1. General provisions
1. This document (hereinafter referred to as the Policy) was developed in accordance with the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the PD Law) and is the fundamental internal regulatory document of the “PIK” Enterprise Limited Liability Company (“PIK” Enterprise LLC), defining the key directions of its activities in the field of processing and protection of personal data (hereinafter – PD), the operator of which is “PIK” Enterprise LLC (hereinafter – the Operator / Company), the goals and general principles of processing personal data, as well as those implemented personal data protection measures. The Policy is a public document of the Operator and provides for the possibility of familiarization with it by any person. The current version of the Policy is published on the Operator’s website: pik.solar (further also – website).
2. The policy is valid indefinitely after approval until it is replaced by a new version.
3. The Policy uses terms and definitions in accordance with their meanings, as defined in Federal Law No. 152 “On Personal Data”.
4. The policy applies to all employees of the Operator (including employees under employment contracts and employees working under contract agreements). The requirements of the Policy are also taken into account and presented in relation to other persons if it is necessary for their participation in the process of processing personal data by the Operator, as well as in cases of transfer of personal data to them in the prescribed manner on the basis of agreements, contracts, orders for processing.
2. Purpose and scope of the document
1. The user, by leaving a request on the pik.solar website, accepts the terms of the Privacy Policy in the field of processing and protection of personal data of users of the pik.solar website (hereinafter referred to as the Policy). Acting freely, of his own will and in his own interest, as well as confirming his legal capacity, the User gives his consent to the Operator to process his personal data in accordance with the conditions set forth below in the text of the Policy.
2. The policy regarding the processing of personal data (hereinafter referred to as PD) determines the position and intentions of the Company in the field of processing and protection of personal data, respect for the rights and fundamental freedoms of each person guaranteed by the Constitution of the Russian Federation and other legal acts of the Russian Federation.
3. The policy is intended to inform users about the procedure for processing personal data, strict execution by managers and employees of all structural divisions of the Company, and must also be brought to the attention of persons who are in contractual, civil and other relations with the Company, the Company’s partners and other interested parties.
4. This Policy applies to all processes of collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, carried out both using automation tools and and without the use of such means.
5. As part of the implementation of this Policy, the Company may additionally develop other internal regulatory documents regulating individual processes of processing and protecting personal data.
3. Composition of users’ personal data
1. The subjects of personal data whose data is processed by the Operator include individuals who are counterparties (possible counterparties) of the Operator, users of the site, which are any persons accessing the site and/or using the site and information posted on the site.
These subjects consent to the processing of the following personal data:
1) Personal data that is not special or biometric:
• first name, patronymic, last name;
• contact phone numbers;
• e-mail addresses;
• website and social network addresses.
2) User data:
• location information;
• operating system type and version;
• Browser type and version;
• device type and screen resolution;
• the source where the user came to the site, from what site or through what advertisement;
• operating system and browser language;
• what pages the user opens and what buttons he presses;
• user’s IP address.
Personal information, including but not limited to the above, is not publicly available.
2. The processing of personal data means any action (operation) or set of actions (operations) with personal data performed using automation tools or without the use of such means. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
3. Security of personal data means the protection of personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
4. Purposes and regulatory grounds for processing users’ personal data
1. The purposes of PD processing are:
• processing incoming requests from individuals for the purpose of providing advice;
• possible study and analysis of your requests and documents attached to the request;
• possible study of other electronic documents (their scanned copies or photos);
• the Company’s possible provision to the User of answers to questions in oral/written/electronic form;
• analytics of an individual’s actions on the site and the functioning of the site;
• conducting advertising and news mailings of the Company about the services provided.
2. The regulatory basis for processing personal data are:
• Art. 24 of the Constitution of the Russian Federation;
• Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ “On Personal Data”;
• Federal Law of the Russian Federation of July 27, 2006 No. 149-FZ “On information, information technologies and information protection”;
• Decree of the Government of the Russian Federation of September 15, 2008 No. 687 “On approval of the Regulations on the specifics of processing personal data carried out without the use of automation tools”;
• Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;
• other federal laws and regulations defining cases and features of personal data processing;
• this Policy.
3. When processing personal data, the Company adheres to the requirements of the current legislation of the Russian Federation in the field of personal data protection, as well as the following principles:
• The Company processes personal data only on a legal and fair basis;
• The Company collects only those personal data that are necessary and sufficient for the processing purposes stated by the Company. The company does not process personal data that is redundant or incompatible with the fulfillment of its contractual obligations.
• The processing of PD by the Company is limited to the achievement of specific, predetermined and legitimate purposes. The company destroys or depersonalizes personal data upon achieving the processing goals or if the need to achieve the goals is no longer necessary.
5. Procedure for the protection of personal data. Transfer of personal data
1. Protection of personal data of site users from unlawful use or loss is provided by the Company at its own expense in the manner established by the current legislation of the Russian Federation in the field of personal data protection, regardless of the presence of relevant requirements from users.
2. When processing PD, the Company takes the necessary legal, organizational and technical measures to protect PD from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other unlawful actions in relation to PD.
3. The company has the right to bring to disciplinary liability employees guilty of violating the rules governing the receipt, processing and protection of personal data of site users.
4. The company excludes access to personal data for users of the website of its employees who are not included in the list of persons authorized to process personal data.
5. During the processing of PD by the Company, the following operations will be performed with them: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
6. The company has the right to entrust the processing of personal data (with the consent of the citizen, unless otherwise provided by law) to third parties, on the basis of an agreement concluded with these persons. Persons processing personal data on behalf of the Company undertake to comply with the principles and rules for processing and protecting personal data provided for by Federal Law No. 152-FZ “On Personal Data”.
7. In cases established by the legislation of the Russian Federation, the Company has the right to transfer personal data of users.
8. The transfer of personal data is carried out in accordance with the requirements of the legislation of the Russian Federation regarding the processing and protection of personal data. The company has the right, and sometimes the obligation, to transfer users’ personal data at its disposal to third parties in the following cases:
• if there is a written consent of the PD subject to transfer his PD to a third party (unless otherwise provided by law), including the name or surname, first name, patronymic and address of the third party, the purposes, terms and methods of processing the PD by the third party;
• in the event that transfer of PD to a third party is necessary to fulfill the Company’s obligations to the user;
• in the event that the obligation to transfer personal data to a third party is assigned to the Company by the current legislation of the Russian Federation.
6. Withdrawal of the user’s consent to the processing of personal data. Storage and destruction of personal data
1. Personal data are processed until the individual user unsubscribes from the Company’s advertising and newsletters.
2. Also, the processing of personal data can be stopped at the user’s request. Consent to PD processing can be revoked by the user or his authorized representative by sending a written statement to the Company, or by sending a letter to the Company’s email address info@pik.com.
3. If the user or his authorized representative withdraws consent to PD processing, the Company has the right to continue processing PD if there are grounds established in clauses 2 – 11 of part 1 of article 6, part 2 of article 10 and part 2 of article 11 of Federal Law No. 152-FZ “On personal data.”
4. The storage of PD recorded on paper is carried out by the Company in accordance with Federal Law No. 125-FZ of October 22, 2004 “On archival affairs in the Russian Federation”, other regulatory legal acts in the field of archival affairs and archival storage and internal administrative acts of the Company.
5. The destruction of personal data is carried out by the Company in cases and in the manner provided for by the current legislation of the Russian Federation.
When PD is destroyed, both on paper and electronic media, the Company ensures that it is impossible for them to be subsequently restored.
7. Final provisions
1. This Policy is valid all the time until its cancellation (change, addition), and for individual users – until the termination of processing of their personal data in accordance with Section 7 of this Policy.
2. This Policy is a public document.
3. Review of the provisions of this Policy may be carried out in the following cases:
• changes in the legislation of the Russian Federation and by-laws regulating the processing and protection of personal data;
• changes in the purposes of personal data processing, the structure of information and (or) telecommunication systems (or the introduction of new ones);
• when using new technologies for processing personal data, including transmission and storage;
• when there is a need to change the process of processing personal data related to the direct activities of the Company;
• based on the results of monitoring compliance with the requirements for processing and protecting personal data; by decision of the Company’s management;
• in other cases.
After revision of the provisions of this Policy, its updated version is published on the Company’s website pik.solar.
4. Persons guilty of violating the requirements of the current legislation of the Russian Federation in the field of processing and protection of personal data, as well as the provisions of this Policy, are liable in accordance with the current legislation of the Russian Federation.
5. This document does not obligate the Company to provide answers to the User’s requests and questions. The Company does not undertake any obligation to provide the User with answers to requests, study his documents or perform other actions related to any request of the User.
6. The Company has the right not to provide any responses to requests without concluding an agreement for the provision of services or supplies.
7. By using feedback forms, the User confirms that he is familiar with the terms of the Company Policy regarding the processing of personal data.
8. The Company has the right to use responses to requests and other documents prepared by it, excluding (deleting) any identifying data, including personal data and other confidential information of the User, on the site. The User has the right to authorize the use of information and data provided by him, which must be reflected in the contract for the provision of services or supplies concluded between the User and the Company.