1. Generalities
1.1. This Policy regarding the processing of personal data
(hereinafter – the Policy) is made in accordance with paragraph 2 of article 18.1 of the Federal law "On personal data" No. 152 - FZ of 27 July 2006, as well as other normative legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter – data), which the Organization (hereinafter – the Operator, the company) may obtain from the data subject, who has a civil contract, from the Internet user (hereinafter referred to – The user) during the use of any of the sites, services, services, programs, products or services of SP Kolmakov Alexey Nikolaevich, as well as from the subject of personal data, consisting with the Operator in a relationship,
regulated by labor legislation (hereinafter-the Employee).
1.2. The operator ensures the protection of personal data processed
from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal law of July 27, 2006 No. 152-FZ "on personal data".
1.3. The operator has the right to make changes to this Policy. By
when changes are made, the policy header indicates the date of the last change.
revision updates. The new version of the Policy shall enter into force from the moment of its
placement on the site, unless otherwise provided by the new version of the Policy.
2. Terms and abbreviations accepted
Personal data – any information relating to directly or indirectly
indirectly defined or identifiable natural person (entity
personal data.)
Processing of personal data – any action (operation) or
a set of actions (operations) performed with the use of funds
automation or without the use of such means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer
(distribution, provision, access), depersonalization, blocking,
deletion, destruction of personal data.
Automated processing of personal data-processing
personal data by means of computer technology.
Information system of personal data – ISPD) - a set of
personal data contained in databases and providing them
processing of information technologies and technical means.
Personal data made publicly available by the subject
personal data – personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data-temporary termination of processing
personal data (except if processing is necessary to clarify personal data).
Destruction of personal data-actions resulting in
it becomes impossible to restore the content of personal data in the
information system of personal data and (or) as a result of which
material carriers of personal data are destroyed.
Operator – organization, independently or jointly with other persons
organizing the processing of personal data, as well as defining the objectives
processing of personal data to be processed, actions (operations) performed with personal data. The operator is
SP Kolmakov Alexey Nikolaevich.
3. Personal data processing
3.1. Obtaining personal data.
3.1.1. All personal data should be obtained from the subject. If
personal data of the subject can be obtained only from a third party, then
the subject must be notified of this or received from it
consent.
3.1.2. The operator must inform the subject of the intended purposes
sources and methods of obtaining personal data, the nature of the personal data to be received, the list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
- copying of original documents (passport, education document,
TIN certificate, pension certificate, etc.);
- entering information into accounting forms;
- obtaining the originals of the necessary documents (work book,
medical report, characteristics, etc.).
3.2. Personal data processing.
3.2.1. Processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his personal data
data's;
–in cases where the processing of personal data is necessary for
implementation and performance of the functions assigned by the legislation of the Russian Federation,
powers and responsibilities;
- in cases where personal data is processed, access
an unlimited number of persons to whom the subject of personal data
data or at his request (hereinafter
- personal data made publicly available by the subject of personal data).
3.2.2. Purposes of personal data processing:
- implementation of labor relations;
–implementation of civil-legal relations;
–to communicate with the user, in connection with filling out the feedback form
on the site, including sending notifications, requests and information,
regarding the use of the store site, processing, approval
orders and their delivery, execution of agreements and contracts;
- depersonalization of personal data to obtain depersonalized
statistical data which are transferred to the third party for carrying out
research, performance of works or provision of services on behalf of
shop's.
3.2.3. Categories of personal data subjects.
Personal data of the following subjects are processed:
data's:
- individuals who are in labor relations with the Company;
- individuals who have resigned from the Society;
- individuals who are candidates for employment;
- individuals who are in civil relations with the Company;
- individuals who are Users of the Store Website.
3.2.4. Personal data processed by the Operator:
- data obtained during the implementation of labor relations;
- data obtained for the selection of candidates for work;
- data obtained in the implementation of civil relations;
- data received From users of the Store's Website.
3.2.5. Processing of personal data is conducted:
- using automation tools;
- without the use of automation.
3.3. Storage of personal data.
3.3.1. Personal data of subjects can be obtained by passing
further processing and transferred to storage both on paper and in electronic form.
3.3.2. Personal data recorded on paper,
stored in locked cabinets or in locked rooms with limited access.
3.3.3. Personal data of subjects processed
using automation tools for different purposes, stored in different folders.
3.3.4. Storage and placement of documents containing
personal data, in open electronic directories (file-sharing) in ISPD.
3.3.5. Storage of personal data in a form that allows you to determine
the personal data subject is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. Destruction of documents (media) containing personal data
data is produced by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For destruction of paper documents application of a shredder is allowed.
3.4.2. Personal data on electronic media are destroyed by
erase or format media.
3.4.3. The fact of destruction of personal data is confirmed
documented act of destruction carriers.
3.5. Transfer of personal data.
3.5.1. The operator transfers personal data to third parties in the following cases
cases:
"the subject has consented to such action;
- transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by the legislation.
3.5.2. List of persons to whom personal data are transferred.
- Pension Fund of the Russian Federation for accounting (legally);
- tax authorities of the Russian Federation (legally);
- Social insurance Fund of the Russian Federation (legally);
- territorial Fund of compulsory medical insurance (on
legal ground);
- medical insurance organizations on compulsory and voluntary
health insurance (legally);
- banks for payroll (on the basis of the contract);
- bodies of the Ministry of internal Affairs of Russia in cases established by the legislation;
–anonymised personal data of Users of the Internet site
store are transferred to the counterparties of the Store.
4. Personal data protection
4.1. In accordance with the requirements of regulatory documents.
the system of personal data protection (NWPD) consisting of subsystems of legal, organizational and technical protection is created.
4.2. Subsystem of legal protection is a set of legal,
organizational, administrative and regulatory documents that ensure the creation, operation and improvement of NWPD.
4.3. The subsystem of organizational protection includes the organization
management structure of NWPD, licensing system, information protection when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a complex of technical,
software, hardware and software providing protection
personal data.
4.4. The main personal data protection measures used
Operator, are:
4.5.1. Appointment of the person responsible for the processing of personal data,
which carries out the organization of processing of personal data, training and instructing, internal control over observance by institution and its employees of requirements to protection of personal data.
4.5.2. Identification of current threats to personal data security
in their processing in ISPD and development of measures and measures for protection
personal data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishment of rules for access to personal data processed in the ISPD, as well as ensuring registration and accounting of all actions performed with personal data in the ISPD.
4.5.5. Establishment of individual access passwords for employees in
information system in accordance with their production
duties.
4.5.6. Application of the evaluation procedure which has passed in accordance with the established procedure
compliance of information security means.
4.5.7. Certified antivirus software with
regularly updated databases.
4.5.8. Compliance with the conditions ensuring the safety of personal data
data and exclude unauthorized access to them.
4.5.9. Detection of unauthorized access to personal data
monitoring and action.
4.5.10. Recovery of personal data modified or
destroyed due to unauthorized access to them.
4.5.11. Training of the operator's employees directly engaged In
processing of personal data, the provisions of the legislation of the Russian Federation on
personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.
4.5.12. Implementation of internal control and audit.
5. Basic rights of the personal data subject and obligations
Operator's
5.1. Basic rights of the personal data subject.
The subject has the right to access his personal data and the following
reductions:
- confirmation of the fact of personal data processing by the Operator;
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by the Operator
data's;
- name and location of the Operator, information about persons (except
except for the Operator's employees) who have access to
personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of Federal law;
- terms of processing of personal data, including terms of their storage;
- procedure for the exercise of rights by the subject of personal data,
provided by Federal law;
- name or surname, name, patronymic and address of the person,
processing personal data on behalf of the Operator,
if processing is or will be entrusted to such person;
- contacting the Operator and sending him requests;
- appeal against actions or omissions of the Operator.
5.2. Duties Of The Operator.
The operator must:
- when collecting personal data, provide information about the processing
personal data;
–in cases where personal data were not received from the subject
personal data, notify the subject;
- in case of refusal to provide personal data to the subject explained
consequences of such refusal;
- publish or otherwise provide unrestricted access to
to the document defining its policy regarding the processing of personal data, to the information on the implemented requirements for the protection of personal data;
- take the necessary legal, organizational and technical measures
or ensure that they are adopted to protect personal data from
unauthorized or accidental access, destruction, alteration,
blocking, copying, provision, distribution of personal data
data, as well as from other illegal actions in respect of personal data
data's;
- to respond to requests and requests of personal data subjects,
their representatives and the authorized body for the protection of the rights of subjects
personal data.
1.1. This Policy regarding the processing of personal data
(hereinafter – the Policy) is made in accordance with paragraph 2 of article 18.1 of the Federal law "On personal data" No. 152 - FZ of 27 July 2006, as well as other normative legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter – data), which the Organization (hereinafter – the Operator, the company) may obtain from the data subject, who has a civil contract, from the Internet user (hereinafter referred to – The user) during the use of any of the sites, services, services, programs, products or services of SP Kolmakov Alexey Nikolaevich, as well as from the subject of personal data, consisting with the Operator in a relationship,
regulated by labor legislation (hereinafter-the Employee).
1.2. The operator ensures the protection of personal data processed
from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal law of July 27, 2006 No. 152-FZ "on personal data".
1.3. The operator has the right to make changes to this Policy. By
when changes are made, the policy header indicates the date of the last change.
revision updates. The new version of the Policy shall enter into force from the moment of its
placement on the site, unless otherwise provided by the new version of the Policy.
2. Terms and abbreviations accepted
Personal data – any information relating to directly or indirectly
indirectly defined or identifiable natural person (entity
personal data.)
Processing of personal data – any action (operation) or
a set of actions (operations) performed with the use of funds
automation or without the use of such means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer
(distribution, provision, access), depersonalization, blocking,
deletion, destruction of personal data.
Automated processing of personal data-processing
personal data by means of computer technology.
Information system of personal data – ISPD) - a set of
personal data contained in databases and providing them
processing of information technologies and technical means.
Personal data made publicly available by the subject
personal data – personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data-temporary termination of processing
personal data (except if processing is necessary to clarify personal data).
Destruction of personal data-actions resulting in
it becomes impossible to restore the content of personal data in the
information system of personal data and (or) as a result of which
material carriers of personal data are destroyed.
Operator – organization, independently or jointly with other persons
organizing the processing of personal data, as well as defining the objectives
processing of personal data to be processed, actions (operations) performed with personal data. The operator is
SP Kolmakov Alexey Nikolaevich.
3. Personal data processing
3.1. Obtaining personal data.
3.1.1. All personal data should be obtained from the subject. If
personal data of the subject can be obtained only from a third party, then
the subject must be notified of this or received from it
consent.
3.1.2. The operator must inform the subject of the intended purposes
sources and methods of obtaining personal data, the nature of the personal data to be received, the list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
- copying of original documents (passport, education document,
TIN certificate, pension certificate, etc.);
- entering information into accounting forms;
- obtaining the originals of the necessary documents (work book,
medical report, characteristics, etc.).
3.2. Personal data processing.
3.2.1. Processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his personal data
data's;
–in cases where the processing of personal data is necessary for
implementation and performance of the functions assigned by the legislation of the Russian Federation,
powers and responsibilities;
- in cases where personal data is processed, access
an unlimited number of persons to whom the subject of personal data
data or at his request (hereinafter
- personal data made publicly available by the subject of personal data).
3.2.2. Purposes of personal data processing:
- implementation of labor relations;
–implementation of civil-legal relations;
–to communicate with the user, in connection with filling out the feedback form
on the site, including sending notifications, requests and information,
regarding the use of the store site, processing, approval
orders and their delivery, execution of agreements and contracts;
- depersonalization of personal data to obtain depersonalized
statistical data which are transferred to the third party for carrying out
research, performance of works or provision of services on behalf of
shop's.
3.2.3. Categories of personal data subjects.
Personal data of the following subjects are processed:
data's:
- individuals who are in labor relations with the Company;
- individuals who have resigned from the Society;
- individuals who are candidates for employment;
- individuals who are in civil relations with the Company;
- individuals who are Users of the Store Website.
3.2.4. Personal data processed by the Operator:
- data obtained during the implementation of labor relations;
- data obtained for the selection of candidates for work;
- data obtained in the implementation of civil relations;
- data received From users of the Store's Website.
3.2.5. Processing of personal data is conducted:
- using automation tools;
- without the use of automation.
3.3. Storage of personal data.
3.3.1. Personal data of subjects can be obtained by passing
further processing and transferred to storage both on paper and in electronic form.
3.3.2. Personal data recorded on paper,
stored in locked cabinets or in locked rooms with limited access.
3.3.3. Personal data of subjects processed
using automation tools for different purposes, stored in different folders.
3.3.4. Storage and placement of documents containing
personal data, in open electronic directories (file-sharing) in ISPD.
3.3.5. Storage of personal data in a form that allows you to determine
the personal data subject is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. Destruction of documents (media) containing personal data
data is produced by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For destruction of paper documents application of a shredder is allowed.
3.4.2. Personal data on electronic media are destroyed by
erase or format media.
3.4.3. The fact of destruction of personal data is confirmed
documented act of destruction carriers.
3.5. Transfer of personal data.
3.5.1. The operator transfers personal data to third parties in the following cases
cases:
"the subject has consented to such action;
- transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by the legislation.
3.5.2. List of persons to whom personal data are transferred.
- Pension Fund of the Russian Federation for accounting (legally);
- tax authorities of the Russian Federation (legally);
- Social insurance Fund of the Russian Federation (legally);
- territorial Fund of compulsory medical insurance (on
legal ground);
- medical insurance organizations on compulsory and voluntary
health insurance (legally);
- banks for payroll (on the basis of the contract);
- bodies of the Ministry of internal Affairs of Russia in cases established by the legislation;
–anonymised personal data of Users of the Internet site
store are transferred to the counterparties of the Store.
4. Personal data protection
4.1. In accordance with the requirements of regulatory documents.
the system of personal data protection (NWPD) consisting of subsystems of legal, organizational and technical protection is created.
4.2. Subsystem of legal protection is a set of legal,
organizational, administrative and regulatory documents that ensure the creation, operation and improvement of NWPD.
4.3. The subsystem of organizational protection includes the organization
management structure of NWPD, licensing system, information protection when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a complex of technical,
software, hardware and software providing protection
personal data.
4.4. The main personal data protection measures used
Operator, are:
4.5.1. Appointment of the person responsible for the processing of personal data,
which carries out the organization of processing of personal data, training and instructing, internal control over observance by institution and its employees of requirements to protection of personal data.
4.5.2. Identification of current threats to personal data security
in their processing in ISPD and development of measures and measures for protection
personal data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishment of rules for access to personal data processed in the ISPD, as well as ensuring registration and accounting of all actions performed with personal data in the ISPD.
4.5.5. Establishment of individual access passwords for employees in
information system in accordance with their production
duties.
4.5.6. Application of the evaluation procedure which has passed in accordance with the established procedure
compliance of information security means.
4.5.7. Certified antivirus software with
regularly updated databases.
4.5.8. Compliance with the conditions ensuring the safety of personal data
data and exclude unauthorized access to them.
4.5.9. Detection of unauthorized access to personal data
monitoring and action.
4.5.10. Recovery of personal data modified or
destroyed due to unauthorized access to them.
4.5.11. Training of the operator's employees directly engaged In
processing of personal data, the provisions of the legislation of the Russian Federation on
personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.
4.5.12. Implementation of internal control and audit.
5. Basic rights of the personal data subject and obligations
Operator's
5.1. Basic rights of the personal data subject.
The subject has the right to access his personal data and the following
reductions:
- confirmation of the fact of personal data processing by the Operator;
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by the Operator
data's;
- name and location of the Operator, information about persons (except
except for the Operator's employees) who have access to
personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of Federal law;
- terms of processing of personal data, including terms of their storage;
- procedure for the exercise of rights by the subject of personal data,
provided by Federal law;
- name or surname, name, patronymic and address of the person,
processing personal data on behalf of the Operator,
if processing is or will be entrusted to such person;
- contacting the Operator and sending him requests;
- appeal against actions or omissions of the Operator.
5.2. Duties Of The Operator.
The operator must:
- when collecting personal data, provide information about the processing
personal data;
–in cases where personal data were not received from the subject
personal data, notify the subject;
- in case of refusal to provide personal data to the subject explained
consequences of such refusal;
- publish or otherwise provide unrestricted access to
to the document defining its policy regarding the processing of personal data, to the information on the implemented requirements for the protection of personal data;
- take the necessary legal, organizational and technical measures
or ensure that they are adopted to protect personal data from
unauthorized or accidental access, destruction, alteration,
blocking, copying, provision, distribution of personal data
data, as well as from other illegal actions in respect of personal data
data's;
- to respond to requests and requests of personal data subjects,
their representatives and the authorized body for the protection of the rights of subjects
personal data.
