Ensuring the confidentiality and security of personal data processing in the Company is one of the priority tasks of the organization.
For these purposes, the Company has put into effect a set of organizational and administrative documentation that is mandatory for all employees who are allowed to process personal data.
Processing, storage and ensuring the confidentiality and security of personal data is carried out in accordance with the current legislation of the Russian Federation in the field of personal data protection, and in accordance with the local acts of the Company.
This Policy defines the principles, procedure and conditions for processing personal data of the Company's employees and consumers of the Company's services, whose personal data is processed by the organization, in order to ensure the protection of human and civil rights and freedoms when processing his personal data, including the protection of the rights to privacy, personal and family secrets, and also establishes the responsibility of Company officials who have access to personal data for non-compliance with the requirements of the norms regulating the processing and protection of personal data.
This Policy regarding the processing of personal data in the Company (hereinafter referred to as the Policy) has been developed in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
1. The concept and composition of personal data
The list of personal data subject to protection in the Company is determined by the following regulatory acts of the Russian Federation:
- Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
- Federal Law No. 197-FZ of December 30, 2001 "The Labor Code of the Russian Federation";
- Federal Law No. 402-FZ of December 06, 2001 "On Accounting";
- The Tax Code of the Russian Federation;
- The Civil Code of the Russian Federation;
- Federal Law No. 27-FZ of April 01, 1996 "On Individual (personalized) accounting in the mandatory pension insurance system";
- The Labor Code of the Russian Federation and other regulatory legal acts.
The information constituting personal data in the Company is any information related directly or indirectly to a specific or identifiable individual (the subject of personal data).
2. Purposes of personal data processing The
Company processes personal data for the following purposes:
- organization of personnel accounting of the company;
- ensuring compliance with laws and other regulatory legal acts;
- conducting personnel records management;
- compliance with the requirements of tax legislation in connection with the calculation and payment of personal income tax, as well as the unified social tax, pension legislation in the formation and presentation of personalized data on each recipient of income taken into account when calculating insurance premiums for mandatory pension insurance and security;
- filling in the primary statistical documentation, in accordance with the Labor Code of the Russian Federation, the Tax Code of the Russian Federation, federal laws, in particular: "On individual (personalized) accounting in the mandatory pension insurance system", "On personal data" and other regulatory legal acts;
- fulfillment of contractual obligations, including warranty service for consumers of the Company's services;
- other activities in accordance with the Company's Charter, the current legislation of the Russian Federation.
3. Terms of processing of personal data
The terms of personal data processing are determined in accordance with the validity period of the contract (agreement) with the subject of personal data, the Order of the Ministry of Culture of the Russian Federation No. 558 dated 25.08.2010 "On approval of the "List of standard administrative archival documents formed in the course of the activities of state bodies, local self-government bodies and organizations, indicating the retention periods", the statute of limitations, as well as other requirements of the legislation of the Russian Federation.
The Company creates and stores documents containing information about the subjects of personal data. The requirements for the use of these standard forms of documents in the Company are established by the Decree of the Government of the Russian Federation No. 687 dated 15.09.2008 "On approval of the Regulations on the specifics of personal data processing carried out without the use of automation tools".
4. Rights and obligations
The company as an operator of personal data has the right to:
- to defend their interests in court;
- to provide the personal data of the subjects to third parties, if this is provided for by the current legislation (tax, law enforcement agencies, etc.) or the agreement of the personal data subject;
- refuse to provide personal data in cases stipulated by the current legislation;
- use the personal data of the subject without his consent, in cases provided for by law.
The subject of personal data has the right to:
- to demand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights;
- request a list of your personal data processed by the Company and the source of their receipt;
- receive information about the terms of processing your personal data, including the terms of their storage;
- to demand notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made in them;
- appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or omissions in the processing of their personal data.
5. Principles and conditions
of personal data processing The Company processes personal data on the basis of compliance with the principles:
- legality of the purposes and methods of processing personal data;
- compliance of the purposes of personal data processing with the goals defined in advance and declared when collecting personal data;
- compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data;
- the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
- the inadmissibility of combining databases containing personal data created for incompatible purposes;
- storing personal data in a form that allows you to determine the subject of personal data, no longer than the purposes of their processing require;
- destruction upon achievement of the purposes of personal data processing or in case of loss of the need to achieve them.
The refusal of the consumer of the Company's services to provide consent to the processing of his personal data entails the impossibility of achieving the processing goals.
6. Ensuring the security of personal data
The Company takes the necessary organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions.
In order to coordinate actions to ensure the security of personal data, the Company has appointed a person responsible for organizing the protection of personal data.
7. Final provisions
This Policy is intended for posting in the Company's public information resources.
This Policy is subject to change, addition in the event of new legislative acts and special regulatory documents on the processing and protection of personal data, but at least once every three years.
The control of compliance with the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data of the Company.
The responsibility of the Company's officials who have access to personal data for non-compliance with the requirements of the norms governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and internal documents of the Company.