Privacy policy

In the field of processing and protecting personal data at the Law Office of Moscow. Moscow “Kanishevskaya, Ozersky, Kochetov, Chetvergov, Kukuev”

1. General provisions This policy on the processing and protection of personal data (hereinafter referred to as the Policy):

• Developed to ensure the implementation of the requirements of Russian legislation in the field of processing personal data of personal data subjects;
• Discloses the main categories of personal data processed at the Law Office in Moscow. Moscow's “Kanishevskaya, Ozersky, Kochetov, Chetvergov, Kukuev” (hereinafter referred to as the Operator), the purposes, methods and principles of personal data processing by the Operator, the rights and obligations of the Operator when processing personal data, the rights of personal data subjects, as well as the list of measures used by the Operator to ensure the security of personal data when processed in the information and telecommunications network;
• It is a publicly available document that declares the conceptual basis of the Operator's activities when processing personal data.

The following concepts and terms are used in this Policy:

• Operator — Law Office in Moscow. Moscow “Kanishevskaya, Ozersky, Kochetov, Chetvergov, Kukuev”, which independently or jointly with other persons organizes and/or processes personal data, as well as determine the purposes of personal data processing, the scope of personal data to be processed, actions (operations) performed with personal data;
• Personal data processing — receiving, storing, combining, transferring or any other use of personal data. ISPD (Personal Data Information System) is an information system that is a set of personal data contained in a database, as well as information technologies and technical means that allow the processing of such personal data using automation tools or without using such tools;
• Personal data (PD) — any information related to a directly or indirectly identified or identifiable individual (personal data subject);
• Providing personal data — actions aimed at disclosing personal data to a specific person or a certain circle of persons;
• Blocking personal data — temporary cessation of personal data processing (except when processing is necessary to clarify personal data);
• Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and/or as a result of which material carriers of personal data are destroyed;
• Anonymization of personal data - actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information;
• Site — a set of web pages posted on the Internet, united by a single theme, design and a single address space of the https://www.knpgroup.ru domain;
• Site Administration (Administration) — persons authorized by the Site Owner to manage the Site and other actions related to its use. The Site Administration acts on behalf of the Site Owner, unless otherwise specified separately.

2. Legal grounds and purposes of personal data processing

2.1. The Operator's policy in the field of personal data processing is determined in accordance with the following regulatory legal acts of the Russian Federation:

• The Constitution of the Russian Federation;
• The Civil Code of the Russian Federation;
• Decree of the Government of the Russian Federation No. 1119 dated November 1, 2012 “On Approval of Requirements for the Protection of Personal Data When Processing Personal Data in Information Systems”;
• Regulations on the processing of personal data carried out without the use of automation equipment, approved by Decree of the Government of the Russian Federation No. 687 dated September 15, 2008;
• Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 “On Personal Data”;
• Federal Law No. 149-FZ of July 27, 2006 “On Informatization, Information Technologies and Information Protection”.

2.2. Pursuant to this Policy, the Director of the Operator approved the following local legal acts:

• Order appointing a person responsible for organizing the processing of personal data;
• Order approving the Policy in the field of processing and protection of personal data in information and telecommunication networks;
• Standard form of consent to the processing of personal data.

2.3. The purposes of processing personal data:

• Compliance with the provisions of regulatory legal acts specified in paragraph 2.1 of this Policy;
• Registration of information from individuals (personal data subjects) necessary to carry out activities provided for by the Company's Charter, namely the provision of intermediary services in the purchase and sale of real estate for a fee on a contractual basis;
• Conducting marketing, statistical and other researchs/surveys based on publicly available data;
• Identification of individuals (personal data subjects) to fulfill obligations under concluded agreements between the Personal Data Subjects and the Operator, including to provide them with technical support;
• To target advertising and/or informational materials by age, gender, and other characteristics;
• Execution of other powers vested in the Operator.

The processing of personal data of individuals (personal data subjects), in accordance with this Data Processing Policy, may be carried out by the Operator personally or by other persons on behalf of the Operator. In particular, the Site's information system is hosted by the company (the name of the User's hosting provider is indicated). Personal data of a personal data subject can also be processed Law Office in Moscow Moscow “Kanishevskaya, Ozersky, Kochetov, Chetvergov, Kukuev” (OGRN 1037701039573). The Operator guarantees that the processing of the personal data subject by other persons, in particular by the company (the name of the User's hosting provider is indicated), REG.RU Domain Name Registrar Limited Liability Company (OGRN 1067746613494) will be carried out strictly in accordance with the provisions of this Data Processing Policy.

3. The categories of personal data processed and their sources of receipt

The Operator's personal data information systems process the following categories of personal data:

1) Personal data of personal data subjects when applying for the service:

• Last name, first name, middle name;
• Date and place of birth;
• Residential address;
• Marital status;
• Social status;
• Property status;
• Revenues;
• Passport details;
• TIN data;
• Pension insurance certificate data;
• Information about the birth of children, marriage/divorce;
• Home and cell phones;
• Employment information;
• Information about immediate family members (Last Name, First Name, Date of Birth, Degree of Kinship);
• Additional information provided for by the terms of the contract and the requirements of federal laws that determine the cases and characteristics of personal data processing.

4. Sources for obtaining personal data

Information about personal data is obtained on the basis of documents and information submitted when filling out the feedback form, registering on the Operator's Website or personally by persons concluding civil law contracts with the Operator, citizens who have applied to the Operator in accordance with the established procedure.

5. Use of cookies

5.1. https://www.knpgroup.ru uses identification technology based on the use of cookies.

5.2. When a PD subject accesses the Site, cookies may be recorded on the device they use to access the Site, which will later be used to automatically authorize the PD subject to the Site, as well as to collect statistical data, in particular on website traffic.

5.3. If the data subject believes that for one reason or another the use of cookie technology is unacceptable for him, he has the right to prohibit the storage of cookies on the computer used by him to access the Site by setting the browser accordingly. However, it should be noted that some services that use this technology may not be available.

6. The basic principles of processing, transferring and storing personal data

6.1 In its activities, the Operator ensures compliance with the principles of personal data processing specified in Article 5 of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”.

6.2 The Operator does not transfer personal data across borders (transfer of personal data to a foreign state authority, a foreign individual or a foreign legal entity).

6.3 The Operator uses publicly available sources of personal data (directory, official information site). Personal data provided by the subject (surname, first name, patronymic, subscriber number and other necessary information) are included in such sources only with the written consent of the personal data subject.

7. Information about persons processing personal data

7.1 In order to comply with the legislation of the Russian Federation, to achieve processing goals, as well as in the interests and with the consent of personal data subjects, the Operator, in the course of its activities, provides personal data to the following organizations:

• Supervisory authorities of state power and local self-government;
• Law enforcement and investigative agencies, courts of all jurisdictions upon special requests;
• To the Central Bank and its territorial divisions on the basis of relevant requests.

The transfer of Personal Data to a third party is possible only with the written consent of the personal data subject. The operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The processing of personal data in cases not provided for by law, or the processing of personal data incompatible with the purposes of collecting personal data, is not allowed.

8. Measures to ensure the security of personal data during their processing

8.1 When processing personal data, the Operator takes all necessary legal, organizational and technical measures to protect and preserve personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

8.2 Ensuring the security of personal data is achieved, in particular:

• Appointment of a person responsible for organizing the processing of personal data;
• Implementing internal control over the compliance of personal data processing with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and regulatory legal acts, requirements for the protection of personal data, and local acts adopted in accordance with it;
• Familiarizing the Operator's employees who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, local acts regarding the processing of personal data, and/or training these employees;
• The use of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to meet the requirements for the protection of personal data;
• Detecting unauthorized access to personal data and taking measures;
• Restoring personal data modified or destroyed as a result of unauthorized access to them;
• Monitoring measures taken to ensure the security of personal data.

8.3. In accordance with the requirements of Federal Law No. 152-FZ “On Personal Data”, the Company's sole executive body has been appointed responsible for organizing the processing of personal data.

9. The rights of personal data subjects

9.1 The personal data subject has the right to receive information about the processing of his personal data by the Operator.

9.2 The personal data subject has the right to require the Operator to clarify, confirm the processing of the personal data subject's personal data processed by the Operator, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights.

9.3 The right of a personal data subject to access his personal data may be limited in accordance with federal laws, including if:

• The processing of personal data, including personal data obtained as a result of operational search, counter-intelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
• Personal data is processed by authorities that detained the personal data subject on suspicion of committing a crime, or charged the personal data subject in a criminal case, or applied a preventive measure to the personal data subject before charges are brought, except in cases provided for by the criminal procedure legislation of the Russian Federation, if it is possible for a suspect or accused person to be acquainted with such personal data;
• Personal data is processed in accordance with legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism;
• The personal data subject's access to his personal data violates the rights and legitimate interests of third parties.

9.4. To exercise their rights and protect their legitimate interests, the personal data subject has the right to contact the Operator. The operator considers any requests and complaints from personal data subjects, thoroughly investigates violations and takes all necessary measures to immediately eliminate them, punish the perpetrators and resolve disputes and conflicts out of court.

9.5 The personal data subject has the right to appeal against the actions or omissions of the Operator by contacting the authorized body for the protection of the rights of personal data subjects.

9.6 The personal data subject has the right to protect his rights and legitimate interests, including compensation for losses and/or compensation for non-pecuniary damage in court.

10. Terms of processing (storage) of personal data

The processing period for personal data begins when it is received by the Operator.

The operator stores personal data in a form that allows identifying the subject of personal data for no longer than required by the purposes of their processing.

The personal data of citizens who apply to the Operator in accordance with the established procedure are stored in the files of the Operator's structural units for a period determined by law and the Operator's nomenclature of cases (5 years).

11. Clarification, blocking and destruction of personal data

The purpose of clarifying personal data, including updates and changes, is to ensure the accuracy, completeness and relevance of personal data processed by the Operator.

The Operator clarifies personal data on its own initiative, at the request of the personal data subject or his representative, at the request of the authorized body for the protection of the rights of personal data subjects in cases where it is established that personal data is incomplete, outdated, and unreliable.

The purpose of blocking personal data is to temporarily stop the processing of personal data until the circumstances that served as the basis for blocking personal data are eliminated.

Personal data is blocked by the Operator at the request of the personal data subject or his representative, as well as at the request of the authorized body for the protection of the rights of personal data subjects in the event of inaccurate personal data or illegal actions with them.

Personal data is destroyed by the Operator:

• Upon reaching the goal of processing personal data;
• If it is no longer necessary to achieve the goals of personal data processing;
• If the personal data subject withdraws consent to the processing of their personal data;
• At the end of the storage period;
• At the request of the personal data subject or the authorized body for the protection of the rights of personal data subjects, if it is revealed that the district administration has committed illegal actions with personal data, when it is not possible to eliminate the relevant violations. When material carriers of personal data are destroyed, an act on the destruction of media containing personal data is drawn up.

12. Final provisions

12.1 This Policy is an internal document of the Operator, publicly available and must be posted on the Operator's official website.

12.2 This Policy is subject to change or amendment in the event of new legislative acts and special regulations on the processing and protection of personal data, but not more than once every three years.

12.3 Compliance with the requirements of this Policy is monitored by the person responsible for ensuring the security of personal data.

12.4 The liability of the Operator's officials with access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and the Operator's internal documents.