Approved June 28, 2017

1. General provisions

1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by the Aspectiva Studio (Individual Entrepreneur Fomin A.V.) (hereinafter referred to as the Operator).

1.2. The policy was developed in accordance with paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-ФЗ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").

1.3. The policy contains information to be disclosed in accordance with Part 1 of Art. 14 of the Federal Law "On Personal Data", and is a public document.

2. Operator details

2.1. The operator operates at the address 454006, Chelyabinsk, ul. Rossiyskaya, 35A.

2.2. Individual Entrepreneur Fomin A. V. was appointed responsible for organizing the processing of personal data.

2.3. The database of information containing personal data of citizens of the Russian Federation is located at the address: Chelyabinsk, ul. Rossiyskaya, 35A.

3. Information about the processing of personal data

3.1. The Operator processes personal data on a lawful and fair basis to perform the functions, powers and duties assigned by law, to exercise the rights and legitimate interests of the Operator, the Operator's employees and third parties.

3.2. The operator receives personal data directly from the subjects of personal data.

3.3. The operator processes personal data in automated and non-automated ways, using computer technology and without using such tools.

3.4. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

3.5. Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.

4. Processing of personal data of clients

4.1. The Operator processes personal data of clients within the framework of legal relations with the Operator, regulated by part two of the Civil Code of the Russian Federation dated January 26, 1996 No. 14-ФЗ, (hereinafter referred to as clients).

4.2. The operator processes personal data of clients in order to comply with the norms of the legislation of the Russian Federation, as well as for the purpose of:
— conclude and fulfill obligations under contracts with clients.

4.3. The operator processes the personal data of customers with their consent, provided for the duration of the contracts concluded with them. In cases provided for by the Federal Law "On Personal Data", consent is provided in writing. form. In other cases, consent is considered to be received at the conclusion of the contract or when performing conclusive actions.

4.4. The operator processes the personal data of customers during the validity period of the contracts concluded with them. The operator may process the personal data of customers after the expiration of the contracts concluded with them for a period established n. 5 h. 3 Article. 24 parts of the first Tax Code of the Russian Federation, part 1 of Art. 29 of the Federal Law "On Accounting" and other regulatory legal acts.

4.5. The operator processes the following personal data of customers:
— Surname, name, patronymic;
— Type, series and number of the identity document;
— Date of issue of the identity document and information about the person who issued it body;
— Address;
— Contact phone number;
— Email address.

5. Information about ensuring the security of personal data

5.1. The operator appoints a person responsible for organizing the processing of personal data to fulfill the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.

5.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:
- provides unlimited access to the Policy, a copy of which is posted at the address of the Operator, and can also be posted on the Operator's website (if available);
— in pursuance of the Policy, approves and puts into effect the document “Regulations on the processing of personal data” (hereinafter referred to as the “Regulations”) and other local acts;
— familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
— provides employees with access to personal data processed in the information system of the Operator, as well as to their material carriers only for the performance of labor duties;
— establishes the rules for access to personal data processed in the information system of the Operator, as well as ensures registration and accounting of all actions with them;
– assesses the harm that may be caused to the subjects of personal data in case of violation of the Federal Law “On Personal Data”;
— determines threats to the security of personal data during their processing in the information system of the Operator;
— applies organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;
— detects facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them;
– evaluates the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator’s information system;
— exercises internal control over the compliance of the processing of personal data with the Federal Law “On Personal Data”, the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the Policy, the Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security during processing in the information system of the Operator.

6. Rights of personal data subjects

6.1. The subject of personal data has the right:
- to receive personal data relating to this subject, and information regarding their processing;
- to clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
— to withdraw their consent to the processing of personal data;
- to protect their rights and legitimate interests, including damages and compensation for moral damage in court;
— to appeal against the actions or inaction of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.

6.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 Federal Law "On Personal Data".