Personal Data Processing Policy
1. General Provisions
This Personal Data Processing Policy has been developed in accordance with the requirements of Federal Law No. 152-FZ of 07/27/2006 "On Personal Data" and defines the procedures for processing personal data and measures to ensure the security of such data taken by Valerya Pavlovna Chekunova, hereinafter referred to as Operator.
1.1. The Operator's most important goal and condition for carrying out its activities is to respect human and civil rights and freedoms when processing personal information, including protecting the rights to privacy and personal and family secrets.
1.2. This Policy applies to all information the Operator may receive about visitors to https://kirgiz-passport.com.2.1 Automated processing of personal data - processing of personal information using computer technology.
2.2. Blocking of personal data - temporary suspension of the processing of personal information (except in cases where processing is necessary to verify personal data).
2.3. Website - a collection of graphical and informational materials, as well as computer programs and databases, which ensure their availability on the internet at the network address https://kirgiz-passport.com.
2.4. Personal data information system - a set of personal information contained in databases, as well as information technologies and technical tools that ensure their management.
2.5 Depersonalization of personal information - actions that make it impossible to identify, without the use of additional information, personal data belonging to a specific user or other data subject.
2.6. Processing of Personal Data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, organization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, access), de-identification, blocking, removal, and destruction of personal data.
2.7. Operator - a state body, municipal body, legal entity, or individual who organizes and/or processes personal data independently or jointly with others, as well as determines the purpose of processing personal data, the types of personal data processed, and the actions (operations) taken on personal data.
2.8. Personal Data - Any information directly or indirectly related to a specific User of the https://kirgiz-passport.com website.
2.9. Personal data authorized for distribution by the data subject - personal data that is made available to an unlimited number of people by the data subject by providing consent to the processing of data authorized for distribution in accordance with the procedures provided for in the Law on Personal Data (hereinafter referred to as "personal data authorized for distribution").
2.10. A user is any visitor to the website https://kirgiz-passport.com.
2.11. Providing personal data - actions aimed at sharing personal data with a specific person or a specific group of people.
2.12. Dissemination of personal data - any actions aimed at revealing personal data to a wide range of people (transfer of personal data) or making personal data available to an unlimited number of people, including publishing personal data in media, posting on information and telecommunication networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data refers to the transfer of personal information to the territory of another country to a government agency, individual, or legal entity based in that country.
2.14. Destruction of personal data means any actions that result in permanent deletion of personal data, making it impossible to recover the content of the data in a personal information system, and/or destroying the physical media containing the personal data.
3. Fundamental rights and responsibilities of the Operator:
3.1. The Operator is entitled to:— receive reliable information and/or documents containing personal data from the individual whose data is being processed;
— if the individual withdraws consent for the processing of their personal data or sends a request to stop the processing of their data, the operator has the right to continue processing the data without their consent if there are reasons specified in the relevant law;
— independently determine the measures necessary and sufficient to fulfill obligations under the relevant law and other relevant legal acts, unless specified otherwise by the law or other federal acts.
3.2. The operator is obligated to:
— provide the individual with information regarding the processing of their data upon request;— organize the processing of personal data in accordance with the procedures established by the current legislation of the Russian Federation;
— respond to inquiries and requests from individuals and their representatives in accordance with the requirements of the Personal Data Protection Law;
— provide the necessary information to the authorized body responsible for protecting the rights of individuals at the request of that body within 10 days of receiving such a request;
— publish or otherwise make this Policy regarding the handling of personal data publicly available;
— implement legal, organizational, and technical measures to safeguard personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, or other unlawful actions related to personal data.— Stop transferring (distributing, providing, accessing) personal data and stop processing and destroying personal data in accordance with the Law on Personal Data;
— Perform other duties provided by the Law on Personal Data.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects have the right to:
— Receive information regarding the processing of their personal data, except in cases provided by federal laws. Information is provided to personal data subjects by the operator in an accessible format and should not contain personal data relating to other personal data subjects, unless there are legitimate reasons for disclosure of such personal data. A list of information and procedures for obtaining it are established by the Law on Personal Data.— to require the operator to clarify their personal data, block or delete them if the data is incomplete, outdated, inaccurate, obtained illegally, or not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
— to provide prior consent for the processing of their personal data when promoting goods, works, and services on the market;
— revoke consent for the processing of personal data and send a request to stop the processing;
— appeal to an authorized body or court for protection of their rights against illegal actions or omissions of the Operator during processing of their data;
and to exercise other rights granted by Russian legislation.
4.2. Subjects of personal data must:
— provide reliable information about themselves to the Operator.- To inform the Operator about any changes or updates to their personal information.
4.3. Individuals who provide false information to the Operator or share personal data about others without their consent may be held responsible in accordance with Russian law.
5. Personal Data Processing Principles
5.1. Personal data is processed in a legal and fair manner.
5.2. Processing is limited to specific, pre-determined, and legitimate goals, and cannot be used for purposes other than those stated at the time of collection.
5.3. Combining databases containing personal information that is not compatible with each other's purposes is not permitted.
5.4. Only data relevant to the intended use of the information is processed.
5.5. The content and amount of processed personal data is consistent with the stated goals of processing. Excessive processing of personal data is not permitted in relation to these stated purposes.
5.6. When processing personal data, accuracy, sufficiency, and relevance of the data in relation to the goals of its processing are ensured. The operator takes necessary measures and/or ensures that such measures are taken to remove or correct incomplete or inaccurate information.
5.7. Personal data is stored in a form that allows identifying the subject of the data, for no longer than is necessary for the purposes of processing, unless a longer period of storage is established by law or an agreement between the subject and the organization. Personal information will be destroyed or anonymized when processing goals are achieved or if there is no longer a need to achieve them, unless otherwise specified by law.
6. Purpose of personal data processing:
- Conclusion, execution, and termination of contracts
- Personal data: last name, first name, middle name, phone number
- Legal basis: contracts between the operator and subject
- Types of personal data processed: collection, recording, organization, accumulation, storage, deletion, anonymization
7. Conditions of personal data use:
7.1. The processing of personal data is carried out with the consent of a person whose personal data are being processed.
7.2. The processing of such data is necessary to achieve goals provided for in an international agreement or law of the Russian Federation, as well as to carry out functions, powers, and duties assigned by legislation to the operator.
7.3. Processing of personal information is required for administration of justice and execution of judicial acts, acts of other bodies or officials, in accordance with legislation on enforcement proceedings in the Russian Federation.
7.4. Processing of personal data is necessary for performing an agreement to which the data subject is party or beneficiary, or guarantor; as well as to conclude an agreement on behalf of the data subject, or an agreement where the data subject will be beneficiary or guarantor.
7.5. Processing of data is also necessary to exercise rights and legitimate interests, or achieve socially significant goals of the operator, provided that rights and freedoms are not violated.
7.6. Data is processed that is publicly available, meaning it is accessible to an unlimited number of people by the data owner or upon request.
Personal data that must be published or disclosed according to federal law is also processed.
8. The procedure for collecting, storing, transferring and other types of processing personal data.
The security of personal data processed by the operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.
8.1. The operator ensures the safety of personal information and takes all possible steps to prevent unauthorized access to personal information.
8.2. Personal information of a user will never under any circumstances be transferred to third parties except in cases related to compliance with current legislation or when the subject of the personal information has given consent for the operator to transfer the data to a third party in order to fulfill obligations under a civil contract.
8.3. In case of inaccuracies in personal data, the user can update them independently by sending a notification to the operator's email address admin@kirgiz-passport.com with the subject "Updating of Personal Data".
8.4. The period of processing personal data is determined by the achievement of the purpose for which the personal data was collected. Unless another period is specified in the contract or current legislation, the period is determined at the discretion of the operator.
The user can withdraw their consent to the processing of their personal data at any time by sending an email to the operator via the email address admin @kirgiz-passport.com with the subject line "Withdrawal of Consent to Processing of Personal Data."
8.5. All information collected by third-party services, including payment systems, means of communication, and other service providers is stored and processed by these individuals (operators) in accordance with their user agreement and privacy policy. The subject matter of personal data, and/or specified documents is not the responsibility of the operator for the actions of third parties, including service providers specified in this clause.
8.6. The prohibitions imposed on the subject of personal information regarding transfer (except granting access) or processing, or conditions of processing, except for obtaining access, to personal data permitted for distribution do not apply in instances where personal data is processed in the state's, public, or other public interest as defined by the laws of the Russian Federation.
8.7. The operator ensures the confidentiality of personal information when processing it.
8.8. The Operator stores personal data in a way that allows determining the subject of personal data for no longer than is required for the purposes of processing personal data, unless the period of storage is established by federal law or an agreement to which the subject is a party.
8.9. The condition for termination of processing may be achievement of the purpose, expiration of consent, withdrawal of consent or requirement to terminate processing, as well as identification of illegal processing.
9. List of actions by the Operator on received personal data:9.1 The operator collects, records, systems, accumulates and stores data. It clarifies (updates/changes) data, extracts it, uses it and transfers (distribute/provide access to) it. The operator also depersonalize, block and delete personal data and destroy it.
9.2. The operator performs automated processing of data with or without receiving or transmitting information via information and communication networks.
10. Cross-border transfers of personal data:
Prior to starting cross-border transfers, the operator must notify the authorized agency for protection of rights of data subjects about its intention to transfer data across borders. This notification is separate from the one about processing data.10.2 Before submitting the above notice, the operator must receive relevant information from foreign authorities, individuals and legal entities whose personal data will be transferred across borders.
11. Confidentiality of Personal Data
The operator and others with access to personal information must not disclose or share personal data with third parties without consent from the subject unless otherwise required by federal law.
Final Provisions
12. The user can request clarification on any issues related to their personal data through the operator's email at admin@kirgiz-passport.com.
12.1. This document reflects any changes to the operator' policy for processing personal information.
12.2. The policy remains in effect indefinitely until a new version replaces it.
12.3. The current version of the policy is freely available on the internet at https://kirgiz-passport.com/privacy.
1. General Provisions
This Personal Data Processing Policy has been developed in accordance with the requirements of Federal Law No. 152-FZ of 07/27/2006 "On Personal Data" and defines the procedures for processing personal data and measures to ensure the security of such data taken by Valerya Pavlovna Chekunova, hereinafter referred to as Operator.
1.1. The Operator's most important goal and condition for carrying out its activities is to respect human and civil rights and freedoms when processing personal information, including protecting the rights to privacy and personal and family secrets.
1.2. This Policy applies to all information the Operator may receive about visitors to https://kirgiz-passport.com.2.1 Automated processing of personal data - processing of personal information using computer technology.
2.2. Blocking of personal data - temporary suspension of the processing of personal information (except in cases where processing is necessary to verify personal data).
2.3. Website - a collection of graphical and informational materials, as well as computer programs and databases, which ensure their availability on the internet at the network address https://kirgiz-passport.com.
2.4. Personal data information system - a set of personal information contained in databases, as well as information technologies and technical tools that ensure their management.
2.5 Depersonalization of personal information - actions that make it impossible to identify, without the use of additional information, personal data belonging to a specific user or other data subject.
2.6. Processing of Personal Data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, organization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, access), de-identification, blocking, removal, and destruction of personal data.
2.7. Operator - a state body, municipal body, legal entity, or individual who organizes and/or processes personal data independently or jointly with others, as well as determines the purpose of processing personal data, the types of personal data processed, and the actions (operations) taken on personal data.
2.8. Personal Data - Any information directly or indirectly related to a specific User of the https://kirgiz-passport.com website.
2.9. Personal data authorized for distribution by the data subject - personal data that is made available to an unlimited number of people by the data subject by providing consent to the processing of data authorized for distribution in accordance with the procedures provided for in the Law on Personal Data (hereinafter referred to as "personal data authorized for distribution").
2.10. A user is any visitor to the website https://kirgiz-passport.com.
2.11. Providing personal data - actions aimed at sharing personal data with a specific person or a specific group of people.
2.12. Dissemination of personal data - any actions aimed at revealing personal data to a wide range of people (transfer of personal data) or making personal data available to an unlimited number of people, including publishing personal data in media, posting on information and telecommunication networks, or providing access to personal data in any other way.
2.13. Cross-border transfer of personal data refers to the transfer of personal information to the territory of another country to a government agency, individual, or legal entity based in that country.
2.14. Destruction of personal data means any actions that result in permanent deletion of personal data, making it impossible to recover the content of the data in a personal information system, and/or destroying the physical media containing the personal data.
3. Fundamental rights and responsibilities of the Operator:
3.1. The Operator is entitled to:— receive reliable information and/or documents containing personal data from the individual whose data is being processed;
— if the individual withdraws consent for the processing of their personal data or sends a request to stop the processing of their data, the operator has the right to continue processing the data without their consent if there are reasons specified in the relevant law;
— independently determine the measures necessary and sufficient to fulfill obligations under the relevant law and other relevant legal acts, unless specified otherwise by the law or other federal acts.
3.2. The operator is obligated to:
— provide the individual with information regarding the processing of their data upon request;— organize the processing of personal data in accordance with the procedures established by the current legislation of the Russian Federation;
— respond to inquiries and requests from individuals and their representatives in accordance with the requirements of the Personal Data Protection Law;
— provide the necessary information to the authorized body responsible for protecting the rights of individuals at the request of that body within 10 days of receiving such a request;
— publish or otherwise make this Policy regarding the handling of personal data publicly available;
— implement legal, organizational, and technical measures to safeguard personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, or other unlawful actions related to personal data.— Stop transferring (distributing, providing, accessing) personal data and stop processing and destroying personal data in accordance with the Law on Personal Data;
— Perform other duties provided by the Law on Personal Data.
4. Basic rights and obligations of personal data subjects
4.1. Personal data subjects have the right to:
— Receive information regarding the processing of their personal data, except in cases provided by federal laws. Information is provided to personal data subjects by the operator in an accessible format and should not contain personal data relating to other personal data subjects, unless there are legitimate reasons for disclosure of such personal data. A list of information and procedures for obtaining it are established by the Law on Personal Data.— to require the operator to clarify their personal data, block or delete them if the data is incomplete, outdated, inaccurate, obtained illegally, or not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
— to provide prior consent for the processing of their personal data when promoting goods, works, and services on the market;
— revoke consent for the processing of personal data and send a request to stop the processing;
— appeal to an authorized body or court for protection of their rights against illegal actions or omissions of the Operator during processing of their data;
and to exercise other rights granted by Russian legislation.
4.2. Subjects of personal data must:
— provide reliable information about themselves to the Operator.- To inform the Operator about any changes or updates to their personal information.
4.3. Individuals who provide false information to the Operator or share personal data about others without their consent may be held responsible in accordance with Russian law.
5. Personal Data Processing Principles
5.1. Personal data is processed in a legal and fair manner.
5.2. Processing is limited to specific, pre-determined, and legitimate goals, and cannot be used for purposes other than those stated at the time of collection.
5.3. Combining databases containing personal information that is not compatible with each other's purposes is not permitted.
5.4. Only data relevant to the intended use of the information is processed.
5.5. The content and amount of processed personal data is consistent with the stated goals of processing. Excessive processing of personal data is not permitted in relation to these stated purposes.
5.6. When processing personal data, accuracy, sufficiency, and relevance of the data in relation to the goals of its processing are ensured. The operator takes necessary measures and/or ensures that such measures are taken to remove or correct incomplete or inaccurate information.
5.7. Personal data is stored in a form that allows identifying the subject of the data, for no longer than is necessary for the purposes of processing, unless a longer period of storage is established by law or an agreement between the subject and the organization. Personal information will be destroyed or anonymized when processing goals are achieved or if there is no longer a need to achieve them, unless otherwise specified by law.
6. Purpose of personal data processing:
- Conclusion, execution, and termination of contracts
- Personal data: last name, first name, middle name, phone number
- Legal basis: contracts between the operator and subject
- Types of personal data processed: collection, recording, organization, accumulation, storage, deletion, anonymization
7. Conditions of personal data use:
7.1. The processing of personal data is carried out with the consent of a person whose personal data are being processed.
7.2. The processing of such data is necessary to achieve goals provided for in an international agreement or law of the Russian Federation, as well as to carry out functions, powers, and duties assigned by legislation to the operator.
7.3. Processing of personal information is required for administration of justice and execution of judicial acts, acts of other bodies or officials, in accordance with legislation on enforcement proceedings in the Russian Federation.
7.4. Processing of personal data is necessary for performing an agreement to which the data subject is party or beneficiary, or guarantor; as well as to conclude an agreement on behalf of the data subject, or an agreement where the data subject will be beneficiary or guarantor.
7.5. Processing of data is also necessary to exercise rights and legitimate interests, or achieve socially significant goals of the operator, provided that rights and freedoms are not violated.
7.6. Data is processed that is publicly available, meaning it is accessible to an unlimited number of people by the data owner or upon request.
Personal data that must be published or disclosed according to federal law is also processed.
8. The procedure for collecting, storing, transferring and other types of processing personal data.
The security of personal data processed by the operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation on personal data protection.
8.1. The operator ensures the safety of personal information and takes all possible steps to prevent unauthorized access to personal information.
8.2. Personal information of a user will never under any circumstances be transferred to third parties except in cases related to compliance with current legislation or when the subject of the personal information has given consent for the operator to transfer the data to a third party in order to fulfill obligations under a civil contract.
8.3. In case of inaccuracies in personal data, the user can update them independently by sending a notification to the operator's email address admin@kirgiz-passport.com with the subject "Updating of Personal Data".
8.4. The period of processing personal data is determined by the achievement of the purpose for which the personal data was collected. Unless another period is specified in the contract or current legislation, the period is determined at the discretion of the operator.
The user can withdraw their consent to the processing of their personal data at any time by sending an email to the operator via the email address admin @kirgiz-passport.com with the subject line "Withdrawal of Consent to Processing of Personal Data."
8.5. All information collected by third-party services, including payment systems, means of communication, and other service providers is stored and processed by these individuals (operators) in accordance with their user agreement and privacy policy. The subject matter of personal data, and/or specified documents is not the responsibility of the operator for the actions of third parties, including service providers specified in this clause.
8.6. The prohibitions imposed on the subject of personal information regarding transfer (except granting access) or processing, or conditions of processing, except for obtaining access, to personal data permitted for distribution do not apply in instances where personal data is processed in the state's, public, or other public interest as defined by the laws of the Russian Federation.
8.7. The operator ensures the confidentiality of personal information when processing it.
8.8. The Operator stores personal data in a way that allows determining the subject of personal data for no longer than is required for the purposes of processing personal data, unless the period of storage is established by federal law or an agreement to which the subject is a party.
8.9. The condition for termination of processing may be achievement of the purpose, expiration of consent, withdrawal of consent or requirement to terminate processing, as well as identification of illegal processing.
9. List of actions by the Operator on received personal data:9.1 The operator collects, records, systems, accumulates and stores data. It clarifies (updates/changes) data, extracts it, uses it and transfers (distribute/provide access to) it. The operator also depersonalize, block and delete personal data and destroy it.
9.2. The operator performs automated processing of data with or without receiving or transmitting information via information and communication networks.
10. Cross-border transfers of personal data:
Prior to starting cross-border transfers, the operator must notify the authorized agency for protection of rights of data subjects about its intention to transfer data across borders. This notification is separate from the one about processing data.10.2 Before submitting the above notice, the operator must receive relevant information from foreign authorities, individuals and legal entities whose personal data will be transferred across borders.
11. Confidentiality of Personal Data
The operator and others with access to personal information must not disclose or share personal data with third parties without consent from the subject unless otherwise required by federal law.
Final Provisions
12. The user can request clarification on any issues related to their personal data through the operator's email at admin@kirgiz-passport.com.
12.1. This document reflects any changes to the operator' policy for processing personal information.
12.2. The policy remains in effect indefinitely until a new version replaces it.
12.3. The current version of the policy is freely available on the internet at https://kirgiz-passport.com/privacy.
Privacy Policies