Privacy Policy
1. General provisions
1.1. This Privacy Policy of Dive Electronics (hereinafter respectively referred to as the Policy and the Operator) has been developed in compliance with the requirements of Clause 2 of Part 1 of Article 18.1 of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Personal Data Law) and regulates the processing of personal data of Website Users by the Operator.
1.2. The terms used in the Policy have the meanings defined in Clause 1.6 of the Policy. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.3. The Operator independently or jointly with other persons organises the processing of personal data, and also determines the purposes of personal data processing, and determines the actions (operations) performed with personal data.
1.4. The Policy applies to all personal data that the Operator receives from Website Users.
1.5. In compliance with the requirements of Part 2 of Article 18.1 of the Personal Data Law, this Policy is published in the public domain on the Internet on the Website.
1.6. Key definitions used in the Policy:
1.6.1. Personal data – any information relating directly or indirectly to an identified or identifiable Website User;
1.6.2. Website – a collection of logically interconnected web pages (web documents) located on the Internet at the address: https://diveelectronics.com/;
1.6.3. User – any person who has provided information to the Operator using the Website;
1.6.4. Personal data information system – a collection of personal data contained in databases and information technologies and technical means ensuring its processing;
1.6.5. Processing of personal data – any action (operation) or set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes, among other things:
- collection;
- recording;
- systematisation;
- accumulation;
- storage;
- clarification (updating, changing);
- extraction;
- use;
- transfer (distribution, provision, access);
- depersonalisation;
- blocking;
- deletion;
- destruction.
1.6.6. Automated processing of personal data – processing of personal data using computer technology;
1.6.7. Distribution of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
1.6.8. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons;
1.6.9. Depersonalisation of personal data – actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data by a specific personal data subject;
1.6.10. Blocking of personal data – temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data);
1.6.11. Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
1.6.12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2. Purposes of personal data processing
2.1. The processing of personal data by the Operator is carried out for the following purposes:
2.1.1. Processing of Users’ requests in order for the Operator to conclude agreements with Users;
2.1.2. Conclusion and execution of agreements with Users by the Operator;
2.1.3. Providing Users with access to information and materials contained on the Website;
2.1.4. Informing Users about goods, services, promotional and other events of the Operator;
2.1.5. Other purposes necessary for compliance by the Operator with personal data legislation.
3. Categories of processed personal data
3.1. The Operator processes the following personal data of Users:
3.1.1. surname, first name, patronymic;
3.1.2. telephone;
3.1.3. address (place of residence);
3.1.4. email address;
3.1.5. User identifier stored in a cookie;
3.1.6. source of the User’s access to the Website;
3.1.7. information of the User’s search or advertising query;
3.2. The Operator does not process special categories of personal data provided for by the Personal Data Law.
3.3. The Operator does not process biometric categories of personal data provided for by the Personal Data Law.
4. Procedure and conditions for personal data processing
4.1. The processing of personal data is carried out by the Operator with the consent of Users to the processing of their personal data, as well as without it in cases provided for by legislation. The User’s consent to the processing of personal data is deemed to be received by the Operator from the moment the User places a special mark in the corresponding field of the personal data collection form located on the Website.
4.2. Operator carries out Automated processing of personal data.
4.3. The Operator processes personal data in a form that allows identifying the personal data subject for no longer than required by the purposes of personal data processing.
4.4. Upon achievement of the purposes of personal data processing, as well as in the event of withdrawal of consent to their processing by the User, personal data is subject to destruction, except for cases provided for by legislation.
4.5. The Operator implements the following requirements for the protection of personal data:
4.5.1. requirements for compliance with the confidentiality of personal data;
4.5.2. requirements to ensure the exercise by the personal data subject of their rights, including the right of access to information;
4.5.3. requirements to ensure the accuracy of personal data, and where necessary, its relevance in relation to the purposes of personal data processing (with the adoption (ensuring adoption) of measures to remove or clarify incomplete or inaccurate data);
4.5.4. requirements for the protection of personal data from unauthorised or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data;
4.5.5. other requirements provided for by legislation.
4.6. The Operator takes the following measures necessary and sufficient to ensure the fulfilment of obligations provided for by legislation regarding the procedure for processing and protecting personal data:
4.6.1. appointment of the Person Responsible for ensuring the security of personal data;
4.6.2. determination of the list of employees permitted to work with personal data;
4.6.3. approval of this Privacy Policy concerning issues of personal data processing and ensuring its security;
4.6.4. application of legal, organisational and technical measures to ensure the security of personal data, in particular:
– determining threats to the security of personal data during its processing in the Personal Data Information System;
– applying organisational and technical measures to ensure the security of personal data during its processing in the Personal Data Information System, necessary to meet the requirements for personal data protection, the execution of which ensures the levels of personal data security established by the Government of the Russian Federation;
– applying compliance assessment procedures for information security tools that have passed in accordance with the established procedure;
– establishing rules for access to personal data processed in the Personal Data Information System;
– monitoring the measures taken to ensure the security of personal data and the level of protection of the Personal Data Information System;
4.6.5. exercising internal control over the compliance of personal data processing with the Personal Data Law and regulatory legal acts adopted in accordance with it, requirements for personal data protection, the Operator’s policy regarding personal data processing, and the Operator’s local acts;
4.6.6. familiarising employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, as well as with this Policy.
4.7. The Operator has the right to transfer the User’s personal data to third parties in the following cases:
4.7.1. The User has expressed consent to such actions;
4.7.2. The transfer is necessary for the performance of an agreement concluded with the User by the Operator;
4.7.3. The transfer is necessary in order to provide the User, at their request, with access to certain services of the Website;
4.7.4. The transfer is provided for by current legislation;
4.7.5. The transfer of personal data is carried out for statistical or other research purposes, except for the purposes specified in Article 15 of the Personal Data Law, subject to the mandatory depersonalisation of personal data.
4.8. When collecting Users’ personal data, the Operator ensures the recording, systematisation, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Personal Data Law.
5. Procedure for interaction between Users and the Operator
5.1. Users have the right to request information from the Operator regarding the processing of their personal data by sending a request to the email address: info@diveelectronics.com. The User’s request must contain the information provided for by Part 3 of Article 14 of the Personal Data Law.
5.2. Users have the right to send requests for clarification, updating of personal data, and statements of withdrawal of consent to the processing of personal data to the email address specified in Clause 5.1 of the Policy.