PROCESSING OF PERSONAL DATA OF SITE VISITORS

1. General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been prepared in accordance with clause 2.1 of Article 18.1 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ dated July 27, 2006 (hereinafter referred to as the Law) and defines the position of the Site Administration (hereinafter referred to as the Site Administration) in the field of processing and protection of personal data (hereinafter referred to as Data), respect for the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.
2. Scope of application
2.1. This Policy applies to Data received both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of Data, as well as taking care of the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Site Administration ensures reliable data protection.
3. Definitions
3.1. Data means any information related directly or indirectly to a specific or identifiable individual, i.e. such information, in particular, includes: surname, first name, patronymic, e-mail, location, link to a personal website or social networks, ip address.
3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and/or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data Security means the protection of Data from unlawful and/or unauthorized access to it, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions in relation to Data.
3.4. The site administration does not recommend leaving personal data in an open public chat. The administration is not responsible for the use of personal data left by the user in the general chat by other persons.
4. Legal grounds and purposes of data processing
4.1. The processing and security of Data by the Site Administration is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other defining cases and features of data processing of federal laws of the Russian Federation, guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.
4.2. The subjects of the Data processed by the Site Administration are:
4.2.1. Users and visitors of the site https://anyhacks.com / owned by the Site Administration, including for the purpose of placing an order on the Site https://anyhacks.com /.
4.3. The site Administration processes the Data of the subjects for the following purposes:
4.3.1. the implementation of the functions, powers and duties assigned to the Site Administration by the legislation of the Russian Federation in accordance with federal laws,
4.3.2. Users for the purposes of:
4.3.2.1. - providing information on goods/services, ongoing promotions and special offers;
4.3.2.2.- analyzing the quality of the service provided and improving the quality of customer service;
4.3.2.3.- informing about the status of the order;
4.3.2.4.- execution of the contract, including the purchase and sale agreement, including those concluded remotely on the Website, paid provision of services; provision of services, as well as accounting for services provided to consumers for mutual settlements;
4.3.2.5.- delivery of the ordered Goods to the User who made the order on the Website, return of the goods.
5. Principles and conditions of data processing.
5.1. When processing Data, the Site Administration adheres to the following principles: Data processing is carried out on a lawful and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies, legal proceedings; determination of specific legitimate purposes before processing (including collection) Data; only those Data that are necessary and sufficient for the stated purpose of processing are collected; combining databases containing Data processed for purposes incompatible with each other is not allowed; data processing is limited to achieving specific, predetermined and legitimate goals; processed Data is subject to destruction or depersonalization upon achievement of processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
5.2. The site Administration may include the Data of subjects in publicly available data sources, while the Site Administration takes the written consent of the subject to process his Data, or by expressing consent through the form of the site (checkbox), by clicking which the subject of personal data expresses his consent.
5.3. The site Administration does not process Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which are used by the operator to establish the identity of the Data subject) are not processed by the site Administration.
5.5. The site Administration carries out cross-border data transfer. The site administration confirms that the foreign state to whose territory the transfer of personal data is carried out ensures adequate protection of the rights of personal data subjects in accordance with the security level defined by the Council of Europe Convention on the Protection of Individuals with Automated Processing of Personal Data.
5.6. In cases established by the legislation of the Russian Federation, the Site Administration has the right to transfer Data to third parties (the federal tax service, the state pension fund and other state bodies) in cases provided for by the legislation of the Russian Federation.
5.7. The site Administration has the right to entrust the processing of Data of Data subjects to third parties with the consent of the data subject, on the basis of an agreement concluded with these persons, including in agreement with the user agreement and the policy of processing personal data posted on the site.
5.8. Persons who process Data on the basis of an agreement concluded with the Site Administration (instructions from the operator) undertake to comply with the principles and rules of data processing and protection provided for by Law. For each third party, the contract defines a list of actions (operations) with Data that will be performed by a third party engaged in data processing, the purposes of processing, establishes the obligation of such a person to respect confidentiality and ensure data security during their processing, specifies the requirements for the protection of processed Data in accordance with the Law.
5.9. In order to fulfill the requirements of their contractual obligations, data processing in the Site Administration is carried out both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Site Administration is prohibited from making decisions based solely on automated data processing that generate legal consequences for the Data subject or otherwise affect his rights and legitimate interests.
6. The rights and obligations of data subjects, as well as the Site Administration in terms of data processing
6.1. The subject whose Data is processed by the Site Administration has the right to:
6.1.1. receive from the Site Administration:
6.1.1.1. confirmation of the fact of Data processing and information on the availability of Data related to the relevant data subject;
6.1.1.2. information on the legal grounds and purposes of data processing;
6.1.1.3. information about the methods of data processing used by the Site Administration;
6.1.1.4. a list of processed Data related to the Data subject and information about the source of their receipt;
6.1.1.5. information on the terms of data processing, including the terms of their storage;
6.1.1.6. information on the procedure for the exercise of these rights by the subject;
6.1.1.7. other information provided by Law or other regulatory legal acts of the Russian Federation;
6.1.2. require the Site Administration to:
6.1.2.1. clarifying their Data, blocking or destroying them if the Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
6.1.2.2. withdraw your consent to data processing at any time; demand the elimination of illegal actions of the Site Administration in relation to its Data;
6.1.3. to protect their rights and legitimate interests, including compensation for damages and/or compensation for moral damage in court.
6.2. The site Administration in the process of data processing is obliged to:
6.2.1. to provide the Data subject, upon his request, with information concerning the processing of his personal data, or to legally provide a refusal within thirty days from the date of receipt of the request of the data subject or his representative;
6.2.2. explain to the Data subject the legal consequences of refusing to provide Data if the provision of Data is mandatory in accordance with federal law;
6.2.3. take the necessary legal, organizational and technical measures or ensure that they are taken to protect Data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions in relation to Data;
6.2.4. publish on the Internet and provide unrestricted access using the Internet to the document defining its data processing policy, to information on the implemented data protection requirements;
6.2.5. provide Data subjects and/or their representatives with the opportunity to familiarize themselves with the Data free of charge when making a corresponding request within 30 days from the date of receipt of such a request;
6.2.6. to block illegally processed Data related to the Data subject, or to ensure their blocking (if data processing is carried out by another person acting on behalf of the Site Administration) from the moment of contacting or receiving a request for a verification period, in case of detection of illegal data processing when contacting the Data subject or his representative or at the request of the Data subject or his representative or the authorized body for the protection of the rights of personal data subjects;
6.2.7. clarify the Data or ensure their clarification within 7 working days from the date of submission of the information and remove the blocking of the Data, in case of confirmation of the fact of inaccuracy of the Data based on the information provided by the data subject or his representative;
6.2.8. to stop illegal data processing or to ensure the termination of illegal data processing;
6.2.9. terminate Data processing or ensure its termination and destroy Data or ensure their destruction upon achievement of the purpose of data processing, unless otherwise provided for by the agreement to which the Data subject is a party, beneficiary or guarantor, in case of achievement of the purpose of data processing;
6.2.10. to stop Data processing or ensure its termination and destroy the Data or ensure their destruction in case the Data subject withdraws consent to data processing, if the Site Administration does not have the right to process Data without the consent of the Data subject;
7. Data protection Requirements
7.1. When processing Data, the Site Administration takes the necessary legal, organizational and technical measures to protect Data from unlawful and/or unauthorized access to them, destruction, modification, blocking, copying, provision, dissemination of Data, as well as from other illegal actions in relation to Data.
7.2. Such measures in accordance with the Law, in particular, include:
7.2.1. appointment of the person responsible for the organization of data processing and the person responsible for ensuring Data security;
7.2.2. development and approval of local acts on data processing and protection;
7.2.3. application of legal, organizational and technical measures to ensure data security:
7.2.4. identification of data security threats during their processing in personal data information systems;
7.2.5. application of organizational and technical measures to ensure Data security during their processing in personal data information systems necessary to meet data protection requirements;
7.2.6. the use of information security tools that have passed the compliance assessment procedure in accordance with the established procedure;
7.2.7. assessment of the effectiveness of the measures taken to ensure data security prior to the commissioning of the personal data information system;
7.2.8. accounting of machine data carriers, if Data storage is carried out on machine media;
7.2.9. detection of unauthorized access to Data and taking measures to prevent such incidents in the future;
7.2.10. recovery of Data modified or destroyed due to unauthorized access to them;
7.2.11. establishment of rules for access to Data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with Data in the personal data information system.
7.2.12. control over the measures taken to ensure data security and the level of security of personal data information systems;
7.2.13. assessment of the harm that may be caused to data subjects in case of violation of the requirements of the Law, the ratio of the specified harm and the measures taken by the Site Administration aimed at ensuring the fulfillment of obligations provided for by Law;
7.2.14. compliance with the conditions that exclude unauthorized access to material data carriers and ensure the safety of Data;
8. Terms of data processing (storage)
8.1. The terms of Data processing (storage) are determined based on the purposes of data processing, in accordance with the validity period of the contract with the data subject, the requirements of federal laws, the requirements of data operators, on whose behalf the Site Administration processes Data, the basic rules of the archives of organizations, the statute of limitations.
8.2. Data whose processing (storage) period has expired must be destroyed. Data storage after the termination of their processing is allowed only after their depersonalization.
9. The procedure for obtaining clarifications on data processing
9.1. Persons whose Data is processed by the Site Administration can receive clarifications on the processing of their Data by contacting the Site Administration through the feedback form.
10. Features of processing and protection of Data collected by the site Administration using the Internet
10.1. The Site Administration processes the Data received from the Site users from the resource: https://anyhacks.com / (hereinafter jointly referred to as the Website) and when directly proceeding to the checkout.
10.2. Data Collection
There are two main ways in which the Site Administration receives Data via the Internet:
10.2.1. Provision of Data (independent data entry):
10.2.1.1. last name
10.2.1.1. name
10.2.1.1. patronymic
10.2.1.1. e-mail
10.2.1.1. link to a personal website or social networks
10.3. Automatically collected information
The site administration may collect and process information that is not personal data:
10.3.1. location determination
10.3.2. ip address
10.3.3. information about the interests of Users on the Site based on the entered search queries of Site users about goods sold and offered for sale in order to provide up-to-date information to users when using the Site, as well as generalization and analysis of information about which sections of the Site and products are in greatest demand among Site customers;
10.3.4. processing and storing search queries of Site users in order to summarize and create client statistics on the use of Site sections. The site administration automatically receives some types of information obtained during user interaction with the Site, e-mail correspondence, etc. We are talking about technologies and services such as web protocols, cookies, web tags, as well as applications and tools of the specified third party. At the same time, web tags, cookies and other monitoring technologies do not allow you to automatically receive Data. If the user of the Site provides his Data at his discretion, for example, when filling out a feedback form or when sending an email, then only then the processes of automatic collection of detailed information are started for the convenience of using the Site and / or to improve interaction with Users.
10.4. Data Usage
The site Administration has the right to use the provided Data in accordance with the stated purposes of their collection with the consent of the data subject, if such consent is required. The data obtained in a generalized and depersonalized form can be used to better understand the needs of buyers of goods and services sold by the site Administration and improve the quality of service.
10.5. Data Transmission
The site Administration may entrust the processing of Data to third parties solely with the consent of the data subject. The Data may also be transferred to third parties in the following cases: a) as a response to legitimate requests from authorized state bodies, in accordance with laws, court decisions, etc. b) Data may not be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the data subject.
10.6. The Site contains links to other web resources where information may be useful and interesting for Site users. However, this Policy does not apply to such other sites. Users who click on links to other sites are advised to familiarize themselves with the data processing policies posted on such sites.
10.7 The User of the Site may revoke his consent to data processing at any time by sending a message to the following e-mail address: dramma99@list.ru . Upon receipt of such a message, the processing of the User's Data will be terminated and his Data will be deleted, except in cases where processing can be continued in accordance with the law.
11. Final provisions
11.1. This Policy is a local regulatory act of the Site Administration. This Policy is publicly available. The general availability of this Policy is ensured by publication on the Website. This Policy may be revised in any of the following cases:
11.1.1. in case of changes in the legislation of the Russian Federation in the field of processing and protection of personal data;
11.1.2. in cases of receiving instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;
11.1.3. by the decision of the Site Administration;
11.1.4. when changing the purposes and timing of data processing;
11.1.5. when changing the organizational structure, the structure of information and/or telecommunication systems (or introducing new ones);
11.1.6. when using new technologies for data processing and protection (including transmission, storage);
11.1.7. if there is a need to change the data processing process related to the Site's activities.
11.2. An integral part of this Policy is the Consent to the processing of personal data posted on the Website.
11.3. This Policy applies directly and is interrelated with the User Agreement posted on the Site.