1. General Provisions
1.1. This Privacy Policy on the Processing of Personal Data (hereinafter referred to as the "Policy") has been developed in accordance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law"), as well as other applicable laws and regulations of the Russian Federation governing the protection and processing of personal data.
This Policy applies to all personal data (hereinafter referred to as the "Personal Data") that Limited Liability Company "Construction Alliance Holding" (hereinafter referred to as the "Controller") may obtain from a personal data subject who is a party to a civil law agreement, or from a user of the Internet (hereinafter referred to as the "User") while using any of the websites, mobile applications, services, software, products, or other services provided by Limited Liability Company "Construction Alliance Holding."
This Policy has been developed to ensure the protection of the rights and freedoms of individuals in connection with the processing of their personal data, including the right to privacy and the protection of personal and family life.
This Policy applies to all personal data processing activities carried out by the Controller, regardless of whether such activities commenced before or after the approval of this Policy.
In accordance with Part 2 of Article 18.1 of the Personal Data Law, this Policy is made publicly available and published on the Controller's official website on the Internet.
1.2. The Controller implements appropriate legal, organizational, and technical measures to protect personal data against unauthorized or unlawful access, disclosure, use, alteration, destruction, or loss, in accordance with the requirements of the Personal Data Law.
1.3. The Controller reserves the right to amend this Policy at any time. Any revised version of the Policy shall become effective upon its publication on the Controller's website unless otherwise specified in the revised version of the Policy itself.
2. Definitions, Terms, and Abbreviations
The following definitions, terms, and abbreviations are used in this Policy:
Controller – Limited Liability Company "Construction Alliance Holding" (Taxpayer Identification Number (INN): 5036113127, Primary State Registration Number (OGRN): 1115074004100), registered address: Building 1, 5, 26th km of Baltiya Highway Territory, Krasnogorsk Urban District, Moscow Region, 143421, Russian Federation.
Email: info@conall.ru
Personal Data – any information relating to an identified or identifiable natural person (data subject).
PD – Personal Data.
Policy – the Privacy Policy on the Organization of Personal Data Processing and Ensuring the Security of Personal Data of Consumers, Website Users, and Mobile Application Users of Limited Liability Company "Construction Alliance Holding."
Russian Federation (RF) – the Russian Federation.
Automated Processing of Personal Data – the processing of Personal Data using computer technology and other automated means.
Blocking of Personal Data – the temporary suspension of the processing of Personal Data, except where processing is necessary to verify or update such Personal Data.
Personal Data Information System – a combination of databases containing Personal Data together with the information technologies and technical means used to process such data.
Anonymization of Personal Data – actions that make it impossible to determine, without the use of additional information, whether Personal Data relates to a specific data subject.
Processing of Personal Data – any operation or set of operations performed on Personal Data, whether by automated means or otherwise. Processing includes, but is not limited to, the collection, recording, systematization, accumulation, storage, updating (modification), retrieval, use, transfer (including dissemination, provision, and access), anonymization, blocking, deletion, and destruction of Personal Data.
Personal Data Controller (Controller) – a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or carries out the processing of Personal Data and determines the purposes of processing, the categories of Personal Data to be processed, and the operations performed on such Personal Data.
Person Responsible for Organizing the Processing of Personal Data – an individual or legal entity appointed by the Controller to be responsible for organizing the processing of Personal Data.
Personal Data Permitted by the Data Subject for Dissemination – Personal Data to which the data subject has granted access to an unlimited number of persons by providing consent for the processing and dissemination of such Personal Data in accordance with the procedure established by the Personal Data Law.
Provision of Personal Data – actions aimed at disclosing Personal Data to a specific person or a specified group of persons.
Dissemination of Personal Data – actions aimed at disclosing Personal Data to an unrestricted number of persons.
Data Subject – an identified or identifiable natural person to whom the Personal Data directly or indirectly relates.
Cross-Border Transfer of Personal Data – the transfer of Personal Data to the territory of a foreign state, to a foreign public authority, foreign individual, or foreign legal entity.
Destruction of Personal Data – actions resulting in the irreversible destruction of Personal Data, making it impossible to restore the content of such data within a Personal Data Information System and/or resulting in the destruction of the physical media containing Personal Data.
3. Rights and Responsibilities of the Personal Data Controller
3.1. The Controller has the right to:
obtain accurate information and/or documents containing Personal Data from the Data Subject;
require the Data Subject to promptly update or correct the Personal Data provided;
entrust the processing of Personal Data to a third party with the consent of the Data Subject, unless otherwise provided by the legislation of the Russian Federation, on the basis of a contract concluded with such third party;
establish publicly available sources of Personal Data for informational purposes with the prior written consent of the Data Subject;
independently determine the composition and scope of legal, organizational, and technical measures necessary and sufficient to ensure compliance with the requirements of the Personal Data Law and other applicable regulations adopted pursuant thereto, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Controller shall:
process Personal Data in accordance with the applicable legislation of the Russian Federation;
not disclose or disseminate Personal Data to third parties without the consent of the Data Subject, unless otherwise provided by the legislation of the Russian Federation;
upon collection of Personal Data, provide the Data Subject, upon request, with information regarding the processing of their Personal Data;
inform the Data Subject of the legal consequences of refusing to provide Personal Data and/or consent to its processing where the provision of such data and/or obtaining such consent is mandatory under the legislation of the Russian Federation;
provide the Data Subject with information regarding the processing of their Personal Data prior to the commencement of such processing where the Personal Data was not obtained directly from the Data Subject, except in cases provided for by the legislation of the Russian Federation;
notify the Data Subject (or their legal representative) of the existence of Personal Data relating to them where such Personal Data was obtained from sources other than the Data Subject, except where otherwise provided by the legislation of the Russian Federation;
consider requests and inquiries submitted by the Data Subject (or their legal representative) regarding the processing of Personal Data and provide reasoned responses within the time limits established by applicable law;
provide the Data Subject (or their legal representative) with free access to their Personal Data, except in cases provided for by the legislation of the Russian Federation;
take appropriate measures to update, rectify, or destroy the Personal Data of the Data Subject in response to lawful and justified requests submitted by the Data Subject or their legal representative;
implement and maintain appropriate legal, organizational, and technical measures to ensure the protection of Personal Data in accordance with the legislation of the Russian Federation;
when collecting Personal Data, including via the Internet, ensure the recording, systematization, accumulation, storage, updating (modification), retrieval, and retention of Personal Data of citizens of the Russian Federation using databases located within the territory of the Russian Federation, in accordance with applicable legal requirements;
remove information relating to a Data Subject from publicly available sources of Personal Data upon the request of the Data Subject or pursuant to a court decision or a decision of another competent public authority.
4. Rights and Responsibilities of Data Subjects
4.1. A Data Subject has the right to:
obtain information regarding the processing of their Personal Data by the Controller to the extent provided by the legislation of the Russian Federation;
access their Personal Data and obtain a copy of any record containing their Personal Data, except where otherwise provided by the legislation of the Russian Federation;
request the rectification, blocking, or destruction of their Personal Data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purposes of processing;
request the termination of the processing of their Personal Data, including by withdrawing previously given consent, except where processing is permitted or required under the legislation of the Russian Federation;
contact the Controller to exercise and protect their rights and legitimate interests;
appeal against the actions or omissions of the Controller by filing a complaint with the authorized supervisory authority for the protection of the rights of Personal Data subjects or with any other competent public authority;
protect their rights and legitimate interests, including the right to seek compensation for damages and/or moral harm through judicial or other legal remedies, as well as to exercise any other rights granted under the legislation of the Russian Federation governing Personal Data;
establish, within the consent for the processing of Personal Data permitted by the Data Subject for dissemination, prohibitions on the transfer (other than granting access) of such Personal Data to an unlimited number of persons, as well as prohibitions or conditions relating to the processing (other than access) of such Personal Data by an unlimited number of persons;
require the termination of the transfer (including dissemination, provision, or granting of access) of their Personal Data previously permitted for dissemination to any person processing such Personal Data where the requirements of the legislation of the Russian Federation are violated, or seek such termination through a court of competent jurisdiction.
4.2. A Data Subject shall:
provide the Controller only with accurate and truthful information about themselves, as well as documents containing Personal Data to the extent necessary for the purposes of processing;
promptly notify the Controller of any updates, modifications, or corrections to their Personal Data.
4.3. The Data Subject's right to access their Personal Data may be restricted in accordance with applicable federal laws, including where granting such access would infringe upon the rights and legitimate interests of third parties.
4.4. To improve the efficiency and expedite the processing of requests and complaints, Data Subjects may complete and submit the relevant form set forth in Appendix No. 1 to this Policy.
4.5. The processing of Personal Data for the purpose of promoting goods, works, or services through direct communication with potential consumers using communication means shall be carried out only with the prior consent of the Data Subject.
4.6. Any agreement with a Data Subject under which the processing of their Personal Data is carried out shall not contain provisions that:
restrict the rights and freedoms of the Data Subject;
permit the processing of the Personal Data of minors, except where otherwise provided by the legislation of the Russian Federation;
deem the Data Subject's inaction or silence to constitute a condition for entering into the agreement.
Decisions producing legal effects concerning a Data Subject, or otherwise affecting the Data Subject's rights and legitimate interests, shall not be based solely on automated processing of Personal Data, except where such processing is permitted by the legislation of the Russian Federation or where the Data Subject has provided prior written consent.
5. Legal Basis for the Processing of Personal Data
5.1. The Controller processes Personal Data in accordance with the principles and requirements established by the legislation of the Russian Federation governing the processing and protection of Personal Data, based on the consent of the Data Subject where such consent is required, as well as in cases where the processing of Personal Data is necessary:
to achieve the purposes provided for by an international treaty of the Russian Federation or by law, and to perform the functions, powers, and obligations imposed on the Controller under the legislation of the Russian Federation;
in connection with the participation of an individual in civil, administrative, or arbitration court proceedings;
to execute a judicial act or an act of another authority or official that is subject to enforcement in accordance with the legislation of the Russian Federation on enforcement proceedings;
for the performance of a contract to which the Data Subject is a party, beneficiary, or guarantor, as well as for the conclusion of a contract at the initiative of the Data Subject or a contract under which the Data Subject will be the beneficiary or guarantor;
to protect the life, health, or other vital interests of the Data Subject where obtaining the Data Subject's consent is impossible;
to exercise the rights and legitimate interests of the Controller or third parties, or to achieve socially significant objectives, provided that the rights and freedoms of the Data Subject are not infringed;
for scientific, literary, or other creative activities, provided that the rights and legitimate interests of the Data Subject are not violated;
for statistical or other research purposes, provided that the Personal Data is subject to mandatory anonymization;
where the processing relates to Personal Data that is required to be published or otherwise disclosed pursuant to federal law.
5.2. The Controller processes Personal Data in accordance with the legislation of the Russian Federation governing Personal Data, including, but not limited to, the following legal grounds:
the Constitution of the Russian Federation;
the Civil Code of the Russian Federation;
the Labour Code of the Russian Federation;
the Tax Code of the Russian Federation;
Federal Law No. 14-FZ dated February 8, 1998, "On Limited Liability Companies";
Federal Law No. 402-FZ dated December 6, 2011, "On Accounting";
Federal Law No. 167-FZ dated December 15, 2001, "On Mandatory Pension Insurance in the Russian Federation";
Law of the Russian Federation No. 2300-1 dated February 7, 1992, "On Consumer Protection";
other legislative and regulatory acts governing the Controller's activities;
the Controller's Charter and other constitutional (founding) documents;
agreements concluded between the Controller and Data Subjects, as well as agreements under which Data Subjects act as beneficiaries or guarantors;
powers of attorney issued by the Controller to Data Subjects;
consents provided by Data Subjects for the processing of their Personal Data.
6. Principles of Personal Data Processing by the Controller
6.1. In carrying out its activities, the Controller ensures compliance with the principles governing the processing of Personal Data as established by the legislation of the Russian Federation.
6.2. The Controller processes Personal Data on a lawful and fair basis and solely for specific, explicit, and legitimate purposes determined in advance.
6.3. Only Personal Data that is relevant and necessary for the stated purposes of processing shall be processed.
6.4. The Controller shall not combine databases containing Personal Data where such data is processed for purposes that are incompatible with one another.
6.5. The Controller ensures that the content and scope of the Personal Data processed are adequate, relevant, and limited to what is necessary for the stated purposes of processing. Where appropriate, the Controller shall take measures to eliminate any Personal Data that is excessive in relation to those purposes.
6.6. During the processing of Personal Data, the Controller shall ensure that such data is accurate, sufficient, and, where necessary, kept up to date for the purposes of processing. The Controller shall take the necessary measures, or ensure that such measures are taken, to rectify, update, or delete incomplete or inaccurate Personal Data.
6.7. Personal Data shall be stored in a form that permits the identification of the Data Subject for no longer than is necessary to achieve the purposes for which the Personal Data is processed, except where a longer retention period is required by federal law or by an agreement to which the Data Subject is a party, beneficiary, or guarantor.
6.8. Personal Data shall be destroyed or anonymized upon achievement of the purposes of processing or where the processing is no longer necessary to achieve those purposes, unless otherwise required by the legislation of the Russian Federation.
7. Purposes of Personal Data Collection
7.1. The Controller processes Personal Data solely for specific, explicit, and legitimate purposes determined in advance.
7.2. The Controller processes general categories of Personal Data for the following purposes:
Compliance with Applicable Laws and Protection of the Controller's Legitimate Interests, including:
fulfilling the functions, powers, and obligations imposed on the Controller under the legislation of the Russian Federation, including, without limitation, tax, civil, and consumer protection laws;
conducting the Controller's business operations, including sending and receiving correspondence and other postal communications, providing access to the Controller's IT resources, delivering technical support in connection with their use, monitoring and controlling the use of the Controller's IT resources, and ensuring information security;
retaining Personal Data and the media on which it is stored in accordance with the Controller's internal policies and procedures.
Provision and Promotion of Products and Services, including:
entering into agreements to which Data Subjects are parties or beneficiaries, and performing the obligations arising under such agreements;
assessing the satisfaction of Data Subjects with the quality of the Controller's products and services;
organizing and conducting activities aimed at increasing brand awareness and customer loyalty, including promotional campaigns, loyalty programs, marketing research, and informational communications regarding the Controller's products and services, involving Data Subjects;
communicating with Data Subjects, including receiving and processing inquiries and requests, and monitoring the quality of customer communications and support;
analyzing the activities of Data Subjects on the Controller's websites and mobile applications (including determining geographic location where applicable), as well as monitoring and improving the performance and functionality of such websites and mobile applications;
promoting the Controller's brand and/or the brands of companies belonging to the same corporate group as the Controller by publishing the Personal Data of Data Subjects on the Controller's websites, official social media pages, and other publicly accessible resources.
8. Categories of Data Subjects and Categories of Personal Data Processed
8.1. The Controller collects and further processes the Personal Data of the following categories of Data Subjects:
Consumers of the Controller's Products and Services and Their Legal Representatives – individuals and their authorized representatives who purchase, use, or order the Controller's products and/or services.
Website Users and Visitors – individuals who visit and/or use the Controller's websites.
Mobile Application Users – individuals who use the Controller's mobile applications.
8.2. The Controller processes the Personal Data of Data Subjects for the following purposes:
registration and authentication on the website https://icpark.ru/.;
performance of an agreement to which the Data Subject is a party, beneficiary, or guarantor;
evaluation and analysis of the Controller's performance in fulfilling its contractual obligations;
conducting advertising and marketing campaigns, including campaigns organized by third parties;
identification of users of the Controller's website on the Internet;
compliance with other applicable requirements of the legislation of the Russian Federation.
Subject to the Data Subject's consent, the Controller may send informational communications, including marketing and promotional messages, to the Data Subject's email address and mobile telephone number.
The User's selection of the relevant checkbox in the applicable web form constitutes sufficient evidence of consent to receive the above communications.
Service messages relating to an order and the stages of its processing are sent automatically and are necessary for the performance of the Controller's obligations. Such messages cannot be declined by the Data Subject.
8.3. The Controller may process the following categories of Personal Data:
full name (including any previous names, where applicable);
gender;
date of birth;
residential address;
passport details or information contained in another identity document (including the type of document, series and number, date of issue, issuing authority, and subdivision code, where applicable);
contact information (telephone number and email address);
photographs;
any other Personal Data voluntarily provided by the Data Subject and necessary for the purposes set out in this Policy.
9. Procedures and Conditions for the Processing of Personal Data
9.1. The processing of personal data shall be carried out by the Operator subject to obtaining the consent of the personal data subject, except for cases established by the legislation of the Russian Federation where the processing of personal data may be carried out without such consent.
9.2. The personal data subject shall independently decide whether to provide their personal data and shall provide such data freely, voluntarily, and in their own interests.
9.3. Consent shall be provided in any form that allows confirmation of the fact that such consent has been obtained. In cases provided for by the legislation of the Russian Federation, consent shall be provided in written form.
9.4. Consent may be withdrawn by submitting a written notification to the Operator via postal mail.
9.5. When providing consent to the processing of their personal data, the personal data subject shall be informed of the purposes of such processing.
9.6. The purposes of processing shall be specified in the consent form provided by the personal data subject.
9.7. The Operator processes personal data using the following methods:
non-automated processing of personal data;
automated processing of personal data with or without transmission of the obtained information via information and telecommunication networks;
combined processing of personal data.
9.8. The Operator shall not make decisions that produce legal consequences for personal data subjects or otherwise affect their rights and legitimate interests solely on the basis of automated processing of their personal data.
9.9. The processing of personal data by the Operator includes the collection, recording, systematization, accumulation, storage, clarification (updating and modification), extraction, use, transfer (dissemination, provision, access), cross-border transfer, blocking, deletion, and destruction of personal data.
9.10. The Operator shall have the right to transfer personal data to bodies conducting inquiries and investigations, as well as to other authorized authorities, on the grounds provided for by the current legislation of the Russian Federation.
9.11. Where interaction with third parties is required to achieve the purposes of personal data processing, the Operator shall have the right to transfer personal data to authorized third parties for the purpose of achieving such processing objectives.
9.12. The Operator processes personal data of personal data subjects that are permitted for dissemination on the basis of separately obtained consent from the personal data subject for the processing of such personal data. The Operator shall ensure that the personal data subject has the ability to determine the list of personal data for each category of personal data specified in the consent for the processing of personal data permitted by the personal data subject for dissemination.
9.13. The Operator has established the following conditions for termination of personal data processing:
achievement of the purposes of personal data processing and expiration of the maximum storage periods for personal data;
loss of the necessity to achieve the purposes of personal data processing;
provision by the personal data subject or their legal representative of information confirming that personal data was obtained unlawfully or is not necessary for the stated purpose of processing;
inability to ensure the lawfulness of personal data processing;
withdrawal by the personal data subject of consent to the processing of personal data, provided that further storage of personal data is no longer required for the purposes of processing;
expiration of limitation periods for legal relations within the framework of which personal data processing is or was carried out;
liquidation of the Operator.
9.14. The storage periods for personal data maintained by the Operator shall be determined in accordance with the Operator’s internal regulatory documents.
9.15. If documents containing personal data created in the course of the Operator’s activities constitute archival documents, their storage periods may be determined in accordance with Order No. 236 of the Federal Archival Agency of Russia dated December 20, 2019, “On Approval of the List of Standard Administrative Archival Documents Generated in the Course of Activities of State Authorities, Local Self-Government Bodies, and Organizations, Indicating Their Storage Periods.”
9.16. The storage period for personal data processed in personal data information systems shall correspond to the storage period of personal data stored on paper media.
9.17. When storing personal data, the Operator uses personal data databases located within the territory of the Russian Federation.
9.18. Upon expiration of the personal data processing period, destruction of personal data stored on electronic media shall be carried out by mechanically damaging the integrity of the storage medium in a manner that prevents reading or restoring personal data, or by deleting personal data from electronic media using methods and means that ensure guaranteed removal of residual information.
9.19. Destruction of documents (media) containing personal data shall be carried out by burning, shredding (fragmentation), chemical decomposition, conversion into an amorphous mass or powder. The use of shredders is permitted for the destruction of paper documents.
10. Measures for Proper Organization of Personal Data Processing and Ensuring Personal Data Security
10.1. When processing personal data, the Operator shall take all necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination, as well as from other unlawful actions in relation to such data. Personal data security shall be ensured, in particular, through the following measures:
appointment of a person responsible for organizing the processing of personal data;
adoption of documents defining the Operator’s policy regarding personal data processing, as well as internal regulations on personal data processing that specify, for each purpose of processing personal data, the categories and list of processed personal data, categories of data subjects whose personal data is processed, methods and periods of processing and storage, procedures for the destruction of personal data upon achievement of processing purposes or upon the occurrence of other legal grounds, as well as internal regulations establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation in the field of personal data and eliminating the consequences of such violations;
conducting internal control and/or audits of compliance of personal data processing with Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”, regulatory legal acts adopted pursuant to this law, personal data protection requirements, and the Operator’s internal regulations;
familiarizing employees of the Operator who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including personal data protection requirements, internal regulations regarding personal data processing, and/or providing training to such employees;
identifying threats to the security of personal data during their processing in personal data information systems;
applying organizational and technical measures to ensure the security of personal data processed in personal data information systems, as required to comply with personal data protection requirements;
assessing the effectiveness of measures taken to ensure personal data security prior to commissioning personal data information systems;
assessing the potential harm that may be caused to personal data subjects in the event of violations of the legislation of the Russian Federation on personal data, comparing such harm with the measures taken by the Operator to ensure compliance with obligations established by the legislation of the Russian Federation on personal data;
accounting for data storage devices containing personal data;
restricting the list of persons who have access to personal data;
detecting instances of unauthorized access to personal data and taking appropriate measures;
determining locations for storing physical media containing personal data, as well as ensuring their accounting and security;
restoring personal data that has been modified or destroyed as a result of unauthorized access;
establishing rules for access to personal data processed in personal data information systems, as well as ensuring registration and accounting of all actions performed with personal data within personal data information systems;
organizing access control procedures on the Operator’s premises and protecting premises containing technical equipment used for personal data processing;
monitoring the measures taken to ensure personal data security and the level of protection of personal data information systems;
ensuring unrestricted access to the document defining the Operator’s policy regarding personal data processing and to information on implemented personal data protection requirements, including publication of this Policy on the website.
10.2. In accordance with the procedure established by the federal executive authority authorized in the field of information security, the Operator shall ensure interaction with the state system for detecting, preventing, and eliminating the consequences of computer attacks on information resources of the Russian Federation, including notifying such system of computer incidents that have resulted in unlawful transfer (provision, dissemination, access) of personal data.
10.3. The duties and responsibilities of the Operator’s employees involved in the processing and protection of personal data shall be defined in the Operator’s “Regulation on the Organization of Personal Data Processing and Ensuring Personal Data Security.”
11. Updating, Rectification, Deletion and Destruction of Personal Data, Responses to Requests from Personal Data Subjects Regarding Access to Personal Data
11.1. If the accuracy of personal data is confirmed to be incorrect or the processing of personal data is determined to be unlawful, the Operator shall update such personal data or terminate their processing accordingly.
11.2. The fact that personal data is inaccurate or that its processing is unlawful may be established either by the personal data subject or by competent state authorities of the Russian Federation.
11.3. Upon a written request from a personal data subject or their representative, the Operator shall provide information regarding the processing of the personal data of the respective subject carried out by the Operator.
11.4. The request shall contain the following information:
the number of the primary identification document of the personal data subject and their representative;
information regarding the date of issuance of the specified document and the authority that issued it;
information confirming the personal data subject’s participation in relations with the Operator (contract number, contract conclusion date, a conventional verbal designation and/or other information), or other information confirming the fact that the Operator processes the personal data.
11.5. The request may be submitted in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
11.6. If a request from a personal data subject does not contain all required information or the subject does not have the right to access the requested information, the Operator shall provide a reasoned refusal.
11.7. The personal data subject shall have the right to request that the Operator clarify, block, or destroy their personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, as well as to take other measures provided by law to protect their rights.
11.8. Upon achievement of the purposes of personal data processing, as well as in the event that the personal data subject withdraws their consent, personal data shall be destroyed unless:
otherwise provided by a contract to which the personal data subject is a party, beneficiary, or guarantor;
the Operator is entitled to continue processing personal data without the consent of the personal data subject on the grounds established by the Federal Law “On Personal Data” or other federal laws;
otherwise provided by another agreement between the Operator and the personal data subject.
12. Liability
12.1. Persons responsible for violations of the rules governing the processing and protection of personal data shall be liable in accordance with the legislation of the Russian Federation, the Operator’s internal regulations, and agreements governing the Operator’s legal relations with third parties.
12.2. A person who provides the Operator with inaccurate information about themselves, or provides information about another personal data subject without the consent of such subject, shall be liable in accordance with the legislation of the Russian Federation.
13. Access to the Policy
13.1. The current version of the Policy in hard copy is stored at the following address: 143421, Moscow Region, Krasnogorsk Urban District, Territory of Baltia Highway, 26th km, Building 5, Structure 1.
13.2. The electronic version of the current edition of the Policy is publicly available on the Operator’s website on the Internet at:
https://icpark.ru/privacy_policy.
14. Amendments
14.1. The Policy shall be approved and put into effect by the sole executive body of the Operator.
14.2. The Operator shall have the right to amend this Policy and its appendices. When amendments are made, the date of approval of the current version of the Policy shall be indicated in the heading of the Policy.
14.3. The Policy shall be reviewed on a regular basis — once a year from the date of the previous review of the Policy. The Policy shall be re-approved if amendments are introduced as a result of the review.
14.4. The Policy may be reviewed and re-approved before the above-mentioned period in the event of amendments to:
regulatory legal acts in the field of personal data;
the Operator’s internal regulatory and individual acts governing the organization of personal data processing and ensuring personal data security.
14.5. All relations concerning the processing of personal data that are not covered by this Policy shall be governed by the provisions of the legislation of the Russian Federation.
15. Final Provisions
15.1. This Policy is a publicly available document.