Политика обработки персональных данных — EN

PERSONAL DATA PROCESSING POLICY

Moscow Edition dated 04.07.2025

1. GENERAL PROVISIONS

1.1 This Personal Data Processing Policy has been developed in accordance with Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data", and intends to determine the procedures for processing personal data and measures to ensure the security of such data that SAYFIN LLC may receive. The policy applies to all personal data processed by SAYFIN LLC.
1.2 Information about SAYFIN LLC:

Name: SAYFIN LLC

Taxpayer Identification Number: 9701314570

E-mail: info@dmitriysayfin.com
1.3 The Policy was developed in accordance with Article 18.1 of Federal Law "On Personal data".
The Policy contains information subject to disclosure according to Article 14 of Federal law "On personal data" and is publicly accessible at http://dmitrisayfin.ru/policy-2.
1.5. The Operator may change the Policy or any part thereof without special notice to the Subjects of Personal Data (hereinafter referred to as "the Subject") and Users. A new version of the Policy will come into force as soon as it is posted on the Operator's website. The Subject is responsible for familiarizing himself with the text of this Policy each time he accesses the Operator’s website.
1.6. Transferring personal data by a Subject implies the Subject's unconditional agreement with the terms and conditions of the Policy for processing their personal data. If the Subject disagrees with the terms, they must refrain from providing personal information to the Operator.
1.7. By using the website with a browser that accepts cookies, the Subject agrees that the Operator may collect and process data from these cookies to improve the website's functionality and content.
1.8 All issues related to the processing of personal data that are not covered by the Policy shall be resolved in accordance with current legislation of the Russian Federation.

2. BASIC CONCEPTS

2.1. The Policy uses concepts in the following meaning::
2.2. Personal data is any information related directly or indirectly to a specific or identifiable natural person (personal data subject).
2.3. Personal data operator (operator) is an individual entrepreneur who independently organizes and/or processes personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed. processing, actions (operations) performed with personal data.
2.4. Personal data processing is any action (operation) or set of actions (operations) with personal data. The processing of personal data includes, but is not limited to:
− collection;
− recording;
− systematization;
− accumulation;
− storage;
− clarification (update, change);
− extraction;
− use;
− transmission (distribution, provision, access);
− depersonalization;
− blocking;
− removal;
− destruction.
2.5. Automated personal data processing is the processing of personal data using computer technology.
2.6. Dissemination of personal data – actions aimed at disclosing personal data to an unspecified group of persons.
2.7. Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.8. Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).
2.9. Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
2.10. Depersonalization of personal data is an action that makes it impossible to determine the identity of personal data to a specific personal data subject without using additional information.
2.11. Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.12. The subject of personal data is an individual to whom the relevant personal data relate.
2.13. The User is an individual to whom the relevant personal data relates, who views and/or uses the functionality of the website.
2.14. Counterparty – an individual who has concluded an agreement with the Operator.
2.15. Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2.16. Website – a set of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the website on the Internet at: http://dmitriysayfin.com / and on all subdomains created based on it.
2.17. Cookies are a small piece of data sent by a web service and stored on the computer of the personal data subject, which the browser sends each time to the web server in an HTTP request when trying to open the page of the corresponding site.
2.18. IP address is a unique network address of a node in a computer network through which a personal data subject gets access to the website.

3. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING

3.1. The processing of personal data by the Operator is carried out in accordance with the following legal grounds:
− The Constitution of the Russian Federation;
− The Labor Code of the Russian Federation;
− The Civil Code of the Russian Federation;
− Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection";
− Decree of the Government of the Russian Federation No. 687 dated September 15, 2008 "On Approval of the Regulation on the Specifics of Personal Data Processing carried out without the use of automation tools";
− Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of Requirements for the Protection of Personal Data during their Processing in Personal Data Information Systems";
− Roskomnadzor Order No. 996 dated September 5, 2013 "On Approval of requirements and methods for depersonalization of personal data";
− FSTEC of Russia Order No. 21 dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems";
− contracts concluded between the Operator and the subjects of personal data;
− consent of personal data subjects to the processing of personal data (hereinafter referred to as "Consent");
– other grounds when consent to the processing of personal data is not required by law.
3.2. The Operator processes personal data only if:
3.2.1. The processing is necessary to fulfill the contractual obligations of the Operator to the subjects of personal data.
3.2.2. Processing is necessary to comply with legal obligations.
3.3. The subject of personal data has the right to revoke the consent to the processing of personal data at any time by sending an e-mail message. info@dmitriysayfin.com.

4. BASIC RIGHTS AND OBLIGATIONS OF THE OPERATOR AND SUBJECTS OF PERSONAL DATA

4.1. Basic rights and obligations of the Operator.
4.1.1. The Operator has the right to:
− receive reliable information and/or documents containing personal data from the personal data subject;
− require the personal data subject to provide timely clarification of the personal data provided.
4.1.2. The Operator is obliged to:
− process personal data in accordance with the procedure established by the legislation of the Russian Federation;
− to organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation;
− consider the requests of the personal data subject (or his legal representative) regarding the processing of personal data and provide motivated answers;
− provide the personal data subject (or his legal representative) with the opportunity to access his personal data free of charge;
− take measures to clarify and destroy the personal data of the personal data subject in connection with his (or his legal representative's) treatment with reasonable demands.
4.2. Basic rights and obligations of personal data subjects.
4.2.1. Subjects of personal data have the right to:
− full information about their personal data processed by the Operator, information about the grounds, purposes, timing, and methods of processing personal data;
− access to their personal data, including the right to receive confirmation of the processing of personal data, a copy of any record containing their personal data, except in cases provided for by the legislation of the Russian Federation;
− to clarify their personal data, to block or destroy them in cases where the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
− to revoke consent to the processing of personal data;
− to take measures provided for by law to protect their rights;
− to exercise other rights provided for by the legislation of the Russian Federation.
4.2.2. Subjects of personal data are obliged to:
− provide the Operator with only reliable information about themselves;
− provide documents containing personal data to the extent necessary for the purpose of processing;
− inform the Operator about the clarification (updating, modification) of their personal data.

5. CATEGORIES OF PERSONAL DATA SUBJECTS

5.1. The personal data subject provides personal data to the Operator when accessing the Operator's Website, filling out forms for concluding an agreement on the Operator's website, registering and/or authorizing on the Operator's website.
5.2. Categories of subjects of personal data whose data is processed by the Operator:
− Site Users;
− clients and counterparties of the Operator (individuals);
− representatives/employees of the Operator's clients and counterparties (legal entities);
− Operator's employees, former employees, candidates for vacant positions.

6. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, PURPOSES OF PERSONAL DATA PROCESSING

6.1. Composition and purposes of processing Users' personal data:
6.1.1. Composition of User data:
− Personal data posted by Users on the Operator's Website, including when filling out forms;
− Data automatically transmitted to the Site during their use using the software installed on the User's device (IP address, MAC address, IMEI, MEID, cookie data, information about the browser, operating system, access time).
6.1.2. The Operator collects and processes only those personal data of Users that are necessary for the following purposes:
− Carrying out advertising and informational mailing, as well as making a callback at the User's request;
− Website administration and protection, collection of Website reports;

− To assign a unique number to the client;

− For processing and delivery of orders.
6.2. Composition and purposes of processing the personal data of the Counterparties:
6.2.1. Composition of the data about the Counterparties:
− last name, first name, patronymic;
− email address;
− contact phone number;
− links to social media profiles (pages);
− data automatically transmitted to the Site during its use using the software installed on the User's device (IP address, MAC address, IMEI, MEID, cookie data, information about the browser, operating system, access time);
− other information provided by the personal data subject at the request of the Operator to fulfill obligations to the Counterparty.
6.2.2. The Operator collects and processes only those personal data of the Counterparties that are necessary for the following purposes:
− conclusion of contracts;
− fulfillment of obligations that have arisen or may arise from the Operator during the execution of the Contract concluded with the Counterparty;
− implementation of advertising and informational mailing;
− Website administration and protection, collection of Website reports;
− compliance with the requirements of Russian legislation.
6.3. Composition and purposes of processing personal data of employees, dismissed employees:
6.3.1. Composition of data on employees, dismissed employees:
− last name, first name, patronymic;
− gender;
− marital status, information about the composition of the family;
− citizenship;
− details of the identity document;
− data on work experience and total length of service, previously held positions;
− individual taxpayer number;
− the insurance number of the individual personal account;
− address of the place of residence;
− email address;
− contact phone number.
6.3.2. The Operator collects and processes only those personal data of employees and dismissed employees that are necessary for the following purposes: Meeting the requirements of labor legislation; Concluding employment contracts and implementing employment relations.

7. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING

7.1. The Operator does not verify the accuracy of the personal information provided by the personal data subject.
7.2. Personal data is processed both with and without automation tools. The processing of personal data is mainly carried out automatically, without access by the Operator or persons authorized by him. If it is necessary to provide access to personal data, the persons authorized by the Operator comply with the rules and procedures regarding the confidentiality of personal data processing, including technical and organizational ones.
7.3. The Operator applies sufficient technical and organizational measures to protect personal data from unauthorized, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access, as well as other illegal forms of processing. These measures include:
7.3.1. Limitation of the number of persons having access to personal data;
7.3.2. Using antivirus protection tools with updated databases;
7.3.3. Information backup.
7.4. Personal data is processed and stored using databases located on the territory of the Russian Federation. There is no cross-border transfer of personal data.
7.5. Personal data is stored for the time necessary to achieve the purpose of collection and processing, longer periods may be applied if necessary to comply with the requirements of legislation and regulations.
7.6. The transfer of personal data to third parties is subject to any of the following conditions::
7.6.1. The personal data subject has consented to the transfer of personal data to third parties;
7.6.2. If such transfer is necessary for the Operator to fulfill its obligations to the Entity under the agreements concluded with it.;
7.6.3. The transfer of personal data to third parties is provided for by the legislation of the Russian Federation.
7.7. The Operator transfers the personal data of the Subjects to the following third parties with whom contracts have been concluded, including conditions for maintaining the confidentiality of personal data: Specify the services and platforms that you use in your activities (FOR EXAMPLE, CDEK, MAILING SERVICES): Name, OGRN, INN, address, as well as the data that is provided (for example, email address, contact phone number).
7.8. The Operator has the right to provide information about the subject of personal data to courts, law enforcement agencies or other government agencies in cases provided for by Russian law.

8. UPDATING, CORRECTING, DELETING AND DESTROYING PERSONAL DATA, RESPONDING TO REQUESTS FROM SUBJECTS FOR ACCESS TO PERSONAL DATA

8.1. In case of confirmation of the inaccuracy of personal data or the illegality of their processing, personal data must be updated by the Operator, and their processing must be terminated.
8.2. Upon achievement of the purposes of personal data processing, as well as in the case of withdrawal by the Subject of consent to their processing, personal data is subject to destruction if:
− nothing else is provided for by the contract to which the personal data subject is a party or beneficiary or guarantor.;
− The operator does not have the right to process personal data without the consent of the subject on the grounds provided for by law.;
− unless otherwise stipulated by another agreement between the Operator and the subject of personal data.

9. RULES FOR RESPONDING TO REQUESTS/APPEALS OF PERSONAL DATA SUBJECTS AND THEIR REPRESENTATIVES

9.1. The Operator is obliged to inform the personal data subject or his representative about the processing of his personal data upon his request.
9.2. The personal data subject has the right to request that personal data be deleted, corrected, updated, restricted, or objected to processing personal data when required by applicable law.
9.3. The subject may send an application or request in writing or electronically, including by e-mail.
9.4. The request of the personal data subject must include:
− the last name, first name and patronymic of the personal data subject, in case of sending a request by a representative - the last name, first name and patronymic of the representative;
− the number of the main identity document of the personal data subject or his legal representative, information about the date of issue of the specified document and the issuing authority;
− a handwritten or electronic signature of the personal data subject.
9.5. If necessary, the Operator requests additional information from the personal data subject.
9.6. The Operator prepares responses and sends written responses with the results of consideration of the request or request within 30 (thirty) calendar days from the date of receipt of the request or request.