Personal Data Processing Policy
1. General provisions
1.1. The personal data processing policy (hereinafter - the Policy) on the website http://www.angelinaerf.ru (hereinafter - the Company) defines the main objectives and principles conditions and methods of processing personal data, lists of personal data processed by the Company, the functions of the Company in processing personal data, the rights of personal data subjects, as well as the requirements for the protection and storage of personal data implemented by the Company.
1.2. The policy was developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
1.3. The Policy applies to all personal data of subjects processed in the Company using automation tools and without using such means.
2. The main terms and definitions used in the local regulatory acts of the Company governing the processing of personal data
Information - information (messages, data) regardless of the form of their presentation
Personal data - any information relating to directly or indirectly determined or determined by an individual (citizen). Those. To such information, in particular, include: name, year, month, date and place of birth, contact phone, citizenship, biometric data, address, information about family, social, property status, information about education, profession, income, information about state of health, information about the place of work, as well as other information.
Personal data processing - any action (operation) or set of actions (operations) with personal data performed using automation tools or without the use of such tools. Such operations include such actions (operations) as collection, receipt, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction personal data.
Operator - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the goals of personal data processing, the composition of personal data to be processed, actions (operations ) committed with personal data.
3. Legislative and other regulatory legal acts of the Russian Federation, in accordance with which the Policy of personal data processing in the Company is determined
3.1. The policy for processing personal data in the Company is determined in accordance with the following regulatory acts:
- Labor Code of the Russian Federation;
- Federal Law of July 27, 2006 No. 152-ФЗ “On Personal Data”;
- Decree of the President of the Russian Federation of March 6, 1997 No. 188 "On approval of the List of information of a confidential nature";
- Resolution of the Government of the Russian Federation of September 15, 2008 No. 687 “On Approval of the Regulation on Peculiarities of Processing Personal Data Performed Without Using Automation Tools”;
- Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 “On approval of requirements for the protection of personal data when they are processed in personal data information systems”;
- Order of the FSTEC of Russia No. 55, the Federal Security Service of Russia No. 86, the Ministry of Information Technologies and Communications of Russia No. 20 of February 13, 2008 “On approval of the procedure for classifying information systems of personal data”;
- Order of the FSTEC of Russia dated February 18, 2013 No. 21 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data when they are processed in personal data information systems”;
- Order of Roskomnadzor dated September 5, 2013 No. 996 “On approval of requirements and methods for depersonalization of personal data”;
- Resolution of the Government of the Russian Federation dated July 6, 2008 No. 512 “On approval of requirements for tangible carriers of biometric personal data and technologies for storing such data outside of personal data information systems”;
- Resolution of the Government of the Russian Federation dated July 6, 2008 No. 512 “On approval of requirements for tangible carriers of biometric personal data and technologies for storing such data outside of personal data information systems”;
3.2. In order to implement the provisions of the Policy, the Company develops relevant local regulations and other documents, including:
- provision on the processing of personal data in the Company;
- a provision on ensuring the security of personal data when it is processed in the Company's personal data information systems;
- other local regulations and documents regulating personal data processing issues in the Company.
4. Subjects of personal data of the Company
The company processes the personal data of the following persons:
- Company employees;
- subjects with which contracts of civil nature are concluded;
- candidates for the vacant positions of the Company;
- Company's clients;
- registered users of the Company's website;
- representatives of legal entities;
- suppliers (individual entrepreneurs).
5. Principles and objectives for the processing of personal data
The company processes the personal data of the following persons:
5.1. The company, being an operator of personal data, processes personal data of employees of the Company and other subjects of personal data who are not in labor relations with the Company.
5.2. The processing of personal data in the Company is carried out taking into account the need to ensure the protection of the rights and freedoms of employees of the Company and other personal data subjects, including the protection of the right to privacy, personal and family secrets, based on the following principles:
- the processing of personal data is carried out in the Company on a lawful and fair basis;
- personal data processing is limited to the achievement of specific, predetermined and legitimate goals;
- processing of personal data that is incompatible with the purposes of collecting personal data is not allowed;
- merging databases containing personal data that are processed for purposes that are incompatible with each other is not allowed;
- only personal data are processed that meets the purposes of their processing;
- the content and volume of personal data processed is consistent with the stated processing goals. The redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed;
- when processing personal data, the accuracy of personal data is ensured, its sufficiency, and, if necessary, also relevant to the purposes of personal data processing. The company takes the necessary measures or ensures their adoption to remove or clarify incomplete or inaccurate personal data;
- personal data is stored in a form that allows determining the subject of personal data no longer than the purpose of processing personal data requires, if the period for storing personal data is not established by federal law, a contract to which the entity is a beneficiary or guarantor personal data;
- the processed personal data is destroyed or de-identified if it reaches the processing objectives or if it is no longer necessary to achieve these goals, unless otherwise provided by federal law.
5.3. Personal data is processed by the Company in order to:
- ensuring compliance with the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation, local regulatory acts of the Company;
- the implementation of the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company, including the provision of personal data to state authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Mandatory Medical Insurance Fund, as well as to other government agencies;
- protection of life, health or other vital interests of personal data subjects;
- preparation, conclusion, execution and termination of contracts with counterparties;
- formation of reference materials for internal information support of the Company's activities;
- the execution of judicial acts, acts of other bodies or officials to be executed in accordance with the legislation of the Russian Federation on enforcement proceedings;
- implementation of the rights and legitimate interests of the Company in the framework of the implementation of activities stipulated by the Charter and other local regulatory acts of the Company, or third parties, or the achievement of socially significant goals;
- for other legitimate purposes.
6. Conditions for processing personal data in the Company
6.1. The processing of personal data in the Company is carried out with the consent of the subject of personal data to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data.
6.2. The company without the consent of the subject of personal data does not disclose to third parties and does not distribute personal data, unless otherwise provided by federal law.
6.3. The company has the right to entrust the processing of personal data to another person with the consent of the subject of personal data on the basis of an agreement with this person. The contract should contain a list of actions (operations) with personal data that will be performed by the person performing the processing of personal data, processing purposes, the obligation of such a person to maintain the confidentiality of personal data and ensure the safety of personal data during their processing, as well as the requirements for the protection of personal data being processed in accordance with Article 19 of the Federal Law “On Personal Data”.
6.4. Access to personal data processed by the Company is allowed only to employees of the Company occupying positions included in the list of positions in the Company for which personal data is being processed.
7. Rights of personal data subjects
7.1. The personal data subjects are entitled to:
- full information about their personal data processed by the Company;
—access to their personal data, including the right to receive a copy of any record containing their personal data, except as required by federal law, as well as access to the medical data relating to them with the help of a medical specialist of their choice;
- clarifying your personal data, blocking or destroying it if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
- withdrawal of consent to the processing of personal data;
- the adoption of measures provided by law to protect their rights;
- to appeal the actions or omissions of the Company, carried out in violation of the requirements of the legislation of the Russian Federation in the field of personal data, to the authorized body for the protection of the rights of personal data subjects or to the court;
- the exercise of other rights stipulated by the legislation of the Russian Federation.
8. Measures taken by the Company to ensure the performance of operator duties in the processing of personal data
8.1. Measures that are necessary and sufficient to ensure that the Company fulfills the operator’s obligations under the legislation of the Russian Federation in the field of personal data include:
- the appointment of the person responsible for organizing the processing of personal data in the Company;
- obtaining the consent of the subjects of personal data to the processing of their personal data, except as required by the legislation of the Russian Federation;
- the separation of personal data processed without the use of automation equipment, from other information, in particular by recording them on separate material media of personal data in special sections;
- ensuring the separate storage of personal data and their material carriers, which are processed for different purposes and which contain different categories of personal data;
- imposing a ban on the transfer of personal data via open communication channels, computer networks outside the controlled area, the FERS of the Company and the Internet without applying measures established in the Company to ensure the security of personal data (with the exception of publicly available and / or impersonal personal data) ;
- storage of material carriers of personal data in compliance with conditions that ensure the safety of personal data and prevent unauthorized access to them;
- implementation of internal control over the compliance of personal data processing with the Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it, personal data protection requirements, this Policy, and local regulatory acts of the Company;
- other measures stipulated by the legislation of the Russian Federation in the field of personal data.
8.2. Measures to ensure the security of personal data when they are processed in personal data information systems are established in accordance with the local regulations of the Company governing the security of personal data when they are processed in the Company's personal data information systems.
9. Monitoring compliance with the legislation of the Russian Federation in the field of personal data, including requirements for the protection of personal data
9.1. Control over the Company's compliance with the laws of the Russian Federation and local regulations of the Company in the field of personal data, including the requirements for the protection of personal data, is carried out to verify compliance of the Company's personal data processing with the laws of the Russian Federation and local regulations of the Company in personal data. including requirements for the protection of personal data, as well as measures taken to prevent and detect violations of the law Of the Russian Federation in the field of personal data, identifying possible channels of leakage and unauthorized access to personal data, eliminating the consequences of such violations.
9.2. Internal control over the compliance by structural divisions of the Company's administration, its branches and representative offices of the legislation of the Russian Federation and local regulations of the Company in the field of personal data, including requirements for the protection of personal data, is carried out by the person responsible for organizing the processing of personal data in the Company.
Basket ()
Our managers will contact you to clarify all the necessary details of sewing.
A notification will be sent to your mail when the selected item is available.
