:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fstolovaya-posuda-predmety-servirovki.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fkuhonnyj-konditerskij-inventar2.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fbarnyj-inventar.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F130%2FICON_COFFEE_INVENTORY.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fsiropy-produkty2.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Ftehnologicheskoe-oborudovanie.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fvspomogatelnyj-inventar2.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Funiforma-predmety-interjera.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fhozyajsvennye-tovary.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fkomplektuyuschie.png)
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F127%2Fmenu_download_1.png){kind=small}
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F59%2Fmenu_download.png){kind=small}
:fill(fff)/https%3A%2F%2Fcomplexbar.com%2Fimages%2Fabt__ut2%2Fmenu-with-icon%2F127%2Fmenu_download_8auj-jd.png){kind=small}
Policy for the processing and protection of personal data of KB Management and Consulting LLC
Revision dated October 01, 2022
1. General Provisions
1.1. This policy of KB Management and Consulting LLC (hereinafter referred to as the “Company”) regarding the processing and protection of personal data (hereinafter referred to as the “Policy”) was developed in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data » (hereinafter referred to as the Law on Personal Data) in order to respect the rights and freedoms of man and citizen when processing his personal data.
1.2. The policy is mandatory for execution by the Company's employees.
1.3. The Policy applies to all personal data of subjects processed in the Company using automation tools.
1.4. Any subject of personal data has unlimited access to this Policy on the Company’s website on the Internet: www.complexbar.com.
2. Terms and abbreviations used
2.1. Automated processing of personal data – processing of personal data using computer technology.
2.2. Company – KB Management and Consulting LLC, TIN: 7714405608, location address: 129085, Moscow, st. Godovikova, 9, building 31, entrance 31.12, fl. 3, room 307.
2.3. Blocking of personal data – temporary cessation of processing of personal data (except for cases where Processing is necessary to clarify personal data).
2.4. Request – any appeal by the subject of personal data (or his Representative) to the Company, verbally (during a personal visit to the Company’s office or by telephone), in writing or in the form of an electronic document regarding the processing of his personal data.
2.5. Client – an individual who uses or intends to use the goods and (or) services offered on the Company’s website (including individuals who have expressed a desire to register on the Company’s website).
2.6. Contact persons are individuals who are not a party to the contract (agreement) and Clients, whose personal data is provided within the framework of contracts (agreements) concluded or concluded by the Company, or when placing orders on the Company’s website for goods provided by the Company’s partners, or is processed within the framework of the requirements legislation of the Russian Federation.
2.7. Counterparty is a legal entity or individual entrepreneur with whom the Company has contractual relations or with whom it intends to enter into contractual relations.
2.8. Depersonalization of personal data is actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
2.9. Processing of personal data - any action (operation) or set of actions (operations) performed using automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution) , provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.10. Operator is a legal entity that, independently or jointly with other persons, organizes and (or) carries out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data.
For the purposes of this policy, the Company is the Operator.
2.11. Partners are legal entities with whom the Company has entered into cooperation agreements in order to expand and/or stimulate the activity of the Company’s Clients, as well as agreements on the sale of their goods/services through the Company’s website/aggregator site on the Internet.
2.12. Personal data (PD) – any information relating to a directly or indirectly identified or identifiable individual (subject of personal data).
2.13. Personal data authorized by the subject of personal data for distribution - personal data, access to an unlimited number of persons is provided by the subject of personal data by giving consent to the processing of personal data authorized by the subject of personal data for distribution in the manner prescribed by Federal Law No. 152-FZ.
2.14. Site users are authorized users of the Company’s website on the Internet who have filled out registration forms and provided their personal data.
2.15. Site visitors are unauthorized visitors to the Company’s website, in respect of whom a visitor profile can be formed.
2.16. Providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.17. Representatives are individuals acting on the basis of a power of attorney, agreement, by virtue of law or an act of an authorized body.
2.18. Dissemination of personal data – actions aimed at disclosing personal datato an indefinite number of people.
2.19. An aggregator site is a resource on the Internet telecommunications network that collects information and offers from sellers of goods/services (Partners) offered to visitors of this resource.
2.20. PD subject is an individual who is directly or indirectly identified or determined using personal data.
2.21. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2.22. Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed.
2.23. Checkbox is an element (button with a check mark) of the graphical user interface that allows the interface user to control a parameter with two states: “enabled”, “disabled” - consent is provided and consent is not provided. The check box can also be used on paper.
3. Legal grounds for processing personal data
The legal grounds for processing personal data in the Company are:
- Constitution of the Russian Federation
- Labor Code of the Russian Federation dated December 31, 2001 No. 197-FZ
- Federal Law of July 27, 2006 N 149-FZ "On information, information technologies and information protection"
- Federal Law of July 7, 2003 N 126-FZ “On Communications”
- Federal Law of 02/08/1998 No. 14-FZ “On Limited Liability Companies”
- Federal Law of July 27, 2006 No. 149-FZ “On information, information technologies and information protection”;
- Federal Law of 08.08.2001 No. 129-FZ “On state registration of legal entities and individual entrepreneurs”;
- Federal Law of December 6, 2011 No. 402-FZ “On Accounting”;
- Charter of KB Management and Consulting LLC
- Agreements to which the subject of the personal data is a party or beneficiary or guarantor;
- Agreements concluded by the Company
- Consent of the PD subject to PD Processing
- Rights and legitimate interests of the Company and third parties.
4. Rights of personal data subjects
4.1. In order to ensure the protection of personal data processed by the Company, the subject of personal data or his Representative has the right:
- to receive information regarding the Processing of his PD by the Company
- require the Company to clarify its PD, block it or destroy it if the PD is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
- request your personal data processed by the Company and receive it in an accessible form;
- require the Company to notify all persons who were previously informed by the Company of incorrect or incomplete PD of the subject about all exceptions, corrections or additions made to them;
- appeal the actions or inaction of the Company to Roskomnadzor or in court;
- revoke your consent to PD Processing.
4.2 The information specified in clause 4.1 of the Policy is provided to the subject of personal data or his Representative by the Company within 10 (Ten) business days from the date of application or receipt by the Company of the Request of the subject of personal data or his Representative. This period may be extended, but not more than by 5 (Five) working days if the Company sends a motivated notification to the PD subject indicating the reasons for extending the period for providing the requested information.
4.3. To exercise the above rights, the PD subject must send a Request/application to the Company in one of the following ways:
- in writing, signed by hand - at the address 129085, Russia, Moscow, st. Godovikova, 9, building 31, entrance 31.12, fl. 3, room 307;
- in the form of an electronic document signed with an electronic signature - by email info@kbmik.ru.
Such a Request/application must necessarily contain a description of the requirements of the PD subject, as well as the following information:
- Full name of the subject of the PD;
- the number of the main document identifying the subject of personal data or his representative, information about the date of issue of the specified document and the issuing authority OR other data that allows one to uniquely identify the subject of personal data;
- information confirming the participation of the subject of personal data in relations with the Company, OR information otherwise confirming the fact of processing of personal data by the Company;
- signature of the subject of personal data or his representative.
4.4. The Company provides the information specified in clause 4.1 of the Policy to the PD subject or its Representative in the form in which the relevant Request or application is sent, unless otherwise specified in the Request/application.
5. Purposes of PD processing, categories of PD subjects and categories of processed PD
| No. | Purpose of PD processing | Categories of personal data subjects | Categories of processed PD |
| 1 | Carrying out business activities by the Company | · Clients · Counterparties · Beneficiaries, guarantors under contracts · Contact faces · Representatives · Partners | · Full Name · Job title · INN/OGRNIP · Registration address · Address of actual residence · Type, number of identity document, name of the authority that issued it, date of issue; · Details of the power of attorney · Phone number · E-mail address · Call (conversation) recordings |
| 2 | The Company carries out activities in the field of e-commerce as the owner of a website/aggregator of information about goods (services) on the Internet | · Clients · Counterparties · Contact faces · Website users · Website visitors · Partners | · Full Name · Phone number · E-mail address · Delivery address · Registration and authorization data (login, password, etc.), technical information about user devices and identifiers, incl. cookies, |
| 3 | Quality control of the use of website services and services provided by third parties using the services of the Company website | · Clients · Counterparties · Contact faces · Representatives · Website users · Partners | · Full Name · Job title · Power of attorney details · Type, number of identity document, name of the authority that issued it, date of issue; · Phone number · E-mail address · Delivery address |
| 4 | Advertising goods/services, informing about ongoing promotions, competitions | · Clients · Counterparties · Website users · Partners | · E-mail address |
6. Procedure and conditions for processing personal data
6.1. PD processing is carried out by the Company in accordance with the requirements of the legislation of the Russian Federation.
6.2. Processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data. If the PD subject withdraws consent to PD processing, the Company has the right to continue processing PD without the consent of the PD subject if there are grounds specified in paragraphs 2 - 11 of part 1 of Article 6 , part 2 of Article 10 and part 2 of Article 11 of the Federal Law “On Personal Data”.
6.3. The Company, being an Operator, receives the consent of the PD subject in writing in the following cases:
- Biometric PD processing;
- Processing of special categories of PD in the absence of other legal grounds provided for by Federal Law No. 152-FZ;
- Cross-border transfer of personal data to the territory of a state that does not provide adequate protection of the rights of personal data subjects;
- Making decisions on OSthe introduction of exclusively Automated PD processing that generates legal consequences in relation to the PD subject or otherwise affects his rights and legitimate interests;
- Transfer of PD of an employee of the Company to a third party, except for cases when this is necessary in order to prevent a threat to the life and health of the employee, as well as in other cases provided for by the legislation of the Russian Federation.
- Processing of PD permitted for distribution
- Obtaining PD from a third party
- Other cases provided for by the Federal Law “On Personal Data”
6.4. Consent in writing can be obtained in the form of an electronic document signed in accordance with the legislation of the Russian Federation with an electronic signature of the subject of the personal data.
6.5. The Company recognizes not only consent in the form of an electronic document signed with an electronic signature, but also explicit consent given through:
- filling out an electronic form when registering on the Company’s website
- sending an email to the Company
- the subject of the PD clicks on the button “I Confirm”, “I Agree”, “I Accept”, “Continue”, etc. in the interface of the Company’s website after the procedure of reading the text of consent to PD Processing;
- the subject of the PD puts a mark in the Checkbox next to the text of consent to the Processing of PD in the interface of the Company’s website;
- confirmation of consent by voice, if the conversation is being recorded with the consent of the subject and the client has been previously identified;
- other methods allowing the Company to confirm the fact of obtaining the consent of the subject of personal data
6.6. The Company carries out PD Processing using automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, analysis and use, transfer (distribution, provision, access) and entrusting Processing to third parties, receiving from third parties persons, depersonalization, blocking, deletion, destruction of Personal Data within the time period necessary to achieve the purposes of Processing Personal Data.
6.7. Employees of the Company whose job responsibilities include the processing of personal data are allowed to process personal data.
6.8. The Company has the right to entrust the Processing of PD to another person with the consent of the PD Subject, and also has the right to receive PD of the PD Subject from third parties.
6.9. In cases established by the legislation of the Russian Federation, the Company has the right to transfer personal data to third parties, including without authorizing such persons to process personal data.
The Company transfers the PD of Counterparties/Clients/Site Users to its Partners in order to fulfill obligations to Counterparties/Clients/Site Users for the sale, payment, return/exchange of goods presented on the site, and their delivery.
6.10. The Company has the right to carry out cross-border transfer of personal data to the territory of foreign states:
- - parties to the Council of Europe Convention for the Protection of Individuals with Automatic Processing of Personal Data;
- - contained in the list of foreign states that are not parties to the Council of Europe Convention for the Protection of Individuals with Automatic Processing of Personal Data and that provide adequate protection of the rights of personal data subjects, approved by the authorized body for the protection of the rights of personal data subjects.
6.11. PD storage is carried out by the Company from the moment the PD subject provides consent to the processing of his PD and until the purpose of PD processing is achieved or the need to achieve the purpose of PD processing ceases, unless a different PD storage period is established by federal law, an agreement to which a party, beneficiary or guarantor is the subject of the PD. The processed PD is subject to destruction or depersonalization upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
Unless otherwise provided by the legislation of the Russian Federation, the Company stops processing personal data (in relation to any of the purposes stated above) and destroys it in the following cases:
- achieving the goals of PD processing
- loss of the need to achieve the purpose of PD processing
- expiration of the consent of the PD subject
- revocation of the consent of the PD subject to the processing of his PD, except for the cases provided for in paragraphs 2 - 11 of part 1 of Article 6 ,2DC572DEEDD36C4CF981B0354DFB69236C7FBAD5701BC6D46074D8J5oCP" rel="nofollow">part 2 of article 10 and of the Federal Law “On Personal Data”.
- identifying unlawful processing of personal data
- liquidation of the Company;
- reorganization of the Company, entailing the termination of its activities;
- disappearance of the legal grounds for processing personal data and/or achieving the goals of processing personal data.
The specific procedure for the destruction of personal data on media containing personal data, including external/removable electronic media, paper media and in personal data information systems, is determined by the Company in its internal documents and local regulations.
6.12. The Company may collect technical information when the User visits the Company's website. Such information includes: IP address, device operating system and browser type, unique device identifier, address of referring sites, path the user takes through sites, geolocation and other information. The Company may also use technologies such as cookies and web beacons to collect information about the use of the site. Cookies allow the Company to provide users with relevant information as they use the Company website (for example, to open and load relevant pages). Web beacons allow us to determine whether a particular page has been visited, an email has been opened, or whether banner advertisements on the Society's website and other sites have been effective.
The Company uses this information to ensure the functionality of its website, to improve the quality of services provided, to correct errors and to improve the user experience in general. At the same time, the Company does not pursue the goal of identifying a specific user of the site.
6.13. When processing PD, the Company takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
- takes measures necessary and sufficient to ensure compliance with the requirements of the legislation of the Russian Federation, internal documents and local regulations of the Company in the field of personal data;
- takes legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data;
- appoints a person responsible for organizing the processing of personal data in the Company;
- issues internal documents defining the Company's policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
- familiarizes employees of the Company, its branches, representative offices and structural divisions directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation, internal documents and local regulations of the Company in the field of personal data, including the requirements for the protection of personal data, and trains these workers;
- conducts regular mandatory trainings for its employees on personal data issues;
- carries out internal control and (or) audit of compliance of the processing of personal data with the requirements of the legislation of the Russian Federation and regulatory legal acts adopted in accordance with it, other requirements for the protection of personal data, this Policy, internal documents and local regulations of the Company in the field of personal data;
- publishes or otherwise provides unrestricted access to this Policy;
- stops processing personal data and destroys them in cases provided for by the legislation of the Russian Federation;
- performs other actions provided for by the legislation of the Russian Federation in the field of personal data.
6.14. When collecting PD, including through the information and telecommunications network Internet, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieving personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, with the exception of cases specified inEBF41E4614F6FC154F8F806FEEB97094B4C7D24F3FS" rel="nofollow">Personal Data Law.
7. Information about measures to protect personal dataWhen processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data. The Company regularly reviews and updates the measures taken to ensure the best security of processed personal data - such measures are described in this Policy, internal documents and local regulations of the Company.
Such measures, in particular, include:
- development of threat models;
- identification of threats to the security of personal data when processing them in personal data information systems;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for personal data protection, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation;
- use of information security means that have passed the compliance assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of measures taken to ensure PD security before putting the PD information system into operation;
- detecting facts of unauthorized access to personal data and taking measures;
- restoration of personal data modified or destroyed due to unauthorized access to it;
- establishing rules for access to PD processed in the PD information system, as well as ensuring registration and accounting of all actions performed with PD in the PD information system;
- control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;
- accounting of machine PD media;
- antivirus protection;
- PD backup and recovery;
- protecting the virtualization environment;
- protection of technical means;
- identifying incidents that may lead to failures or disruption of the functioning of the information system and/or the emergence of threats to personal data security, and responding to them;
- maintaining technical security and alarm systems in constant readiness;
- monitoring the actions of Site Users, conducting investigations into violations of PD security requirements.
© 2024 Complex-Bar®