TP Lab TP Kit
TP Lab TP Kit

OOO TP LAB

Privacy policy for user personal data on the company's website

1. General information

1.1 This Privacy Policy is developed in accordance with the Constitution of the Russian Federation, Federal Law N 149-FZ "On Information, Information Technologies and Information Protection" of July 27, 2006 , Federal Law N 152-FZ "On Personal Data" of July 27, 2006 (hereinafter - the Personal Data Law) and other regulatory legal acts for the personal data protection and processing in force on the territory of the Russian Federation.

1.2 This Privacy Policy uses the following terms:

  • the (web)site is truepositive.ru, located on the domain name truepositive.ru, providing services for the sale and technical support of the RetailRotor hardware and software complex, KnotInspetor hardware and software complex, FMMonitor software, LogHouse software, PoZapisi software;
  • the site administration are employees authorized to manage the site, who determine the content of personal data of the
  • the site user is a natural person, user of the site services, subject of personal data, who has voluntarily registered on the site and provided the necessary personal data during registration;
  • site user - a natural person, user of the site services, subject of personal data, who has voluntarily registered on the site and provided the necessary personal data during registration;
  • personal data means any information relating to a directly or indirectly defined or identifiable natural person ( subject of personal data);
  • processing of personal data means any action (operation) or a combination of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

1.3 This Privacy Policy establishes the procedure for obtaining, protecting, storing, processing and transmitting personal data of the site users, applies to all information that the site administration can get about users during their use of the site. This Privacy Policy does not apply to other sites inculding the sites of third parties. The site administration is not responsible for the sites of third parties, to which users can visit using the links available on the company's site.

1.4 The personal data of the website users include: full name, phone number and e-mail address. The data that are transmitted automatically depending on the software settings are: surname, first name, patronymic, contact phone number, e-mail address. The site administration can obtain all user's personal data only from the users themselves. Personal data of the site users are confidential information and can not be used by the site administration or any other person for personal purposes.

1.5 The purposes of processing personal data of the site users are:

  1. Obtaining, upon request, obtaining information on prices, configurations, possible kits, terms of product delivery and service provision of OOO TP Lab;
  2. Receiving technical support for the RetailRotor hardware and software complex, KnotInspetor hardware and software complex, FMMonitor software, LogHouse software, PoZapisi software.

1.6 The site administration provides users with free access to their personal data, including the right to obtain copies of any record containing their personal data, except as provided by legislation.

1.7 The site administration develops measures to protect personal data of the site users.

2. Processing, storage and transfer of personal data of the website users

2.1 The personal data of the website users is processed exclusively for the purposes specified in clause 1.5 of this Privacy Policy.

2.2 The personal data on the site is processed both with or without the use of automation tools.

2.3 The categories of personal data subjects include:

2.3.1 The site users. In this category of subjects, the site administration processes personal data for the purpose of consulting subjects about the possibility of purchasing and servicing the company's products:

  • Category of personal data: general personal data only
  • List of personal data: surname, first name, patronymic, contact phone number, e-mail address
  • Processing method: using automated systems
  • Processing period: 5 days
  • Retention period: 5 years

2.4 The personal data of the website users are stored electronically in the personal data information system of the site, as well as in archived copies of the site databases. When storing the personal data of the site users, the organizational and technical measures are observed to ensure their safety and exclude unauthorized access to them. Only employees of the site administration who are authorized to work with personal data of the site users and who have signed an agreement on non-disclosure of personal data of the site users may have access to the processing of personal data of the site users. The list of site employees who have access to personal data of the site users is approved by by Order No. 2/22-OD of September 01, 2022.

2.5 The site administration may transfer personal data of the site users to third parties only if it is necessary to prevent a threat to their life and health, as well as in cases established by law.

2.6. The site administration is obliged to provide personal data of users only to authorized persons and only in the part that is necessary for them to perform their employment duties in accordance with this policy and the legislation of the Russian Federation.

2.7. When transferring personal data of the site users, the site administration warns the persons receiving this information that this data can be used only for the purposes for which they are reported, and requires from these persons a written confirmation to comply with this condition.

2.8. Consent to the processing of personal data authorized by the website user for dissemination shall be executed separately from other consents of the website user to the processing of his/her personal data. The site administration provides the site user with the possibility to determine the list of personal data for each category of personal data, specified in the consent to the processing of personal data, authorized for dissemination.

2.9. In the consent to the processing of personal data authorized by the site user for dissemination, the user has the right to establish prohibitions on the transfer (except for the granting of access) of these personal data by the site administration to an unlimited number of persons, as well as prohibitions on the processing or conditions of processing (except for access) of these personal data by an unlimited number of persons.

2.10. The transfer (distribution, provision, access) of personal data authorized by the site user for dissemination shall be terminated at any time at his/her request. The personal data specified in this requirement may be processed only by the site administration.

2.11. Other rights, obligations, actions of employees of the site administration, whose employment duties include the processing of personal data of the site users, are determined by job descriptions.

2.12. All information about the transfer of personal data of the site users is taken into account to control the legality of the use of this information by persons who received it.

2.13. In order to improve the quality of service and to ensure the legal protection, the site administration has the right to store log files with information about the actions performed by the users during the use of the site.

3. Requirements to the premises where personal data are processed

3.1. Placement of equipment for personal data information systems, special equipment and security of premises where personal data is processed, organization of security regime in these premises should ensure the safety of personal data carriers and information protection tools, as well as exclude the possibility of uncontrolled entry or stay of unauthorized persons in these premises.

3.2. The premises where technical equipment for personal data information systems are located or where personal data carriers are stored shall comply with the fire safety requirements established by the current legislation of the Russian Federation.

3.3. Determination of the level of special equipment of the premises shall be carried out by a specially created commission. Acts shall be drawn up on the results of determining the class and inspection of the premises for compliance with such class.

3.4. In addition to the above measures for special equipment and security of premises where cryptographic tools for information protection are installed or stored, additional requirements determined by methodological documents of the Federal Security Service of Russia shall be implemented.

4. Rights and obligations of the website administration

4.1 The site administration has the right to establish requirements for the scope of personal data of users, which must be necessarily provided for the use of the site, while the site administration is guided by this Privacy Policy, the Constitution of the Russian Federation, and other federal laws.

4.2 The site administration does not verify the accuracy of personal data provided by the site users, believing that they act in good faith and keep information about their personal data up to date.

4.3 The site administration is not responsible for the voluntary transfer by the site users of their contact information, password or login to third parties.

4.4 The site administration does not have the right to receive and process personal data of the site users about their political, religious and other beliefs and private life.

4.5 The site administration at its own expense provides protection of personal data of the site users from unauthorized use or loss in accordance with the procedure established by the legislation of the Russian Federation.

4.6 The site administration shall take measures necessary and sufficient to ensure the fulfillment of obligations, stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it. The website administration independently determines the checklist of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it. Such measures, in particular, include:

  • issuance of documents defining the site's policy on personal data processing, local acts on the issues of personal data processing, defining for each purpose of personal data processing the categories and the list of categories and list of processed personal data, categories of subjects whose personal data are processed, methods, terms of their processing and storage, the procedure for destroying personal data upon achievement of the purposes of personal data processing or upon the occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating of the consequences of such violations. Such documents and local acts may not contain provisions restricting the rights of the site users, as well as imposing on the site administration powers and obligations not provided for by the legislation of the Russian Federation;
  • internal control and (or) audit of compliance of personal data processing with the Law on Personal Data and regulatory legal acts adopted in accordance with it, personal data protection requirements, the site's policy on personal data processing, local acts of the site;
  • assessment of the harm that may be caused to the site users in case of violation of the Law on Personal Data, the correlation between the said harm and the measures taken by the site administration to ensure the fulfillment of the obligations stipulated by the Law on Personal Data;
  • familiarization of the site employees directly involved in the processing of personal data with the provisions of the Russian Federation legislation on personal data including requirements to personal data protection, documents defining the site's policy on personal data processing, local acts on personal data processing, and (or) training of these employees.
  • appointment of the person responsible for organization of personal data processing;
  • application of legal, organizational and technical measures to ensure the personal data security;

5. Rights of the website users to protect their personal data

5.1 In order to ensure the protection of their personal data stored on the website, the website users have the right to:

  • receive full information about their personal data, its processing, storage and transmission;
  • determine their representatives for the protection of their personal data;
  • demand the exclusion or correction of incorrect or incomplete personal data, as well as data processed in violation of this Privacy Policy and the legislation of the Russian Federation;
  • demand from the site administration to notify all persons to whom incorrect or incomplete personal data of the site users were previously reported about all exceptions, corrections or additions made to them. If the site administration refuses to exclude or correct personal data of the site users, users have the right to declare to the site administration in writing their disagreement with the relevant justification.

5.2. The site users have the right to independently limit the collection of information by third parties, using the standard privacy settings of the Internet browser they use to work on the site, as well as to change, delete or supplement their personal data at any time.

5.3 If the website users believe that their personal data is processed in violation of the requirements of the Law on Personal Data or otherwise violates their rights and freedoms, they have the right to appeal the actions or inaction of the site administration to the authorized body for the protection of the rights of personal data subjects or in court.

5.4 The site users have the right to edit the personal data provided by them during registration or authorization in their personal account at any time.

5.5 The site users shall not waive their rights to maintain and protect secrecy.

6. Procedure for destruction and blocking of personal data

6.1 In case of detection of unlawful processing of personal data at the request of the site user, the site administration blocks the unlawfully processed personal data relating to this user from the moment of such request for the period of verification.

6.2 In case of revealing inaccurate personal data at the request of the site user, the site administration blocks personal data related to this user from the moment of such request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the site user or third parties.

6.3 In case of confirmation of the fact of inaccuracy of personal data, the site administration on the basis of information, submitted by the user of the site, or other necessary documents clarifies personal data within seven (7) working days from the date of submission of such information and removes the blocking of personal data.

6.4 In case of detection of unlawful processing of personal data by the site administration, the site administration shall stop unlawful processing of personal data within a period not exceeding three (3) working days from the date of such detection.

6.5 If it is impossible to ensure the legality of personal data processing, the site administration shall destroy such personal data within a period not exceeding ten (10) working days from the date of of detection of unlawful processing of personal data.

6.6 The site administration shall notify the site user about the elimination of violations or destruction of personal data.

6.7 In case of establishing the fact of unlawful or accidental transfer (provision, dissemination, access) personal data, which resulted in violation of the rights of the user of the site, the site administration shall notify the authorized body for the protection of the rights of personal data subjects from the moment of detection of such incident by the site administration, the authorized body for the protection of the rights of personal data subjects or other interested person:

  • within twenty-four (24) hours about the occured incident, the alleged causes for the violation of the site user's rights, and the alleged harm to the site user's rights, the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the site administration to interact with the authorized body for the protection of the rights of personal data subjects on the issues related to the identified incident;
  • within seventy-two (72) hours on the results of the internal investigation of the identified incident, as well as provides information about the persons whose actions caused the identified incident (if any).

6.8 In case the purpose of personal data processing is achieved, the website administration stops processing personal data and destroys personal data within a period not exceeding thirty (30) days from the date when the purpose of personal data processing is achieved.

6.9 In case of withdrawal by the site user of consent to the processing of his/her personal data, the site administration stops their processing and in case the preservation of personal data is no longer required for the purposes of personal data processing, destroys personal data within a period not exceeding thirty (30) days from the date of receipt of the said revocation.

6.10 In case the site user appeals to the site administration with a request to stop processing of personal data, the site administration shall stop processing personal data within a period not exceeding ten (10) working days from the date of receipt of the relevant request, except as provided by the Law on Personal Data. This period may be extended, but not more than for five (5) working days in case the site administration sends a motivated notice to the address of the site user indicating the reasons for extending the period for providing the requested information.

6.11 If there is no possibility to destroy personal data within the period specified in paragraphs 6.4-6.10 of this Privacy Policy, the site administration shall block such personal data and ensure the destruction of personal data within a period of not more than six (6) months, unless another period is established by federal laws.

6.12 After the regulatory retention period of documents containing personal data of the website user expires, or in case other legal grounds occur, the documents are subject to destruction.

6.13. For these purposes, the website administration shall establish an expert commission and conduct an expert examination of the value of documents.

6.14 According to the results of the examination, documents containing personal data of the website user and subject to destruction:

  • those on paper shall be destroyed in a shredder;
  • those in electronic form shall be erased from the information carriers or the carriers that contain the information shall be physically destroyed.

7. Liability for violation of the rules governing the processing and protection of personal data of the website users

7.1 Persons guilty of violating the rules governing the receipt, processing and protection of personal data of the site users shall be brought to disciplinary, material, civil, administrative and criminal liability in accordance with the procedure established by the current legislation of the Russian Federation.

7.2 Moral damage caused to the site user due to violation of his/her rights, violation of the rules of personal data processing established by the Law on Personal Data, as well as requirements for the protection of personal data established in accordance with this Federal Law, shall be compensated in accordance with the legislation of the Russian Federation. Compensation for moral damage shall be made regardless of compensation for property damage and losses incurred by the website user.

8. Changes to Privacy Policy

8.1 This privacy policy may be changed or terminated by the site administration unilaterally without prior notice to the site user. The new edition of the privacy policy comes into force from the moment of its placement on the site, unless otherwise provided by the new edition of the privacy policy.

8.2 The current version of the Privacy Policy is available on the company's website: truepositive.ru/privacy-policy.

Intellectual propertyRequisitesPrivacy Policy

© 1999-2025, True Positive Lab ООО «ТП Лаб»