1. general provisions
1.1 This Policy regarding the processing of personal data (hereinafter - "Policy") is developed and applied by LLC "AVERS" (hereinafter - "Operator") in accordance with the Federal Law of 27.07.2006 No. 152-FZ "On personal data processing".About personal data", Federal Law No. 38-FZ of 13.03.2006 "About advertising", the Law of the Russian Federation from 07.02.1992 № 2300-1 (ed. from 14.07.2022)".On consumer protection"and other regulations in the field of personal data protection applicable in the territory of the Russian Federation.
1.2 This Policy is part of the general policy regarding the processing of personal data of AVERS LLC.
1.3 This Policy shall apply to all personal data that may be received from individuals by a representative in the process of realization of food products by ordering through the "Blin Buffet" website (hereinafter referred to as the "Site"), through the contact number of the representative by phone: +7(931)712-10-88 (hereinafter referred to as the "representative"), which can be unambiguously correlated with a particular individual and his/her personal data. The validity of this Policy does not apply to the relations:
- arising from the processing of personal data of the employees of the Café "Pancake buffet"As such relations are regulated by a separate local act, which is also a part of the general policy on personal data processing of LLC "AVERS";
- the relations to which Federal Law No. 152-FZ "About personal data" does not apply.
1.4 The Policy defines the behavior of the representative with regard to the processing of personal data accepted for processing, the procedure and conditions of personal data processing of natural persons who transferred their personal data for processing to the representative (hereinafter also referred to as "Personal Data Subject", "Subject") with and without the use of automation tools, establishes procedures aimed at preventing violations of the legislation of the Russian Federation, eliminating the consequences of such violations related to the processing of personal data.
1.5 The policy is designed to:
- ensuring the protection of the rights and freedoms of the Personal Data Subjects during the processing of their personal data, as well as in order to establish the responsibility of the officials of the cafe "Blin Buffet", who have access to the personal data of the Personal Data Subjects, for failure to comply with the requirements and regulations governing the processing of personal data;
- promotion of goods, works, services of the cafe "Blin Buffet" on the market by means of direct contacts with potential consumers. Processing of personal data for the purpose of promotion of goods, works, services on the market by means of direct contacts with potential consumers by means of communication is allowed only with the prior consent of the subject of personal data. The consent may be verbal or written.
1.6 Cafe-bar "Blin Buffet" LLC "AVERS" processes the following personal data:
- name;
- middle name;
- last name;
- phone number;
- e-mail address;
- the shipping address of the order;
- data on services rendered and provided to the Personal Data Subject, including the Subject's order history;
- history of personal data subject's requests, including the documents sent by the data subject when contacting the representative.
1.7 When using the services of the Website, the representative also processes other anonymized data, which are automatically transmitted during the use of the Website by means of the software installed on the computer:
- information about your browser (or other program used to access the site);
- IP address;
- cookie data.
Cafe-bar "Blin Buffet" LLC "AVERS" guarantees that organizations external to the representative do not have access to such data that may be used by the representative, except in cases explicitly stipulated by the current legislation of the Russian Federation and this Policy. Upon receipt of personal data not specified in this section, such data shall be immediately destroyed.
1.8 The Representative shall process personal data of Personal Data Subjects by maintaining databases by automated, mechanical, manual methods in order to:
1.8.1. processing of orders, requests or other actions of the Personal Data Subject related to the fulfillment of orders;
1.8.2. notification of changes in the offer, the order of rendering services, menu, list of promotions, events, discounts, etc. held by the Cafe-bar "Blin Buffet".
1.8.3. for other purposes, if the respective actions of the representative do not contradict the legislation in force, the activities of the representative, and the consent of the Personal Data Subject has been obtained for the said processing.
1.8.4. the data specified in clause 1.7. of this Policy is processed in order to perform analytics of the Website, to track and understand the principles of the Website use by visitors, to improve the functioning of the Website, to solve technical problems of the Website, to develop new products, to expand services, to identify the popularity of events and to determine the effectiveness of advertising campaigns; to ensure security and fraud prevention, to provide effective customer support.
1.9 The representative of the Cafe-bar "Blin Buffet" of "AVERS" LLC shall process personal data by performing any action (operation) or set of actions (operations), including the following:
- collection;
- entry;
- systematization;
- accumulation;
- storage;
- clarification (update, change);
- extraction;
- Utilization;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- annihilation.
2. Receipt, use and disclosure of personal data
2.1 The representative of the Cafe-bar "Blin Buffet" receives and starts processing of the Subject's personal data from the moment of receiving his/her consent. Consent to the processing of personal data can be given by the Subject of personal data in any form that allows to confirm the fact of receiving consent, unless otherwise established by federal law: in writing, orally or in any other form provided by the current legislation, including through the performance by the Subject of personal data of exclusive actions (acceptance of the posted on the Site offer). In the absence of the Personal Data Subject's consent to the processing of his/her personal data, such processing shall not be carried out.
2.2 Personal data of the Personal Data Subjects shall be received by the representative:
- by personal transmission by the Subject of personal data when entering information into the accounting forms electronically on the Website of Cafe-bar "Blin Buffet";
- by personal transfer of personal data by the Subject when applying to the Café-bar "Blin Buffet" and by communicating them verbally by phone during the ordering process;
- in other ways that do not contradict the legislation of the Russian Federation and the requirements of international legislation on personal data protection.
2.3 Consent to the processing of personal data shall be deemed to be given by means of any action or combination of the following actions performed by the Data Subject:
- order placement on the Site of Cafe-bar "Blin Buffet";
- marking on the Website in the appropriate form the consent to the processing of personal data to the extent, for the purposes and in the manner stipulated in the text proposed before the consent is obtained for familiarization;
- communicating personal data verbally, when contacting the Cafe-bar "Blin Buffet" by phone in the process of placing an order.
2.4 The consent shall be deemed to have been duly obtained and shall be valid until the Personal Data Subject sends a corresponding application on termination of personal data processing to the representative's location.
2.5 The Personal Data Subject may revoke his/her consent to the processing of personal data at any time, provided that such procedure does not violate the requirements of the legislation of the Russian Federation. In order to withdraw consent to the processing of personal data, the Data Subject should send a written notice to the following postal address: 20, Lotsmanskaya St., St. Petersburg, 190121, building lit.A, sq.7H office 2. In case of revocation of the Subject of personal data consent to the processing of his personal data, the representative of the cafe-bar "Blin Buffet" must stop their processing or ensure the termination of such processing (if the processing is carried out by another person acting on behalf of the representative of the cafe-bar "Blin Buffet" Ltd.
3. Rules and procedure for processing personal data
3.1 To achieve the goals of this Policy to the processing of personal data are allowed only those employees of the cafe-bar "Blin Buffet" LLC "AVERS", who are charged with such a duty in accordance with their official (labor) duties. Cafe-bar "Blin Buffet" LLC "AVERS" requires from its employees to respect the confidentiality and security of personal data during their processing.
3.2 In accordance with this Policy, the Operator may process personal data independently, as well as with the involvement of third parties, which are engaged by the cafe-bar "Blin Buffet" LLC "AVERS" and carry out processing to fulfill the purposes specified in this Policy.
3.3 In case of entrusting the processing of personal data to a third party, the amount of personal data transferred to the third party for processing and the number of processing methods used by the third party shall be minimally necessary for the third party to fulfill its obligations to the Operator. With regard to the processing of personal data by a third party, the obligation of such third party to maintain the confidentiality of personal data and ensure the security of personal data during their processing shall be established.
3.4 In the process of providing services, in the course of internal business activities, the Operator uses both automated, using computer facilities, and non-automated, using paper-based document flow, processing of personal data. The Operator does not make decisions, which generate legal consequences in relation to the Subject of personal data or otherwise affecting his rights and legitimate interests, on the basis of exclusively automated processing of personal data. Cafe-bar "Blin Buffet" LLC "AVERS" stores personal information of the Subjects of personal data in accordance with the internal regulations.
3.5 The personal information of the Personal Data Subject shall be kept confidential, except for the cases when the Subject voluntarily provides information about himself/herself for public access to an unlimited number of persons. In this case, the Data Subject agrees that a certain part of his/her personal information becomes publicly available.
3.6 The destruction of personal data by the operator is carried out within 10 working days from the date of receipt of the personal data subject's withdrawal of consent to the processing of his/her personal data. The procedure for documenting the fact of personal data destruction is determined by the operator independently.
4. Information on the implemented requirements to personal data protection
4.1 The Operator's activity on personal data processing is inextricably linked to the Operator's protection of confidentiality of the received information.
4.2 The Operator shall require other persons who have access to personal data not to disclose to third parties and not to disseminate personal data without the consent of the Personal Data Subject, unless otherwise provided for by the federal law.
4.3 All employees of the Operator shall ensure confidentiality of personal data, as well as other information established by the Operator, if it does not contradict the current legislation of the Russian Federation.
4.4 In order to ensure security of personal data during their processing, the Operator shall take necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions with regard to them. The Operator shall ensure that all organizational and technical measures for personal data protection are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on personal data processing.
4.5 The Operator shall apply necessary and sufficient legal, organizational and technical measures to ensure personal data security, including:
- identification of threats to the security of personal data during their processing in personal data information systems;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for personal data protection, the execution of which ensures the levels of personal data protection established by the Government of the Russian Federation;
- application of information protection means that have passed the conformity assessment procedure in accordance with the established procedure;
- assessment of the effectiveness of the measures taken to ensure personal data security before putting into operation of the personal data information system;
- accounting of machine-readable personal data carriers;
- detection of facts of unauthorized access to personal data and taking measures;
- recovery of personal data modified or destroyed due to unauthorized access to them;
- carrying out measures aimed at preventing unauthorized access to personal data and (or) transferring them to persons who do not have the right to access such information;
- timely detection of facts of unauthorized access to personal data and taking necessary measures;
- prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disturbed;
- establishing the rules of access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
- control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems.
Measures to ensure personal data security implemented by the Operator as part of the personal data protection system, taking into account current threats to personal data security and applied information technologies, include:
- identification and authentication of access subjects and access objects;
- management of access of access subjects to access objects;
- limitation of the software environment;
- protection of machine data carriers on which personal data are stored and (or) processed;
- security event logging;
- antivirus protection;
- intrusion detection (prevention);
- ensuring the integrity of the information system and personal data;
- virtualization environment protection;
- protection of technical means;
- protection of the information system, its facilities, communication and data transfer systems;
- identifying and responding to incidents (a single event or a group of events) that may lead to failures or disruption of the information system functioning and (or) to the emergence of threats to personal data security;
- configuration management of the information system and personal data protection system.
4.6 In order to ensure compliance of the personal data protection level with the requirements of the Federal Law of 27.07.2006 No. 152-FZ "About personal data" and Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection" The Operator does not disclose information on specific means and measures applied to ensure information security of personal data.
4.7. The Operator undertakes not to disclose the information received from the Personal Data Subject. It is not considered a violation of the Operator's obligation to provide information to agents and third parties acting on the basis of an agreement with the Operator to fulfill obligations to the Personal Data Subject. It is not considered a violation of obligations to disclose information in accordance with reasonable and applicable legal requirements.
5. Consent to receive advertising information via telecommunication networks
5.1 Consent to receive mailings/subscribing to receive promotional information obtained by:
- order placement on the Operator's Website,
- marking on the Website in the appropriate form the consent to the processing of personal data to the extent, for the purposes and in the manner stipulated in the text proposed before the consent is obtained for familiarization,
- Oral communication of personal data, when contacting the cafe-bar "Blin Buffet" by phone in the process of placing an order, means the consent of the Personal Data Subject to receive from the Operator and third parties engaged by the Operator, via telecommunication networks (via the provided cell phone number and e-mail address) information messages, including information of commercial advertising nature (advertising), specified in paragraph 1.8.2. of this Policy.
5.2 By giving the consent specified in clause 5.1. of this Policy, the Personal Data Subject confirms that he/she acts on his/her own will and in his/her own interest, as well as that the said personal data are reliable.
6. Final provisions
6.1 This Policy shall be approved by the order of the General Director of AVERS LLC and shall come into force from the date of its signing.
6.2 This Policy may be amended and supplemented, which shall be approved by the order of the General Director of AVERS LLC.
6.3 The current version of the Policy is publicly available on the Internet at: https://blinbufet.ru/pd-processing-policy.html .