Personal Data Processing Policy

1. General Provisions

This Personal Data Processing Policy (hereinafter referred to as the “Policy”) is developed in accordance with the requirements of the Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006 (hereinafter referred to as the “Personal Data Law”). It defines the procedure for processing personal data and measures to ensure their security, implemented by SPIBA (hereinafter referred to as the “Operator”).
1.1. The Operator prioritizes respecting human and civil rights and freedoms when processing personal data, including the protection of privacy, personal, and family secrets.
1.2. This Policy applies to all information the Operator may receive about visitors to the website https://spiba.ru.

2. Key Terms Used in the Policy

2.1. Automated processing of personal data: processing using computing tools.
2.2. Blocking personal data: temporary suspension of personal data processing, except in cases where processing is necessary to clarify personal data.
2.3. Website: a set of graphic and informational materials, as well as software and databases, accessible online at https://spiba.ru.
2.4. Personal Data Information System: a set of databases containing personal data and information technologies enabling their processing.
2.5. Anonymization of personal data: actions rendering personal data unidentifiable without additional information.
2.6. Personal data processing: any action or set of actions performed with or without automation, including collection, recording, systematization, storage, clarification, use, transfer, anonymization, blocking, deletion, and destruction.
2.7. Operator: any public, municipal, legal, or physical entity organizing and/or processing personal data and determining purposes and actions for processing.
2.8. Personal data: any information relating directly or indirectly to an identifiable user of https://spiba.ru.
2.9. Personal data permitted for distribution: data made publicly accessible by the data subject through explicit consent, per the Personal Data Law.
2.10. User: any visitor to the website https://spiba.ru.
2.11. Providing personal data: disclosing personal data to a specific party or group.
2.12. Distribution of personal data: disclosure of personal data to an indefinite group of people or making it publicly available through publication or other means.
2.13. Cross-border personal data transfer: transfer of personal data to a foreign authority, individual, or legal entity.
2.14. Destruction of personal data: irreversible actions that eliminate personal data from the system and/or physical storage media.

3. Main Rights and Responsibilities of the Operator

3.1. Operator’s rights:
• Receive accurate information/documents from the data subject.
• Continue processing personal data without consent if allowed by the Personal Data Law.
• Independently determine necessary measures to fulfill legal obligations unless otherwise specified by federal law.
3.2. Operator’s responsibilities:
• Provide information to the data subject about their data processing upon request.
• Ensure processing complies with Russian legislation.
• Respond to data subject requests per the Personal Data Law.
• Notify the authorized personal data protection authority of requests within 10 days.
• Publish and ensure unrestricted access to this Policy.
• Implement measures to protect personal data from unauthorized access or misuse.
• Cease processing and destroy personal data when required.

4. Data Subject Rights and Responsibilities

4.1. Rights:
• Access information about their personal data processing.
• Demand correction, blocking, or destruction of incomplete or inaccurate data.
• Withdraw consent for data processing.
• Appeal the Operator’s actions or inactions to authorities or courts.
4.2. Responsibilities:
• Provide accurate personal data.
• Inform the Operator of updates or changes to their data.

5. Principles of Personal Data Processing

• Lawful and fair processing.
• Processing is limited to achieving specific, lawful purposes.
• Processing ensures data accuracy, sufficiency, and relevance.

6. Conditions for Personal Data Processing

• Processing is based on the subject’s consent or other legal grounds outlined in the Personal Data Law.

7. Data Collection, Storage, and Transfer

• The Operator ensures data security through legal, organizational, and technical measures.
• Personal data is not disclosed to third parties unless legally required or authorized by the subject.

8. Actions with Personal Data

• The Operator performs actions such as collection, recording, storage, transfer, anonymization, blocking, and deletion of personal data.

9. Cross-border Data Transfer

• The Operator notifies relevant authorities before transferring data internationally and ensures compliance with legal requirements.

10. Confidentiality of Personal Data

• The Operator and third parties with access to personal data are obligated not to disclose it without the subject’s consent unless otherwise required by law.

11. Final Provisions

• Users may contact the Operator at info@spiba.ru for clarifications.
• Changes to this Policy will be reflected in updated versions, accessible online at https://spiba.ru/privacy.