Privacy Policy

1. General

   1.1. This Data Protection Policy (the “Policy”) is regulated by paragraph 2 of Article 18.1 of Personal Data Protection Law No. 152-FZ of July 27, 2006, and other regulatory legal acts of the Russian Federation in the field of personal data protection and processing, and applies to all personal data (the “Data”) that the website owners (the “Processor”) can obtain from the individuals using the website (the “Users”) at https://inmash.info (the “Website”).

   1.2. The Processor protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the provisions of Personal Data Protection Law No. 152-FZ of July 27, 2006.

   1.3. Changes and Amendments

   1.3.1. The Processor may make changes to this Policy from time to time. In the event of any changes, the Policy’s revisions will also be changed accordingly. The updated Policy takes effect from the moment it is published on the Website unless otherwise provided in the updated Policy.

   Terms and Abbreviations

   Personal data (PD) means any information relating directly or indirectly to a specific or identifiable individual (owner of personal data).

   Processing of personal data means any action (operation) or a set of actions (operations) performed, either using automation tools or without using such tools, with respect to personal data including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer, depersonalization, blocking, deletion, and destruction.

   Automated processing of personal data means the processing of personal data using computer technology.

   Personal data information system (PDIS) means a set of personal data contained in databases and the related processing information technologies and technical means.

   Personal data made publicly available by the owner of personal data means PD the access to which was provided to an unlimited number of persons by the owner of personal data or at his/her request.

   Blocking of personal data means a temporary suspension of the processing of personal data (unless the processing is necessary to update personal data).

   Destruction of personal data means actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed.

   Processor means an organization that independently or jointly with other persons organizes the processing of personal data and defines the purposes of processing personal data and actions (operations) to be performed with personal data. The Processor is Inmash LLC, INN (tax code) 0268051351, KPP code 026801001, address: 122 Gogol st., room 2, Sterlitamak, Republic of Bashkortostan 453130 3

   Processing of Personal Data

   3.1. Obtaining Personal Data

   3.1.1. All personal data must be obtained from the respective owners. If the personal data are obtained from a third party, their owner must be notified of this or consent must be obtained from him/her.

   3.1.2. The Processor must inform the owner of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be received, actions to be performed with respect to the personal data, the period during which the consent is valid and the procedure for withdrawing it, and the implication of the owner's refusal to give written consent to provide their personal data.

   3.1.3. Personal data is transferred by the owner for their processing by the Processor by:

   visiting the Website; or filling out a feedback form on the Website (order a call, leave feedback, register, place an order, etc.).

   3.2. Processing Personal Data

   3.2.1. The processing of personal data is carried out:

   with the consent of the owner of personal data to the processing of his/her personal data; in cases when the processing of personal data is necessary for the performance of the functions, powers and duties imposed by the legislation of the Russian Federation; and in cases when the processing includes personal data the access to which to an unlimited number of persons was provided by the owner or at his/her request (“personal data made publicly available by the owner”).

   3.2.2. Purposes of Processing Personal Data:

   to increase the awareness of users of the Website about the products/works/services; to provide relevant advertising information; to optimize the advertising, to provide information support; for consulting; to conduct marketing campaigns (including email newsletters and SMS notifications about news and promotions, etc.); to send notifications about the statuses of requests, applications, orders, or otherwise in the course of using the Website.

   3.2.3. Categories of Owners of Personal Data.

   The Processor processes personal data of the following categories:

   Individuals who are Website Users.

   3.2.4. Personal data processed by the Processor:

   User’s  last name, first name and patronymic, my position, e-mail address, contact phone number and address; The source from which the User accessed the Website and the information of the search or advertising request; Information about the User's device (including resolution, version and other attributes characterizing the user device); User's clicks, page views, filling in fields, showing and viewing banners and videos; Data characterizing audience segments; Session parameters; Data about the time of visit; Information stored in cookies; and User’s IP address.

   3.2.5. Personal data is processed:

   using automation tools; or without using automation tools.

   3.3. Storage of Personal Data

   3.3.1. The personal data received by the Processor undergoes further processing and is transferred for storage in digital form.

   3.3.2. It is not allowed to store and place documents containing PD in open electronic catalogs (file sharing) in PDIS.

   3.3.3. The storage of PD in a form that makes it possible to identify the owner of PD is carried out no longer than the purposes of its processing and is subject to destruction upon achievement of the processing goals or if it is no longer required.

   3.4. Destruction of Personal Data

   3.4.1. The PD on electronic media is destroyed by erasing or formatting the media.

   3.4.2. The fact of the destruction of PD is evidenced by documentary evidence on the destruction of the PD-containing media.

   3.5. Transfer of Personal Data

   3.5.1. The Processor transfers PD to third parties in the following cases:

   the owner has provided his/her consent to such action; and the transfer is required under Russian or other applicable law in line with the established procedure.

    

   Protection of Personal Data

   4.1. The main PD protection measures used by the Processor are:

   4.1.1. Appointment of a person responsible for PD processing who organizes PD processing, training and instruction, internal control over compliance by the Processor and its employees with the requirements for PD protection.

   4.1.2. Identification of actual threats to PD security during the processing in the PDIS and definition of protection actions.

   4.1.3. Developing a policy regarding the processing of personal data.

   4.1.4. Establishing access rules for the PD processed in the PDIS.

   4.1.5. Establishing access passwords for the Processor's employees in the PDIS.

   4.1.6. Compliance with the conditions ensuring PD security and preventing unauthorized access to it.

   4.1.7. Detecting unauthorized access to personal data and taking necessary measures.

   4.1.8. Recovery of PD, modified or destroyed due to unauthorized access.

   4.1.9. Training of the Processor's employees who are directly involved in the processing of personal data with the provisions of applicable laws of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Processor's policy regarding the processing of personal data, and local acts on the processing of personal data.

   4.1.10. Internal control and audits.

   Basic Rights of the PD Owners and Obligations of the Processor

   5.1. Basic rights of the PD Owners.

   PD Owners have the right to access their personal data and the following information:

   confirmation of the fact of PD processing by the Processor; legal grounds and purposes of PD processing; the purposes and methods of PD processing used by the Processor; the name and location of the Processor, information about persons (except for the Processor's employees) who have access to PD or to whom PD may be disclosed based on an agreement with the Processor or based on federal law; terms of processing personal data, including the terms of their storage; the procedure for exercising the PD owner’s rights provided for in Personal Data Protection Law No. 152 of July 27, 2006; name or last name, first name, patronymic and address of the person who processes PD on behalf of the Processor if the processing is entrusted or will be entrusted to such person; contacting the Processor and sending it any requests; appeal against actions or omissions of the Processor.

   5.2. Obligations of the Processor.

   The Processor shall:

   when collecting PD, provide information on its processing; in cases where the PD was not received from the PD owner, notify the owner thereof; if an owner refuses to provide their PD, explain the implications of their refusal; publish or otherwise provide unrestricted access to the document defining its policy in relation to PD processing and to information about the implemented PD protection; take necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution or any other illegal actions in relation to PD; and respond to requests and appeals of PD owners, their representatives and/or the data protection authority.