Section 1. POLICY OBJECTIVES
This document defines the policy regarding the processing of personal data, and also contains information about the implemented requirements for the protection of personal data, which determine the procedure for working with personal data and requirements for ensuring their security.
Section 2. BASIC CONCEPTS
2.1. this Policy uses concepts in the meaning in which they are given in the law "on personal data".
2.2. in this Policy, the Operator means "VesoParts", and the website means the Operator's website located on the Internet at the following address: http://veso-parts.com/.
2.3. This Policy applies to all information that the Operator may have received about the User during their use of the site or the Operator's services (hereinafter also referred to as the Services) and during the execution by the Operator of any agreements and agreements with the User. The User's consent to the Policy, expressed by them in the framework of relations with one of the listed persons, applies to all other listed persons.
2.4. Using the Operator's services (any contact with the site) means that the User unconditionally agrees to this Policy and the conditions for processing their personal information specified in it; in case of disagreement with these conditions, the User must refrain from using the Services.
Section 3. POLICY ON THE PROCESSING OF PERSONAL DATA
3.1. the Operator processes personal data of the following categories of subjects: – contractors-individuals connected with the Operator by civil relations; - employees of the counterparty – individuals connected with the counterparty by labor or civil relations;-users of the Operator's website, including representatives of Dealers, Companies, Buyers, casual visitors and third parties, as well as Buyers of goods or services, advertising information about which is posted on the site; - other subjects in connection with the presence of legal relations with the Operator that do not contradict the law.
3.2. The operator is guided by the following principles for establishment purposes of personal data processing. - processing of personal data must be carried out on a legal and fair basis. - the content and volume of personal data processed must correspond to the stated purposes of processing. - when processing personal data, the Operator complies with other principles and rules of processing established by law.
3.3. Purpose of processing personal data vary. The operator is guided by the terms of personal data processing depending on the categories of personal data subjects and taking into account the provisions of the country's regulatory legal acts. The operator has the right to process personal data only for legitimate purposes, and the processing of personal data should be limited to achieving these goals.
3.4. The purposes of personal data processing by the Company are: - in relation to contractors, their representatives and employees-compliance with the Civil code on contractual obligations, conclusion and execution of contracts with contractors, provision of an Internet service by the operator to work with contracts, performance of actions by the operator on behalf of representatives of personal data subjects; - in relation to Users - provision by the Operator of an Internet service for working with contracts, identification of the party within the Services and services, agreements and contracts with the operator; the promotion of goods, works and services in the market; providing the User with personalized services and execution of agreements and contracts; conclusion of User transactions (agreements and contracts) of purchase and sale of goods, provision of services, works and other; communication with User, including sending notifications, requests and information regarding the use of services, execution of agreements and contracts, handling queries and requests from the User, as well as newsletters and promotional mailings; improving the quality of Services, ease of use, and development of new Services.
3.5. The processing of personal data by the Operator is allowed in the following cases:
3.5.1. If the personal data subject consents to the processing of their personal data. The procedure for obtaining the consent of the personal data subject by the Company is defined in section 5 of the Policy.
3.5.2. the processing of personal data is necessary for the implementation and fulfillment of the functions, powers and duties assigned to the operator by law.
3.5.3. to conclude a contract on the initiative of the personal data subject and to execute the contract to which the personal data subject is a party. Such agreements, without limitation, are any civil contracts, including those in the form of an accepted offer with Users. Until the conclusion of contracts, the Operator processes personal data at the stage of pre-contractual work, when the subject's consent to processing is confirmed by filling out an application on the site or sending an electronic message indicating personal data to the operator by e-mail.
3.5.4. The processing of personal data by the Operator is necessary for the rights and legitimate interests of the operator and/or third parties or to achieve important public purposes, provided that doing so does not violate the rights and freedoms of personal data subjects.
3.5.5. personal data is Processed by the Operator for statistical or other research purposes, subject to mandatory depersonalization of personal data.
3.5.6. Processing of personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
3.5.7. Personal data is subject to publication or mandatory disclosure in accordance with the law.
3.6. the Operator does not process personal data related to special categories and related to nationality, political views, religious or philosophical beliefs, intimate life, membership of personal data subjects in public associations or their trade Union activities, except for information related to the possibility of performing an Employee's work function and necessary for the purposes defined by pension legislation.
3.7. the processing of personal data on criminal records may be carried out by the operator only in cases and in accordance with the procedure established by law.
3.8. The operator does not handle the biometric personal data.
3.9. when collecting personal data, the Operator provides recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data using databases located on the territory of the country.
3.10. the Operator may perform cross-border transfer of personal data in cases where contracts are concluded with users and contractors located abroad, to the extent necessary for the conclusion and execution of such contracts. In case of cross-border transfer of personal data to States that are not parties to the Council of Europe Convention on the protection of individuals in the automated processing of personal data, or do not provide adequate protection of personal data, the personal data subjects consent in writing to such transfer.
3.11. the Operator does not make decisions that give rise to legal consequences in relation to personal data subjects or otherwise affect their rights and legitimate interests, based solely on automated processing of personal data.
3.12. When the User uses the site's services and services, as well as the services of its Regional dealers and dealers, the User's personal information may be transferred to the site and/or its dealers for processing on the terms and for the purposes specified in a separate written agreement. Such processing of personal data is carried out on the basis of a contract concluded from the site, which provides as an essential condition for the obligation of the person processing personal data on behalf of the Operator to comply with the principles and rules for processing personal data provided for by law. The amount of personal data transferred to another person for processing and the number of processing methods used by this person must be the minimum necessary for them to fulfill their obligations to the operator. The Operator's instruction must specify the list of actions (operations) with personal data that will be performed by the person processing personal data, and the purposes of processing, the obligation of such person to respect the confidentiality of personal data and ensure the security of personal data during their processing, and the requirements for the protection of processed personal data in accordance with the law "on personal data".
3.13. when processing personal data, the Operator is obliged to observe the security and confidentiality of the processed personal data, as well as to comply with other requirements stipulated by the legislation of the country in the field of personal data.
3.14.in accordance with the law "on personal data", the operator appoints a person responsible for organizing the processing of personal data.
3.15. the person Responsible for the organization of personal data processing is obliged to carry out internal control over the compliance of personal data processing with the law "on personal data" and the regulatory legal acts adopted in accordance with it, the requirements for personal data protection, this operator's policy, and the operator's local acts.
Section 4. Confidentiality of personal data
Employees of the operator who have received access to personal data must ensure the confidentiality of such data. Confidentiality is not required for: - personal data after depersonalization; - publicly available personal data.
Section 5. Consent of the personal data subject to the processing of their personal data
5.1. the personal data Subject makes a decision to provide their personal data to the Operator and consents to their processing freely, voluntarily and in their own interest. Consent to the processing of personal data must be specific, informed and conscious and can be provided by the subject in any form that allows confirming the fact of its receipt, unless otherwise established by law.
5.2. the Consent of the client-an individual who uses the services provided by the Operator via the site is not required, since he is a party to the agreement with the Operator who accepted the public offer and/or User agreement posted on the Operator's site. Filling out the registration form and/or order for the purchase of goods or services (or other order form, application, etc.) on the site by the buyer expresses their will and consent to the processing of their personal data.
5.3. When the User uses the services and services of the site and/or its dealers, including when filling out the relevant registration or order forms on the site (including on dealer sites), the User expresses his will and consent to the processing of his personal data by the specified companies.
5.4. the user's Registration on the Operator's (dealer's) website, confirmed by their username and password, is a simple electronic signature. An electronic document signed using this username and password is equivalent to a document signed with a handwritten signature.
5.5. Representatives of clients and Users (after confirming authorization on the Operator's website) consent to the processing of their personal data by the operator, as well as its dealers, in the form of specific actions that are expressed in providing their data for posting on the site.
5.6. In the case of a personal data Operator from the counterparty on the basis and for the execution of the Treaty, including from the client-a legal entity that uses services provided by the web site Operator, the liability for the legitimacy and authenticity of the personal data, or obtaining the consent of the Representatives of the contractors and customer Representatives for the transfer of their personal data the Operator are the responsibility of the contractor transferring personal data that is fixed in the agreement of the Operator and the counterparty (the client).
5.7. The operator who received personal information from the contractor and the client-legal entity, does not assume the obligation to inform subjects (or their representatives), personal data which he passed, about the beginning of the processing of personal data, since the obligation to implement appropriate information at the conclusion of the contract with the data subject and/or the consent to such transfer shall bear the transferred personal data of the counterparty (client). This obligation of the counterparty (client) is included in the contract concluded with it by the Operator, including the contract in the form of an offer posted on the website.
5.8. Personal data of persons who signed contracts with the Operator, contained in the unified state registers of legal entities and individual entrepreneurs, are open and publicly available, except for information about the number, date of issue and the authority that issued the identity document of the individual. Protection of their confidentiality and consent of personal data subjects to the processing of such data is not required.
5.9. In all other cases, it is necessary to obtain the consent of personal data subjects who Are representatives of contractors, with the exception of persons who signed contracts with the Operator or provided power of attorney with the right to act on behalf of and on behalf Of the operator's contractors, who independently sent personal data by email and thereby performed specific actions confirming their consent to the processing of personal data specified in the text of the agreement (power of attorney) or an email. The counterparty may obtain the consent of its representative to transfer its personal data to the Operator and the processing of this personal data by the Operator in accordance with the procedure described in clause 5.5 of the Policy. In this case, the Operator does not need to obtain the subject's consent to the processing of their personal data.
5.10. Consent of the Representatives of the subjects for processing their personal data provided in the form of conclusive action by granting a power of attorney with authority to act for and on behalf of the personal data subjects and of the identity document of the Representative of the subject.
5.11. the consent of subjects to provide their personal data is not required when the Operator receives, within the established powers, reasoned requests from the Prosecutor's office, law enforcement agencies, investigation and inquiry bodies, security agencies, state labor inspectors when they exercise state supervision and control over compliance with labor legislation, and other bodies authorized to request information in accordance with the competence provided by law. A reasoned request must include an indication of the purpose of the request, a reference to the legal grounds for the request, including confirming the authority of the authority that sent the request, as well as a list of the requested information.
5.12. if requests are received from organizations that do not have the appropriate authority, the Operator must obtain consent from a non-Employee to provide his / her personal data in any form that can be proved, and warn the persons receiving personal data that this data can only be used for the purposes for which it was reported, as well as require these persons to confirm that the specified rule will be (was) observed.
5.13. Consent to the processing of personal data the processing of which is not established by the legislation or not required for the execution of the contract with the Operator party which is the subject of the personal data may be withdrawn by the data subject. In this case, the Operator destroys such personal data for which consent to processing is withdrawn and ensures their destruction by the contractors to whom such data was transferred, within 30 days from the date of receipt of the withdrawal of the subject's consent to processing his personal data.
5.14. In all cases, the Operator is required to provide proof of obtaining the consent of the personal data subject to the processing of their personal data or proof of the existence of the grounds specified in the law "on personal data".
Section 6. INFORMATION about IMPLEMENTED requirements FOR PERSONAL DATA PROTECTION
6.1. The operator implements the following requirements of the legislation in the field of personal data: - the requirements for confidentiality of personal data; - requirements on the implementation of the personal data subjects of their rights; - requirements to ensure the accuracy of personal data, and, if necessary, relevance to the purposes of personal data processing (with the adoption (ensuring the adoption) of measures to delete or clarify incomplete or inaccurate data); - requirements for the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data; - other legal requirements.
6.2.in accordance with the law "on personal data", the Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the legislation in the field of personal data. In particular, the protection of personal data is achieved by the Operator by: - appointing a person responsible for organizing the processing of personal data; - issuing this Policy by the Operator; - issuing a local regulatory act on the employee's personal data and the transfer of personal data within the same organization; - familiarization of employees authorized to process personal data of subjects with the requirements established by the country's legislation in the field of personal data, this Policy, as well as other local regulations of the Operator; - organization of the proper procedure for working with personal data carried out using automation tools (use of certified software, password restriction of access to computers, software that processes personal data, local network, approval of the list of persons who have access to personal data due to official duties); - organization of proper procedures for working with personal data, carried out without the use of automation tools (organization of proper storage of documents containing personal data, approval of appropriate measures and a list of positions); - organization of employees ' access to information containing personal data of personal data subjects in accordance with their official (functional) duties; - internal control and (or) audit of compliance of personal data processing with the law and regulatory legal acts adopted in accordance with it, requirements for personal data protection, the operator's policy on personal data processing, and local acts of the operator.
Section 7. FINAL PROVISIONS
7.1. This Policy is an internal document of the Operator.
7.2. other obligations and rights of the Operator as a person who organizes the processing of personal data both independently and on behalf of other operators are determined by the legislation of the country in the field of personal data.
7.3. in compliance with the Law, this Policy must be published or unrestricted access to it must be provided in any other way.
7.4. officials and employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil and criminal liability in accordance with the legislation of the country.
7.5. the Operator reserves the right to make changes to this Policy (in all its sections and preamble, as well as in the name).