Consent to the processing of personal data

Consent to Process Personal Data 

I, ___________ (Full Name), in accordance with Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data", hereby freely, by my own will and in my own interest give my consent:

1. Data Processor

LLC "Razvitiye"

OGRIP 1225200000772, INN 5262383800, KPP 526201001, registered at the following address:

603136, Nizhny Novgorod Oblast, city of Nizhny Novgorod, Aberikossovaya St., bldg. 5A, hereafter — «Operator». 

2. Composition of Personal Data

For processing the following of my personal data:

●       Full Name;

●       Contact phone number;

●       Email address;

●       Organization name (for legal entities);

●       Position (if specified);

●       Technical data (IP address, cookies, browser and device information). 

3. Purposes of Processing

●       Conclusion and execution of contracts;

●       Feedback (response to inquiries via the website);

●       Sending commercial offers and marketing materials;

●       Website traffic analysis, including user behavior on the website (with the use of cookies).

4. Data Processing

The Operator has the right to: collect, record, store, update, use, disclose, anonymize, block, delete, and destroy data — both automated and non-automated methods.

5. Disclosure to Third Parties

Data may be transferred to:

●       Contractors (e.g., courier services) for contract fulfillment;

●       Government Authorities upon legal requirement;

●       IT Service Providers (e.g., Yandex.Metrica, CRM systems) with mandatory compliance with 152-FZ.

6. Consent Duration

Until withdrawal, but no later than:

●       5 years — for contractual data;

●       3 years — for marketing mailings;

●       3 days after unsubscribing — for cookies.

7. Withdrawal of Consent

I have the right to withdraw consent by submitting a written notice to the Operator's address:

●       Mail: 603136, Nizhny Novgorod Oblast, city of Nizhny Novgorod, Aberikossovaya St., bldg. 5A;

●       Email (with subject "Withdrawal of Consent to Process Personal Data").

Upon withdrawal, the Operator shall cease processing, except cases provided in 2–11 of Article 6 of 152-FZ (e.g., contract fulfillment).

8. Confirmation

By clicking the "Submit" button on skazka-factory.ru website, I confirm that I have read:

●       Personal Data Processing Policy;

●       Rights of the Data Subject (access, correction, deletion).

Date: _______________________

Signature:

I confirm that I voluntarily and in my interest provide the above consent. The purpose of providing personal data is to establish contact with the website administrator skazka-factory.ru, including notifications and inquiries about website usage, service provision. I hereby acknowledge and confirm that I voluntarily and fully assume responsibility for the provided personal data, including its completeness, accuracy, unambiguity, and relevance to me directly. I confirm that I am aware of the rights and obligations under Federal Law "On Personal Data", including the procedure for withdrawing consent to data collection and processing.  

POLICY FOR PROCESSING AND PROTECTION OF PERSONAL DATA

Limited Liability Company "Razvitiye"

1. General Provisions

1.1. This Policy defines the purposes, objectives, and major measures to ensure the security of personal data in Limited Liability Company "Razvitiye" (hereinafter — the Company) from unauthorized access, illegal use, or loss.

1.2. The Policy is developed in accordance with the current legislation of the Russian Federation in the field of personal data protection:

1.2.1. Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data".

1.2.2. Government Decree dated September 15, 2008 No. 687 "On Approval of Rules for Personal Data Processing Performed Without Automated Means".

1.2.3. Government Decree dated November 1, 2012 No. 1119 "On Approval of Requirements for Personal Data Protection During Their Processing in Information Systems of Personal Data".

1.2.4. Regulatory Documents of the Authorized Bodies.

1.3. This Policy serves as a basis for developing local regulatory acts of the Company on personal data security.

1.4. This Policy applies to employees of the Company, including contractors, as well as employees of third-party organizations interacting with the Company per due state laws and organizational documents, as well as individuals in civil law relations with the Company.

2. Terms and Abbreviations

Personal data (PD) – any information relating to an identified

Processing of personal data – any action (operation) or set of actions performed with the use of automated

Operator of personal data (operator) – state, municipal body, legal or physical person organizing or performing processing of

Automated processing of personal data – processing personal data using computer technology means.

Information System of Personal Data (ISPD) – combination of personal data stored in databases and information technology means

Data permitted by the data subject for disclosure – data subject allows unlimited access to these data as per processing

Blocking of personal data – temporary suspension of data processing (except cases

Destruction of personal data – actions making it impossible to recover the content

3. Personal Data Processing

3.1. Receiving PD.

3.1.1. All PD must be received directly from the data subject. If PD are only available

3.2. Processing PD.

3.2.1. Personal data is processed:

- With the data subject's consent;

- Where processing is necessary to fulfill legal obligations.

3.2.2 Purposes of processing PD:

- Establishment of employment relationships;

- Establishment of civil contracts.

3.2.3. Categories of data subjects:

- Physical persons employed by LLC "Razvitiye";

- Immediate family members of such persons;

- Physical persons as customers and their legal representatives;

- Physical persons as candidates;

- Practitioners/interns.

3.2.4. PD processed by the Company:

- Data obtained via employment;

- Data from job candidate selection;

- Data from civil contracts.

Full PD list: Management-approved Directory.

3.2.5. PD processing methods:

- Using automation;

- Without automation via internal network;

- No internet transmission.

3.3. Storing PD.

3.3.1. PD may be stored on paper records or electronically.

3.3.2. Paper records stored in locked cabinets.

3.3.3. PD stored in separate folders or tabs.

3.3.4. Prohibition of storing/releasing PD documents in open electronic catalogs.

3.3.5. PD must be stored only as long as processing purposes require and be destroyed

3.4. Destruction of PD.

3.4.1. Documents containing PD destroyed via burning, mechanical destruction (using shredder).

3.4.2. Electronic media PD destroyed via wiping or formatting.

3.4.3. Destruction approved by a Commission documenting data destruction.

3.5. Data Transmission.

3.5.1. The Company may transfer PD processing to third parties:

- With the data subject's consent;

- As required by the Russian/Foreign Legislation.

3.5.2. Recipients: Russian Pension Fund, Tax Authorities, Banks, Credit Bureaus, Legal Firms (per law).

4. Data Protection

4.1. Under regulatory requirements, the Company established a Personal Data Protection System

4.2. Legal protection subsystem includes regulatory documents ensuring PD system functionality.

4.3. Organizational protection includes data protection at work, output/information security, employee partner/third-party security, open storage/publication/reporting security, analysis activities security.

4.4. Technical protection includes software/hardware tools for data security.

4.5. Main Security Measures:

4.5.1. Data Protection Officer designation, training,

4.5.2. Threat assessment and protection measures;

4.5.3. Local legislation Razvitiye;

4.5.4. Access control rules;

4.5.5. User-specific passwords;

4.5.6. Certification of

4.5.7. Certified antivirus;

4.5.8. Certified access

4.5.9. Certified firewall;

4.5.10. Confidential data

4.5.11. Unauthorized access

4.5.12. Data restoration;

4.5.13. Training employees;

4.5.14. Internal audits.

5. Rights of Data Subject and Operator Obligations

5.1. Data Subject Rights:

5.1.1 Subject may request data correction, blocking, or deletion if data

5.1.2 Subject has right to information about processing:

1) processing confirmation;

2) legal basis and purposes;

3) processing methods;

4) Operator's name, office, access data;

5) Subject's PD details;

6) processing periods;

7) methods for

8) cross-border transfer;

9) operator's contact;

10) other data;

5.2. Operator Obligations:

- Provide data details upon request;

- Notify if PD obtained from third parties;

- Explain refusal consequences;