1. General provisions
1.1. ARLAB LLC considers the observance of the rights and freedoms of citizens, confidentiality and ensuring their protection during the processing of personal data to be one of the most important conditions for the implementation of its activities.
1.2. The Operator's Policy regarding the processing of personal data (hereinafter referred to as the "Policy") is publicly available, posted on the Internet information and telecommunications network on the website: https://arlab.ru/policy/, applies to all information that the Operator can obtain about Site visitors arlab.ru .
1.3. This Policy has been developed in accordance with the Federal Law "On Information, Information Technologies and Information Protection", Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter – the "Law on Personal Data").
2. Basic concepts used in Politics
2.1. The Website
A set of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet at a network address https://arlab.ru (hereinafter referred to as the "Site").
2.2. The Operator
A legal entity that organizes and carries out the processing of personal data of Subjects, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
Within the framework of this Policy, the Operator is:
ARLAB LLC,
Location address:
357100, STAVROPOL TERRITORY, CITY OF NEVINNOMYSSK, NEVINNOMYSSK, GAGARIN STR., 61
OGRN: 1232600012292,
TIN: 2631044204, CHECKPOINT: 263101001,
E–mail address / e-mail of the Operator - info@arlab.ru
2.3. The subject of personal data
The individual to whom the personal data relates.
The category of subjects whose personal data is processed by the Operator with their consent is the Site Visitor https://arlab.ru (according to the text of the Policy – "Subject", "User").
2.4. Personal Data
Any information related directly or indirectly to a specific or identifiable individual (subject of personal data) – a Site Visitor https://arlab.ru .
Biometric personal data
Personal data relating to physiological data (fingerprint data, iris, DNA tests, height, weight, and others), as well as other physiological or biological characteristics of a person, including an image of a person (photograph and video recording), which allow to establish his identity and are used by the operator to establish the identity of the subject.
The Operator does not process biometric personal data of Subjects, including for the purpose of identification.
Personal data of a special category
Personal data related to race, nationality, political views, religious or philosophical beliefs, health status, and intimate life.
The Operator does not process personal data of a special category.
2.5. Processing of personal data
Any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
The Operator processes the personal data of the Subjects as follows:
collection, recording, systematization, accumulation, storage, clarification (updating, modification), use, transfer, depersonalization, deletion, destruction of personal data.
2.6. The terms of processing the personal data of the Subject are determined by:
- Achieving the goals of personal data processing.
- The validity period of the consent of the Subjects to the processing of their personal data.
- Terms of storage of documents and information in accordance with the legislation of the Russian Federation and specified in this Policy.
The Operator, within a period not exceeding thirty days from the date of achievement of the purpose of processing personal data, receipt of revocation of consent to the processing of personal data, expiration of the consent given by the Subject, terminates the processing of personal data of the Subject, ensures the storage of consents and data or destroys personal data (the preservation of personal data is no longer required for the purposes of their processing, storage).
2.6.1. Consent to the processing of personal data
A specific, objective, informed, conscious, unambiguous, free, voluntary and self-interested decision of the Personal Data Subject or his representative to provide his personal data, their processing, presented in any form that allows confirming the fact of its receipt, unless otherwise established by federal law.
The subject agrees to the processing of personal data by performing the actions specified in clause 2.8.
2.6.2. Withdrawal of Consent to the processing of personal data
Consent to the processing of personal data may be revoked by the Subject of personal data at any time in writing at the address of the Operator's location or in the form of an electronic document at: info@arlab.ru .
In the event that the Subject of personal data withdraws consent to processing, the Operator stops processing them, ensures storage or destroys personal data (the storage of personal data is no longer required for the purposes of processing them) within a period not exceeding thirty days from the date of receipt of the specified recall of the Subject.
2.7. Automated processing of personal data
Processing of personal data using computer technology.
The Operator processes the Subject's personal data using automation tools.
2.8. Collection
The actions of the Operator aimed at obtaining personal data.
The Operator processes personal data that it receives from the Subject directly and exclusively on a voluntary basis.
The subject provides Consent to the collection and processing of his personal data, as well as consent to this Policy, within the meaning of Article 428 of the Civil Code of the Russian Federation, by sending his personal data by:
- filling out forms located on the Website https://arlab.ru , including filling out the feedback form (clicking the "leave a request" button), including through social networks,
- providing information on social media accounts,
- providing information in messengers,
- sending a message to the Operator's email address info@arlab.ru,
- clicks, ticks.
The Operator assumes that the Subject provides reliable data about himself, does not verify the authenticity of the personal information provided by the Subject and does not monitor its relevance. All responsibility, as well as possible consequences for providing false or not relevant personal information, is borne by the Subject himself.
2.9. Accumulation
Actions to systematize personal data by entering them into a database containing personal data.
The accumulation of personal data is carried out by the Operator by collecting personal data necessary and sufficient to achieve the goals specified in this Policy.
2.10. Dissemination of personal data
Any actions that result in the disclosure of personal data to an indefinite circle of persons.
The Operator ensures the confidentiality of personal data and does not distribute them to third parties without the consent of the Subject.
All information collected by third-party services, including payment systems, means of communication and other service providers, is stored and processed by these persons (Operators) in accordance with their User Agreement and Privacy Policy.
2.11. Provision of personal data
Actions aimed at disclosing personal data to a certain person.
The Operator does not provide the Subject's personal data to third parties without the Subject's consent.
By filling out the forms located on the Website https://arlab.ru including filling out the feedback form (clicking the "leave a Request" button), by filling out applications on the site, the Subject provides consent to the processing of personal data in the ways specified in this policy in order to provide information at the request of the Subject.
2.12. Cross-border transfer of personal data
Transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
The Operator does not transfer personal data across borders.
2.13. Access to personal data
The Operator provides access to the personal data of the Subject to its employees and representatives, provided that the confidentiality of this information is maintained.
2.14. Blocking of personal data
Temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).
The Operator blocks the Subject's personal data in the following cases:
- identification of unlawful processing of personal data when contacting the Personal Data Subject from the moment of such request and for the period of verification.
- identification of inaccurate personal data when contacting the Subject of personal data from the moment of such request and for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the site user or third parties. In this case, the personal data is clarified within seven working days from the date of submission of the information by the Subject, the data lock is lifted.
2.15. Depersonalization
Actions, as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information.
The Operator depersonalizes the personal data of the Subjects for statistical and marketing research.
2.16. Storage
Actions to ensure the integrity, confidentiality and accessibility of personal data, which make it possible to identify the subject of personal data, no longer than the purposes of personal data processing require.
Personal data is stored by the Operator in a database located on the territory of the Russian Federation, excluding access by unauthorized persons.
The storage of personal data and consents submitted by the Subject is carried out in electronic form.
The Operator stores the Subject's personal data for 3 years from the date of achievement of the processing goals, withdrawal of consent by the Subject of personal data, as well as in case of loss of the need to achieve the processing goals.
Storage during the specified period is conditioned by the statute of limitations for resolving disputes in civil, administrative, tax disputes, and the requirements of archival legislation.
2.17. Destruction of personal data
Actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
The Operator destroys the personal data of the Subjects:
Upon expiration of the period of storage of personal data, the processing of which is terminated on the grounds of:
- Termination of legal relations between the Subject and the Operator,
- Achieving processing goals,
- Expiration of the Subject's consent period,
- Withdrawal of consent by the Subject,
- Loss of the need to achieve processing goals,
- Occurrence of cases stipulated by law and other regulatory legal acts of the Russian Federation.
Destruction is carried out by the Operator within a period not exceeding thirty days from the date of occurrence of the above circumstances, unless another period is expressly provided for by applicable law.
2.18. Confidentiality of personal data The
requirement to prevent their dissemination without the consent of the subject or other legal basis is mandatory for the person who has access to the personal data of the personal data subject.
The entire volume of information provided to each other as part of the interaction between the Operator and the Subject on the Operator's Website is recognized as confidential information, regardless of the type of media on which it is recorded.
Confidential information may be transmitted, and the parties may exchange, in the ways specified in clause 2.8.
When exchanging confidential information, the Operator and the Subject use secure information transmission channels.
The Operator takes technical and organizational and legal measures to ensure the protection of information that the Subject provides (transmits, discloses) during cooperation, and personal data of the Subject from unlawful or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions, through internal checks of the collection processes data storage and processing through the application of data security measures. to prevent unauthorized access to information and personal data.
The Operator makes efforts to use the disclosed and received information solely for the purpose of implementing the interaction of the parties, limiting persons who have access to such information to persons directly involved in interaction with the Subject.
With respect to the Subject's personal information, its confidentiality is maintained, except in cases where the Subject voluntarily provides information about himself for general access to an unlimited number of people.
2.19. Protection and security of personal data
is a set of measures, including legal, organizational and technical, carried out for the purposes established by this Law.
The protection of the Subject's personal data is provided by the Operator from the moment of collection of personal data until their destruction or depersonalization.
2.19.1. The purpose of the application of protective measures
- Prevention of threats, conditions and factors that create an urgent danger of unauthorized, including accidental, access to personal data during their processing, storage, which may result in the destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions.
- Timely detection of unauthorized access to the Subject's personal data.
- Minimizing the adverse effects of unauthorized access to personal data of the Subject.
- Prevention, non-disclosure of personal data of Subjects to third parties, except in cases provided for by applicable law.
2.19.2. Methods of ensuring protection including, but not limited to
- Use of information security tools;
- Detection and recording of unauthorized access to personal data
- Taking measures to restore personal data;
- Restriction of access to personal data;
- Registration and accounting of actions with personal data;
- Monitoring and evaluating the effectiveness of the measures applied to ensure the security of personal data.
3. Principles of personal data processing
The processing of personal data by the Operator is carried out on the principles of
- Processing of personal data on a lawful and fair basis.
- Obtaining the conscious, unambiguous, specific, substantive informed consent of the Personal Data Subject.
- Processing of personal data in order to achieve specific, predetermined and legitimate goals.
- Processing only those personal data that meet the purposes of their processing.
- Confidentiality of personal data.
- Preventing excessive processing of personal data in relation to the stated goals.
- Preventing the conclusion of contracts with the subject of personal data containing provisions restricting the rights and freedoms of the subject of personal data, establishing cases of processing personal data of minors, as well as provisions allowing inaction of the subject of personal data as a condition for concluding the contract.
- Separation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other.
- The accuracy of the personal data being processed.
- Sufficiency of the processed personal data.
- The relevance of the processed personal data in relation to the purposes of processing.
- Timely deletion, clarification of incomplete or inaccurate processed and stored personal data.
4. The volume and categories of personal data to be processed by the Operator
The composition of personal data necessary and sufficient to achieve the purposes of their processing by the Operator, the consent to the processing of which is provided by the Subject when they are provided in accordance with clause 2.8.:
- Name
- Phone number,
- Email address.
- Data that is automatically transmitted during browsing and when visiting the pages of the Site: IP address, cookie information, browser information, access time, address of the visited page, address of the previous page, according to section 8.
5. Purposes of personal data processing by the Operator
The personal data of the Subject is processed by the Operator for the following purposes:
- Providing the user with access to the services, information and/or materials contained on the Site.
- Sending marketing and informational newsletters, notifications about new products, special offers and various events, events, promotions, conducting surveys, compiling reports and research, to Subjects who have subscribed to the newsletter of the site https://arlab.ru . Only authorized persons who need such information to maintain business cooperation with Site Users have access to the information contained in the CRM.
- The User can always refuse to receive information messages by sending an email to the Operator info@arlab.ru .
- Improving the quality of the Operator's Website, the convenience of its use and the development of new services, Products, and statistics collection.
6. Rights of Personal Data Subjects
6.1. The subject of personal data, by providing his personal data, acts freely, of his own free will and in his own interest, unconditionally expressing his consent.
6.2. Consent to the processing of personal data is provided by the Subject in accordance with the procedure provided for in this Policy.
6.3. The subject of personal data has the right to receive information from the Operator regarding the processing of his personal data, to the extent and in accordance with the procedure provided for by the legislation of the Russian Federation.
The deadline for providing information by the Operator is within ten working days from the date of receipt of the Request sent in accordance with Article 14 of Federal Law No. 152-FZ "On Personal Data".
The form of providing information by the Operator is in the form in which the Request was sent by the Subject or directly indicated in the Subject's Request.
6.4. The subject of personal data has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.
7. Cookies
7.1. Cookies are a small piece of data sent by a web server and stored on the user's computer when visiting the Site online.
7.2. Is the collection and processing of anonymized data about the Users (including cookies) using Internet statistics (Yandex Metrika, Google Analytics and others).
Depersonalized User data collected using Internet statistics services is used to collect information about User actions on the site, improve the quality of the site and its content.
7.3. The Operator processes depersonalized data about Users if they have allowed it in the browser settings (saving cookies and using JavaScript technology are enabled).
7.4. All information collected by cookies is anonymous.
The collection of such information is carried out by the Operator in order to:
- Authentication and saving of individual User settings,
- Improving the functional characteristics of the Site,
- Improving the convenience and efficiency of the Site for the User,
- Analyzing the productivity of the Operator's marketing activities.
7.5. The following cookies are used on the Site:
7.5.1. Mandatory cookies
• necessary to use certain functions of the Site, to ensure the security of User data. These cookies must be activated, otherwise the Site will not function properly.
7.5.2. Functional cookies
• ensuring the operation of useful Website functions and personalized user interaction.
7.5.3. Analytics Cookies
• providing information on the number of visits and traffic sources aimed at improving the performance of the Site, increasing the effectiveness of promoting the Operator's products.
7.5.4. Targeted and advertising cookies
• ensuring that the content of the Site is displayed in accordance with the interests of the User, including targeted advertising. Their action is based on the identification of the User's browser and digital device, and they do not store personal information.
7.5.5. Authentication cookies:
• Ensuring the preservation of User data during authorization.
7.6. Location and language services
The Operator collects and uses information about the geographical location of the User's computer or mobile device, language, in order to provide information about the Operator's products in the User's region.
7.7. Widgets and applications in social media
The Operator's website contains buttons for Vkontakte, Odnoklassniki, and other social media Applications.
All personal information that the User transmits through such applications on social media can be collected and used by other participants of a particular application and is governed by the Privacy Policy of the company that owns the Application.
8. Intellectual Property
The Operator guarantees that it has exclusive rights in relation to design elements, texts, graphics, illustrations, videos, scripts, computer programs and other results of intellectual activity created by the Operator as part of the implementation of the Site.
This Policy does not grant the User any rights to any results of the intellectual activity of the Operator or third parties, unless the transfer of exclusive rights is expressly indicated, and all exclusive rights and profits from the use remain with the Operator.
9. Final provisions
9.1. The User, the Subject may receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator by e-mail: info@arlab.ru .
9.2. The Operator has the right to make changes to this Policy at any time without the consent of the Subjects of Personal data. The new version of the Policy comes into force from the moment it is posted on the Website.
9.3. The law of the Russian Federation shall apply to this Policy and the relations between the Entity and the Operator arising in connection with the application of the Policy.
9.4. The Policy is the property of the Operator.
9.5. The new version of the Policy comes into force from the moment it is posted on the Site. The retention period of the current Policy is 3 years from the date of entry into force and publication of the new Policy.