1.1. This Personal Data Processing Policy (hereinafter referred to as the Policy) is drawn up in accordance with the requirements of the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) and determines the procedure for processing personal data and measures to ensure the security of personal data taken by TestGene Limited Liability Company (hereinafter referred to as the Company).
1.2. This Policy applies to all information that the Company can receive about site visitors (hereinafter – the User) while using the website https://testgen.ru/ (hereinafter - the Site).
1.3. The use of the Site by the User means unconditional acceptance of this Policy and the conditions for processing the User's personal data specified therein. In case of disagreement with these conditions, the User is not entitled to use the Site.
1.4. Information about the Company:
“TestGene” Limited liability Company2.1. Personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
2.2. Personal data operator (operator) - a state agency, municipal agency, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.3. The processing of personal data - any action (operation) or a set of actions (operations) with personal data performed with the use of automation tools or without their use. The processing of personal data includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
2.4. Automated processing of personal data - processing of personal data using computer technology.
2.5. Dissemination of personal data - actions aimed at disclosing personal data to an indefinite group of persons.
2.6. Providing personal data - actions aimed at disclosing personal data to a certain person or a certain group of persons.
2.7. Blocking personal data - temporary suspension of the processing of personal data (except when processing is necessary to clarify personal data).
2.8. Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
2.10. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.11. Cross-border transfer of personal data - the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
3.1. Categories of subjects of processed personal data:
3.1.1. The Users of the Site who filled in the contact us form;
3.1.2. Visitors to the Site (in relation to technical data).
3.2. Personal data authorized for processing under this Policy includes the following information:
3.2.1. surname, name, patronymic of the User;
3.2.2. contact phone number of the User;
3.2.3. the User's email address;
3.2.4. technical data that is automatically transmitted by the device with which the User uses the Site, including the technical characteristics of the device, IP address, information stored in cookies that were sent to the user's device, browser information, date and time of access to the site, addresses of the requested pages and other similar information. All the data of the Users/Visitors of the Site listed in this paragraph in the text of the Policy are united by the general concept of personal data.
3.3. The site is not intended for the processing of personal data of underage users. If the User has reason to believe that a child has provided the Company with their personal data through the contact us forms, they must send the Company a message about this at: info@testgen.ru
3.4. Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, personal life is not carried out by the Company.
3.5. The User's consent to the processing of personal data permitted for distribution is issued separately from other consents to the processing of his personal data. At the same time, the conditions provided for, in particular, Art. 10.1 of the Personal Data Law are fulfilled. Requirements to the content of such consent are established by the authorized agency for the protection of the rights of subjects of personal data.
3.5.1 The User provides the Consent to the processing of personal data permitted for distribution to the Company directly.
3.5.2 The Company is obliged, no later than three working days from the date of receipt of the specified consent of the User, to publish information on the conditions of processing, on the existence of prohibitions and conditions for the processing by an unlimited number of persons of personal data permitted for distribution.
3.5.3 The transfer (distribution, provision, access) of personal data authorized by the subject of personal data for distribution must be terminated at any time at the request of the subject of personal data. This requirement should include the last name, first name, patronymic (if any), contact information (telephone number, e-mail address or postal address) of the subject of personal data, as well as a list of personal data, the processing of which is subject to termination. The personal data specified in this request may be processed only by the person to whom it is sent.
3.5.4 Consent to the processing of personal data permitted for distribution terminates from the moment the Company receives the request specified in clause 3.5.3 of this Policy regarding the processing of personal data.
The Company processes the User's personal data, including collection, receipt, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction both using automation tools and without the use of such means, as well as through mixed processing for the following purposes:
5.1. The legal grounds for processing the personal data of the Company are as follows:
5.2. The Company processes depersonalized data about the User if it is allowed in the User's browser settings (saving cookies and using JavaScript technology is enabled). Information about the procedure and terms for the use of cookies is reflected in the notice on the use of cookies posted on the Site.
6.1. The processing of personal data of Users is carried out in accordance with this Policy and the requirements of legislation on personal data.
6.2. With regard to the personal data of Users, their confidentiality is maintained and security is ensured.
6.3. The Company has the right to transfer personal data of Users to third parties in the following cases:
The assignment of the processing of personal data to a third party may be carried out on the basis of an appropriate agreement with a third party that establishes the obligations of such a person to maintain confidentiality and ensure security they get to a third party website. The Company strongly recommends that the User read the privacy policy on each site that he visits. The Company does not control and assumes no responsibility for the content, privacy policies or practices of third party websites or third party services.
6.4. The Site may contain links to other sites that are not operated by the Company. If the User clicks on the link, then he gets to the site of a third party. The Company strongly recommends that the User read the data protection policy on each site that they visit. The Company does not control and assumes no responsibility for the content, privacy policies or practices of third party websites or third party services.
6.5. The processing of personal data can be carried out both with the use of automation tools and without the use of such tools.
6.6. The processing of personal data is carried out until the goals of processing are achieved, but not more than 5 (Five) years, or until the User revokes consent to the processing of personal data, depending on which event occurs earlier.
6.7. In the case of loss or disclosure of personal data, the Company shall inform the User about the loss or disclosure of personal data.
6.8. The Operator takes the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties, including:
6.8.1. Appointment of a person responsible for the processing of personal data, which organizes the processing of personal data, training and instruction, internal control over compliance by the Company and its employees with the requirements for the protection of personal data.
6.8.2. Determination of actual threats to the security of personal data during their processing in information systems for the processing of personal data and the development of measures and measures to protect personal data.
6.8.3. Development of a policy regarding the processing of personal data.
6.8.4. Establishment of rules for access to personal data processed in information systems, as well as ensuring the registration and accounting of all actions performed with personal data in information systems for processing personal data.
6.8.5. Establishment of individual passwords for employees to access the information system in accordance with their production duties.
6.8.6. The use of information security tools that have passed the conformity assessment procedure in the prescribed manner.
6.8.7. The use of certified anti-virus software with regularly updated databases.
6.8.8. Compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them.
6.8.9. Detection of facts of unauthorized access to personal data and taking action.
6.8.10. Recovery of personal data modified or destroyed due to unauthorized access to them.
6.8.11. Training of the Company's employees directly involved in the processing of personal data on the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Company's policy regarding the processing of personal data, local acts on the processing of personal data.
6.8.12. Implementation of internal control and audit.
6.9. The Company, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
7.1. The society is obligated:
7.1.1. To use the information received solely for the purposes specified in section 4 of this Policy.
7.1.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and not to sell, exchange, publish, or disclose in other possible ways the transferred personal data of the User, except as expressly provided for in this Policy.
7.1.3. To take the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties, as provided for in Article 6.8 of the Policy.
7.1.4. To block personal data relating to the relevant User from the moment the User or his legal representative or authorized body for the protection of the rights of subjects of personal data has applied or requested for the period of verification, in case of revealing false personal data or illegal actions.
8.1. The user decides to provide their personal data and agrees to their processing freely, by their own will and in his own interest Consent to the processing of personal data may be given by the subject of personal data or their representative in any form allowing to confirm the fact of its receipt, unless otherwise provided by federal law.
8.2. The user has the right to receive information regarding the processing of their personal data, if such a right is not limited in accordance with the federal laws, including information containing:
8.3. The user has the right to require the Company to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.
8.4. If the User believes that the Company processes his personal data in violation of the requirements of the Law on Personal Data or otherwise violates his rights and freedoms, he has the right to appeal against the actions or inaction of the Company to the authorized body for the protection of the rights of subjects of personal data or in court.
9.1. The storage of personal data is carried out in a form that allows you to determine the subject of personal data no longer than required by the purposes of processing personal data.
9.2. When storing personal data, the Company uses databases located on the territory of the Russian Federation.
10. TERMINATION OF PROCESSING OF PERSONAL DATA
10.1. Personal data processed by the Company is subject to destruction in the following cases:
10.1.1. identification of unlawful processing of personal data, including at the request of the subject of personal data or his representative, or at the request of the authorized body for the protection of the rights of subjects of personal data, if it is impossible to ensure the legality of the processing of personal data;
10.1.2. the requirements of the User if his personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
10.1.3. withdrawal by the User of consent to the processing of their personal data, if the storage of personal data is no longer required for the purposes of processing personal data;
10.1.4. achievement of the purpose of processing personal data or the loss of the need to achieve these goals;
10.1.5. expiration of the personal data storage periods established by the regulatory legal acts of the Russian Federation;
10.1.6. recognition of the inaccuracy of personal data or obtaining them illegally at the request of the authorized body for the protection of the rights of subjects of personal data;
10.1.7. in other cases established by law.
10.2. The destruction of personal data can be carried out in two ways, depending on the type of information carrier (paper or electronic):
10.3. The destruction of a part of personal data, if this is allowed by the material medium, is carried out in a way that excludes further processing of this personal data, while maintaining the possibility of processing other data recorded on the material medium.
11.1. All requests/appeals from Users and their representatives, authorized agencies regarding the inaccuracy of personal data, the illegality of their processing, withdrawal of consent and access of the subject of personal data to their data are sent in the form of an electronic document to the email address info@testgen.ru, or by post to the address: 9, 44th Inzhenerny Proezd, Office 13, Ulyanovsk 432072
11.2. The requests received will be processed by the Company within no more than 7 (seven) business days.
11.3. In the event that inaccurate personal data is detected when the subject of personal data or his representative applies, or at their request or at the request of Roskomnadzor (Consumer right supervising agency), the Company blocks personal data related to this subject of personal data from the moment of such request or receipt of the specified request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
11.3.1. If the fact of inaccuracy of personal data is confirmed, the Company, on the basis of information provided by the subject of personal data or his representative or Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
11.4. If unlawful processing of personal data is detected when a personal data subject or his representative or Roskomnadzor applies (requests) the Company blocks the unlawfully processed personal data relating to this personal data subject from the moment of such an appeal or receipt of a request.
11.5. The Operator has the right to make changes to this Policy without the consent of the Users.
11.6. The new Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy. The User is obliged to periodically review the Policy for any changes
11.7. All suggestions or questions regarding this Personal Data Processing Policy should be reported to info@testgen.ru.
11.8. The use of the Site by the User means acceptance of this Policy and the conditions for processing the User's personal data.
11.9. In the case of disagreement with the terms of the Policy, the User must stop using the Site.