info@creon-cg.com +7 (495) 032-22-55
Ру En Kz
Request a call
Main Privacy policy

Privacy policy

 

We are very delighted that you have shown interest in our agency. Data protection is of a particularly high priority for the management of Creon.

General Provisions

This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) has been prepared in accordance with clause 2 of Part 1 of Art. 18.1 of the Federal Law of the Russian Federation “On Personal Data” No.152 dated July 27, 2006 (hereinafter referred to as the “Law”) determines the position of individual entrepreneur limited liability company «RA Creon» (OGRN: 1157746948446, registration address: 143405, Moscow, 123060, Marshal Vershinin St., house 4, building 2, room II Door 2, apartment 519) and / or its affiliates, (hereinafter — the “Company”) in the field of processing and protecting personal data (hereinafter — “Data”), respecting the rights and freedoms of each rights and, in particular, the right to privacy, personal and family secrets.

Application area

This Policy applies to Data received both before and after the entry into force of this Policy. Understanding the importance and value of the Data, as well as caring for the observance of the constitutional rights of citizens of the Russian Federation and citizens of other states, the Company ensures reliable protection of the Data.

Definitions

Data means any information relating to a directly or indirectly determined or determined individual (citizen), i.e. such information, in particular, includes: last name, first name, middle name, e-mail, telephone number. By processing the Data, any action (operation) or set of actions (operations) with Data performed using automation means is understood and / or without means. Such actions (operations) include: collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data. Data Security is understood to mean that the Data is protected from unauthorized and / or unauthorized access to, destruction, alteration, blocking, copying, provision, dissemination of Data, as well as from other illegal actions in relation to the Data.

Legal basis and purpose of data processing

Processing and ensuring the security of the Data in the Company is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation and other defining cases and peculiarities of processing the Data of the federal laws of the Russian Federation, guidance and guidance documents of the Federal Service for Technical and Export Control of Russia and the FSB of Russia.

The Data Subjects processed by the Company are:

customers are consumers, including visitors of the site https://creon-cg.ru/ owned by the Company, including for the purpose of placing an order on the website  https://creon-cg.ru/  with subsequent delivery to the client, the recipients of services.

The company processes the Subjects for the following purposes:

implementation of the functions, powers and responsibilities assigned to the Company by the legislation of the Russian Federation in accordance with federal laws, including but not limited to: the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, the Labor Code of the Russian Federation, the Family Code of the Russian Federation, Federal Law of 01.04 .1996 No. 27-ФЗ “On Individual (Personalized) Accounting in the System of Mandatory Pension Insurance”, Federal Law No. 152-ФЗ dated July 27, 2006 “On Personnel data

Federal Law of 28.03.1998 No. 53-ФЗ “On Military Duty and Military Service”, Federal Law of 26.02.1997 No. 31-ФЗ “On Mobilization Preparation and Mobilization in the Russian Federation”, Federal Law of 02.02.1998 No. 14-FZ “On Limited Liability Companies”, Federal Law of 07.02.1992 No. 2300-1 “On Protection of Consumer Rights”, Federal Law of 21.11.1996 No. 129-ФЗ “On Accounting”, Federal Law No. 326-FZ of November 29, 2010 “On Compulsory Medical Insurance in the Russian Federation”,

Customers - consumers in order to:

  • providing information on goods / services, promotions and special offers;
  • analysis of the quality of service provided by the Company and improvement of the quality of customer service of the Company;
  • informing about the status of the order;

Principles and conditions of data processing.

When processing Data, the Company adheres to the following principles: Data processing is carried out on a lawful and fair basis; The data are not disclosed to third parties and are not distributed without the consent of the data subject, with the exception of cases requiring the disclosure of data at the request of the authorized state bodies, legal proceedings; identification of specific legal objectives prior to the processing (including collection) of the Data; Only those Data are collected that are necessary and sufficient for the stated purpose of processing; merging of databases containing Data that are processed for purposes that are incompatible with each other is not allowed; Data processing is limited to achieving specific, predetermined and legitimate goals; processed Data shall be destroyed or depersonalized upon the achievement of processing objectives or in the event of the loss of the need to achieve these objectives, unless otherwise provided by federal law.The Company may include the Subject's Data in publicly available sources of Data, while the Company takes the written consent of the subject to the processing of its Data, or by expressing consent through the site form (checkbox), by which the subject of personal data expresses its consent.

The company does not process the data relating to race, nationality, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including in trade unions.

Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which are used by the operator to identify the subject's identity) is not processed by the Company. The Company does not provide cross-border data transmission.

In cases established by the legislation of the Russian Federation, the Company has the right to transfer the Data to third parties (the federal tax service, the state pension fund and other state bodies) in cases stipulated by the legislation of the Russian Federation.

The Company has the right to entrust the processing of the Data of the Data Subjects to third parties with the consent of the Data Subject, on the basis of the contract concluded with these persons, including with the consent of the user agreement and personal data processing policies posted on the website. Persons who process the Data on the basis of a contract entered into with the Company (operator’s instructions) undertake to comply with the principles and rules for the processing and protection of Data provided for by the Law. For each third party, the contract specifies a list of actions (operations) with Data that will be performed by a third party processing the Data, processing objectives, establishes the obligation of such persons to maintain confidentiality and ensure the safety of the Data when processing them, specifies the requirements for the protection of the processed Data in accordance with with the law.

In order to fulfill the requirements of the current legislation of the Russian Federation and its contractual obligations, the processing of Data in the Company is carried out both with and without automation. A set of processing operations includes the collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of data.The Company prohibits the adoption on the basis of exclusively automated processing of these decisions, which give rise to legal consequences in relation to the Data subject or in any other way affecting his rights and legitimate interests, except as provided for by the legislation of the Russian Federation.

Rights and obligations of Data Subjects, as well as the Company in the processing of Data

The entity whose data is processed by the Company has the right to:

  • receive from the Company: confirmation of the processing of the Data and information on the availability of Data relating to the relevant Data Subject;
  • information on the legal basis and purpose of data processing; information about the data processing methods used by the Company; information about the name and location of the Company;
  • information about persons (with the exception of Company employees) who have access to the Data or to whom the Data may be disclosed on the basis of an agreement with the Company or on the basis of federal law; 
  • the list of processed Data relating to the subject of the Data, and information about the source of their receipt, unless a different procedure for the provision of such Data is provided for by federal law;
  • information about the processing time of the data, including the storage period;
  • information on the procedure for the exercise by the subject of the Data of rights provided for by the Law; the name (full name) and address of the person processing the data on behalf of the Company;
  • other information provided by the Law or other regulatory acts of the Russian Federation;
  • require from the Company: clarification of their Data, their blocking or destruction in case the Data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
  • withdraw your consent to the processing of data at any time; require the removal of illegal actions of the Company in relation to its data;
  • appeal against the actions or inaction of the Company to the Federal Service for Supervision in the Field of Communications, Information Technologies and Mass Communications (Roskomnadzor) or in court if the Data subject believes that the Company is processing its Data in violation of the Law or otherwise violates its rights and freedom;
  • to protect their rights and legitimate interests, including damages and / or compensation for moral damage in a judicial proceeding.

The company in the processing of data must:

provide the Data Subject upon its request with information concerning the processing of its PDN, or legally provide a refusal within thirty days from the date of receipt of the Data Subject's request or its representative;

explain to the Data Subject the legal consequences of failure to provide the Data, if the provision of the Data is mandatory in accordance with federal law;

Prior to the processing of the Data (if the Data is not received from the Data Subject), provide the Data Subject with the following information, except as provided for in paragraph 4 of Article 18 of the Law:

  • name or surname, name, patronymic and address of the Company or its representative;
  • the purpose of processing the data and its legal basis;
  • intended users of the Data;
  • the rights of data subjects established by law;
  • source of data.

take the necessary legal, organizational and technical measures or ensure their adoption to protect the Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, submission, dissemination of Data, as well as from other illegal actions against the Data;

publish on the Internet and provide unrestricted access, using the Internet, to the document defining its data-processing policy to the data on the implemented data protection requirements; provide the Data Subjects and / or their representatives free of charge with the opportunity to familiarize themselves with the Data when making a corresponding request within 30 days from the date of receipt of such a request;

perform blocking of illegally processed Data related to the Data Subject, or ensure their blocking (if the Data is processed by another person acting on behalf of the Company) from the moment of applying or receiving a request for the verification period, in case of unlawful processing of Data when the Data Subject or a representative or upon request of a Data Subject or its representative or an authorized body for the protection of the rights of personal data subjects;

clarify the Data or ensure their clarification (if the Data is processed by another person acting on behalf of the Company) within 7 working days from the date of submission of information and remove the blocking of the Data, if the fact of inaccuracy of the Data is confirmed on the basis of information provided by the Data subject or his representative;

stop illegal data processing or ensure the termination of illegal data processing by a person acting on behalf of the Company in case of unlawful data processing performed by the Company or a person acting on the basis of an agreement with the Company within a period not exceeding 3 business days from the date of this identification;

stop processing the Data or ensure its termination (if the data is processed by another person acting under the contract with the Company) and destroy the Data or ensure its destruction (if the data is processed by another person acting under the contract with the Company) to achieve the purpose of processing the Data, unless otherwise it is not stipulated by the contract, the party to which, the beneficiary or guarantor of which is the subject of the Data, in case of achieving the goal of processing the Data;

stop processing the Data or ensure its termination and destroy the Data or ensure their destruction if the Data subject withdraws the consent to the Data processing, if the Company does not have the right to process the Data without the consent of the Data Subject;
keep a log of records of PD subjects, in which the requests of the Data Subjects to receive Data, as well as the facts of the provision of Data on these requests, should be recorded.

Data Protection Requirements

When processing the Data, the Company takes the necessary legal, organizational and technical measures to protect the Data from unauthorized and / or unauthorized access, destruction, modification, blocking, copying, submission, dissemination of Data, as well as from other illegal actions in relation to the Data.

Such measures in accordance with the Law, in particular, include: the appointment of the person responsible for organizing the processing of the Data and the person responsible for ensuring the safety of the Data;

Development and approval of local acts on the processing and protection of data; application of legal, organizational and technical measures to ensure data security:

  • dentification of data security threats during their processing in personal data information systems;
  • application of organizational and technical measures to ensure the security of the Data when processing them in personal data information systems necessary to meet the requirements for data protection, the execution of which ensures the data security levels established by the Government of the Russian Federation;
  • the use of the information security protection measures passed in the prescribed manner;
  • evaluation of the effectiveness of measures taken to ensure the security of the Data prior to the commissioning of the personal data information system;
  • accounting of data storage media, if the data is stored on computer storage media;
  • detection of facts of unauthorized access to the Data and taking measures to prevent similar incidents in the future;
  • recovery of data modified or destroyed due to unauthorized access to it;
  • the establishment of rules for access to the Data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with the Data in the personal data information system.

The control over the measures taken to ensure data security and the level of security of personal data information systems;

assessment of the harm that may be caused to the Data subjects in case of violation of the requirements of the Law, the ratio of the said harm and the measures taken by the Company to ensure the fulfillment of the duties provided for by the Law;

compliance with conditions that preclude unauthorized access to tangible data carriers and ensure the safety of the Data;

familiarization of the Company's employees who directly process the Data with the provisions of the Russian legislation on Data, including data protection requirements, local acts on the processing and protection of Data, and the training of Company employees.

Terms of processing (storage) of data

Terms of processing (storage) of Data are determined on the basis of the purposes of processing the Data, in accordance with the term of the contract with the Data subject, the requirements of federal laws, the requirements of Data operators on whose behalf the Company processes the Data, the basic rules of the archives of organizations, and the limitation periods.

Data, which has been expired, must be destroyed, unless otherwise provided by federal law. Data storage after termination of their processing is allowed only after their anonymization.

The procedure for obtaining clarifications on data processing.

Persons whose Data is processed by the Company may receive clarifications on the processing of their Data by contacting the Company in person or by sending a corresponding written request to the address of the Company: Moscow, 123060, Marshal Vershinin St., house 4, building 2, room II Door 2.

  • In the case of a formal request to the Company in the query text, you must specify:
  • surname, name, patronymic of the subject of the Data or his representative;
  • the number of the main document certifying the identity of the Data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
  • information confirming that the subject has the Data of relations with the Company; feedback information for the Company to respond to the request;
  • the signature of the Data subject (or his representative). If the request is sent electronically, it must be in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

Features of the processing and protection of data collected by the Company using the Internet

The Company processes the Data received from the Site users from the resource: https://creon-cg.ru/ (hereinafter referred to as the Site), as well as those received on the Company's phone: +7 (495) 032-22-55, to the Company's email address: info@creon-cg.ru

Data collection

There are two main ways in which the Company receives Data via the Internet:

Provision of Data

Provision of Data (independent data entry): last name, name, patronymic, Email, phone number

Data Subjects by entering the Company’s phone: +7 (495) 032-22-55, to the Company’s email address: info@creon-cg.ru

Automatically collected information

The Company may collect and process information that is not personal data: information about the interests of users on the Site based on the entered search queries of users of the Site about the products sold and offered for sale by the Company in order to provide relevant information to the Company's clients when using the Site, as well as summarizing and analyzing information , about which sections of the Site and products are most in demand among the Company's customers; processing and storing search queries of users of the Site in order to summarize and create client statistics on the use of sections of the Site.

The company automatically receives certain types of information obtained in the process of user interaction with the Website, email correspondence, etc. These are technologies and services, such as web protocols, cookies, web tags, as well as applications and tools of this third parties. At the same time, web-marks, cookies and other monitoring technologies do not allow to automatically receive Data. If a Site user, at his own discretion, provides his Data, for example, when filling out a feedback form or sending an e-mail, then only then the processes of automatic collection of detailed information are launched to facilitate the use of web sites and / or to improve interaction with users.

Data usage

The Company has the right to use the provided Data in accordance with the stated purposes of their collection with the consent of the Data subject, if such consent is required in accordance with the requirements of the legislation of the Russian Federation in the field of Data. The data obtained in a generalized and anonymous form can be used to better understand the needs of buyers of goods and services sold by the Company and improve the quality of service.

Data transfer

The company may assign the processing of data to third parties solely with the consent of the data subject. Also, Data may be transferred to third parties in the following cases:

  • as a response to legitimate requests of authorized state bodies, in accordance with laws, court decisions, etc.
  • Data cannot be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data Subject.

The site contains links to other web resources where there may be useful and interesting information for the users of the Site. However, this Policy does not apply to such other sites. Users following links to other sites are advised to familiarize themselves with the data processing policies posted on such sites.

The Site User may at any time withdraw his consent to the processing of the Data by sending a message by calling the Company's phone number: +7 (495) 032-22-55, to the Company's email address: info@creon-cg.ru, or by sending a written notice to the Company: 123060, Moscow, Marshal Vershinin St., house 4, building 2, room II Door 2. After receiving such a message, the processing of User Data will be terminated, and its Data will be deleted, except when processing can be continued in accordance with the law. Final Provisions This Policy is a local regulatory enactment of the Company. This Policy is publicly available. The general availability of this Policy is provided by publication on the Company's Website. This Policy may be revised in any of the following cases:

  • changes in the legislation of the Russian Federation in the field of processing and protection of personal data;
  • in cases of obtaining instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the Policy;
  • by decision of the Company's management;
  • at change of the purposes and terms of data processing;
  • when changing the organizational structure, the structure of information and / or telecommunication systems (or the introduction of new ones);
  • in the application of new technologies for processing and protecting data (including transmission, storage);
  • when it becomes necessary to change the processing of data related to the activities of the Company. In the event of non-compliance with the provisions of this Policy, the Company and its employees shall be liable in accordance with the current legislation of the Russian Federation. The monitoring of compliance with the requirements of this Policy is carried out by those responsible for organizing the processing of Company Data, as well as for the security of personal data.

 

Request a call
Leave your phone number or email and we will call you back in a short period of time
Your name*
Your phone or e-mail*
Your request has been successfully submitted
We will call you back within 1 hour, thanks for contacting us!
Your request has been successfully submitted
We will call you back within 1 hour, thanks for contacting us!