1. GENERAL PROVISIONS
1.1. Concepts used in this policy.
- Personal Data shall mean any information pertaining to the individual (personal data subject) identified or identifiable directly or indirectly (hereinafter referred to as the PD)
- Cookies shall mean a small piece of text transmitted to the browser from a website, sent by a web server and stored on the user’s computer, tablet, or smartphone without changes or any processing, which the web client (web browser) sends to the web server when accessing the relevant website as part of an HTTP request, to authenticate the user, store personal preferences and user settings, track the state of the user’s access session, and store statistical information about the user.
- Personal Data Operator shall mean TekhAtomStroy LLC (hereinafter referred to as the Company, Operator) independently or jointly with other persons organizing and/or carrying out the personal data processing, as well as determining the purposes of personal data processing, the composition of personal data for processing, actions (operations) performed with personal data.
- Website shall mean the official website of the Operator https://techatomstroy.ru/.
- Personal Data Processing shall mean any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
- Automated Personal Data Processing shall mean computer-assisted personal data processing.
- Personal Data Dissemination shall mean actions aimed at the disclosure of personal data to general public.
- Personal Data Provision shall mean actions aimed at the disclosure of personal data to a certain person or a certain group of persons.
- Personal Data Blocking shall mean the temporary termination of personal data processing (except in cases where the processing is necessary to clarify personal data).
- Personal Data Destruction shall mean actions which results in impossibility of restoring the content of personal data in the personal data information system and/or as a result of which the tangible media with personal data are destroyed.
- Personal Data Anonymization shall mean actions resulting in the impossibility of attributing personal data to a specific personal data subject without additional information.
- Personal Data Information System shall mean aggregation of personal data contained in the personal data databases and the IT technologies and technical means ensuring personal data processing.
- Cross-Border Personal Data Transfer shall mean transfer of personal data to a foreign jurisdiction, to an authority therein, to a foreign individual or to a foreign legal entity.
- Operator’s Website User (the User) shall mean a person who has access to the Website via the Internet and using the Operator’s Website.
- IP Address shall mean a unique network address of a node in a computer network built using IP protocol.
1.2. This Personal Data Processing Policy of TekhAtomStroy LLC (hereinafter referred to as the Policy) has been developed in compliance with the requirements of Para. 2 Part 1 Art. 18.1 of Federal Law on Personal Data No. 152-ФЗ dated 27.07.2006 (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights and freedoms of a person and citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets, in particular for the purpose of protection against unauthorized access and illegal dissemination of personal data processed in the Company’s information systems.
1.2. The Policy shall apply to all personal data processed by the Company.
1.3. The Policy shall apply to relationships in the field of personal data processing that arose for the Company both before and after the approval hereof.
1.4. The Policy shall apply to all personal data processed by the Company with or without the use of automation tools.
1.5. The Policy shall be published in the public domain on the Operator’s website on the Internet information and telecommunications network.
1.6. Fundamental Rights and Obligations of the Operator
1.6.1. The Operator may:
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance therewith, unless otherwise provided for by the Personal Data Law or other federal laws.
- assign the personal data processing to other person with the consent of the personal data subject unless otherwise provided for by the federal law, on the grounds of an agreement concluded with this person. The person processing personal data on behalf of the Operator shall comply with the principles and rules for personal data processing provided for by the Personal Data Law, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Personal Data Law;
- in case the personal data subject withdraws the consent to the personal data processing, the Operator may continue the personal data processing without the consent of the personal data subject if there are grounds specified in the Personal Data Law;
1.7.2. The Operator shall:
- not disclose to third parties or disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.
- manage the personal data processing in accordance with the requirements of the Personal Data Law.
- notify the competent authority responsible for the protection of rights of personal data subjects (Roskomnadzor) of its intention to process personal data, except for cases provided for by the Personal Data Law.
- appoint a person responsible for managing the personal data processing in the Company.
- respond to inquiries and requests of personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law.
- at the request of Roskomnadzor, provide the necessary information within the term set forth by the Personal Data Law.
- cease personal data processing or ensure that the ceasing of the unlawful personal data processing by a person acting on behalf of the Operator in the event of detection of unlawful personal data processing within a period of no more than three business days from the date of such detection, and also in the event of an inquiry of a personal data subject requesting to cease personal data processing, within a period not exceeding ten business days from the date of receiving the request.
- immediately cease, at the request of the personal data subject, the processing of their personal data if it is carried out for the purpose of promoting goods, works, services on the market by making direct contacts with a potential consumer using communication tools.
- destroy personal data or ensure such data destruction if it is impossible to ensure the legality of the personal data processing, within a period not exceeding ten business days from the date of detecting the illegal personal data processing.
- provide the personal data subject, at their request, with information concerning their personal data processing.
1.8. Principal Rights of Personal Data Subjects.
1.8.1. A personal data subject may:
- receive information regarding the processing of their personal data, except for cases provided for by federal laws.
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- give preliminary consent to the personal data processing for the purpose of promoting goods, works and services on the market.
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- appeal to Roskomnadzor or court against the illegal acts or omissions of the Operator when processing their personal data.
1.9. Compliance with the requirements of this Policy shall be monitored by the person responsible for managing the personal data processing by the Operator.
2. Purposes of Personal Data Processing
2.1. The personal data processing shall be limited to the achievement of specific, predetermined and legitimate purposes. No personal data processing incompatible with the purposes of collecting personal data shall be allowed.
2.2. The Operator shall process personal data for the following purposes:
- compliance with laws and other regulatory legal acts of the Russian Federation, statutory documents of the Company, local regulations of the Company, contracts, agreements of the Company;
- personnel management (accounting, tax, military records; registration and hiring; making management and personnel decisions, assisting in training and career advancement; monitoring the performance of labor functions; consideration and resolution of labor disputes; calculation of wages and other settlements with employees; completion and submission of required reporting forms to competent authorities, arranging the individual (personalized) registration of employees in the compulsory pension insurance and compulsory social insurance systems);
- ensuring the security of the Company’s activities (ensuring the safety of property; ensuring access control to the Operator’s territory);
- preparation, execution and implementation of civil law contracts with customers/counterparties/beneficiaries of the Company;
- use of cookies to ensure the functioning and security of the website, improving the quality of the customer care, products and services provided, as well as the formation of individual proposals; ensuring the operation of the website;
- provision of consulting and information services, customer support to customers/prospective customers/beneficiaries under contracts;
- promotion of goods, works and services by the Company;
- participation in civil, administrative proceedings, proceedings in arbitration courts, proceedings on cases of administrative offenses;
- enforcement of a court ruling, a ruling of another authority or official, enforceable in accordance with the legislation of the Russian Federation;
- creation of accounts, organization of electronic document management and remote work;
- compliance with the requirements of corporate legislation, inter alia, maintaining a list of the Company members, notifying the Company members, preparing and drawing up the minutes of the Company members’ meetings/resolution of the sole member;
- processing of applications/feedback forms from website users to receive goods/services from the Company;
- fulfillment of warranty obligations under equity participation/real estate purchase and sale agreements;
- use of the digital platform by the Company for business management, employee collaboration, personnel management and process automation.
3. Legal Grounds for Personal Data Processing
3.1. The legal grounds for personal data processing are:
3.1.1. A set of regulatory legal acts, in pursuance of and in accordance with which the Operator processes personal data, including:
the Constitution of the Russian Federation;
the Civil Code of the Russian Federation;
the Labor Code of the Russian Federation;
the Tax Code of the Russian Federation;
Federal Law on Limited Liability Companies No. 14-ФЗ dated 08.02.1998;
Federal Law on Accounting No. 402-ФЗ dated 06.12.2011;
Federal Law on Compulsory Pension Insurance in the Russian Federation No. 167-ФЗ dated 15.12.2001;
other regulatory legal acts governing relations pertaining to the activities of the Operator.
3.1.2. consent of the personal data subject to their personal data processing;
3.1.3. implementation and performance of the functions, powers and duties imposed on the Operator by the legislation of the Russian Federation;
3.1.4. participation in constitutional, civil, administrative, criminal proceedings, and proceedings in arbitration courts;
3.1.5. enforcement of a court ruling, a ruling of another authority or official, enforceable in accordance with the legislation of the Russian Federation on enforcement proceedings;
3.1.6. fulfillment of an agreement to which the personal data subject is a party, beneficiary or guarantor, as well as for executing an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
3.1.7. Articles of Association of the Company.
4. CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS
4.1. The Operator will process personal data of the following personal data subjects:
4.1.1. individuals who are customers of the Operator, visitors of the Operator’s website on the Internet, representatives of counterparties, customers, beneficiaries under contracts;
4.1.2. individuals who are representatives or members of the Operator’s counterparties;
4.1.3. employees, former (dismissed) employees, candidates for vacant positions of the Operator (hereinafter referred to as applicants) and their relatives;
4.2. The Operator will process the following personal data received from the Operator’s website visitors:
- last name, first name, patronymic;
- e-mail address;
- telephone numbers;
- year, month, date and place of birth;
- IP address;
- cookies;
- information about the user’s device and the browser used;
- information about interaction with the Operator’s website and services (source of transition to the website, viewed pages, interaction with objects and pages, session parameters, data on the time of visit, etc.).
4.3. Personal data of candidates for vacant positions of the Operator, processed by the Operator:
- last name, first name, patronymic;
- gender;
- nationality;
- date and place of birth;
- telephone number;
- e-mail address;
- information on education, work experience, qualifications;
- image (photograph);
- other personal data provided by candidates in their CVs and cover letters.
4.4. Personal data of employees, former (dismissed) employees of the Operator, processed by the Operator
- last name, first name, patronymic;
- gender;
- nationality;
- date and place of birth;
- image (photograph);
- passport details;
- address of registration at the place of residence;
- actual address of residence;
- telephone number;
- e-mail address;
- taxpayer identification number;
- individual insurance account number (SNILS);
- information on education, qualifications, professional training and advanced training;
- marital status, presence of children, family ties, family composition;
- information on work activities, including the presence of incentives, awards and/or disciplinary sanctions;
- marriage registration data;
- information on military registration;
- information on disability;
- information on the withholding of alimony;
- information about income from the previous place of work;
- settlement account number;
- driver’s license details;
- details of the compulsory medical insurance policy;
- details of the certificate of state registration of civil status acts;
- other personal data provided by employees in accordance with the requirements of labor legislation.
4.5. Personal data of family members of the Operator’s employees processed by the Operator:
- last name, first name, patronymic;
- degree of kinship;
- year of birth;
- other personal data provided by employees in accordance with the requirements of labor legislation.
4.6. Personal data of customers, counterparties of the Operator (individuals), processed by the Operator:
- last name, first name, patronymic;
- date and place of birth;
- passport details;
- address of registration at the place of residence;
- telephone number;
- e-mail address;
- position applied for;
- taxpayer identification number;
- settlement account number;
- SNILS;
- nationality;
- bank card details;
- other personal data provided by customers and counterparties (individuals) necessary for the execution and implementation of contracts.
4.7. Personal data of representatives (employees) of customers and counterparties of the Operator (legal entities):
- last name, first name, patronymic;
- passport details;
- telephone numbers;
- e-mail addresses;
- position applied for;
- other personal data provided by representatives (employees) of customers and counterparties, necessary for the execution and implementation of civil law contracts.
1.1. Concepts used in this policy.
- Personal Data shall mean any information pertaining to the individual (personal data subject) identified or identifiable directly or indirectly (hereinafter referred to as the PD)
- Cookies shall mean a small piece of text transmitted to the browser from a website, sent by a web server and stored on the user’s computer, tablet, or smartphone without changes or any processing, which the web client (web browser) sends to the web server when accessing the relevant website as part of an HTTP request, to authenticate the user, store personal preferences and user settings, track the state of the user’s access session, and store statistical information about the user.
- Personal Data Operator shall mean TekhAtomStroy LLC (hereinafter referred to as the Company, Operator) independently or jointly with other persons organizing and/or carrying out the personal data processing, as well as determining the purposes of personal data processing, the composition of personal data for processing, actions (operations) performed with personal data.
- Website shall mean the official website of the Operator https://techatomstroy.ru/.
- Personal Data Processing shall mean any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.
- Automated Personal Data Processing shall mean computer-assisted personal data processing.
- Personal Data Dissemination shall mean actions aimed at the disclosure of personal data to general public.
- Personal Data Provision shall mean actions aimed at the disclosure of personal data to a certain person or a certain group of persons.
- Personal Data Blocking shall mean the temporary termination of personal data processing (except in cases where the processing is necessary to clarify personal data).
- Personal Data Destruction shall mean actions which results in impossibility of restoring the content of personal data in the personal data information system and/or as a result of which the tangible media with personal data are destroyed.
- Personal Data Anonymization shall mean actions resulting in the impossibility of attributing personal data to a specific personal data subject without additional information.
- Personal Data Information System shall mean aggregation of personal data contained in the personal data databases and the IT technologies and technical means ensuring personal data processing.
- Cross-Border Personal Data Transfer shall mean transfer of personal data to a foreign jurisdiction, to an authority therein, to a foreign individual or to a foreign legal entity.
- Operator’s Website User (the User) shall mean a person who has access to the Website via the Internet and using the Operator’s Website.
- IP Address shall mean a unique network address of a node in a computer network built using IP protocol.
1.2. This Personal Data Processing Policy of TekhAtomStroy LLC (hereinafter referred to as the Policy) has been developed in compliance with the requirements of Para. 2 Part 1 Art. 18.1 of Federal Law on Personal Data No. 152-ФЗ dated 27.07.2006 (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights and freedoms of a person and citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets, in particular for the purpose of protection against unauthorized access and illegal dissemination of personal data processed in the Company’s information systems.
1.2. The Policy shall apply to all personal data processed by the Company.
1.3. The Policy shall apply to relationships in the field of personal data processing that arose for the Company both before and after the approval hereof.
1.4. The Policy shall apply to all personal data processed by the Company with or without the use of automation tools.
1.5. The Policy shall be published in the public domain on the Operator’s website on the Internet information and telecommunications network.
1.6. Fundamental Rights and Obligations of the Operator
1.6.1. The Operator may:
- independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance therewith, unless otherwise provided for by the Personal Data Law or other federal laws.
- assign the personal data processing to other person with the consent of the personal data subject unless otherwise provided for by the federal law, on the grounds of an agreement concluded with this person. The person processing personal data on behalf of the Operator shall comply with the principles and rules for personal data processing provided for by the Personal Data Law, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Personal Data Law;
- in case the personal data subject withdraws the consent to the personal data processing, the Operator may continue the personal data processing without the consent of the personal data subject if there are grounds specified in the Personal Data Law;
1.7.2. The Operator shall:
- not disclose to third parties or disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.
- manage the personal data processing in accordance with the requirements of the Personal Data Law.
- notify the competent authority responsible for the protection of rights of personal data subjects (Roskomnadzor) of its intention to process personal data, except for cases provided for by the Personal Data Law.
- appoint a person responsible for managing the personal data processing in the Company.
- respond to inquiries and requests of personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law.
- at the request of Roskomnadzor, provide the necessary information within the term set forth by the Personal Data Law.
- cease personal data processing or ensure that the ceasing of the unlawful personal data processing by a person acting on behalf of the Operator in the event of detection of unlawful personal data processing within a period of no more than three business days from the date of such detection, and also in the event of an inquiry of a personal data subject requesting to cease personal data processing, within a period not exceeding ten business days from the date of receiving the request.
- immediately cease, at the request of the personal data subject, the processing of their personal data if it is carried out for the purpose of promoting goods, works, services on the market by making direct contacts with a potential consumer using communication tools.
- destroy personal data or ensure such data destruction if it is impossible to ensure the legality of the personal data processing, within a period not exceeding ten business days from the date of detecting the illegal personal data processing.
- provide the personal data subject, at their request, with information concerning their personal data processing.
1.8. Principal Rights of Personal Data Subjects.
1.8.1. A personal data subject may:
- receive information regarding the processing of their personal data, except for cases provided for by federal laws.
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- give preliminary consent to the personal data processing for the purpose of promoting goods, works and services on the market.
- require the operator to clarify their personal data, block or destroy the same if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights;
- appeal to Roskomnadzor or court against the illegal acts or omissions of the Operator when processing their personal data.
1.9. Compliance with the requirements of this Policy shall be monitored by the person responsible for managing the personal data processing by the Operator.
2. Purposes of Personal Data Processing
2.1. The personal data processing shall be limited to the achievement of specific, predetermined and legitimate purposes. No personal data processing incompatible with the purposes of collecting personal data shall be allowed.
2.2. The Operator shall process personal data for the following purposes:
- compliance with laws and other regulatory legal acts of the Russian Federation, statutory documents of the Company, local regulations of the Company, contracts, agreements of the Company;
- personnel management (accounting, tax, military records; registration and hiring; making management and personnel decisions, assisting in training and career advancement; monitoring the performance of labor functions; consideration and resolution of labor disputes; calculation of wages and other settlements with employees; completion and submission of required reporting forms to competent authorities, arranging the individual (personalized) registration of employees in the compulsory pension insurance and compulsory social insurance systems);
- ensuring the security of the Company’s activities (ensuring the safety of property; ensuring access control to the Operator’s territory);
- preparation, execution and implementation of civil law contracts with customers/counterparties/beneficiaries of the Company;
- use of cookies to ensure the functioning and security of the website, improving the quality of the customer care, products and services provided, as well as the formation of individual proposals; ensuring the operation of the website;
- provision of consulting and information services, customer support to customers/prospective customers/beneficiaries under contracts;
- promotion of goods, works and services by the Company;
- participation in civil, administrative proceedings, proceedings in arbitration courts, proceedings on cases of administrative offenses;
- enforcement of a court ruling, a ruling of another authority or official, enforceable in accordance with the legislation of the Russian Federation;
- creation of accounts, organization of electronic document management and remote work;
- compliance with the requirements of corporate legislation, inter alia, maintaining a list of the Company members, notifying the Company members, preparing and drawing up the minutes of the Company members’ meetings/resolution of the sole member;
- processing of applications/feedback forms from website users to receive goods/services from the Company;
- fulfillment of warranty obligations under equity participation/real estate purchase and sale agreements;
- use of the digital platform by the Company for business management, employee collaboration, personnel management and process automation.
3. Legal Grounds for Personal Data Processing
3.1. The legal grounds for personal data processing are:
3.1.1. A set of regulatory legal acts, in pursuance of and in accordance with which the Operator processes personal data, including:
the Constitution of the Russian Federation;
the Civil Code of the Russian Federation;
the Labor Code of the Russian Federation;
the Tax Code of the Russian Federation;
Federal Law on Limited Liability Companies No. 14-ФЗ dated 08.02.1998;
Federal Law on Accounting No. 402-ФЗ dated 06.12.2011;
Federal Law on Compulsory Pension Insurance in the Russian Federation No. 167-ФЗ dated 15.12.2001;
other regulatory legal acts governing relations pertaining to the activities of the Operator.
3.1.2. consent of the personal data subject to their personal data processing;
3.1.3. implementation and performance of the functions, powers and duties imposed on the Operator by the legislation of the Russian Federation;
3.1.4. participation in constitutional, civil, administrative, criminal proceedings, and proceedings in arbitration courts;
3.1.5. enforcement of a court ruling, a ruling of another authority or official, enforceable in accordance with the legislation of the Russian Federation on enforcement proceedings;
3.1.6. fulfillment of an agreement to which the personal data subject is a party, beneficiary or guarantor, as well as for executing an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
3.1.7. Articles of Association of the Company.
4. CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS
4.1. The Operator will process personal data of the following personal data subjects:
4.1.1. individuals who are customers of the Operator, visitors of the Operator’s website on the Internet, representatives of counterparties, customers, beneficiaries under contracts;
4.1.2. individuals who are representatives or members of the Operator’s counterparties;
4.1.3. employees, former (dismissed) employees, candidates for vacant positions of the Operator (hereinafter referred to as applicants) and their relatives;
4.2. The Operator will process the following personal data received from the Operator’s website visitors:
- last name, first name, patronymic;
- e-mail address;
- telephone numbers;
- year, month, date and place of birth;
- IP address;
- cookies;
- information about the user’s device and the browser used;
- information about interaction with the Operator’s website and services (source of transition to the website, viewed pages, interaction with objects and pages, session parameters, data on the time of visit, etc.).
4.3. Personal data of candidates for vacant positions of the Operator, processed by the Operator:
- last name, first name, patronymic;
- gender;
- nationality;
- date and place of birth;
- telephone number;
- e-mail address;
- information on education, work experience, qualifications;
- image (photograph);
- other personal data provided by candidates in their CVs and cover letters.
4.4. Personal data of employees, former (dismissed) employees of the Operator, processed by the Operator
- last name, first name, patronymic;
- gender;
- nationality;
- date and place of birth;
- image (photograph);
- passport details;
- address of registration at the place of residence;
- actual address of residence;
- telephone number;
- e-mail address;
- taxpayer identification number;
- individual insurance account number (SNILS);
- information on education, qualifications, professional training and advanced training;
- marital status, presence of children, family ties, family composition;
- information on work activities, including the presence of incentives, awards and/or disciplinary sanctions;
- marriage registration data;
- information on military registration;
- information on disability;
- information on the withholding of alimony;
- information about income from the previous place of work;
- settlement account number;
- driver’s license details;
- details of the compulsory medical insurance policy;
- details of the certificate of state registration of civil status acts;
- other personal data provided by employees in accordance with the requirements of labor legislation.
4.5. Personal data of family members of the Operator’s employees processed by the Operator:
- last name, first name, patronymic;
- degree of kinship;
- year of birth;
- other personal data provided by employees in accordance with the requirements of labor legislation.
4.6. Personal data of customers, counterparties of the Operator (individuals), processed by the Operator:
- last name, first name, patronymic;
- date and place of birth;
- passport details;
- address of registration at the place of residence;
- telephone number;
- e-mail address;
- position applied for;
- taxpayer identification number;
- settlement account number;
- SNILS;
- nationality;
- bank card details;
- other personal data provided by customers and counterparties (individuals) necessary for the execution and implementation of contracts.
4.7. Personal data of representatives (employees) of customers and counterparties of the Operator (legal entities):
- last name, first name, patronymic;
- passport details;
- telephone numbers;
- e-mail addresses;
- position applied for;
- other personal data provided by representatives (employees) of customers and counterparties, necessary for the execution and implementation of civil law contracts.
5. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING
5.1. The personal data of a personal data subject shall be processed for the period necessary for the purposes specified in the Policy, by any legal means, inter alia, in the personal data information system, with or without the use of automation tools.
5.2. The content and scope of personal data processed shall be determined by the processing purposes, as set out in Section 2 of the Policy, and specified in the consent of the personal data subject to the personal data processing, except for cases where the personal data may be processed without obtaining such consent.
5.3. By providing their personal data to the Operator, the personal data subject acknowledges that they have read the Policy and agree that the Operator shall have the right to process personal data, namely, agree to the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction, including the right to transfer personal data to third parties, in particular, contractors servicing the Operator’s website or the Operator’s mobile application, credit institutions, other legal entities and individuals providing the Operator with marketing and other services, including for the purpose of giving tours and holding other events.
5.4. The Operator may transfer personal data of a personal data subject to inquiry and investigation authorities and other authorized agencies on the grounds and in the manner prescribed by the applicable law of the Russian Federation.
5.5. The personal data processing shall be carried out as follows:
5.5.1. obtaining originals and copies of documents provided by the personal data subject;
5.5.2. accumulation of personal data when keeping personnel records;
5.5.3. receiving information containing personal data orally, in writing, by mail, e-mail, telephone message, or by telephone directly from the personal data subject;
5.5.4. obtaining personal data from publicly available sources;
5.5.5. registration of personal data in logs, books, registers, and other accounting forms;
5.5.6. entering personal data into the Company’s information systems;
5.5.7. use of other means and methods of registering personal data received by the Company in the course of its activities.
5.6. The Company shall have the right to entrust the personal data processing to any other person under an agreement concluded with that person. The person processing personal data on behalf of the Company shall comply with the principles and rules for personal data processing, requirements for the protection of processed personal data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of obligations stipulated by the Personal Data Law. The actual composition of third parties engaged by the Company for the personal data processing shall be determined in accordance with the provisions of the Russian Federation legislation, agreements between the Company and personal data subject, consent(s) of the personal data subject to the personal data processing, agreements between the Company and the counterparty that is the personal data operator.
5.7. The Operator shall not process biometric personal data of personal data subjects and shall not carry out cross-border transfer of personal data.
5.8. Without the written consent of the personal data subject, the Company shall not disclose to third parties or disseminate personal data, unless otherwise provided by the Federal Law. Consent to the personal data processing permitted for dissemination by the personal data subject shall be issued separately from other consents of the personal data subject to the processing of their personal data.
The requirements for the content of consent to the personal data processing permitted by the personal data subject for dissemination are approved by Order of Roskomnadzor No. 18 dated 24.02.2021.
5.9. In order to protect personal data in the Company, the following persons shall be approved by orders of the General Director:
appointment of an employee responsible for managing the personal data processing;
consent form for the personal data processing, consent form for the personal data processing permitted by the personal data subject for dissemination;
other local regulations adopted in accordance with the requirements of personal data legislation.
5.10. Employees who hold positions that imply the personal data processing shall be allowed to do so after signing a non-disclosure agreement.
5.11. The Company shall use certified antivirus software with regularly updated databases.
5.12. The job descriptions of the Company’s employees who process personal data shall include, in particular, provisions on the need to report any cases of unauthorized access to personal data.
5.13. The Company has defined storage locations for physical (including machine-readable) personal data carriers, ensuring the record-keeping and safety of personal data carriers, eliminating unauthorized access to personal data carriers, as well as separate storage of personal data (physical carriers), which is processed for various purposes.
5.14. By filling out and submitting to the Operator the form (feedback, hereinafter referred to as the form), in which personal data is entered on the Operator’s website, the personal data subject confirms that they:
indicate reliable information about themselves, all other information is provided by the personal data subject at their own discretion;
have read the Policy and agree that the Operator has the right to process personal data, including transferring personal data to third parties;
recognize the legal force of electronic letters/documents sent by the Operator by e-mail;
solely have the right and ability to access the e-mail account and/or mobile radiotelephone device with the address and/or number specified in the form. This access is carried out by the personal data subject using a password, which is confidential.
5.15. The Operator shall take measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance therewith.
5.16. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal acts in relation to personal data.
5.17. The security of personal data in the Company shall be achieved through:
1) identifying the threats to the security of Personal Data during processing via personal data information systems;
2) applying organizational and technical measures to ensure personal data security during processing via personal data information systems to comply with the personal data protection requirements that ensure the personal data protection levels established by the Government of the Russian Federation;
3) applying information protection means that have passed the conformity assessment procedure in the prescribed manner;
4) assessing the effectiveness of efforts made to ensure the security of personal data before commissioning the personal data information system;
5) accounting for the media carrying personal data;
6) detecting instances of unauthorized access to personal data and making efforts, including to detect, prevent, and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents therein;
7) recovering the personal data modified or destroyed due to unauthorized access thereto;
8) establishing rules of access to the personal data processed via the personal data information system as well as ensuring recording and accounting of all actions performed with personal data via the personal data information system;
9) controlling the efforts made to ensure personal data security and the level of security of personal data information systems;
5.18. The Operator has set up periodic inspections for the purpose of implementing internal control over the compliance of personal data processing with the Personal Data Law and regulatory legal acts adopted in pursuance thereof.
5.19. The Operator has assessed the harm that may be caused to personal data subjects in the event of a violation of the Personal Data Law.
5.20. Cookie Policy
5.20.1. The following types of cookies may be used on the Company’s websites:
5.20.2. technical: strictly necessary for the correct operation and display of the website on the user’s device;
5.20.3. statistical (analytical): allowing the Company to count the number of visits to the website, individual pages of the website and other statistics;
5.20.4. functional: facilitating the use of the website by remembering the user’s preferences (language, location, password, etc.);
5.20.5. advertising: allowing the website to display advertisements that may be of interest to the user;
5.20.6. other – cookies not listed in this list.
5.20.7. The storage period of cookies may vary depending on their type, but in any case it shall be limited to the period necessary to achieve the purpose of using a particular cookie.
5.20.8. The Company shall not use cookies for:
5.20.9. direct or indirect determination of personal data subjects using technical information or other data;
5.20.10. comparison, combining (linking) information from cookies with other available information.
5.20.11. When the user first accesses the website, they shall be informed about the processing of cookies. They shall be requested to express their consent to such processing or to refuse by changing their browser settings.
5.21. The Operator shall keep personal data in a form that allows the identification of the personal data subject for no longer than is required by the purposes of personal data processing, unless the information storage period is stipulated by the Federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. Processed information shall be subject to destruction or anonymization upon achievement of the processing purposes or in the event of loss of the need to achieve these purposes, unless otherwise provided by law.
5.22. When collecting personal data, inter alia, through the Internet information and telecommunications network, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of nationals of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Personal Data Law.
5.23. Personal data in a hard-copy form shall be stored in the Company for the periods of storage of documents for which these periods are stipulated by the legislation on archival activities in the Russian Federation (Federal Law on Archival Activities in the Russian Federation No. 125-ФЗ dated 22.10.2004, List of Standard Management Archival Documents Generated in the Course of Activities of State Authorities, Local Governments and Organizations, Indicating Their Retention Periods, approved by Order of Rosarchive No. 236 dated 20.12.2019).
6. DELETION, DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
6.1. In order to observe the rights and legitimate interests of personal data subjects, the Company shall receive and process their requests and inquiries, as well as monitor the support of such reception and processing.
6.2. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Personal Data Law, shall be provided by the Operator to the personal data subject or their representative within 10 business days from the date of the request or receiving the request from the personal data subject or their representative. This period may be extended, however no more than by five business days. To this end, the Operator shall send the personal data subject a reasoned notice indicating the grounds for extending the term for providing the requested information.
6.3. The information provided shall not include personal data pertaining to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.
6.4. The request of the personal data subject may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation and shall contain:
• the number of the main document certifying the identity of the personal data subject or his/her representative, information on the date of issue of the specified document and the issuing authority;
• information confirming the participation of the personal data subject in relations with the Operator (contract number, contract date, conventional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator.
6.5. The Operator shall provide the information specified in the Personal Data Law to the personal data subject or their representative in the form in which the relevant request or inquiry has been sent, unless otherwise specified in the request or inquiry.
6.6. If the personal data subject’s request (inquiry) does not include all the necessary information in accordance with the requirements of the Personal Data Law or the subject does not have the right to access the requested information, then a reasoned refusal shall be sent to them.
6.7. The right of a personal data subject to access their personal data may be limited in accordance with the Personal Data Law, inter alia, if the personal data subject’s access to their personal data violates the rights and legitimate interests of third parties.
6.8. In the event that inaccurate personal data is detected upon an inquiry of the personal data subject or their representative or at their request or at the request of Roskomnadzor, the Operator shall block the personal data pertaining to this personal data subject from the moment of such inquiry or receiving the specified request for the verification period, unless the personal data blocking violates the rights and legitimate interests of the personal data subject or third parties.
In the event of confirmation of the inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject or their representative or Roskomnadzor, or other necessary documents, shall clarify the personal data within seven business days from the date of submission of such information and lift the personal data blocking.
6.9. In the event of detection of unlawful personal data processing upon an inquiry (request) from the personal data subject or their representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data pertaining to this personal data subject from the moment of receiving such inquiry or request.
6.10. Conditions for destruction of personal data by the Operator:
• achievement of the personal data processing purpose or loss of the need to achieve this purpose;
• achieving maximum retention periods for documents containing personal data;
• provision by the personal data subject (their representative) of confirmation that the personal data were obtained illegally or are not necessary for the stated purpose of processing;
• withdrawal by the personal data subject of the consent to the processing of their personal data, if storage thereof for the purpose of processing is no longer required, within 30 days.
6.10. Upon achieving the purpose of personal data processing, as well as in the event of the withdrawal of consent to their processing by the personal data subject, personal data shall be subject to destruction if:
• unless otherwise provided by an agreement to which the personal data subject is a party, beneficiary or guarantor;
• the Operator is not entitled to process the data without the consent of the personal data subject on the grounds stipulated by the Personal Data Law or other federal laws;
• unless otherwise provided by any other agreement between the Operator and the personal data subject.
6.11. If it is impossible to destroy personal data within the term stipulated by the Personal Data Law, the Operator shall block such personal data or ensure their blocking (if the personal data processing is carried out by other person acting on the instructions of the Operator) and ensure the destruction of the personal data within a period not exceeding six months, unless another period is stipulated by federal laws.
6.12. The personal data destruction shall be confirmed by documents approved by Order of Roskomnadzor on the Requirements for Confirmation of Personal Data Destruction No. 179 dated 28.10.2022.
7. LIABILITY FOR VIOLATION OF THE RULES GOVERNING THE PERSONAL DATA PROCESSING
7.1. Persons guilty of violating the provisions of the legislation of the Russian Federation in the field of personal data when processing personal data shall be subject to disciplinary and material liability in the manner stipulated by the Labor Code of the Russian Federation and other federal laws, as well as to administrative, civil or criminal liability in the manner stipulated by federal laws.
7.2. Moral damage caused to a personal data subject as a result of the violation of their rights, violation of the rules for processing personal data, as well as failure to comply with the requirements for the protection thereof stipulated by the Personal Data Law, shall be reimbursed in accordance with the legislation of the Russian Federation. The moral damage shall be subject to reimbursement regardless of whether property damage and losses incurred by the personal data subject have been reimbursed.
5.1. The personal data of a personal data subject shall be processed for the period necessary for the purposes specified in the Policy, by any legal means, inter alia, in the personal data information system, with or without the use of automation tools.
5.2. The content and scope of personal data processed shall be determined by the processing purposes, as set out in Section 2 of the Policy, and specified in the consent of the personal data subject to the personal data processing, except for cases where the personal data may be processed without obtaining such consent.
5.3. By providing their personal data to the Operator, the personal data subject acknowledges that they have read the Policy and agree that the Operator shall have the right to process personal data, namely, agree to the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction, including the right to transfer personal data to third parties, in particular, contractors servicing the Operator’s website or the Operator’s mobile application, credit institutions, other legal entities and individuals providing the Operator with marketing and other services, including for the purpose of giving tours and holding other events.
5.4. The Operator may transfer personal data of a personal data subject to inquiry and investigation authorities and other authorized agencies on the grounds and in the manner prescribed by the applicable law of the Russian Federation.
5.5. The personal data processing shall be carried out as follows:
5.5.1. obtaining originals and copies of documents provided by the personal data subject;
5.5.2. accumulation of personal data when keeping personnel records;
5.5.3. receiving information containing personal data orally, in writing, by mail, e-mail, telephone message, or by telephone directly from the personal data subject;
5.5.4. obtaining personal data from publicly available sources;
5.5.5. registration of personal data in logs, books, registers, and other accounting forms;
5.5.6. entering personal data into the Company’s information systems;
5.5.7. use of other means and methods of registering personal data received by the Company in the course of its activities.
5.6. The Company shall have the right to entrust the personal data processing to any other person under an agreement concluded with that person. The person processing personal data on behalf of the Company shall comply with the principles and rules for personal data processing, requirements for the protection of processed personal data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of obligations stipulated by the Personal Data Law. The actual composition of third parties engaged by the Company for the personal data processing shall be determined in accordance with the provisions of the Russian Federation legislation, agreements between the Company and personal data subject, consent(s) of the personal data subject to the personal data processing, agreements between the Company and the counterparty that is the personal data operator.
5.7. The Operator shall not process biometric personal data of personal data subjects and shall not carry out cross-border transfer of personal data.
5.8. Without the written consent of the personal data subject, the Company shall not disclose to third parties or disseminate personal data, unless otherwise provided by the Federal Law. Consent to the personal data processing permitted for dissemination by the personal data subject shall be issued separately from other consents of the personal data subject to the processing of their personal data.
The requirements for the content of consent to the personal data processing permitted by the personal data subject for dissemination are approved by Order of Roskomnadzor No. 18 dated 24.02.2021.
5.9. In order to protect personal data in the Company, the following persons shall be approved by orders of the General Director:
appointment of an employee responsible for managing the personal data processing;
consent form for the personal data processing, consent form for the personal data processing permitted by the personal data subject for dissemination;
other local regulations adopted in accordance with the requirements of personal data legislation.
5.10. Employees who hold positions that imply the personal data processing shall be allowed to do so after signing a non-disclosure agreement.
5.11. The Company shall use certified antivirus software with regularly updated databases.
5.12. The job descriptions of the Company’s employees who process personal data shall include, in particular, provisions on the need to report any cases of unauthorized access to personal data.
5.13. The Company has defined storage locations for physical (including machine-readable) personal data carriers, ensuring the record-keeping and safety of personal data carriers, eliminating unauthorized access to personal data carriers, as well as separate storage of personal data (physical carriers), which is processed for various purposes.
5.14. By filling out and submitting to the Operator the form (feedback, hereinafter referred to as the form), in which personal data is entered on the Operator’s website, the personal data subject confirms that they:
indicate reliable information about themselves, all other information is provided by the personal data subject at their own discretion;
have read the Policy and agree that the Operator has the right to process personal data, including transferring personal data to third parties;
recognize the legal force of electronic letters/documents sent by the Operator by e-mail;
solely have the right and ability to access the e-mail account and/or mobile radiotelephone device with the address and/or number specified in the form. This access is carried out by the personal data subject using a password, which is confidential.
5.15. The Operator shall take measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance therewith.
5.16. When processing personal data, the Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal acts in relation to personal data.
5.17. The security of personal data in the Company shall be achieved through:
1) identifying the threats to the security of Personal Data during processing via personal data information systems;
2) applying organizational and technical measures to ensure personal data security during processing via personal data information systems to comply with the personal data protection requirements that ensure the personal data protection levels established by the Government of the Russian Federation;
3) applying information protection means that have passed the conformity assessment procedure in the prescribed manner;
4) assessing the effectiveness of efforts made to ensure the security of personal data before commissioning the personal data information system;
5) accounting for the media carrying personal data;
6) detecting instances of unauthorized access to personal data and making efforts, including to detect, prevent, and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents therein;
7) recovering the personal data modified or destroyed due to unauthorized access thereto;
8) establishing rules of access to the personal data processed via the personal data information system as well as ensuring recording and accounting of all actions performed with personal data via the personal data information system;
9) controlling the efforts made to ensure personal data security and the level of security of personal data information systems;
5.18. The Operator has set up periodic inspections for the purpose of implementing internal control over the compliance of personal data processing with the Personal Data Law and regulatory legal acts adopted in pursuance thereof.
5.19. The Operator has assessed the harm that may be caused to personal data subjects in the event of a violation of the Personal Data Law.
5.20. Cookie Policy
5.20.1. The following types of cookies may be used on the Company’s websites:
5.20.2. technical: strictly necessary for the correct operation and display of the website on the user’s device;
5.20.3. statistical (analytical): allowing the Company to count the number of visits to the website, individual pages of the website and other statistics;
5.20.4. functional: facilitating the use of the website by remembering the user’s preferences (language, location, password, etc.);
5.20.5. advertising: allowing the website to display advertisements that may be of interest to the user;
5.20.6. other – cookies not listed in this list.
5.20.7. The storage period of cookies may vary depending on their type, but in any case it shall be limited to the period necessary to achieve the purpose of using a particular cookie.
5.20.8. The Company shall not use cookies for:
5.20.9. direct or indirect determination of personal data subjects using technical information or other data;
5.20.10. comparison, combining (linking) information from cookies with other available information.
5.20.11. When the user first accesses the website, they shall be informed about the processing of cookies. They shall be requested to express their consent to such processing or to refuse by changing their browser settings.
5.21. The Operator shall keep personal data in a form that allows the identification of the personal data subject for no longer than is required by the purposes of personal data processing, unless the information storage period is stipulated by the Federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor. Processed information shall be subject to destruction or anonymization upon achievement of the processing purposes or in the event of loss of the need to achieve these purposes, unless otherwise provided by law.
5.22. When collecting personal data, inter alia, through the Internet information and telecommunications network, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of nationals of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Personal Data Law.
5.23. Personal data in a hard-copy form shall be stored in the Company for the periods of storage of documents for which these periods are stipulated by the legislation on archival activities in the Russian Federation (Federal Law on Archival Activities in the Russian Federation No. 125-ФЗ dated 22.10.2004, List of Standard Management Archival Documents Generated in the Course of Activities of State Authorities, Local Governments and Organizations, Indicating Their Retention Periods, approved by Order of Rosarchive No. 236 dated 20.12.2019).
6. DELETION, DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
6.1. In order to observe the rights and legitimate interests of personal data subjects, the Company shall receive and process their requests and inquiries, as well as monitor the support of such reception and processing.
6.2. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Personal Data Law, shall be provided by the Operator to the personal data subject or their representative within 10 business days from the date of the request or receiving the request from the personal data subject or their representative. This period may be extended, however no more than by five business days. To this end, the Operator shall send the personal data subject a reasoned notice indicating the grounds for extending the term for providing the requested information.
6.3. The information provided shall not include personal data pertaining to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.
6.4. The request of the personal data subject may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation and shall contain:
• the number of the main document certifying the identity of the personal data subject or his/her representative, information on the date of issue of the specified document and the issuing authority;
• information confirming the participation of the personal data subject in relations with the Operator (contract number, contract date, conventional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator.
6.5. The Operator shall provide the information specified in the Personal Data Law to the personal data subject or their representative in the form in which the relevant request or inquiry has been sent, unless otherwise specified in the request or inquiry.
6.6. If the personal data subject’s request (inquiry) does not include all the necessary information in accordance with the requirements of the Personal Data Law or the subject does not have the right to access the requested information, then a reasoned refusal shall be sent to them.
6.7. The right of a personal data subject to access their personal data may be limited in accordance with the Personal Data Law, inter alia, if the personal data subject’s access to their personal data violates the rights and legitimate interests of third parties.
6.8. In the event that inaccurate personal data is detected upon an inquiry of the personal data subject or their representative or at their request or at the request of Roskomnadzor, the Operator shall block the personal data pertaining to this personal data subject from the moment of such inquiry or receiving the specified request for the verification period, unless the personal data blocking violates the rights and legitimate interests of the personal data subject or third parties.
In the event of confirmation of the inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject or their representative or Roskomnadzor, or other necessary documents, shall clarify the personal data within seven business days from the date of submission of such information and lift the personal data blocking.
6.9. In the event of detection of unlawful personal data processing upon an inquiry (request) from the personal data subject or their representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data pertaining to this personal data subject from the moment of receiving such inquiry or request.
6.10. Conditions for destruction of personal data by the Operator:
• achievement of the personal data processing purpose or loss of the need to achieve this purpose;
• achieving maximum retention periods for documents containing personal data;
• provision by the personal data subject (their representative) of confirmation that the personal data were obtained illegally or are not necessary for the stated purpose of processing;
• withdrawal by the personal data subject of the consent to the processing of their personal data, if storage thereof for the purpose of processing is no longer required, within 30 days.
6.10. Upon achieving the purpose of personal data processing, as well as in the event of the withdrawal of consent to their processing by the personal data subject, personal data shall be subject to destruction if:
• unless otherwise provided by an agreement to which the personal data subject is a party, beneficiary or guarantor;
• the Operator is not entitled to process the data without the consent of the personal data subject on the grounds stipulated by the Personal Data Law or other federal laws;
• unless otherwise provided by any other agreement between the Operator and the personal data subject.
6.11. If it is impossible to destroy personal data within the term stipulated by the Personal Data Law, the Operator shall block such personal data or ensure their blocking (if the personal data processing is carried out by other person acting on the instructions of the Operator) and ensure the destruction of the personal data within a period not exceeding six months, unless another period is stipulated by federal laws.
6.12. The personal data destruction shall be confirmed by documents approved by Order of Roskomnadzor on the Requirements for Confirmation of Personal Data Destruction No. 179 dated 28.10.2022.
7. LIABILITY FOR VIOLATION OF THE RULES GOVERNING THE PERSONAL DATA PROCESSING
7.1. Persons guilty of violating the provisions of the legislation of the Russian Federation in the field of personal data when processing personal data shall be subject to disciplinary and material liability in the manner stipulated by the Labor Code of the Russian Federation and other federal laws, as well as to administrative, civil or criminal liability in the manner stipulated by federal laws.
7.2. Moral damage caused to a personal data subject as a result of the violation of their rights, violation of the rules for processing personal data, as well as failure to comply with the requirements for the protection thereof stipulated by the Personal Data Law, shall be reimbursed in accordance with the legislation of the Russian Federation. The moral damage shall be subject to reimbursement regardless of whether property damage and losses incurred by the personal data subject have been reimbursed.
menu
contact us
phone and email
