1. General provisions
1.1. This Privacy Policy has been developed in accordance with the provisions of the Constitution of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", and Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) and other regulatory legal acts in the field of personal data protection and processing in force on the territory of the Russian Federation.
1.2. The following terms are used in this privacy Policy:
- website - a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet, located on the domain name https://vitaplus55.ru/, which provides services for informing any interested parties about the company's products and services.
- site administration - employees authorized to manage the site who determine the composition of personal data of site users, the purposes of collecting personal data, their processing and storage;
- site user - an individual, a user of the site's services, a personal data subject who voluntarily registered on the site and provided the necessary personal data during registration;
- personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
- processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.3. This Privacy Policy sets out the procedure for receiving, protecting, storing, processing and transmitting personal data of site users, and applies to all information that the site administration can receive about users during their use of the site.
This privacy policy does not apply to other sites and does not apply to third-party sites. The site administration is not responsible for third-party sites that users can click on the links available on the site.
1.4. Personal data of site users includes: last name, first name, patronymic, date, month, year of birth, address of registration at the place of residence( place of stay), address of actual residence (including the federal district and subject of the Russian Federation), information of the identity document (type, series, number of the identity document, date of issue, name of the issuing authority), contact details (email, contact phone number, social media accounts or information about other communication methods), photo images, scans.
Data that is transmitted automatically, depending on the software settings, includes the following data: last name, first name, patronymic, date, month, year of birth, registration address at the place of residence (place of stay), address of actual residence (including the federal district and subject of the Russian Federation), contact information.
The site administration can only receive all personal data about users from them.
Personal data of site users is confidential information and cannot be used by the site administration or any other person for personal purposes.
1.5. Purposes of processing personal data of site users:
Users ' access to information about the company's products and services, and benefit from entering into and executing contracts with the company.
Protection of the rights and freedoms of individuals who are users of the site.
Выполнение Companies ' fulfillment of their obligations under concluded contracts with clients.
Customer relationship management.
Analyze and improve business processes.
Improving the quality of services provided.
Compliance with the law.
1.66. The site administration develops measures to protect the personal data of site users.
2. Processing, storage and transfer of personal data of site users
2.1. The processing of personal data of site users is carried out exclusively for the purposes specified in clause 1.5. of this Privacy Policy.
2.2. The processing ofбработка personal data is carriedся out using automation tools, including the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access, distribution), depersonalization, blocking, deletion, destruction of personal data within the time frame necessary to achieve the goal of personal data processing. for the purposes of processing personal data.
2.3. The term of personal data processing is unlimited. The User can withdraw their consent to the processing of personal data at any time by sending:
Site administration is notified by email to the Operator's email addressinfo@vitaplus55.ru, or to the postal address of the Operator in Omsk, 79 Lermontov St., office 225 with the note "Withdrawal of consent to the processing of personal data". The amount of personal data specified in the withdrawal of consent must be equal to the amount of personal data specified in clause 1.4 of this policy.
2.44. Categories of personal data subjects include:
2.4.14. Site users.
2.55. Personal data of site users is stored electronically in the site's personal data information system, as well as in archived copies of the site's databases.
When storing personal data of site users, organizational and technical measures are taken to ensure their safety and prevent unauthorized access to them.
Only employees of the site administration who are authorized to work with the personal data of site users and who have signed an agreement on non-disclosure of personal data of site users can have access to the processing of personal data of site users.
2.66. The site administration may transfer personal data of site users to third parties only if it is necessary to prevent threats to their life and health, as well as in cases established by law.
2.77. The site administration is obliged to provide users ' personal data only to authorized persons and only in the part that is necessary for them to perform their work duties, in accordance with this privacy policy and the legislation of the Russian Federation.
2.88. When transmitting personal data of site users, the site administration warns the persons receiving this information that this data can only be used for the purposes for which it is provided, and requires these persons to provide written confirmation of compliance with this condition.
2.99. All information about the transfer of personal data of site users is taken into account to control the legality of the use of this information by the persons who received it.

2.1010. In order to improve the quality of the service and ensure the possibility of legal protection, the site administration has the right to store log files about actions performed by users during the use of the site.

3. Requirements for the premises where personal data is processed
3.1. Placement of equipment of personal data information systems, special equipment and security of premises where work with personal data is carried out, organization of a security regime in these premises should ensure the safety of personal data carriers and information security tools, as well as exclude the possibility of uncontrolled entry or stay in these premises by unauthorized persons.
3.2. Premises where technical means of personal data information systems are located or personal data carriers are stored must meet the fire safety requirements established by the current legislation of the Russian Federation.
3.3. Determination of the level of special equipment of the premises is carried out by a specially created commission. Based on the results of determining the class and examining the premises for its compliance with this class, acts are drawn up.
3.4. In addition to the specified measures for special equipment and security of premises where cryptographic means of information protection are installed or stored, additional requirements are implemented, determined by the methodological documents of the Federal Security Service of Russia.

4. Rights and obligations of the site administration
4.1. The Site administration has the right to set requirements for the composition of users ' personal data, which must necessarily be provided for the use of the site, while the site administration is guided by this privacy policy, the Constitution of the Russian Federation, and other federal laws.
4.2. The site administration does not verify the accuracy of the personal data provided by users of the site, believing that they act in good faith and maintain information about their personal data up-to-date.
4.3. The Site administration is not responsible for the voluntary transfer by site users of their contact data, password or login to third parties.
4.4. The Site administration does not have the right to receive and process personal data of site users about their political, religious and other beliefs and private life.
4.5. The Site Administration, at its own expense, ensures the protection of personal data of site users from misuse or loss in accordance with the procedure established by the legislation of the Russian Federation.
4.6. The Site Administration takes measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it. The site administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it. These measures include, in particular:
- appointment of a person responsible for organizing the processing of personal data;
- publication of documents defining the site's policy on personal data processing, local acts on personal data processing, defining for each purpose of personal data processing the categories and list of processed personal data, categories of subjects whose personal data is processed, methods and terms of their processing and storage, the procedure for destroying personal data when the purposes of their processing are achieved or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations. Such documents and local acts may not contain provisions that restrict the rights of users of the site, as well as impose on the site administration powers and obligations not provided for by the legislation of the Russian Federation;
- application of legal, organizational and technical measures to ensure the security of personal data;
- implementation of internal control and (or) audit of the compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, requirements for personal data protection, the site's policy on personal data processing, and local site acts;
- assessment of the harm that may be caused to users of the site in case of violation of the Law on Personal Data, the ratio of this harm and the measures taken by the site administration aimed at ensuring the fulfillment of obligations stipulated by the Law on Personal Data;
- familiarization of site employees directly involved in personal data processing with the provisions of the Russian Federation legislation on personal data, including requirements for personal data protection, documents defining the site's policy on personal data processing, local acts on personal data processing, and (or) training of these employees.

5. Rights of site users to protect their personal data
5.1. In order to ensure the protection of their personal data stored on the site, Site users have the right to:
- receive full information about your personal data, its processing, storage and transfer;
- identify their representatives to protect their personal data;
- request the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of this privacy policy and the legislation of the Russian Federation;
- require the site administration to notify all persons who were previously informed of incorrect or incomplete personal data of site users about all exceptions, corrections or additions made to them.
If the site administration refuses to exclude or correct the personal data of site users, users have the right to inform the site administration in writing of their disagreement with the relevant justification.
5.2. Site users have the right to independently restrict the collection of information by third parties using the standard privacy settings of the Internet browser they use to work with the site, as well as to change, delete or supplement the personal data provided by them at any time.
5.3. If the site users believe that the processing of their personal data is carried out in violation of the requirements of the Law on Personal Data or otherwise violates their rights and freedoms, they have the right to appeal the actions or omissions of the site administration to the authorized body for the protection of the rights of personal data subjects or in court.
5.4. Site users may at any time independently edit the personal data provided by them during registration or authorization in their personal account.
5.5. Users of the site should not waive their rights to preserve and protect the secret.
6. Procedure for destruction or blocking of personal data
6.1. In case of detection of illegal processing of personal data when contacting a site user, the site administration blocks illegally processed personal data related to this user from the moment of such request for the period of verification.
6.2. In case of detection of inaccurate personal data when contacting a site user, the site administration blocks personal data related to this user from the moment of such request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the site user or third parties.
6.3. If the fact of inaccuracy of personal data is confirmed, the site administration, based on the information provided by the site user, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
6.4. In case of detection of illegal processing of personal data carried out by the site administration, the site administration stops illegal processing of personal data within a period not exceeding three working days from the date of this detection.
6.5. If it is impossible to ensure the legality of personal data processing, the site administration will destroy such personal data within a period not exceeding ten working days from the date of detection of illegal processing of personal data.
6.6. The site administration notifies the site user about the elimination of violations or the destruction of personal data.
6.7. If the fact of illegal or accidental transfer (provision, distribution, access) of personal data that resulted in a violation of the rights of the site user is established, the site administration, from the moment such an incident is detected by the site administration, the authorized body for the protection of the rights of personal data subjects or another interested person, notifies the authorized body for the protection of the rights of personal data subjects:
- within twenty-four hours about the incident that occurred, about the alleged reasons that led to the violation of the site user's rights, and the alleged harm caused to the site user's rights, about the measures taken to eliminate the consequences of the relevant incident, and also provides information about the person authorized by the site administration to interact with the authorized body for the protection of the rights of personal data subjects, on issues related to the identified incident;
- within seventy-two hours on the results of the internal investigation of the identified incident, and also provides information about the persons whose actions caused the identified incident (if any).
6.8. If the purpose of personal data processing is achieved, the site administration stops processing personal data and destroys personal data within a period not exceeding thirty days from the date of achieving the purpose of personal data processing.
6.9. If the site user withdraws consent to the processing of their personal data, the site administration stops processing them and, if the storage of personal data is no longer required for the purposes of personal data processing, destroys the personal data within a period not exceeding thirty days from the date of receipt of the specified withdrawal.
6.10. If the site user requests the site administration to stop processing personal data, the site administration stops processing them within a period not exceeding ten business days from the date of receipt of the relevant request, except for cases stipulated by the Law on Personal Data.
The specified period may be extended, but not for more than five working days, if the site administration sends a reasoned notification to the site user indicating the reasons for extending the deadline for providing the requested information.
6.11. If it is not possible to destroy personal data within the period specified in clauses 6.4-6.10 of this privacy policy, the site administration blocks such personal data and ensures the destruction of personal data within no more than six months, unless another period is established by federal laws.
6.12. After the expiration of the regulatory storage period for documents containing personal data of the site user, or upon the occurrence of other legal grounds, the documents are subject to destruction.
7. Liability for violation of the rules governing the processing and protection of personal data of site users
7.1. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of users of the site are brought to disciplinary, material, civil, administrative and criminal liability in accordance with the procedure established by the current legislation of the Russian Federation.
7.2. Moral damage caused to the site user as a result of violation of their rights, violation of the rules for processing personal data established by the Law on Personal Data, as well as requirements for the protection of personal data established in accordance with the said Federal Law, is subject to compensation in accordance with the legislation of the Russian Federation. Compensation for non-pecuniary damage is carried out regardless of compensation for property damage and losses incurred by the site user.

8. Changing the Privacy Policy
8.1. This privacy Policy may be changed or terminated by the site administration unilaterally without prior notice to the site user. The new version of the Privacy Policy comes into force from the moment it is posted on the site, unless otherwise provided by the new version of the Privacy Policy.
8.2. The current version of the Privacy Policy is available on the website in the information and telecommunications network "Internet" at: https://vitaplus55.ru/privacy_en