Policy regarding the processing of personal data

1. General provisions

The terms of this policy on the processing of personal data are governed by Federal Law No.152-F3, dated 27/07/2006, hereinafter referred to as the Law on Personal Data. The purpose of this document is to provide information regarding the processes Bakinox LLC (the Operator) follows in order to process personal data. Additionally, it informs you of the security measures taken to protect your data.

1.1. When processing personal data, the operator is committed to protecting and respecting the rights and freedoms of its citizens and individual customers, including their right to privacy and personal information.

1.2. The operator is the data controller and this policy governs how personal data is handled. This includes information gathered about visitors to the website: https://www.bakinox.az.

2. Basic concepts used in Politics

2.1. Automated processing of personal data - processing personal data using computer technologies.

2.2. Blocking of personal data – temporarily suspending the processing of personal information (except when processing the information is essential to clarify the information).

2.3. Various graphic materials and informational materials are available on the website, as well as downloadable programs and databases, which can be accessed via the Internet at the following URL: https://www.bakinox.az.

2.4. Personal data information systems consist of databases, information systems, and technical means for processing personal information.

2.5. Anonymization of personal data — a method in which certain data cannot be used to identify one individual without additional information.

2.6. Processing of personal data - A set of actions (operations) involving personal data carried out with or without automation tools, including acquisition, recording, systematizing, accumulation, storage, clarification (updating, editing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deleting, and destroying.

2.7. Operator – It is any state, municipality, legal or natural entity that organizes or (or) processes personal data independently or jointly, and is also responsible for determining what personal data will be processed for what purpose, how that data will be processed, and what actions will be performed on the personal data.

2.8. Personal data – information related to a specific individual or defined group of individuals who have access to and use https://www.bakinox.az.

2.9. Personal data, authorized by the subject of personal data for dissemination- The information that may be accessed by an unlimited number of individuals whose subjects have consented to the processing of personal data or whose subjects have authorized the dissemination of the information in accordance with the Law on Personal Data (hereinafter referred to as personal data authorized for distribution).

2.10. User – a user of the website: https://www.bakinox.az.

2.11. Provision of personal data – revealing personal information to another party or group of parties.

2.12. Dissemination of personal data – This is any action that discloses personal information (transfer of personal information) or makes an unlimited number of individuals familiar with personal information; for example, publishing personal information in mass media, putting it in information and telecommunication networks, or otherwise making it accessible to the public.

2.13. Cross-border transfer of personal data - transferring personal data to a foreign authority, an individual from a foreign country, or a corporation from a foreign country.

2.14. Destruction of personal data - actions that cause the loss or irretrievability of personal data in the information system for personal data and/or the destruction of material carriers of personal data, with no further possibility of restoring their content.

3. Operator's fundamental rights and obligations

3.1. Every operator has the right to:

–  Gather reliable information about and/or documents containing the personal information of the individual concerned;

- If an individual withdraws consent to the processing of their personal data, the Operator can continue to process their personal data without their consent if there are sufficient grounds in accordance with the Law on Personal Data;

 

• Determine independently the composition and list of measures necessary and sufficient to ensure obligations are met in accordance with the Law on Personal Data and the normative legal acts adopted in accordance with it, unless otherwise provided for by the legislation or another federal law.

3.2. Operators must comply with the following:

- inform the subject with regard to the handling of his personal information upon request;

- to process personal data in accordance with the Russian Federation's current legislation;

In dealing with individuals, their legal representatives, and other third parties, the organization must adhere to all Personal Data Laws;

- provide the competent authority with all required information within 30 days of receiving a request for protection of personal data;

– make available to the public, unrestricted, the Policy regarding personal data processing;

- Protecting personal information through legal, organizational, and technical measures against unauthorized or accidental access, destruction, modification, blocking, copying, providing, and distributing data;

- compliance with data protection laws, including prohibiting the transfer of personal data (distribution, provision, access); destroying personal data when it is no longer necessary;

- comply with other provisions of the Personal Data Act.

4. Basic rights and obligations of subjects of personal data

4.1. Personal data subjects have the following rights:

- right to know how his data is being processed, except when federal law specifies otherwise. An Operator will provide information about personal data subjects in an easy-to-access format, and such information will not contain other subjects' personal data, except in cases where it is legally permissible to do so. Information to be obtained and the procedures to obtain it are established under the Personal Data Act;

- Resolve any concerns regarding the accuracy of the operator's personal data, block or destroy any information that is incomplete, outdated, inaccurate, illegitimately obtained, or irrelevant to the processing, and take any legal action that is necessary to protect his rights;

- obtaining consent prior to processing personal data for product, work, and service promotion;

– revocation of consent to process personal data;

- initiate a lawsuit against the Operator to challenge the invalidity of its actions or inactions with the competent authority for defense of the rights of subjects of personal data;

- for the implementation of other Russian legislation-guaranteed rights.

4.2. The following requirements must be met by data subjects:

– identify yourself accurately and provide reliable information to the Operator;

- Maintain updated or modified personal information (notifying the Operator of any changes).

4.3. According to the Russian Federation's law, any individual who provides the Operator with an unreliable statement about himself or herself or about the personal data of another person is fully liable and responsible for the act.

5. Data of the User that the operator can process 

5.1. Name, patronymic, surname.

5.2. Email address.

5.3. Contact information.

5.4. Visitors' depersonalized information, including cookies, is collected by Internet statistics services (Yandex Metrics, Google Analytics, and others).

5.5. Personal data is also included in the Policy in addition to the above-mentioned data.

5.6. No special categories of personal data, such as racial or ethnic origin, political beliefs, religion, or intimate relationships, are processed by the Operator.

5.7. In accordance with Article 10.1, if the relevant prohibitions and conditions are met, personal data authorized for distribution may be processed from the special categories of personal data specified in Chapter 1 Section 10 of the Personal Data Act.

5.8. Obtaining consent for the processing of personal data that is authorized for distribution is separate from obtaining consent for the processing of other personal data. It is also necessary to comply with the requirements stipulated in the Personal Data Act, particularly Art. 10.1. Consent to the processing of personal data must meet the requirements established by the authority responsible for protecting personal data subjects' rights.

5.8.1 The User grants permission to the Operator to process personal data authorized for direct distribution.

5.8.2 Within three working days of receiving the user's consent, the operator must publish the conditions of processing, prohibitions, and conditions that apply to the processing of unlimited numbers of personal data for distribution.

5.8.3 Personal data which are transferred (distributed, provided, accessed) with the consent of the subject may be terminated at will by the subject. A request for termination must be accompanied by the subject's surname, first name, patronymic (if necessary), and contact information (phone number, e-mail address, or postal address). Personal data indicated in this request may only be processed by the Operator to whom it is addressed.

5.8.4 The consent to process personal data authorized for distribution ceases to be valid if an Operator receives the request specified in this Policy at p. 5.8.3.

6. Personal data processing principles

6.1. Legal and fair processing of personal data is ensured.

6.2. Processing personal data is limited to achieving predetermined, legally defined goals. Processing of personal data that does not correspond to its intended purpose is prohibited.

6.3. Combined databases containing personal information that are processed for different purposes are prohibited.

6.4. Processing personal information is only permitted if it serves the purpose for which it was collected.

6.5. The purpose for which personal data is processed and the content of the data processed are aligned. Personal data must not be redundant if they are being processed for their declared purposes.

6.6. Processing of personal data is carried out in accordance with the purpose they are intended for, ensuring accuracy, sufficiency, and relevance. A data operator will take the necessary measures to address incomplete and inaccurate data, and/or ensure that they are implemented.

6.7. In the absence of a federal law determining the term of storage of personal data or a contract with a party, beneficiary, or guarantor whose data are being stored, personal data is stored in a form that can be used to identify the subject of the personal data, not exceeding the extent required to achieve the purpose of the processing. When the processing goals have been achieved or ceased to be necessary, the processed personal data are destroyed or anonymized, except where federal law stipulates otherwise.

7. The purpose of processing personal data

7.1. The following purposes are achieved through the processing of the User's personal data:

– communicating with the User via electronic mail;

- The completion, execution, and termination of civil law contracts;

- providing the User with access to information, materials, or services through https://www.bakinox.az.

7.2. The Operator may provide information to Users about new products, special offers, and events. If a user does not wish to receive informational messages, he can get in touch with the Operator by email at info@bakinox.az with the subject line, "Rejection of notifications about new products and services."

7.3. We collect anonymous information from Users using Internet statistics services so that we can improve the quality of the site and its content.

8. Processing of personal data based on legal grounds

8.1. Personal data may be processed by the Operator on the following legal grounds:

- Indicate the legal and normative acts governing your activity. In the case that your activity relates to information technologies, you can, for example, specify the Federal Law "On Information, Information Technologies and Information Protection" dated 07.27.2006 here;

– the Operator's statutory documents;

- Policies and procedures concerning the processing of personal data between the operator and the data subject;

– federal laws regulating the protection of personal information;

- Consent of the user to the processing and distribution of their personal data.

8.2. The Operator only obtains permission to process personal data when the User submits them independently via the website https://www.bakinox.az or via email. In completing the appropriate forms and/or providing the Operator with their personal information, Users express their agreement with this Policy.

8.3. The Operator may process depersonalized data about the User if the Users' browser settings allow it (including cookies and JavaScript technology).

8.4. Data subjects make their own informed decisions about providing their personal data and consent in their own interests.

9. Processing terms for personal data

9.1. Unless the subject of the data consents, personal data cannot be processed.

 

9.2. Processing of personal information is necessary to enable the operator to fulfill its functions, powers, and obligations under Russian Law and international agreements.

9.3. In accordance with Russian Federation legislation, personal data may be processed for the purposes of administering justice, executing judicial acts, or participating in executive production.

9.4. As part of the execution of a contract in which the subject of personal data is a beneficiary or guarantor, as well as the completion of a contract that has been prompted by or involves the subject of personal data as a beneficiary or guarantor, the processing of personal data is required.

9.5. In order to exercise its legitimate interests or achieve a socially significant result, it is permissible for operators to process personal data provided that the rights and freedoms of the data subject are not violated.

9.6. Personal data are processed and may be accessed by an unlimited list of individuals who have the subject's consent or who have requested it (hereinafter called public personal data).

9.7. Federal law requires the proper processing of all personal data that will be published or disclosed.

10. Collecting, storing, transferring and processing personal data

Several legal, organizational, and technical measures are in place to protect the personal data processed by the Operator based on current legislation.

10.1. The operator takes all necessary measures to ensure that personal data is protected and unauthorized individuals cannot access it.

10.2. There will be no sharing of user data with third parties under any circumstances, except in situations where current legislation is being implemented or where the subject of the personal information has given consent to the operator to share it with a third party in order to fulfill contractual obligations.

10.3. The User may manually update inaccurate personal information by sending a notification to the Operator at info@bakinox.az with the message "Update of personal information".

10.4. The duration for which personal data is processed is determined by the purposes for which the data was collected, provided no other time period is specified by legislation or contract.

Data subjects may withdraw their consent to the storage of personal data at any time by emailing info@bakinox.az with the message "Withdrawal of consent to storage of personal data".

10.5. Various services, applications, and payment mechanisms may allow third parties to collect and store information about you, which is then stored and processed by specified operators based on their User Agreements and Privacy Policies. User and/or subject of personal data should familiarize themselves with the specified documents immediately in accordance with this paragraph. Third parties, including the service providers listed here, are not the operator's responsibility to monitor.

10.6. Personal data processing for the state, the public or any other public interest as defined by RF legislation is exempt from the prohibitions imposed by the subject of data on transfer (except to grant access) and processing (except for obtaining access) of personal data.

10.7. The operator handles personal information in a confidential manner.

10.8. It is the operator's responsibility to store personal data in a form that identifies the subject of the personal data to the extent necessary for the purpose of processing them, and, if the term of storage of personal data is not determined by federal law, to identify the parties, beneficiaries, or guarantors to whom the personal data pertains.

The processing of personal data may need to be terminated if its goals have been achieved, if the consent period of the subject to whom personal data is pertaining has expired or if the consent has been withdrawn, or if it has been determined that the processing of personal data has been illegal.

11. Data processing actions performed by the Operator

11.1. An operator collects, records, systematizes, accumulates, stores, updates (changes), retrieves, uses, transmits (distributes, provides, or accesses), anonymizes, blocks, deletes, and destroys personal data.

11.2. Operators process personal data automatically, either with or without receiving or transmitting the obtained information through an information or telecommunication network.

12. Personal data transfer across borders

12.1. A cross-border transfer of personal data must be carried out under the assurance that the foreign state into which the data will be transferred will provide reliable protection of the subjects' rights.

12.2. It is necessary for the subject of personal data to give his written consent to such cross-border transfers or sign a contract to which he is a party if such cross-border transfers occur within the territory of a foreign country that does not fulfill the above-mentioned requirements.

13. Personal data confidentiality

It is a matter of federal law that operators of services that collect and store personal data must not disclose or distribute personal data without the consent of the individual whose personal data is being processed.

14. Last provisions

14.1. Questions regarding the processing of your personal data can be sent to info@bakinox.az to the Operator.

14.2. If the operator's policy on handling personal data changes, this document will be updated. Until a new version of the policy is released, the old policy remains valid.

14.3. This policy can be accessed via the internet for free at https://www.bakinox.az