This Policy has been developed and applied in LLC CDEK-DS on the basis of Articles 23, 24 of the Constitution of the Russian Federation, Federal Law No. 149-FZ dated July 27, 2006 On Information, Information Technologies and Information Protection, Federal Law dated July 27, 2006 No. 152-FZ On Personal Data, Federal Law of December 19, 2005 No. 160-FZOn Ratification of the Council of Europe Convention for the Protection of Individuals with Automated Processing of Personal Data, Resolution of the Government of the Russian Federation of November 01, 2012. No. 1119 On approval of requirements for the protection of personal data when processing in personal data information systems, Resolution of the Government of the Russian Federation No. 687 of September 15, 2008 On Approval of the Regulation on Peculiarities of Processing Personal Data Performed Without Using Automation Tools, Order of the Federal Service for technical and export control of February 18, 2013. No. 21 On approval of the composition and content of organizational measures to ensure the security of personal data when processing them in personal data information
systems and other regulatory and non-regulatory legal acts governing personal data processing issues.
This Policy defines the actions of LLC CDEK-DS in relation to the processing of personal data of individuals who have transferred their personal data for processing, the procedure and conditions for processing personal data, ensuring the security of personal data using or without using automation tools, establishes procedures aimed at preventing violations of the laws of the Russian Federation , elimination of the consequences of violations related to the processing of personal data. The policy is designed to ensure the protection of the rights and freedoms of Personal Data Subjects in the processing of their personal data, as well as in order to establish the responsibility of LLC CDEK-DS employees who have access to personal data of Personal Data Subjects for non-compliance with the requirements and standards governing the processing of personal data.
The effect of this Policy does not apply to relations arising from the processing of personal data of the LLC CDEK-DS employees, applicants for the Company's vacant posts, since such relations are settled by a separate local act; relations that are not covered by the Federal Law On Personal Data (paragraph 2 of Article 1 of the Federal Law).
This Policy applies in particular, but not limited to, when navigating on the site www.selltorussia.com, as well as using the services offered on www.selltorussia.com, including without performing registration on www.selltorussia.com .
1.1. Concepts used in this Policy
Personal data- any information relating to directly or indirectly definite or determined individual (Personal Data Subject), which is confidential information of limited access, not constituting a state secret;
The subject of personal datais an individual, carrier of personal data, whose personal data is transferred to the Company for processing.
Personal data operator- LLC CDEK-DS (PSRN 1135476184040, TIN 5406768160, 630007, Novosibirsk, Krivoshchekovskaya St., 15, korp.5), a state body, municipal body, legal or natural person, independently or together with other persons organizing and (or) processing personal data, as well as defining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Personal data processing- any action (operation) or a set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data- processing of personal data using computer equipment;
Dissemination of personal data- actions aimed at disclosing personal data to an indefinite circle of persons;
Provision of personal data- actions aimed at disclosing personal data to a specific person or a certain circle of persons;
Blocking of personal data- the temporary termination of the processing of personal data (unless it is necessary to process personal data);
Destruction of personal data- actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed;
Anonymization of personal datais an action in which it becomes impossible without using additional information to determine the identity of personal data to a specific Personal Data Subject;
Use of personal data- actions with personal data performed by the Operator in order to make decisions or perform other actions that generate legal consequences in relation to the Personal Data Subject or other persons or otherwise affect the rights and freedoms of the Personal Data Subject or other persons.
Personal Data Information System- a set of personal data contained in databases and information technologies and technical means ensuring their processing;
Cross-border transfer of personal data- the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
Confidentiality of personal datais a requirement for the Operator or another person who has obtained access to personal data not to allow their distribution without the personal data subject
s consent or legal basis.
Site - a set of information, texts, graphic elements, design, images, photos and video materials, other intellectual property, as well as computer software tools that provide for the public viewing of information and data united by a common purpose, through technical means used for communication between computers and the Internet. The site is located on the Internet at: https://www.cdek.ru .
User- an individual who has access to the Site and uses it, regardless of the fact of registration on the Site.
1.2. Abbreviations used in this Policy
IS - information system
Company LLC CDEK-DS
Policy this Policy in relation to the processing of personal data and their protection in LLC CDEK-DS
PD Personal data
RF Russian Federation
Subject Personal Data Subject
Federal Law Russian Federal Law dated July 27, 2006 No. 153-FZ On Personal Data
1.3. Principles of PD processing
1.3.1.The processing of PD on a legal and fair basis;
1.3.2.Limitations of PD processing to the achievement of specific, predetermined and legitimate goals. The inadmissibility of processing PD, incompatible with the purposes of collecting PD.
1.3.3.Inadmissibility of combining databases created for incompatible purposes of databases containing PD;
1.3.4.Compliance of the content and volume of PD with the purposes of their processing;
1.3.5.The inadmissibility of the treatment of PD excess in relation to the stated objectives of their processing;
1.3.6.Ensuring the accuracy, sufficiency, and, where necessary, the relevance of the PD in relation to the purposes of processing;
1.3.7.Taking the necessary measures or ensuring the adoption of measures to remove or clarify incomplete or inaccurate PD;
1.3.8.PD storage in the form that allows to determine the PD Subject is not longer than the purpose of PD processing requires;
1.3.9.Destruction of personal data on the achievement of the objectives of their processing or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
1.4. PD processing conditions
1.4.1.Processing of PD is carried out with the consent of the Subject to the processing of its PD;
1.4.2.Processing PD is necessary to achieve the goals stipulated by the international treaty of the Russian Federation or the law, for the implementation and fulfillment of the functions, powers and duties assigned by the legislation of the Russian Federation to the Operator;
1.4.3.The processing of the PD is necessary for the execution of the contract, the party to which either the beneficiary or the guarantor for which is the PD Subject, including if the Operator realizes its right to assign rights (claims) under such an agreement, as well as to conclude an agreement initiated by the Subject PD or the contract on which the Subject of the PD will be a beneficiary or guarantor;
1.4.4.PD processing is necessary for use of the Site by the User;
1.4.5.Processing PD is necessary for the administration of justice, the execution of ajudicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
1.4.6.The processing of the PD is necessary to protect the life, health or other vital interests of the PD Subject if the consent of the PD Subject is not possible;
1.4.7.Processing PD is necessary for the exercise of the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the PD Entity.
1.4.8.The processing of PD is carried out, the access of an unlimited number of persons to which is provided by the PD Subject or at his request (hereinafter referred to as the PD made publicly available by the Subject);
1.4.9.PD is processed and are subject to publication or mandatory disclosure in accordance with federal law.
1.4.10.The operator does not carry out actions aimed at disclosing the PD to an indefinite circle of persons, that is, it does not distribute the PD.
1.4.11.PD processing is carried out for statistical or other research purposes, with the exception of the purposes specified in Article 15 of the Federal Law, subject to the mandatory depersonalization of PD.
1.4.12.The operator has the right to entrust the processing of PD to another person with the consent of the PD Subject. The transfer is necessary as part of the use of the Site or to provide services to the Subject of the PD, while ensuring the confidentiality of the PD. Persons engaged in the processing of personal data on behalf of the Company undertake to comply with the principles and rules of processing personal data as provided for by Federal Law No. 152-FZ On Personal Data. For each person, a list of actions (operations) with PD that will be performed by the organization engaged in processing PD, processing objectives is established, the duty of such persons is established to maintain confidentiality and ensure the safety of PD during their processing, and also indicates the requirements for the protection of PD being processed.
2.1.The company is guided by specific, predetermined objectives for processing PD, in accordance with which the PD was provided by the Entity, in particular:
2.1.1.Ensuring the protection of the rights and freedoms of the Subject in the processing of his PD;
2.1.2.accounting and reporting;
2.1.3.providing the User with the opportunity to interact with the Site, in particular, sending notifications, requests and information related to the provision of services, as well as processing requests and requests from the User;
2.1.4.providing courier services to Customers under the agreement for the provision of courier services;
2.1.5.Conducting the Company's statutory activities in terms of entering into, recording and executing contracts with counterparties (Customers, Contractors, Executors, etc.);
2.1.6.conducting surveys and studies aimed at identifying customer satisfaction / dissatisfaction with the services of the Company, improving the quality of services;
2.1.7.statistical and other studies based on anonymized data.
3.1.Civil Code of the Russian Federation (Chapter 39 of the Civil Code of the Russian Federation);
3.2.Tax Code of the Russian Federation;
3.3.Federal Law of 15.12.2001 N 167-FZ On Compulsory Pension Insurance in the Russian Federation;
3.4.Charter of the Company;
3.5.The contract for the provision of courier services concluded between the Company and the Subject of PD;
3.6.Consent of the Subject to the processing of PD.
4.1.Individual - Site User.
Address (city, street, house number, apartment number);
Information about the browser used;
Requested web pages;
Source of access to the Sitehttps://www.selltorussia.com
4.2.Individual Client, whose PD have become known to the Operator in connection with the conclusion and execution of the service agreement:
identity document details;
Address (country, city, street, house number, apartment number);
phone number (home, mobile);
4.3. A physical person whose PD was received from the Client within the framework of a contract for the provision of courier services, the specified PD is not subject to the Operator
s actions and obtaining consent for their processing is the responsibility of the respective Client, which is stipulated in the contract; Full Name; identity document details; Address (country, city, street, house number, apartment number; phone number (home, mobile);
4.4. An individual whose PD was received from a counterparty under a civil law contract, the specified PD is not the object of the Operators actions and obtaining consent for their processing is the responsibility of the respective contractor / performer; Full Name; data of the identity document (in the provision of power of attorney); E-mail address.
5.2.Most browsers have the ability to delete cookies after each session. Instructions for performing such a deletion operation are contained in the Settings section of the Users browser or in the reference information, and the User can access it if he wishes to delete the cookie.
5.3.If the procedure for deleting cookies was launched in whole or in part, the Website Owner cannot guarantee that the Websites web pages and / or the provision of certain services on the website will function properly.
6.1.The Subject has the right to:
6.1.1.to receive information concerning the processing of its PD, in particular:
6.2.The Subject of the PD is obliged to:
6.2.1.transfer to the Company authentic PD. The Company has the right to check the accuracy of the PD provided in the manner not contradicting the legislation of the Russian Federation, however, the Company proceeds from the fact that the PD Subject provides reliable and sufficient PD for the purposes of PD processing, and keeps this information up to date.
6.2.2.promptly inform the Company about the change in their PD.
6.3.The subject of the PD decides on the provision of his PD and agrees to their processing freely, by his own will and in his interest.
6.4.1.ensure the confidentiality of the PD. The operator and other persons who have obtained access to the PD are obliged not to disclose to third parties and not to distribute the PD without the consent of the PD Subject, unless otherwise provided by law;
6.4.2.When collecting PD, provide information on the processing of PD;
6.4.3.in case of refusal to provide the DPT, the Subject is explained the consequences of such refusal;
6.4.4.publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of PD, information about the implemented requirements for the protection of PD;
6.4.5.take necessary legal, organizational and technical measures or ensure their adoption to protect IDPs from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions against PD;
6.4.6.provide answers to requests and requests from PD subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.
7.1.The operator processes the PD of the Subjects by performing any action (operation) or set of actions (operations) performed using automation means or without using such means, including the following: - collection;
7.2.The operator receives PD:
7.3.The operator receives and starts processing the PD of the Subject from the moment of receiving his consent.
Consent to the processing of a PD may be given by the PD Subject in any form allowing to confirm the fact of receiving consent, unless otherwise established by federal law: in written, oral or other form provided for by the current legislation, including through the PD Subject performing of concrete actions.
In particular, the consent to the processing of the PD is considered to be provided by the Subject in case of performing by the Subject the following actions:
putting a special sign - checkboxes or web tags in a special field on the Site (e.g. when requesting any materials, when contacting in the Feedback form, when registering in the Personal Account, when making an Application for services) and clicking the corresponding button is considered unambiguously, as granting consent for the processing of PD in the volume, for the purposes and in the manner provided in the text proposed before putting a special sign (the text of the Consent is Appendix No. 2 to this Policy). The consent is deemed received from the moment of putting a special mark and is valid until the Subject of the PD submits a corresponding statement on the termination of the processing of the PD at the location of the Operator or by e-mail:
If the Subject does not agree with the processing of his PD, such processing is not carried out.
7.4.The receipt by the Operator of PD from other persons, as well as the transfer of instructions for processing PD, is carried out on the basis of an agreement containing conditions on the procedure for processing and maintaining the confidentiality of received PD.
7.5.When processing PD, the Executive Body of the Company has the right to approve methods of processing, documenting, storing and protecting PD on the basis of modern information technologies.
7.6.The operator prior to the processing of PD appoints the person responsible for organizing the processing of PD in a position not lower than the head of the structural unit, hereinafter referred to as the OPD Supervisor, who receives instructions directly from the executive body of the Operator and reports to him.
7.7.The list of persons allowed to process PD is determined by a directive of the Executive Body and internal local regulatory acts of the Company. These persons should be familiarized before starting work:
7.8.The assessment of the harm that may be caused to the Subjects in the event that the Operator violates the requirements of the Federal Law is determined in accordance with Art. st. 15, 151, 152, 1101 of the Civil Code of the Russian Federation.
7.9.If the Operator entrusts the processing of PD to third parties who are not its employees, on the basis of concluded contracts (or other grounds), by virtue of which they must have access to the PD of the Site users, the Operator provides the relevant data only after signing with the persons processing the PD on behalf of the Operator, the relevant agreement, in which the list of actions (operations) with PD to be performed by the person who processes them and the purposes of processing should be defined The duty of such a person is established to respect the confidentiality of the PD and to ensure the safety of the PD during their processing, and the requirements for the protection of the PD to be processed should be specified in accordance with art. 19 of the Federal Law "On Personal Data".
7.10.PD cannot be used for the purpose of causing property and moral harm to Subjects, or difficulties in the implementation of the rights and freedoms of citizens of the Russian Federation.
7.11.In order to provide its own information support, the Company may create publicly accessible sources of PD of the Subjects, including reference books and address books. Publicly available sources of PD with the written consent of the Subject may include his surname, first name, patronymic, date and place of birth, position, contact telephone numbers, e-mail address and other PD reported by the Subject. Information on the Subject must be at any time excluded from publicly available sources of PD at the request of the Subject or by a decision of the court or other authorized state bodies.
7.12.Processing and storage of PD are carried out no longer than the purpose of processing PD requires, if there are no legal grounds for further processing, for example, if the federal law or the consent of the Subject does not establish an appropriate retention period in the contract with the PD Subject. PD to be processed shall be destroyed or depersonalized upon the achievement of processing objectives or in case of loss of the need to achieve these objectives.
7.13.Storage PD, processing purposes of which are different, is carried out separately within the information system or, if stored on tangible media, within the business structure of the relevant division of the Operator.
7.14.An employee of the Operator who has access to the PD in connection with the performance of his job duties ensures the storage of information containing the PD of the Subjects, precluding access to them by third parties. In the absence of an employee at his workplace should not be documents containing PD. When taking leave, a business trip and other cases of a long absence of an employee at the workplace, he is obliged to transfer documents and other carriers containing personal data to a person who will be entrusted with the local act of the Operator in the performance of his job duties. In the event that such a person is not appointed, documents and other carriers containing the PD of the Subjects are transferred to another employee who has access to the PD at the direction of the head of the relevant structural unit of the Operator. When an employee with access to a PD is dismissed, documents and other carriers containing PD are transferred to another employee who has access to the PD at thedirection of the head of the structural unit and with notice to the person responsible for processing the PD.
7.15.PD processing is terminated, destruction / depersonalization of PD is performed in connection with:
7.15.1.achievement of the purpose of processing PD, loss of the need to achieve the objectives of processing PD - within thirty days, unless otherwise provided by the contract;
8.1.When processing PD, the Operator applies legal, organizational and technical measures and ensures that they are taken to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, submission, distribution of PD, as well as from other illegal actions in accordance with the requirements of ensuring the safety of PD when they are processed in the PD information systems, the requirements for the tangible media of the PD and the technologies for storing such data outside the PD information systems established by the Rule stvom RF.
8.2.Measures for the protection of personal data are determined by the Regulations, Orders, Instructions and other local acts of the Company.
8.3.The Company takes the measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the laws of the Russian Federation and the regulatorylegal acts adopted in accordance with them. The Company independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Federal Law On Personal Data and the regulatory legal acts adopted in accordance with it, unless otherwise provided by this law or other federal laws. Ensuring the safety of PD is achieved in particular:
9.1.The operator is obliged to provide free of charge to the Subject or his representative the opportunity to get acquainted with the PD related to this Subject. Within a period not exceeding seven working days from the date of submission by the Subject or his representative of information confirming that the PD are incomplete, inaccurate or irrelevant, the Operator is obliged to make the necessary changes to them. Within a period not exceeding seven working days from the date of submission by the Subject or his representative of information confirming that such PD are illegally obtained or are not necessary for the stated purpose of processing, the Operator is obliged to destroy such PD. The operator is obliged to notify the Subject or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the PD of this Subject have been transferred.
9.2.The operator is obliged to inform the authorized body for the protection of the rights of personal data subjects at the request of this body the necessary information within thirty days from the date of receipt of such a request.
9.3.If unauthorized processing of PD is detected when the Subject or his representative is contacted or at the request of the Subject or his representative or the authorized body to protect the rights of personal data subjects, the Operator is obliged to block unlawfully processed PD related to this Subject, or ensure their blocking (if the PD isprocessed by another person acting on behalf of the Operator) from the time of such a request or receipt of the specified request for the period of verification. If inaccurate PD is detected when the Subject or his representative addresses, either at their request or at the request of the authorized body to protect the rights of personal data subjects, the Operator is obliged to block the PD related to this Subject or ensure blocking it (if the PD is processed by another person acting on behalf of the Operator) from the moment of such a request or receipt of the specified request for the inspection period, if blocking the PD does not violate the rights and legitimate interests of the Subject or third parties.
9.4.In case of confirmation of the fact of inaccuracy of the PD, the Operator on the basis of information provided by the Subject or his representative or the authorized body for protection of the rights of personal data subjects, or other necessary documents is obliged to clarify the PD or ensure their clarification (if the PD is processed by another person acting on behalf of the Operator) within seven working days from the date of submission of such information and remove the blocking of PD.
9.5.In case of unlawful processing of PD, carried out by the Operator or a person acting on behalf of the Operator, the Operator shall, within three working days from the date of this identification, be obliged to stop the illegal processing of the PD or ensure the termination of the illegal processing of the PD by the person acting on behalf of the Operator. If it is impossible to ensure the legality of the processing of PD, the Operator shall, within a period not exceeding ten working days from the date of unlawful processing of PD, identify such PD or ensure their destruction. The Operator is obliged to notify the Subject or his representative about the elimination of the violations or the destruction of the PD, and if the appeal of the Subject or his representative or the request of the authorized body to protect the rights of personal data subjects were also sent by the authorized body to protect the rights of personal data subjects, the Operator is obliged to notify the specified body.
10.1.The control over the execution of this Policy is imposed on the OPD Supervisor.
10.2.Persons violating or not fulfilling the requirements of the Policy are brought to disciplinary, administrative, civil or criminal liability in accordance with the legislation of the Russian Federation.
10.3.Heads of structural units of the Operator are personally responsible for the performance of duties by their subordinates.
11.1.This Policy and changes to it are approved by the sole executive body of the Company, are binding for all employees who have access to the PD of the Subjects, and enters into force from the date of its approval.
11.2.All employees of the Company admitted to work with PD should be familiarized with this Policy before starting work with PD.
11.3.Publication or otherwise providing unrestricted access to this Policy, other documents defining the policy of the Operator in relation to the processing of PD, to the information about the implemented requirements for the protection of personal data, the Operator performs, in particular but not limited to, by posting on an electronic site owned by the Operator.11.4.All issues related to the processing of PD that are not regulated by this Policy are resolved in accordance with the current legislation of the Russian Federation in the field of personal data, as well as other local acts adopted by the Company in the field of personal data.
To the head of
PSRN 1135476184040, TIN 5406768160,
ul. Krivoshchekovskaya, 15, block 5
Request on the access of the Personal Data Subject to their personal data
name)_______(main document proving the identity of the Personal Data Subject or his
representative)_______________(main document number)issued __ ____________
_____ year(issue date)______________________________________________(issuer
of main document),
the participation of the Personal Data Subject in the relationship with the Operator
(contract number, date of conclusion of the contract, conditional verbal designation and /
or other information) or information otherwise confirming that the Operator has
processed personal data)
Please provide me with the following information (documents) for compiling my personal
"__" ___________ 20__.
_________________________ / ____________________________________ /
Signature Print full name
Appendix No. 1 to the Policy regarding the processing and protection of Personal Data
Request Form on the access of the Personal Data Subject to their personal data
To the head of
PSRN 1135476184040, TIN 5406768160,
ul. Krivoshchekovskaya, 15, block 5
on the processing of personal data
I hereby freely, by my own will and in my interest, informed and agree that in
accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", the
information I have provided, including information on:
Please provide me with the following information (documents) for compiling my personal