Personal Data Processing Policy
1 General Provisions
This personal data processing policy has been prepared in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter — the “Personal Data Law”) and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by Banki PMR (hereinafter — the “Operator”).
1.1 The Operator considers the observance of human and civil rights and freedoms during the processing of personal data to be its most important objective and condition for conducting its activities, including the protection of privacy, personal and family secrets.
1.2 This Policy of the Operator regarding personal data processing (hereinafter — the “Policy”) applies to all information that the Operator may obtain about visitors to the website https://bankipmr.ru
2 Basic Terms Used in This Policy
2.1. Automated processing of personal data — processing of personal data using computer technology.
2.2. Blocking of personal data — temporary suspension of personal data processing (except where processing is necessary to clarify personal data).
2.3. Website — a set of graphic and informational materials as well as computer programs and databases that ensure their availability on the Internet at https://bankipmr.ru
2.4. Information system of personal data — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
2.5. Depersonalization of personal data — actions that make it impossible to determine, without additional information, whether personal data belong to a specific User or another subject of personal data.
2.6. Processing of personal data — any action (operation) or set of actions (operations) performed with or without automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
2.7. Operator — a state or municipal authority, legal entity, or individual that independently or jointly with others organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data.
2.8. Personal data — any information relating directly or indirectly to a specific or identifiable User of the website https://bankipmr.ru
2.9. Personal data allowed by the subject for distribution — personal data to which an unlimited number of persons are granted access by the subject of personal data through consent to process such data for distribution as established by the Personal Data Law.
2.10. User — any visitor to the website https://bankipmr.ru
2.11. Provision of personal data — actions aimed at disclosing personal data to a specific person or a certain circle of persons.
2.12. Distribution of personal data — any actions aimed at disclosing personal data to an indefinite circle of persons (transfer) or making personal data publicly available, including publication in mass media, posting on information and telecommunication networks, or providing access in any other way.
2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual, or foreign legal entity.
2.14. Destruction of personal data — actions resulting in the irreversible destruction of personal data with no possibility of further restoration, and/or physical destruction of storage media containing personal data.
3 Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
Receive from the subject of personal data accurate information and/or documents containing personal data;
Continue processing personal data without the subject’s consent if there are legal grounds specified in the Personal Data Law;
Independently determine the composition and list of measures necessary and sufficient to ensure compliance with the obligations prescribed by the Personal Data Law, unless otherwise provided by federal legislation.
3.2. The Operator must:
Provide the subject of personal data, upon request, with information regarding the processing of their personal data;
Organize processing of personal data in accordance with applicable legislation;
Respond to inquiries and requests from subjects of personal data and their legal representatives as required by law;
Provide the authorized body for the protection of personal data subjects’ rights with the requested information within 10 days from receipt of such a request;
Publish or otherwise ensure unrestricted access to this Policy;
Take legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions;
Terminate the transfer and processing of personal data and destroy them as required by law;
Fulfill other obligations established by the Personal Data Law.
4 Main Rights and Obligations of Personal Data Subjects
4.1. Subjects of personal data have the right to:
Obtain information regarding the processing of their personal data, except in cases provided by law;
Demand correction, blocking, or destruction of their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;
Require prior consent for the processing of personal data for marketing purposes;
Withdraw their consent to personal data processing or demand cessation of processing;
Appeal to the authorized body or court against unlawful actions or inactions of the Operator;
Exercise other rights provided by the legislation.
4.2. Subjects must:
Provide accurate personal data to the Operator;
Notify the Operator of any clarification or changes to their personal data.
4.3. Persons who provide false information or data of another individual without consent bear responsibility in accordance with the law.
5 Principles of Personal Data Processing
Processing shall be lawful and fair.
Processing shall be limited to specific, pre-defined, and legitimate purposes.
Combining databases with incompatible purposes is prohibited.
Only personal data relevant to the purpose of processing shall be processed.
The content and volume of data shall correspond to the declared purposes, avoiding redundancy.
Accuracy, sufficiency, and relevance of data must be ensured.
Personal data shall be stored no longer than necessary to achieve the stated purposes. Upon reaching those purposes, data must be destroyed or depersonalized unless otherwise required by law.
6 Purposes of Personal Data Processing
Purpose of processing: Providing the User with access to the services, information, and/or materials contained on the website.
Personal data processed: full name, email address.
Website: https://bankipmr.ru
Legal grounds: the Operator’s founding documents; contracts concluded between the Operator and the personal data subject.
Types of processing: collection, recording, systematization, accumulation, storage, destruction, depersonalization; sending informational emails to the email address.
7 Conditions for Processing Personal Data
Processing is carried out:
With the consent of the subject;
When required by international treaties or law;
For the administration of justice or execution of court orders;
For contract performance or conclusion at the subject’s initiative;
For the Operator’s or third parties’ legitimate interests without violating the subject’s rights;
For processing publicly available data or data subject to disclosure by law.
8 Collection, Storage, Transfer, and Other Processing Procedures
The Operator ensures the security of personal data through legal, organizational, and technical measures compliant with current legislation.
8.1. The Operator ensures data protection and prevents unauthorized access.
8.2. Personal data will never be transferred to third parties except as required by law or with the subject’s consent.
8.3. In case of inaccuracies, the User may update data by emailing privacy@bankipmr.ru
with the subject “Personal Data Update.”
8.4. Data are processed until the purpose is achieved or the User withdraws consent by emailing privacy@bankipmr.ru
with the subject “Withdrawal of Consent for Personal Data Processing.”
8.5. Third-party services (e.g., payment systems, telecom providers) store and process data under their own Terms of Use and Privacy Policies. The Operator is not responsible for their actions.
8.6. Restrictions set by the subject on transfer or processing do not apply in cases required by public interest or law.
8.7. The Operator ensures the confidentiality of personal data.
8.8. Data are stored only as long as necessary for processing purposes or legal requirements.
8.9. Processing shall cease upon achieving its purposes, expiration of consent, or discovery of unlawful processing.
9 Actions Performed by the Operator with Personal Data
9.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer, depersonalization, blocking, deletion, and destruction of personal data.
9.2. Automated processing may be performed, including data transmission over information and telecommunication networks.
10 Cross-Border Transfer of Personal Data
10.1. Before conducting cross-border transfers, the Operator must notify the authorized body for personal data protection.
10.2. The Operator must obtain from the foreign recipient confirmation of appropriate data protection measures.
11 Confidentiality of Personal Data
The Operator and any persons having access to personal data must not disclose or distribute personal data to third parties without the subject’s consent, unless required by federal law.
12 Final Provisions
12.1. The User may obtain any clarifications regarding the processing of their personal data by contacting the Operator via email at privacy@bankipmr.ru
.
12.2. Any changes to this Policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.
12.3. The current version of the Policy is publicly available at https://bankipmr.ru/privacy/
.
.