1. General Provisions
This Personal Data Processing Policy has been drafted in accordance with the requirements of the Federal Law of the Russian Federation as of July 27, 2006 No. 152-FZ „On Personal Data“ (hereinafter referred to as the PD Law) and outlines the procedure for processing personal data and the measures taken by L-Buro LLC (hereinafter referred to as the Operator) to ensure the security of personal data.
1.1. The Operator's primary goal and condition for its activities is to respect the rights and freedoms of individuals and citizens when processing their personal data, including safeguarding the privacy rights and personal and family confidentiality.
1.2. This Operator's Policy on personal data processing (hereinafter referred to as the Policy) applies to all information about visitors of the https://lburo.ru website that the Operator may get.
2. Basic Definitions Used in the Policy
2.1. Automated personal data processing is the handling of personal data using computer technologies.
2.2. Blocking personal data is a temporary halt in processing personal data (unless processing is required to verify personal data).
2.3. A website is a collection of graphic and informational materials, along with computer programs and databases, that ensure their availability on the Internet at the network address https://lburo.ru.
2.4. A personal data information system is a collection of personal data stored in databases, along with the information technologies and technical tools that facilitate their processing.
2.5. Anonymization of personal data is actions that make it impossible to identify the ownership of personal data by a specific User or other person without additional information.
2.6. Processing personal data is any action (operation) or series of actions (operations) performed with or without automation tools involving personal data, such as collecting, recording, arranging, gathering, storing, reviewing (updating, changing), extracting, using, sharing (distribution, provision, access), anonymizing, blocking, deleting, destructing.
2.7. An operator is a state agency, municipal body, legal entity, or individual that independently or jointly with other persons organizes and/or carries out the personal data processing, as well as determines the purposes of processing personal data, the scope of personal data subject to processing, and actions (operations) applied to personal data.
2.8. Personal data is any information directly or indirectly related to a specific or identifiable User of the https://lburo.ru website.
2.9. Personal data permitted for distribution by the data owner is personal data that an unlimited number of people can access, as granted by the data owner through consent for processing following the PD Law (hereinafter referred to as personal data permitted for distribution).
2.10. User refers to any visitor to the https://lburo.ru website.
2.11. Provision of personal data is an action aimed at disclosing personal data to a specific person or a specific group of persons.
2.12. Distribution of personal data is any action intended to disclose personal data to an unspecified number of individuals (personal data sharing) or to make personal data available to an unlimited audience, including through mass media, posting in information and telecommunication networks, or granting access to personal data by any other means.
2.13. The cross-border transfer of personal data is the transfer of personal data to a foreign country's territory, sharing with a foreign government agency, a foreign individual, or a foreign legal entity.
2.14. Deleting personal data is any action that results in the irreversible destruction of personal data, making it impossible to restore the content in the personal data information system and/or the destruction of physical media containing personal data.
3. Basic Rights and Obligations of the Operator
3.1. The Operator is entitled to:
— receive reliable information and/or documents containing personal data from the owner of personal data;
— in the event of the personal data owner’s withdrawal of consent to the personal data processing, as well as the sending of a request to stop the personal data processing, the Operator has the right to continue processing personal data without the consent of the personal data owner if there are grounds specified in the PD Law;
— independently decide on the scope and list of measures needed to fulfill obligations as outlined by the PD Law and related regulatory acts, unless specified otherwise by the PD Law or other federal laws.
3.2. The Operator is obliged to:
— provide the personal data owner, upon request, with details regarding the processing of their personal data;
— arrange the personal data processing as per the procedure set by the current legislation of the Russian Federation;
— address requests and inquiries from personal data owners and their legal representatives in line with the PD Law requirements;
— provide the necessary information to the authorized body responsible for protecting personal data rights within 10 days of receiving a request from this body;
— publish or otherwise provide unrestricted access to this Policy on personal data processing;
— implement legal, organizational, and technical measures to safeguard personal data from unauthorized or accidental access, deletion, alteration, blocking, copying, sharing, distributing, and other illegal actions concerning personal data;
— cease transferring (dissemination, provision, access) of personal data, stop processing and delete personal data in the manner and cases stipulated by the PD Law;
— carry out additional duties outlined by the PD Law.
4. Basic Rights and Obligations of Personal Data Owners
4.1. Owners of personal data are entitled to:
— receive information regarding the processing of his/her personal data, except in cases provided for by federal laws. The Operator shall provide information to the personal data owner in an accessible form, and it shall not include personal data of other individuals, unless there are legitimate reasons for such disclosure.The PD Law establishes the list of information and the procedure for obtaining it;
— request the Operator to verify his/her personal data, block or delete it if they are incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the stated processing purpose, and to take legal measures to protect their rights;
— set a requirement for prior consent when handling personal data for marketing goods, works, and services;
— revoke consent to the personal data processing, as well as to send a request to stop the personal data processing;
— file an appeal with the authorized body for the protection of personal data rights or in court against the Operator's unlawful actions or inactions in processing his/her personal data;
— exercise other rights provided for by the legislation of the Russian Federation.
4.2. Owners of personal data are obliged to:
— provide the Operator with true data about himself/herself;
— inform the Operator about clarification (update, change) of own personal data.
4.3. Individuals who provide the Operator with false information about themselves, or information about another person without his/her consent, will be held accountable under Russian Federation law.
5. Principles of Personal Data Processing
5.1. Personal data processing is carried out on a lawful and fair basis.
5.2. The handling of personal data is restricted to achieving specific, predefined, and lawful purposes. Processing of personal data incompatible with the purposes of personal data collection is not permitted.
5.3. It is prohibited to merge databases containing personal data processed for incompatible purposes.
5.4. Only personal data that matches the purposes of their processing are eligible for processing.
5.5. The scope and content of processed personal data are consistent with the declared processing purposes. Excessive amounts of processed personal data against the declared processing purposes are prohibited.
5.6. During personal data processing, the accuracy, sufficiency, and, when necessary, relevance concerning the purposes of processing are ensured. The Operator takes the necessary measures and/or ensures that they are taken to delete or review incomplete or inaccurate data.
5.7. Personal data shall be stored in a manner that allows identification of the data owner, for no longer than required by the processing purposes, unless a storage period is defined by federal law or a contract where the data owner is a party, beneficiary, or guarantor. Processed personal data will be deleted or anonymized once the processing objectives are met or if the need to achieve these objectives is no longer present, unless federal law states otherwise.
6. Purposes of Personal Data Processing
Purpose of processing
Order details clarification
Personal data
Last name, first name, patronymic, phone numbers
Legal basis
Federal Law No. 149-FZ “On Information, Information Technologies, and Information Protection” dated July 27, 2006
Types of personal data processing
Collecting, recording, systematizing, accumulating, storing, deleting, and anonymizing of personal data
7. Conditions of Personal Data Processing
7.1. Personal data is processed upon the individual's consent for handling his/her personal data.
7.2. Personal data processing is essential to achieve the purposes stipulated by the international treaty of the Russian Federation or by law, to fulfill the functions, powers, and duties assigned to the Operator by the Russian legislation.
7.3. Personal data processing is required for administering justice, executing a judicial act, or an act by another agency or official, in compliance with the Russian Federation's legislation on enforcement proceedings.
7.4. Personal data processing is necessary to fulfill a contract where the personal data owner is a party, beneficiary, or guarantor, and to enter into an agreement initiated by the personal data owner or where the personal data owner will be a beneficiary or guarantor.
7.5. Personal data processing is essential for exercising the rights and legitimate interests of the Operator or third parties, or for achieving socially important goals, as long as the rights and freedoms of the personal data owner are not infringed.
7.6. Personal data processing involves data that the owner has granted access to an unlimited number of individuals or at his/her request (hereinafter referred to as publicly available personal data).
7.7. Personal data processing is required to be published or disclosed as mandated by federal law.
8. Procedure for Collecting, Storing, Sharing, and Other Types of Personal Data Processing
The safety of personal data handled by the Operator is guaranteed through the implementation of legal, organizational, and technical measures required to fully meet the demands of current personal data protection laws.
8.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized persons from accessing personal data.
8.2. The User's personal data will never, under any circumstances, be shared with third parties, except in situations involving compliance with current laws or if the data owner has consented to the Operator transferring the data to a third party to fulfill obligations under a civil law contract.
8.3. If inaccuracies in personal data are found, Users can update them by emailing a notification to the Operator's address lb@lburo.ru with the subject line “Updating personal data”.
8.4. The duration for processing personal data is defined by the fulfillment of the purposes for which the data was collected, unless the contract or applicable law specifies a different term. Users can withdraw their consent to the personal data processing at any time by emailing a notification to the Operator at the address lb@lburo.ru with the subject line “Withdrawal of consent for personal data processing”.
8.5. All data collected by third-party services, such as payment systems, communication tools, and other service providers, is stored and processed by these entities (Operators) according to their User Agreement and Privacy Policy. Personal data owner and/or with the specified documents. The Operator shall not be liable for the actions of third parties, including the service providers specified under this clause.
8.6. The restrictions set by the personal data owner on the sharing (excluding granting access), as well as on the processing or conditions of processing (excluding granting access) of personal data permitted for distribution, do not apply when processing personal data in the state, and other public interests as defined by Russian law.
8.7. The Operator guarantees the confidentiality of personal data during its processing.
8.8. The Operator shall store personal data in a manner that allows identification of the data owner, for no longer than required by the processing purposes, unless a storage period is defined by federal law or a contract where the data owner is a party, beneficiary, or guarantor.
8.9. A condition for terminating personal data processing may include achieving the processing purposes, the expiration of the owner's consent, withdrawal of consent by the owner, a request to stop processing, or the detection of unlawful data processing.
9. Actions Taken by the Operator with the Collected Personal Data
9.1. The Operator collects, records, systematizes, accumulates, stores, reviews (updates, changes), extracts, uses, shares (distributes, provides, accesses), anonymizes, blocks, deletes, and destroys personal data.
9.2. The Operator runs automated personal data processing, with or without receiving and/or transmitting the information obtained through information and telecommunications networks.
10. Cross-Border Transfer of Personal Data
10.1. Before activities involving the cross-border transfer of personal data, the Operator shall notify the authorized body responsible for protecting the rights of personal data owners about its intention for such a transfer (this is a separate notification apart from the one regarding the intention to process personal data).
10.2. Before submitting the aforementioned notification, the Operator shall acquire the necessary information from the authorities of the foreign state, foreign individuals, and foreign legal entities to whom the cross-border transfer of personal data is intended.
11. Personal Data Confidentiality
11.1. The Operator and others with access to personal data shall not disclose or share it with third parties without the owner's consent, unless federal law states otherwise.
12. Final Provisions
12.1. The User can request any explanations on matters of interest related to the processing of his/her personal data by reaching out to the Operator via email at lb@lburo.ru.
12.2. This document will detail any changes to the Operator's personal data processing policy. The policy is in effect termless until a new version replaces it.
12.3. The latest version of the Policy is accessible online at https://lburo.ru/policy/
