+7 (800) 700-75-00
4 Kromskoye HWY, Orel
Book now

Privacy Policy

GENERAL PROVISIONS

1.1. This Policy has been developed and is applied in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, Federal Law No. 38-FZ of March 13, 2006 “On Advertising”, Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Protection of Information”, and other regulatory acts in the field of personal data protection applicable within the territory of the Russian Federation.

1.2. This Policy defines the procedure for the collection, accounting, processing, accumulation, use, distribution, and storage of personal data of individuals, including clients, counterparties and/or their representatives, and users of the websites operated by JSC “GRINN Corporation” (registered address: 4 Kromskoye Highway, Orel, Oryol Region, 302042, Russia; Tax ID 4629045050) (hereinafter — the “Operator”), as well as other individuals who are not employees of the Operator and have voluntarily provided their personal data.

1.3. The purpose of this Policy is to protect the personal data of the aforementioned individuals from unauthorized access and disclosure.

1.4. Definitions:

  • Personal Data — any information relating to a directly or indirectly identified or identifiable individual (data subject), including but not limited to name, surname, patronymic, date and place of birth, address, marital and social status, education, profession, income, and other identifying data.

  • Processing — any operation or set of operations performed on personal data, including collection, systematization, accumulation, storage, updating, use, dissemination, anonymization, blocking, or destruction.

  • Dissemination — actions aimed at transferring personal data to a certain group of persons or making them available to the general public.

  • Use — operations with personal data carried out by the Operator to make decisions or take actions affecting the rights and interests of the data subject or third parties.

  • Blocking — temporary suspension of personal data processing.

  • Destruction — actions resulting in the irreversible loss of personal data.

  • Confidentiality — mandatory non-disclosure of personal data without the data subject’s consent or other legal basis.

  • Information — any data regardless of format.

  • Documented Information — recorded information with identifying attributes.

  • Personal Data Information System — a system comprising databases and technologies used for automated or non-automated processing of personal data.

1.5. When processing personal data, the Operator adheres to the following principles:

  • Lawfulness and fairness;

  • Purpose limitation;

  • Data minimization and relevance;

  • Accuracy and adequacy;

  • Storage limitation;

  • Integrity and confidentiality.

1.6. This Policy governs the Operator’s handling of personal data with and without the use of automation, ensuring data confidentiality and implementing preventive legal compliance measures.

1.7. The Operator processes personal data legally and fairly to fulfill legal obligations, safeguard legitimate interests, and ensure the rights of data subjects.

1.8. This Policy applies to data obtained from:

  • Individuals under civil law relations with the Operator;

  • Representatives of legal entities and sole proprietors in contractual relations;

  • Users of the Operator’s websites (grinn-corp.ru, linia-market.ru and subdomains);

  • Other individuals whose data the Operator may lawfully process.

Personal data of employees are regulated by a separate internal policy dated 24.09.2021, Order No. 276.

1.9. The Operator processes the following categories of personal data:

  • Name, surname, patronymic;

  • Birth date and place;

  • Citizenship;

  • Contact details (phone, email);

  • Identity document data;

  • Residential and registration address;

  • Taxpayer identification number;

  • Pension insurance number;

  • Order and communication history.

1.10. The Operator may also process non-personally identifiable technical data collected automatically, including:

  • Browser type;

  • IP address;

  • Cookie data;

  • Referrer URL;

  • Access times.

1.11. The Operator does not process special categories of personal data such as racial origin, religious beliefs, political opinions, or biometric data.

1.12. Access by third parties is restricted except as required by law. Unspecified data is destroyed immediately upon receipt.

1.13. Personal data is processed for the purposes of:

  • Contract execution;

  • Order handling and customer service improvement;

  • Marketing and promotional campaigns (with consent);

  • Website analytics and security.

1.14. Processing activities include:

  • Collection, recording, storage, use, transfer, anonymization, deletion, etc.

1.15. Cross-border data transfer is permitted with the subject’s consent and appropriate safeguards.

COLLECTION, USE, AND DISCLOSURE

2.1. Processing begins upon obtaining the subject’s consent, given in written, verbal, or conclusive form, including:

  • Partner card registration;

  • User account creation on grinn-corp.ru or linia-market.ru;

  • Phone communication with the call center;

  • Participation in online promotions.

2.2. Consent is not required where processing is mandated by law or for contract fulfillment.

2.3. Personal data may be submitted:

  • In writing in offices;

  • Online via websites;

  • Verbally via call center;

  • Other lawful means.

2.4. Consent is presumed upon completion of any of the above actions and remains valid until revoked in writing.

2.5. Consent may be withdrawn at any time by sending written notice to the Operator’s address. Upon withdrawal, processing ceases within 30 days unless otherwise stipulated by law or contract.

2.6. Data transfer to third parties requires written or digital consent, signed with a digital signature if electronic.

2.7. The Operator may share data with government bodies without consent if required by law.

2.8–2.11. Data subjects may explicitly limit dissemination of their data; consent for dissemination must be provided separately and may be revoked at any time.

PROCESSING AND SECURITY MEASURES

3.1. Only authorized personnel may process personal data. They are required to maintain confidentiality.

3.2. Third-party processing is allowed under strict confidentiality and security obligations.

3.3. Data is processed both manually and electronically. Legal consequences are not based solely on automated processing.

3.4. Confidentiality is preserved unless the subject voluntarily shares their data publicly.

DATA SECURITY REQUIREMENTS

4.1–4.8. The Operator implements legal, organizational, and technical safeguards including:

  • Threat identification;

  • Access control;

  • Data encryption and storage protocols;

  • Monitoring and incident response;

  • Limiting processing environments;

  • Virus protection and intrusion prevention;

  • Confidential storage practices;

  • No disclosure of security protocols.

CONSENT TO MARKETING COMMUNICATIONS

5.1. By opting in for marketing (via form, website checkbox, or call center), the subject consents to receiving advertising via phone and email.

5.2. The subject affirms that the provided data is accurate and submitted voluntarily.

DATA RETENTION

6.1. Personal data is securely stored in both electronic databases (protected by passwords) and physical archives (locked cabinets).

FINAL PROVISIONS

7.1. Employees violating data policies are subject to disciplinary action under Russian law.

7.2. This Policy is an internal document of the Operator and takes effect upon approval.

7.3–7.5. The Operator’s additional responsibilities are defined by applicable data protection legislation. Updates to this Policy are made by order of the Director and published online.

This website uses cookies to ensure all its functions work properly. By continuing to use this website, you agree to the terms of the Cookie Policy.

Accept