Privacy Policy of personal data of website users

Privacy Policy

of personal data of website users

1. General Provisions

1.1. This Privacy Policy of personal data of website users (hereinafter referred to as the Policy) has been developed in compliance with the requirements of Art. 18.1 of the Federal Law of 27.07.2006 No. 152-FZ "On personal data", as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data.
1.2. OOO "GTS ENGINEERING" (hereinafter referred to as the Operator) ensures the protection of processed personal data from unauthorized access and disclosure, unlawful use or loss in accordance with the requirements of the Federal Law of 27 July 2006 No. 152-FZ "On personal data".
1.3. The Policy is a publicly available document that applies only to the website located in the information and communication network Internet at the address: www.pf-trade.ru (hereinafter referred to as the Site).
1.4. The Policy does not apply to third-party websites that a personal data subject may access through the Site.
1.5. The Policy establishes mandatory general requirements and rules for the Operator's employees involved in the processing of personal data for working with all types of storage media containing personal data of personal data subjects using the Site.
1.6. The Policy does not apply to issues of ensuring the security of personal data classified as information constituting a state secret of the Russian Federation.
1.7. The main objectives of the Policy are:
• ensuring the protection of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets;
• eliminating unauthorized actions by the Operator's employees and third parties to collect, systematize, accumulate, store, clarify (update, change) personal data, and other forms of illegal interference in the Operator's information resources and local area network;
• ensuring the legal and regulatory regime of confidentiality of undocumented information of the Users of the Site;
• protection of the constitutional rights of citizens to personal privacy, confidentiality of information constituting personal data, and prevention of the emergence of a possible threat to the security of the Users of the Site.
1.8. Basic concepts used in the Policy:
site - a set of software and hardware for computers that ensure the publication for general viewing of information and data united by a common purpose, by means of technical means used for communication between computers on the Internet;
User - a subject of personal data who has access to the Internet and uses the capabilities of the site;
personal data - any information related to a directly or indirectly determined or determinable individual (subject of personal data);
Manager - the sole executive body of the Operator;
personal data processing - any action (operation) or set of actions (operations) with personal data, performed with the use of automation tools or without their use. Processing of personal data includes, but is not limited to:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (updating, modification);
- retrieval;
- use;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- destruction.
automated processing of personal data - processing of personal data using computer technology.
dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data - actions aimed at disclosing personal data to a specific person or a specific number of persons;
blocking of personal data - temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible carriers of personal data are destroyed;
depersonalization of personal data - actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
personal data information system (hereinafter referred to as ISPD) - a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

2. Principles of processing

2.1. The principles of processing personal data by the Operator's employees are guided by the following:
• personal data is processed on a lawful and fair basis;

• personal data processing must be limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not allowed;
• combining databases containing personal data that are processed for purposes incompatible with each other is not allowed;
• the content and volume of processed personal data must correspond to the stated purposes of processing. The processed personal data must not be excessive in relation to the purposes of their processing;
• when processing personal data, the accuracy and sufficiency of personal data must be ensured;
• personal data must be stored no longer than required by the purposes of processing personal data, unless the storage period for personal data is established by Federal Law or an agreement with the User;
• processed personal data are subject to destruction or depersonalization upon achieving the processing purposes or in the event of loss of the need to achieve these purposes, unless otherwise provided for by law.
2.2. Terms of personal data processing:
• the personal data of the Site Users is processed in accordance with the requirements of the current legislation in the field of personal data protection;
• the personal data on the Site is processed in compliance with the principles and rules stipulated by the Policy and the legislation of the Russian Federation.

2.3. The personal data of the Site Users is processed solely for the purposes of:
• preventing the creation of multiple accounts by Users;
• authorization of the User on the Site;
• providing the User with the opportunity to leave comments and messages on the Site with the subsequent ability to view them.

2.4. The personal data used on the Site are provided by the User independently by entering them in the appropriate form when registering an account, are considered confidential information and are processed exclusively using automation tools.

3. User Rights

3.1. The User has the right to:
• receive information about the Operator, its location, whether the Operator has personal data relating to the User, and to become familiar with such personal data, except in cases expressly provided for by law;
• receive the following information from the Operator regarding the processing of his personal data:
- confirmation of the fact of personal data processing by the Operator, as well as the purpose of such processing;
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by the Operator;
- name and location of the Operator, information about persons who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of applicable law;
- processed personal data relating to the relevant User, the source of their receipt;
- terms of personal data processing, including the terms of their storage;
- the procedure for the personal data subject to exercise the rights stipulated by the Federal Law;
- information on the completed or proposed cross-border transfer of data;
- the name or surname, first name, patronymic and address of the person processing the personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
- other information stipulated by the current legislation of the Russian Federation;
• demand changes, clarifications, destruction of information about oneself;
• appeal illegal actions or inactions regarding the processing of personal data and demand appropriate compensation in court;
• appoint representatives to protect one's personal data;
• demand that the Operator notify of all changes made to them or exceptions from them;
• appeal to the authorized body for the protection of the rights of personal data subjects or in court against the actions or inaction of the Operator if he believes that the latter processes his personal data in violation of the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" or otherwise violates his rights and freedoms;
• to protect his rights and legitimate interests, including compensation for damages or moral damages in court.

4. Duties of the Operator

4.1. In the event of receiving a written request from the User, the Operator is obliged to process it and provide a response to it, in the manner prescribed by the Rules for Consideration of Appeals of Personal Data Subjects and the current legislation of the Russian Federation.
4.2. In the event of receiving a request from the authorized body for the protection of the rights of personal data subjects for the provision of information necessary for the implementation of the activities of the said body, the Operator is obliged to provide such information within the timeframes established by law.
4.3. In case of detection of unlawful processing of personal data, the Operator is obliged to block the unlawfully processed personal data related to the User from the moment such fact is established.
4.4. In case of achievement of the purpose of processing personal data, the Operator is obliged to stop processing personal data and destroy personal data in the manner prescribed by the Regulation on the procedure for destruction of personal data and the current legislation of the Russian Federation.
4.5. The Operator is prohibited from making decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests.

5. Confidentiality of personal data

5.1. The Operator ensures the confidentiality and security of personal data during their processing in accordance with the requirements of the Operator's local regulations and the requirements of current legislation.
5.2. The Operator does not disclose to third parties or distribute personal data without the User's consent, unless otherwise provided for by the requirements of the current legislation of the Russian Federation.

6. Processing of personal data

6.1. All personal data should be obtained from the User. In the event of obtaining consent to the processing of personal data from a representative of the User, his authority must be confirmed in accordance with the procedure established by law.
6.2. The list of persons entitled to access personal data is determined in accordance with the Operator's local regulations and approved by the order of the Head of the Operator.
6.3. The Operator stores the personal data of Users from the moment they are provided until the moment of withdrawal of consent to the processing of personal data, achievement of the processing goals, or expiration of the period for which consent was provided, as well as in other cases expressly provided for by the current legislation of the Russian Federation.
6.4. The Operator does not process personal data of Users on paper media.
6.5. The Operator does not transfer personal data to third parties, including for the purposes of processing. Personal data of Users is processed exclusively by the Operator's employees.
6.6. Blocking and deletion of personal data on the Site is carried out on the basis of a written request from the User or an authorized body.
6.7. Destruction of personal data is carried out by erasing information using certified software.

7. Protection of personal data

7.1. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
7.2. The security of personal data is achieved in the following ways:
• identifying threats to the security of personal data when processing them in personal data information systems;
• applying organizational and technical measures to ensure the security of personal data when processing them in personal data information systems necessary to meet the requirements for the protection of personal data;
• taking into account machine-readable media of personal data;
• detecting facts of unauthorized access to personal data and taking measures;
• restoring personal data modified or destroyed due to unauthorized access to them;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
• control over measures taken to ensure the security of personal data and the level of protection of personal data information systems;
• appointing a person responsible for processing personal data;
• establishing individual passwords for employee access to the information system in accordance with their job responsibilities;
• using certified anti-virus software;
• training the Operator's employees directly involved in the processing of personal data in the provisions of the Russian Federation legislation on personal data, including the requirements for the protection of personal data.
7.3. Protected information about the User on the Site includes data that allows identifying the User or obtaining additional information about him/her, as stipulated by law and the Policy.
7.4. Protected objects of personal data include:
• informatization objects and technical means of automated processing of information containing personal data;
• information resources containing information about information and telecommunication systems that use personal data, about events that have occurred with managed objects, about plans to ensure uninterrupted operation and procedures for switching to control in emergency modes;
• communication channels that are used to transmit personal data in the form of informative electrical signals and physical fields;
• alienable machine-readable information carriers on a magnetic, magneto-optical and other basis, used to process personal data.
7.5. Technological information about information systems and elements of the personal data protection system subject to protection includes:
• information about the access control system to information technology facilities where personal data are processed;
• control information;
• technological information about the means of access to control systems;
• characteristics of communication channels that are used to transmit personal data in the form of informative electrical signals and physical fields;
• information about the means of protecting personal data, their composition and structure, principles and technical solutions for protection; • service data that appears during the operation of software, messages and protocols of inter-network interaction, as a result of personal data processing.
7.6. The personal data protection system complies with the requirements of the RF Government Resolution of November 1, 2012 No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems" and ensures:
• timely detection and prevention of unauthorized access to personal data or their transfer to persons who do not have the right to access such information;
• prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
• the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;
• constant monitoring of the level of security of personal data.

8. Responsibility

8.1. All employees of the Operator who process personal data are required to keep information containing personal data confidential.
8.2. Persons guilty of violating the requirements for the processing of personal data are liable in accordance with the current legislation of the Russian Federation.
8.3. Responsibility for compliance with the personal data regime in relation to personal data located in the databases of the Site lies with the employees of the Operator responsible for the processing of personal data.

9. Final Provisions

9.1. The Policy was approved by order of the Head of the Operator No. 1-PDn dated 05/28/2025, and is valid indefinitely until the new version of the Policy comes into force.
9.2. In the event of a change in the legislation of the Russian Federation in the field of personal data protection, the Operator adopts a new version of the Policy taking into account the changes. Until that moment, the Policy is valid to the extent that it does not contradict the current legislation of the Russian Federation.
9.3. The following contact information may be used to contact the Operator:
e-mail: e-mail: info@pf-trade.ru;
postal address: 150014, Yaroslavl, Svobody St., Building 79, P.O. Box 50