Policy of IP Trufanov Vyacheslav Fedorovich (hereinafter also referred to as the Entrepreneur) regarding the processing of personal data” (hereinafter referred to as the Policy) determines the position and intentions of the Entrepreneur in the field of processing and protection of personal data, in order to respect and protect the rights and freedoms of each person and, in particular, the right to privacy, personal and family secrets, protection of one's honor and good name.
The policy is strictly implemented by the managers and employees of all structural divisions of the Entrepreneur who have access to personal data.
The Policy applies to all personal data of subjects processed by the Entrepreneur with and without the use of automation tools.
Any subject of personal data has access to this Policy.
Definitions
Personal data - any information relating to a directly or indirectly identified or identifiable natural person (citizen). Such information includes the following information: full name, year, month, date and place of birth, address, information about family, social, property status, education, profession, income, health status, and other information.
Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed using automation tools or without the use of such tools. Such actions (operations) include: collection, receipt, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, the actions (operations) performed with personal data.
Sites - a collection of pages and content, united by domain names owned by the Entrepreneur.
Subjects of personal data
The entrepreneur processes the personal data of the following persons:
employees of the Entrepreneur;
entities with which contracts of a civil law nature have been concluded;
candidates for filling vacant positions of the Entrepreneur;
clients of the Entrepreneur;
registered users of the websites of the Entrepreneur;
representatives of legal entities;
suppliers (individual entrepreneurs).
Principles and conditions for the processing of personal data
Under the security of personal data, the Entrepreneur understands the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data and takes the necessary legal, organizational and technical measures to protect personal data.
Processing and ensuring the security of personal data by the Entrepreneur is carried out in accordance with the requirements of the Constitution of the Russian Federation, Federal Law No. 152-FZ "On Personal Data", by-laws, other federal laws of the Russian Federation that determine the cases and features of the processing of personal data, guidelines and methodological documents of the FSTEC of Russia and the FSB of Russia.
When processing personal data, the Entrepreneur adheres to the following principles:
legitimacy and fairness;
limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
preventing the processing of personal data that is incompatible with the purposes of collecting personal data;
preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
processing of personal data that meet the purposes of their processing;
content matching.
The entrepreneur processes personal data only if at least one of the following conditions is met:
the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
processing of personal data is necessary to achieve the goals provided for by law, to exercise and fulfill the functions, powers and obligations assigned to the operator by the legislation of the Russian Federation;
the processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
the processing of personal data is necessary to exercise the rights and legitimate interests of the Entrepreneur or third parties or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
processing of personal data is carried out, access of an unlimited circle of persons to which is provided by the subject of personal data or at his request;
processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
The entrepreneur has the right to entrust the processing of personal data of citizens to third parties, on the basis of an agreement concluded with these persons. Persons processing personal data on behalf of the Entrepreneur undertake to comply with the principles and rules for the processing and protection of personal data provided for by Federal Law No. 152-FZ “On Personal Data”. For each person, a list of actions (operations) with personal data that will be performed by a legal entity processing personal data, the purposes of processing, the obligation of such a person to maintain confidentiality and ensure the security of personal data during their processing, as well as requirements for the protection of processed personal data are specified. data.
In cases established by the legislation of the Russian Federation, the Entrepreneur has the right to transfer personal data of citizens.
For the purpose of information support, the Entrepreneur may create publicly available sources of personal data of employees, including directories and address books. With the consent of the employee, public sources of personal data may include his last name, first name, patronymic, date and place of birth, position, contact phone numbers, e-mail address. Information about the employee must be excluded from publicly available sources of personal data at any time at the request of the employee or by decision of the court or other authorized state bodies.
The entrepreneur destroys or depersonalizes personal data upon reaching the purposes of processing or in case of loss of the need to achieve the purpose of processing.
Rights of the subject of personal data
The citizen whose personal data is processed by the Entrepreneur has the right to:
receive from the Entrepreneur:
confirmation of the fact of personal data processing by the Entrepreneur;
legal grounds and purposes of personal data processing;
information about the methods used by the Entrepreneur to process personal data;
name and location of the Entrepreneur;
information about persons who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Entrepreneur or on the basis of federal law;
a list of processed personal data relating to the citizen from whom the request was received and the source of their receipt, unless a different procedure for providing such data is provided by federal law;
information about the terms of processing personal data, including the terms of their storage;
information on the procedure for the exercise by a citizen of the rights provided for by the Federal Law "On Personal Data" No. 152-FZ;
information about the ongoing or proposed cross-border transfer of personal data;
name and address of the person processing personal data on behalf of the Entrepreneur;
other information provided for by the Federal Law "On Personal Data" No. 152-FZ or other federal laws;
demand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
withdraw your consent to the processing of personal data;
demand the elimination of unlawful actions of the Entrepreneur in relation to his personal data;
appeal against the actions or inaction of the Entrepreneur to the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor) or in court if the citizen believes that the Entrepreneur the owner processes his personal data in violation of the requirements of Federal Law No. 152-FZ “On Personal Data” or otherwise violates his rights and freedoms;
receive clarifications on the processing of personal data by contacting the Entrepreneur personally or by sending an official request to the address: 141006, Moscow Region, Mytishchi, Volkovskoe highway, possession 13A, building 1; If an official request is sent to IE Trufanov Vyacheslav Fedorovich, the text of the request must indicate:
FULL NAME;
number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the said document and the authority that issued it;
information confirming your participation in relations with the Entrepreneur or information otherwise confirming the fact of processing personal data by the Entrepreneur;
signature of the citizen (or his legal representative). If the request is sent electronically, then it must be executed in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
to protect their rights and legitimate interests, including compensation for losses and / or compensation for moral damage in court.
Responsibility
In case of failure to comply with the provisions of this Policy, the Entrepreneur is liable in accordance with the current legislation of the Russian Federation.
Information about the implemented requirements for the protection of personal data
When processing personal data, the entrepreneur takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data. Such measures in accordance with Federal Law No. 152-FZ “On Personal Data” include:
determination of threats to the security of personal data during their processing in information systems of personal data;
application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
the use of information security tools that have passed the conformity assessment procedure in accordance with the established procedure;
assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
detection of facts of unauthorized access to personal data and taking measures;
recovery of personal data modified or destroyed due to unauthorized access to them;
establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;
accounting of machine carriers of personal data;
organization of access control to the territory of the Entrepreneur;
placement of technical means for processing personal data within the protected area;
maintenance of technical means of protection, signaling in constant readiness;
monitoring user actions, conducting proceedings on violations of personal data security requirements.
In order to coordinate actions to ensure the security of personal data, the Entrepreneur has appointed persons responsible for ensuring the security of personal data.
The current version of the Policy is published on the websites of the Entrepreneur.