Our Personal Data Processing Policy (hereinafter - the “Policy”) defines the basic principles, purpose, conditions and ways of processing personal data by Individual Entrepreneur Solodin Mikhail Dmitrievich (Primary State Registration Number (OGRN): 318366800107819; Taxpayer Identification Number (INN): 366523952001,Business address 24 Yulyusa Yanonisa Street, apt. 18, Voronezh, 394051, Russia) (hereinafter – the “Operator”) of users of https://solodina.gallery (as described in paragraph 1 below) as well as any other natural person providing their personal data to the Operator.
1. General terms and conditions
1.1. The Policy is structured in accordance with “The Data Protection Act” of 27 July 2006 and other legislation of the Russian Federation concerning personal data protection and processing.
1.2. The legislation of Russian Federation is applicable to this Policy, including interpretation of the Policy’s provisions and the way of its execution, modification and termination.
1.3. This Policy applies to all personal data processed by Individual Entrepreneur Solodin Mikhail Dmitrievich (hereinafter – the “Operator”).
1.4. This Policy applies to any personal data processed by the Operator before and after the approval of this Policy.
1.5. This Policy is freely available on the Operator’s website to fulfill the requirements of part 2 paragraph 18.1 of “The Data Protection Act”.
1.6. This Policy uses the following terms:
The Operator – Individual Entrepreneur Solodin Mikhail Dmitrievich (authorized in accordance with the law of Russian Federation)
Primary State Registration Number (OGRN): 318366800107819
Taxpayer Identification Number (INN): 366523952001
Business address 24 Yulyusa Yanonisa Street, apt. 18, Voronezh, 394051, Russia
User – Subject of Personal Data, visitor of Website that agrees with conditions of this Policy; anyone that wants to order a product or has already placed an order at online shop https://solodina.gallery or is using any other functions of this website.
Personal Data – any information related to a certain natural person directly or indirectly identified, according to the personal data acquired.
Personal Data Processing – any action (operation) or a combination of actions (operations) carried out with or without using automated techniques of Personal Data processing including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, usage, transmission (distribution, provision, access), depersonalization, block, removal and destruction of Personal Data.
Subject of Personal Data - a natural person directly or indirectly identified, according to the Personal Data acquired.
Personal Data Protection - the Company’s activity providing confidentiality of Personal Data; setting and maintaining the order of Personal Data processing as well as applying of organisational and technical measures for the protection of Personal Data and any other measures in accordance with the law of Russian Federation.
Confidential Information – data in written or electronic form with limited access in accordance with the law of Russian Federation and local regulations of the Company.
Automatic Processing of Personal Data - personal data processing using computer engineering.
Cross-border Personal Data Transmission - transmission of personal data to the territory of a foreign country or to a foreign authority, natural or legal person.
2. Rights and responsibilities of Subjects of Personal Data and the Operator.
2.1. Subjects of Personal Data have the following rights:
2.1.1. To get information about the processing of their Personal Data in the order, form and time frame according to the law.
2.1.2. To demand clarification of their Personal Data, its deletion or blocking in case the Personal Data is not complete, precise, up to date, if the data is obtained illegally or isn’t necessary for the declared purpose of processing.
2.1.3. To withdraw their consent previously given for the process of their personal data, according to the procedure mentioned in the Policy.
2.1.4. To unsubscribe from the Operator’s newsletters
2.1.5. To exercise other rights according to law
2.2. The Operator has the following rights:
2.2.1. To process personal Data of Subjects according to the declared purpose and in compliance with existing requirements.
2.2.2. To request personal data of Subjects required to achieve the purpose.
2.2.3. To limit access of the Subject to their Personal Data, in case personal data processing is carried out according to the law preventing money laundering and financing of terrorism; or in case Subject's access to their personal data violates rights and legitimate interests of third parties, as well as other circumstances provided for by the legislation of Russian Federation.
2.3. The Operator is obliged to:
2.3.1. Organize Personal Data processing in accordance with “The Personal Data Protection Act”.
2.3.2. Respond to questions and requests of Subjects of Personal Data and their legal representatives in accordance with “The Personal Data Protection Act”.
2.3.3. Report to the Designated Authority - Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor); provide the information requested by this authority within 30 days after receiving the request.
2.4. Supervision over the execution of this Policy is carried out by an authorized individual responsible for Personal Data Processing of the website of the Operator.
2.5. Responsibility for violation of Legislation of the Russian Federation and legal acts of the Operator concerning processing and protection of personal data is defined in accordance with the laws of Russian Federation.
3. Volume and categories of Personal Data processed:
3.1. The Operator processes Personal Data of the Subject within the limits set by the purpose of processing Personal Data. In this Policy, Personal Data of Users means the following:
3.1.1. Data provided by Users themselves while using the Website including: name, surname, postal address, phone number, e-mail. Required information is marked with a special symbol. Other information is not necessary and the decision to provide it is within the User’s discretion.
3.1.2. Technical data obtained by the Operator automatically with the software installed on the User’s device, such as: IP address, cookie data, information about the User’s browser (or any other program used to access the Website), technical characteristics of software and hardware, date and time of access to the Website, URLs of requested pages and other similar data.
3.2. The Operator doesn’t process special categories of personal data of Users (such as race, nationality, political views, religious or philosophical beliefs or sexual life) or personal biometric data.
3.3. The Operator doesn’t control and isn’t responsible for Personal Data Processing by third-party websites, which Users can visit following links on this Website.
3.4. The Operator doesn’t check and isn’t responsible for credibility of data provided by Users on the Website.
4. Purposes of Personal Data Processing.
4.1. The Operator processes only the personal data required to achieve the purposes defined in paragraph 4.2 of this Policy.
4.2. Personal data is processed by the Operator to achieve the following purposes:
4.2.1. Ensuring compliance with law enforcement of Russian Federation;
4.2.2. Conducting their work in accordance with the charter of Individual Entrepreneur Solodin Mikhail Dmitrievich;
4.2.3. Implementing civil legal relationships;
4.2.4. Engaging customers and counterparts of the Operator, contract negotiations and management;
4.2.5. The purpose of processing personal data for the Users of the Website are the following:
Registering Users at the Website and placing an order or purchasing a product without creating an account;
Processing Users’ requests made through the Website;
Improving the Website’s performance and usability, developing new services;
Conducting promotions, programs, offers, polls, lotteries etc; as well as promoting goods and services through direct contact (newsletter) with the User through different channels of communication, including post, e-mail, phone and the Internet;
Carrying out statistical and other analysis based on depersonalized data for improving service.
5. Principles of Personal Data Processing
5.1. The Operator processes personal data of the Subjects guided by the following principles:
5.1.1. Subject’s Personal Data is processed for certain lawful purposes, listed in section 4 of this Policy.
5.1.2. The Operator processes only the personal data needed to achieve the purposes listed in this Policy.
5.1.3. The Operator guarantees accuracy and relevance of the processed personal data and makes sure the data is enough to achieve the purpose.
5.1.4. The Operator provides confidentiality of the processed data and uses all the necessary measures, according to paragraph 9.1 of this Policy.
6. Order and conditions of processing personal data and transferring personal data to third parties.
6.1. Personal Data Processing includes collection, systematization, accumulation, storage, clarification, usage and transmission of data to third parties, both local and cross-border, depersonalisation, block and deletion of personal data to achieve the purpose of the Operator and fulfill their obligation (as listed in section 4 of this Policy).
6.2. Personal Data of the Subject is processed by the Operator with or without using automated techniques (such as automated database management systems and other software).
6.3. When it is necessary for achieving the purpose listed in this Policy, the Operator can give access to the personal data or transfer it to other companies. Moreover, if it is absolutely necessary for achieving said purpose of personal data processing, the access to the data can be given to third parties, such as suppliers of technological services, financial management or logistics. The access to data is provided upon conclusion of a contract with the third party, providing confidentiality and protection of the personal data.
6.4. Personal data of the Subject can be only processed with their consent. The consent is indefinite and can be withdrawn by the Subject or their representative by sending a formal request to the Operator via post or e-mail (firstname.lastname@example.org).
7. Change and deletion of personal data
Mandatory data retention
7.1. The Operator is obliged to clarify, block or delete personal data following the Subject’s request in case the data is not complete, precise, up to date, if the data is obtained illegally or isn’t necessary for the declared purpose of processing.
7.1.1. The Operator is obliged to update the data and notify the Subject of Personal Data within 10 days after the Subject provides the missing information in case the data is not complete, precise or up to date.
7.1.2. Personal Data shall be deleted in the following cases:
1) If it is impossible to ensure legitimate processing of personal data in less than 15 days upon identification of illegitimate processing;
2) After receiving a formal request to delete their personal data or to withdraw consent to processing personal data from the Subject of personal data;
3) If the purpose of personal data processing has been fulfilled or there is no need to process the data anymore;
4) If the storage period of personal data has expired.
7.1.3. Personal data must be deleted within 30 days unless the legislation of Russian Federation or this Policy says otherwise.
7.2. The rights provided for in this Policy can be limited in accordance with the law. For instance, such limitations might require the Operator to keep the data modified or deleted by the Subject within the period established by the law and to transfer such information to the authorities, in accordance with the legal procedure.
7.3. Personal data is not kept longer than what is necessary, in order for its purpose to be fulfilled in case the storage period hasn’t been established by law or contract, with the Subject of Personal Data being its party, beneficiary or sponsor.
8. Personal data processing using cookies and counters
8.1. Cookies transferring from the Operator to User’s device can be used by the Operator in order to provide the User with personalised service and targeted advertisement as well as to improve Website performance and for statistical and research purposes.
8.2. The User must understand that their hardware or software used for accessing the Internet may have the settings that do not allow using cookies (on some websites or all of them) or that might delete previously received cookies.
8.3. Search engines might consider providing a certain service only in case the User has enabled cookies.
8.4. The structure of cookies as well as their content and technical parameters are set by the Operator and can be changed without the obligation to notify the User first.
8.5. Counters, placed by the Website, can be used to analyze the User’s cookies, to collect and process statistical information on use of the Website and to provide steady performance of the website or its separate functions.Technical parameters of the counters are set by the Operator and can be changed without the obligation to notify the User first.
9. Personal data protection
9.1. The Operator takes necessary legal, organisational and technical measures in order to protect personal data of the Subjects against unauthorized access, deletion, change, block, copy, distribution or other wrongdoings of third parties.
9.2. To ensure adequate protection of personal data, the Operator evaluates possible damage that can be caused by any security breach of personal data and identifies imminent security threats during its processing by personal data information systems.
10. Changes of the Policy
10.1. The Operator can change this Policy without asking the Subject of personal data for their consent first. After the Policy is modified, the publication date is also updated. New edition of the Policy becomes effective from the moment of its publication on this website and is valid until the next edition of the Policy is approved. The most up-to-date version of the Policy is available at https://solodina.gallery.
11. Contact for questions about personal data
11.1. Subjects of Personal Data have a right to send their questions, requests and any other inquiries concerning this Policy and their personal data usage to the Operator:
Via e-mail: email@example.com.
By post: Ulitsa Yulyusa Yanonisa 24 kv. 12 Voronezh Russia 394051.
Publication date: 20.07.2021.