Data Protection Guidelines that lay down within the Legal practice of “FORTIS” Law office of the Samara Region.

General terms

1.1. The purpose of this Confidentiality Policy (hereinafter the Policy) is to procure the protection of individuals’ rights and freedoms, and acts towards all personal data which are processed by the Legal practice of “FORTIS” Law office of the Samara region (hereinafter the Operator)

1.2. The Policy was developed in accordance with the Federal Law of 27 July 2006 N152 – FZ “On Personal Data” (hereinafter FZ “On Personal Data”)

1.3. The User’s personal information is understood as: personal information that is provided by a User himself/herself in the process of using feedback forms and other Site’s Services (including a User’s personal data). Other information is provided by a User in his/her discretion.

1.4. The Policy is a public document and contains information to be disclosed in accordance with Part 1 of Art. 14 of FZ “On Personal Data”.

Information about the Operator

2.1. the Operator operates at the address: ul. Revolyutsionnaya 52a, offices 625, 612, 616, Togliatti, Samara Region, 445028.

2.2. The database that contains personal data of the Russian Federation citizens is located at the address: ul. Revolyutsionnaya 52a, offices 625, 612, 616, Togliatti, Samara Region, 445028.

Information on the processing of personal data

3.1. The Operator collects and stores only that information which is necessary for provision of services or contracts and agreements execution with a User, except in cases when the legislation provides for mandatory legal storage period of personal information.

3.2. The Operator receives personal data directly from the subject of personal data. Purpose of processing:

• User identification on the site
• Provide the User access to the site resources
• Set up feedback with a User through notifications, requests related to use of the site, provision of services and processing a user’s requests and claims
• Identify a User’s locations to ensure security and prevent fraud

3.3. Personal data is processed in automated and non-automated ways. Actions for processing of personal data include the collection, recording, accumulation, storage, use, transfer, blocking, deletion of information, etc.

3.4. Databases of information gathering on personal data of citizens are located on the territory of the Russian Federation.

Processing of personal data

4.1. The Operator processes the personal data of clients to comply with the laws of the Russian Federation, as well as for the conclusion and execution of the terms of contracts with clients.

4.2. The Operator processes the following personal client data:

• Client’s name
• Client’s contact phone number
• Client’s email address

4.3. The Operator processes the personal data of clients with their concert and no longer than the validity period of contracts concluded with them. The Operator may process the personal data of clients even after the expiration of contracts concluded with them in accordance with clause 5, Part 3, Art. 24 of Part One of the Tax Code of the Russian Federation, Part 1, Art. 29 of the Federal Law “On Accounting” and other regulatory legal acts.

Protection of personal data

5.1. The Operator’s activity in processing personal data in information systems is based on the principles of protection of confidential information received.

5.2. The security of personal data during its processing in the Operator’s information systems is ensured by a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and their protection from illegal actions.

5.3. The exchange of personal data during its processing in information systems is carried out through communication channels, which are protected by technical means of information protection.

5.4. The Operator carries out constant control over the level of clients’ personal data protection in accordance with the Policy, the Regulations, corresponding laws and regulations, the requirements for the protection of personal data and other local acts, including control over the measures which are taken to ensure the security of personal data during processing in the Operator’s information system.

5.5. The Operator controls and carries out measures to prevent unauthorized access to personal data. Takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to it.

Obligations of the parties

6.1. Rights of the User:

• Provide information on personal data that is necessary for the use of the site
• Update or, in case of changes, add new information to the data already provided.

6.2. Rights of the Operator:

• Use the received information for the limited stated purposes.
• Take measures to protect the confidentiality of the User’s personal data.
• The Operator is obliged to keep the received information confidential, not to disclose it without the prior written permission of the User (exchange, sale, publication, disclosure in other possible ways of the transferred personal data of the User, except as required by this Policy)
• In case of identification of false personal data or illegal actions, the Operator is obliged to block the User’s personal data from the moment of his/her request or request of his/her legal representative, or the authorized body for the protection of the rights of personal data subjects for the verification period.