Data Privacy Policy
1. General Provisions
This personal data processing policy is drawn up in compliance with the requirements of the Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 (hereinafter – Personal Data Law) and determines the procedures for processing personal data and measures to ensure the safety of personal data undertaken by LLC "Garuda-Express" (hereinafter – Operator).
1.1. The Operator's primary goal and condition for its activities is to uphold the rights and freedoms of individuals concerning their personal data processing, including the protection of privacy, personal, and family confidentiality rights.
1.2. This Operator's policy on personal data processing (hereinafter – Policy) applies to all information the Operator can receive about visitors to the website https://abhaztaxi.ru.
2. Key Terms Used in the Policy
2.1. Automated personal data processing - processing personal data using computer technology.
2.2. Blocking personal data - temporarily halting personal data processing (except when processing is necessary to clarify personal data).
2.3. Website - a collection of graphical and informational materials, as well as software and databases, ensuring their availability on the Internet at the network address https://abhaztaxi.ru.
2.4. Personal data information system - a set of personal data contained in databases and ensuring their processing through information technology and technical means.
2.5. Depersonalization of personal data - actions resulting in the impossibility of determining the ownership of personal data to a specific User or other personal data subject without additional information.
2.6. Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without such tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator - a state body, municipal body, legal entity, or individual independently or jointly with other entities organizing and/or processing personal data, as well as defining their processing goals, composition, and actions (operations) with personal data.
2.8. Personal data - any information related directly or indirectly to a specific or determinable User of the website https://abhaztaxi.ru.
2.9. Personal data permitted for dissemination by the personal data subject - personal data, unlimited access of persons is provided by the personal data subject by giving consent for data processing as permitted by the Personal Data Law (hereinafter - personal data permitted for dissemination).
2.10. User - any visitor to the website https://abhaztaxi.ru.
2.11. Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific circle of persons.
2.12. Dissemination of personal data - any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or at familiarization with personal data for an unlimited number of persons, including publishing personal data in mass media, posting on information and telecommunication networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data - any actions resulting in personal data being irreversibly destroyed with the impossibility of further restoring personal data content in the personal data information system and/or destroying physical media of personal data.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
— receive accurate information and/or documents containing personal data from the personal data subject;
— in case of withdrawal of consent for personal data processing or an objection to discontinue personal data processing, the Operator may continue processing without consent if there are grounds specified in the Personal Data Law;
— independently determine the composition and list of measures necessary and sufficient to ensure compliance with obligations stipulated by the Personal Data Law and adopted regulatory legal acts if not otherwise specified by the Personal Data Law or other federal laws.
3.2. The Operator is obliged to:
— provide information about personal data processing at the request of personal data subjects;
— organize personal data processing according to the current legislation of the Russian Federation;
— respond to inquiries from personal data subjects and their legal representatives as per the Personal Data Law;
— notify the authorized body for the protection of personal data subjects’ rights at the request of this body within 10 days from the date of receipt;
— publish or otherwise ensure unrestricted access to this Policy on personal data processing;
— take legal, organizational, and technical measures to protect personal data against unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination, and other illegal actions;
— cease the transfer (distribution, provision, access) of personal data, stop processing and destroy personal data in accordance with the Personal Data Law;
— perform other duties stipulated by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
— receive information about personal data processing, except for cases stipulated by federal laws. Information is provided in an accessible form by the Operator, and it should not contain personal data of other subjects unless there are legitimate grounds for disclosure. The list of information and the procedure for obtaining it are established by the Personal Data Law;
— demand corrections, blocking, or destruction of personal data if it is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the declared purpose of processing; also take measures to protect their rights as prescribed by law;
— set conditions for preliminary consent when processing personal data for marketing proposes;
— revoke consent for personal data processing and request to stop processing;
— appeal to the authorized body or court against unlawful actions or inactions of the Operator during personal data processing;
— exercise other rights provided by legislation of the Russian Federation.
4.2. Personal data subjects must:
— provide the Operator with accurate data about themselves;
— inform the Operator about the clarification (update, change) of their personal data.
4.3. Persons who have provided false information about themselves or about another subject without consent will bear responsibility according to the legislation of the Russian Federation.
5. Principles of Personal Data Processing
5.1. Personal data processing is done lawfully and fairly.
5.2. Personal data processing is limited to achieving specific, pre-defined, and legitimate goals. Processing incompatible with the purposes of personal data collection is not permitted.
5.3. The merger of databases containing personal data processed for incompatible objectives is not allowed.
5.4. Only data meeting the goals of processing are subject to processing.
5.5. The content and the volume of processed data align with the declared processing goals. Excessiveness of processed data relative to processing objectives is not allowed.
5.6. Accuracy, sufficiency, and, where necessary, relevance concerning processing purposes are ensured during personal data processing. The Operator takes necessary measures to remove or clarify incomplete or inaccurate data.
5.7. Storage of personal data is conducted in a form that enables identification of the personal data subject, not longer than necessary for processing goals unless a federal law or contract stipulates more. Processed personal data is destroyed or depersonalized upon reaching processing goals or if the necessity for achieving these goals is lost unless otherwise stated by federal law.
6. Objectives of Personal Data Processing
Purpose of Processing | Informing the User via email |
Personal Data | · Surname, first name, patronymic · Email address · Phone numbers · Year, month, date, and place of birth |
Legal Grounds | · Charter (foundation) documents of the Operator |
Types of Personal Data Processing | · Collection, recording, systematization, accumulation, storage, destruction, depersonalization of personal data · Sending informational emails to an email address |
7. Conditions for Personal Data Processing
7.1. Processing of personal data is performed with the consent of the personal data subject to process their data.
7.2. Processing of personal data is necessary for achieving objectives stipulated by international agreements of the Russian Federation or law, for fulfilling legislative functions, powers, and duties of the Operator.
7.3. Processing of personal data is necessary for executing judicial acts, acts of other authorities, or official obligations in line with Russian Federation legislation on executive production.
7.4. Processing of personal data is necessary to execute a contract where the data subject is a party, beneficiary, or guarantor, or to conclude a contract on the data subject's initiative or where they will be a beneficiary or guarantor.
7.5. Processing of personal data is necessary to exercise rights and lawful interests of the operator or third parties, or to achieve socially significant goals, ensuring no rights and freedoms of the data subject are violated.
7.6. Publicly accessible data processing is done as provided or requested by the personal data subject (hereinafter - publicly available personal data).
7.7. Processing of personal data subject to mandatory publication or disclosure according to federal law is carried out.
8. Procedures for Collecting, Storing, Transferring, and Other Types of Personal Data Processing
The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures that fully meet the current legislation in personal data protection.
8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access.
8.2. User's personal data will never be transferred to third parties except as required by current law or if consent is given by the data subject for transfer to a third party for contract obligations.
8.3. In case of inaccuracies found in personal data, the User can independently update them by notifying the Operator via email at Garuda-express.abh@yandex.ru with a note "Update Personal Data".
8.4. The processing period for personal data is defined by the goals for which the data were collected unless otherwise provided by contract or law.
The User can revoke consent for processing personal data at any time by notifying the Operator via email at Garuda-express.abh@yandex.ru marked "Revoke Consent for Data Processing".
8.5. Information collected by third-party services, including payment systems and other service providers, is stored and processed by these parties (Operators) in accordance with their User Agreement and Privacy Policy. The personal data subject must comply with these documents. The Operator is not responsible for actions of third parties, including service providers mentioned here.
8.6. Restrictions set by the personal data subject on transmission (excluding granting access) or conditions of processing (excluding gaining access) are void for personal data processed within state, public, and other public interests defined by Russian Federation legislation.
8.7. The Operator maintains confidentiality of personal data during processing.
8.8. The Operator stores personal data in a form enabling identification, not longer than processing purposes require, unless stipulated otherwise by law or contract.
8.9. Termination conditions for personal data processing include achieving goals of the processing, expiration of consent duration, revocation of consent by the data subject, or where processing is found unlawful.
9. Actions Performed by the Operator with Received Personal Data
9.1. The Operator carries out collection, recording, systematization, accumulation, storage, clarification (update, change), retrieval, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
9.2. The Operator conducts automated personal data processing with the acquisition and/or transmission of received information through information and telecommunications networks or without.
10. Cross-border Transfer of Personal Data
10.1. The Operator must notify the authorized body for the protection of data subject rights of its intention to conduct activities related to cross-border transfer of personal data before starting such activities (this notification is sent separately from the notification of intent to process personal data).
10.2. Before submitting the above notification, the Operator must obtain relevant information from foreign authorities, foreign individuals, or foreign legal entities to whom personal data is planned to be transferred.
11. Confidentiality of Personal Data
The Operator and others who have access must not disclose or spread personal data to third parties without consent from the personal data subject, unless specified otherwise by law.
12. Final Provisions
12.1. The User can receive any clarifications on questions related to their personal data processing by contacting the Operator via email at Garuda-express.abh@yandex.ru.
12.2. Any modifications in the Operator's personal data processing policy will be reflected in this document. The policy is effective indefinitely until replaced by a new version.
12.3. The current version of the Policy is freely accessible on the Internet at https://abhaztaxi.ru/policy.