1. General ProvisionsThe present policy on personal data processing is crafted in accordance with the requirements of the Federal Law dated July 27, 2006, No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law) and outlines the procedures for processing personal data and measures to ensure the security of personal data, undertaken by the Individual Entrepreneur Yuri Valeryevich Parshukov (hereinafter referred to as the Operator).
1.1. The Operator sets the observance of the rights and freedoms of individuals in the processing of their personal data, including the protection of rights to privacy, personal, and family secrets, as its paramount goal and condition for conducting its activities.
1.2. This Operator's policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator may obtain about the service
http://botcom.fi/get-stories-bot (also available on Telegram:
https://t.me/getstoriesbot).
2. Main Definitions Used in the Policy2.1. Automated processing of personal data – processing of personal data using computer technology means.
2.2. Blocking of personal data – temporary cessation of processing personal data (except in cases where processing is necessary to clarify personal data).
2.3. Service – a collection of graphic and informational materials, as well as computer programs and databases, ensuring their availability on the internet at the network address
http://botcom.fi/get-stories-bot, as well as on Telegram
https://t.me/getstoriesbot.
2.4. Information system of personal data – a set of personal data contained in databases, and the information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data – actions that make it impossible, without using additional information, to determine the ownership of personal data to a specific User or another subject of personal data.
2.6. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.7. Operator – a government body, municipal body, legal or natural person, either independently or jointly with others, organizing and (or) carrying out the processing of personal data, and determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.
2.8. Personal data – any information directly or indirectly related to a specific or determinable User of the
http://botcom.fi/get-stories-bot service.
2.9. Personal data allowed by the subject of personal data for dissemination – personal data to which the subject of personal data has granted unlimited access by consenting to the processing of personal data allowed for dissemination in the manner provided by the Personal Data Law (hereinafter referred to as personal data allowed for dissemination).
2.10. User – any visitor to the website
http://botcom.fi/get-stories-bot and Telegram bot
https://t.me/getstoriesbot.
2.11. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data – any actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or acquainting an unlimited circle of persons with personal data, including the publication of personal data in mass media, placement in information and telecommunication networks, or providing access to personal data by any other means.
2.13. Cross-border transfer of personal data – the transfer of personal data to the territory of a foreign state, to the authority of a foreign state, or to a foreign individual or legal entity.
2.14. Destruction of personal data – any actions that result in the irreversible destruction of personal data with the impossibility of further recovery of the content of personal data in the information system of personal data and/or the destruction of material carriers of personal data.
3. Main Rights and Responsibilities of the Operator3.1. The Operator has the right to:
- Receive truthful information and/or documents containing personal data from the subject of personal data;
- In the event of the withdrawal of consent by the subject of personal data for the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data, provided there are grounds specified in the Personal Data Law;
- Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
3.2. The Operator is obligated to:
- Provide the subject of personal data, upon request, with information related to the processing of their personal data;
- Organize the processing of personal data in accordance with the current legislation of the Russian Federation;
- Respond to inquiries and requests from subjects of personal data and their legal representatives in accordance with the requirements of the Personal Data Law;
- Provide the necessary information to the authorized body for the protection of the rights of subjects of personal data upon request of this body within 30 days from the date of receiving such request;
- Publish or otherwise ensure unlimited access to this Policy regarding the processing of personal data;
- Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data;
- Cease the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases provided by the Personal Data Law;
- Fulfill other obligations stipulated by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects4.1. Subjects of personal data have the right to:
- Receive information regarding the processing of their personal data, except in cases provided by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form and should not contain personal data related to other subjects of personal data, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
- Demand from the operator the clarification of their personal data, their blocking, or destruction if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing. They also have the right to take legal measures to protect their rights;
- Impose a condition of prior consent when processing personal data for the purpose of promoting goods, works, and services on the market;
- Withdraw consent for the processing of personal data;
- Appeal to the authorized body for the protection of the rights of subjects of personal data or in court against unlawful actions or inaction of the Operator in the processing of their personal data;
- Exercise other rights provided by the legislation of the Russian Federation.
4.2. Subjects of personal data are obligated to:
- Provide the Operator with accurate information about themselves;
- Inform the Operator about the clarification (updating, changing) of their personal data.
4.3. Individuals who provide the Operator with false information about themselves or information about another subject of personal data without the latter's consent bear responsibility in accordance with the legislation of the Russian Federation.
5. Operator's Right to Process User's Personal Data5.1. Surname, first name, patronymic.
5.2. Email address.
5.3. Phone numbers.
5.4. The website also collects and processes anonymized data about visitors (including "cookie" files) using internet statistics services (Yandex Metrica, Google Analytics, and others).
5.5. The above-mentioned data, hereinafter referred to as Personal Data, are combined under this Policy.
5.6. The processing of special categories of personal data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, intimate life is not carried out by the Operator.
5.7. Processing of personal data permitted for distribution from the special categories of personal data specified in Part 1 of Article 10 of the Personal Data Law is allowed, provided that the prohibitions and conditions provided for in Article 10.1 of the Personal Data Law are observed.
5.8. The User's consent to the processing of personal data allowed for distribution is formalized separately from other consents for processing their personal data. In this case, the conditions stipulated in, among others, Article 10.1 of the Personal Data Law are observed. The content requirements for such consent are established by the authorized body for the protection of the rights of personal data subjects.
5.8.1. The User provides the Operator with consent to the processing of personal data allowed for distribution directly.
5.8.2. The Operator is obliged, within a period not exceeding three working days from the moment of receiving the User's consent, to publish information about the processing conditions, the presence of prohibitions and conditions on the processing of personal data allowed for distribution to an unlimited number of persons.
5.8.3. The transfer (distribution, provision, access) of personal data permitted by the personal data subject for distribution must be terminated at any time upon the request of the personal data subject. This requirement must include the surname, first name, patronymic (if any), contact information (phone number, email address, or mailing address) of the personal data subject, as well as a list of personal data, the processing of which is subject to termination. The personal data specified in this request can only be processed by the Operator to whom it is addressed.
5.8.4. The consent to the processing of personal data allowed for distribution ceases to be valid from the moment the Operator receives the request specified in clause 5.8.3 of this Policy regarding the processing of personal data.
6. Principles of Personal Data Processing6.1. The processing of personal data is carried out on a legal and fair basis.
6.2. The processing of personal data is limited to the achievement of specific, predetermined, and lawful purposes. Processing of personal data that is incompatible with the purposes of data collection is not allowed.
6.3. The combination of databases containing personal data processed for incompatible purposes is not allowed.
6.4. Only personal data that corresponds to the purposes of processing is subject to processing.
6.5. The content and scope of processed personal data correspond to the stated purposes of processing. Redundancy of processed personal data in relation to the stated purposes of processing is not allowed.
6.6. When processing personal data, accuracy, sufficiency, and, where necessary, relevance to the purposes of processing are ensured. The Operator takes necessary measures and/or ensures their implementation to delete or clarify incomplete or inaccurate data.
6.7. Storage of personal data is carried out in a form that allows identifying the subject of personal data for no longer than is required by the purposes of processing, unless the storage period is established by federal law, a contract, the party to which, the beneficiary or guarantor of which is the subject of personal data. Processed personal data is destroyed or anonymized when the purposes of processing are achieved or when the need to achieve these purposes is no longer relevant, unless otherwise provided by federal law.
7. Purposes of Personal Data Processing7.1. The purpose of processing the User's personal data includes:
- Informing the User through the sending of electronic emails;
- Entering into, executing, and terminating civil contracts;
7.2. Additionally, the Operator has the right to send the User notifications about new products and services, special offers, and various events. The User can always opt out of receiving informational messages by sending an email to the Operator at
ura@botcom.fi with the subject "Refusal of notifications about new products and services and special offers."
7.3. De-identified data of Users collected through internet statistics services are used to gather information about User actions on the website, improve the quality of the site, and its content.
8. Legal Grounds for Personal Data Processing8.1. The legal grounds for the processing of personal data by the Operator include:
- Normative legal acts regulating relations related to your activities (e.g., if your activity is related to information technology, especially the creation of websites, you can specify the Federal Law "On Information, Information Technologies, and the Protection of Information" dated July 27, 2006, No. 149-FZ);
- Charter documents of the Operator;
- Contracts concluded between the Operator and the subject of personal data;
- Federal laws, other regulatory legal acts in the field of personal data protection;
- Consent of Users to the processing of their personal data, including the processing of personal data permitted for distribution.
8.2. The Operator processes the personal data of the User only if they are filled out and/or submitted by the User independently through special forms on the website
http://botcom.fi/get-stories-bot or sent to the Operator via email. By filling out the relevant forms and/or sending their personal data to the Operator, the User expresses consent to this Policy.
8.3. The Operator processes de-identified data about the User if it is allowed in the User's browser settings (enabling the storage of "cookie" files and using JavaScript technology).
8.4. The subject of personal data independently decides to provide their personal data and gives consent freely, voluntarily, and in their own interest.
9. Conditions for the Processing of Personal Data9.1. The processing of personal data is carried out with the consent of the subject of personal data to the processing of their personal data.
9.2. The processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or by law, for the implementation of functions, powers, and duties imposed by the legislation of the Russian Federation on the operator.
9.3. The processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another authority, or an official that must be enforced in accordance with the legislation of the Russian Federation on enforcement proceedings.
9.4. The processing of personal data is necessary for the performance of a contract, where the subject of personal data is a party, a beneficiary, or a guarantor under the contract, and also for the conclusion of a contract at the initiative of the subject of personal data or a contract under which the subject of personal data will be a beneficiary or guarantor.
9.5. The processing of personal data is necessary for the realization of the rights and legitimate interests of the operator or third parties or for achieving socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated.
9.6. Processing is carried out for personal data that is publicly available, with unrestricted access granted by the subject of personal data or at their request (hereinafter - publicly available personal data).
9.7. Processing is carried out for personal data that must be published or disclosed in accordance with federal law.
10. Procedure for Collecting, Storing, Transmitting, and Other Types of Processing of Personal DataThe security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to fully comply with the requirements of the current legislation in the field of personal data protection.
10.1. The Operator ensures the security of personal data and takes all possible measures to prevent unauthorized access to personal data.
10.2. Personal data of the User will never, under any circumstances, be transferred to third parties, except in cases related to the fulfillment of current legislation or if the subject of personal data has given consent to the Operator to transfer data to a third party for the performance of obligations under a civil contract.
10.3. In case of inaccuracies in personal data, the User can update them independently by sending a notification to the Operator via email at the Operator's email address
ura@botcom.fi with the subject "Update of Personal Data."
10.4. The processing period for personal data is determined by achieving the goals for which personal data was collected, unless another period is stipulated by the contract or current legislation.
The User can withdraw their consent to the processing of personal data at any time by sending a notification to the Operator via email to the Operator's email address
ura@botcom.fi with the subject "Withdrawal of Consent to the Processing of Personal Data."
10.5. All information collected by third-party services, including payment systems, communication tools, and other service providers, is stored and processed by those entities (Operators) in accordance with their User Agreement and Privacy Policy. The subject of personal data and/or the User must independently and timely familiarize themselves with the specified documents. The Operator is not responsible for the actions of third parties, including the service providers mentioned in this paragraph.
10.6. Prohibitions on the transfer (except for providing access), as well as on the processing or conditions for the processing (except for obtaining access) of personal data allowed for dissemination, established by the subject of personal data, do not apply in cases of processing personal data in the public, social, and other public interests defined by Russian legislation.
10.7. The Operator ensures the confidentiality of personal data during their processing.
10.8. The Operator stores personal data in a form that allows identifying the subject of personal data for no longer than is required by the purposes of processing personal data, unless the storage period of personal data is established by federal law, a contract, or a party to which the subject of personal data is a beneficiary or guarantor.
10.9. The termination of the processing of personal data may be caused by achieving the goals of processing personal data, the expiration of the validity period of the subject's consent to personal data processing, or the withdrawal of the subject's consent to personal data processing, as well as the identification of the unauthorized processing of personal data.
11. List of Actions Performed by the Operator with the Obtained Personal Data11.1. The Operator performs the collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transmission (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
11.2. The Operator carries out automated processing of personal data, including obtaining and/or transferring the received information through information and telecommunication networks or without them.
12. Cross-Border Transfer of Personal Data12.1. Before initiating the cross-border transfer of personal data, the Operator must ensure that the foreign state to which the transfer of personal data is intended provides reliable protection of the rights of the subjects of personal data.
12.2. Cross-border transfer of personal data to the territories of foreign states that do not meet the above requirements may only be carried out with the written consent of the subject of personal data for the cross-border transfer of their personal data and/or the performance of a contract where the subject of personal data is a party.
13. Confidentiality of Personal DataThe Operator and other individuals who have access to personal data are obliged not to disclose to third parties and not to disseminate personal data without the consent of the data subject, unless otherwise provided by federal law.
14. Revocation of Consent for Personal Data ProcessingThe user has the right to revoke and delete their personal data collected by the service by contacting the Operator via email at
ura@botcom.fi. After processing the request, all personal data about the user obtained throughout the usage period will be deleted from the service.
15. Concluding Provisions15.1. The user can seek any clarifications on matters related to the processing of their personal data by contacting the Operator via email at
ura@botcom.fi.
15.2. Any changes to the policy of personal data processing by the Operator will be reflected in this document. The policy is effective indefinitely until replaced by a new version.
15.3. The current version of the Policy is publicly accessible on the Internet at
https://getstoriesbot.ru/policy.