1. General Provisions
1.1. This Personal Data Processing Policy (hereinafter referred to as the "Policy") of ERFIS LLC (hereinafter referred to as the "Company") is developed to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data, including the right to privacy, personal and family secrets.
1.2. This Policy is drafted in accordance with the current legislation of the Russian Federation on personal data, including applicable regulations and directives of executive authorities related to the security of personal data, including its processing in personal data information systems.
1.3. This Policy applies to all actions involving the collection, recording, systematization, storage, updating (modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data, with or without the use of automation tools.
1.4. The following terms are used in this Policy:
1.4.1. Controller / ERFIS – ERFIS LLC (INN 7804564715), which determines the purposes and means of processing personal data of users of the Website.
1.4.2. Website – the official website of ERFIS, available at: https://erfis.ru.
1.4.3. User – a natural person who is a subject of personal data, registered on the Website and who has provided the personal data required for such registration.
1.4.4. Personal Data – any information relating to an identified or identifiable natural person (personal data subject), which can be used alone or in combination with other information to identify the individual.
The Controller processes the following categories of personal data of Users:
Full name;
Phone number;
Email address.
Personal data processing means any operation or set of operations performed with or without the use of automated tools on personal data, including collection, transfer (distribution, provision, access), recording, accumulation, storage, updating (modification), retrieval, usage, systematization, depersonalization, blocking, deletion, and destruction.
2. Principles and Purposes of Personal Data Processing
2.1. Processing of personal data shall be carried out in accordance with the following principles:
lawfulness, fairness, and transparency;
purpose limitation: data must not be processed in a way that is incompatible with the declared purposes;
data minimization: only data necessary for the stated purposes shall be processed;
accuracy and relevance of personal data.
2.2. The purposes of processing personal data include:
providing Users with access to information and materials published on the Website;
conclusion, execution, and termination of civil law contracts;
sending Users informational messages.
3. Rights of the User and Obligations of the Controller
3.1. The User, as a personal data subject, is entitled to:
request the rectification, blocking, or deletion of their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing;
demand the cessation of unlawful actions in relation to their personal data;
protect their rights and lawful interests, including by claiming damages and/or compensation for moral harm in court;
withdraw their consent to the processing of personal data.
3.2. The Controller is obligated to:
provide the User, upon request, with information regarding the processing of their personal data, or lawfully refuse to do so;
rectify, block, or delete personal data upon the User’s request if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose;
ensure blocking or deletion of personal data processed by third parties acting on behalf of the Controller;
notify the User of the processing of their personal data if such data was obtained not directly from the User (unless the User has already been informed by the corresponding operator);
delete or anonymize personal data within 10 days from the date the User withdraws their consent;
when collecting personal data via the Internet or otherwise, ensure that data related to citizens of the Russian Federation is recorded, systematized, stored, updated, and retrieved using databases located in the territory of the Russian Federation, unless otherwise provided by the Federal Law "On Personal Data".
4. Measures to Ensure the Security of Personal Data
4.1. The Controller shall adopt legal, organizational, and technical measures required by law to ensure the security of personal data during processing. These measures include:
identifying threats to the security of personal data processed in information systems;
implementing organizational and technical security measures;
detecting incidents of unauthorized access to personal data and taking appropriate measures;
restoring personal data modified or destroyed as a result of unauthorized access;
establishing access control policies and procedures, including logging and monitoring of access to personal data;
monitoring the effectiveness of applied protective measures and the security level of information systems.
4.2. The Controller, having access to personal data, must maintain confidentiality and may not disclose or distribute such data to third parties without the User’s consent, unless otherwise required by applicable federal law.
5. Final Provisions
5.1. The User is entitled to receive any clarifications regarding the processing of their personal data by contacting the Controller via email: info@erfis.ru.
5.2. Requests or claims made under clause 3.1 of this Policy must be submitted by registered mail to: 195256, Saint Petersburg, ul. Butlerova, d. 13-687. The request must include the applicant’s full name, passport details, and personal signature. If submitted by a representative, a copy of the power of attorney must be enclosed.
5.3. The current version of this Policy is publicly available on the Website at: https://erfis.ru/politika-v-otnoshenii-obrabotki-personalnykh-dannykh/.
In the event of any discrepancies between this translation and the original Russian version, the Russian-language document shall prevail.