Personal data processing policy
This "Personal Data Processing Policy" (hereinafter referred to as the "Policy") defines the basic principles, purposes, conditions and methods of processing STANEWSKI LLC (Individual Taxpayer Identification Number (ITIN): 46-5435987, 494 AVON ST, Philadelphia, PA, United States, 19116) (hereinafter referred to as the "Operator") of the personal data of the Users of the website www.galleryimages.art (as defined in section 1 below), as well as all other individuals who provide the Operator with their personal data.
1. General Provisions
1.1. This Policy has been drawn up in accordance with the US Civil Code, as well as other regulations of the Russian Federation in the field of personal data protection and processing.
1.2. This Policy, including the interpretation of its provisions and the procedure for its adoption, execution, modification, and termination, is subject to US law.
1.3. The Policy applies to all personal data processed by STANEWSKI LLC (hereinafter referred to as the Operator).
1.4. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.5. In pursuance of the requirements of the US Law on Personal Data, this Policy is published in the public domain on the information and telecommunications network Internet on the Operator's website.
1.6. The following terms and definitions are used in this Policy:
Operator - Limited Liability Company "STANEWSKI", Individual Taxpayer Identification Number (ITIN): 46-5435987, 494 AVON ST, Philadelphia, PA, United States, 19116.
User - a subject of personal data who is a visitor to the Site, accepts the terms of this Policy, and who wants to place or has placed orders in the online store www.galleryimages.art, or using any other functions of the site.
Personal data - any information relating directly or indirectly to a specific or identifiable individual;
Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with Personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of Personal Data;
Subject of Personal Data - an individual who is directly or indirectly identified, or determined on the basis of information received about him.
Protection of Personal Data - the activities of the Company aimed at ensuring the confidentiality of Personal Data, establishing and observing the procedure for processing Personal Data, as well as applying organizational and technical measures to ensure the security of Personal Data, and other measures in accordance with US law;
Confidential information - information (in documented or electronic form), access to which is limited in accordance with US law, as well as local regulations of the Company;
Automated processing of personal data - processing of personal data using computer technology;
Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or a foreign legal entity.
2. Rights and obligations of personal data subjects and the Operator
2.1. The personal data subject has the right:
2.1.1. to receive information regarding the processing of his personal data, in the manner, form and terms established by law;
2.1.2. demand clarification of your personal data, their destruction or blocking if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
2.1.3. withdraw your consent to the processing of personal data in accordance with the procedure specified in this Policy;
2.1.4. to exclude the Operator's information materials from the distribution;
2.1.5. exercise other rights provided for by applicable law.
2.2. The operator has the right:
2.2.1. process personal data of personal data subjects in accordance with the stated goals and in compliance with the established requirements;
2.2.2. require personal data subjects to provide reliable personal data necessary to achieve these goals;
2.2.3. restrict the personal data subject's access to his personal data in cases where the processing of personal data is carried out in accordance with the legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism, the access of the personal data subject to his personal data violates the rights and legitimate interests third parties, as well as in other cases provided for by federal law.
2.3. The operator is obliged:
2.3.1. organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
2.3.2. respond to requests and inquiries from subjects of personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
2.3.3. report to the authorized body for the protection of the rights of subjects of personal data of the United States at the request of this body, the necessary information within 30 days from the date of receipt of such a request.
2.4. Control over the implementation of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data at the Operator.
2.5. Responsibility for violation of the requirements of US law and the Operator's regulations in the field of personal data processing and protection is determined in accordance with US law.
3. Scope and categories of processed personal data
3.1. The operator processes the personal data of the Personal Data Subjects within the limits limited by the purposes of processing personal data. In relation to the Users of the Site, their personal data in this Policy means:
3.1.1. data provided by the User independently during registration or in the process of using the Site, namely: last name, first name, patronymic, date of birth, gender, postal address; home, work, mobile phone numbers, e-mail address (e-mail), password from your personal account on the website www.galleryimages.art. The information required for the provision by the Site is marked in a special way. Other information is provided by the User at his discretion;
3.1.2. technical data that is automatically transmitted to the Operator in the process of using the Site using the software installed on the User's device, including the IP address, cookie data, information about the User's browser (or other program through which the Site is accessed) , technical characteristics of the equipment and software used by the User, date and time of access to the Site, addresses of the requested pages and other similar information;
3.2. The Operator does not process special categories of the Users' personal data (information concerning race, nationality, political views, religious or philosophical beliefs, intimate life), as well as their biometric personal data.
3.3. The Operator does not control and is not responsible for the processing of personal data of Users by third-party sites to which the User can click on the links available on the Site.
3.4. The operator does not check and is not responsible for the accuracy of the information provided by the User on the Site.
4. Purposes of processing personal data
4.1. The operator processes only those personal data that are necessary to achieve the goals defined in clause 4.2 of this Policy.
4.2. Personal data is processed by the Operator in order to:
4.2.1. Enforcement of US Laws;
4.2.2. Carrying out its activities in accordance with the charter of STANEWSKI LLC;
4.2.3. Implementation of civil law relations;
4.2.4. Ensuring interaction with clients and counterparties of the Operator, concluding and executing contracts with them;
4.5.3. In relation to the Users of the Site, the purposes of processing their personal data by the Operator are:
- registration of Users on the Site and their placing orders for goods, or purchasing goods on the Site without registration;
- processing requests and applications from Users sent by them through the Site;
- improving the quality of the Site, ease of use for Users, development of new services and services;
- targeting advertising materials;
- conducting advertising and marketing activities, programs, promotions, surveys, sweepstakes, etc., as well as to promote goods and services on the market by making direct contacts (advertising and information mailing) with the User using various means of communication, including, but not limited to: mailing list, e-mail, telephone, Internet;
- conducting statistical and other research based on anonymized data in order to improve the quality of services.
5. Principles of processing personal data
5.1. The operator processes the personal data of the Personal Data Subjects, taking into account the following principles:
5.1.1. The personal data of the Personal Data Subject is processed for predetermined and legal purposes, which are listed in section 4 of this Policy.
5.1.2. The operator processes only those personal data that are necessary to achieve the goals specified in this Policy.
5.1.3. The operator ensures the accuracy and relevance of the processed personal data, their sufficiency in relation to the purposes of processing.
5.1.4. The operator ensures confidentiality when processing personal data and takes all necessary measures in accordance with clause 9.1 of the Policy.
6. The procedure and conditions for the processing of personal data and their transfer to third parties
6.1. The processing of personal data of the Personal Data Subject includes the collection, systematization, accumulation, storage, clarification, use, transfer to third parties both in the United States and cross-border transfer, depersonalization, blocking, destruction of personal data for the purpose of the Operator's fulfillment of its obligations under this Policy.
6.2. The personal data of the Personal Data Subject is processed by the Operator both using automation tools (using automated database management systems, as well as other software tools), and without using them.
6.3. If it is necessary to achieve the goals specified in this Policy, the Operator can provide access to or transfer personal data to other companies. In addition, if it is necessary to achieve the stated purposes of processing personal data, access to personal data may be provided to third-party providers, for example, technology service providers, financial management services, logistics. Access to personal data / transfer of personal data is carried out on the basis of an agreement concluded with such persons, provided that such third parties comply with the confidentiality of personal data and the security of personal data during their processing.
6.4. Personal data of the Subject of personal data is processed only with his consent. The consent given by the Subject of personal data to the processing of his personal data is indefinite and can be revoked by him or his representative by sending a written statement by the Subject of personal data to the address of the Operator's location specified in this Policy, or by sending a written notification to the email address email@example.com.
7. Change and deletion of personal data. Mandatory data storage
7.1. The Operator is obliged, at the request of the Subject of Personal Data, to clarify, block or delete the processed personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing.
7.1.1. The Operator is obliged, within a period not exceeding 10 (ten) calendar days from the date the Personal Data Subject provides information that personal data is incomplete, inaccurate or irrelevant, to amend them and notify the Personal Data Subject about it.
7.1.2. Personal data are subject to destruction in the following cases:
1) if it is impossible to ensure the lawful processing of personal data within a period not exceeding 15 (fifteen) calendar days from the date of detection of illegal processing;
2) upon receipt of a written application from the Personal Data Subject to destroy personal data or revoke the User's consent to the processing of personal data;
3) achievement of the purpose of processing personal data or loss of the need to achieve it;
4) expiration of the storage period for personal data.
7.1.3. Personal data is subject to destruction within 30 (thirty) calendar days, unless a different period is provided by US law or the Policy.
7.2. The rights provided for by the provisions of this Policy may be limited in accordance with the requirements of the law. For example, such restrictions may stipulate the obligation of the Operator to keep the information changed or deleted by the User for the period established by law and transfer such information in accordance with the legally established procedure to a state body.
7.3. The storage of personal data is carried out no longer than the purpose of processing personal data requires, if the storage period for personal data is not established by federal law, an agreement to which, a beneficiary or a guarantor, according to which the subject of personal data is.
8. Processing of personal data using cookies and counters
8.1. Cookies transmitted by the Operator to the User's equipment and the User's equipment to the Site can be used by the Operator to provide the User with personalized services, to target advertisements that are shown to the User for statistical and research purposes, as well as to improve the operation of the Site.
8.2. The user understands that the equipment and software used by him to visit sites on the Internet may have the function of prohibiting operations with cookies (for any sites or for certain sites), as well as deleting previously received cookies.
8.3. Search engines have the right to establish that the provision of a certain service or service is possible only if the acceptance and receipt of cookies is allowed by the User.
8.4. The structure of the cookie, its content and technical parameters are determined by the Operator and can be changed without prior notice to the User.
8.5. The counters placed by the Site can be used to analyze the User's cookies, to collect and process statistical information about the use of the Site, as well as to ensure the operability of the Site as a whole or their individual functions in particular. The technical parameters of the meters are determined by the Operator and can be changed without prior notice to the User.
9. Protection of personal information
9.1. The operator takes the necessary and sufficient legal, organizational and technical measures to protect the personal data of the Personal Data Subjects from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties with them.
9.2. In order to ensure adequate protection of personal data, the Operator assesses the harm that can be caused in case of violation of the security of personal data, and also determines the current threats to the security of personal data during their processing in personal data information systems.
10. Change of Policy
10.1. The operator has the right to make changes to this Policy without the consent of the Personal Data Subject. When making changes in the current edition, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted and is valid until the approval of the Policy in the new version, unless otherwise provided by the new edition of the Policy. The current version is permanently available on the page at www.galleryimages.art.
11. Contacts and questions about personal data
11.1. All suggestions, questions, requests and other requests regarding this Policy and the use of their personal data, the Personal Data Subject has the right to send to the Operator:
-by email address: (firstname.lastname@example.org).
- at the postal address: STANEWSKI LLC 494 AVON ST, Philadelphia, PA, United States, 19116
Date of publication: 03/01/2020