Privacy Policy

Privacy Policy

Personal Data Processing Policy

1. General Provisions

This personal data processing policy is prepared in accordance with the requirements of Federal Law (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and measures for ensuring the security of personal data undertaken by Control Service India (hereinafter referred to as the "Operator").

1.1. The Operator's primary goal and condition for its activities is to respect the rights and freedoms of individuals in processing their personal data, including protecting the right to privacy, personal, and family confidentiality.

1.2. This Operator's Policy on personal data processing (hereinafter referred to as the "Policy") applies to all information that the Operator may receive about visitors to the website https://ctrlservice.in.

2. Main Concepts Used in the Policy

2.1. Automated processing of personal data — processing of personal data using computer technology.

2.2. Blocking personal data — temporary termination of personal data processing (except in cases where processing is necessary to clarify personal data).

2.3. Website — a collection of graphic and informational materials, as well as computer programs and databases, ensuring their accessibility on the Internet at https://ctrlservice.in.

2.4. Personal data information system — a set of personal data contained in databases, and information technologies and technical tools that ensure their processing.

2.5. Depersonalization of personal data — actions resulting in the inability to determine the personal data's association with a specific User or other data subject without using additional information.

2.6. Personal data processing — any action (operation) or set of actions (operations) performed with personal data using automation tools or without using such tools, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, usage, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.7. Operator — a state or municipal body, legal or natural person, independently or jointly with other persons, organising and/or carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data subject to processing, actions (operations) performed with personal data.

2.8. Personal data — any information related directly or indirectly to a particular or identifiable User of the website https://ctrlservice.in.

2.9. Personal data authorised by the personal data subject for dissemination — personal data made available to an unlimited number of people by the personal data subject by consenting to the processing of personal data authorised by the personal data subject for dissemination in the manner prescribed by the Personal Data Law (hereinafter referred to as personal data authorised for dissemination).

2.10. User — any visitor to the website https://ctrlservice.in.

2.11. Provision of personal data — actions aimed at disclosing personal data to a particular person or a specific group of persons.

2.12. Dissemination of personal data — any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or making personal data available to an unlimited number of people, including publishing personal data in the media, placing it in information and telecommunications networks, or otherwise providing access to personal data.

2.13. Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a government authority, foreign individual, or foreign legal entity.

2.14. Destruction of personal data — any actions resulting in the irreversible destruction of personal data with no possibility of further recovery of the personal data's content in the personal data information system and/or physical media.

3. Operator's Main Rights and Obligations

3.1. The Operator has the right to:

receive accurate information and/or documents containing personal data from the data subject;  

continue processing personal data without the data subject's consent if there are grounds specified in the Personal Data Law, even if the data subject revokes consent;  

determine the scope of measures necessary and sufficient to fulfill the obligations provided for by the Personal Data Law and other relevant regulatory legal acts unless otherwise stipulated by federal laws.

3.2. The Operator is obligated to:

provide the personal data subject with information regarding the processing of their personal data upon request; 

organize the processing of personal data in accordance with applicable legislation of India; 

respond to personal data subjects' and their authorized representatives' inquiries and requests in compliance with the Personal Data Law; 

notify the authorized body for the protection of personal data subjects' rights upon request within 30 days; 

publish or otherwise provide unrestricted access to this Policy regarding personal data processing; 

take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, and other unlawful actions; 

stop the transfer (distribution, provision, access) of personal data and cease processing and destroying personal data as prescribed by the Personal Data Law.

4. Personal Data Subject's Main Rights and Obligations

4.1. Personal data subjects have the right to:

obtain information regarding the processing of their personal data, except as provided by federal law. The information must be provided by the Operator in an accessible form and should not contain personal data of other data subjects unless there are legal grounds for disclosing such data. The information and its order are established by the Personal Data Law; 

request the Operator to clarify their personal data, block or destroy it if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, and take legal actions to protect their rights.

4.2. Personal data subjects are obliged to:

provide the Operator with accurate data; 

inform the Operator of any updates (changes) to their personal data.

4.3. Persons who have provided the Operator with inaccurate information or information about another data subject without their consent bear responsibility in accordance with the legislation of India.

5. The Operator may process the following personal data of the User:

5.1. Last name, first name, middle name.

5.2. Email address.

5.3. Phone numbers.

5.4. Additionally, the website collects and processes anonymized data about visitors (including cookies) using internet analytics services (Yandex Metrica, Google Analytics, and others).

5.5. The above data is collectively referred to as Personal Data throughout this Policy.

5.6. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or private life.

5.7. The processing of personal data authorized for dissemination from special categories of personal data specified in Article 10, Part 1 of the Personal Data Law, is permitted if the restrictions and conditions provided in Article 10.1 of the Personal Data Law are observed.

5.8. The User’s consent for the processing of personal data authorized for dissemination is given separately from other consents for the processing of their personal data. The conditions specified in Article 10.1 of the Personal Data Law, among others, are observed. The requirements for such consent are established by the authorized body for the protection of personal data subjects' rights.

5.8.1. The User provides the Operator with consent for processing personal data authorized for dissemination directly.

5.8.2. Within three business days of receiving the User's consent, the Operator must publish information about the conditions of processing, including any restrictions or conditions on the processing of personal data authorized for dissemination to an unlimited number of persons.

5.8.3. The transfer (distribution, provision, access) of personal data authorized by the data subject for dissemination must be terminated at any time at the data subject’s request. This request must include the data subject's last name, first name, middle name (if available), contact information (phone number, email, or postal address), and a list of personal data for which processing is to be terminated. The personal data specified in the request may only be processed by the Operator to whom it was directed.

5.8.4. Consent for processing personal data authorized for dissemination terminates when the Operator receives the request specified in Section 5.8.3 of this Policy regarding personal data processing.

6. Principles of Personal Data Processing

6.1. Personal data processing is conducted on a lawful and fair basis.

6.2. Personal data processing is limited to achieving specific, pre-defined, and legitimate goals. Processing incompatible with the purposes of personal data collection is not permitted.

6.3. It is not permitted to merge databases containing personal data if their processing is conducted for incompatible purposes.

6.4. Only personal data that meets the purposes of processing is subject to processing.

6.5. The content and scope of personal data processed correspond to the stated processing purposes. Excessive personal data processing beyond the stated purposes is not allowed.

6.6. When processing personal data, accuracy, sufficiency, and, where necessary, relevance of personal data to the purposes of processing are ensured. The Operator takes necessary measures and/or ensures that incomplete or inaccurate data is removed or clarified.

6.7. Personal data is stored in a form that allows identifying the personal data subject for no longer than the purposes of personal data processing require, unless a longer storage period is established by federal law or an agreement where the personal data subject is a party, beneficiary, or guarantor. Processed personal data is destroyed or anonymized upon achieving the purposes of processing or if processing is no longer necessary, unless otherwise stipulated by federal law.

7. Purposes of Personal Data Processing

7.1. The purpose of processing the User’s personal data:

– informing the User through email communications.

7.2. The Operator also has the right to send the User notifications about new products and services, special offers, and various events. The User may opt out of receiving informational messages at any time by sending an email to order@ctrlservice.in with the subject "Unsubscribe from notifications about new products, services, and special offers."

7.3. Anonymized User data collected via internet analytics services is used to gather information on User actions on the website, improve the quality of the site, and enhance its content.

8. Legal Grounds for Processing Personal Data

8.1. The legal grounds for processing personal data by the Operator are:

the Operator's founding documents; 

federal laws and other regulatory acts on personal data protection; 

User consent for processing their personal data, including data authorized for dissemination.

8.2. The Operator processes the User's personal data only when the User voluntarily fills out and/or submits it through special forms on the website https://ctrlservice.in or by email to the Operator. By filling out these forms and/or submitting their personal data to the Operator, the User agrees to this Policy.

8.3. The Operator processes anonymized User data when the User's browser settings allow it (enabling the storage of cookies and JavaScript technology).

8.4. The personal data subject independently decides to provide their personal data and consents freely, voluntarily, and in their interest.

9. Conditions for Processing Personal Data

9.1. Personal data processing is conducted with the data subject’s consent.

9.2. Processing is necessary to achieve purposes provided by an international treaty or federal law, fulfilling the Operator’s legal functions, powers, and duties.

9.3. Processing is necessary for the administration of justice, execution of a judicial act, or act of another authority or official subject to enforcement per Russian legislation on enforcement proceedings.

9.4. Processing is required for fulfilling a contract in which the data subject is a party, beneficiary, or guarantor, or for the contract's conclusion at the data subject's initiative.

9.5. Processing is necessary for the Operator or third parties to exercise lawful rights or achieve socially significant objectives, provided it does not infringe on the data subject's rights and freedoms.

9.6. Processing of publicly accessible personal data provided by the data subject is conducted as necessary.

9.7. Processing of personal data is conducted in cases where publication or mandatory disclosure is required by federal law.

10. Procedures for Collecting, Storing, Transferring, and Other Types of Personal Data Processing

The security of personal data processed by the Operator is ensured through legal, organizational, and technical measures required to meet personal data protection legislation fully.

10.1. The Operator ensures the safety of personal data and takes all possible measures to prevent unauthorized access to it.

10.2. The User's personal data will never be transferred to third parties unless required by applicable legislation or if the data subject consents to such transfer for civil-law contract fulfillment.

10.3. In case of inaccuracies in personal data, the User may update it independently by notifying the Operator via email at zakaz@ctrlservice.in with the subject "Personal Data Update."

10.4. The duration of personal data processing is determined by the achievement of its collection purposes unless otherwise specified by a contract or applicable law. The User may revoke their consent for personal data processing by notifying the Operator via email at order@ctrlservice.in with the subject "Withdrawal of Consent for Personal Data Processing."

10.5. All information collected by third-party services, including payment systems, communication tools, and service providers, is stored and processed by them in accordance with their User Agreement and Privacy Policy. The personal data subject or User must independently and timely review these documents. The Operator is not responsible for the actions of third parties, including service providers.

10.6. Restrictions imposed by the personal data subject on the transfer (excluding access provision), processing, or conditions for processing personal data authorized for dissemination are not applicable in cases of state, public, or other public interest processing as defined by Russian law.

10.7. The Operator ensures the confidentiality of personal data during processing.

10.8. The Operator stores personal data in a form allowing the identification of the personal data subject for no longer than required by the purposes of processing unless a longer retention period is stipulated by federal law or an agreement.

10.9. Conditions for terminating personal data processing may include the achievement of processing goals, expiration of the data subject's consent, or a request for withdrawal of consent by the data subject, as well as identifying unlawful processing of personal data.

11. List of Actions Performed by the Operator with Received Personal Data

11.1. The Operator performs the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.

11.2. The Operator performs automated processing of personal data, including obtaining and/or transferring received information via telecommunication networks or without such means.

12. Cross-Border Transfer of Personal Data

12.1. Before conducting a cross-border transfer of personal data, the Operator must ensure that the foreign country where the transfer is intended provides reliable protection of personal data subjects' rights.

12.2. Cross-border transfer of personal data to countries that do not meet the above requirements can only occur with the data subject’s written consent or for contract fulfillment.

13. Confidentiality of Personal Data

The Operator and any persons granted access to personal data must not disclose or distribute personal data to third parties without the data subject's consent unless otherwise required by federal law.

14. Final Provisions

14.1. The User may request any clarifications on questions regarding the processing of their personal data by contacting the Operator via email at order@ctrlservice.in.

14.2. This document will reflect any changes in the Operator's personal data processing policy. The Policy remains effective indefinitely until replaced with a new version.

14.3. The current version of the Policy is freely available online at https://ctrlservice.in/privacy.