By using this site, you agree with our cookies usage in accordance with our cookies policy. You can always disable cookies in your browser settings.

RU ENG

6+

RU ENG
6+

Privacy Policy

ROLLINGSTOCK Agency Privacy Policy

January 11, 2022

This Personal Data Privacy Policy (hereinafter – the Privacy Policy) applies to all personal data that the Personal Data Processing Operator (hereinafter – PDPO) may receive about the User while using websites with the domain names rollingstockworld.ru and rollingstockworld.com, including subdomains. PDPO asks you to carefully read the Privacy Policy and in case of disagreement with any provisions, stop using the Site and leave it immediately.

1. Basic concepts

 

1.1. Personal data confidentiality is a mandatory requirement for compliance with the PDPO or another person who has access to Personal data to prevent their distribution without the consent of the subject of Personal data or other legal grounds.

1.2. Processing of personal data – any action (operation) or a set of actions (operations) performed by the PDPO using automation tools or without using such tools with Personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data.

1.3. Personal data processing operator (PDPC) is an individual entrepreneur Sergey Alexandrovich Belov (PSRNSP 321774600734451), registered in accordance with Russian law, legally owning the rollingstockworld.ru and rollingstockworld.com domains, who independently or jointly with other persons organizes and (or) performs the processing of Personal Data, and also determines the purposes of processing Personal Data, the composition of Personal Data to be processed, actions (operations) performed with Personal Data.

1.4. Personal data is any information relating to a directly or indirectly identified or identifiable respective individual (personal data subject).

1.5. Privacy Policy is this document with all changes and additions, located on the Internet at the following addresses: rollingstockworld.ru/privacy-policy/ (in Russian) and rollingstockworld.com/privacy-policy/ (in English).

1.6. User is the Personal data subject, a capable respective individual using the Site in his own interests.

1.7. Site is all sites with domain names rollingstockworld.ru and rollingstockworld.com , including subdomains. In this document, both domains are considered together.

1.8. Personal data dissemination – actions aimed at disclosing personal data to an indefinite circle of persons.

1.9. Cookies are a small piece of data sent by a web server and stored on the User’s device used to access the Site, which the web client or web browser sends to the web server in an HTTPS request each time it tries to open the page of the corresponding site.

1.10. An IP address is a unique network address of a host in an IP-based computer network.

2. General Regulations

 

2.1. The Privacy Policy defines the purposes, content and procedure for processing Personal Data, measures aimed at protecting Personal Data, as well as procedures aimed at identifying and preventing violations of the Russian Federation legislation in the field of Personal Data.

2.2. This Privacy Policy defines the policy of the PDPO as the operator processing Personal Data regarding Personal Data processing and protection. The processing of Personal Data by the PDPO is performed in compliance with the principles and conditions provided for by this Privacy Policy and the Russian Federation legislation in the field of Personal Data.

2.3. This Privacy Policy applies only to information obtained in the process of using the Site.

2.4. PDPO does not verify the accuracy of the Personal Data provided by the User.

2.5. The User’s experience of the Site means acceptance of this Privacy Policy and the Personal Data processing Terms and conditions.

2.6. By accepting this Privacy Policy, the User gives his consent to the PDPO for the processing of his Personal Data specified in paragraphs 3.2.–3.6. of this Privacy Policy, including the collection, recording, accumulation, storage, clarification (updating, changing), extraction, usage, transfer to third parties (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data for the purposes specified in paragraph 4.1.

2.7. If the User does not agree with the Privacy Policy terms, he is obliged to stop using the Site, leave it immediately, and not enter into any contract or agreement with the PDPO.

2.8. This Privacy Policy is published on rollingstockworld.ru/privacy-policy/ (in Russian) and rollingstockworld.com/privacy-policy/ (in English).

2.9. PDPO rights:

2.9.1. collect the User’s Personal Data through the forms on the Site;

2.9.2. provide the User with the technical ability to subscribe to the newsletter, provide the User with access to the Site;

2.9.3. collect, record, accumulate, store, clarify (update, change), extract, use, transfer (distribute, provide, access), depersonalize, block, delete, destroy Personal Data;

2.9.4. distribute the User’s Personal Data after obtaining the User’s separate consent;

2.9.5. transfer Users’ Personal Data to third parties on the basis of agreements concluded to achieve the goals specified in paragraph 4.1.

2.10. PDPO responsibilities:

2.10.1. The PDPO is obliged to use the received Personal Data strictly for the purposes specified in paragraph 4.1 of this Privacy Policy. Processing of Personal Data that is incompatible with the purposes of Personal Data collection is not permitted.

2.10.2. In case of confidential information loss or disclosure, the PDPO doesn’t carry any responsinility if this confidential information:

  • became public domain before its loss or disclosure;
  • was received from a third party prior to its receipt by the PDPO;
  • was disclosed with the consent of the User.

2.10.3. The PDPO is obliged to inform the User or his representative about the processing of the Personal Data of such a User by PDPO at his request.

2.10.4. The PDPO is obliged to ensure reliable protection of the User’s Personal Data, protection of their confidentiality.

2.11. User rights:

2.11.1. The User has the right to demand from the PDPO to clarify his Personal Data, block it or destroy it if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, by sending an email to ed@rollingstockworld.com (appendices № 1, 2, 3 to this Privacy Policy).

2.11.2. The User has the right to send a request to the PDPO regarding his Personal Data that is processed by the PDPO by sending an appeal (Appendix № 4 to this Privacy Policy) to the PDPO by e-mail ed@rollingstockworld.com. The term for receiving a response from the PDPO is up to 30 (thirty) days.

2.11.3. The User has the right to send the PDPO a withdrawal of his consent to the Personal Data processing, consent to the Personal Data dissemination.

2.11.4. The user is allowed to protect his rights and legitimate interests, including material losses and moral damages compensation in court.

2.11.5. The user has the right to appeal against the PDPO’s actions or inactions to the authorized body for the protection of the rights of personal data subjects or by judicial procedure.

2.12. User Responsibilities:

2.12.1. comply with the requirements specified in paragraph 1.6 of this Privacy Policy;

2.12.2. provide information about Personal Data required by the PDPO, including as part of a contract or agreement;

2.13. Databases containing Personal Data of citizens of the Russian Federation are located on the territory of the Russian Federation.

2.14. The PDPO processes Personal Data on a legal and fair basis in order to perform the functions, jurisdictions and obligations assigned by law, to exercise the rights and legitimate interests of the PDPO and other persons. The transfer (distribution, provision) and execution of the User’s Personal Data is carried out only in cases and in the manner prescribed by federal laws.

2.15. PDPO receives Personal Data directly from the User (subject of Personal Data).

2.16. The PDPO processes the User’s Personal Data with his consent, provided either in a written form (if necessary, in accordance with the current legislation of the Russian Federation), or when performing implicit actions.

2.17. Principles of Personal Data processing established by this Privacy Policy:

2.17.1. The processing of Personal Data must be performed on a legal and fair basis.

2.17.2. The processing of Personal Data should be limited to reaching specific, predetermined and legitimate purposes. Processing of Personal Data that is incompatible with the purposes of Personal Data collection is not permitted. It is not allowed to process excessive Personal Data in relation to the stated purposes of their processing.

2.17.3. It is not allowed to combine databases containing Personal Data, the processing of which is carried out for purposes that are incompatible with each other.

2.17.4. Only Personal Data that meet the purposes of their processing are subject to processing.

2.17.5. The content and scope of the processed Personal Data must correspond to the stated purposes of processing. The processed Personal Data should not be excessive in relation to the stated purposes of their processing.

2.17.6. When processing Personal Data, the accuracy of Personal Data, their sufficiency, and, if necessary, their relevance in relation to the purposes of processing Personal Data must be ensured. The PDPO shall take or ensure that the necessary measures are taken to remove or clarify incomplete or inaccurate data.

2.17.7. The storage of Personal Data should be performed in a form that allows determining the subject of Personal Data, not longer than required by the purposes of processing Personal Data, unless the period of Personal Data storage is established by Federal Law, an agreement to which the subject of Personal Data is a party, beneficiary or guarantor. The processed Personal Data is to be destroyed or depersonalized upon completion of processing objectives or in case of no further need to achieve these purposes, unless otherwise provided by Federal Law.

3. Privacy Policy Subject

 

3.1. This Privacy Policy establishes the obligations of the PDPO regarding the processing of the User’s Personal Data, their protection, including ensuring the confidentiality protection of Personal Data that the User provides to the PDPO in the following cases:

  • when filling out the newsletter subscription form on the Site;
  • when sending a claim, statements to the PDPO;
  • in the process of written, electronic and oral communication with the PDPO.

3.2. PDPO collects the following types of information about the User:

  • information that the User consciously provided to the PDPO while using the Site;
  • information that the User consciously provided to the PDPO within the framework of a contractual relationship; this information is processed by the PDPO on the basis of the contract terms and other local documents relevant for PDPO;
  • technical information automatically collected by the Website software during its visit by the User.

3.3. Personal data is provided by the User when filling out the newsletter subscription form on the Site and includes the following information:

  • E-mail address.

3.4. Personal data is provided by the User when sending a claim, statements to the PDPO and includes the following information:

  • surname, name, patronym;
  • E-mail address;
  • another address for sending a response to the User from the PDPO;
  • other Personal data that the User indicates in the complaint or statement on his/her own free will.

3.5. Personal data is provided by the User in the process of written, electronic and oral communication with the PDPO and includes the following information:

  • surname, name, patronym;
  • E-mail address;
  • phone number;
  • other Personal data that the User provides to the PDPO in the process of any type of communication at his own request.

3.6. The technical information automatically collected by the Site software during its visit by the User includes:

  • IP address;
  • information from cookies;
  • browser information;
  • information about the type of device (mobile or PC);
  • access time;
  • other technical and statistical information.

Technical information also includes analytical data obtained as a result of the use of web analytics services by the Site. This information is used strictly for the purposes of internal and external marketing – to analyze trends in visiting the Site and improve Site service.

3.7. The Site implements a technology based on cookies usage. Cookies may be stored on the device used by the User to access the Site, which will later be used to collect statistical data, in particular about the visit to the Site. The PDPO may use and disclose information about the use of the Site, for example, to determine the extent of the Site use, improve its content, explain the utility value of the Site, and to enhance the functionality of the Site. By accepting this Privacy Policy, the User gives the PDPO his consent that the technical data specified in paragraph 3.6, collected from the Site, is transmitted over the Internet.

3.8. PDPO does not store Personal Data in cookies. The PDPO uses information stored in cookies, which does not identify individual Users, to analyze trends, administer the Site, determine Users’ movements on the Site, and to collect demographic information about the base contingent of Users in general.

3.9. If the User does not want the PDPO to collect technical information about him using cookies, then the User must stop using the Site or prohibit the storage of cookies on his device used to access the Site by setting his browser accordingly. At the same time, one should be aware that the services of the Site using this technology may not be available.

3.10. The User confirms his consent to the processing of Personal Data when filling out the newsletter subscription form on the Site by ticking the checkbox located after the corresponding form and clicking on the button in this form on the Site. The User confirms his consent to the Personal Data dissemination by a separate document. Also, by ticking the checkbox and clicking on the button under any form on the Site or by sending a letter/message/appeal to the e-mail address indicated on the Site, the User expresses his full and unconditional consent to the fact that he will receive letters from the PDPO on the e-mail address indicated by him (including mailing letters), unless the User himself expresses his refusal to receive such letters, messages.

3.11. Consent to the processing of Personal Data provided when sending a claim, applications to the PDPO, is carried out by filling out the form provided by the PDPO. The user is obliged to send the completed and signed consent form along with the text of the claim, statement.

3.12. In other cases not specified above, the User confirms his consent to the processing of Personal Data by entering into any communication process with the PDPO.

3.13. PDPO guarantees that it will never provide Personal Data to third parties, unless:

  • this is directly required by law (for example, at the written request of the court, law enforcement agencies);
  • The User has consented to the transfer of Personal Data;
  • the transfer is necessary for contracts formation;
  • the transfer occurs as part of the sale or other transmission of the Site;
  • the transfer takes place as part of the Personal Data database transfer from one service to another in accordance with the contractual relations of the PDPO;
  • it is required to provide support customer service or to assist in the protection and security of the PDPO systems.
4. Purposes of Collection and Processing User’s Personal Data

 

4.1. The processing of Personal Data should be limited to the reaching specific, definite and legitimate purposes. Processing of Personal Data that is incompatible with the purposes of collecting Personal Data is not allowed.

PDPO uses the User’s Personal Data for the following purposes:

  • for feedback with the User, including for the purpose of further contract formation or agreement;
  • to provide the User with the opportunity to use the services of the Site;
  • to send to the User, with his consent, information about the news of the Site or about the partners of the PDPO, including advertising;
  • for marketing research, for targeting;
  • to comply with the current legislation of the Russian Federation;
  • to send a response to the User on a claim or an application.
5. Procedure And Conditions For Personal Data Processing

 

5.1. The PDPO performs the following list of actions with Personal Data: collection, recording, accumulation, storage, clarification (updating, changing), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data, as well as transfer to third parties if it is necessary to interact with third parties in order to achieve the purposes of processing Personal Data (specified in paragraph 4.1).

5.2. PDPO processes Personal Data in the following ways:

  • using automated means of processing Personal data (Site software, mailing service, internal system of PDPO for processing Personal data);
  • without the use of automated means of processing Personal data (Personal data is processed manually by the PDPO). The address of storage of Personal data is the actual location of the PDPO.

5.3. To achieve the goals specified in paragraph 4.1 of this Privacy Policy, the PDPO enters into an agreement with the organization providing the mailing service, according to which the PDPO, among other things, entrusts this organization with the collection and processing of the User’s Personal Data. Within the framework of these contractual relations, the PDPO transfers the following Personal Data of the User:

  • E-mail address.

The User’s personal data specified in this paragraph is collected and processed in accordance with the privacy policy of the organization providing the mailing service, for a period until the purpose of processing Personal data is achieved in each specific case.

5.5. The transfer of the User’s Personal Data to third parties (if necessary) is carried out with the consent of the User for the purposes specified for the contractual obligations fulfillment of the PDPO to the User.

5.6. The User’s personal data may be transferred to authorized state authorities of the Russian Federation, bodies of inquiry and investigation, other authorized bodies only on the basis and in the manner established by the current legislation of the Russian Federation.

6. Measures to Protect Personal Data

 

6.1. The PDPO protects the User’s Personal Data by applying generally accepted security methods to ensure the protection of information from loss, unauthorized or accidental access, distortion and unauthorized distribution, destruction, modification, blocking, copying, as well as any other illegal actions with Personal Data of third parties. Security is implemented by network protection software, access verification procedures, the use of cryptographic information protection tools, compliance with the Privacy Policy, as well as other internal documents regulating the rules for processing Personal Data of the PDPO.

6.2. In the event that Personal Data has been lost or disclosed, the PDPO is obliged to inform the User about this.

6.3. PDPO together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s Personal Data.

6.4. Personal data is kept confidential by the PDPO, unless the User voluntarily posted information for public access in messages, comments, reviews on the Site.

6.5. Ensuring the security of Personal Data processed in the information systems of Personal Data of the PDPO is achieved by eliminating unauthorized, including accidental, access to Personal Data, as well as by taking the following security measures:

6.5.1. identification of threats to the security of Personal data during their processing in the information systems of Personal data of the PDPO;

6.5.2. application of organizational and technical measures to ensure the security of Personal Data during their processing in the Personal Data information systems of the PDPO, necessary to fulfill the requirements for the Personal Data protection, the fulfillment of which ensures the levels of Personal Data protection established by the Government of the Russian Federation;

6.5.3. application of duly completed  compliance  assessment procedures of information security tools;

6.5.4. assessment of the measures effectiveness taken to ensure the security of Personal Data prior to the commissioning of the Personal Data information system;

6.5.5. treatment of computer media Personal data;

6.5.6. detecting facts of unauthorized access to Personal Data and taking measures;

6.5.7. recovery of Personal Data, modified or deleted, destroyed due to unauthorized access to them;

6.5.8. establishing rules for Personal Data access processed in the information systems of the Personal Data of the PDPO, as well as ensuring the registration and accounting of all actions performed with Personal Data in the information systems of the Personal Data of the PDPO;

6.5.9. control over the measures taken to ensure the security of Personal Data and the levels of security of Personal Data information systems.

7. Personal Data Processing Terms

 

7.1. The processing of Personal Data provided by the User on the Site is carried out within the period from the moment the completed form is sent on the Site and for 40 (forty) years or until the Site ceases to operate, or until the withdrawal of consent sent by the User to the PDPO.

7.2. Unless otherwise provided by other paragraphs of this Privacy Policy, the processing of Personal Data is carried out until the PDPO receives a request from the User about his Personal Data destruction or until the purpose of processing Personal Data is achieved.

7.3. The condition for terminating the processing of Personal Data may also be the expiration of the consent or withdrawal of the User’s consent to the processing of his Personal Data, as well as the identification of illegal processing of Personal Data.

7.4. The User independently determines the period of subscription to the newsletter and unsubscribes from the newsletter by clicking on the unsubscribe link that is in each letter received, or by sending a free-form PDPO request to the e-mail address ed@rollingstockworld.com.

8. Legal Basis for Processing Personal Data

8.1. The PDPO processes Personal Data on the basis of the following legal bases:

  • the Constitution of the Russian Federation;
  • Civil Code of the Russian Federation;
  • Law № 2300-1 of 07.02.1992 (as amended on 03.07.2016) “On consumer protection”;
  • Federal Law № 59-FL dated May 2, 2006 “On the Procedure for Considering Appeals from Citizens of the Russian Federation”;
  • Federal Law № 149-FL dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
  • Federal Law № 63-FL of April 6, 2011 “On Electronic Signature”;
  • Federal Law № 152-FL of July 27, 2006 “On Personal Data”;
  • Decree of the Government of the Russian Federation dated November 1, 2012 № 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;
  • Decree of the Government of the Russian Federation № 687 dated 15.09.2008 “On Approval of the Regulation on the Peculiarities of Personal Data Processing without the Use of Automation Tools”;
  • contracts or agreements concluded between the PDPO and the User;
  • agreements concluded between the PDPO and third parties for the purposes specified in paragraph 4.1;
  • consent to the processing of Personal Data (in cases not expressly provided for by the legislation of the Russian Federation, but corresponding to the powers of the PDPO), consent to the Dissemination of personal data.
9. Updating, Correction, Deletion and Destruction of Personal Data, Response to User Requests for Personal Data Access

 

9.1. In case of confirmation of any inaccuracy of the Personal data or the illegality of their processing, the Personal data shall be updated by the PDPO, and the processing shall be terminated accordingly.

9.2. The User’s personal data provided by him on the Site, which is stored by the PDPO and processed by him, can be deleted/depersonalized by the User contacting the PDPO. To do this, you must send a letter (Appendix № 3 to this Privacy Policy) to the PDPO at ed@rollingstockworld.com. In this case, the User will not be able to use the Site. The term for consideration of the User’s request is 10 (ten) business days.

9.3. Upon reaching the goals of processing Personal Data, as well as in the event that the User revokes consent to their processing, the User’s Personal Data is subject to destruction within 10 (ten) work days from the moment the purpose of processing is achieved or the withdrawal is received, if:

  • otherwise is not provided by the agreement to which the User is a party, beneficiary or guarantor;
  • PDPO is not entitled to process without the consent of the User on the grounds provided for by the Federal Law “On Personal Data” or other federal laws;
  • otherwise is not provided by another agreement between the PDPO and the User.

9.4. The PDPO blocks the User’s Personal Data from the moment of the User’s request or request (see Annex № 1 to this Privacy Policy) or his legal representative or authorized body for the rights protection of Personal Data subjects for the period of verification, in case of revealing inaccurate Personal Data or illegal actions.

9.5. The PDPO updates, corrects, clarifies, deletes and destroys the User’s Personal Data within 7 (seven) working days from the date of the User’s application or request (see Annexes № 2, 3 to this Privacy Policy) or his legal representative or authorized body for protection of the Personal data subject rights, in case of revealing false Personal data or illegal actions.

9.6. The PDPO responds to Users’ requests for Personal Data access (see Appendix № 4 to this Privacy Policy) within 30 (thirty) days from the date of the User’s request.

9.7. If the User no longer wishes to receive letters to the e-mail address specified by him, then the User may at any time refuse to receive letters by sending a corresponding request to the PDPO e-mail address ed@rollingstockworld.com.

10. Final Provisions

 

10.1. PDPO has the right to make any changes and additions to the Privacy Policy at any time at his own discretion.

10.2. Changes and additions come into force from the moment the Privacy Policy with changes and additions is posted on the Site. By continuing to use the Site, continuing to receive letters and messages from the PDPO after the publication of a new version of the Privacy Policy, the User thereby confirms that he accepts it.

Appendices

 

Appendix № 1. Application form of the User to block his personal data

Appendix № 2. Application form of the User to clarify his personal data

Appendix № 3. Application form of the User to destruct his personal data

Appendix № 4. Subject request form for access to his personal data

Appendix № 5. Withdrawal form of consent to the processing of his personal data