Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy is prepared in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and the measures taken by Scientific and production firm "System-Service» (hereinafter referred to as the "Operator") to ensure the security of personal data.
1.1. The Operator considers the observance of human and civil rights and freedoms when processing their personal data, including the protection of privacy, personal, and family secrets, as its highest priority and a fundamental condition for conducting its activities.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the "Policy") applies to all information that the Operator may obtain about visitors to the website https://systserv.spb.ru.
2. Key Terms Used in the Policy
2.1. Automated Processing of Personal Data – processing of personal data using computer technology.
2.2. Blocking of Personal Data – temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).
2.3. Website – a collection of graphical and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://systserv.spb.ru.
2.4. Personal Data Information System – a set of personal data contained in databases and information technologies and technical means enabling their processing.
2.5. Depersonalization of Personal Data – actions that make it impossible to determine the ownership of personal data by a specific User or other subject of personal data without additional information.
2.6. Processing of Personal Data – any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.7. Operator – a state body, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or processes personal data, as well as determines the purposes of processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal Data – any information directly or indirectly related to an identified or identifiable User of the website https://systserv.spb.ru.
2.9. Personal Data Permitted for Dissemination – personal data to which an unlimited number of persons have been granted access by the personal data subject through consent to the processing of personal data permitted for dissemination in accordance with the Personal Data Law (hereinafter referred to as "Disseminable Personal Data").
2.10. User – any visitor to the website https://systserv.spb.ru.
2.11. Provision of Personal Data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of Personal Data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited number of persons, including publishing personal data in the media, posting on information and telecommunication networks, or providing access in any other way.
2.13. Cross-Border Transfer of Personal Data – the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.
2.14. Destruction of Personal Data – any actions resulting in the irreversible destruction of personal data, making it impossible to restore the content of personal data in the personal data information system and/or the destruction of physical media containing personal data.
3. Key Rights and Obligations of the Operator
3.1. The Operator has the right to:
– Receive from the personal data subject reliable information and/or documents containing personal data.
– Continue processing personal data without the subject’s consent if grounds specified in the Personal Data Law exist.
– Independently determine the necessary measures to fulfill obligations under the Personal Data Law and related regulations, unless otherwise provided by law.
3.2. The Operator is obliged to:
– Provide the personal data subject, upon request, with information regarding the processing of their personal data.
– Organize the processing of personal data in accordance with Russian law.
– Respond to requests from personal data subjects and their legal representatives in accordance with the Personal Data Law.
– Provide the authorized body for personal data protection with necessary information within 30 days of receiving a request.
– Publish or otherwise ensure unrestricted access to this Policy.
– Implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, or other unlawful actions.
– Cease processing and destroy personal data in cases stipulated by the Personal Data Law.
– Fulfill other obligations under the Personal Data Law.
4. Key Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
– Obtain information about the processing of their personal data, except as restricted by law.
– Demand the Operator to clarify, block, or destroy inaccurate or unlawfully obtained personal data.
– Impose a condition of prior consent for processing personal data for marketing purposes.
– Withdraw consent to the processing of personal data.
– Appeal unlawful actions or inaction of the Operator to the authorized body or in court.
– Exercise other rights under Russian law.
4.2. Personal data subjects must:
– Provide the Operator with accurate personal data.
– Notify the Operator of updates or changes to their personal data.
4.3. Persons who provide false personal data or data about another subject without consent bear responsibility under Russian law.
5. Personal Data Processed by the Operator
5.1. Full name.
5.2. Email address.
5.3. The website collects and processes anonymized visitor data (including cookies) via internet statistics services (Yandex Metrica, Google Analytics, etc.).
5.4. The above data is collectively referred to as "Personal Data" in this Policy.
5.5. The Operator does not process special categories of personal data (race, nationality, political views, religious beliefs, intimate life, etc.).
5.6. Processing of disseminable personal data from special categories is allowed only if conditions under Article 10.1 of the Personal Data Law are met.
5.7. Consent for processing disseminable personal data must be obtained separately.
6. Principles of Personal Data Processing
6.1. Processing is lawful and fair.
6.2. Limited to specific, predefined, and legitimate purposes.
6.3. Incompatible databases must not be merged.
6.4. Only relevant and non-excessive data is processed.
6.5. Data must be accurate and up-to-date.
6.6. Storage duration must not exceed legal or contractual requirements.
7. Purposes of Personal Data Processing
7.1. To inform Users via email.
7.2. To provide access to website services and materials.
7.3. To send notifications about new products/services (opt-out available).
7.4. To improve website quality using anonymized statistics.
8. Legal Grounds for Processing
8.1. Federal Law No. 149-FZ "On Information, IT, and Data Protection."
8.2. Other Russian laws on personal data protection.
8.3. User consent for processing.
9. Conditions of Processing
Processing is permitted with consent, for legal compliance, contract performance, or legitimate interests, provided rights are not violated.
10. Collection, Storage, and Transfer of Personal Data
10.1. The Operator ensures data security.
10.2. Data is not shared with third parties except as required by law or with consent.
10.3. Users may update their data by emailing info@systserv.spb.su.
10.4. Processing ceases upon achieving purposes, consent withdrawal, or legal requirement.
11. Actions Performed with Personal Data
The Operator collects, records, systematizes, stores, updates, retrieves, uses, transfers, depersonalizes, blocks, deletes, and destroys data.
12. Cross-Border Data Transfer
Allowed only if the foreign country ensures adequate protection or with the subject’s written consent.
13. Confidentiality
The Operator and authorized persons must not disclose personal data without consent, unless required by law.
14. Final Provisions
14.1. Users may contact the Operator at info@systserv.spb.su for clarifications.
14.2. The Policy is updated as needed and remains effective until replaced.
14.3. The current version is available at https://systserv.spb.ru/privacy/.
This Personal Data Processing Policy is prepared in accordance with the requirements of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and the measures taken by Scientific and production firm "System-Service» (hereinafter referred to as the "Operator") to ensure the security of personal data.
1.1. The Operator considers the observance of human and civil rights and freedoms when processing their personal data, including the protection of privacy, personal, and family secrets, as its highest priority and a fundamental condition for conducting its activities.
1.2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the "Policy") applies to all information that the Operator may obtain about visitors to the website https://systserv.spb.ru.
2. Key Terms Used in the Policy
2.1. Automated Processing of Personal Data – processing of personal data using computer technology.
2.2. Blocking of Personal Data – temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).
2.3. Website – a collection of graphical and informational materials, as well as computer programs and databases, ensuring their availability on the Internet at the network address https://systserv.spb.ru.
2.4. Personal Data Information System – a set of personal data contained in databases and information technologies and technical means enabling their processing.
2.5. Depersonalization of Personal Data – actions that make it impossible to determine the ownership of personal data by a specific User or other subject of personal data without additional information.
2.6. Processing of Personal Data – any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.7. Operator – a state body, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or processes personal data, as well as determines the purposes of processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal Data – any information directly or indirectly related to an identified or identifiable User of the website https://systserv.spb.ru.
2.9. Personal Data Permitted for Dissemination – personal data to which an unlimited number of persons have been granted access by the personal data subject through consent to the processing of personal data permitted for dissemination in accordance with the Personal Data Law (hereinafter referred to as "Disseminable Personal Data").
2.10. User – any visitor to the website https://systserv.spb.ru.
2.11. Provision of Personal Data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of Personal Data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited number of persons, including publishing personal data in the media, posting on information and telecommunication networks, or providing access in any other way.
2.13. Cross-Border Transfer of Personal Data – the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.
2.14. Destruction of Personal Data – any actions resulting in the irreversible destruction of personal data, making it impossible to restore the content of personal data in the personal data information system and/or the destruction of physical media containing personal data.
3. Key Rights and Obligations of the Operator
3.1. The Operator has the right to:
– Receive from the personal data subject reliable information and/or documents containing personal data.
– Continue processing personal data without the subject’s consent if grounds specified in the Personal Data Law exist.
– Independently determine the necessary measures to fulfill obligations under the Personal Data Law and related regulations, unless otherwise provided by law.
3.2. The Operator is obliged to:
– Provide the personal data subject, upon request, with information regarding the processing of their personal data.
– Organize the processing of personal data in accordance with Russian law.
– Respond to requests from personal data subjects and their legal representatives in accordance with the Personal Data Law.
– Provide the authorized body for personal data protection with necessary information within 30 days of receiving a request.
– Publish or otherwise ensure unrestricted access to this Policy.
– Implement legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, dissemination, or other unlawful actions.
– Cease processing and destroy personal data in cases stipulated by the Personal Data Law.
– Fulfill other obligations under the Personal Data Law.
4. Key Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
– Obtain information about the processing of their personal data, except as restricted by law.
– Demand the Operator to clarify, block, or destroy inaccurate or unlawfully obtained personal data.
– Impose a condition of prior consent for processing personal data for marketing purposes.
– Withdraw consent to the processing of personal data.
– Appeal unlawful actions or inaction of the Operator to the authorized body or in court.
– Exercise other rights under Russian law.
4.2. Personal data subjects must:
– Provide the Operator with accurate personal data.
– Notify the Operator of updates or changes to their personal data.
4.3. Persons who provide false personal data or data about another subject without consent bear responsibility under Russian law.
5. Personal Data Processed by the Operator
5.1. Full name.
5.2. Email address.
5.3. The website collects and processes anonymized visitor data (including cookies) via internet statistics services (Yandex Metrica, Google Analytics, etc.).
5.4. The above data is collectively referred to as "Personal Data" in this Policy.
5.5. The Operator does not process special categories of personal data (race, nationality, political views, religious beliefs, intimate life, etc.).
5.6. Processing of disseminable personal data from special categories is allowed only if conditions under Article 10.1 of the Personal Data Law are met.
5.7. Consent for processing disseminable personal data must be obtained separately.
6. Principles of Personal Data Processing
6.1. Processing is lawful and fair.
6.2. Limited to specific, predefined, and legitimate purposes.
6.3. Incompatible databases must not be merged.
6.4. Only relevant and non-excessive data is processed.
6.5. Data must be accurate and up-to-date.
6.6. Storage duration must not exceed legal or contractual requirements.
7. Purposes of Personal Data Processing
7.1. To inform Users via email.
7.2. To provide access to website services and materials.
7.3. To send notifications about new products/services (opt-out available).
7.4. To improve website quality using anonymized statistics.
8. Legal Grounds for Processing
8.1. Federal Law No. 149-FZ "On Information, IT, and Data Protection."
8.2. Other Russian laws on personal data protection.
8.3. User consent for processing.
9. Conditions of Processing
Processing is permitted with consent, for legal compliance, contract performance, or legitimate interests, provided rights are not violated.
10. Collection, Storage, and Transfer of Personal Data
10.1. The Operator ensures data security.
10.2. Data is not shared with third parties except as required by law or with consent.
10.3. Users may update their data by emailing info@systserv.spb.su.
10.4. Processing ceases upon achieving purposes, consent withdrawal, or legal requirement.
11. Actions Performed with Personal Data
The Operator collects, records, systematizes, stores, updates, retrieves, uses, transfers, depersonalizes, blocks, deletes, and destroys data.
12. Cross-Border Data Transfer
Allowed only if the foreign country ensures adequate protection or with the subject’s written consent.
13. Confidentiality
The Operator and authorized persons must not disclose personal data without consent, unless required by law.
14. Final Provisions
14.1. Users may contact the Operator at info@systserv.spb.su for clarifications.
14.2. The Policy is updated as needed and remains effective until replaced.
14.3. The current version is available at https://systserv.spb.ru/privacy/.