FRESHEXPO Privacy Policy regarding personal data protection POLICY REGARDING THE PROCESSING OF PERSONAL DATA Limited Trade Development «FRESHEXPO»
1. General Provisions and Terms
1.1. This document defines the policy of LIMITED TRADE DEVELOPMENT «FRESHEXPO» TIN 7718814390, registered address: 129164, Moscow, Yaroslavskaya St., 8, Bldg. 3, Room I, Floor 2, Rooms 32, 33, Office 218 (hereinafter – the «Company»), regarding the processing of personal data and the implementation of requirements for the protection of personal data (hereinafter – the «Policy») in accordance with the requirements of Article 18.1 of Federal Law № 152-FZ dated July 27, 2006 «On Personal Data.»
1.2. The following key terms are used in this Policy:
Personal data – any information relating directly or indirectly to an identified or identifiable individual (subject of personal data);
Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data;
Automated processing of personal data – processing of personal data using computer technology;
Distribution of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
Blocking of personal data – temporary suspension of the processing of personal data (except when processing is necessary to clarify personal data);
Destruction of personal data – actions resulting in the impossibility of restoring the content of personal data within the personal data information system and/or resulting in the destruction of the physical media containing personal data;
Depersonalization of personal data – actions resulting in the impossibility, without the use of additional information, of determining whether personal data belongs to a specific subject of personal data;
Personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing;
Subject of personal data – an individual to whom personal data directly or indirectly relates.
2. Principles of Personal Data Processing
2.1. The processing of personal data is carried out on a lawful and fair basis.
2.2. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. The processing of personal data that is incompatible with the purposes of data collection is not permitted.
2.3. It is not allowed to combine databases containing personal data if such data are processed for purposes that are incompatible with each other.
2.4. Only personal data that correspond to the purposes of their processing are subject to processing. The processing of personal data incompatible with the purposes of their collection is not permitted.
2.5. The content and volume of processed personal data must correspond to the declared purposes of processing and must not be excessive in relation to those purposes.
2.6. When processing personal data, their accuracy, sufficiency, and, where necessary, relevance in relation to the purposes of processing must be ensured. Necessary measures shall be taken to delete or clarify incomplete or inaccurate data.
2.7. Personal data shall be stored in a form that allows identifying the subject of personal data no longer than required by the purposes of their processing, unless a longer storage period is established by federal law, or by a contract to which the subject of personal data is a party, beneficiary, or guarantor.
2.8. Personal data being processed shall be destroyed upon the achievement of processing purposes or when the necessity to achieve these purposes is lost, unless otherwise provided by federal law.
2.9. When collecting personal data, including via the information and telecommunications network “Internet,” the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation shall be carried out using databases located within the territory of the Russian Federation.
2.10. The processing of personal data shall not be used to cause property and/or moral harm to personal data subjects or to hinder the exercise of their rights and freedoms.
3. Legal Grounds for the Processing of Personal Data
3.1. The processing of personal data by the Company is carried out in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, Article 53 of the Federal Law of the Russian Federation № 126-FZ dated July 7, 2003 “On Communications,” the Labor Code of the Russian Federation, Federal Law № 402-FZ dated December 6, 2011 “On Accounting,” Federal Law № 27-FZ dated April 1, 1996 “On Individual (Personalized) Record-Keeping in the System of Mandatory Pension Insurance,” Resolution of the Government of the Russian Federation № 1119 dated November 1, 2012 “On Approval of the Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems,” Resolution of the Government of the Russian Federation № 687 dated September 15, 2008 “On Approval of the Regulation on the Specifics of Processing Personal Data Without the Use of Automation Tools,” Federal Law № 31-FZ dated February 26, 1997 “On Mobilization Preparation and Mobilization in the Russian Federation,” Federal Law № 255-FZ dated December 29, 2006 “On Mandatory Social Insurance in Case of Temporary Disability and in Connection with Maternity,” Federal Law № 326-FZ dated November 29, 2010 “On Mandatory Health Insurance in the Russian Federation,” Federal Law № 178-FZ dated July 17, 1999 “On State Social Assistance,” Federal Law № 167-FZ dated December 15, 2001 “On Mandatory Pension Insurance in the Russian Federation,” Federal Law № 165-FZ dated July 16, 1999 “On the Fundamentals of Mandatory Social Insurance,” Federal Law № 125-FZ dated July 24, 1998 “On Mandatory Social Insurance Against Industrial Accidents and Occupational Diseases,” the Law of the Russian Federation № 4015-I dated November 27, 1992 “On the Organization of Insurance Business in the Russian Federation,” the Charter of the Company, and other regulatory legal acts in the field of personal data protection.
3.2. The grounds for processing are as follows:
3.2.1. Contracts concluded between the Company and the subject of personal data, as well as contracts in which the subject acts as a beneficiary or guarantor, and also contracts concluded at the initiative of the personal data subject or contracts under which the subject will act as a beneficiary or guarantor;
3.2.2. The consent of the personal data subject to the processing of personal data;
3.2.3. The protection of the rights and legitimate interests of the Company and third parties, or the achievement of socially significant objectives, provided that the rights and freedoms of the personal data subject are not violated;
3.2.4. The participation of the Company in constitutional, civil, administrative, or criminal proceedings, as well as in proceedings in arbitration courts;
3.2.5. The achievement of purposes provided for by an international treaty of the Russian Federation or by law, and the performance of functions, powers, and duties imposed on the Company by the legislation of the Russian Federation;
3.2.6. The processing of personal data is necessary for the execution of a judicial act or an act of another body or official that is subject to execution under the legislation of the Russian Federation on enforcement proceedings;
3.2.7. The processing of personal data is carried out for statistical purposes, provided that personal data are mandatorily depersonalized;
3.2.8. The processing of personal data that are subject to publication or mandatory disclosure in accordance with federal law.
4. Purposes and Categories of Personal Data Processing
4.1. The Company processes only those personal data that are necessary for the provision of services and the performance of its activities, as well as to ensure the rights and legitimate interests of third parties, provided that such processing does not violate the rights of the personal data subject. The purposes of processing personal data and the list of personal data processed by the Company are specified in Annex № 1 to this Policy.
4.2. The Company does not process special categories of personal data relating to racial or ethnic origin, political opinions, or religious beliefs, nor does it process biometric personal data. The processing of information concerning employees’ health is carried out solely in accordance with applicable legislation, including the Labor Code of the Russian Federation.
4.3. Information that characterizes the physiological and biological features of a person and on the basis of which an individual can be identified (biometric personal data), and which is used by the Company to establish the identity of a personal data subject, is not processed.
4.4. The processing of other categories of personal data is carried out by the Company under the following conditions:
- The processing of personal data is necessary to achieve purposes established by an international treaty of the Russian Federation or by law, or to exercise and perform the functions, powers, and duties imposed on the Company by the legislation of the Russian Federation;
- The processing of personal data is carried out with the consent of the personal data subject to the processing of their personal data;
- The processing of personal data is necessary for the execution of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for the conclusion of a contract initiated by the personal data subject or of a contract under which the subject will act as a beneficiary or guarantor;
- The processing of personal data is carried out in connection with the possible participation of an individual in constitutional, civil, administrative, or criminal proceedings, or in arbitration court proceedings;
- The processing of personal data is necessary for the execution of a judicial act, or an act of another authority or official that is subject to enforcement in accordance with the legislation of the Russian Federation on enforcement proceedings.;
- обработка персональных данных осуществляется с согласия субъекта персональных данных на обработку его персональных данных;
4.5. Any contract concluded with a personal data subject may not contain provisions that limit the rights and freedoms of the personal data subject, that establish cases for the processing of minors’ personal data unless otherwise provided by the legislation of the Russian Federation, or that allow inaction by the personal data subject as a condition for concluding the contract.
5. Conditions for Termination of Personal Data Processing
5.1. The grounds for the termination of personal data processing by the Company may include:
- The achievement of the purposes of personal data processing;
- The expiration of the validity period of the consent to the processing of personal data or of the contract with the personal data subject;
- The withdrawal by the personal data subject of their consent to the processing of personal data (in the absence of other legal grounds for processing);
- The identification of unlawful processing of personal data;
- The liquidation of the Company.
6. Conditions for the Processing of Personal Data
6.1. The processing of personal data of data subjects is carried out for the purpose of ensuring compliance with the laws and other regulatory legal acts of the Russian Federation, training of Company employees (personal data subjects), ensuring the personal safety of personal data subjects, monitoring the quantity and quality of work performed, and safeguarding the Company’s property.
6.2. The processing of personal data by the Company is carried out with the consent of the personal data subjects, both with and without the use of automation tools.
6.3. The Company does not provide or disclose information containing personal data of data subjects to third parties without the written consent of the personal data subject, except when necessary to prevent threats to life and health or in cases established by the legislation of the Russian Federation.
6.4. Upon a substantiated request from an authorized body, and solely within the framework of current legislation, personal data of a subject may be transferred without their consent to:
- judicial authorities in connection with the administration of justice;
- federal security authorities;
- the prosecutor’s office;
- police authorities;
- other bodies and organizations in cases established by regulatory legal acts or mandatory industry standards.
6.5. In cases where consent to the processing of personal data is obtained from a representative of the personal data subject, the Company verifies the authority of such representative to give consent on behalf of the subject.
6.6. If the personal data subject withdraws their consent to the processing of personal data, the Company is entitled to continue processing without consent if there are grounds provided by applicable legislation.
6.7. The publication (dissemination) of personal data to an unlimited number of persons, including on the Company’s website, may be carried out only based on a separate consent of the personal data subject prepared in accordance with statutory requirements. If data subjects establish additional conditions or restrictions for further processing, the Company shall communicate this information by publishing the relevant conditions or restrictions on the corresponding pages of the website where such data are disseminated.
6.8. The processing of personal data is carried out by the Company as well as by third parties engaged by the Company or to whom personal data are transferred for the purposes described above, in accordance with the laws of the Russian Federation. Such third parties may include, in particular:
- the Company’s contractors providing services related to the execution of contracts in which the data subject is a party or beneficiary, support services for information systems or payment systems, advertising and informational services, and other services acquired by the Company for the purposes mentioned above;
- other affiliated entities of the Company for the purposes of ensuring intra-group interaction.
6.9. The Company has the right to engage third parties in the processing of personal data and/or transfer the obtained data to them, as well as receive data from them, without additional consent of the subject, provided that such third parties ensure the confidentiality and security of personal data during processing. These third parties may process personal data with or without the use of automation tools and may perform any processing actions not contrary to Russian law. Such processing may be carried out only under a contract specifying the list of actions to be performed with personal data, the purposes of processing, and provisions ensuring data security, including obligations not to disclose or distribute personal data without the subject’s consent, unless otherwise provided by Russian law, and in compliance with Article 19 of the Federal Law “On Personal Data.”
6.10. The Company undertakes to take all necessary legal, organizational, and technical measures to protect received personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, or any other unlawful actions, and to comply with the principles and rules of data processing established by the Law on Personal Data and other relevant regulations.
6.11. Organization of Personal Data Storage:
6.11.1. The processing, including storage, of personal data by the Company is carried out no longer than required by the purposes of data processing.
6.11.2. Personal data are stored on physical (paper) media and in electronic form.
6.11.3. Access rights to specific personal data are granted only to employees who require such access to perform their official duties and who have the appropriate authorization in accordance with the Company’s internal regulations.
6.11.4. When organizing the storage of physical media containing personal data, conditions must ensure the preservation of such data and prevent unauthorized access.
6.11.5. Personal data may be stored for a period established by::
- a contract to which the personal data subject is a party, beneficiary, or guarantor;
- the consent of the personal data subject;
- applicable legislation of the Russian Federation;
- the Company’s internal regulations governing the procedure and terms for storing documents containing personal data.
6.11.6. The Company organizes the storage of personal data for the period established by archival legislation and other regulations governing data retention.
6.12. Upon achieving the purposes of processing personal data, expiration of consent, withdrawal of consent, identification of unlawful processing, or liquidation of the Company, personal data shall be destroyed if:
- otherwise not provided for by a contract to which the data subject is a party, beneficiary, or guarantor, or by Russian law;
- the Company has no right to continue processing without the subject’s consent under Federal Law № 152-FZ “On Personal Data” or other federal laws;
- otherwise not provided by another agreement between the Company and the personal data subject.
6.13. The destruction of documents containing personal data shall be carried out in a manner that prevents third parties from accessing or restoring the destroyed materials. Following the destruction, an act of destruction of personal data is drawn up, and a corresponding entry is made in the electronic log of the personal data information system in accordance with documentation requirements for personal data destruction.
7. Confidentiality of Personal Data
7.1. Information relating to personal data that becomes known in connection with the performance of employment relations, the execution of a civil law contract to which the personal data subject is a party, or the provision of services by the Company, is considered confidential information and is protected under the laws of the Russian Federation.
7.2. Persons who have gained access to processed personal data have signed a non-disclosure agreement regarding confidential information and have been informed of the possible disciplinary, administrative, civil, and criminal liability for violations of the provisions and requirements of the current legislation of the Russian Federation in the field of personal data protection.
7.3. Persons who have gained access to processed personal data are not entitled to disclose the personal data of a subject to third parties without the written consent of that subject, except in cases where disclosure is necessary to prevent a threat to the life or health of the personal data subject, or in other cases established by the legislation of the Russian Federation.
7.4. Persons who have access to personal data undertake not to disclose personal data for commercial purposes without the written consent of the personal data subject. The processing of personal data for the purpose of promoting goods, works, or services on the market through direct contact with potential consumers via communication channels is permitted only with the prior consent of the personal data subject.
8. Exercise of the Rights of Personal Data Subjects
8.1. A personal data subject has the right to obtain information concerning the processing of their personal data, including the following:
- confirmation of the fact that their personal data are being processed by the Company;
- legal grounds and purposes for personal data processing;
- purposes and methods of processing used by the Company;
- the name and location of the Company, as well as information about persons (excluding Company employees) who have access to personal data or to whom such data may be disclosed under a contract with the Company or pursuant to federal law;
- personal data being processed and relating to the respective subject, and the source of such data, unless a different procedure for providing such data is established by Federal Law № 152-FZ “On Personal Data” dated July 27, 2006, or other federal law;
- the duration of personal data processing, including storage periods;
- the procedure for the personal data subject to exercise their rights under the Law on Personal Data;
- the name or surname, first name, patronymic, and address of any person processing personal data on behalf of the Company, if such processing is or will be entrusted to another person;
- other information provided for by Federal Law № 152-FZ “On Personal Data” or other federal laws of the Russian Federation.
8.2. A personal data subject has the right to request that the Company clarify, block, or delete their personal data if such data are incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing, as well as to take other actions provided by law to protect their rights.
8.3. 8.3. A personal data subject has the right to withdraw consent to the processing of their personal data by submitting a corresponding request: by email to murashova@freshexpo.ru, provided the withdrawal is signed with a qualified electronic signature in accordance with Part 1, Article 6 of Federal Law № 63-FZ “On Electronic Signature” dated April 6, 2011; or by sending a written request by mail to the Company’s postal address: Russia, 129164, Moscow, Yaroslavskaya St., 8, Bldg. 3, Room I, Floor 2, Rooms 32, 33, Office 218.
8.4. Upon receiving a request from a personal data subject for information regarding the processing of personal data, the Company undertakes to provide such information free of charge and in an accessible form within the period established by law.
8.5. The Company shall block personal data during an internal review if it detects:
- unlawful processing of personal data;
- inaccurate personal data;
- inability to destroy personal data within the timeframe established by personal data legislation or internal regulations.;
8.6. The Company undertakes to cease processing and destroy personal data in the following cases:
- if it is impossible to ensure lawful processing of personal data;
- upon achieving the purposes of processing personal data;
- upon expiration or withdrawal of the personal data subject’s consent to processing;
- upon identification of unlawful processing of personal data;
- upon liquidation of the Company;
- upon expiration of the established processing period.
8.7. If a personal data subject believes that the Company is processing their personal data in violation of Federal Law № 152-FZ “On Personal Data” dated July 27, 2006, or otherwise infringing upon their rights and freedoms, the subject has the right to file a complaint against the actions or inaction of the Company to the authority for the protection of personal data subjects’ rights (Federal Service for Supervision of Communications, Information Technology and Mass Media — Roskomnadzor) or to a court of law.
8.8. A personal data subject has the right to protect their rights and legitimate interests, including the right to claim damages and/or compensation for moral harm through judicial proceedings.
8.9. For any questions or inquiries regarding the processing of personal data, a personal data subject may contact the Company by email at murashova@freshexpo.ru, or send a written inquiry to the postal address: Russia, 129164, Moscow, Yaroslavskaya St., 8, Bldg. 3, Room I, Floor 2, Rooms 32, 33, Office 218.
9. Measures Aimed at Ensuring the Company’s Compliance with the Obligations Established by Articles 18.1 and 19 of
Federal Law № 152-FZ of July 27, 2006 «On Personal Data»
9.1. The Company takes all legal, organizational, and technical measures prescribed by applicable regulatory legal acts to ensure the security of personal data when processed in the Company’s personal data information systems.
9.2. In processing personal data, the Company::
9.2.1. Appoints a person responsible for organizing the processing of personal data;
9.2.2. Adopts internal regulatory documents defining the policy and procedures for processing and protecting personal data;
9.2.3. Conducts regular internal planned and unplanned audits to monitor and ensure that personal data processing activities comply with applicable legislation;
9.2.4. Regularly assesses potential harm that could be caused to personal data subjects in the event of violations of their rights or of legal requirements;
9.2.5. Establishes procedures for access to information resources and maintains a record of the positions of employees whose access to personal data—processed both with and without the use of automation tools—is required for the performance of their official (employment) duties;
9.2.6. In cases prescribed by the legislation of the Russian Federation, applies information security tools that have undergone the required conformity assessment within the framework of the personal data protection system. The commissioning of new information systems is permitted only after the completion of procedures assessing the effectiveness of implemented personal data protection measures;
9.2.7. Maintains records of the categories and lists of personal data processed by the Company, the categories of data subjects whose data are processed, and the periods and procedures for storing and destroying such data;
9.2.8. Maintains an inventory of personal data storage media and of the Company’s information systems in which personal data are processed;
9.2.9. Determines the required level of security for personal data processed in the Company’s information systems and identifies potential security threats to personal data during processing.
9.3. As part of the personal data protection system, the Company implements the following measures:
9.3.1. Physical security of premises containing technical equipment for personal data information systems;
9.3.2. Equipping Company premises with lockable doors;
9.3.3. Use of necessary software and hardware-based protection tools, including access control and user activity logging systems, antivirus protection, backup systems, and firewalls;
9.3.4. Organizational measures to ensure personal data security, including the establishment of access control rules, and the logging and monitoring of all actions performed with personal data.
9.4. When processing personal data without the use of automation tools, the Company complies with the requirements established by the Resolution of the Government of the Russian Federation № 687 of September 15, 2008, “On Approval of the Regulation on the Specifics of Processing Personal Data Carried Out Without the Use of Automation Tools.”
9.5. The Company ensures that employees directly engaged in personal data processing are familiarized with the provisions of the legislation of the Russian Federation on personal data (including the requirements for personal data protection) and with the Company’s internal regulations on personal data processing. The Company provides regular training for its employees and informs them of current legislative requirements.
9.6. The Company bears responsibility, in accordance with the legislation of the Russian Federation, for any breach of its obligations regarding the security and confidentiality of personal data during their processing.
10. Liability
Employees and officials of the Company who have access to personal data bear liability for failure to comply with the requirements of the regulations governing the processing and protection of personal data, in accordance with the applicable legislation of the Russian Federation and the Company’s internal regulatory documents.
11. Related Policies
No related policies.
|
Annex № 1 to the Policy on the Processing of Personal Data of |
|
|
Purpose 1 |
Personnel and Accounting Record Management |
|
Categories of personal data |
Surname, name, patronymic; year, month, and date of birth; place of birth; marital, social, and property status; income; gender; email address; residential and registration address; phone number; SNILS (insurance number); TIN; citizenship; ID document details; driver’s license details; identity document details for use outside the Russian Federation; birth certificate details; bank card details; account number; personal account number; profession; position; employment details (including work experience and current employment information with organization name and account number); military registration details; education details. |
|
Data subject |
Employees; job applicants; employees’ relatives; former employees; contractors; contractor representatives; clients; contract beneficiaries; legal representatives. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 2 |
Compliance with Labor Legislation of the Russian Federation |
|
Categories of personal data |
Full name, birth data, marital status, gender, email, addresses, phone number, SNILS, TIN, citizenship, ID details, profession, position, employment data, military records, health data, education, academic degree and title, qualification documents, personnel number, employment contract terms, salary amount, awards, social benefits, total and company-specific work experience, information on leave entitlements. |
|
Data subject |
Employees; employees’ relatives; former employees; contract beneficiaries. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 3 |
Compliance with Tax Legislation of the Russian Federation |
|
Categories of personal data |
Full name, date and place of birth, marital status, income, gender, email, addresses, phone number, SNILS, TIN, citizenship, ID data, bank details, profession, position, employment data. |
|
Data subject |
Employees; employees’ relatives; former employees; contractors; contractor representatives; clients; legal representatives; contract beneficiaries. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 4 |
Compliance with Pension Legislation of the Russian Federation |
|
Categories of personal data |
Full name, date and place of birth, marital status, income, gender, email, addresses, phone number, SNILS, TIN, citizenship, ID data, bank details, profession, position, employment data. |
|
Data subject |
Employees; employees’ relatives; former employees; legal representatives. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 5 |
Ensuring compliance with the insurance legislation of the Russian Federation |
|
Categories of personal data |
Full name, birth data, gender, SNILS, TIN, ID details, profession, position, employment and health data (including medical leave certificates, causes and duration of incapacity). |
|
Data subject |
Employees; employees’ relatives; former employees; legal representatives. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 6 |
Preparation, Conclusion, and Execution of Civil Law Contracts |
|
Categories of personal data |
Full name, birth data, gender, email, registration address, phone number, SNILS, TIN, citizenship, ID data, profession, position, employment and banking details. |
|
Data subject |
Contractors; contractor representatives; clients; contract beneficiaries. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 7 |
Recruitment of Applicants for Vacant Positions |
|
Categories of personal data |
Full name, birth data, contact details, ID details, profession, position, employment and education data. |
|
Data subject |
Job applicants. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 8 |
Ensuring Continuous Operation of the Official Website and Collection of User Statistics |
|
Categories of personal data |
Data collected via analytics tools, including: visited web pages, browser data, IP address, geolocation, software and hardware specifications, access time, cookies. |
|
Data subject |
Website visitors. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 9 |
Promotion of Goods, Works, and Services on the Market (Website) |
|
Categories of personal data |
Full name, email address, phone number. |
|
Data subject |
Employees; clients; website visitors. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |
|
Purpose 10 |
Ensuring Participation in Judicial Proceedings and Execution of Judicial and Administrative Acts |
|
Categories of personal data |
Full name, date and place of birth, marital status, income, gender, contact details, SNILS, TIN, citizenship, ID and birth certificate details, banking data, profession, position, employment data, military registration, education data. |
|
Data subject |
Employees; employees’ relatives; former employees; contractors; contractor representatives; clients. |
|
Processing actions |
Collection; recording; systematization; accumulation; storage; clarification (updating, modification); retrieval; use; transfer (provision, access); blocking; deletion; destruction. |
|
Processing and storage period |
Until the purpose of processing is achieved or until the consent/withdrawal of consent of the personal data subject expires, unless otherwise required by law. |
|
Processing methods |
Mixed, including transmission via the Company’s internal network and via the Internet. |
|
Destruction procedure |
As defined in Clause 6.12 of this Policy. |