1. General Provisions
This Personal Data Processing Policy has been prepared in accordance with Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006 and defines the procedure for processing personal data and the security measures applied by Individual Entrepreneur Marianna Yuryevna Biryuchkova.
The Operator considers respect for human and civil rights and freedoms during personal data processing, including protection of privacy, personal and family secrets, to be an essential condition of its activities.
This Policy applies to all information that the Operator may receive about visitors of https://testmanager.software.
2. Key Terms Used in this Policy
Automated processing of personal data means processing personal data using computing technology.
Blocking of personal data means the temporary suspension of personal data processing, except where processing is necessary to clarify personal data.
Website means a set of graphic and informational materials, software and databases available online at https://testmanager.software.
Personal data information system means a set of personal data contained in databases and the information technologies and technical means used to process it.
Anonymization of personal data means actions after which it is impossible to identify a specific User or other personal data subject without additional information.
Processing of personal data means any action or set of actions involving personal data, including collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, anonymization, blocking, deletion and destruction.
Operator means a person who independently or jointly with others organizes and carries out personal data processing and determines the purposes of processing, the scope of data and the actions performed with personal data.
Personal data means any information relating directly or indirectly to an identified or identifiable User of https://testmanager.software.
Personal data permitted by the data subject for dissemination means personal data made available to an unlimited number of persons by the data subject through a separate consent in accordance with the Personal Data Law.
User means any visitor of https://testmanager.software.
Provision of personal data means actions aimed at disclosing personal data to a specific person or a specific group of persons.
Dissemination of personal data means actions aimed at disclosing personal data to an indefinite group of persons.
Cross-border transfer of personal data means transfer of personal data to the territory of a foreign state to a foreign authority, foreign individual or foreign legal entity.
Destruction of personal data means actions after which personal data is irreversibly destroyed and cannot be restored.
3. Main Rights and Obligations of the Operator
3.1. The Operator has the right to:
- receive accurate information and documents containing personal data from the personal data subject;
- continue processing personal data without the data subject's consent, where grounds provided by the Personal Data Law exist, if consent is withdrawn or a request to stop processing is submitted;
- independently determine the composition and list of measures necessary and sufficient to fulfill the obligations provided by the Personal Data Law and related regulatory acts.
3.2. The Operator must:
- provide the personal data subject, upon request, with information concerning the processing of their personal data;
- organize personal data processing in accordance with the procedure established by applicable Russian law;
- respond to requests from personal data subjects and their legal representatives in accordance with the Personal Data Law;
- provide the authorized authority for the protection of personal data subjects' rights with the necessary information within 10 days from receipt of the relevant request;
- publish or otherwise provide unrestricted access to this Policy;
- take legal, organizational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination and other unlawful actions;
- stop transferring and processing personal data and destroy personal data in the procedure and cases provided by the Personal Data Law;
- perform other obligations provided by the Personal Data Law.
4. Main Rights and Obligations of Personal Data Subjects
4.1. Personal data subjects have the right to:
- receive information concerning the processing of their personal data, except in cases provided by federal law;
- request that the Operator clarify, block or destroy personal data if it is incomplete, outdated, inaccurate, unlawfully obtained or no longer required for the stated processing purpose;
- make prior consent a condition for processing personal data for the purpose of promoting goods, works and services;
- withdraw consent to personal data processing and submit a request to stop personal data processing;
- appeal unlawful actions or omissions of the Operator to the authorized authority for the protection of personal data subjects' rights or in court;
- exercise other rights provided by Russian law.
4.2. Personal data subjects must:
- provide the Operator with accurate information about themselves;
- notify the Operator of clarification, update or change of their personal data.
Persons who provide the Operator with inaccurate information about themselves or information about another personal data subject without that person's consent are liable in accordance with Russian law.
5. Principles of Personal Data Processing
- personal data is processed on a lawful and fair basis;
- processing is limited to specific, predefined and lawful purposes;
- processing incompatible with the purposes of personal data collection is not allowed;
- databases containing personal data processed for incompatible purposes are not combined;
- only personal data that meets the processing purposes is processed;
- the content and scope of processed personal data correspond to the stated processing purposes;
- accuracy, sufficiency and relevance of personal data are ensured during processing;
- personal data is stored no longer than required by the processing purposes, unless another retention period is established by law or contract.
6. Purposes of Personal Data Processing
The Operator processes personal data to provide the User with access to services, information and materials available on the website, to process requests, contact the User, provide consultations, demo access and technical support, conclude and perform contracts, send informational messages and improve the quality of the website and TestManager product.
Categories of personal data processed:
- last name, first name, patronymic;
- email address;
- phone number;
- company name and request content, if provided voluntarily by the User;
- technical data automatically transmitted to the website: IP address, browser and device information, access date and time, requested page address, cookies and similar data.
Legal grounds for processing: the User's consent to personal data processing, a contract or actions requested by the User before entering into a contract, Federal Law No. 149-FZ "On Information, Information Technologies and Information Protection" dated July 27, 2006, civil, tax and other applicable laws of the Russian Federation.
Types of processing: collection, recording, systematization, accumulation, storage, clarification, retrieval, use, transfer, anonymization, blocking, deletion and destruction of personal data, including sending informational emails where there is a lawful basis.
7. Conditions for Personal Data Processing
Personal data is processed with the consent of the personal data subject or where other grounds provided by Russian law exist.
Processing may be necessary to perform a contract to which the personal data subject is a party, to enter into a contract at the subject's request, or to exercise the rights and legitimate interests of the Operator or third parties, provided that the rights and freedoms of the personal data subject are not violated.
The Operator may process personal data made available to an unlimited number of persons by the personal data subject or at the subject's request, as well as personal data subject to publication or mandatory disclosure under federal law.
8. Collection, Storage, Transfer and Other Processing Procedures
Personal data security is ensured through legal, organizational and technical measures necessary to comply with applicable personal data protection requirements.
The Operator ensures the safety of personal data and takes measures to prevent access by unauthorized persons.
User personal data is not transferred to third parties except where required by applicable law, request processing, contract performance, use of necessary communication, hosting, analytics, CRM, payment, accounting or support services, or where the personal data subject has consented to such transfer.
If inaccuracies in personal data are identified, the User may update the data by sending a notice to support@testmanager.software with the subject "Personal data update".
The User may withdraw consent to personal data processing at any time by sending a notice to support@testmanager.software with the subject "Withdrawal of consent to personal data processing".
Information collected by third-party services, including payment systems, communication tools and other service providers, is stored and processed by those parties in accordance with their user agreements and privacy policies. The Operator is not responsible for actions of third parties where they act as independent personal data operators.
Restrictions set by the personal data subject on transfer and processing of personal data permitted for dissemination do not apply where personal data is processed in state, public or other public interests defined by Russian law.
The Operator ensures confidentiality of personal data during processing.
The Operator stores personal data in a form that allows identification of the personal data subject no longer than required by the processing purposes, unless a retention period is established by federal law or contract.
Processing may stop when the processing purposes are achieved, consent expires, consent is withdrawn, a request to stop processing is submitted, or unlawful processing is identified.
9. Actions Performed by the Operator with Personal Data
The Operator collects, records, systematizes, accumulates, stores, clarifies, retrieves, uses, transfers, anonymizes, blocks, deletes and destroys personal data.
The Operator performs automated personal data processing with or without receiving and transmitting the resulting information over information and telecommunication networks.
10. Cross-Border Transfer of Personal Data
Before carrying out cross-border transfer of personal data, the Operator complies with the requirements of Russian law, including notifying the authorized authority for the protection of personal data subjects' rights where such notification is required.
Before submitting the notice, the Operator obtains the information required by law from foreign persons to whom cross-border transfer of personal data is planned.
11. Confidentiality of Personal Data
The Operator and other persons who gain access to personal data must not disclose it to third parties or disseminate it without the consent of the personal data subject, unless otherwise provided by federal law.
12. Final Provisions
The User may receive clarifications on personal data processing by contacting the Operator at support@testmanager.software.
Any changes to this Personal Data Processing Policy will be reflected in this document. The Policy remains in effect indefinitely until replaced by a new version.
The current version of the Policy is publicly available at https://testmanager.software/en/personal-data/.