Privacy policy

Policy regarding the Processing and Protection of Personal Data

1. General Provisions

This Policy regarding the Processing and Protection of Personal Data (hereinafter referred to as the Policy) has been developed in compliance with Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter referred to as Law No. 152-FZ) and defines the procedure for collecting, processing, storing, and protecting personal data of website users and clients.

The purpose of adopting this Policy is to ensure the security of personal data and to comply with data subject rights.

Personal Data Operator (hereinafter referred to as the Operator):

• Full Name: Limited liability Company «Murashinskiy Plywood Plant»
• Taxpayer Identification Number (INN): 4318004484
• Primary State Registration Number (OGRN): 1154350004181
• Registered office Address: 613710, Kirov region, Murashinsky district, Murashi, Garazhnaya str., 10
• Actual Address: 610020, Kirov, Vsesvyatskaya str, 17
• Contact Phone Number: 8 (8332) 32-61-51
• Email Address: info@mfzavod.ru
• Person-in-charge of organizing the processing of personal data: Ryabova Tatyana Sergeevna (Head of the Personnel Department)
• Contact of the person-in-charge: info@mfzavod.ru
• Link to a separate document "Consent to the Processing of Personal Data": https://mfzavod.com/en/agreement/

2. Key Concepts and Terms

• Personal Data — any information relating to a directly or indirectly identified or identifiable individual (personal data subject). Under this Policy, personal data means information that the user (including a representative of a legal entity) independently provides about themselves when using the Website, as well as data automatically collected when visiting the Website.
• Personal Data Subject — an individual to whom the personal data relates. Under this Policy, subjects may be individuals (consumers) as well as representatives (employees, contact persons) of legal entities whose data is processed in connection with the conclusion and execution of contracts, as well as with other purposes provided for by this Policy.
• Website — a collection of web pages accessible on the "Internet" information and telecommunications network at the address mfzavod.com, as well as all subdomains of the specified domain (hereinafter referred to as the Website).
• Processing of Personal Data — any action (operation) or set of actions performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.
• Consent of the Personal Data Subject — a separate document signed by the subject (including by means of an electronic signature or by checking a box with a link to the text of such a document), confirming their consent for the processing of personal data for specific purposes.
• Confidentiality of Personal Data — a requirement not to allow its distribution without a consent of the subject or the existence of other lawful grounds.

3. Types of Personal Data Collected

3.1. Data that may be collected during registration, order placement, booking, or conclusion of a contract (including the ones with a legal entity):

• last name, first name, patronymic (if any) of the contact person;
• phone number (mobile, work);
• email address (personal or corporate);
• delivery address (if required for contract execution);
• name of the organization, position (when interacting with legal entities);
• other types of information that the user voluntarily provides in feedback forms.

3.2. Data that is collected automatically when visiting the Website:

• IP address;
• browser type, operating system;
• history of visited Website pages;
• cookies and other tracking technologies.

3.3. Data relating to special categories (e.g., passport data, date of birth) is processed only in cases directly provided for by the legislation of the Russian Federation (for example, when selling airline and railway tickets, when concluding contracts requiring personal identification), and only with the separate explicit consent of the subject.

3.4. Payment Data: The Operator does not store full bank card details. When processing payments, secure services of payment partners are used. The Operator may only receive depersonalized information about the fact of payment (amount, date, status).

4. Purposes of Personal Data Processing

• conclusion and execution of contracts with users (individuals) and legal entities (through their authorized representatives) -- provision of services, sale of goods, booking;
• identification of the party within the framework of contractual relations;
• making payments;
• providing the user with the information about orders and their status;
• sending informational messages of a technical nature;
• improving the quality of services, analyzing user experience (at an impersonal level);
• sending advertising and news materials only with a separate consent to advertising mailing;
• ensuring security and preventing fraudulent actions;
• complying with the requirements of the legislation of the Russian Federation, including tax and administrative legislation.

5. Personal Data Retention Periods

Upon expiration of the established periods, the data is subject to deletion or depersonalization.

6. Sources of Obtaining Personal Data

• Directly from the personal data subject (when filling out forms on the Website, during correspondence, when concluding a contract -- including ones from a representative of a legal entity).
• Automatically as a result of visiting the Website (cookies, IP address).
• From payment systems and banks (only information about a payment status).
• From third parties only with the consent of the subject or if the transfer is provided for by an agreement with such a third party (for example, within the framework of partner programs).

7. Persons with Access to Personal Data. Transfer to Third Parties

7.1. Access to personal data is granted only to authorized employees of the Operator who have signed a non-disclosure agreement and have been instructed on working with personal data.

7.2. Transfer of personal data to third parties is allowed only in the following cases:

• the subject has given explicit consent to such transfer;
• transfer is necessary for the execution of a contract (for example, to a courier service for goods delivery, to a payment service for processing a payment);
• transfer is carried out at the request of state authorities within their legal powers;
• other cases provided for by the legislation of the Russian Federation.

7.3. In all cases of transferring data to third parties, the Operator enters into agreements (instructions) with them, obliging such parties to maintain confidentiality and ensure the security of personal data in compliance with the requirements of Law No. 152-FZ.

8. Personal Data Protection Measures

The Operator takes all necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions:

Organizational measures:

• appointment of a person responsible for organizing the processing of personal data;
• development of local acts on the processing and protection of personal data;
• conducting instruction and training for employees;
• monitoring compliance with data protection requirements;
• timely destruction of data upon expiration of retention periods.

Technical measures:

• use of encryption protocols when transferring data via the "Internet" information and telecommunications network;
• restricting access to databases (password protection, multi-factor authentication);
• use of antivirus software and firewalls;
• regular backup;
• maintaining logs of actions with personal data.

9. Rights of Personal Data Subjects

The personal data subject (including representatives of legal entities) has the right to:

• receive information about the processing of their personal data;
• demand the clarification, blocking, or destruction of their data if it is incomplete, outdated, inaccurate, or processed in violation of the law;
• withdraw consent to the processing of personal data at any time (the consequences of withdrawal are explained in the Consent);
• appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media) or through legal action.

Procedure for exercising rights:
To exercise their rights, it is necessary to send a request by one of the following methods:

• in writing to the address: to the Actual Address specified in Section 1;
• in electronic form to the address: to the Email Address specified in Section 1.

The request must include: last name, first name, patronymic, contact details, and the essence of the request. For the purpose of identity verification, a request from an email must be sent from the address provided by the user upon registration. The Operator has the right to request additional information to confirm the identity.

Response time to a request is no more than 30 days from the date of receipt.

10. Use of Cookies and Tracking Technologies

The Website uses cookies and similar technologies to:

• ensure operability and improve the functionality of the Website;
• collect statistics (using web analytics systems located on the territory of the Russian Federation, for example, Yandex.Metrica or other similar services);
• store user preferences.

By continuing to use the Website, the user agrees to the use of cookies in accordance with the settings of their browser. The user can disable the storage of cookies in the settings at any time, but this may affect the availability of certain functions of the Website.

11. Procedure for Obtaining Consent to the Processing of Personal Data

11.1. The processing of personal data is carried out by the Operator only with a separate Consent of the subject, developed in compliance with the requirements of Art. 9 of Federal Law No. 152-FZ. If the subject acts on behalf of a legal entity, consent is given by them as an individual for the processing of their own personal data.

11.2. The text of the current Consent form is available at the link specified in Section 1.

11.3. By checking the appropriate box when registering, placing an order, or subscribing, the subject confirms that they have read the text of the Consent and this Policy, understand their content, and give specific, informed, and conscious consent to the processing of their personal data under specified conditions.

11.4. Consent may be withdrawn by the subject at any time by sending a notification using the methods specified in Section 9. Upon withdrawal of consent, the Operator is obliged to stop processing or ensure its cessation, and if the retention of data is no longer required for the stated purposes, destroy the data within a period not exceeding 30 days from the date of receipt of the withdrawal, unless otherwise provided by law.

12. Cross-Border Transfer of Personal Data

The Operator stores and processes personal data exclusively on servers located on the territory of the Russian Federation. Cross-border transfer of personal data is not carried out, except in cases directly provided for by the legislation of the Russian Federation and with a separate consent of the subject.

13. Final Provisions

13.1. This Policy is a public document and is subject to publication on the Operator's Website.

13.2. The Operator has the right to make changes to this Policy due to changes in legislation or internal processes. The new version of the Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the version itself.

13.3. Control over the implementation of the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.

13.4. Questions, feedback, and suggestions regarding this Policy can be sent using the contacts specified in Section 1.