Personal Data Processing Policy
1. General Provisions
Reparacoes.pro respects the right to privacy and does not collect any personal information on this website without the consent of the respective owners.
1.1. Any personal data provided to us will be processed with all guarantees of security and confidentiality established in Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter referred to as the General Data Protection Regulation (GDPR) and in national legislation, Law No. 58/2019 of 8 August, which ensures the implementation, in the national legal order, of that Regulation, specifically the lawfulness of the processing, the non-use thereafter for purposes other than those stated, as well as the possibility of updating, rectifying or deleting by the respective owner.
2. Basic Concepts Used in the Policy
2.1. Automated processing of personal data –
processing of personal data using computer
technology.
2.2. Blocking of personal data – temporary cessation
of processing personal data (except in cases where
processing is necessary to clarify personal data).
2.3. Website – a collection of graphic and information
materials, as well as computer programs and databases,
ensuring their availability on the Internet through a network
address https://reparacoes.pro.
2.4. Personal Data Information System – the entirety
contained in databases of personal data, and
information technologies that ensure their processing and
technical means.
2.5. Anonymization of Personal Data – actions as a result
of which it cannot be determined without the use of additional
information whose personal data belongs to a specific
user or another personal data subject.
2.6. Processing of Personal Data – any action (operation)
or a set of actions (operations) performed with
automation tools or without using such
means on personal data, including collection, recording,
systematization, accumulation, storage, clarification (updating,
modification), extraction, use, transfer
(distribution, provision, access), anonymization,
blocking, deletion, destruction of personal data.
2.7. Operator – state authority, municipal body,
individual or legal entity, alone or in conjunction with
others who organize and (or) perform the processing
of personal data, as well as determining the purposes of processing
personal data, the composition of personal data to be
processed, actions (operations) performed on personal
data.
2.8. Personal Data – any information directly or indirectly
related to a specific or identifiable
user of the website https://reparacoes.pro.
2.9. Personal Data Authorized by the Data Subject
for dissemination – personal data, access to which is provided to an
unlimited number of persons by the data subject by giving consent to the
processing of personal data authorized by the personal data subject
for dissemination in the manner prescribed by the Personal
Data Law (hereinafter referred to as personal data permitted
for distribution).
2.10. User – any visitor of the website https://reparacoes.pro.
2.11. Provision of Personal Data – actions aimed at
disclosing personal data to a specific person
or a certain circle of persons.
2.12. Dissemination of Personal Data – any actions intended to disclose
personal data to an indefinite number of persons (transfer of personal data) or to
acquaint personal data with an unlimited number of people,
including disclosure of personal data in mass
media, placement on information and telecommunications networks or providing
access to personal data in any other way.
2.13. Cross-border Transfer of Personal Data – transfer of
personal data to the territory of a foreign state
to the authority of a foreign state, foreign individual
or foreign legal entity.
2.14. Destruction of Personal Data – any actions as a result
of which personal data are irreversibly destroyed
with the impossibility of further restoration of the content
of personal data in the personal data information system
and (or) physical media of personal data are destroyed.
3. Basic Rights and Obligations of the Operator
3.1. The operator has the right:
– to receive reliable information from the personal data subject
and/or documents containing personal data;
– if the personal data subject withdraws consent for
processing, the operator has the right to continue processing personal data
if there are reasons specified in the Personal Data
Law;
– to independently determine the composition and list of measures necessary
and sufficient to ensure the fulfillment of obligations
provided for by the Personal Data Law and enacted in
accordance with regulatory legal acts, unless otherwise
provided by the Personal Data Law or other
federal laws.
3.2. The operator is obliged:
– to provide the personal data subject on their request
with information regarding the processing of their personal data;
– to organize the processing of personal data in a manner
established by the current legislation of the Russian Federation;
– to respond to inquiries and requests from personal data subjects
and their legal representatives in accordance with the requirements
of the Personal Data Law;
– report to the authorized body for the protection of rights of personal data subjects upon the request of this authority with the necessary information within 30 days from the date of receipt of such request;
– publish or provide unrestricted access to this Policy regarding the processing of personal data;
– take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in respect to personal data;
– cease transmission (distribution, provision, access) of personal data, stop processing and destroy personal data in the manner and cases provided by the personal data law;
– perform other functions provided by the Personal Data Law.
4. Basic Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right:
– to receive information regarding the processing of their personal data, except in cases provided by federal laws. The information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for its acquisition is established by the Personal Data Law;
– to demand that the operator clarifies their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the declared processing purpose, as well as to take legal measures to protect their rights;
– to impose a condition of prior consent during the processing of personal data for the purposes of marketing goods, works, and services;
– to withdraw consent for the processing of personal data;
– to appeal to the authorized body for the protection of personal data subjects' rights or to judicial bodies regarding illegal actions or omissions of the Operator in processing their personal data;
5. The operator may process the following personal data of the User
5.1. Surname, first name, patronymic.
5.2. Email address.
5.3. Telephone numbers.
5.4. The website also collects and processes impersonal data about visitors (including cookies) using Internet statistics services (Google Analytics and others).
5.5. The above data is subsequently referred to in the text of the Policy by the general concept of Personal Data.
5.6. Processing of special categories of personal data, related to race, nationality, political views, religious or philosophical beliefs, intimate life, is not carried out by the operator.
6. Principles for the Processing of Personal Data
6.1. The processing of personal data is conducted lawfully and on a fair basis.
6.2. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. The processing of personal data incompatible with the purposes for which personal data were collected is not allowed.
6.3. Combining databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other, is not allowed.
6.4. Only personal data that are relevant to the purposes of their processing are subject to processing.
6.5. The content and volume of the processed personal data correspond to the declared processing purposes. The processing of excessive personal data relative to the declared purposes of their processing is not allowed.
6.6. Accuracy, sufficiency, and, if necessary, relevance of personal data concerning the purposes of personal data processing is ensured. The operator undertakes necessary measures and/or ensures their adoption to delete or clarify incomplete or inaccurate data.
6.7. Personal data is stored in a form that allows identifying the personal data subject no longer than required by the purposes of personal data processing unless the storage period of personal data is established by a federal law, a contract to which the beneficiary or guarantor is a personal data subject. The processed personal data are to be destroyed or anonymized upon achieving the purposes of processing or in case of losing the need to achieve these purposes, unless otherwise provided by federal law.
7. Purposes of Personal Data Processing
7.1. The purpose of processing the User's personal data:
– to inform the User by sending emails;
– to conclude, execute, and terminate civil contracts;
– to provide the User with access to services, information, and/or materials contained on the website https://reparacoes.pro.
7.2. The Operator also has the right to send notifications to the User about new products and services, special offers, and various events. The user can always refuse to receive informational messages by sending the Operator an email to [email protected] with the subject line “Unsubscribe from notifications about new products and services and special offers.”
7.3. Anonymized user data collected through Internet statistics services are utilized to gather information on the Users’ actions on the site, aiming to improve the site and its content.
8. Conditions of Personal Data Processing
8.1. The processing of personal data is carried out with the consent of the personal data subject for the processing of their personal data.
8.2. The processing of personal data is necessary for the execution of a contract of which the party is beneficiary or guarantor where the personal data subject is involved, and also for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be the beneficiary or guarantor.
8.3. The processing of personal data is necessary for the realization of legitimate rights and interests of the operator or third parties, or for achieving socially significant objectives, provided that in this case, the rights and freedoms of the personal data subject are not violated.
8.4. Personal data is processed, access to which is provided to an unlimited number of persons by the personal data subject or at their request (hereinafter referred to as publicly available personal information).
9. Procedure for the Collection, Storage, Transfer, and Other Types of Personal Data Processing
The security of the processed personal data is ensured by the legal, organizational, and technical measures necessary for the full compliance with the current legislation requirements in the field of personal data protection.
9.1. The operator guarantees the security of personal data and takes all possible measures to exclude access to personal data by unauthorized persons.
9.2. Under no circumstances will the User's personal data be transferred to third parties, except for situations related to the fulfillment of current legislation or if the personal data subject has given consent to the operator to transfer data to third parties to fulfill obligations under a civil contract.
10. List of Actions Performed by the Operator with Received Personal Data
10.1. The operator collects, records, systematizes, accumulates, stores, clarifies (updates, modifies), extracts, uses, transfers (distributes, provides, accesses), anonymizes, blocks, deletes, and destroys personal data.
10.2. The operator performs automated processing of personal data with receiving and/or transferring the received information via information and telecommunication networks or without such.
11. Cross-Border Transfer of Personal Data
11.1. Prior to the commencement of the cross-border transfer of personal data, the operator is required to ensure that the foreign state onto the territory of which it is intended to conduct the transfer of personal data provides a reliable protection of the rights of personal data subjects.
11.2. Cross-border transfer of personal data to territories of foreign countries that do not meet the above requirements can only be carried out if there is written consent from the personal data subject for the cross-border transfer of their personal data and/or execution of a contract of which the personal data subject is a party.
12. Confidentiality of Personal Data
The operator and other individuals who gain access to personal data are required not to disclose or distribute personal information to third parties without the consent of the personal data subject.