Website User Personal Data Privacy Policy
1. General Provisions
1.1. This Website User Personal Data Privacy Policy (hereinafter — the Policy) is developed in accordance with the requirements of Article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing.
1.2. JSC “Klinavtotrans” (hereinafter — the Operator) ensures the protection of processed personal data from unauthorized access and disclosure, unlawful use or loss in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”.
1.3. The Policy is a publicly available document applicable only to the website located on the Internet at: klinarenda.ru (hereinafter – the Site).
1.4. The Policy does not apply to third-party websites that a data subject may access via the Site.
1.5. The Policy establishes general requirements and rules mandatory for the Operator’s employees involved in the processing of personal data, regarding work with all types of media containing personal data of the data subjects using the Site.
1.6. The Policy does not apply to matters of ensuring the security of personal data classified as information constituting a state secret of the Russian Federation.
1.7. The main objectives of the Policy are:
Ensuring the protection of human and civil rights and freedoms during the processing of personal data, including the protection of the rights to privacy, personal and family secrets;
Preventing unauthorized actions by the Operator’s employees and third parties regarding the collection, systematization, accumulation, storage, clarification (updating, modification) of personal data, and other forms of unlawful interference with the Operator’s information resources and local computer network;
Ensuring a legal and regulatory regime of confidentiality for undocumented User information on the Site;
Protecting the constitutional rights of citizens to personal privacy, confidentiality of personal data, and preventing potential security threats to Site Users.
1.8. Key terms used in the Policy:Site — a set of computer software and hardware enabling the publication of information and data for public viewing, united by a common purpose, via technical means used for communication between computers on the Internet;
User – a subject of personal data with access to the Internet and using the Site’s capabilities;
Personal data — any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);
Head – the sole executive body of the Operator;
Processing of personal data — any action (operation) or set of actions (operations) performed with personal data, with or without automation means. Processing includes, but is not limited to:
− collection;
− recording;
− systematization;
− accumulation;
− storage;
− clarification (updating, modification);
− extraction;
− use;
− transfer (distribution, provision, access);
− depersonalization;
− blocking;
− deletion;
− destruction.Automated processing of personal data — processing of personal data using computer technology.
Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons;
Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons;
Blocking of personal data — temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data);
Destruction of personal data — actions resulting in the impossibility of restoring the content of personal data in the personal data information system and/or resulting in the destruction of tangible media of personal data;
Depersonalization of personal data — actions resulting in the impossibility, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data;
Personal data information system (PDIS) — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2. Processing Principles
2.1. The Operator’s employees are guided by the following principles when processing personal data:
Processing of personal data is carried out on a lawful and fair basis;
Processing of personal data shall be limited to achieving specific, predetermined, and lawful purposes. Processing of personal data incompatible with the purposes of collection is not permitted;
It is not permitted to combine databases containing personal data processed for incompatible purposes;
The content and volume of processed personal data must correspond to the stated processing purposes. Processed personal data must not be excessive relative to their processing purposes;
Accuracy and sufficiency of personal data must be ensured during processing;
Storage of personal data shall not be longer than required by the purposes of personal data processing, unless the storage period is established by federal law or an agreement with the User;
Processed personal data are subject to destruction or depersonalization upon achieving the processing purposes or losing the necessity to achieve these purposes, unless otherwise provided by legal requirements.
2.2. Conditions for processing personal data:Processing of Site Users’ personal data is carried out in accordance with the requirements of current legislation in the field of personal data protection;
Processing of personal data on the Site is carried out in compliance with the principles and rules set forth in the Policy and the legislation of the Russian Federation.
2.3. Processing of Site Users’ personal data is carried out exclusively for the purposes of:Preventing the creation of multiple accounts by Users;
User authorization on the Site;
Providing the User with the ability to post comments and messages on the Site with the subsequent possibility of viewing them.
2.5. Personal data used on the Site are provided by the User independently by filling in the appropriate form during account registration, are classified as confidential information and are processed exclusively using automation means.
3. User Rights
3.1. The User has the right to:
Obtain information about the Operator, its location, the availability of personal data related to the User, and to familiarize themselves with such personal data, except in cases expressly provided by law;
Receive from the Operator the following information concerning the processing of their personal data:
− confirmation of the fact of personal data processing by the Operator, and the purpose of such processing;
− legal grounds and purposes of personal data processing;
− purposes and methods of personal data processing applied by the Operator;
− name and location of the Operator, information about persons who have access to personal data or to whom personal data may be disclosed based on an agreement with the Operator or based on current legislation;
− processed personal data relating to the respective User, the source of their receipt;
− terms of personal data processing, including storage periods;
− procedure for the exercise of rights by the personal data subject provided for by the Federal Law;
− information about carried out or intended cross-border data transfer;
− name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if processing is or will be entrusted to such a person;
− other information provided for by the current legislation of the Russian Federation;Demand the alteration, clarification, destruction of information about themselves;
Appeal unlawful actions or inaction regarding the processing of personal data and demand appropriate compensation in court;
Appoint representatives to protect their personal data;
Require the Operator to notify about all changes made to them or exclusions from them;
Appeal to the authorized body for the protection of the rights of personal data subjects or in court the actions or inaction of the Operator if they believe that the latter processes their personal data in violation of the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” or otherwise violates their rights and freedoms;
Protect their rights and legitimate interests, including compensation for losses or moral harm in court.
4. Operator’s Obligations
4.1. In case of receiving a written request from the User, the Operator is obliged to process it and provide a response in the manner prescribed by the Rules for Considering Appeals of Personal Data Subjects and the current legislation of the Russian Federation.
4.2. In case of receiving a request from the authorized body for the protection of the rights of personal data subjects to provide information necessary for the activities of said body, the Operator is obliged to provide such information within the time limits established by law.
4.3. In case of identification of unlawful processing of personal data, the Operator is obliged to block the unlawfully processed personal data relating to the User from the moment such fact is established.
4.4. Upon achieving the purposes of personal data processing, the Operator is obliged to cease processing personal data and destroy personal data in the manner prescribed by the Regulations on the Procedure for Destruction of Personal Data and the current legislation of the Russian Federation.
4.5. The Operator is prohibited from making decisions based solely on automated processing of personal data that give rise to legal consequences for the personal data subject or otherwise affect their rights and legitimate interests.
5. Confidentiality of Personal Data
5.1. The Operator ensures the confidentiality and security of personal data during their processing in accordance with the requirements of the Operator’s local regulations and the requirements of current legislation.
5.2. The Operator does not disclose to third parties or distribute personal data without the User’s consent, unless otherwise provided by the requirements of the current legislation of the Russian Federation.
6. Processing of Personal Data
6.1. All personal data should be obtained from the User themselves. If consent to the processing of personal data is obtained from the User’s representative, their authority must be confirmed in the manner prescribed by law.
6.2. The list of persons entitled to access personal data is determined in accordance with the Operator’s local regulations and approved by order of the Operator’s Head.
6.3. The Operator stores Users’ personal data from the moment of their provision until the moment of withdrawal of consent to the processing of personal data, achievement of the processing purposes, or expiration of the consent term, as well as in other cases expressly provided for by the current legislation of the Russian Federation.
6.4. The Operator does not process Users’ personal data on paper media.
6.5. The Operator does not transfer personal data to third parties, including for processing purposes. Users’ personal data are processed exclusively by the Operator’s employees.
6.6. Blocking and deletion of personal data on the Site is carried out based on a written request from the User or an authorized body.
6.7. Destruction of personal data is carried out by erasing information using certified software.
7. Protection of Personal Data
7.1. The Operator, when processing personal data, takes necessary legal, organizational, and technical measures or ensures their adoption to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.
7.2. Security of personal data is achieved by the following methods:
Identifying threats to the security of personal data during their processing in personal data information systems;
Applying organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet personal data protection requirements;
Accounting for machine media of personal data;
Detecting facts of unauthorized access to personal data and taking measures;
Restoring personal data modified or destroyed due to unauthorized access to them;
Establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
Monitoring the measures taken to ensure the security of personal data and the security level of personal data information systems;
Appointing a person responsible for personal data processing;
Establishing individual access passwords for employees to the information system according to their job responsibilities;
Using certified antivirus software;
Training the Operator’s employees directly involved in the processing of personal data on the provisions of the Russian Federation legislation on personal data, including requirements for the protection of personal data.
7.3. Protected information about the User on the Site includes data allowing the identification of the User or obtaining additional information about them provided for by legislation and the Policy.
7.4. Protected objects of personal data include:Informatization objects and technical means of automated processing of information containing personal data;
Information resources containing information about information and telecommunication systems using personal data, about events that occurred with managed objects, about plans for ensuring uninterrupted operation and procedures for transitioning to management in emergency modes;
Communication channels used for transmitting personal data in the form of informative electrical signals and physical fields;
Alienable machine media of information on magnetic, magneto-optical, and other bases, used for processing personal data.
7.5. Technological information about information systems and elements of the personal data protection system subject to protection includes:Information about the access control system to informatization objects where personal data processing is carried out;
Control information;
Technological information of access means to control systems;
Characteristics of communication channels used for transmitting personal data in the form of informative electrical signals and physical fields;
Information about personal data protection means, their composition and structure, principles and technical solutions of protection;
Service data arising from the operation of software, messages and network interaction protocols, as a result of processing personal data.
7.6. The personal data protection system complies with the requirements of the Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 “On Approval of Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems” and ensures:Timely detection and prevention of unauthorized access to personal data or their transfer to persons not entitled to access such information;
Preventing impact on technical means of automated processing of personal data, which may disrupt their functioning;
Possibility of immediate restoration of personal data modified or destroyed due to unauthorized access to them;
Constant monitoring of the ensured level of personal data security.
8. Responsibility
8.1. All employees of the Operator processing personal data are obliged to keep secret information containing personal data.
8.2. Persons guilty of violating the requirements for the processing of personal data bear responsibility in accordance with the current legislation of the Russian Federation.
8.3. Employees of the Operator responsible for the processing of personal data are responsible for compliance with the personal data regime regarding personal data contained in the Site’s databases.
9. Final Provisions
9.1. The Policy is approved by Order No. 1-PDn of the Head of the Operator dated May 29, 2025, and is valid indefinitely until the new version of the Policy comes into force.
9.2. In case of changes in the legislation of the Russian Federation in the field of personal data protection, the Operator adopts a new version of the Policy considering the changes. Until then, the Policy is effective in the part not contradicting the current legislation of the Russian Federation.
9.3. The following contact details can be used for communication with the Operator:
tel. 8495 221 80 80;
e-mail: klinavtotrans@maitl.ru;
postal address: 141607, Moscow region, Klin, Klinsky district, Volokolamskoye shosse, 4.
May 29, 2025
JSC “Klinavtotrans” _____________/R.R. Valeev
On behalf of the General Director of LLC “UK Industrial Park Klin”
Consent to the Processing of Cookies
This consent to the processing of cookies (hereinafter – the Consent) expresses the consent of the user of the Internet telecommunication network (hereinafter – the User) to the automated processing of personal data collected using metric programs on the website located at klinarenda.ru (hereinafter – the Site) by JSC “Klinavtotrans” (PSRN: 1035003951421, INN: 5020002767, address: 141607, Moscow region, Klin, Volokolamskoye shosse, 4; tel: 8495 221 80 80; e-mail: klinavtotrans@mail.ru) (hereinafter – the Operator).
The Consent applies to technical cookies that allow identifying the User’s hardware and software, as well as analytical cookies that allow tracking the User’s actions on the Site. Analytical cookies are collected using the services: Yandex.Metrica.
Data collected using metric programs are used by the Operator to improve the Site’s performance, in particular, saving User settings, error correction, etc., which ensures more convenient submission of applications on the Site.
The User permits the Operator to perform automated processing of data collected using metric programs in the following forms: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, blocking, deletion, destruction.
The Consent is valid from the date of its provision until the moment of achieving the purposes of personal data processing. The User has the right to withdraw the Consent to the processing of personal data by notifying the Operator in writing.
