1. General Provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been prepared in accordance with the requirements of the Law of April 14, 2008 No. 52-g “On Personal Data” (hereinafter referred to as the Law) and determines the position of the Website Administration (hereinafter referred to as the Website Administration) in the field of processing and protection of personal data (hereinafter referred to as the Data), compliance with the rights and freedoms of every person and, in particular, the right to privacy, personal and family secrecy.
2. Scope of Application
2.1. This Policy applies to the Data obtained both before and after the entry into force of this Policy.
2.2. Understanding the importance and value of the Data, as well as caring about compliance with the rights of citizens of the Kyrgyz Republic and citizens of other states, the Website Administration ensures reliable protection of the Data.
3. Definitions
3.1. Data means any information relating to a directly or indirectly determined or determinable individual, i.e., such information, in particular, includes: last name, first name, patronymic, email, location, a link to a personal website or social networks, IP address.
3.2. Data processing means any action (operation) or a set of actions (operations) with Data performed using automation tools and/or without using such tools. Such actions (operations) include: collection, recording, systematization, accumulation, storage, уточнение (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Data.
3.3. Data security means the protection of Data from unlawful and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.
4. Legal Grounds and Purposes of Data Processing
4.1. Processing and ensuring Data security by the Website Administration is carried out in accordance with the requirements of the legislation of the Kyrgyz Republic.
4.2. The subjects of Data processed by the Website Administration are:
4.2.1. Users and visitors of the website https://elitehacks.ru/ owned by the Website Administration, including for the purpose of placing an order on the Website https://elitehacks.ru/.
4.3. The Website Administration processes the Data of subjects for the following purposes:
4.3.1. performing the functions, powers, and duties imposed on the Website Administration by law in accordance with laws,
4.3.2. Users for the purposes of:
4.3.2.1. - providing information on goods/services, promotions, and special offers;
4.3.2.2.- analyzing the quality of the provided service and improving the quality of customer service;
4.3.2.3.- informing about the order status;
4.3.2.4.- performance of the contract, including the contract of sale, including concluded remotely on the Website, paid provision of services; provision of services, as well as accounting for services rendered to consumers for carrying out mutual settlements;
4.3.2.5.- delivery of the ordered Product to the User who placed an order on the Website, return of the product.
5. Principles and Conditions of Data Processing.
5.1. When processing Data, the Website Administration adheres to the following principles: Data processing is carried out on a lawful and fair basis; Data are not disclosed to third parties and are not distributed without the consent of the Data subject, except for cases requiring disclosure of Data at the request of authorized state bodies, court proceedings; determination of specific lawful purposes before the start of Data processing (including collection); collection is carried out only of those Data that are necessary and sufficient for the declared purpose of processing; the merging of databases containing Data, the processing of which is carried out for purposes incompatible with each other, is not allowed; Data processing is limited to achieving specific, predetermined, and lawful purposes; the processed Data are subject to destruction or depersonalization upon achievement of the purposes of processing or in case the need to achieve these purposes is lost, unless otherwise provided by law.
5.2. The Website Administration may include the Data of subjects in publicly available Data sources, while the Website Administration obtains the written consent of the subject to process their Data, or by expressing consent through the website form (checkbox), by clicking which the personal data subject expresses their consent.
5.3. The Website Administration does not process Data concerning racial, national affiliation, political views, religious, philosophical and other beliefs, intimate life, membership in public associations, including professional unions.
5.4. Biometric Data (information that characterizes the physiological and biological characteristics of a person, on the basis of which their identity can be established and which is used by the operator to establish the identity of the Data subject) are not processed by the Website Administration.
5.5. The Website Administration carries out cross-border transfer of data. The Website Administration confirms that the foreign state to whose territory the transfer of personal data is carried out ensures adequate protection of the rights of personal data subjects in accordance with the level of security defined by the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data.
5.6. In cases established by the legislation of the Kyrgyz Republic, the Website Administration has the right to transfer the Data to third parties (state bodies).
5.7. The Website Administration has the right to поручить (entrust) the processing of the Data of Data subjects to third parties with the consent of the Data subject, on the basis of an agreement concluded with these persons, including upon consent to the user agreement and the personal data processing policy posted on the website.
5.8. Persons processing Data on the basis of an agreement concluded with the Website Administration (operator’s instruction) undertake to comply with the principles and rules of processing and protection of Data предусмотренные (provided for by) the Law. For each third party, the agreement defines the перечень (list) of actions (operations) with Data that will be performed by the third party processing the Data, the purposes of processing, establishes the obligation of such person to maintain confidentiality and ensure Data security during processing, and specifies the requirements for the protection of processed Data in accordance with the Law.
5.9. For the purpose of fulfilling the requirements of its contractual obligations, Data processing by the Website Administration is carried out both with and without the use of automation tools. The set of processing operations includes collection, recording, systematization, accumulation, storage, уточнение (updating, changing), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction of Data.
5.10. The Website Administration is prohibited from making decisions based solely on automated processing of Data that generate legal consequences for the Data subject or otherwise affect their rights and legitimate interests.
6. Rights and Obligations of Data Subjects, as well as the Website Administration in Terms of Data Processing
6.1. The subject whose Data are processed by the Website Administration has the right:
6.1.1. to receive from the Website Administration:
6.1.1.1. confirmation of the fact of Data processing and information about the availability of Data relating to the relevant Data subject;
6.1.1.2. information about the legal grounds and purposes of Data processing;
6.1.1.3. information about the Data processing methods used by the Website Administration;
6.1.1.4. the list of processed Data relating to the Data subject and information about the source of their receipt;
6.1.1.5. information about the сроки (periods) of Data processing, including the periods of their storage;
6.1.1.6. information about the procedure for the Data subject to exercise their rights;
6.1.1.7. other information provided for by the Law or other regulatory legal acts;
6.1.2. to demand from the Website Administration:
6.1.2.1. clarification of their Data, blocking or destruction of such Data in case the Data are incomplete, outdated, inaccurate, unlawfully obtained, or are not necessary for the declared purpose of processing;
6.1.2.2. to withdraw their consent to Data processing at any time; to demand elimination of unlawful actions of the Website Administration in relation to their Data;
6.1.3. protection of their rights and legitimate interests, including compensation for losses and/or компенсацию (compensation) for moral harm in court.
6.2. In the course of Data processing, the Website Administration is obliged:
6.2.1. to provide the Data subject, upon their request, information relating to the processing of their personal data, or on lawful grounds to provide a refusal within thirty days from the date of receiving the request of the Data subject or their representative;
6.2.2. to explain to the Data subject the legal consequences of refusal to provide the Data if the provision of the Data is mandatory in accordance with the law;
6.2.3. to take the necessary legal, organizational and technical measures or ensure their adoption to protect the Data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of the Data, as well as from other unlawful actions in relation to the Data;
6.2.4. to publish on the Internet and ensure unrestricted access using the Internet to the document defining its policy regarding Data processing, and to information about the implemented requirements for Data protection;
6.2.5. to provide Data subjects and/or their representatives free of charge with the opportunity to ознакомления (familiarize themselves) with the Data when submitting a relevant request within 30 days from the date of receiving such a request;
6.2.6. to block unlawfully processed Data relating to the Data subject, or ensure their blocking (if Data processing is carried out by another person acting on the instruction of the Website Administration) from the moment of обращения (appeal) or receipt of a request for the period of verification, in case unlawful processing of Data is выявления (identified) upon appeal of the Data subject or their representative or upon request of the Data subject or their representative or the authorized body for the protection of the rights of personal data subjects;
6.2.7. to уточнить (clarify) the Data or ensure their clarification within 7 working days from the day the information is provided and to remove the blocking of the Data, in case confirmation of inaccuracy of the Data is established on the basis of information provided by the Data subject or their representative;
6.2.8. to stop unlawful Data processing or ensure cessation of unlawful Data processing;
6.2.9. to stop Data processing or ensure its cessation and destroy the Data or ensure their destruction upon achievement of the purpose of Data processing, unless otherwise provided by the contract to which the Data subject is a party, beneficiary, or guarantor, in case the purpose of Data processing is achieved;
6.2.10. to stop Data processing or ensure its cessation and destroy the Data or ensure their destruction in case the Data subject withdraws consent to Data processing, if the Website Administration is not entitled to process the Data without the consent of the Data subject;
7. Requirements for Data Protection
7.1. When processing Data, the Website Administration takes the necessary legal, organizational and technical measures to protect the Data from unlawful and/or unauthorized access to it, destruction, modification, blocking, copying, provision, distribution of Data, as well as from other unlawful actions in relation to Data.
7.2. Such measures in accordance with the Law, in particular, include:
7.2.1. appointment of a person responsible for organizing Data processing, and a person responsible for ensuring Data security;
7.2.2. development and approval of local acts on issues of Data processing and protection;
7.2.3. application of legal, organizational and technical measures to ensure Data security:
7.2.4. identification of threats to Data security during their processing in personal data information systems;
7.2.5. application of organizational and technical measures to ensure Data security during their processing in personal data information systems necessary to meet the requirements for Data protection;
7.2.6. use of information security tools that have passed, in the установленном порядке (established manner), the conformity assessment procedure;
7.2.7. assessment of the effectiveness of the measures taken to ensure Data security before putting the personal data information system into operation;
7.2.8. accounting of machine media of Data if Data are stored on machine media;
7.2.9. detection of facts of unauthorized access to Data and taking measures to prevent such incidents in the future;
7.2.10. restoration of Data modified or destroyed due to unauthorized access to it;
7.2.11. establishment of rules of access to Data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with the Data in the personal data information system.
7.2.12. control over the measures taken to ensure Data security and the level of protection of personal data information systems;
7.2.13. assessment of harm that may be caused to Data subjects in case of violation of the requirements of the Law, correlation of the specified harm and the measures taken by the Website Administration aimed at ensuring the fulfillment of obligations provided for by the Law;
7.2.14. compliance with conditions that exclude unauthorized access to material носителям (carriers) of Data and ensure the сохранность (safety) of Data;
8. Periods of Data Processing (Storage)
8.1. The periods of Data processing (storage) are determined based on the purposes of Data processing, in accordance with the term of the contract with the Data subject, the requirements of laws, the requirements of Data operators on whose instruction the Website Administration processes the Data, the basic rules for the work of organization archives, and the limitation periods.
8.2. Data whose processing (storage) period has expired must be destroyed. Storage of Data after termination of their processing is permitted only after their depersonalization.
9. Procedure for Obtaining Clarifications on Issues of Data Processing
9.1. Persons whose Data are processed by the Website Administration may obtain clarifications on issues of processing their Data by contacting the Website Administration through the feedback form.
10. Features of Processing and Protection of Data Collected by the Website Administration Using the Internet
10.1. The Website Administration processes Data received from users of the Website from the resource: https://elitehacks.ru/ (hereinafter jointly — the Website) and upon direct переходе (transition) to placing an Order.
10.2. Collection of Data
There are two main ways by which the Website Administration obtains Data using the Internet:
10.2.1. Provision of Data (independent input of data):
10.2.1.1. last name
10.2.1.1. first name
10.2.1.1. patronymic
10.2.1.1. email
10.2.1.1. link to a personal website or social networks
10.3. Automatically Collected Information The Website Administration may collect and process information that is not personal data:
10.3.1. determination of location
10.3.2. IP address
10.3.3. information about Users’ interests on the Website based on the search queries entered by Website users about goods implemented and offered for sale for the purpose of providing up-to-date information to users when using the Website, as well as summarizing and analyzing information about which sections of the Website and goods are in the highest demand among Website customers;
10.3.4. processing and storing the search queries of Website users for the purpose of summarizing and creating customer statistics about the use of Website sections. The Website Administration automatically receives some types of information received in the process of users interacting with the Website, correspondence by email, etc. We are talking about technologies and services such as web protocols, cookies, web beacons, as well as applications and tools of the specified third party. At the same time, web beacons, cookies, and other monitoring technologies do not make it possible to automatically receive the Data. If a Website user at their discretion provides their Data, for example, when filling out the feedback form or when sending an email, then only in that case are the processes of automatic collection of detailed information launched for convenience of using the Website and/or to improve interaction with Users.
10.4. Use of Data The Website Administration has the right to use the provided Data in accordance with the stated purposes of their collection with the consent of the Data subject if such consent is required. The obtained Data in aggregated and depersonalized form may be used to better understand the needs of buyers of goods and services sold by the Website Administration and to improve the quality of service.
10.5. Transfer of Data The Website Administration may поручать (entrust) Data processing to third parties exclusively with the consent of the Data subject. Data may also be transferred to third parties in the following cases: a) As a response to lawful requests of authorized state bodies, in accordance with laws, court decisions, etc. b) Data may not be transferred to third parties for marketing, commercial and other similar purposes, except in cases of obtaining the prior consent of the Data subject.
10.6. The Website contains links to other web resources where useful and interesting information for Website users may be located. At the same time, the effect of this Policy does not apply to such other websites. Users who follow links to other websites are recommended to ознакомиться (familiarize themselves) with the Data processing policies posted on such websites.
10.7 A Website user may at any time withdraw their consent to Data processing by sending a message to the email address: elitehacksru@mail.ru. After receiving such a message, the user’s Data processing will be stopped and their Data will be deleted, except for cases when processing may be continued in accordance with the law.
11. Final Provisions
11.1. This Policy is a local regulatory act of the Website Administration. This Policy is publicly available. Public availability of this Policy is ensured by its publication on the Website. This Policy may be revised in any of the following cases:
11.1.1. in case of changes in the legislation of the Kyrgyz Republic in the field of processing and protection of personal data;
11.1.2. in cases of receiving orders from competent state bodies to eliminate non-compliances affecting the scope of the Policy;
11.1.3. by decision of the Website Administration;
11.1.4. in case of changes in the purposes and periods of Data processing;
11.1.5. in case of changes in the organizational structure, the structure of information and/or telecommunication systems (or introduction of new ones);
11.1.6. in case of the use of new technologies for processing and protecting Data (including transfer, storage);
11.1.7. in case a need arises to change the Data processing process related to the activity of the Website.
11.2. An integral part of this Policy is the Consent to the processing of personal data posted on the Website.
11.3. This Policy is effective directly and in interrelation with the User Agreement posted on the Website.