- 1. General Provisions
- 1.1. This Policy shall be followed by REG.RU Registrar of Domain Names LLC (hereinafter referred to as the "Company") in respect of processing and protection of personal data of individuals (personal data subjects) on the basis of article 24 of the Constitution of the Russian Federation and Federal Law No. 152-ФЗ "On Personal Data".
- 1.2. The Policy shall apply in respect of all personal data (of subjects) which the Company may receive in the course of its business, including customers of the Company.
- 1.3. The Policy is designed to communicate to those providing their personal data information allowing them to estimate which personal data and with what purposes are processed by the Company, what methods designed to ensure their security are applied.
- 1.4. The Policy shall ensure protection of rights and freedoms of the subjects in the course of processing of their personal data with the help of automation equipment or without such equipment, as well as establish liability of those who have access to personal data for a failure to fulfill the requirements regulating personal data processing and protection.
- 1.5. Providing the Company with their personal data customers using Company's services (including through third parties) confirm their consent to the personal data processing in accordance with this Policy.
- 1.6. A personal data subject may revoke their consent to the personal data processing. Should a personal data subject revoke their consent to the personal data processing, the operator shall have the right to continue processing the personal data without the consent of the personal data subject where there are grounds provided for by current legislation.
- 1.7. This Policy may be amended by the Company.
- 2. Concept and Structure of Personal Data
- 2.1. For the purposes of this Policy personal data shall mean any information relating to a directly or indirectly determined individual (personal data subject).
Depending on the personal data subject, in order to perform its activity and its obligations the Company may process personal data of subjects of the following categories:
- personal data of a Company’s employee: information the Company requires in relation to labor relations and relating to a particular employee;
- Customer’s data: information the Company requires to perform its obligations within the scope of contractual relations with a Customer and to fulfill requirements of the legislation of the Russian Federation;
- Customer’s personal data provided in the course of registration at www.reg.ru, including when the Customer was making Orders.
- 3. Grounds for and Purposes of Personal Data Processing
The Company processes personal data in order to perform its activities, including provision of services to Customers. The Company shall have the right to:
- perform the functions imposed on the Company by the legislation of the Russian Federation in accordance with Federal Law "On Personal Data" and other laws, statutes and regulations of the Russian Federation as well as the Articles of Association and regulations of the Company;
- collect and store Customer’s personal data required to provide services, perform contracts and agreements, perform obligations to the Customer.
The Company may use Customer's personal data for the following purposes:
- identifying the Customer within the scope of agreements;
- contacting the Customer if necessary, including sending offers, notifications, information and requests, both related and not related to service provision, as well as processing Customer’s applications, inquiries and requests;
- improvement of the quality of services provided by the Company.
- 4. Periods of Personal Data Processing
- 4.1. Periods of personal data processing shall be determined on the basis of purposes of the processing in the Company's information systems, in accordance with the duration of an agreement, contract with the personal data subject.
- 5. Persons Allowed to Process Personal Data
- 5.1. In order to achieve the goals set in article 3 of this Policy personal data may be processed only by Company employees who have to process such information in accordance with their job (employment) responsibilities. Such employees may have the access only in the events provided for by law. The Company demands that its employees maintain confidentiality and ensure security of personal data when processing them.
The Company shall have the right to transfer personal data to third parties in the following events:
- the personal data subject gave express consent to such actions;
- the transfer is provided for by Russian or another applicable legislation within the scope of a procedure established by the legislation.
- 6. Methods of Personal Data Processing
- 6.1. Providing services, in the course of intra-company activities the Company shall use automated and non-automated personal data processing.
- 7. Implementation of Personal Data Protection Measures
- 7.1. The Company's activity designed to process personal data in information systems is inseparably associated with protection of privacy of received information by the Company. All the Company employees shall maintain confidentiality of personal data and other information specified by the Company, unless the same contradicts the current legislation of the Russian Federation.
- 7.2. Security of personal data in the course of their processing in the Company's information systems is ensured with the help of an information protection system.
- 7.3. In the course of their processing in information systems personal data are exchanged over communication channels which are protected with the help of information protection equipment.
Processing personal data in its information systems the Company ensures:
- taking measures designed to prevent unauthorized access to the personal data and (or) their transfer to persons having no right to access such information;
- timely detection of facts of unauthorized access to the personal data;
- prevention of any impact on equipment designed for automated personal data processing which may cause the equipment to break down;
- the possibility of immediate recovery of personal data modified or destroyed as a result of unauthorized access thereto;
- constant control of the personal data security level.