Privacy Policy on Personal Data Processing1. General ProvisionsThis personal data processing policy is drawn up in accordance with the requirements of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter — the Personal Data Law) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by IP Sarkisyan Vaagn Robertovich (hereinafter — the Operator).
1.1. The Operator considers the protection of human rights and freedoms, including the right to privacy, personal and family secrets, as a top priority and essential condition for its activities.
1.2. This Operator’s policy regarding personal data processing (hereinafter — the Policy) applies to all information that the Operator may receive about visitors of the website https://orgstrat-consult.com.
2. Basic Terms Used in the Policy2.1. Automated processing of personal data — processing personal data using computing tools.
2.2. Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary for data clarification).
2.3. Website — a set of graphic and informational materials, as well as software and databases that provide access to them on the Internet at https://orgstrat-consult.com.
2.4. Personal data information system — a set of personal data contained in databases and the information technologies and technical tools that ensure their processing.
2.5. Anonymization of personal data — actions that make it impossible to determine the owner of the personal data without additional information.
2.6. Personal data processing — any action (operation) or set of actions (operations) performed with or without automation, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state body, municipal body, legal or natural person, independently or jointly with others organizing and/or carrying out personal data processing, and determining the purposes, composition, and actions with the personal data.
2.8. Personal data — any information relating directly or indirectly to an identified or identifiable User of the website https://orgstrat-consult.com.
2.9. Personal data allowed for dissemination — personal data the unrestricted access to which is provided by the subject of personal data by giving consent for its processing.
2.10. User — any visitor of the website https://orgstrat-consult.com.
2.11. Providing personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons, including publication in media, placement in telecommunication networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data — transfer of personal data to a foreign country to governmental authorities, foreign individuals, or foreign legal entities.
2.14. Destruction of personal data — actions resulting in irreversible destruction of personal data with no possibility of restoration in the information system and/or destruction of physical carriers of personal data.
3. Main Rights and Obligations of the Operator3.1. The Operator has the right to:
- receive accurate information and/or documents containing personal data from the personal data subject;
- continue processing personal data without consent in cases specified by law, if the subject withdraws consent or requests cessation;
- independently determine the necessary and sufficient measures to fulfill obligations under the Personal Data Law unless otherwise specified by law.
3.2. The Operator is obliged to:
- provide personal data subjects with information on their data processing upon request;
- organize personal data processing in accordance with Russian law;
- respond to requests of personal data subjects and their legal representatives;
- provide information to the authorized body within 10 days of receiving a request;
- publish or ensure unlimited access to this Policy;
- take legal, organizational, and technical measures to protect personal data from unauthorized access or actions;
- cease data transfer, processing, and destroy personal data as required by law;
- fulfill other obligations under the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects4.1. Personal data subjects have the right to:
- receive information regarding their personal data processing;
- request clarification, blocking, or destruction of inaccurate or unnecessary personal data;
- set conditions for prior consent in marketing purposes;
- withdraw consent or request cessation of data processing;
- appeal unlawful actions or inaction to the authorized body or court;
- exercise other rights provided by Russian law.
4.2. Personal data subjects are obliged to:
- provide accurate data about themselves;
- notify the Operator about updates or changes to their personal data.
4.3. Persons providing false information or third-party data without consent are liable under Russian law.
5. Principles of Personal Data Processing5.1. Personal data processing must be lawful and fair.
5.2. Processing is limited to specific, predetermined, and legal purposes.
5.3. No merging of databases for incompatible purposes.
5.4. Only data relevant to processing purposes may be processed.
5.5. Data volume must correspond to stated purposes; excessive collection is prohibited.
5.6. Data accuracy, sufficiency, and relevance must be ensured, with measures for correction if necessary.
5.7. Data is stored in a form allowing identification only as long as required, then destroyed or anonymized.
6. Purposes of Personal Data ProcessingPurpose: Clarification of order details
Personal data: Full name, phone numbers
Legal basis: Federal Law “On Information, Information Technologies and Information Protection” No. 149-FZ
Processing types: Collection, recording, systematization, accumulation, storage, destruction, and anonymization of personal data
7. Conditions for Personal Data Processing7.1. Processing occurs with the consent of the data subject.
7.2. Processing is necessary to achieve purposes provided by law or international agreements.
7.3. Processing is necessary for justice or enforcement of judicial or other acts.
7.4. Processing is necessary to execute a contract or conclude a contract at the subject’s initiative.
7.5. Processing is necessary to protect legitimate interests of the Operator or third parties without violating rights.
7.6. Processing of publicly available personal data.
7.7. Processing of data required for publication or disclosure under federal law.
8. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing8.1. The Operator ensures personal data security and prevents unauthorized access.
8.2. Personal data is not shared with third parties except as required by law or with consent for contract execution.
8.3. Users may update incorrect data by sending a notice to info@orgstrat.ru with the note “Personal Data Update.”
8.4. Data is stored until processing purposes are achieved; users may withdraw consent at any time.
8.5. Data collected by third-party services is stored and processed according to their privacy policies; the Operator is not responsible for third-party actions.
8.6. Restrictions set by users on data sharing do not apply in cases of public or governmental interest.
8.7. The Operator ensures confidentiality of personal data.
8.8. Data is stored in a form allowing identification no longer than necessary.
8.9. Processing ends upon achievement of purposes, expiration of consent, withdrawal of consent, or detection of unlawful processing.
9. Actions Performed by the Operator with Personal Data9.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer, anonymization, blocking, deletion, and destruction of personal data.
9.2. Automated processing may involve data transfer via telecommunication networks.
10. Cross-Border Transfer of Personal Data10.1. The Operator must notify the authorized body before starting cross-border transfers.
10.2. The Operator must obtain relevant information from foreign authorities or persons prior to transfer.
11. Confidentiality of Personal DataThe Operator and other persons with access must not disclose or distribute personal data without consent unless required by law.
12. Final Provisions12.1. Users may request clarifications regarding personal data processing via info@orgstrat.ru.
12.2. Any changes to the Policy will be reflected in this document; it is effective indefinitely until replaced.
12.3. The current version is available at https://orgstrat-consult.com/privacy.