Privacy Policy
PERSONAL DATA PROTECTION AND PROCESSING POLICIES
Individual entrepreneur Karpov Igor Viktorovich
(hereinafter IE Karpov I. V.)
1. General provisions
1.1. This policy regarding the processing of personal data (hereinafter-the policy) is
compiled in accordance with paragraph 2 of article 18.1 of the Federal law dated
27.07.2006 № 152-FZ "On Personal Data" (hereinafter-the Law on personal data), as
well as other legal acts in the field of protection and processing of personal data and
applies to all personal data (hereinafter – data) that IE Karpov I. V. (hereinafter-The
Operator) can receive from the subject of personal data, which is a party to a civil
contract : http://drkarpov.com.
1.2. The Operator protects the processed personal data from unauthorized access and
disclosure, illegal use or loss in accordance with the requirements of the Law on
personal data.
1.3. The Policy Change
1.3.1. The Operator has the right to make changes to this Policy. When making
changes, the Policy title indicates the date when the revision was last updated. The new
version of the Policy enters into force from the moment it is posted on the site, unless
otherwise provided by the new version of the Policy.
2. Terminology and accepted abbreviations
Personal data (hereinafter called "PD") – any information related to a directly or
indirectly identified or identifiable person (subject of personal data).
Personal data operator (Operator) – a government body, municipal body, juridical
body or a person that independently or jointly with other persons organizes and (or)
performs the processing of personal data, as well as determines the purposes of
processing personal data, the content of personal data to be processed, actions
(operations) performed with personal data.
Personal data processing – any action (operation) or a set of actions (operations) with
personal data performed using automated tools or without their use. The processing of
personal data includes but is not limited to:
collecting;
recording;
systematization;
accumulation;
storage;
clarification (update, change);
extraction;
usage;
transmission (distribution, provision, access);
depersonalization;
blocking;
removal;
destruction.
Automated processing of personal data – processing of personal data using
computer technology.
Distribution of personal data – actions aimed at disclosure of personal data to an
indefinite group of persons.
Provision of personal data – actions aimed at disclosure of personal data to a certain
person or a certain group of persons.
Blocking of personal data – temporary termination of processing of personal data
(except for cases when processing is necessary to clarify personal data).
Destruction of personal data – actions that make it impossible to recover the content
of personal data in the personal data information system and (or) as a result of which
the material carriers of personal data are destroyed.
Depersonalization of personal data – actions that make it impossible to determine the
identity of personal data to a specific personal data subject without using additional
information.
Personal data information system – a set of personal data contained in data bases
and ensuring their processing, information technologies and technical means.
Cross-border transfer of personal data – transfer of personal data to the territory of a
foreign state to a foreign government authority, a foreign individual or a foreign legal
entity.
Website – a set of graphic and informational materials, as well as computer programs
and databases that ensure their availability on the Internet at a network address:
http://drkarpov.com.
3. Procedure and conditions for processing and storing personal data
3.1. Personal data is processed by the Operator in accordance with the requirements of
the legislation of the Russian Federation.
3.2. Personal data processing is performed with the agreement of the personal data
subjects to process their personal data, as well as without it, in cases specified by the
legislation of the Russian Federation. If any discrepancies in personal data are
detected, the personal data Subject can update them independently by sending a
notification to the Operator's email address info@drkarpov.com marked "Updating
personal data".
3.3. The operator provides both automated and non-automated processing of personal
data.
3.4 Only the Operator's employees, whose job responsibilities include processing
personal data, are allowed to process personal data.
3.5. The processing of personal data is carried out by:
receiving personal data in oral and written form directly with the agreement of the
personal data subject to the processing of his / her personal data;
receiving personal data from publically available sources;
entering personal data into the Operator's logbooks, registers and information
systems;
use of other methods of personal data processing.
3.6. It is not allowed to disclose or distribute personal data to third parties without the
permission of the personal data subject, unless otherwise is provided by Federal law.
3.7. Transfer of personal data to bodies of inquiry and investigation, to the Federal tax
service, Pension Fund, Social Insurance Fund and other authorized executive
authorities and organizations is performed in accordance with the requirements of the
legislation of the Russian Federation.
3.8. The Operator takes the necessary legal, organizational and technical measures to
protect personal data from unauthorized or accidental access, destruction, modification,
blocking, distribution and other unauthorized actions, including
identifies threats to the security of personal data during their processing;
appoints persons responsible for ensuring the security of personal data in the
Operator's structural divisions and information systems;
creates the necessary conditions for working with personal data;
organizes registration of documents containing personal data;
organizes work with information systems that process personal data;
stores personal data in conditions that ensure their safety and prevent
unauthorized access to them.
3.9. The Operator stores personal data in a form that allows determining the subject of
personal data for no longer than the purposes of personal data processing require,
unless the term for storing personal data is established by Federal law or contract. The
subject of personal data may at any time withdraw his agreement to the processing of
personal data by sending a notification to the Operator via e-mail to the Operator's e-
mail address info@drkarpov.com marked "Withdrawal of agreement to the processing
of personal data".
3.10. When collecting personal data, including through the Internet, information and
telecommunications network, the Operator shall record, systematize, accumulate, store,
clarify (update, change), and extract personal data of citizens of the Russian Federation
using databases located on the territory of the Russian Federation, except for the cases
specified in the Law on personal data.
3.11. Purposes of personal data processing:
3.11.1. Only personal data that meet the purposes of their processing are processed.
3.11.2. Processing of personal data by the Operator is carried out for the following
purposes:
ensuring observance of the Constitution, Federal laws and other regulatory legal
acts of the Russian Federation;
informing the User by sending emails;
providing the User with access to the services, information and / or materials
contained on the website;
realization of civil law relations.
3.12. Categories of personal data subjects.
Personal data of the following subjects of personal data are processed:
– individuals who have civil relations with the IE;
3.13. Personal data processed by the Operator:
– Last name, first name, patronymic;
– E-mail address;
– Phone number;
– Photos.
3.14. Personal data storage.
3.14.1. Personal data of subjects can be received, processed and stored both in hard
copy and in electronic form.
3.14.2. Personal data recorded on paper are stored in locked lockers or in locked rooms
with restricted access rights.
3.14.3. Personal data of subjects that are processed using automation tools for different
purposes are stored in different folders.
3.14.4. It is not allowed to store and place documents containing Personal data in open
electronic catalogues (file sharing sites).
3.14.5. Personal data is stored in a form that allows you to identify the subject of
personal data for no longer than the purposes of their processing require, and they are
to be destroyed when the processing goals are achieved or if there is no need to
achieve them.
3.15. The destruction of the personal data.
3.15.1. Destruction of documents (carriers) containing Personal data is made by
burning, crushing, chemical decomposition, transformation into a shapeless mass or
powder. To destroy paper documents, a shredder can be used..
3.15.2. Personal data on electronic carriers are destroyed by erasing or formatting the
carrier.
4. Protection of personal data
4.1. The main Personal data protection measures used by the Operator are:
4.1.1. Appointment of the person responsible for Personal data processing, who
organizes the processing of personal data.
4.1.2. Identification of current threats to the security of Personal data when processing
them.
4.1.3. Setting individual passwords for accessing the information system.
4.1.4. Fulfillment of the conditions that ensure the safety of Personal data and exclude
unauthorized access to them.
4.1.5. Detection of unauthorized access to personal data and taking measures
5. Basic rights of the subject of PD and obligations of the Operator
5.1. Basic rights of the subject of PD.
The subject has the right to access his personal data and the following information:
– verification of PD processing by the Operator;
– legislative bases and purposes of PD processing;
– goals and methods of PD processing used by the Operator;
– period of processing of personal data, including the period of their storage;
– procedure of the implementation by a subject of PD of the rights provided by this
Federal law;
– name or surname, first name, patronymic and address of the person who assigned by
the operator to process the PD, if the processing is or will be entrusted to such a
person;
– contacting the Operator and sending them requests.
5.2. Operator's Responsibilities.
The operator must:
– when collecting PD, provide information about PD processing;
– if the Personal data was not received from the subject of the personal data, inform the
subject;
– publish a policy on PD protection;
– take the necessary legal, organizational and technical measures or ensure that they
are taken to protect PD from unauthorized or accidental access to them, destruction,
modification, blocking, copying, provision, distribution of PD, as well as from other illegal
actions in relation to PD;
– provide answers to questions and requests of subjects of PD, their representatives
and the authorized body for the protection of the rights of subjects of PD.
Karpov Igor Viktorovich