or to execute agreements and contracts with the User unless the applicable law provides for the mandatory storage of personal information for a period specified by law.
3.2. When processing personal data, the Operator does not combine databases containing personal data, the processing of which is performed for incompatible purposes.
3.3. The operator processes the personal data of the User for the following purposes:
3.3.1. the use of personal data of Users who are physical persons using the Service on their own behalf for the purpose of concluding and executing the Agreement or any other contract with the Operator;
3.3.2. the use of personal data of Users who are physical persons using the Service on behalf of the physical persons or legal entities they represent for the purpose of concluding and executing the Agreement or any other agreement with the Operator;
3.3.3. conducting statistical and other studies of the use of the Service on the basis of anonymized data;
3.3.4. compliance with mandatory requirements of applicable law.
4. VOLUME AND CATEGORIES OF PERSONAL DATA BEING PROCESSED, CATEGORIES OF PERSONAL DATA OWNERS
4.1. Personal data authorized for processing in accordance with this policy and provided by Users who are physical persons using the Service on their own behalf by filling in the appropriate input fields when using the Service may include the following information:
4.1.1. surname, name and middle name;
4.1.3. cell phone number;
4.1.4. E-mail address;
4.1.5. messenger identifiers;
4.1.7. delivery address.
4.2. Personal data authorized for processing in accordance with this policy and provided by Users who are physical persons using the Service on behalf of the physical person or legal entity they represent, by filling in the appropriate input fields when using the Service, may include the following information:
4.2.1. surname, name and middle name;
4.2.3. cell phone number;
4.2.4. E-mail address;
4.2.5. messenger identifiers;
4.2.7. delivery address.
4.3. Personal data processed in accordance with this policy and automatically transmitted to the Operator in the process of using the Service using the software installed on the User’s device may include the following information:
4.3.1. HTTP header;
4.3.2. IP address of the User's device;
4.3.3. cookie data;
4.3.4. data collected by counters;
4.3.5. data collected by web beacons;
4.3.6. information about User’s browser;
4.3.7. technical specifications of the device and software;
4.3.8. date and time of access to the Service;
4.3.9. addresses of requested pages of the Service website;
4.3.10. geographic coordinates of the location of the User;
4.4. In accordance with this policy, the Operator processes the personal data of persons belonging to the following categories of personal data owners:
4.4.1. physical persons using the Service in accordance with the Agreement on its use on their own behalf;
4.4.2. physical persons using the Service in accordance with the Agreement on its use on behalf of the physical person or legal entity that they represent.
4.5. The Operator does not collect special categories of personal data (sensitive personal information) relating to race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, biometric data.
5. TERMS AND PROCEDURES OF PERSONAL DATA PROCESSING
5.1. The Operator has the right to process the personal data of the User without notice to the authorized body for the protection of the rights of personal data subjects unless otherwise provided by applicable law.
5.2. The Operator processes the User’s personal data using the personal data information system without using automation tools in accordance with applicable laws or other regulatory legal acts that establish the requirements for ensuring the security of personal data during its processing and for observing the rights of personal data subjects. Such actions with personal data as the use, refinement, distribution, destruction of personal data in relation to the User are performed with the direct participation of the Operator's employees in accordance with the features approved by applicable law.
5.3. The Operator processes and stores the User’s personal data for a period determined in accordance with the Agreement on the use of the Service.
5.4. Concerning the personal data of the User, their confidentiality is maintained, except for cases when the User voluntarily provides information about himself for general access to an unlimited circle of persons.
5.5. The Operator has the right to transfer the personal data of the User to third parties in the following cases:
5.5.1. the User has consented to such actions, expressed in accordance with the terms of the Agreement on the use of the Service;
5.5.2. the transfer is necessary for the use by the User of certain functionality of the Service (for example, for authorization through accounts on social networks) or for the execution of a specific agreement, contract or transaction with the User;
5.5.3. the transfer is provided for by the legislation of the Russian Federation or other applicable legislation within the framework of the procedure established by the legislation;
5.5.4. in the event of a transfer of rights to the Service, personal data must be transferred to the acquirer at the same time as all obligations to comply with the conditions of this policy are applied to the personal data received by him;
5.5.5. if necessary, to ensure the possibility of protecting the rights and legitimate interests of the Operator or third parties, when the User violates this policy or the Agreement on the use of the Service;
5.5.6. in other cases provided for by law.
5.6. In case of loss or unauthorized disclosure of personal data, the Operator informs the User of that fact.
5.7. The Operator shall take the necessary organizational and technical measures to protect the User’s personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions of third parties.
5.8. The Operator together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or unauthorized disclosure of the User’s personal data.
5.9. The Operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by applicable law.
5.10. When collecting personal data, the Operator records, systematizes, accumulates, stores, clarifies (updates, changes), extracts the personal data of the User who are citizens of the Russian Federation using databases located on the territory of the Russian Federation. The Operator performs similar actions with the personal data of citizens of other countries taking into account the legislation applicable to such personal data.
5.11. The Operator stops processing the User’s personal data which is processed without their consent, upon the expiration of the User’s consent to their processing or upon withdrawal of the User’s consent to the processing of his/her personal data, as well as in the event of unlawful processing of personal data or the liquidation of the Operator.
6. PROCEDURE FOR COLLECTING PERSONAL DATA BY USING “COOKIES”, WEB BEACONS, AND COUNTERS
6.2. The Operator uses different types of cookies in the Service, which serve for different purposes and, depending on them, can be assigned to one of the following categories:
• "Required", i.e. cookies, which are strictly necessary for operation of critical components of the Service and for making payments by the User;
• "Functional", i.e. cookies that allow the User to interact with the interface of the Service and use its features, record information about the actions performed in the Service and customize the Service in accordance with the needs of the User. Without these cookies, the Service will not be able to provide certain functions, such as remembering the information entered by the User, saving the preferred language, etc.;
• "Analytical", i.e. analytical/statistical cookies that help improve the performance of the Service and make it more user-friendly. Through Analytical cookies, the Operator receives information about the quality and/or efficiency of the Service and its services, which helps to understand how Users use the Service and how they use the Operator's services.
6.3. The Operator does not explicitly request consent for the use of required cookies. If the User does not want his/her personal data to be collected using the mandatory cookies, he/she can disable their provision to the Operator in the software (browser) on his/her device. In this case, the functionality of the Service associated with the mandatory cookies is no longer available to the User, which may lead to a complete stop of operation or incorrect operation of the Service.
6.4. The Operator may use functional and analytical cookies only with the consent of the User, which is expressed as a general rule by the adoption of the Agreement and the start of the use of the Service. Otherwise, the User has the right to refuse to use such cookies by disconnecting them in the Service settings without harming its functionality.
6.5. The User agrees that his/her devices and software used to work with the Service, depending on their version and configuration, may or may not have the function of prohibiting operations with cookies, for any for certain sites and applications, as well as the function of deleting previously received cookies (for example, private browser mode).
6.6. The Operator has the right to establish a requirement for the User’s device on the mandatory permission to receive and receive cookies in connection with security requirements.
6.9. The counters placed by the Operator in the Service can be used by the Operator to analyze cookies and collect personal data about the use of the Service in order to improve the quality of the Service, the level of ease of use, and the improvement of the Service. Technical parameters of the meters are determined by the Operator and are subject to change without prior notice to the User.
6.10. The Operator may also use web beacons, either separately or together with cookies, to collect information about the use of the Service. The user has the right to block web beacons when using the Service by prohibiting the download of images in the settings of his/her software (browser).
7. ACCESS TO PERSONAL DATA
7.1. The right to access the personal data of the User is reserved only to the Operator’s employees, who are allowed by virtue of their duties to work with the personal data of the User on the basis of a list of persons authorized to work with personal data, which is approved by the Operator.
7.2. The list of employees who have access to personal data is maintained by the Operator in an up-to-date state.
7.3. Access to the personal data of the User by third parties who are not employees of the Operator is prohibited without the consent of the User, except for cases established by applicable law.
7.4. The access of the Operator’s employee to the personal data of the User ceases from the date of termination of the employment relationship or from the date the employee loses the right to access the personal data of the User in connection with a change in job duties, position or other circumstances in accordance with the procedure established by the Operator. In the event of termination of employment, all media with the User’s personal data that were at the disposal of the dismissed employee of the Operator are transferred to a higher-ranking employee in the manner established by the Operator.
8. UPDATING, CORRECTION, DELETING AND DESTRUCTION OF PERSONAL DATA
8.1. The User may at any time change, update, supplement, or delete the personal data provided to them or part thereof using the Service interface.
8.2. If the Operator independently identifies the fact of incompleteness or inaccuracy of the User’s personal data, the Operator shall take all possible measures to update personal data and make appropriate corrections.
8.3. If it is impossible to update incomplete or inaccurate personal data of the User, the Operator takes measures to delete them.
8.4. If it becomes unlawful for the processing of personal data of the User, their processing by the Operator ceases, and personal data is subject to deletion.
8.5. If the Service interface is inoperative or the Service is not functional for changing, updating, supplementing, or deleting the personal data by the User, as well as in any other cases, the User has the right to demand in writing from the Operator the clarification of his/her personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose.
8.6. The Operator makes the necessary changes to the personal data that are incomplete, inaccurate, or irrelevant in a period not exceeding seven business days from the date the User provides information confirming that the personal data is incomplete, inaccurate, or outdated.
8.7. The Operator destroys the User’s personal data illegally obtained or not necessary for the stated processing purpose within a period not exceeding seven business days from the date the User submits information confirming that such personal data is illegally obtained or is not necessary for the stated processing purpose.
8.8. The Operator notifies the User of the changes made and measures taken and takes reasonable measures to notify third parties to whom the personal data of this User was transferred.
8.9. User's rights to change, update, supplement, or delete personal data may be limited in accordance with the requirements of applicable law. Such restrictions, in particular, may provide for the Operator's obligation to save personal data changed, updated, supplemented, or deleted by the User for a period specified by applicable law and to transfer such personal data in accordance with the established procedure to state authorities.
9. RESPONSES TO USER'S REQUESTS FOR ACCESS TO PERSONAL DATA
9.1. The User has the right to receive information from the Operator regarding the processing of their personal data, including such containing:
9.1.1. confirmation of the fact of processing personal data by the Operator;
9.1.2. legal grounds and purposes of processing personal data;
9.1.3. goals and methods of processing personal data used by the Operator;
9.1.4. the name and location of the Operator, information about persons (except for the employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
9.1.5. processed personal data relating to the respective User, the source of their receipt, unless otherwise provided for by federal law;
9.1.6. terms for processing personal data, including periods for their storage;
9.1.7. the procedure for exercising by the User the rights provided for by applicable law;
9.1.8. information on completed or suspected cross-border data transfer;
9.1.9. name or surname, name, middle name, and address of the person who processes personal data on behalf of the operator, if the processing is or will be entrusted to such a person;
9.1.10. other information provided by law.
9.2. The Operator provides free of charge the opportunity to familiarize yourself with the personal data processed and stored in the Operator’s information system when the User contacts within thirty days from the date of receipt of the User’s written request.
9.3. In case of refusal of the Operator to provide information on the availability of personal data about the User or personal data to the User upon his/her request or upon receipt of a request from the User, the Operator shall provide in writing a reasoned response, which is the basis for such a refusal, within a period not exceeding thirty days from the date of the User's request or from the date of receipt of the User’s request.
10. INFORMATION ON THE REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA AND THEIR IMPLEMENTATION
10.1. The security of personal data during their processing in the information system is ensured by a personal data protection system that neutralizes current threats determined in accordance with applicable law.
10.2. The personal data protection system used by the Operator includes legal, organizational, technical, and other measures to ensure the security of personal data, determined taking into account current threats to the security of personal data and information technologies used in information systems.
10.3. With regard to personal data in respect of which the User has consented to be processed by third parties, the Operator has the right to attract another person on the basis of the contract to ensure the security of personal data when they are processed in the information system.
10.4. When processing personal data in the information system of the Operator, the latter ensures:
10.4.1. taking measures aimed at preventing unauthorized access to the personal data of the User and/or transferring them to persons who do not have the right to access such information;
10.4.2. timely detection of unauthorized access to personal data;
10.4.3. avoidance of impact on technical means involved in the processing of personal data, as a result of which their functioning may be impaired;
10.4.4. the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;
10.4.5. continuous monitoring of the security level of personal data.
10.5. In order to comply with security requirements and implement a personal data security system, the Operator has developed a private model of security threats to the personal data information system.
10.6. The Operator has determined the level of security of personal data during their processing in the personal data information system owned by the Operator.
10.7. The Operator, on the basis of the level of personal data security determined by him when processing them in the personal data information system without using automation, developed and implemented a set of measures to protect and ensure the security of personal data.
10.8. The Operator uses hardware and software for processing and protecting personal data, and also maintains a register of personal data protection means.
10.9. The Operator keeps a journal of accounting and storage of removable storage media containing personal data.
10.10. Technical means ensuring the functioning of the personal data information system are located in premises owned by the Operator on the basis of ownership or other property rights (rent, use, etc.).
10.11. All employees of the Operator authorized to work with personal data, as well as those associated with the operation and maintenance of the personal data information system, are familiar with the requirements of this policy, as well as with the Operator’s internal documents regulating the procedure for working with personal data.
10.12. The Operator has organized the process of training employees in the use of personal data protection equipment operated by the Operator. The training is held by employees with constant access to personal data, and employees associated with the operation and maintenance of the personal data information system and personal data protection facilities.
10.13. The internal documents of the Operator established that employees must immediately inform the appropriate official of the Operator about the loss, damage, or shortage of information carriers containing personal data, as well as about attempts to unauthorized disclosure of personal data, its reasons, and conditions.
11. Consent to personal data processing
11.1. The User decides to provide his/her personal data and agrees to its processing freely, voluntarily, of his/her own free will, and in his/her interest.
11.2. Consent to the processing of personal data provided by the User is specific, informed, and conscious.
11.3. In case of processing the User’s personal data on the basis of and pursuant to the Agreement governing the use of the Service and other agreements or contracts concluded between the User and the Operator using the Service, such processing of the User’s personal data is performed on the basis of such agreements or contracts and does not require separate consent.
11.4. In the case of processing of the User’s personal data on the basis of his/her separate consent to such processing, expressed directly when using the Service by clicking on the appropriate button or by ticking the indicator of the corresponding checkbox, such consent to the processing of personal data is provided by the User in the form of an electronic document signed a simple electronic signature in accordance with the Agreement governing the use of the Service.
11.5. Consent to the processing of personal data may be revoked by the User in accordance with the procedure established by applicable law.
12. FINAL PROVISIONS
12.1. The start of the use of the Service by the User means his/her acceptance of the terms of this policy. If the User disagrees with the terms of this policy, the use of the Service should be immediately terminated.
12.2. This policy and the relationship between the User and the Operator arising in connection with the application of this policy are governed by applicable law.
12.3. This policy is always publicly available on the Operator's website at the following link: https://irrisketch.com/privacy.
12.4. The User can send all suggestions or questions about this policy to the Operator’s customer support service by sending an electronic message to the following email address: https://irrisketch.com/privacy.
Private entrepreneur Filipp Igorevich Protsenko, OGRNIP (Primary State Registration Number of the Individual Entrepreneur) 312231115700151, INN (Tax identification number) 23650201778
Registered office address: ulitsa Sormovskaya 204, app 382, 350088, Krasnodar
E-mail address: firstname.lastname@example.org
Contact telephone number: +7(918)45-666-99