This personal data processing policy (hereinafter referred to as the "Policy") of HDMD, LLC (Litovsky blvd, 5/10-380, Moscow, 117593, Russia; INN (taxpayer identification number) 7728445015, OGRN (primary state registration number) 1187746804893, hereinafter referred to as "HDMD") sets the amount, purposes and methods of processing of personal data belonging to natural persons, who are not HDMD employees, and is publicly available in English language on the website handma.de (hereinafter referred to as the "Website") at the following web-address: handma.de/en/documents/pdppolicy, in accordance with the requirements of the Federal Law of the Russian Federation "On Personal Data" No. 152-ФЗ dated 27.07.2006.
This Policy was last updated on January 1, 2020.
(7) Data subject rights.
1. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
Legal grounds for personal data processing are constituted in the Article 6 of the Federal Law of the Russian Federation "On Personal Data" No. 152-ФЗ dated 27.07.2006, and the consent of the personal data subject.
2. USER'S CONSENT TO PERSONAL DATA PROCESSING
2.1. By sending a message via feedback forms posted on the Website, the user expresses their consent to the processing of their personal data in the amount and for the purposes defined by this Policy.
2.3. The user of the Website can subscribe to receive newsletters by e-mail, if such an opportunity is provided by the Website. Newsletters may contain news, analytical materials, information about events run by HDMD and so on. By filling in the 'E-mail address' field, the user agrees to receive such newsletters. The user may withdraw their consent to receive newsletters at any time. Each letter sent to the user by e-mail provides them with an opportunity to unsubscribe.
3. PURPOSE OF PERSONAL DATA PROCESSING
3.1. The purpose of personal data processing is to provide the user of the Website with information about HDMD, including the contract terms, services, promotions, and special offers; to analyze the quality of the services provided by HDMD and increase customers' satisfaction; to execute contracts; to provide services; to account for services rendered to customers in order to make settlements; to handle complaints and claims of HDMD customers.
3.2. In case the user is only browsing the Website, their personal data are not processed.
4. AMOUNT OF PERSONAL DATA PROCESSED
4.1. HDMD processes the following personal data of natural persons, who are not employees of HDMD:
– First name, patronymic, last name;
– Date of birth;
– Registered address;
– Residence address (if it differs from the registered address);
– ID data (series, number, authority and date of issue);
– Mobile phone number;
– E-mail address;
– Place of work and position;
– Banking details;
– INN (taxpayer identification number);
– VAT payer status in the Russian Federation;
– Links to a personal Internet page and pages on social networks.
5. CONFIDENTIALITY OF PERSONAL DATA
6. TERM OF PERSONAL DATA PROCESSING
The data provided by the user are processed until HDMD liquidation (reorganization).
7. DATA SUBJECT RIGHTS
7.1. Every personal data subject has entitled to the following:
a) The right to access – every data subject has the right to request HDMD for copies of their personal data. HDMD may charge the data subject a small fee for this service.
b) The right to rectification – every data subject has the right to request that HDMD correct any information the data subject believes is inaccurate. The data subject also has the right to request HDMD to complete the information the data subject believes is incomplete.
c) The right to erasure – every data subject has the right to request that HDMD erase the personal data of the data subject, under certain conditions.
d) The right to restrict processing – every data subject has the right to request that HDMD restrict the processing of the personal data of the data subject, under certain conditions.
e) The right to object to processing – every data subject has the right to object to HDMD’s processing of the personal data of the data subject, under certain conditions.
f) The right to data portability – every data subject has the right to request that HDMD transfer the data that they have collected to another organization, or directly to the data subject, under certain conditions.
7.2. The realization of any of the rights of the data subject listed above is carried out by sending a written request to HDMD at the following address: Litovsky blvd, 5/10-380, Moscow, 117593, Russia.
7.2. The response to the request provided for in clause 7.2 must be sent to the data subject within one month from the date of receipt of the request.
8. PROTECTION OF PERSONAL DATA
8.1. HDMD takes measures that are necessary and sufficient to ensure the fulfillment of obligations stipulated by the Federal Law of the Russian Federation "On Personal Data" No. 152-ФЗ dated 27.07.2006 and regulatory acts adopted in accordance therewith.
8.2. HDMD determines independently the composition and list of measures that are necessary and sufficient to ensure the fulfillment of such obligations, in particular:
a) a person responsible for the organization of the processing of personal data has been appointed;
b) local acts on the processing and protection of personal data have been developed and approved;
c) legal, organizational and technical measures are applied to ensure the security of personal data:
– threats to the security of personal data during their processing in personal data information systems have been identified;
– rules of access to data processed in the personal data information system are established; registration and accounting of all actions performed with/to personal data in the personal data information system are also ensured.
d) the measures taken to ensure the security of personal data and the level of security of personal data information systems are monitored;
e) an assessment of the harm that may be caused to the personal data subject in case of violation of requirements of the current legislation of the Russian Federation is made and this harm is balanced against measures taken by HDMD to ensure the fulfillment of obligations stipulated by the current legislation of the Russian Federation;
f) the conditions are observed that exclude unauthorized access to tangible media, on which personal data are stored, and ensure the security of personal data;
g) HDMD employees directly processing personal data are familiar with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, and local acts on the processing and protection of personal data.
8.3. In order to ensure the confidentiality of information and protect personal data, HDMD maintains an appropriate IT environment and takes all measures that are necessary to prevent the unauthorized access.