PERSONAL DATA PROCESSING POLICY FOR PERSONAL DATA OF VISITORS TO THE WEBSITE: www.spektr-plus.com

1. GENERAL PROVISIONS

1.1. This Policy regarding the personal data processing (hereinafter - the "Policy") has been prepared according to clause 2, part 1 of Article 18.1 of Federal Law of the Russian Federation No. 152-FZ "On Personal Data" dated July 27, 2006 (hereinafter - the "Law"), as well as to the requirements of the General Data Protection Regulation of the European Union (GDPR) and determines the position of the legal entity LLC “Spektr”MSRN: 1206800006687, ITN: 6829156900, address of registration: 392030, Urogaynayastr, 2 “b”, of.1, Tambov, Russia, (hereinafter - the "Company") in the field of processing and protection of personal data (hereinafter - the "Data"), observance of the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.

2. SCOPE OF APPLICATION

2.1. This Policy shall be applied to the Data received both before and after the entry of this Policy into force.

2.2. Understanding the Data importance and value, as well as taking care of the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company shall ensure the reliable protection of the Data.

3. DEFINITIONS

3.1. Data is understood as any information relating directly or indirectly to a specific or identifiable individual (citizen), i.e. including, in particular: last name, first name, patronymic name, registration/mailing address, email, phone, IP-address.

3.2. Data processing means any action (operation) or a set of actions (operations) with the Data performed with and/or without using automation tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of the Data.

3.3. Data security is the Data protection from illegal and/or unauthorized access, destruction, alteration, blocking, copying, provision, distribution, as well as from other illegal actions in relation to the Data;

3.4. Automated data processing — processing of personal data using computer technology;

3.5.Data blocking — temporary termination of personal data processing (except in cases where processing is necessary to clarify personal data);

3.6. Information Data system — a set of personal data contained in databases, and information technologies and technical means that ensure their processing;

3.7. Data depersonalization — actions as a result of which it is impossible to determine, without the use of additional information, the ownership of personal data to a specific User or other subject of personal data;

3.8. Operator — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

3.9. Data provision— actions aimed at disclosure of personal data to a certain person or a certain circle of persons;

3.10. Data dissemination — any actions aimed at disclosure of personal data to an indefinite circle of persons (transfer of personal data) or familiarization with the personal data of an unlimited circle of persons, including the publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;

3.11. Cross-border data transfer — transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or a foreign legal entity;

3.12. Data destruction — any actions as a result of which personal data is permanently destroyed with the impossibility of further restoration of the content of personal data in the personal data information system and (or) as a result of which the material carrier of personal data is destroyed.

4. LEGAL BASIS AND PURPOSES OF DATA PROCESSING

4.1. The processing and security of the Data in the Company shall be carried out according to the requirements of the Constitution of the Russian Federation, , the Labor Code of the Russian Federation, laws and bylaws, other defining cases and features of the Data processing according to federal laws of the Russian Federation, guidelines and methodological documents of the Federal Service for Technical and Export Control of Russia and the Federal Security Service of Russia, as well as the General Data Protection Regulation of the European Union.

4.2. The subjects of the Data processed by the Company are:

customers - consumers, including visitors to the website www.spektr-group.com, owned by the Company, recipients of services;

4.3. The Company shall process the Data of the subjects for the following purposes:

implementation of the functions, powers and duties assigned to the Company by the legislation of the Russian Federation according to federal laws, including, but not limited to: the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, the Labor Code of the Russian Federation, the Family Code of the Russian Federation, Federal Law of No. 27-FZ "On individual (personified) accounting in the compulsory pension insurance system” dated 01.04.1996, Federal Law No. 152-FZ "On personal data” dated 27.07.2006, Federal Law No. 53-FZ "On military obligations and military service” dated 28.03.1998, Federal Law No. 31-FZ "On mobilization preparation and mobilization in the Russian Federation” dated 26.02.1997, Federal Law No. 14-FZ "On limited liability companies” dated 08.02.1998, Federal Law No. 2300-1 "On protection of consumer rights” dated 07.02.1992, Federal Law No. 129-FZ "On accounting” dated 21.11. 1996, Federal Law No. 326-FZ "On compulsory health insurance in the Russian Federation” dated 29.11.2010,of customers - consumers, with the purpose of:

providing information on goods/services, ongoing promotions and special offers;

analyzing the quality of the service provided by the Company and improving the quality of the service to the Company's customers;

informing about the order status;

execution of the contract, including the sale and purchase contract, provision of services, as well as accounting of services rendered to consumers for mutual settlements implementation;

delivery of the ordered goods to the customer, return of the goods.

5. PRINCIPLES AND CONDITIONS OF DATA PROCESSING

5.1. During the Data processing, the Company adheres to the following principles: the Data processing shall be carried out on a legal and fair basis; the Data shall not be disclosed to third parties and shall not be distributed without the consent of the Data subject, except for cases requiring the Data disclosure at the request of authorized state bodies, legal proceedings; determination of specific legitimate purposes before the start of the Data processing (including collection); the only collected Data is the one required and sufficient for the stated purpose of processing; unification of databases containing the Data, the processing of which is carried out for purposes incompatible with each other, is not allowed; the Data processing shall be limited to the achievement of specific, predetermined and legitimate purposes; the processed Data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

5.2. The Company may include the Data of subjects into publicly available sources of the Data, while the Company takes the subject's written consent to the processing of the subject’s Data, or by expressing the consent through the website form (checkbox), by clicking which the subject of personal data expresses his/her consent.

5.3. The Company does not process the Data related to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.

5.4. The Biometric Data (the information that characterizes the physiological and biological features of a person, on the basis of which, it is possible to establish his/her identity and which is used by the Operator to establish the identity of the Data subject) shall not be processed by the Company.

5.5. The Company shall not carry out cross-border transfers of the Data.

5.6. In cases established by the legislation of the Russian Federation, the Company shall have the right to transfer the Data to third parties (Federal Tax Service, State Pension Fund and other state bodies).

5.7. The transfer of personal data to third parties can be carried out only in cases established by the legislation of the Russian Federation and by an agreement with the participation of the User or with his/her consent. With this Consent, the User hereby confirms his/her consent to the provision of the User's personal data by the Company to the following partners and bodies, as well as agrees to the processing of the User's personal data by these partners (bodies) in the scopes, methods and for the period specified in this Policy, but no more than it is required to ensure the purposes of processing indicated on the website www.spektr-group.com for performing certain functions of the Company, namely:

LLC “TimeWeb” (Address: 196066,Zastavskaya str., 22 housing 2 “a”, SaintPetersburg, Russia) - for the processing of personal data (last name, first name, patronymic name, registration/mailing address, email, phone, IP-address) according to this Policy, for the following purposes: storage, using the website www.spektr-group.com

The website may use third-party Internet services that collect information independent of us: Google Analytics, GoogleAdSense, Yandex.Metrica, Yandex.Direct. The data they collect may be shared with other services within these organizations, and they may use the data to personalize the advertisements of their own advertisement network. The user agreements of these organizations can be familiarized on their websites. There it is possible to refuse from collecting personal data, e.g. using blockers for Google Analytics, Yandex Metrica. The Company does not transfer personal data to other organizations and services not specified in this Privacy Policy. The only exception is the transfer of information under the legal requirements of state bodies authorized to carry out these actions.

5.8. Persons who perform the Data processing on the basis of an agreement concluded with the Company (the Operator’s instruction) shall comply with the principles and rules for the processing and protection of the Data provided for by the Law. For each third party, the agreement defines a list of actions (operations) with the Data that will be performed by the third party who processes the Data, the purposes of processing, the obligation of such party to maintain confidentiality and ensure the security of the Data during processing, the requirements for the protection of the processed Data according to the Law.

5.9. In order to comply with the requirements of the current legislation of the Russian Federation and own contractual obligations, the Data processing in the Company shall be carried out both with and without the use of automation tools. The set of processing operations includes the Data collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction.

5.10. It is prohibited for the Company to make decisions on the basis of exclusively automated Data processing, that generate legal consequences in relation to the Data subject or otherwise affect his/her rights and legitimate interests, except as otherwise provided for by the legislation of the Russian Federation.

6. RIGHTS AND OBLIGATIONS OF THE DATA SUBJECTS AND THE COMPANY IN PART OF THE DATA PROCESSING

6.1. The subject whose Data is processed by the Company shall have the right:

- to receive from the Company clarifications on the processing of their Data by contacting the Company personally or by sending a corresponding written request to the address of the Company's location: 392030, Urogaynaya str., 2 “b”, of. 1, Tambov, Russia.

- to update the Data yourself by sending a notification to the Company by email info@spektr-plus.com, or by contacting the Company personally or by sending a corresponding written request to the address of the Company's location: 392030, Urogaynaya str., 2 “b”, of. 1, Tambov, Russia.

- to demand from the Company:

·        the clarification of own Data, its blocking or destruction if the Data is incomplete, outdated, inaccurate, illegally obtained or is not required for the stated purpose of processing;

·        to revoke own consent to the Data processing at any time; to demand the elimination of illegal actions of the Company in relation to the subject’s Data;

·        to appeal against the actions or inaction of the Company to the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) or in court if the Data subject believes that the Company is processing his/her Data in violation of the requirements of the Law or otherwise violates his/her rights and freedom;

6.2. In the process of the Data processing, the Company is obliged to:

·        provide the Data subject, upon his/her request, with information regarding the processing of his/her personal data, or legally provide a refusal within thirty days from the date of receipt of the request from the Data subject or his/her representative;

·        explain to the Data subject the legal consequences of refusing to provide the Data if the Data provision is mandatory according to federal law;

·        perform necessary legal, organizational and technical activities or ensure them in order to protect the Data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as from other illegal actions in relation to the Data;

·        publish on the Internet and provide unrestricted access using the Internet to the document defining its policy in relation to the Data processing, to the information on the implemented data protection requirements;

·        providethe Data subjects and/or their representatives with the free-of-charge opportunity to familiarize themselves with the Data when submitting an appropriate request within 30 days from the date of receipt of such a request;

·        block unlawfully processed Data related to the Data subject, or ensure its blocking (if the Data processing is carried out by another person acting on behalf of the Company) from the moment of contacting or receiving a request for a verification period, in case of unlawful Data processing when contacting the Data subject or his/her representative or at the request of the Data subject or his/her representative or an authorized body for the protection of rights of personal data subjects;

·        clarify the Data or ensure its clarification (if the Data processing is carried out by another person acting on behalf of the Company) within 7 working days from the date of submission of the information and remove the Data blocking, in case of confirmation of the fact of the Data inaccuracy based on the information provided by the Data subject or his/her representative;

·        stop the unlawful Data processing or ensure the termination of the unlawful Data processing by a person acting on behalf of the Company, in the event of the discovery of the unlawful Data processing carried out by the Company or a person acting on the basis of an agreement with the Company, within a period not exceeding 3 working days from the date of this discovery;

·        stop the Data processing or ensure its termination (if the Data processing is carried out by another person acting under an agreement with the Company) and destroy the Data or ensure its destruction (if the Data processing is carried out by another person acting under an agreement with the Company) after achieving the purpose of the Data processing, unless otherwise provided for by the agreement, the party, the beneficiary or the guarantor to which is the Data subject, if the purpose of the Data processing is achieved;

·        stop the Data processing or ensure its termination and destroy the Data or ensure its destruction if the Data subject withdraws consent to the Data processing, if the Company is not entitled to process the Data without the consent of the Data subject;

·        keep a register of applications of PD subjects, which should contain records about requests of Data subjects for receiving the Data, as well as the facts of providing the Data according these requests.

7. DATA PROTECTION REQUIREMENTS

7.1. When processing the Data, the Company takes necessary legal, organizational and technical measures to protect the Data from illegal and/or unauthorized access, destruction, alteration, blocking, copying, provision, distribution, as well as from other illegal actions in relation to the Data.

8. TERMS OF DATA PROCESSING (STORAGE)

8.1. The terms of the Data processing (storage) shall be determined based on the purposes of the Data processing, according to the term of an agreement with the Data subject, the requirements of federal laws, the requirements of the Data operators on whose behalf the Company processes the Data, the basic rules for the archives of organizations, and the limitation period.

8.2. The Data, the processing (storage) period of which has expired, shall be destroyed, unless otherwise provided by federal law. The Data storage after the termination of its processing is allowed only after its depersonalization.

9. PROCEDURE FOR OBTAINING EXPLANATIONS ON DATA PROCESSING ISSUES 

9.1. Persons whose Data is processed by the Company can receive clarifications on the processing of their Data by contacting the Company personally or by sending a corresponding written request to the address of the Company's location: 392030, Urogaynaya str., 2 “b”, of. 1, Tambov, Russia.

9.2. If an official request is sent to the Company, the following should be indicated in the request text:

·        last name, first name, patronymic name of the Data subject or his/her representative;

·        the number of the main identity document of the Data subject or his/her representative, the information on the date of issue of the specified document and the issuing authority;

·        the information confirming that the Data subject has relationships with the Company;

·        the information for feedback at a response to the request by the Company;

·        the signature of the Data subject (or his/her representative). If the request is sent in electronic form, it shall be in the form of an electronic document with an electronic signature according to the legislation of the Russian Federation.

If the personal data subject's request does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him.

The right of a personal data subject to access to his personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of a personal data subject to his personal data violates the rights and legitimate interests of third parties.

10. FEATURES OF PROCESSING AND PROTECTION OF DATA COLLECTED BY THE COMPANY USING THE INTERNET

10.1. The Company processes the Data received from users of the Website from the resource: www.spektr-group.com (hereinafter referred to as the Website), as well as incoming to the Company's phone: +7(4752) 55-96-10, to the Company's email: info@spektr-plus.com via the Company's feedback form at: www.spektr-group.com.

10.2. In order to collect data via the Internet, the Company uses three main methods:

10.2.1. Data provision (self-entry):

·        last name

·        first name

·        patronymic name

·        registration/mailing address

·        email

·        phone

from Data Subjects via the Company’s phone +7(4752) 55-96-10, to the Company's email: info@spektr-plus.com, via the Company's feedback form at: www.spektr-group.com.

10.3. Automatically collected information

The Company may collect and process the following information not being the personal data:

·        IP address

·        information about the interests of users on the Website based on the entered search queries of the Website users about the goods being sold and offered for sale by the Company, in order to provide up-to-date information to the Company’s customers when using the Website, as well as to summarize and analyze information about which the Website sections and products are in greatest demand among the Company’s customers;

·        processing and storing search queries from the Website users in order to summarize and create customer statistics on the use of the Website sections.

·        information on technical data: visit time, browser settings, operating system, as well as other technical information required for the correct display of the Website content. It is impossible to identify the visitor’s identity using this data.

The Company automatically receives some types of information obtained in the process of users’ interaction with the Website, correspondence by e-mail, etc. This refers to technologies and services, such as web protocols, cookies, web marks, as well as applications and tools of the specified third party.

Cookies are small files that are stored in the User's browser settings and are used for convenience and correct display of the site content. They help the site to remember information about, for example, in which language the site was viewed and which pages were already open, this information will be useful on the next visit, which makes browsing the site more convenient. The user can independently set up reception or blocking in the browser. The inability to accept cookies may limit the functionality of the site.

At the same time, web marks, cookies and other monitoring technologies do not make it possible to automatically receive the Data. If the Website user provides own data at own discretion, e.g. when filling out a feedback form or sending an e-mail, it is the only time when the processes of automatic collection of detailed information are launched for the convenience of using websites and/or improvement of interaction with users.

10.4. Data usage

The Company has the right to use the provided Data according to the stated purposes of its collection with the consent of the Data subject, if such consent is required according to the requirements of the legislation of the Russian Federation in the Data field.

The obtained Data in a generalized and impersonal form can be used to better understand the needs of buyers of the goods and services sold by the Company and to improve the quality of service.

10.5. Data transfer

The Company may entrust the Data processing to third parties only with the consent of the Data subject. The Data may also be transferred to third parties in the following cases:

a) As a response to legitimate requests from authorized state bodies, according to laws, court decisions, etc.

b) The Data cannot be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data subject.

10.6. The Website contains links to other web resources, which may contain useful and interesting information for the Website users. However, this Policy shall not apply to such other websites. Users who follow links to other websites are advised to familiarize themselves with the Data processing policies of such websites.

10.7. The Website User can at any time revoke his/her consent to the Data processing either by sending a message to the Company's email: info@spektr-plus.com, via the Company's feedback form at: www.spektr-group.com, or by sending a written notification to the Company's address: 392030, Urogaynaya str., 2 “b”, of. 1, Tambov, Russia.

After receiving such message, the processing of the User's Data will be terminated, and the Data will be deleted, unless the processing can be continued according to the law.

11. FINAL PROVISIONS

11.1 This Policy is a local regulation of the Company. This Policy is publicly available. The general availability of this Policy is ensured by publication on the Company's Website. This Policy may be revised in any of the following cases:

·        when changing the legislation of the Russian Federation and the European Union in the field of personal data processing and protection;

·        in cases of instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;

·        by decision of the Company’s management;

·        when changing the Data processing purposes and terms;

·        when changing the organizational structure, structure of information and/or telecommunication systems (or introducing new ones);

·        when applying new technologies for the Data processing and protection (including transmission, storage);

·        in case of a need to change the Data processing process related to the Company’s activities. In case of failure to comply with the provisions of this Policy, the Company and its employees shall be liable according to the current legislation of the Russian Federation. The control over the fulfillment of the requirements of this Policy shall be carried out by persons responsible for organizing the Data processing in the Company, as well as for the personal data security.


Consent to personal data processing

Hereby, according to Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I express freely, by my own will and in my own interest, the unconditional consent to the processing of my personal data by LLC “”Spektr(MSRN: 1206800006687, ITN: 6829156900), registered according to the legislation of the Russian Federation at:

392030, Urogaynaya str., 2 “b”, of. 1, Tambov, Russia.

Personal data is any information relating to an individual specified or determined on the basis of such information.

I have given this Consent to the processing of the following personal data:

- Your name;

- E-mail;

- Phone;

- Your region;

- Your question.

The Consent is given to the Operator to perform the following actions with my personal data with and/or without using automation tools: collection, systematization, accumulation, storage, clarification (update, change), use, depersonalization, as well as implementation of any other actions provided for by the current legislation of the Russian Federation using both manual and automated methods.

This Consent is given to the Operator for the processing of my personal data for the following purposes:

- providing me with services/works;

- sending notifications to my address regarding the services/works provided;

- preparing and sending responses to my inquiries;

- sending information to my address about the events/goods/services/works of the Operator, including advertising.

This Consent shall be valid until withdrawn by sending a notification to the email info@spektr-plus.com. In case of revoking my consent to the personal data processing, the Operator shall have the right to continue personal data processing without my consent if there are grounds specified in clauses 2-11 of part 1 of Article 6, part 2 of Article 10 and part 2 of Article 11 of Federal Law No. 152-FZ "On personal data "dated July 27, 2006.