Confidentiality Policy

Operator: FERRO-ESTATE GROUP, LLC
TIN 7701270544
Address: 105082, Moscow, 55/59, bld. 1, Bol. Pochtovaya St., floor / room 7/2
e-mail: info@ferro-estate.ru

1. General provisions

1.1. This Privacy Policy determines the operator’s policy regarding the processing of personal data and contains information about the requirements for the protection of personal data, and is available to the general public online at https://ferro-estate.ru/about/politics/.

1.2. The purpose of this Policy is to ensure the protection of the rights of a citizen to confidentiality when processing his/her personal data, including the protection of the rights to privacy, personal and family secrets.

1.3. By pressing the consent button in the window with the text of the Privacy Policy or checking the corresponding box you unconditionally accept the terms and conditions of this Policy.

2. General Concepts

Automated processing of personal data shall mean computer-assisted personal data processing:

Biometric personal data shall mean details that characterizes physiological and biological features of a person, that can be used as a basis for establishing his/her identity and which are used to establish the identity of the personal data subject;

Blocking of personal data is a temporary termination of Personal Data processing (except in cases where processing is necessary to clarify personal data).

Personal Data Information System shall mean aggregation of personal data contained in the personal data databases and the IT technologies and technical means ensuring personal data processing;

Personal data anonymization shall mean actions resulting in the impossibility of attributing personal data to a specific personal data subject without additional information;

Operator shall mean a person who independently or jointly with other persons arranges and (or) is engaged in the processing of personal data, and determines the purposes of processing of personal data, the contents of the processed personal data, actions (operations) performed with personal data;

Personal data processing shall mean any action (operation) or a set of actions (operations) performed with or without the use of automation tools with Personal Data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, destruction of personal data;

Personal data shall mean any information related to a directly or indirectly identified or identifiable individual (personal data subject), allowing for identification, financial, payment and accounting data, phone book, data on the location of the device and the list of other applications on the device, microphone data, etc. cameras, as well as other confidential information about the device or its use;

Personal data permitted for dissemination by the personal data subject shall mean personal data that can be accessed by the general public due to consent by the personal data subject to the processing of personal data;

Provision of personal data shall mean actions aimed at disclosure of personal data to a certain person or a certain group of persons;

User shall mean an individual using the information systems of the website owner;

Dissemination of personal data shall mean actions aimed at disclosure of personal data to general public;

Website shall mean a set of means and information, texts, graphic elements, design, images, photo and video materials, other results of intellectual activity, as well as software intended for publication online and displayed in a certain text, graphic or sound form, combined under a unique e-mail address (domain name or IP-address), allowing to identify and access it. An independent composite multimedia product within the meaning of Art. 1260 of the Civil Code of the Russian Federation, modules and cross-modular components of which are used by the owner legally for the provision of services, as well as licensing and technical restrictions. The set of information contained in the information system ensuring the availability of such information online at https://ferro-estate.ru, https://reef.live, https://breeze.reef.live, https://newrigapark.ru, https://land.newrigapark.ru, including all its sections, pages (subdomains);

Service shall mean services for which the user applies to the operator;

Cross-border transfer of personal data shall mean transfer of personal data to a foreign jurisdiction, to an authority therein, to a foreign individual or to a foreign legal entity;

Destruction of personal data shall mean actions which results in impossibility of restoring the content of personal data in the personal data information system and/or as a result of which the tangible media with personal data are destroyed.

Legal grounds and purposes of processing of personal data

3.1. The processing and security of personal data by the operator shall follow the requirements of Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data”, the Labor Code of the Russian Federation, by-laws, other federal laws of the Russian Federation determining the cases and features of processing documents of the FSTEC of Russia and the Federal Security Service of Russia.

3.2. The Operator processes personal data for the following purposes:

3.2.1. implementation of the functions, powers and duties assigned to the operator by the legislation of the Russian Federation in accordance with federal laws, including, but not limited to: The Civil Code of the Russian Federation, the Tax Code of the Russian Federation, the Labor Code of the Russian Federation, the Family Code of the Russian Federation, Federal Law No. 27-FZ dated April 1, 1996 “On Individual (Personified) Accounting in the Compulsory Pension Insurance System”, Federal Law dated February 7, 1992 No. No. 2300-1 “On Consumer Rights Protection”, Federal Law dated 21.11.1996 No. 129-FZ “On Accounting”, Federal Law dated 29.11.2010 No. 326-FZ “On Compulsory Health Insurance in the Russian Federation” as well as operators of personal data under agency agreements;

3.2.2. Personal data of employees is processed for the purposes of compliance with the labor, tax and pension legislation of the Russian Federation, namely: assistance to employees in employment; calculation of wages; arranging business trips of employees; execution of powers of attorney (including, to represent the operator with third parties); control of the quantity and quality of the work performed; time tracking; use of various types of benefits in accordance with the Labor Code of the Russian Federation, the Tax Code of the Russian Federation, federal laws, as well as internal regulations of the operator; voluntary life, health and / or accident insurance;

3.2.3. Personal data of counterparties - individuals and individual entrepreneurs are processed for the purposes of: concluding and executing a contract, one of the parties to which is an individual or an individual entrepreneur;

3.2.4. Personal data of representatives of legal entities - contractors of the operator is processed for the purposes of: conclusion and execution of contracts under which personal data of employees of such a legal entity is provided for the purposes of contract execution in various areas of the operator’s activities;

3.2.5. Personal data of individuals whose data is processed for the benefit of third parties - operators of personal data under an agency agreement for the purposes of: execution of contracts - instructions of personal data operators;

3.2.6. Personal data of customers / users - consumers of the operator's services are processed for the purposes of: providing information on services, ongoing promotions and special offers; analyzing the quality of the service provided by the operator and improving the quality of customer service.

4. Personal data processing at the website

4.1. When using the websites https://ferro-estate.ru, https://reef.live, https://breeze.reef.live, https://newrigapark.ru, https://land.newrigapark.ru, the personal data subject (the user) transfers the following information to the operator:

4.1.1. Categories and list of personal data

General category:

name; phone number; e-mail address, message (other information at the discretion of the user)

Anonymized:

Data about the user device (permissions, software version and other identifiers characterizing the user device, IP address); information about the user's browser or other software through which the Internet is accessed; source of access to the website and information of the search query; date and time of access; user clicks, page views, filling in fields, impressions and views of banners and videos; data characterizing audience segments; session parameters; data on the time of visit; user ID stored in cookies

4.2. The information specified in paragraph 4.1.1. shall be used by the operator for the purpose of reviewing the request of the subject and the provision of operator services.

4.3. The information specified in Clause 4.1.1. may be transferred to third parties for processing. Such persons may include government agencies, third-party services providing automation services, instant messengers, contractors and partners of the operator. Such third parties shall ensure an appropriate level of data protection not less than that established by this Policy.

4.4. The information specified in clause 4.1 shall be processed until the purpose of processing is achieved or until the subject refuses to conclude the contract, or until the obligations under the concluded contract are discharged. The processing of personal data after these events may be carried out by the operator to protect its rights and legitimate interests.

4.5. The basis for the processing of personal data of the subject is the consent to the processing of personal data given by the personal data subject, or the conclusion and execution of an agreement with the subject.

.6. The Operator shall always request the consent of the subject. The request for consent is formulated very clearly and is presented in a separate dialog box. The user’s consent shall be confirmed by an action (by clicking a button or by checking a box). The situation when the user intentionally or accidentally closes the window with the request, including by clicking in another place or the button to return to the home screen, shall not be considered as consent. Automatically closing requests (for example, after a certain time) shall not be a means of obtaining consent. The request for consent shall be pre-approved by the subject, after which the site can access the personal data and / or start their processing.

4.7. The subject may withdraw consent to the processing of personal data and demand the deletion of the data, if they are not required for the performance of the contract concluded with the operator. The subject may file a statement on the termination of the processing of personal data to the e-mail of the operator info@ferro-estate.ru or to the legal / postal address.

4.8. Biometric personal data are not processed by the operator.

4.9. The publication of photographic images on the website shall require the subject’s written consent to the processing of personal data permitted for dissemination by the personal data subject, taking into account the requirements provided for in Art. 152.1 of the Civil Code of the Russian Federation.

5. Site identifiers

5.1. Data collection by the operator using the Internet is carried out in two primary ways: data provision and automatically collected information.

5.2. Personal data is provided by filling out the relevant forms on the website, by sending e-mails to the corporate address of the operator.

5.3. Automatically collected information that is collected and processed by the operator: information about the interests of users on the website based on the search queries about the services sold and offered, the generalization and analysis of information about the most visited sections of the website; search queries of website users in order to generalize and create customer statistics on the use of sections of the website.

5.4. The Operator automatically receives certain types of information using technologies and services, such as web protocols, cookies, web tags.

5.5. A cookie is a piece of data that is automatically stored on your computer’s hard drive each time you visit a website. Thus, a cookie is a unique browser identifier for a website. Cookies allow to store information on the server and make it easier to navigate the web space, as well as allow for website analysis and evaluation of the results. Most web browsers allow the use of cookies, but you can change the settings to refuse to work with cookies or track their distribution path. Some resources may work incorrectly if the cookies in the browser are prohibited.

5.6. Web tags. The operator may use a common Internet “web tagging” technology (also known as “tags” or “fine GIF technology”) on certain web pages or e-mails. Web pins help analyze the performance of websites, for example, by measuring the number of website visitors or the number of “clicks” on key positions of a website page.

5.7. Web marks, cookies and other monitoring technologies do not allow to automatically receive personal data. If the user of the site at his/her own discretion provides his/her data, for example, when filling out a feedback form or when sending an e-mail, only then the processes of automatic collection of detailed information for the convenience of using the websites and / or to improve interaction with users are launched.

6. Rights and Obligations of Personal Data Subjects

6.1. The operator shall not disclose to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

6.2. If, in accordance with the law, the provision of personal data and (or) obtaining by the operator of consent to the processing of personal data is mandatory, the operator shall explain to the personal data subject the legal consequences of the refusal.

6.3. If Personal data are not received from the personal data subject, the operator shall provide the following information to the personal data subject:

  • name and address of the operator or its representative;
  • purpose of personal data processing and its legal basis;
  • list of personal data;
  • intended users of personal data;
  • the rights of the personal data subject established by the Law “On Personal Data”;
  • source of personal data.

6.4. The Operator shall not be obliged to provide the information specified in Clause 6.3 in the following cases:

  • the personal data subject is notified of the processing of his/her personal data by another operator;
  • Personal data are obtained by the Operator based on a federal law or in connection with the performance of an agreement to which the Personal Data Subject is a party, or a beneficiary, or a guarantor;
  • the processing of personal data permitted by the personal data subject for dissemination shall comply with the relevant prohibitions and conditions;
  • the operator processes personal data for statistical or other research purposes, for the professional activities of a journalist or for scientific, literary or other creative activities, unless the rights and legitimate interests of the personal data subject are violated;
  • the provision of this information violates the rights and legitimate interests of third parties.

6.5. The agreement concluded with the personal data subject may not contain provisions restricting the rights and freedoms of the subject, as well as:

  • establishing the processing of personal data of minors (unless otherwise provided by the legislation of the Russian Federation);
  • allowing inaction of the personal data subject as a condition for the conclusion of the contract.

6.6. Personal data processing for the market promotion of goods, works, and services by contacting a potential consumer directly using communication means shall be allowed only with the prior consent of the personal data subject. The operator shall prove that such consent has been obtained. The operator shall immediately stop the processing of personal data for the specified purposes at the request of the subject.

6.7. The operator is not entitled to make decisions that give rise to legal consequences in relation to the personal data subject or otherwise affecting his rights and legitimate interests, on the basis of solely automated processing of personal data, unless otherwise provided by law.

6.8. The operator shall explain to the subject the procedure for making a decision on the basis of solely automated processing of his/her personal data and the potential legal consequences of such a decision, provide an opportunity to raise an objection to such decision, as well as explain the procedure for protecting the personal data subject of his/her rights and legitimate interests. The operator shall consider the subject’s objection within thirty days from the date of its receipt, and notify the subject of the results of the consideration.

6.9. The personal data subject may appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or omissions of the operator in the processing of their personal data.

6.10. The personal data subject shall be entitled to the protection of their rights and legal interests, including compensation for losses and/or compensation for moral damage through judicial proceedings.

7. Updating, correcting, deleting and destroying personal data

7.1. The personal data subject may require the operator to refine their personal data, block, or destroy them if the personal data are incomplete, outdated, inaccurate, obtained illegally, or not required for the stated purpose of processing as well as take measures provided for by law to protect their rights.

7.2. In case of confirmation of the fact of inaccuracy of personal data, the operator shall update them.

7.3. In case of confirmation of the fact of unlawfulness of personal data processing, the operator shall stop their processing.

7.4. Personal data is destroyed when the purposes of personal data processing are achieved, as well as in case of withdrawal of consent by the personal data subject, unless:

  • otherwise established by an agreement to which the personal data subject is a party, beneficiary or guarantor;
  • the operator is entitled to carry out processing on other legal grounds.

7.5. Within seven business days from the date of submission by the personal data subject or his/her representative of the information confirming that the personal data is incomplete, inaccurate or irrelevant, the operator shall make the necessary changes thereto.

7.6. Within seven business days from the date of submission by the personal data subject or his/her representative information confirming that such personal data is illegally obtained or is not necessary for the stated purpose of processing, the operator shall destroy such personal data.

7.7. The operator shall notify the personal data subject or his/her representative about the changes and measures taken and take reasonable measures to notify third parties to whom the personal data of this subject have been transferred.

8. Procedure for handling requests of personal data subjects and authorized bodies

8.1. The personal data subject may receive the following information upon request:

  • confirmation of the fact of personal data processing;
  • legal grounds and purposes of personal data processing;
  • means and methods of personal data processing used by the operator;
  • Operator’s name and location, information about persons (except for operator’s employees) who may access PD or to whom PD may be disclosed under an agreement with the operator or by virtue of the federal law;
  • processed personal data related to the respective personal data subject, their source, unless other procedure for presentation of such data is provided by the federal law;
  • term of personal data processing, including term of their storage;
  • procedure for the exercise by the personal data subject of the rights provided for by the Federal Law “On Personal Data”;
  • information on the performed or intended trans-border transfer of data;
  • name or surname, first name, patronymic and address of a person who processes personal data on behalf of the operator, if the processing is entrusted to such a person;
  • information on the methods of discharge by the operator of the obligations established by Article 18.1 of the Federal Law “On Personal Data”;
  • other information provided for by federal laws.

8.2. The operator may not to provide information at the request of the entity, if in accordance with federal laws:

  • processing of personal data, including personal data obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
  • personal data is processed by the authorities that detained the personal data subject on suspicion of committing a crime, or charged the personal data subject in a criminal case, or applied a preventive measure to the personal data subject before the charge, except for cases provided for by the criminal procedure legislation of the Russian Federation, if the suspect or the accused may review such personal data;
  • the personal data is processed in accordance with the legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism;
  • access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties;
  • the personal data is processed in cases stipulated by the legislation of the Russian Federation on transport security, in order to ensure the stable and safe operation of transport facilities, to protect the interests of the individual, society and the state in the field of transport from acts of unlawful interference.

8.3. Information provided at the request of the subject shall be provided in an accessible form. The information provided shall not contain personal data of third parties, unless there are legal grounds for the disclosure of such personal data.

8.4. Information shall be provided within 10 business days from the date of receiving the request. This period may be extended by no more than five business days if the operator sends a substantiated notice indicating the reasons for the extension.

8.5. The request shall contain:

  • number of the primary identity document of the subject or its representative;
  • information on the date of issue of the document and the issuing authority;
  • information confirming the relation of the personal data subject with the operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of personal data processing by the operator;
  • signature of the personal data subject or his/her representative.

8.6. The request can be sent in the form of an electronic document and signed with an electronic signature. The request shall be sent in free form to the e-mail address or the address of the operator.

8.7. The operator shall provide information to the personal data subject or his/her representative in the form in which the relevant request or request is sent, unless otherwise specified in the request.

8.8. The personal data subject may apply to the operator again not earlier than thirty days after the initial request. If the information was not provided to the subject in full, the subject may contact the operator again before the expiration of the specified period.

8.9. The operator may reasonably refuse to execute a repeated request. The obligation to provide evidence of the validity of the refusal to perform a repeated request lies with the operator.

8.10. The operator shall provide the personal data subject or his/her representative with the opportunity to review the personal data related to this personal data subject in a manner similar to the procedure for providing information at the request of the subject. In case of refusal, the operator shall provide a reasoned response with reference to the clause of the law being the basis for the refusal. The refusal shall be provided within 10 business days from the date of receiving the request. This period may be extended by no more than five business days if the operator sends a reasoned notice indicating the reasons for the extension.

8.11. The operator shall inform the authorized body for the protection of the rights of personal data subjects at the request of this body about the necessary information within 10 business days from the date of receiving such request. Such period may be extended but for no more than for five business days if the Operator sends a reasoned notice to the personal data subject indicating reasons for extending the period for providing the requested information.

9. Requirements for the protection of personal data

9.1. The operator shall take measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law and the regulatory legal acts adopted in accordance with it, which, in particular, include:

    appointment of a person responsible for arranging personal data processing;

    publication of a policy for the processing of personal data (confidentiality) and local acts in the field of personal data processing, determining for each purpose of personal data processing (1) categories and a list of personal data processed, (2) categories of subjects whose personal data is processed, (3) methods of personal data procedure, (4) the term of processing and storage of personal data, (5) the procedure for the destruction of personal data, as well as local acts establishing procedures aimed at preventing, identifying and eliminating the consequences of violations of the legislation of the Russian Federation, eliminating the consequences of such violations;

    application of organizational and technical measures to ensure personal data security during processing;

    implementation of internal control over the compliance of personal data processing with the law and local acts of the operator;

    assessment of harm in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to subjects of personal data in case of violation of the Federal Law “On Personal Data”, the ratio of this harm and measures taken by the operator aimed at ensuring the fulfillment of obligations under the Federal Law “On Personal Data”;

    familiarization (or appropriate training) of employees who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, processing policy and other local acts on personal data, local acts on the personal data processing;

    personal data of users is processed in a secure way using modern encryption methods.

9.2. The operator implements legal, organizational and technical measures to ensure the security of personal data, based on the levels of protection and current threats to the security of personal data:

  • identification of threats to the security of personal data during their processing in information systems;
  • application of organizational and technical measures to ensure the security of personal data based on the levels of protection of personal data;
  • applying information protection means that have passed the conformity assessment procedure in the established manner (if required);
  • assessment of effectiveness of measures taken to ensure security of personal data prior to commissioning of the information system;
  • registration of machine personal data storage media;
  • detection of facts of unauthorized access to personal data and taking measures to detect, prevent and eliminate the consequences of computer attacks and incidents in information systems;
  • recovery of personal data after unauthorized access thereto;
  • establishment of rules for access to personal data, as well as ensuring registration and accounting of all actions performed with personal data in the information system;
  • control over measures to ensure the security of personal data and levels of security of information systems;
  • interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing about computer incidents that resulted in the unlawful transfer (provision, dissemination, access) of personal data in the manner prescribed by the federal executive body authorized in the field of information security.

10. Final Provisions

10.1. This Policy is a local regulatory act of the operator and is publicly available.

10.2. This Policy may be revised in any of the following cases:

  • when changing the legislation of the Russian Federation in the field of personal data processing and protection;
  • in cases of receiving instructions from the competent state authorities to eliminate inconsistencies affecting the scope of this Policy;
  • by resolution of the operator’s management;
  • when the purposes and term of personal data processing change;
  • when changing the organizational structure, structure of information and / or telecommunication systems (or introducing new ones);
  • when applying new technologies for processing and protecting personal data, including transfer and storage;
  • in other cases requiring revision of this Policy.

10.3. This Policy shall enter into force immediately after its posting on the official website of the company https://ferro-estate.ru.


Contact us

Send a message