Privacy Policy
Personal data processing policy
This "Personal Data Processing
Policy" (hereinafter referred to as the "Policy") defines the
basic principles, purposes, conditions and methods of processing STANEWSKI LLC (Individual Taxpayer
Identification Number (ITIN): 46-5435987, 494 AVON ST, Philadelphia, PA, United
States, 19116) (hereinafter referred to as the "Operator") of the
personal data of the Users of the website www.galleryimages.art
(as defined in section 1 below), as well as all other individuals who provide
the Operator with their personal data.
1. General
Provisions
1.1. This Policy has been drawn up in
accordance with the US Civil Code, as well as other regulations of the Russian
Federation in the field of personal data protection and processing.
1.2. This Policy, including the interpretation
of its provisions and the procedure for its adoption, execution, modification,
and termination, is subject to US law.
1.3. The Policy applies to all personal data
processed by STANEWSKI LLC (hereinafter referred to as the Operator).
1.4. The Policy applies to relations in the
field of personal data processing that arose with the Operator both before and
after the approval of this Policy.
1.5. In pursuance of the requirements of the US
Law on Personal Data, this Policy is published in the public domain on the
information and telecommunications network Internet on the Operator's website.
1.6. The following terms and definitions are
used in this Policy:
Operator - Limited Liability
Company "STANEWSKI", Individual Taxpayer Identification Number
(ITIN): 46-5435987, 494 AVON ST, Philadelphia, PA, United States, 19116.
User - a subject of personal
data who is a visitor to the Site, accepts the terms of this Policy, and who
wants to place or has placed orders in the online store www.galleryimages.art, or using any
other functions of the site.
Personal data - any information
relating directly or indirectly to a specific or identifiable individual;
Processing of personal data - any action
(operation) or a set of actions (operations) performed using automation tools
or without using such tools with Personal data, including collection,
recording, systematization, accumulation, storage, clarification (update,
change), extraction, use, transfer (distribution, provision, access),
depersonalization, blocking, deletion, destruction of Personal Data;
Subject of Personal Data - an
individual who is directly or indirectly identified, or determined on the basis
of information received about him.
Protection of Personal Data - the activities
of the Company aimed at ensuring the confidentiality of Personal Data,
establishing and observing the procedure for processing Personal Data, as well
as applying organizational and technical measures to ensure the security of
Personal Data, and other measures in accordance with US law;
Confidential information - information
(in documented or electronic form), access to which is limited in accordance
with US law, as well as local regulations of the Company;
Automated processing of personal data - processing
of personal data using computer technology;
Cross-border transfer of personal data - transfer
of personal data to the territory of a foreign state to a foreign state
authority, a foreign individual or a foreign legal entity.
2. Rights and obligations of personal data
subjects and the Operator
2.1. The personal data subject has the right:
2.1.1. to receive information regarding the
processing of his personal data, in the manner, form and terms established by
law;
2.1.2. demand clarification of your personal
data, their destruction or blocking if the personal data is incomplete,
outdated, inaccurate, illegally obtained or is not necessary for the stated
purpose of processing;
2.1.3. withdraw your consent to the processing
of personal data in accordance with the procedure specified in this Policy;
2.1.4. to exclude the Operator's information
materials from the distribution;
2.1.5. exercise other rights provided for by
applicable law.
2.2. The operator has the right:
2.2.1. process personal data of personal data
subjects in accordance with the stated goals and in compliance with the
established requirements;
2.2.2. require personal data subjects to
provide reliable personal data necessary to achieve these goals;
2.2.3. restrict the personal data subject's
access to his personal data in cases where the processing of personal data is
carried out in accordance with the legislation on combating the legalization
(laundering) of proceeds from crime and the financing of terrorism, the access
of the personal data subject to his personal data violates the rights and
legitimate interests third parties, as well as in other cases provided for by
federal law.
2.3. The operator is obliged:
2.3.1. organize the processing of personal data
in accordance with the requirements of the Law on Personal Data;
2.3.2. respond to requests and inquiries from
subjects of personal data and their legal representatives in accordance with
the requirements of the Law on Personal Data;
2.3.3. report to the authorized body for the
protection of the rights of subjects of personal data of the United States at
the request of this body, the necessary information within 30 days from the
date of receipt of such a request.
2.4. Control over the implementation of the
requirements of this Policy is carried out by an authorized person responsible
for organizing the processing of personal data at the Operator.
2.5. Responsibility for violation of the
requirements of US law and the Operator's regulations in the field of personal
data processing and protection is determined in accordance with US law.
3. Scope and categories of processed personal
data
3.1. The operator processes the personal data
of the Personal Data Subjects within the limits limited by the purposes of
processing personal data. In relation to the Users of the Site, their personal
data in this Policy means:
3.1.1. data provided by the User independently
during registration or in the process of using the Site, namely: last name,
first name, patronymic, date of birth, gender, postal address; home, work,
mobile phone numbers, e-mail address (e-mail), password from your personal
account on the website www.galleryimages.art.
The information required for the provision by the Site is marked in a special
way. Other information is provided by the User at his discretion;
3.1.2. technical data that is automatically
transmitted to the Operator in the process of using the Site using the software
installed on the User's device, including the IP address, cookie data,
information about the User's browser (or other program through which the Site
is accessed) , technical characteristics of the equipment and software used by
the User, date and time of access to the Site, addresses of the requested pages
and other similar information;
3.2. The Operator does not process special
categories of the Users' personal data (information concerning race,
nationality, political views, religious or philosophical beliefs, intimate
life), as well as their biometric personal data.
3.3. The Operator does not control and is not
responsible for the processing of personal data of Users by third-party sites
to which the User can click on the links available on the Site.
3.4. The operator does not check and is not
responsible for the accuracy of the information provided by the User on the
Site.
4. Purposes of processing personal data
4.1. The operator processes only those personal
data that are necessary to achieve the goals defined in clause 4.2 of this
Policy.
4.2. Personal data is processed by the Operator
in order to:
4.2.1. Enforcement of US Laws;
4.2.2. Carrying out its activities in
accordance with the charter of STANEWSKI LLC;
4.2.3. Implementation of civil law relations;
4.2.4. Ensuring interaction with clients and
counterparties of the Operator, concluding and executing contracts with them;
4.5.3. In relation to the Users of the Site,
the purposes of processing their personal data by the Operator are:
- registration
of Users on the Site and their placing orders for goods, or purchasing
goods on the Site without registration;
- processing
requests and applications from Users sent by them through the Site;
- improving
the quality of the Site, ease of use for Users, development of new
services and services;
- targeting
advertising materials;
- conducting
advertising and marketing activities, programs, promotions, surveys,
sweepstakes, etc., as well as to promote goods and services on the market
by making direct contacts (advertising and information mailing) with the
User using various means of communication, including, but not limited to:
mailing list, e-mail, telephone, Internet;
- conducting
statistical and other research based on anonymized data in order to
improve the quality of services.
5. Principles of processing personal data
5.1. The operator processes the personal data
of the Personal Data Subjects, taking into account the following principles:
5.1.1. The personal data of the Personal Data
Subject is processed for predetermined and legal purposes, which are listed in
section 4 of this Policy.
5.1.2. The operator processes only those
personal data that are necessary to achieve the goals specified in this Policy.
5.1.3. The operator ensures the accuracy and
relevance of the processed personal data, their sufficiency in relation to the
purposes of processing.
5.1.4. The operator ensures confidentiality
when processing personal data and takes all necessary measures in accordance
with clause 9.1 of the Policy.
6. The procedure and conditions for the
processing of personal data and their transfer to third parties
6.1. The processing of personal data of the
Personal Data Subject includes the collection, systematization, accumulation,
storage, clarification, use, transfer to third parties both in the United
States and cross-border transfer, depersonalization, blocking, destruction of
personal data for the purpose of the Operator's fulfillment of its obligations
under this Policy.
6.2. The personal data of the Personal Data
Subject is processed by the Operator both using automation tools (using
automated database management systems, as well as other software tools), and
without using them.
6.3. If it is necessary to achieve the goals
specified in this Policy, the Operator can provide access to or transfer
personal data to other companies. In addition, if it is necessary to achieve
the stated purposes of processing personal data, access to personal data may be
provided to third-party providers, for example, technology service providers,
financial management services, logistics. Access to personal data / transfer of
personal data is carried out on the basis of an agreement concluded with such
persons, provided that such third parties comply with the confidentiality of
personal data and the security of personal data during their processing.
6.4. Personal data of the Subject of personal
data is processed only with his consent. The consent given by the Subject of
personal data to the processing of his personal data is indefinite and can be
revoked by him or his representative by sending a written statement by the
Subject of personal data to the address of the Operator's location specified in
this Policy, or by sending a written notification to the email address galleryimages.art@gmail.com.
7. Change
and deletion of personal data. Mandatory data storage
7.1. The Operator is obliged, at the request of
the Subject of Personal Data, to clarify, block or delete the processed
personal data if the personal data is incomplete, outdated, inaccurate, illegally
obtained or is not necessary for the stated purpose of processing.
7.1.1. The Operator is obliged, within a period
not exceeding 10 (ten) calendar days from the date the Personal Data Subject
provides information that personal data is incomplete, inaccurate or
irrelevant, to amend them and notify the Personal Data Subject about it.
7.1.2. Personal data are subject to destruction
in the following cases:
1) if it is impossible to ensure the lawful
processing of personal data within a period not exceeding 15 (fifteen) calendar
days from the date of detection of illegal processing;
2) upon receipt of a written application from
the Personal Data Subject to destroy personal data or revoke the User's consent
to the processing of personal data;
3) achievement of the purpose of processing
personal data or loss of the need to achieve it;
4) expiration of the storage period for
personal data.
7.1.3. Personal data is subject to destruction
within 30 (thirty) calendar days, unless a different period is provided by US
law or the Policy.
7.2. The rights provided for by the provisions
of this Policy may be limited in accordance with the requirements of the law.
For example, such restrictions may stipulate the obligation of the Operator to
keep the information changed or deleted by the User for the period established
by law and transfer such information in accordance with the legally established
procedure to a state body.
7.3. The storage of personal data is carried
out no longer than the purpose of processing personal data requires, if the
storage period for personal data is not established by federal law, an
agreement to which, a beneficiary or a guarantor, according to which the
subject of personal data is.
8. Processing
of personal data using cookies and counters
8.1. Cookies transmitted by the Operator to the
User's equipment and the User's equipment to the Site can be used by the
Operator to provide the User with personalized services, to target
advertisements that are shown to the User for statistical and research
purposes, as well as to improve the operation of the Site.
8.2. The user understands that the equipment
and software used by him to visit sites on the Internet may have the function
of prohibiting operations with cookies (for any sites or for certain sites), as
well as deleting previously received cookies.
8.3. Search engines have the right to establish
that the provision of a certain service or service is possible only if the
acceptance and receipt of cookies is allowed by the User.
8.4. The structure of the cookie, its content
and technical parameters are determined by the Operator and can be changed
without prior notice to the User.
8.5. The counters placed by the Site can be
used to analyze the User's cookies, to collect and process statistical
information about the use of the Site, as well as to ensure the operability of
the Site as a whole or their individual functions in particular. The technical
parameters of the meters are determined by the Operator and can be changed
without prior notice to the User.
9. Protection of personal information
9.1. The operator takes the necessary and
sufficient legal, organizational and technical measures to protect the personal
data of the Personal Data Subjects from unauthorized or accidental access,
destruction, modification, blocking, copying, distribution, as well as from
other illegal actions of third parties with them.
9.2. In order to ensure adequate protection of
personal data, the Operator assesses the harm that can be caused in case of
violation of the security of personal data, and also determines the current
threats to the security of personal data during their processing in personal
data information systems.
10. Change of Policy
10.1. The operator has the right to make
changes to this Policy without the consent of the Personal Data Subject. When
making changes in the current edition, the date of the last update is
indicated. The new version of the Policy comes into force from the moment it is
posted and is valid until the approval of the Policy in the new version, unless
otherwise provided by the new edition of the Policy. The current version is
permanently available on the page at www.galleryimages.art.
11. Contacts and questions about personal data
11.1. All
suggestions, questions, requests and other requests regarding this Policy and
the use of their personal data, the Personal Data Subject has the right to send
to the Operator:
-by email
address: (galleryimages.art@gmail.com).
- at the postal
address: STANEWSKI LLC 494 AVON ST, Philadelphia, PA, United States, 19116
Date of
publication: 03/01/2020