Regulation on the protection of personal data

 

Terms and Definitions

“Personal data” - any information relating to a specific person (subject of personal data) defined or determined on the basis of such information, including his last name, first name, middle name, year, month, date and place of birth, address, email address, telephone number, family, social, property status, education, profession, income, other information.

“Processing of personal data” - actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking.

“Confidentiality of personal data” is a requirement to comply with the designated responsible person who has gained access to personal data, the requirement not to allow their dissemination without the consent of the subject or other legal basis.

“Dissemination of personal data” - actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or familiarizing oneself with personal data of an unlimited circle of persons, including disclosing personal data in the media, posting on information and telecommunication networks, or providing access to personal data in any other way.

“Use of personal data” - actions (operations) with personal data that are carried out in order to make decisions or take other actions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of others.

“Blocking personal data” means the temporary suspension of the collection, systematization, accumulation, use, dissemination of personal data, including their transfer.

“Destruction of personal data” means actions that make it impossible to restore the content of personal data in the personal data information system or as a result of which material carriers of personal data are destroyed.

“Depersonalization of personal data” - actions as a result of which it is impossible to determine the ownership of personal data to a specific subject without using additional information.

“Publicly available personal data” - personal data access to an unlimited number of persons to which is granted with the consent of the subject or to which confidentiality requirement does not apply in accordance with federal laws.

“Information” - information (messages, data) regardless of the form of their presentation.

“User” - any individual who is familiar with the materials of the site, which uses feedback forms, etc.

“Gallery” - Sole Proprietor Novoselov Ilya Vladislavovich.

“Artist” is an individual, a creative person who has entered into an agreement with the Gallery.

“Colleague” - an employee or partner with whom the Gallery has agreed on joint activities.

“User / Artist / Colleague” - an individual who interacts with the Gallery, hereinafter referred to as the “Personal Data Subject”.

“Operator” - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) committed with personal data. Within the framework of this Regulation, the Gallery is recognized as the Operator.

 

General Provisions

This Regulation on the processing of personal data (hereinafter - the Regulation) is developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Federal Law "On Information, Information Technologies and the Protection of Information", Federal Law-152 "On Personal Data", other federal laws.

The purpose of the development of the Regulation is to determine the processing and protection of personal data of Users / Artists / Colleagues whose data is subject to processing, based on the authority of the Gallery; ensuring the protection of the rights and freedoms of man and citizen in the processing of his personal data, including the protection of rights to privacy, personal and family secrets, as well as establishing the responsibility of officials with access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data.

This Regulation shall enter into force from the moment it is published on the website www.art-gallery-site.com and shall be valid indefinitely, until it is replaced by a new Regulation. Changes to the Regulation are made by authorized employees of the Gallery.

 

Composition of personal data

The personal data of Users / Artists / Collectors including: last name, first name, middle name, year, month, date and place of birth, citizenship, identification documents, tax identification number, state pension insurance certificate number, data from the CV and forms for employment, addresses of the actual place of residence and registration by place of residence, postal and electronic addresses, phone numbers, photographs, information on education, profession, specialty and qualification, marital status and composition of the family, information on property status, income, debt occupied previous positions and work experience, military duties; information specified in the compulsory medical insurance policy, personal medical book, medical certificates, certificate of no criminal record; information on the employment contract and its performance (positions held, essential working conditions, information on certification, advanced training and professional retraining, rewards and punishments, types and periods of vacation, temporary disability, social benefits, business trips, working hours, etc.), and also about other agreements (individual, collective liability, student, services, etc.) concluded during the execution of the agreement.

The gallery can create (create, assemble) and store the following documents and information, including in electronic form, containing data about Users / Artists / Colleagues:

Contracts (public offer) and additional agreements to them.

Acts of work performed.

Copies of identity documents, as well as other documents provided by the Subjects of personal data and containing personal data.

Documents containing payment and other details of the Personal Data Subject.

Other documents necessary for the interaction of the Organization with the subject of personal data.

 

Purpose of processing personal data

The purpose of the processing of personal data is the implementation of a set of actions aimed at achieving the goal, including:

Provision of services as part of Service Packages.

Other transactions not prohibited by law, as well as a set of actions with personal data necessary to fulfill the above goals.

In order to comply with the requirements of the legislation of the Russian Federation.

The termination of the processing of personal data is the termination of the Gallery, as well as the corresponding requirement of the User / Artist / Colleague.

 

The procedure for obtaining (collecting) personal data

All personal data of the User / Artist / Colleague should be obtained from him personally with his written consent, except as provided for by the laws of the Russian Federation.

The consent of the User / Artist / Colleague to use his personal data is stored in the Gallery in paper and / or electronic form.

The subject’s consent to the processing of personal data is valid for 3 years from the date of termination of the contractual relationship of the User / Artist / Colleague with the Gallery. After the expiration of the specified period, the consent is deemed to be extended for each next three years in the absence of information about its revocation. If the personal data of the User / Artist / Colleague can only be obtained from a third party, the User / Artist / Colleague must be notified in advance and consent must be obtained from him. A third party providing the personal data of the User / Artist / Colleague must have the consent of the subject to the transfer of personal data of the Gallery. The gallery is obliged to receive confirmation from a third party transmitting the personal data of the User / Artist / Colleague that the personal data is transferred with his consent. When interacting with third parties, the Gallery is obliged to conclude an agreement with them on the confidentiality of information regarding the personal data of Users / Artists / Colleagues.

The gallery is obliged to inform the User / Artist / Colleagues about the goals, the alleged sources and methods of obtaining personal data, as well as the nature of the personal data to be received and the consequences of the refusal of the User / Artist / Colleague to agree to receive them.

The processing of personal data of Users / Artists / Colleagues without their consent is carried out in the following cases:

Personal data is publicly available.

At the request of authorized state bodies in cases provided for by federal law.

The processing of personal data is carried out on the basis of the federal law establishing its purpose, the conditions for obtaining personal data and the circle of subjects whose personal data are subject to processing, as well as determining the powers of the Gallery.

The processing of personal data is carried out in order to conclude and execute an agreement, one of the parties of which is the User / Artist / Colleague.

The processing of personal data is carried out for statistical purposes, subject to the mandatory depersonalization of personal data.

In other cases provided by law.

The gallery does not have the right to receive and process the personal data of the User / Artist / Colleague about his racial, nationality, political views, religious or philosophical beliefs, state of health, intimate life.

 

The procedure for processing personal data

User / Artist / Colleague provides the Gallery with reliable information about themselves.

Only Gallery employees who are allowed to work with personal data and have entered into a Non-disclosure Agreement for personal data can have access to the processing of personal data of Users / Artists / Colleagues.

The right of access to the personal data of Users / Artists / Colleagues in the Gallery are: employees responsible for financial calculations, employees whose job responsibilities include working with Users, Artists, Colleagues.

The list of employees of the Gallery with access to personal data is determined by the Gallery.

The processing of personal data of Users / Artists / Colleagues may be carried out exclusively for the purposes established by the Regulation and compliance with laws and other regulatory legal acts of the Russian Federation.

When determining the volume and content of processed personal data, the Gallery is guided by the Constitution of the Russian Federation, the law on personal data, other federal laws and international law.

 

Protection of personal information

The protection of the personal data of Users / Artists / Colleagues means a set of measures (organizational, administrative, technical, legal) aimed at preventing unauthorized or accidental access to them, destruction, alteration, blocking, copying, distribution of personal data of subjects, as well as from other illegal action.

The protection of the personal data of Users / Artists / Colleagues is carried out at the expense of the Gallery in the manner prescribed by the federal law of the Russian Federation.

The general organization of the protection of the personal data of Users / Artists / Colleagues is carried out by Sole Proprietor Novoselov I.V. or an authorized Gallery employee. Access to the personal data of Users / Artists / Colleagues is provided by Gallery employees who need personal data in connection with the performance of their labor duties.

All employees associated with the receipt, processing and protection of personal data of Users / Artists / Colleagues are required to conclude an Agreement on non-disclosure of personal data of Users / Artists / Colleagues.

The procedure for obtaining access to the personal data of Users / Artists / Colleagues includes: Familiarization of the employee with this Regulation. Requesting from the employee a written confirmation of the obligation to maintain the confidentiality of the personal data of Users / Artists / Colleagues.

An employee of the Gallery having access to the personal data of Users / Artists / Colleagues in connection with the performance of labor duties: Provides storage of information containing personal data of Users / Artists / Colleagues, excluding third parties from access to them. In the absence of an employee, there should not be documents at his workplace containing the personal data of Users / Artists / Colleagues. When going on vacation, during a business trip and in other cases of prolonged absence of an employee at his workplace, he is obliged to transfer documents and other media containing personal data of Users / Artists / Colleagues to another employee on whom the Gallery will be entrusted with the performance of his labor duties. Upon dismissal of an employee who has access to the personal data of Users / Artists / Colleagues, documents and other media containing the personal data of Users / Artists / Colleagues are transferred to another employee who has access to the personal data of Users / Artists / Colleagues as instructed by the Gallery.

 

Personal data storage

The personal data of Users / Artists / Colleagues on paper are stored in safes.

The personal data of Users / Artists / Colleagues are stored in electronic form in electronic folders and files on the personal computers of employees authorized to process personal data.

Documents containing the personal data of Users / Artists / Colleagues are stored in lockers (safes) that provide protection against unauthorized access. At the end of the working day, all documents containing the personal data of Users / Artists / Colleagues are placed in cabinets (safes) that provide protection against unauthorized access.

Protection of access to electronic databases containing the personal data of Users / Artists / Colleagues is ensured by the use of licensed anti-virus and anti-hacker programs that do not allow unauthorized access to the Gallery computers. Differentiation of access rights using an account.

Copying and extracting the personal data of Users / Artists / Colleagues is allowed solely for official purposes.

Responses to written requests from other organizations and institutions about the personal data of Users / Artists / Colleagues are given only with the written consent of the User / Artist / Colleague himself, unless otherwise provided by law.

 

The procedure for locking and unlocking personal data

The blocking of the personal data of Users / Artists / Colleagues is carried out with a written application of the User / Artist / Colleagues.

Blocking personal data implies:

Prohibition of editing personal data.

The prohibition of the distribution of personal data by any means (e-mail, mobile communications, tangible media).

Prohibition of the use of personal data in mass mailings (sms, e-mail, mail).

The removal of paper documents related to the User / Artist / Colleague and containing his personal data from the internal document flow of the Gallery and the prohibition of their use.

The blocking of the personal data of the User / Artist / Colleague can be temporarily removed if it is required to comply with the legislation of the Russian Federation.

Unlocking the personal data of the User / Artist / Colleague is carried out with his consent (if there is a need to obtain consent) or the application of the User / Artist / Colleague.

The repeated consent of the User / Artist / Colleague to the processing of his personal data (if necessary to obtain it) entails the unblocking of his personal data.

 

The procedure for depersonalization and destruction of personal data

The depersonalization of the personal data of the User / Artist / Colleague occurs with the consent of the User / Artist / Colleague.

When anonymization of personal data in information systems is replaced by a set of characters, according to which it is impossible to determine whether personal data belongs to a specific User / Artist / Colleague.

Paper documents when anonymizing personal data are destroyed.

The gallery is obliged to ensure confidentiality in relation to personal data if it is necessary to test (test) information systems on the territory of the developer and anonymize personal data in the information systems transmitted to the developer.

The destruction of the personal data of the User / Artist / Colleague implies the termination of any access to the personal data of the User / Artist / Colleague.

When destroying the personal data of the User / Artist / Colleagues, Gallery employees cannot gain access to the subject’s personal data in information systems.

Paper documents are destroyed during the destruction of personal data, personal data in information systems are depersonalized. Personal data cannot be restored.

The operation to destroy personal data is irreversible.

 

Transfer of personal data

The transfer of personal data of a subject means the dissemination of information through communication channels and on tangible media.

When transmitting personal data, Gallery employees must comply with the following requirements:

Do not disclose the personal data of the User / Artist / Colleague for commercial purposes.

Do not disclose the personal data of the User / Artist / Colleague to a third party without the written consent of the User / Artist / Colleague, with the exception of cases established by federal law of the Russian Federation.

To warn persons receiving the personal data of the User / Artist / Colleague that these data can only be used for the purposes for which they are communicated, and to require confirmation from these persons that this rule has been observed;

Allow access to the personal data of the User / Artist / Colleague only to specially authorized persons, while these persons should be entitled to receive only the personal data of the User / Artist / Colleague that are necessary to perform specific functions.

To transfer the personal data of the User / Artist / Colleague within the Gallery in accordance with this Regulation.

The gallery is obliged at the request of the User / Artist / Colleague to provide information on the availability of personal data about him, as well as provide an opportunity to get acquainted with them within ten working days from the moment of contact.

Transfer the personal data of the User / Artist / Colleagues to the representatives of the User / Artist / Colleagues in the manner prescribed by law and the regulations of the Gallery and limit this information only to the personal data of the subject that is necessary for the specified representatives to perform their functions.

 

Storage and use of personal data

The storage of personal data refers to the existence of records in information systems and on physical media.

Personal data of Users / Artists / Colleagues is processed and stored in information systems, as well as on paper media of the Gallery. The personal data of Users / Artists / Colleagues is also stored in electronic form: electronic folders and files in the personal computer of the Gallery and employees authorized to process personal data of Users / Artists / Colleagues.

The storage of personal data of Users / Artists / Colleagues can be carried out no longer than the processing goals require, unless otherwise provided by federal laws of the Russian Federation.

 

Terms of storage of personal data

The storage periods for civil contracts containing the personal data of Users / Artists / Colleagues, as well as the associated conclusion, execution of documents - 5 years from the date of termination of the contracts.

During the storage period, personal data cannot be anonymized or destroyed.

After the expiration of the storage period, personal data can be depersonalized in information systems and destroyed on paper in the manner prescribed by the Regulation and the current legislation of the Russian Federation.

 

Rights of the operator of personal data Gallery has the right

Defend your interests in court.

Provide personal data of Users / Artists / Colleagues to third parties, if required by applicable law (tax, law enforcement agencies, etc.).

Refuse to provide personal data in cases provided by law.

Use the personal data of the User / Artist / Colleague without his consent, in cases stipulated by the legislation of the Russian Federation.

 

Rights - User / Artist / Colleagues

User / Artist / Colleague has the right

demand clarification of their personal data, their blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures prescribed by law to protect their rights;

Require a list of processed personal data available in the Gallery and the source of their receipt.

Receive information on the timing of processing personal data, including the timing of their storage.

Require notification of all persons who were previously provided with incorrect or incomplete personal data about all exceptions, corrections or additions made to them.

Appeal to the authorized body for the protection of the rights of subjects of personal data or in court the illegal actions or inaction in the processing of his personal data.

 

Responsibility for violation of the rules governing the processing and protection of personal data

Organization employees guilty of violating the rules governing the receipt, processing and protection of personal data bear disciplinary, administrative, civil or criminal liability in accordance with applicable laws of the Russian Federation and the internal rules of the Gallery.

© Ilya Bazhan 2018 - 2020