1. general provisions

1.1. This Personal Data Processing Policy (hereinafter, the “Policy”) has been prepared in accordance with paragraph 2 of Part 1 of Art. 18.1 of the Federal Law of the Russian Federation “On Personal Data” № 152-FZ of July 27, 2006 (hereinafter – the Act) and defines the position of the Administration site (hereinafter – the Administration) in the processing and protection of personal data (hereinafter – Data), the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrets.

2 Area of application

2.1. This Policy applies to Data received both before and after the enactment of this Policy.

2.2. Understanding the importance and value of Data, as well as caring about respect for the constitutional rights of citizens of the Russian Federation and citizens of other states, the Administration of the site provides reliable protection of Data.

3. definitions

3.1. Data means any information relating to a directly or indirectly identified or identifiable individual, i.e. Such information includes, but is not limited to: last name, first name, middle name, e-mail, location, link to a personal website or social networks, ip address.

3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and/or without the use of such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.

3.3. Data security means protection of Data from unauthorized and/or unauthorized access, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.

4. Legal basis and purposes of data processing

4.1. Processing and security of Data by the Site Administration is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Law, the Labor Code of the Russian Federation, by-laws, other federal laws of the Russian Federation, guiding and methodological documents of FSTEC of Russia and FSS of Russia, defining cases and specifics of Data processing.

4.2. The subjects of Data processed by the Administration of the site are:

Users and visitors of the site https://magicmaple.net owned by the Administration of the site, including for the purpose of placing an order on the Site https://magicmaple.net.

4.3. The Administration of the site processes Subject Data for the following purposes:

4.3.1. The implementation of the functions, powers and duties assigned to the Administration of the site by the legislation of the Russian Federation in accordance with federal laws,

4.3.2. Users for the purpose of:

4.3.2.1. – providing information on products/services, current promotions and special offers;

4.3.2.2. – analyze the quality of the service provided and improve the quality of customer service;

4.3.2.3. – information about the status of the order;

4.3.2.4. – the performance of the contract, including the contracts of sale, including of the remote agreement on the Site, paid services; provision of services, as well as accounting of services rendered to consumers to make mutual settlements;

4.3.2.5. – delivery of the ordered Goods to the User who placed the order on the Site, return of the Goods.

5. Principles and conditions of Data processing.

5.1. When processing Data, the Site Administration adheres to the following principles: Data processing is performed on a lawful and fair basis; Data is not disclosed to third parties and is not distributed without the consent of the Data subject, except in cases requiring disclosure of Data at the request of authorized state bodies, legal proceedings; definition of specific lawful purposes before the start of processing (including collection) of Data; only those Data that are necessary and sufficient for the stated processing purpose is collected; consolidated

5.2. The Administration of the site may include data subjects in publicly available sources of Data, and the Administration of the site takes the written consent of the subject for the processing of his Data, or by expressing consent through the form of the site (“checkbox”), by which the subject of personal data expresses his consent.

5.3. The Administration of the site does not process data relating to race, ethnicity, political opinions, religious, philosophical and other beliefs, intimate life, membership in public associations, including trade unions.

5.4. Biometric data (information that describes the physiological and biological characteristics of the person on the basis of which you can identify him or her, and which are used by the operator to identify the data subject) are not processed by the Administration of the site.

5.5. The administration of the site performs cross-border transfer of data. The Administration of the site confirms that the foreign country, in whose territory the transfer of personal data is carried out, provides adequate protection of the rights of subjects of personal data in accordance with the level of security specified in the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.

5.6. In cases stipulated by the legislation of the Russian Federation, the Site Administration has the right to transfer Data to third parties (federal tax service, state pension fund and other state bodies) in cases stipulated by the legislation of the Russian Federation.

5.7. The Administration of the site is entitled to entrust the processing of Data of Data subjects to third parties with the consent of the subject of Data, on the basis of a signed agreement with such persons, including consent to the user agreement and the policy of processing of personal data posted on the site.

5.8. Persons who process Data on the basis of a contract concluded with the Administration of the site (commissioned by the operator) shall be obliged to comply with the principles and rules of data processing and protection provided by the Law. For each third party, the contract specifies a list of actions (operations) with Data to be performed by the third party processing Data, the purpose of processing, establishes the obligation of such person to ensure confidentiality and security of Data during their processing, specifies requirements for the protection of processed Data in accordance with the Law.

5.9. In order to fulfill the requirements of its contractual obligations processing of Data in the Administration of the site is carried out both with and without the use of automated means. The set of processing operations includes the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.

5.10. The Administration of the site is prohibited to make decisions based solely on the automated processing of Data, generating legal consequences with respect to the subject of Data or otherwise affecting his rights and legitimate interests.

6. Rights and obligations of Data subjects, as well as of the Site Administration with regard to Data processing

6.1. The subject, whose Data is processed by the Administration of the site, has the right:

6.1.1. Receive from the Site Administration:

6.1.1.1. Confirmation of the fact of Data processing and information about the availability of Data related to the relevant Data subject;

6.1.1.2. Information about the legal basis and purpose of Data processing;

6.1.1.3. information about the methods used by the Site Administration to process Data;

6.1.1.4. A list of processed Data related to the Data subject and information about the source of the data;

6.1.1.5. information about the terms of Data processing, including the term of its storage;

6.1.1.6. information about how the Data subject exercises his or her rights;

6.1.1.7. other information stipulated by the Law or other regulatory legal acts of the Russian Federation;

6.1.2. Demand that the Administration of the site:

6.1.2.1. Clarify, block or destroy your Data if it is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;

6.1.2.2. revoke his consent to the processing of Data at any time; demand the elimination of unlawful actions of the Administration of the site in respect of his Data;

6.1.2.3. to the protection of their rights and legitimate interests, including compensation for damages and/or compensation for moral harm.

6.2. The administration of the site in the process of processing Data is obliged to:

6.2.1. Provide to the Data Subject at his/her request information concerning the processing of his/her personal data, or legally provide a waiver within thirty days from the date of receipt of the Data Subject’s or his/her representative’s request;

6.2.2. Explain to the Data Subject the legal consequences of a refusal to provide Data if the provision of Data is mandatory under federal law;

6.2.3. Take the necessary legal, organizational and technical measures, or ensure their adoption, to protect Data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful acts in relation to Data;

6.2.4. Publish on the Internet and provide unrestricted access via the Internet to the document defining its policy regarding the processing of Data, information on the implemented requirements for Data protection;

6.2.5. provide Data subjects and/or their representatives with an opportunity to review Data free of charge upon request within 30 days from the date of receipt of such request;

6.2.6. Block unlawfully processed Data relating to the Data subject, or ensure its blocking (if the Data is processed by another person acting on behalf of the Site Administration) from the moment of application or receipt of request for the inspection period, in case of detection of unlawful processing of Data upon application of the Data subject or his representative or upon request of the Data subject or his representative or the authorized body for the protection of the rights of personal data subjects;

6.2.7. Refine the Data or ensure their clarification within 7 working days from the date of data submission and remove the blocking of Data, if it is confirmed that the Data is inaccurate on the basis of the data submitted by the Data subject or his/her representative;

6.2.8. Stop unlawful processing of Data or ensure that unlawful processing of Data ceases;

6.2.9. Terminate the Data processing or ensure its termination and destroy the Data or ensure its destruction upon achieving the purpose of Data processing, unless otherwise provided by the contract to which the Data subject is a party, beneficiary or guarantor, in case the purpose of Data processing is achieved;

6.2.10. Stop processing Data or ensure its termination and destroy Data or ensure its destruction in case the Data subject withdraws consent to Data processing, if the Site Administration is not entitled to process Data without the consent of the Data subject;

7. Data protection requirements

7.1. When processing Data, the Site Administration shall take the necessary legal, organizational and technical measures to protect Data from unauthorized and/or unauthorized access, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful acts in relation to the Data.

7.2. Such measures in accordance with the Law include, among others:

7.2.1. Appointment of the person responsible for organizing Data processing and the person responsible for ensuring Data security;

7.2.2. development and approval of local acts on data processing and protection;

7.2.3. application of legal, organizational and technical measures to ensure data security:

7.2.4. Determination of threats to data security in the course of data processing in personal data information systems;

7.2.5. application of organizational and technical measures to ensure security of Data during its processing in personal data information systems, necessary to meet the requirements for Data protection;

7.2.6. use of duly approved conformity assessment procedures for information protection tools;

7.2.7. assessment of the effectiveness of the measures taken to ensure data security before the commissioning of the personal data information system;

7.2.8. accounting of data storage media, if the Data is stored on machine storage media;

7.2.9. detect the facts of unauthorized access to Data and take measures to prevent similar incidents in the future;

7.2.10. recovery of Data modified or destroyed as a result of unauthorized access to it;

7.2.11. Establishing rules for access to Data processed in the personal data information system, as well as ensuring registration and recording of all actions performed with Data in the personal data information system.

7.2.12. Control over the measures taken to ensure data security and the level of security of personal data information systems;

7.2.13. assessment of the harm that may be caused to Data subjects in case of a violation of the requirements of the Law, the ratio of the said harm and the measures taken by the Site Administration to ensure compliance with the obligations stipulated by the Law;

7.2.14. Compliance with the conditions preventing unauthorized access to tangible media of Data and ensuring the safety of Data;

8. Terms of Data processing (storage)

8.1. The term of processing (storage) of Data is determined based on the purpose of Data processing, in accordance with the term of the contract with the subject of Data, the requirements of federal laws, the requirements of data operators, on behalf of which the Administration site carries out Data processing, the basic rules of archives organizations, the limitation period.

8.2. Data whose processing (storage) period has expired must be destroyed. Data may only be stored after it has been depersonalized.

9. Procedure for obtaining explanations on data processing issues

9.1. Persons whose Data is processed by the Administration of the site can get explanations on the processing of their Data by contacting the Administration of the site through the feedback form.

10. Peculiarities of processing and protection of Data collected by the Administration of the site using the Internet

10.1. The Administration of the site processes the Data coming from the users of the Site from the resource: https://magicmaple.net (hereinafter jointly – the Site), as well as coming to the e-mail address of the Site: support@magicmaple.net, through the feedback form located at: https://magicmaple.net, and in direct proceeding to the registration of the Order.

10.2. Data collection

There are two main ways in which the Site Administration obtains Data via the Internet:

10.2.1. Providing Data (self-entered data):

10.2.1.1. last name

10.2.1.2. name

10.2.1.3. patronymic (if any)

10.2.1.4. email

10.2.1.5. link to the personal website or social networks (if any)

by Data Subjects by email to the Administration of the site: support@magicmaple.net, through the feedback form of the Administration of the site, located at: http://magicmaple.net.

10.3. Automatically collected information

The administration of the site may collect and process information that is not personal data:

10.3.1. positioning

10.3.2. ip address

10.3.3. information about the interests of Users on the Site based on the search queries entered by the Site users about the products sold and offered for sale in order to provide relevant information to users when using the Site, as well as generalization and analysis of information about which sections of the Site and products are in the greatest demand among customers of the Site;

10.3.4. processing and storage of search queries from Site users in order to generalize and create client statistics on the use of Site sections. The site administration automatically receives some types of information received in the course of interaction of users with the Site, correspondence by e-mail, etc. This refers to technologies and services, such as web protocols, cookies, web memos, and applications and tools of the specified third party. However, web tags, cookies, and other monitoring technologies do not enable automatic data retrieval. If a Site user provides their Data at their own discretion, such as when filling out a feedback form or sending an email, only then will processes be triggered to automatically collect detailed information for the convenience of using the Site and/or to improve interaction with Users.

10.4. Using Data

The Site Administration is entitled to use the provided Data in accordance with the stated purposes of its collection, subject to the consent of the Data subject, if such consent is required. The data obtained in a generalized and anonymized form can be used to better understand the needs of buyers of goods and services sold by the Administration site and improve service quality.

10.5. Data Transfer

The Site Administration may entrust third parties to process Data only with the consent of the Data subject. a) In response to legitimate requests from public authorities, in accordance with the law, court orders, etc. b) The Data may not be disclosed to third parties for marketing, commercial and other similar purposes, unless the Data subject has given his prior consent.

10.6. The Site contains links to other web resources where there may be useful and interesting information for users of the Site. However, this Policy does not apply to such other sites. Users clicking on links to other sites are advised to read the Data policies posted on such sites.

10.7. The User of the Site may withdraw their consent to the processing of Data at any time by sending an email to: support@magicmaple.net, via the feedback form located at: http://magicmaple.net. Upon receipt of such a message, the processing of the User Data will be terminated and the User Data will be deleted, unless the processing can be continued in accordance with the law.

11. Concluding Provisions

11.1. This Policy is a local regulatory act of the Site Administration. This Policy is publicly available. This Policy is made publicly available on the Site. This Policy may be revised in any of the following circumstances:

11.1.1. in case of changes in the legislation of the Russian Federation in the field of processing and protection of personal data;

11.1.2. in cases where orders have been received from competent governmental authorities to eliminate non-conformities affecting the scope of the Policy;

11.1.3. at the discretion of the site Administration;

11.1.4. when changing the purposes and terms of Data processing;

11.1.5. when changing the organizational structure, structure of information and/or telecommunication systems (or introducing new ones);

11.1.6. in the application of new technologies of data processing and protection (including transfer, storage);

11.1.7. if there is a need to change the process of processing Data related to the activities of the Site.

11.2. An integral part of this Policy is the Consent to the processing of personal data posted on the Site.

11.3. This Policy applies directly and interdependently with the User Agreement posted on the Site.