January 11, 2022
1. Basic concepts
1.1. Personal data confidentiality is a mandatory requirement for compliance with the PDPO or another person who has access to Personal data to prevent their distribution without the consent of the subject of Personal data or other legal grounds.
1.2. Processing of personal data – any action (operation) or a set of actions (operations) performed by the PDPO using automation tools or without using such tools with Personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.
1.3. Personal data processing operator (PDPC) is an individual entrepreneur Sergey Alexandrovich Belov (PSRNSP 321774600734451), registered in accordance with Russian law, legally owning the rollingstockworld.ru and rollingstockworld.com domains, who independently or jointly with other persons organizes and (or) performs the processing of Personal Data, and also determines the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.
1.4. Personal data is any information relating to a directly or indirectly identified or identifiable respective individual (personal data subject).
1.6. User is the Personal data subject, a capable respective individual using the Site in his own interests.
1.7. Site is all sites with domain names rollingstockworld.ru and rollingstockworld.com , including subdomains. In this document, both domains are considered together.
1.8. Personal data dissemination – actions aimed at disclosing personal data to an indefinite circle of persons.
1.9. Cookies are a small piece of data sent by a web server and stored on the User’s device used to access the Site, which the web client or web browser sends to the web server in an HTTPS request each time it tries to open the page of the corresponding site.
1.10. An IP address is a unique network address of a host in an IP-based computer network.
2. General Regulations
2.4. PDPO does not verify the accuracy of the Personal Data provided by the User.
2.9. PDPO rights:
2.9.1. collect the User’s Personal Data through the forms on the Site;
2.9.2. provide the User with the technical ability to subscribe to the newsletter, provide the User with access to the Site;
2.9.3. collect, record, accumulate, store, clarify (update, change), extract, use, transfer (distribute, provide, access), depersonalize, block, delete, destroy Personal Data;
2.9.4. distribute the User’s Personal Data after obtaining the User’s separate consent;
2.9.5. transfer Users’ Personal Data to third parties on the basis of agreements concluded to achieve the goals specified in paragraph 4.1.
2.10. PDPO responsibilities:
2.10.2. In case of confidential information loss or disclosure, the PDPO doesn’t carry any responsinility if this confidential information:
- became public domain before its loss or disclosure;
- was received from a third party prior to its receipt by the PDPO;
- was disclosed with the consent of the User.
2.10.3. The PDPO is obliged to inform the User or his representative about the processing of the Personal Data of such a User by PDPO at his request.
2.10.4. The PDPO is obliged to ensure reliable protection of the User’s Personal Data, protection of their confidentiality.
2.11. User rights:
2.11.3. The User has the right to send the PDPO a withdrawal of his consent to the Personal Data processing, consent to the Personal Data dissemination.
2.11.4. The user is allowed to protect his rights and legitimate interests, including material losses and moral damages compensation in court.
2.11.5. The user has the right to appeal against the PDPO’s actions or inactions to the authorized body for the protection of the rights of personal data subjects or by judicial procedure.
2.12. User Responsibilities:
2.12.2. provide information about Personal Data required by the PDPO, including as part of a contract or agreement;
2.13. Databases containing Personal Data of citizens of the Russian Federation are located on the territory of the Russian Federation.
2.14. The PDPO processes Personal Data on a legal and fair basis in order to perform the functions, jurisdictions and obligations assigned by law, to exercise the rights and legitimate interests of the PDPO and other persons. The transfer (distribution, provision) and execution of the User’s Personal Data is carried out only in cases and in the manner prescribed by federal laws.
2.15. PDPO receives Personal Data directly from the User (subject of Personal Data).
2.16. The PDPO processes the User’s Personal Data with his consent, provided either in a written form (if necessary, in accordance with the current legislation of the Russian Federation), or when performing implicit actions.
2.17.1. The processing of Personal Data must be performed on a legal and fair basis.
2.17.2. The processing of Personal Data should be limited to reaching specific, predetermined and legitimate purposes. Processing of Personal Data that is incompatible with the purposes of Personal Data collection is not permitted. It is not allowed to process excessive Personal Data in relation to the stated purposes of their processing.
2.17.3. It is not allowed to combine databases containing Personal Data, the processing of which is carried out for purposes that are incompatible with each other.
2.17.4. Only Personal Data that meet the purposes of their processing are subject to processing.
2.17.5. The content and scope of the processed Personal Data must correspond to the stated purposes of processing. The processed Personal Data should not be excessive in relation to the stated purposes of their processing.
2.17.6. When processing Personal Data, the accuracy of Personal Data, their sufficiency, and, if necessary, their relevance in relation to the purposes of processing Personal Data must be ensured. The PDPO shall take or ensure that the necessary measures are taken to remove or clarify incomplete or inaccurate data.
2.17.7. The storage of Personal Data should be performed in a form that allows determining the subject of Personal Data, not longer than required by the purposes of processing Personal Data, unless the period of Personal Data storage is established by Federal Law, an agreement to which the subject of Personal Data is a party, beneficiary or guarantor. The processed Personal Data is to be destroyed or depersonalized upon completion of processing objectives or in case of no further need to achieve these purposes, unless otherwise provided by Federal Law.
- when filling out the newsletter subscription form on the Site;
- when sending a claim, statements to the PDPO;
- in the process of written, electronic and oral communication with the PDPO.
3.2. PDPO collects the following types of information about the User:
- information that the User consciously provided to the PDPO while using the Site;
- information that the User consciously provided to the PDPO within the framework of a contractual relationship; this information is processed by the PDPO on the basis of the contract terms and other local documents relevant for PDPO;
- technical information automatically collected by the Website software during its visit by the User.
3.3. Personal data is provided by the User when filling out the newsletter subscription form on the Site and includes the following information:
- E-mail address.
3.4. Personal data is provided by the User when sending a claim, statements to the PDPO and includes the following information:
- surname, name, patronym;
- E-mail address;
- another address for sending a response to the User from the PDPO;
- other Personal data that the User indicates in the complaint or statement on his/her own free will.
3.5. Personal data is provided by the User in the process of written, electronic and oral communication with the PDPO and includes the following information:
- surname, name, patronym;
- E-mail address;
- phone number;
- other Personal data that the User provides to the PDPO in the process of any type of communication at his own request.
3.6. The technical information automatically collected by the Site software during its visit by the User includes:
- IP address;
- information from cookies;
- browser information;
- information about the type of device (mobile or PC);
- access time;
- other technical and statistical information.
Technical information also includes analytical data obtained as a result of the use of web analytics services by the Site. This information is used strictly for the purposes of internal and external marketing – to analyze trends in visiting the Site and improve Site service.
3.8. PDPO does not store Personal Data in cookies. The PDPO uses information stored in cookies, which does not identify individual Users, to analyze trends, administer the Site, determine Users’ movements on the Site, and to collect demographic information about the base contingent of Users in general.
3.9. If the User does not want the PDPO to collect technical information about him using cookies, then the User must stop using the Site or prohibit the storage of cookies on his device used to access the Site by setting his browser accordingly. At the same time, one should be aware that the services of the Site using this technology may not be available.
3.10. The User confirms his consent to the processing of Personal Data when filling out the newsletter subscription form on the Site by ticking the checkbox located after the corresponding form and clicking on the button in this form on the Site. The User confirms his consent to the Personal Data dissemination by a separate document. Also, by ticking the checkbox and clicking on the button under any form on the Site or by sending a letter/message/appeal to the e-mail address indicated on the Site, the User expresses his full and unconditional consent to the fact that he will receive letters from the PDPO on the e-mail address indicated by him (including mailing letters), unless the User himself expresses his refusal to receive such letters, messages.
3.11. Consent to the processing of Personal Data provided when sending a claim, applications to the PDPO, is carried out by filling out the form provided by the PDPO. The user is obliged to send the completed and signed consent form along with the text of the claim, statement.
3.12. In other cases not specified above, the User confirms his consent to the processing of Personal Data by entering into any communication process with the PDPO.
3.13. PDPO guarantees that it will never provide Personal Data to third parties, unless:
- this is directly required by law (for example, at the written request of the court, law enforcement agencies);
- The User has consented to the transfer of Personal Data;
- the transfer is necessary for contracts formation;
- the transfer occurs as part of the sale or other transmission of the Site;
- the transfer takes place as part of the Personal Data database transfer from one service to another in accordance with the contractual relations of the PDPO;
- it is required to provide support customer service or to assist in the protection and security of the PDPO systems.
4. Purposes of Collection and Processing User’s Personal Data
4.1. The processing of Personal Data should be limited to the reaching specific, definite and legitimate purposes. Processing of Personal Data that is incompatible with the purposes of collecting Personal Data is not allowed.
PDPO uses the User’s Personal Data for the following purposes:
- for feedback with the User, including for the purpose of further contract formation or agreement;
- to provide the User with the opportunity to use the services of the Site;
- to send to the User, with his consent, information about the news of the Site or about the partners of the PDPO, including advertising;
- for marketing research, for targeting;
- to comply with the current legislation of the Russian Federation;
- to send a response to the User on a claim or an application.
5. Procedure And Conditions For Personal Data Processing
5.1. The PDPO performs the following list of actions with Personal Data: collection, recording, accumulation, storage, clarification (updating, changing), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data, as well as transfer to third parties if it is necessary to interact with third parties in order to achieve the purposes of processing Personal Data (specified in paragraph 4.1).
5.2. PDPO processes Personal Data in the following ways:
- using automated means of processing Personal data (Site software, mailing service, internal system of PDPO for processing Personal data);
- without the use of automated means of processing Personal data (Personal data is processed manually by the PDPO). The address of storage of Personal data is the actual location of the PDPO.
- E-mail address.
5.5. The transfer of the User’s Personal Data to third parties (if necessary) is carried out with the consent of the User for the purposes specified for the contractual obligations fulfillment of the PDPO to the User.
5.6. The User’s personal data may be transferred to authorized state authorities of the Russian Federation, bodies of inquiry and investigation, other authorized bodies only on the basis and in the manner established by the current legislation of the Russian Federation.
6. Measures to Protect Personal Data
6.2. In the event that Personal Data has been lost or disclosed, the PDPO is obliged to inform the User about this.
6.3. PDPO together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s Personal Data.
6.4. Personal data is kept confidential by the PDPO, unless the User voluntarily posted information for public access in messages, comments, reviews on the Site.
6.5. Ensuring the security of Personal Data processed in the information systems of Personal Data of the PDPO is achieved by eliminating unauthorized, including accidental, access to Personal Data, as well as by taking the following security measures:
6.5.1. identification of threats to the security of Personal data during their processing in the information systems of Personal data of the PDPO;
6.5.2. application of organizational and technical measures to ensure the security of Personal Data during their processing in the Personal Data information systems of the PDPO, necessary to fulfill the requirements for the Personal Data protection, the fulfillment of which ensures the levels of Personal Data protection established by the Government of the Russian Federation;
6.5.3. application of duly completed compliance assessment procedures of information security tools;
6.5.4. assessment of the measures effectiveness taken to ensure the security of Personal Data prior to the commissioning of the Personal Data information system;
6.5.5. treatment of computer media Personal data;
6.5.6. detecting facts of unauthorized access to Personal Data and taking measures;
6.5.7. recovery of Personal Data, modified or deleted, destroyed due to unauthorized access to them;
6.5.8. establishing rules for Personal Data access processed in the information systems of the Personal Data of the PDPO, as well as ensuring the registration and accounting of all actions performed with Personal Data in the information systems of the Personal Data of the PDPO;
6.5.9. control over the measures taken to ensure the security of Personal Data and the levels of security of Personal Data information systems.
7. Personal Data Processing Terms
7.1. The processing of Personal Data provided by the User on the Site is carried out within the period from the moment the completed form is sent on the Site and for 40 (forty) years or until the Site ceases to operate, or until the withdrawal of consent sent by the User to the PDPO.
7.3. The condition for terminating the processing of Personal Data may also be the expiration of the consent or withdrawal of the User’s consent to the processing of his Personal Data, as well as the identification of illegal processing of Personal Data.
7.4. The User independently determines the period of subscription to the newsletter and unsubscribes from the newsletter by clicking on the unsubscribe link that is in each letter received, or by sending a free-form PDPO request to the e-mail address firstname.lastname@example.org.
8. Legal Basis for Processing Personal Data
8.1. The PDPO processes Personal Data on the basis of the following legal bases:
- the Constitution of the Russian Federation;
- Civil Code of the Russian Federation;
- Law № 2300-1 of 07.02.1992 (as amended on 03.07.2016) “On consumer protection”;
- Federal Law № 59-FL dated May 2, 2006 “On the Procedure for Considering Appeals from Citizens of the Russian Federation”;
- Federal Law № 149-FL dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
- Federal Law № 63-FL of April 6, 2011 “On Electronic Signature”;
- Federal Law № 152-FL of July 27, 2006 “On Personal Data”;
- Decree of the Government of the Russian Federation dated November 1, 2012 № 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;
- Decree of the Government of the Russian Federation № 687 dated 15.09.2008 “On Approval of the Regulation on the Peculiarities of Personal Data Processing without the Use of Automation Tools”;
- contracts or agreements concluded between the PDPO and the User;
- agreements concluded between the PDPO and third parties for the purposes specified in paragraph 4.1;
- consent to the processing of Personal Data (in cases not expressly provided for by the legislation of the Russian Federation, but corresponding to the powers of the PDPO), consent to the Dissemination of personal data.
9. Updating, Correction, Deletion and Destruction of Personal Data, Response to User Requests for Personal Data Access
9.1. In case of confirmation of any inaccuracy of the Personal data or the illegality of their processing, the Personal data shall be updated by the PDPO, and the processing shall be terminated accordingly.
9.3. Upon reaching the goals of processing Personal Data, as well as in the event that the User revokes consent to their processing, the User’s Personal Data is subject to destruction within 10 (ten) work days from the moment the purpose of processing is achieved or the withdrawal is received, if:
- otherwise is not provided by the agreement to which the User is a party, beneficiary or guarantor;
- PDPO is not entitled to process without the consent of the User on the grounds provided for by the Federal Law “On Personal Data” or other federal laws;
- otherwise is not provided by another agreement between the PDPO and the User.
9.7. If the User no longer wishes to receive letters to the e-mail address specified by him, then the User may at any time refuse to receive letters by sending a corresponding request to the PDPO e-mail address email@example.com.
10. Final Provisions
Appendix № 1. Application form of the User to block his personal data
Appendix № 4. Subject request form for access to his personal data