This Personal Data Processing Policy (hereinafter - Privacy Policy) has been developed by
Valery Vadimovich Sidorov, an
individual entrepreneur (main state registration number of an individual entrepreneur 316774600425140 individual taxpayer number 420536335676) (hereinafter - Operator) and applies to all information that the website
https://acaciagallery.com, (hereinafter - the "Site"), located on the domain name
https://acaciagallery.com,
including its subdomains, programs and products, may obtain about the User during the use of the Site.
The use of the Site means that the User unconditionally agrees with this Policy and the terms of processing his/her personal information specified therein.
1. GENERAL PROVISIONS1.1 The Policy is a unilaterally adopted by the Operator document regulating the methods and principles, as well as the general procedure for processing and protection of the User’s personal data when selling goods, as well as providing access to the Operator’s website(s), personal account, social networks and messengers, payment and any other services (aggregators, platforms, etc.) and their use, including but not limited to: registering on the website, personal account, accepting the offer (acceptance of any offers (offers) of the Operator without exception, and making payments.) and making payments in cashless form using the Operator’s access to payment services (aggregators, platforms, etc.), including through the Website, personal account, social networks and messengers of the Operator), as well as providing the User with access to services, information and/or materials contained on the site http://acaciagallery.store, social networks and messengers of the Operator(all together hereinafter referred to as the Services, the Remote Services, the Website (all together hereinafter referred to as the Services, the Remote Services, the Website).
1.2 This Policy is an official document of the Operator and determines the methods, objectives, principles, as well as the general procedure for processing and protection of information about individuals - Users during the remote sale of goods by the Operator to the User, as well as when the User uses the Remote Services and the Website.
1.3 The purpose of the Policy is to ensure protection of the User’s rights when processing his/her personal data when purchasing the Operator’s goods, using the Remote Services and (or) the Website, as well as proper protection of the User’s personal data from unauthorized access and disclosure in specified cases.
1.4 The relations related to the processing and protection of the User’s personal data when using the Remote Services and (or) the Website shall be governed by this Policy and the current legislation of the Russian Federation.
1.5 Pursuant to the requirements of part 2 of Article 18.1 of the Federal Law “On Personal Data” dated 27.07.2006 N 152-FZ, this Policy is published in free access in the information and telecommunication network “Internet” on the Operator’s website.
1.6 By purchasing the Operator’s goods, visiting/registering on the Website and using the Remote Services and (or) the Website in any way/method, the User expresses his/her full consent to the terms and conditions of this Policy.
1.7 In case the User does not agree with the terms of this Policy, the purchase of the Operator’s goods, use of the Remote Services and (or) the Website by the User shall be immediately terminated.
1.8 The Policy applies to all User’s personal data processed by the Operator.
1.9 The following terms are used in this Personal Data Processing Policy:
"Administration of the site " - authorized employees to manage the site, acting on behalf of the Individual Entrepreneur Sidorov Valery Vadimovich (main state registration number of an individual entrepreneur 316774600425140 individual taxpayer number 420536335676), who organize and (or) carry out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data subject to processing, actions (operations) performed with personal data.
"Personal Data" means any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
"Processing of personal data" means any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
"Confidentiality of personal data" - a requirement mandatory for the Operator or other person who has access to personal data not to allow their dissemination without the consent of the subject of personal data or the existence of another legal basis.
"User of the Website
https://acaciagallery.com (hereinafter - "User") - a person who has access to the Website, via the Internet and uses the Website.
"The
https://acaciagallery.com website (hereinafter also referred to as the "Website") is a collection of linked web pages located on the Internet at the unique address (URL):
https://acaciagallery.com"Remote service" means a remote (i.e. using telecommunication means without direct visit to the Operator) method of providing the User with the opportunity to purchase goods by the Operator, in accordance with which the Operator provides the User with continuous access to the relevant remote service services (personal account, etc.), within the framework of which the User is provided with the opportunity to send to the Operator the necessary consents for the conclusion and execution of the contract for the purchase of goods by accepting offers (offers to conclude contracts/agreements, etc.) sent by the Operator, receiving advertising and other information, including information about the Operator and its goods, including special offers and promotions of the Operator.
"My Account" - a remote service on the Operator's Website, which can be accessed and used by the User only through authentication (verification of the User's authenticity by entering relevant data).
"Mixed processing of personal data" - processing of personal data by automated means (means of computer technology) or without the use of automated means;
"Dissemination of personal data" means any actions aimed at disclosure of personal data to an indefinite number of persons (transfer of personal data) or familiarization of personal data to an unlimited number of persons, including disclosure of personal data in mass media, placement in information and telecommunication networks or providing access to personal data in any other way;
"Provision of personal data" - actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
"Blocking of personal data" - temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data);
"Destruction of personal data" - any actions as a result of which personal data are irretrievably destroyed with the impossibility of further recovery of the content of personal data in the personal data information system and/or material carriers of personal data are destroyed;
"Personal data depersonalization" - actions, as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information;
"Personal data information system" means a set of personal data contained in databases and information technologies and technical means ensuring their processing;
"Cross-border transfer of personal data" means the transfer of personal data to the territory of a foreign country to a foreign government authority, a foreign natural person or a foreign legal entity.
"Cookies" is a small piece of data sent by a web server and stored on the user's computer, which a web client or web browser sends to the web server in an HTTP request each time it tries to open a page of the relevant website.
"IP address" means the unique network address of a node in an IP-based computer network.
2. PURPOSES AND LEGAL BASIS OF PERSONAL DATA PROCESSING2.1 The User’s use of
https://acaciagallery.com means consent to this Privacy Policy and the terms of processing the User’s personal data.
2.2 This Privacy Policy establishes the obligations of the Administration on non-disclosure and ensuring the protection of confidentiality of personal data, which the User provides at the request of the Administration when registering on the site http://acaciagallery.store, when subscribing to e-mail newsletters or when placing an order.
2.3 The Administration of the site does not verify the accuracy of personal data provided by the User of the site.
2.4 The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not allowed.
2.5 Only personal data that meet the purposes of their processing shall be processed.
2.6 The Operator processes Users’ personal data for the purposes of:
2.6.1 Providing access to and use of the Remote Services and the Operator's Website to the Users;
2.6.2 Conclusion, execution and termination of civil law contracts with the User;
2.6.3. registration of the User on the Website, providing the User with an opportunity to fully utilize the services of the Website;
2.6.4 Providing the User with effective customer and technical support in case of problems related to the use of the Website.
2.6.5. Improvement of the quality of User service and modernization of the Operator's Website by processing User's inquiries and requests.
2.6.6 Ensuring compliance with the Constitution, federal laws and other regulatory legal acts of the Russian Federation;
2.6.7 Conducting statistical and other research based on anonymized information provided by the User.
2.6.8 Directing information mailings of news and advertising nature about new products and special offers within the limits allowed by the legislation of the Russian Federation.
2.7 The Operator processes Users' personal data on the basis of:
2.7.1. of the Constitution of the Russian Federation;
2.7.2. of the Civil Code of the Russian Federation;
2.7.3. of Federal Law No. 149-FZ dated 27.07.2006 "On Information, Information Technologies and Information Protection";
2.7.4. of Federal Law No. 63-FZ dated 06.04.2011 "On Electronic Signature";
2.7.5. Regulations on the peculiarities of personal data processing carried out without the use of means of automation, approved by Resolution of the Government of the Russian Federation No. 687 of September 15, 2008;
2.7.6. Requirements for the protection of personal data during their processing in information systems of personal data, approved by Resolution of the Government of the Russian Federation No. 1119 dated November 1, 2012;
2.7.7 Other regulatory legal acts of the Russian Federation and regulatory documents of the authorized public authorities;
2.7.8 Including Agreements concluded between the Operator and the User;
2.7.9. Consent of personal data subjects to the processing of their personal data.
3. SUBJECT MATTER OF THE PRIVACY POLICY3.1 This Privacy Policy establishes the obligations of the Administration on non-disclosure and protection of confidentiality of personal data, which the User provides at the request of the Administration when registering/visiting the website http://acaciagallery.store, subscribing to e-mail newsletter or placing an order.
3.2 The content and scope of processed personal data shall comply with the stated purposes of processing as provided for in Section 2 of this Policy. The processed personal data shall not be redundant in relation to the stated purposes of their processing.
3.3 In order to implement this Policy, the Operator shall process personal data of individuals - recipients of the Operator's goods when using remote services.
3.4 The personal data allowed for processing under this Privacy Policy is provided by the User by using
https://acaciagallery.com or filling out a form on http://acaciagallery.store, including when placing an order, and includes the following information:
- last name, first name, middle name;
- e-mail address;
- contact info;
- bank details;
- address;
- passport data (if necessary);
- standard data automatically received by the https-server when accessing the Site and subsequent actions of the User (host IP-address, type of user's operating system, pages of the Site visited by the User). Information automatically received when accessing the Site using bookmarks Cookies.
3.5 The website protects the data that is automatically transmitted when visiting the pages:
- IP address;
- cookie information;
- information about the browser (or other program that performs access);
- access time;
- page address;
- referrer (address of the previous page).
3.6 Disabling cookies may result in the inability to access parts of the site that require authorization. The site collects statistics on the IP addresses of its visitors. This information is used to prevent, detect and solve technical problems.
3.7 Any other personal information not specified above (purchase history, browsers and operating systems used, etc.) is subject to secure storage and non-dissemination, except as provided in Section 6 of this Privacy Policy.
3.8 The Operator shall process biometric personal data (information characterizing physiological and biological features of a person on the basis of which his/her identity can be established) in accordance with the legislation of the Russian Federation.
3.9 The Operator does not process special categories of personal data (hereinafter also - PD) concerning race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, except for cases stipulated by the legislation of the Russian Federation.
3.10. Categories of personal data subjects.
The following personal data of the following PD subjects are processed:
- individuals having civil legal relations with the Operator;
- persons using the Operator's website PD processed by the Operator:
- data obtained in the exercise of civil law relations;
- data received upon receipt of payment or in the process of visiting/registering on the Operator's website.
3.11. Storage of PDs.
3.11.1. Subjects' PD may be received, further processed and transferred for storage both in hard copy and in electronic form.
3.11.2. PDs recorded on paper shall be stored in locked cabinets or in locked rooms with limited access rights.
3.11.3. PD of subjects processed using automation tools for different purposes shall be stored in different folders.
3.11.4 It is not allowed to store and place documents containing PD in open electronic catalogs (file sharing) in the Personal Data Information System (here and after also - ISPD).
3.11.5 The storage of Personal Data in a form that allows identifying the subject of Personal Data shall be carried out for no longer than required for the purposes of their processing, and they shall be subject to destruction upon achievement of the purposes of processing or in case of loss of necessity in their achievement.
3.12. Destruction of PDs:
3.12.1 Destruction of documents (carriers) containing PD shall be carried out by burning, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.
3.12.2. PDs on electronic media shall be destroyed by erasing or formatting the media.
3.12.3 The fact of destroying the data shall be documented by a media destruction act.
4. METHODS AND TERMS OF PERSONAL INFORMATION PROCESSING4.1 The User's personal data shall be processed indefinitely until the User revokes his/her consent to the processing of personal data by any lawful means, including in personal data information systems with or without the use of automation tools.
4.2. User agrees that the Administration of the site has the right to transfer personal data to third parties, solely for the purpose of sale / delivery of goods purchased by the User on the Operator's website.
4.3 The User's Personal Data may be transferred to authorized state authorities of the Russian Federation only on the grounds and in accordance with the procedure established by the legislation of the Russian Federation.
4.4 In case of loss or disclosure of personal data, the Website Administration informs the User about the loss or disclosure of personal data.
4.5 Administration of the site takes the necessary organizational and technical measures to protect the User's personal information from illegal or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties. And also does:
- determines the security threats to personal data during its processing;
- adopts local normative acts and other documents regulating relations in the field of personal data processing and protection;
- appoints persons responsible for ensuring personal data security in the structural subdivisions and information systems of the Operator;
- creates the necessary conditions for working with personal data;
- organizes accounting of documents containing personal data;
- organizes work with information systems where personal data are processed;
- stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
-organizes informing the Operator's employees who process personal data.
4.6 The Administration of the site together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's personal data.
5. RIGHTS AND OBLIGATIONS OF THE PARTIES5.1 The User shall have the right to:5.1.1 Make a free decision to provide his/her personal data necessary for the use of the website http:// acaciagallery.store and consent to their processing.
5.1.2 Update, supplement the provided information on personal data in case of changes in this information.
5.1.3 The User has the right to obtain from the Administration of the site information regarding the processing of his personal data, unless such right is restricted in accordance with federal laws. The User has the right to demand from the Administration to clarify his personal data, block or destroy them in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect his rights.
5.1.4 To impose a condition of prior consent when processing personal data for the purpose of marketing works and services;
5.1.5. appeal to Roskomnadzor or in court against unlawful acts or omissions of the Operator in processing his/her personal data;
5.1.6. withdraw your consent to the processing of personal data.
5.2 The User is obliged to:5.2.1 Provide information about personal data necessary for using the Website http:// acaciagallery.store.
5.2.2 Update, supplement the provided information on personal data in case of changes in this information.
5.2.3 Provide information in case of additional requirements of the User on enhanced protection of personal data.
5.3 The Operator shall have the right to:5.3.1 Determine independently the composition and list of measures necessary and sufficient to ensure fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws;
5.3.2 To entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided for by the Federal Law "On Personal Data", on the basis of a contract concluded with this person. The person processing personal data on behalf of the Operator shall be obliged to comply with the principles and rules of personal data processing stipulated by the Personal Data Law;
5.3.3 In case the personal data subject revokes his/her consent to personal data processing, the Operator shall have the right to continue personal data processing without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
5.4 The Operator shall:5.4.1 Organize the processing of personal data in accordance with the requirements of the Federal Law "On Personal Data" dated 27.07.2006 N 152-FZ;
5.4.2 Respond to appeals and requests of personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
5.4.3 Report to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) at the request of this public authority the necessary information within 30 (Thirty) calendar days from the date of receipt of such request.
5.4.4 Use the obtained information exclusively for the purposes specified in this Privacy Policy.
5.4.5 Ensure confidentiality of confidential information, not to disclose without prior written permission of the User, as well as not to sell, exchange, publish, or disclose by other possible means the transferred personal data of the User, with the exception of Section 6 of this Privacy Policy.
5.4.6 Take precautionary measures to protect the confidentiality of the User's personal data according to the procedure usually used to protect such information in the existing business turnover.
5.4.7 Block personal data related to the respective User from the moment of application or request of the User or his/her legal representative or authorized body for protection of the rights of personal data subjects for the period of verification, in case of detection of unreliable personal data or unlawful actions.
6. PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING. CONFIDENTIALITY OF PERSONAL DATA.6.1 Processing of personal data shall be carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
6.2 Processing of personal data shall be carried out with the consent of personal data subjects to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
6.3 The Operator performs both automated and non-automated processing of personal data in accordance with the procedure established by the current legislation.
6.4 The Operator's employees whose job description includes personal data processing may be allowed to process personal data.
6.5 The processing of personal data shall be carried out by:
6.5.1 Receiving personal data orally or in writing directly from personal data subjects;
6.5.2 Obtaining personal data from publicly available sources;
6.5.3 Entering personal data into the Operator's journals, registers and information systems;
6.5.4 Using other methods of personal data processing.
6.6 It is not allowed to disclose to third parties and disseminate personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.
6.7 Transfer of personal data to bodies of inquiry and investigation, other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
6.8. The Operator shall take necessary legal, organizational and technical measures to protect personal data from illegal or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
6.8.1 Identifies threats to the security of personal data during their processing;
6.8.2 Creates the necessary conditions for working with personal data;
6.8.3 Organizes work with information systems where personal data are processed;
6.8.4 Stores personal data in conditions that ensure their safety and prevent unauthorized access to
them;
6.8.5 Organizes informing the Operator's employees who process personal data, if such employees are involved in processing personal data.
6.9 The Operator shall store personal data in a form that allows to identify the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, contract.
6.10. When collecting personal data, including through the information and telecommunications network Internet, the Operator shall ensure recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.
7. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONDING TO THE SUBJECTS' REQUESTS FOR ACCESS TO PERSONAL DATA7.1 Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in part 7 of Article 14 of the Federal Law "On Personal Data" dated 27.07.2006 N 152-FZ, is provided by the Operator to the User when contacting or receiving a request from the subject of personal data.
7.2 The information provided shall not include personal data relating to other personal data subjects, unless there are legitimate grounds for disclosing such personal data.
7.3 Users have the right to send their requests to the Operator, including requests regarding the use of their personal data to the e-mail address: info@acacia.com.
The request must contain:
1) number of the main identity document of the personal data subject, information on the date of issue of the said document and the issuing authority;
2) information confirming the personal data subject's participation in relations with the Operator (contract number, date of contract conclusion, conventional word designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
3) the signature of the personal data subject.
7.4 If the appeal (request) of the personal data subject does not contain all necessary information in accordance with the requirements of the Law on personal data or the subject does not have the right of access to the requested information, a reasoned refusal shall be sent to him.
7.5 The right of the personal data subject to access his/her personal data may be restricted in accordance with part 8 of Article 14 of the Federal Law "On Personal Data" dated 27.07.2006 N 152-FZ, including if the access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.
7.6 In case inaccurate personal data is revealed upon application of a personal data subject or his/her representative or at their request or at the request of Roskomnadzor, the Operator shall block personal data related to this personal data subject from the moment of such application or receipt of the said request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
7.7 If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information submitted by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, shall clarify the personal data within seven working days from the date of submission of such information and remove the blocking of personal data.
7.8 In case of detection of unlawful processing of personal data upon application (request) of a personal data subject or his/her representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data related to this personal data subject from the moment of such application or request.
7.9 Upon achievement of the purposes of personal data processing, as well as in case of withdrawal of consent to processing by the subject of personal data, the personal data shall be destroyed if:
7.9.1. otherwise is not provided for by the contract to which the personal data subject is a party, beneficiary or guarantor;
7.9.2 The Operator may not carry out processing without the consent of the personal data subject on the grounds stipulated by the Personal Data Law or other federal laws;
7.9.3. not otherwise provided for by another agreement between the Operator and the personal data subject.
8. LIABILITY OF THE PARTIES8.1 The Administration of the site, which has not fulfilled its obligations, shall be liable for losses incurred by the User in connection with the unauthorized use of personal data, in accordance with the laws of the Russian Federation, except as provided for in Section 5 and 7 of this Privacy Policy.
8.2 In case of loss or disclosure of Confidential Information the Administration of the site is not responsible if this confidential information:
8.2.1 Became public domain before its loss or disclosure.
8.2.2. was received from a third party before it was received by the Website Administration.
8.2.3. has been disclosed with the User's consent.
8.3 The User is fully responsible for compliance with the requirements of the laws of the Russian Federation, including laws on advertising, on the protection of copyright and related rights, on the protection of trademarks and service marks, including, but not limited to, also including full responsibility for the content and form of materials.
8.4 The User acknowledges that responsibility for any information, including but not limited to: data files, texts, etc., to which he/she may have access as part of the
https://acaciagallery.com website is borne by the person who provided such information.
8.5. User agrees that the information provided to him/her as part of
https://acaciagallery.com may be an intellectual property object, the rights to which are protected and owned by other Users, partners or advertisers who post such information on http://acaciagallery.store. The User may not modify, rent, lease, loan, sell, distribute or create derivative works based on such Content (in whole or in part) unless such actions have been expressly authorized in writing by the owners of such Content under the terms of a separate agreement.
8.6 With regard to text materials (articles, publications freely publicly available on
https://acaciagallery.com) it is allowed to distribute them provided that a link to the Site is given.
8.7 In the absence of proven fault of the Website Administration, the latter shall not be liable to the User for any loss or damage suffered by the User as a result of deletion, failure or inability to save any Content or other communication data contained on or transmitted through
https://acaciagallery.com .
8.8 Administration of the site is not responsible for any direct or indirect losses due to: non-use or inability to use the site or individual services, unauthorized access to User's communications; statements or conduct of any third party on the site.
8.9 Administration of the site is not responsible for any information posted by the user on
https://acaciagallery.com, including, but not limited to: copyrighted information, without the express consent of the copyright owner.
9. DISPUTE RESOLUTION9.1 Before filing a claim with the court on disputes arising from the relationship between the User of the site
https://acaciagallery.com and the Administration of the site, it is mandatory to submit a claim (a written proposal for voluntary settlement of the dispute).
9.2 Within 10 (Ten) calendar days from the date of receipt of the claim, the Claim Recipient shall notify the Claimant in writing of the results of the review of the claim.
9.3 In case of failure to reach an agreement, the dispute will be submitted for consideration to a judicial body in accordance with the current legislation of the Russian Federation.
9.4 The current legislation of the Russian Federation shall apply to this Privacy Policy and relations between the User and the Website Administration.
10. ADDITIONAL CONDITIONS10.1 Administration of the site has the right to make changes to this Privacy Policy without the User's consent.
10.2 The new Privacy Policy comes into effect from the moment of its placement on the Website
https://acaciagallery.com, unless otherwise provided by the new version of the Privacy Policy.
10.3 Any suggestions or questions regarding this Privacy Policy should be communicated to
artgalleryacacia@gmail.com10.4 The current Privacy Policy is available at: https://acaciagallery.com/privacy_en
.INDIVIDUAL ENTREPRENEUR
Individual entrepreneur Valery Vadimovich Sidorov main
state registration number of an individual entrepreneur
316774600425140
individual taxpayer number 420536335676
R/s 40802810402620000763
in JSC "ALFA-BANK", Moscow
correspondent account
30101810200000000593
Bank Identifier Code
044525593
Tel: +7 (925) 333-4313
e-mail:
artgalleryacacia@gmail.com