Privacy Policy

1. General provisions


1.1. This Policy regarding the processing of personal data (hereinafter –
The Policy) is compiled in accordance with paragraph 2 of Article 18.1 of the Federal
Law "On Personal Data" No. 152-FZ of July 27, 2006, as well as other
regulatory legal acts of the Russian Federation in the field
of personal data protection and processing and applies to all personal
data (hereinafter referred to as data) that the Organization (hereinafter referred to as The operator, the Company)
may receive from the subject of personal data, which is a party to
a civil contract, from an Internet user (hereinafter referred to as –
The User) while using any of the sites, services, services,
programs, products or services of IP Truntsev Yan Alexandrovich, as well as from
a personal data subject who is in a relationship with the Operator regulated
by labor legislation (hereinafter referred to as the Employee).

 

1.2. The Operator ensures the protection of the processed personal data from
unauthorized access and disclosure, misuse
or loss in accordance with the requirements of the Federal Law of July 27
2006 No. 152-FZ "On Personal data".

 

1.3. The Operator has the right to make changes to this Policy. When making
changes, the date of the last revision update is indicated in the Policy header. The new version of the Policy comes into force from the moment it is posted
on the website, unless otherwise provided by the new version of the Policy.

 

2. Terms and accepted abbreviations


2.1. Personal data – any information relating directly or
indirectly to a specific or identifiable individual (subject
of personal data).

2.2. Personal data processing – any action (operation) or
set of actions (operations) performed with
or without the use of automation tools with personal data,
including collection, recording, systematization, accumulation, storage, clarification
(updating, modification), extraction, use, transfer
(distribution, provision, access), depersonalization, blocking,
deletion, destruction of personal data.

2.3. Automated processing of personal data – processing
of personal data using computer technology.

2.4. Personal Data Information System (ISPS) is a set
of personal data contained in databases
and information technologies and technical means that ensure their processing.

2.5. Personal data made publicly available by the subject
of personal data – personal data, unlimited access
persons to whom the subject of personal data is provided or at his
request.

2.6. Blocking of personal data – temporary termination of processing
of personal data (except in cases where processing is necessary to
clarify personal data).

 

2.7. Destruction of personal data – actions as a result of which
it becomes impossible to restore the content of personal data in
the personal data information system and (or) as a result of which
the material carriers of personal data are destroyed.

 

2.8. Operator is an organization that independently or jointly with other persons
organizes the processing of personal data, as well as determines the purposes
of processing personal data to be processed, actions (operations)
performed with personal data. The operator is IP Truntsev Yan

Alexandrovich, located at: 140170, Russia, Moscow region,

village of Zhiroshkino, 110.

 

3. Processing of personal data


3.1. Receiving personal data
3.1.1. All personal data should be obtained from the subject himself. If
the subject's personal data can only be obtained from a third party, then
the subject must be notified of this or consent must be obtained from him.
3.1.2. The operator must inform the subject about the purposes, intended sources
and methods of obtaining personal data, the nature
of the personal data to be obtained, the list of actions with personal data, the period
during which the consent is valid and the procedure for its withdrawal, as well as about
the consequences of the subject's refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
– copying the original documents (passport, education document,
TIN certificate, pension certificate, etc.);
– entering information into accounting forms;
– obtaining the originals of the necessary documents (work record,
medical report, characteristics, etc.).

3.2. Processing of personal data
3.2.1. Processing of personal data is carried out:
– with the consent of the personal data subject to the processing of his personal
data;
– in cases where the processing of personal data is necessary for
the implementation and fulfillment of the functions,
powers and duties assigned by the legislation of the Russian Federation;
– in cases when personal data is processed, access
to an unlimited number of persons to which is provided by the subject of personal
data or at his request (hereinafter referred to as personal data made
publicly available by the subject of personal data).
3.2.2. Purposes of personal data processing:
– implementation of labor relations;
– implementation of civil law relations;
– to contact the user, in connection with filling out the feedback form on
the site, including sending notifications, requests and information
regarding the use of the site IP Truntsev Yan Alexandrovich, processing, approval
of orders for services / work, execution of agreements and contracts;
– depersonalization of personal data in order to obtain depersonalized
statistical data that is transferred to a third party for conducting
research, performing work or providing services on behalf of the Company.
3.2.3. Categories of personal data subjects.
Personal data of the following personal
data subjects are processed:
– individuals who are in labor relations with the Company;
– individuals who have resigned from the Company;
– individuals who are candidates for a job;
– individuals who are in civil law
relations with the Company;
– individuals who are Users of the Company's Website.
3.2.4. Personal data processed by the Operator:
– data obtained during the implementation of labor relations;
– data obtained for the selection of candidates for work;
– data obtained during the implementation of civil law relations;
– data received from Users of the Company's Website.
3.2.5. Personal data processing is carried out:
– using automation tools;
– without using automation tools.

3.3. Storage of personal data
3.3.1. Personal data of subjects can be obtained,
further processed and transferred to storage both on paper
and in electronic form.
3.3.2. Personal data recorded on paper media
are stored in lockable cabinets or in lockable rooms with limited
access rights.
3.3.3. Personal data of subjects processed using
automation tools for different purposes are stored in different folders.
3.3.4. It is not allowed to store and place documents containing
personal data in open electronic directories (file sharing sites) in
the ISPD.
3.3.5. The storage of personal data in a form that allows to identify
the subject of personal data is carried out no longer than
the purposes of their processing require, and they are subject to destruction upon achievement
of the processing goals or in case of loss of the need to achieve them.

3.4. Destruction of personal data
3.4.1. The destruction of documents (carriers) containing personal data
is carried out by burning, crushing (crushing), chemical
decomposition, transformation into a shapeless mass or powder. For
the destruction of paper documents, the use of a shredder is allowed.
3.4.2. Personal data on electronic media is destroyed by
erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented
by the act of destruction of media.

3.5. Transfer of personal data
3.5.1. The Operator transfers personal data to third parties in the following
cases:
– the subject has expressed his consent to such actions;
– the transfer is provided for by Russian or other applicable
legislation within the framework of the procedure established by law.
3.5.2. The list of persons to whom personal data is transferred.
– Pension Fund of the Russian Federation for accounting (legally);
– tax authorities of the Russian Federation (legally);
– Social Insurance Fund of the Russian Federation (legally);
– Territorial compulsory medical Insurance Fund (
legally);
– insurance medical organizations for compulsory and voluntary
medical insurance (legally);
– banks for payroll (based on the contract);
– bodies of the Ministry of Internal Affairs of Russia in cases established by law.

 

4. Personal data protection


4.1. In accordance with the requirements of regulatory documents, the Operator
has created a personal data protection system (NWPD) consisting of subsystems
of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a complex of legal,
organizational, administrative and regulatory documents that ensure
the creation, functioning and improvement of the NWPD.
4.3. The subsystem of organizational protection includes the organization
of the management structure of the NWPD, the licensing system, information protection
when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a complex of technical,
software, hardware and software tools that ensure the protection
of personal data.
4.5. The main personal data protection measures used
The operator, are:
4.5.1. Appointment of a person responsible for the processing of personal data,
who organizes the processing of personal data, training
and instruction, internal control over the compliance of the institution and its
employees with the requirements for the protection of personal data.
4.5.2. Identification of current threats to the security of personal data during their
processing in the ISPD and development of measures and measures to protect personal
data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishment of rules for access to personal data processed in
ISPD, as well as ensuring registration and accounting of all actions performed with
personal data in ISPD.
4.5.5. Establishment of individual passwords for employees' access to the
information system in accordance with their work
responsibilities.
4.5.6. The use
of information security tools that have passed the compliance assessment procedure in accordance with the established procedure.
4.5.7. Certified antivirus software with regularly
updated databases.
4.5.8. Compliance with the conditions that ensure the safety of personal data
and exclude unauthorized access to them.
4.5.9. Detection of unauthorized access to personal
data and taking measures.
4.5.10. Recovery of personal data modified or
destroyed due to unauthorized access to them.
4.5.11. Training of the Operator's employees directly engaged
in the processing of personal data on the provisions of the legislation of the Russian Federation on
personal data, including requirements for the protection of personal data,
documents defining the Operator's policy regarding the processing
of personal data, local acts on the processing of personal
data.
4.5.12. Implementation of internal control and audit.

 

5. Basic rights of the subject of personal data and obligations of the Operator


5.1. Basic rights of the subject of personal data The subject has the right to
access his personal data and the following information:
– confirmation of the fact of personal data processing by the Operator;
– legal grounds and purposes of personal data processing;
– purposes and methods of personal data processing used by the Operator;
– name and location of the Operator, information about persons (
except employees
Operator) who have access to personal data or who can
personal data may be disclosed on the basis of an agreement with the Operator or
on the basis of federal law;
– terms of processing of personal data, including the terms of their storage;
– the procedure for the exercise by the subject of personal data of the rights
provided for by Federal Law;
– the name or surname, first name, patronymic and address of the person
processing personal data on behalf of the Operator, if processing
is or will be entrusted to such a person;
– contacting the Operator and sending him requests;
– appeal against the actions or omissions of the Operator.

5.2. Obligations of the Operator
The operator is obliged to:
– when collecting personal data, provide information about the processing
of personal data;
– in cases where personal data was not received from the subject
of personal data, notify the subject;
– in case of refusal to provide personal data to the subject
, the consequences of such refusal are explained;
– to publish or otherwise provide unrestricted access to
the document defining its policy regarding the processing of personal
data, to information about the implemented requirements for the protection of personal
data;
– take the necessary legal, organizational and technical measures or
ensure their adoption to protect personal data from unauthorized
or accidental access to them, destruction, modification, blocking,
copying, provision, dissemination of personal data, as well
as from other illegal actions with respect to personal data;
– provide answers to requests and requests of personal data subjects, their
representatives and the authorized body for the protection of the rights of
personal data subjects.