Privacy Policy
PERSONAL DATA PROCESSING POLICY
1. General Provisions
1.1. This personal data processing policy is drawn up in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" (hereinafter referred to as the Personal Data Law) and determines the procedure for processing personal data and measures to ensure the security of personal data taken by Baste Digital (hereinafter referred to as the Operator).
1.2. The Operator's primary goal and condition for carrying out its activities is to respect the rights and freedoms of individuals during the processing of their personal data, including the protection of rights to privacy, personal, and family secrets.
1.3. This policy of the Operator regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may receive about visitors to the website https://baste.digital
2. Key Concepts Used in the Policy
2.1. Automated processing of personal data – processing of personal data using computing technology.
2.2. Blocking of personal data – temporary cessation of processing personal data (except when processing is necessary to clarify personal data).
2.3. Website – a collection of graphic and informational materials, as well as software and databases that provide their accessibility on the Internet at the network address https://baste.digital
2.4. Information system of personal data — a collection of personal data contained in databases and ensuring their processing through information technologies and technical means.
2.5. Anonymization of personal data — actions that make it impossible to determine without additional information whether personal data belongs to a specific User or another subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
2.7. Operator – a state body, municipal body, legal entity or individual who independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes for processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
2.8. Personal data – any information related directly or indirectly to a specific or identifiable User of the website https://baste.digital.
2.9. Personal data permitted by the subject of personal data for dissemination – personal data to which access is granted by an unlimited number of persons by the subject of personal data through consent for processing personal data permitted by the subject for dissemination in accordance with the Personal Data Law (hereinafter referred to as personal data permitted for dissemination).
2.10. User – any visitor to the website https://baste.digital
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or making it available to an unlimited number of persons, including publication of personal data in mass media, placement in information and telecommunications networks or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2.14. Destruction of personal data – any actions that result in irreversible destruction of personal data with no possibility for further restoration in the information system for personal data and/or destruction of physical carriers of personal data.
3. Basic Rights and Obligations of the Operator
3.1. The Operator has the right to:
– receive reliable information and/or documents containing personal data from the subject of personal data;
– in case the subject of personal data withdraws consent for the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Personal Data Law;
– independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations established by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
– provide the subject of personal data, upon request, with information regarding the processing of their personal data;
– organize the processing of personal data in accordance with applicable legislation of the Russian Federation;
– respond to requests and inquiries from subjects of personal data and their legal representatives in accordance with the requirements of the Personal Data Law;
– provide necessary information to the authorized body for protecting the rights of subjects of personal data upon request from this body within 30 days from the date of receipt of such a request;
– publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
– take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions regarding personal data;
– cease the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in accordance with the procedure and cases provided for by the Personal Data Law;
– fulfill other obligations established by the Personal Data Law.
4. Basic Rights and Obligations of Subjects of Personal Data
4.1. Subjects of personal data have the right to:
– receive information regarding the processing of their personal data, except in cases provided for by federal laws. Information is provided to the subject of personal data by the Operator in an accessible form and must not contain personal data related to other subjects of personal data unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
– require the Operator to clarify their personal data, block or destroy it if it is incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the stated purpose of processing, as well as take legal measures to protect their rights;
– impose a condition for prior consent when processing personal data for marketing purposes;
– withdraw consent for processing personal data;
– appeal to the authorized body for protecting the rights of subjects of personal data or in court against unlawful actions or inaction of the Operator when processing their personal data;
– exercise other rights provided by Russian legislation.
4.2. Subjects of personal data are obliged to:
– provide reliable information about themselves to the Operator;
– inform the Operator about any clarifications (updates, changes) to their personal data.
4.3. Persons who provided false information about themselves or information about another subject of personal data without their consent are liable in accordance with Russian legislation.
5. The Operator may process the following personal data of the User
5.1. Last name, first name, patronymic.
5.2. Email address.
5.3. Phone numbers.
5.4. The website also collects and processes anonymized data about visitors (including cookies) using internet statistics services (Yandex Metrica, Google Analytics, and others).
5.5. The above-mentioned data is collectively referred to as Personal Data in this Policy.
5.6. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or intimate life.
5.7. Processing of personal data permitted for dissemination from special categories of personal data specified in part 1 of Article 10 of the Personal Data Law is allowed if the prohibitions and conditions provided for in Article 10.1 of the Personal Data Law are observed.
5.8. The User's consent to the processing of personal data permitted for dissemination is obtained separately from other consents for the processing of their personal data. In this case, the conditions established, in particular, by Article 10.1 of the Personal Data Law are observed. The requirements for the content of such consent are established by the authorized body for protecting the rights of subjects of personal data.
5.8.1 The consent for processing personal data permitted for dissemination is provided by the User directly to the Operator.
5.8.2 The Operator is obliged to publish information about the conditions of processing, prohibitions and conditions on processing by an unlimited number of persons of personal data permitted for dissemination within three working days from the date of receipt of such consent from the User.
5.8.3 The transfer (distribution, provision, access) of personal data permitted by the subject of personal data for dissemination must be terminated at any time at the request of the subject of personal data. This request must include the last name, first name, patronymic (if available), contact information (phone number, email address or postal address) of the subject of personal data, as well as a list of personal data whose processing is to be terminated. The personal data specified in this request may only be processed by the Operator to whom it is directed.
5.8.4 Consent for processing personal data permitted for dissemination ceases to be valid upon receipt by the Operator of a request specified in paragraph 5.8.3 of this Policy regarding the processing of personal data.
6. Principles for Processing Personal Data
6.1. Processing of personal data is carried out on a lawful and fair basis.
6.2. Processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing that is incompatible with the purposes for which personal data was collected is not allowed.
6.3. Combining databases containing personal data processed for incompatible purposes is not allowed.
6.4. Only personal data that meets the purposes of their processing shall be processed.
6.5. The content and volume of processed personal data correspond to the stated purposes of processing. Excessive processing of personal data relative to stated purposes is not allowed.
6.6. When processing personal data, accuracy, adequacy, and relevance to the purposes of processing are ensured. The Operator takes necessary measures and/or ensures their implementation to remove or clarify incomplete or inaccurate data.
6.7. Storage of personal data is carried out in a form that allows identification of the subject of personal data no longer than necessary for achieving the purposes for which they are processed unless a storage period for personal data is established by federal law, contract, or other legal document involving the subject of personal data as a party or beneficiary or guarantor thereof. Processed personal data shall be destroyed or anonymized upon achieving processing purposes or when there is no longer a need to achieve these purposes unless otherwise provided by federal law.
7. Purposes of Processing Personal Data
7.1. The purpose of processing the User's personal data:
– informing the User via email;
– concluding, executing, and terminating civil law contracts;
– providing the User with access to services, information, and/or materials contained on the website https://baste.digital
7.2. The Operator also has the right to send the User notifications about new products and services, special offers, and various events. The User can always opt-out of receiving informational messages by sending a letter to the Operator at mail@mdseo.ru with the subject "Opt-out from notifications about new products and services and special offers."
7.3. Anonymized data about Users collected through internet statistics services is used to gather information about Users' actions on the site, improve the quality of the website and its content.
8. Legal Grounds for Processing Personal Data
8.1. The legal grounds for processing personal data by the Operator are:
– Federal Law "On Information, Information Technologies, and Information Protection" dated July 27, 2006 No. 149-FZ;
– federal laws and other regulatory legal acts in the field of personal data protection;
– consents from Users for processing their personal data and for processing personal data permitted for dissemination.
8.2. The Operator processes the User's personal data only if they are filled out and/or sent by the User independently through special forms located on the website https://baste.digital or sent to the Operator via email. By filling out the relevant forms and/or sending their personal data to the Operator, the User expresses their consent to this Policy.
8.3. The Operator processes anonymized data about the User if this is permitted in the User's browser settings (including enabling cookie storage and using JavaScript technology).
8.4. The subject of personal data independently decides to provide their personal data and gives consent freely, of their own will, and in their own interest.
9. Conditions for Processing Personal Data
9.1. Processing of personal data is carried out with the consent of the subject of personal data for processing their personal data.
9.2. Processing of personal data is necessary to achieve purposes provided for by international treaties of the Russian Federation or laws, to perform functions, powers, and duties imposed on the operator by Russian legislation.
9.3. Processing of personal data is necessary for administering justice, executing a judicial act, or an act of another authority or official that must be executed in accordance with Russian legislation on enforcement proceedings.
9.4. Processing of personal data is necessary for fulfilling a contract in which either party is a subject of personal data or a beneficiary or guarantor under that contract, as well as for concluding a contract at the initiative of the subject of personal data or a contract under which the subject will be a beneficiary or guarantor.
9.5. Processing of personal data is necessary for exercising rights and legitimate interests of the operator or third parties or achieving socially significant goals provided that it does not violate the rights and freedoms of the subject of personal data.
9.6. Processing is carried out for personal data to which access has been granted by an unlimited number of persons by the subject of personal data or at their request (hereinafter referred to as publicly available personal data).
9.7. Processing is carried out for personal data that must be published or disclosed in accordance with federal law.
10. Procedure for Collecting, Storing, Transmitting, and Other Types of Processing Personal Data
10.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
10.2. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to personal data.
10.3. The User's personal data will never be transferred to third parties under any circumstances, except in cases related to the enforcement of applicable laws or if the subject of personal data has given consent to the Operator for transferring data to a third party for fulfilling obligations under a civil law contract.
10.4. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator at the email address mail@mdseo.ru with the subject "Updating Personal Data."
10.5. The processing period for personal data is determined by achieving the purposes for which the personal data was collected unless a different period is provided by a contract or applicable law.
10.6. The User may withdraw their consent for processing personal data at any time by sending a notification to the Operator via email at mail@mdseo.ru with the subject "Withdrawal of Consent for Processing Personal Data."
10.7. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by these entities (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data and/or User is obliged to familiarize themselves in a timely manner with these documents. The Operator is not responsible for the actions of third parties, including those service providers mentioned in this paragraph.
10.8. Prohibitions established by the subject of personal data on transfer (except for providing access) as well as on processing or conditions for processing (except for obtaining access) of personal data permitted for dissemination do not apply in cases of processing personal data in state, public, and other public interests defined by Russian legislation.
10.9. The Operator ensures confidentiality of personal data during its processing.
10.10. The Operator stores personal data in a form that allows identification of the subject of personal data no longer than necessary for achieving the purposes for which they are processed unless a storage period for personal data is established by federal law, contract, or other legal document involving the subject of personal data as a party or beneficiary or guarantor thereof.
10.11. The termination of processing personal data may occur upon achieving processing purposes, expiration of consent from the subject of personal data, or withdrawal of consent by the subject of personal data, as well as upon detection of unlawful processing of personal data.
11. List of Actions Performed by the Operator with Received Personal Data
11.1. The Operator carries out collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
11.2. The Operator carries out automated processing of personal data with receiving and/or transmitting received information through information and telecommunications networks or without such transmission.
12. Cross-Border Transfer of Personal Data
12.1. Before starting cross-border transfer of personal data, the Operator must ensure that reliable protection of the rights of subjects of personal data is provided by the foreign state to which it is planned to transfer personal data.
12.2. Cross-border transfer of personal data to foreign states that do not meet the above requirements can only be carried out if there is written consent from the subject of personal data for cross-border transfer of their personal data and/or execution of a contract in which the subject is a party.
13. Confidentiality of Personal Data
13.1 The Operator and other persons who have access to personal data are obliged not to disclose to third parties and not to distribute personal data without consent from the subject of personal data unless otherwise provided by federal law.
14. Final Provisions
14.1. The User can obtain any clarifications on issues related to the processing of their personal data by contacting the Operator via email at mail@mdseo.ru.
14.2. This document will reflect any changes to the policy on processing personal data by the Operator. The Policy is valid indefinitely until replaced by a new version.
14.3. The current version of the Policy is available online at https://baste.digital.