1. general provisions
The Internet portal "Nachmed" with the address in the Web https://nachmed.top/ (hereinafter - the "Site"), in the framework of its main activity, processes personal data of various categories of personal data subjects using personal data information systems.
In accordance with the current legislation of the Russian Federation, the Site in organizing and carrying out the processing of personal data, the Company is guided by the requirements of the Federal Law of 27.07.2006 № 152-FZ "On Personal Data" and other regulatory legal acts adopted in accordance with it.
For the purposes of this Policy, personal data shall mean any information provided through the Website and (or) collected using such websites, relating to a directly or indirectly defined or identifiable natural person (subject of personal data).
2. Collection of personal data
The Site collects information through websites and mobile applications in the following ways:
- personal data provided by users:
The Company collects personal data, which are entered into the data fields on the Company's websites by the users themselves or by other persons on their behalf. - collection of data on the location of the devices of the Company's mobile application users when the users use the mobile application.
- collection of users' IP addresses and cookies.
- passive collection of personal data on the current connection in terms of statistical data:
- user identifier assigned by the Site;
- pages visited;
- number of page visits;
- information about navigating through the pages of the Site;
- duration of the user session;
- entry points (third-party sites from which the user links to the Site);
- exit points (links on the Site, which the user follows to third-party web resources);
- user's country;
- user region;
- The time zone set on the user's device;
- user's provider;
- user's browser;
- digital browser fingerprint (canvas fingerprint);
- available browser fonts;
- installed browser plug-ins;
- WebGL browser settings;
- the type of media devices available in the browser;
- presence of ActiveX;
- list of supported languages on the user's device;
- The processor architecture of the user's device;
- User OS;
- screen parameters (resolution, color depth, page layout parameters);
- information on the use of automation tools when accessing the Site.
With respect to registered users of the Website, information about the use of ports on users' devices may be collected in order to detect suspicious activity and protect users' personal accounts. The data may be obtained using various methods, such as cookies and web file beacons, etc.
The site may use third-party Internet services (third-party technologies) to organize the collection of statistical personal data, third-party Internet services provide storage of the received data on their own servers. The site is not responsible for localization of servers of third-party Internet services. At the same time, such third-party Internet services (third-party technologies) installed on the Site and used by the Company may set and read cookies of browsers of end users of the Site, or use web beacons to collect information in the course of advertising activities on the Site. The procedure for collection and use of data collected by such third-party Internet services (third-party technologies) is determined independently by these third-party Internet services and they are directly responsible for compliance with this procedure and use of the data collected by them, including these third-party Internet services are responsible for and ensure compliance with the requirements of applicable legislation, including the legislation on personal data of the Russian Federation.
The site does not compare the information provided by the user independently and allowing to identify the subject of personal data with statistical personal data obtained in the course of application of similar passive methods of information collection.
3. Principles and conditions of personal data processing
The processing of personal data on the Site is carried out on a lawful and fair basis and is limited to the achievement of specific, predetermined and legitimate purposes.
Only personal data that meet the purposes of their processing shall be processed. The content and scope of personal data processed on the Website correspond to the stated purposes of processing, redundancy of processed personal data is not allowed.
When processing personal data on the Website, the accuracy of personal data, their sufficiency and, where necessary, relevance to the purposes of personal data processing are ensured. The Company shall take the necessary measures (ensure that they are taken) to delete or clarify incomplete or inaccurate personal data.
The site in the course of its activities may provide and (or) assign the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by the legislation of the Russian Federation on personal data. In this case, a mandatory condition for providing and (or) assigning the processing of personal data to another person is the obligation of the parties to respect the confidentiality and security of personal data during their processing.
The timeframe for processing personal data is determined in accordance with the purposes for which it was collected.
4. Rights of the personal data subject
The subject of personal data has the right (unless otherwise provided by law):
- to demand clarification of his/her personal data, their blocking or destruction in case the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his/her rights;
- require a list of his/her personal data processed by the Site and the source of their receipt;
- receive information on the timeframes for processing their personal data, including the timeframes for storing them;
- to request notification of all persons to whom incorrect or incomplete personal data have been previously communicated about all exceptions, corrections or additions made to them.
If you have any questions about the nature of the application, use, modification or deletion of your personal data that you have provided, or if you wish to opt-out of further processing by the Site, please contact us by mail at the Company's address or by e-mail at [email protected].
Please note that the personal data operator is not responsible for inaccurate information provided by the subject of personal data.
5. Implementation of personal data protection requirements
In order to maintain its business reputation and ensure compliance with the requirements of federal legislation, the Site administration considers the most important tasks to be ensuring the legitimacy of personal data processing in the business processes of the Site and ensuring an appropriate level of security of personal data processed on the Site.
The Website Administration requires other persons who have access to personal data not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
In order to ensure the security of personal data during their processing, the administration of the Site shall take necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions against them.
The Website Administration shall ensure that all measures on organizational and technical protection of personal data implemented by it are carried out on legal grounds, including in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.
In order to ensure adequate protection of personal data, the administration of the Website shall assess the harm that may be caused to the subjects of personal data in case of violation of the security of their personal data, as well as determine the current threats to the security of personal data during their processing in the information systems of personal data.
In accordance with the identified actual threats, the administration of the Website applies necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including the use of information protection means, detection of facts of unauthorized access to personal data and taking measures, recovery of personal data, restriction of access to personal data, registration and accounting of actions with personal data, as well as control and evaluation of the effectiveness of the applied measures to ensure the security of personal data.
The Website Administration realizes the importance and necessity of personal data security and encourages continuous improvement of the system of personal data protection processed within the framework of the Company's core business.
The administration of the Site has appointed persons responsible for organizing the processing and ensuring the security of personal data.
Each new employee of the Website directly processing personal data shall familiarize himself/herself with the requirements of the legislation of the Russian Federation on processing and security of personal data, this Policy and other local acts of the Company on the issues of processing and security of personal data and undertake to comply with them.
