Policy OOO "Dalgraphite" in relation to the processing of personal data.
The policy of the limited liability company «Dalgraphite» regarding the processing of personal data
1. Generalities
1.1. This Policy of limited liability company «Dalgraphite» in relation to the processing of personal data (hereinafter — the Policy) is developed pursuant to the requirements of section 2 of part 1 of article 18.1 of the Federal law from 27.07.2006 N 152-FZ «On personal data» (hereinafter — the Law on personal data) in order to ensure the protection of the rights and freedoms of man and citizen during processing of personal data, including protection of rights to inviolability of private life, personal and family privacy.
1.2. The policy applies to all personal data processed by the limited liability company «far Eastern graphite» (hereinafter — the Operator, LLC «Dalgraphite»).
1.3. The policy applies to the relations in the field of personal data processing, arising from the Operator both before and after the approval of this Policy.
1.4. In compliance with the requirements of part 2 of article 18.1 Of the law on personal data, this Policy is published in free access on the information and telecommunication Internet on the Operator's website.
1.5. Key concepts used in the Policy:
personal data — any information relating to directly or indirectly identified or identifiable individual (personal data subject);
operator (operator) — a state body, municipal body, legal or physical person who independently or together with other persons organizing and (or) carrying out processing of personal data, and also defining purposes of processing of personal data, the scope of personal data to be processed, actions (operations) committed with personal data;
processing of personal data — any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation. Processing of personal data includes including:
collection;
record;
systematization;
accumulation;
storage;
* clarification (update, change);
extraction;
use;
* transfer (distribution, provision, access);
depersonalization;
blocking;
removal;
destruction;
automated processing of personal data — processing of personal data with the help of computer technology;
distribution of personal data-actions aimed at disclosure of personal data to an indefinite number of persons;
provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
blocking of personal data-temporary termination of processing of personal data (except if the processing is necessary to clarify the personal data);
destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed;
depersonalization of personal data-actions, as a result of which it becomes impossible without the use of additional information to determine the identity of personal data to a particular subject of personal data;
information system of personal data — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
1.6. Basic rights and obligations of the Operator.
1.6.1. The operator has the right to:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for By the law on personal data and regulatory legal acts adopted in accordance with it, unless otherwise provided By the law on personal data or other Federal laws;
2) entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by Federal law, on the basis of a contract concluded with this person. A person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for By the law on personal data;
3) if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the personal data Law.
1.6.2. The operator must:
1) organize the processing of personal data in accordance with the requirements Of the law on personal data;
2) respond to requests and requests of personal data subjects and their legal representatives in accordance with the requirements Of the law on personal data;
3) report to the authorized body for protection of the rights of subjects of personal data (Federal service for supervision of communications, information technology and mass communications (Roskomnadzor)) at the request of this body the necessary information within 30 days from the date of receipt of such request.
1.7. Basic rights of the personal data subject. The personal data subject has the right to:
1) receive information concerning the processing of his personal data, except as provided for by Federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and they should not contain personal data relating to other subjects of personal data, except in cases where there are legal grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it is established By the law on personal data;
2) require the operator to clarify his / her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
3) put forward the condition of prior consent in the processing of personal data in order to promote goods, works and services on the market;
4) appeal to Roskomnadzor or in court against illegal actions or inaction of the Operator in the processing of his personal data.
1.8. Control over the fulfillment of the requirements of this Policy is carried out by the authorized person responsible for the organization of personal data processing at the Operator.
1.9. Responsibility for violation of requirements of the legislation of the Russian Federation and regulations of LLC Verona in the sphere of processing and protection of personal data is defined according to the legislation of the Russian Federation.
2. Purposes of personal data collection
2.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. Personal data processing incompatible with the purposes of personal data collection is not allowed.
2.2. Only personal data that meet the purposes of their processing are subject to processing.
2.3. The processing of personal data by the Operator is carried out for the following purposes:
* ensuring compliance with the Constitution of the Russian Federation, Federal laws and other regulatory legal acts of the Russian Federation;
in carrying out its activities in accordance with the Charter of LLC «Dalgraphite»;
* HR administration;
* assistance to employees in employment, education and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;
* recruitment and selection of candidates to work with the Operator;
* organization of individual (personalized) registration of employees in the system of compulsory pension insurance;
* filling in and submission to the Executive authorities and other authorized organizations of the required reporting forms;
* implementation of civil law relations;
accounting;
* implementation of access control.
2.4. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
3. Legal basis of personal data processing
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
Russian Constitution;
* Civil code of the Russian Federation;
* Labour code of the Russian Federation;
* Tax code of the Russian Federation;
* Federal law of 08.02.1998 N 14-FZ " on limited liability companies";
* Federal law of 06.12.2011 N 402-FZ " on accounting";
* The Federal law of 15.12.2001 N 167-FZ «About obligatory pension insurance in the Russian Federation»;
other regulatory legal acts regulating relations related to the Operator's activities.
3.2. The legal basis for the processing of personal data is also:
Charter company «Dalgraphite»;
* contracts concluded between the Operator and personal data subjects;
* consent of personal data subjects to the processing of their personal data.
4. Scope and categories of personal data processed,
categories of personal data subjects
4.1. The content and volume of the processed personal data shall correspond to the declared purposes of processing provided in the section. 2 of this Policy. The processed personal data should not be excessive in relation to the stated purposes of their processing.
4.2. The operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment to the Operator:
full name;
floor;
citizenship;
date and place of birth;
contact details;
information about education, work experience, qualifications;
other personal data provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator:
full name;
floor;
citizenship;
date and place of birth;
image (photo);
passport data;
address of registration at the place of residence;
address of actual residence;
contact details;
individual taxpayer identification number;
insurance number of individual personal account (SNILS);
information on education, qualifications, training and further training;
marital status, children, family ties;
information about employment, including the presence of incentives, awards and (or) disciplinary sanctions;
marriage registration data;
information on military registration;
disability information;
information about alimony;
information on income from previous employment;
other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of Operator employees:
full name;
degree;
year of birth;
other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. Operator's clients and counterparties (individuals):
full name;
date and place of birth;
passport data;
address of registration at the place of residence;
contact details;
current position;
individual taxpayer identification number;
current account number;
other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.
4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities):
full name;
passport data;
contact details;
current position;
other personal data provided by representatives (employees) of clients and contractors necessary for the conclusion and execution of contracts.
4.3. Processing by the Operator of biometric personal data (information that characterize the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the legislation of the Russian Federation.
4.4. The operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except as provided for by the legislation of the Russian Federation.
5. Procedure and conditions of personal data processing
5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it in the cases provided for by the legislation of the Russian Federation.
5.3. The operator performs both automated and manual processing of personal data.
5.4. Employees of the Operator, whose job duties include processing of personal data, are allowed to process personal data.
5.5. Processing of personal data is carried out by:
receiving personal data in oral and written form directly from the subjects of personal data;
obtaining personal data from publicly available sources;
entering personal data into logs, registers and information systems of the Operator;
use of other methods of personal data processing.
5.6. Disclosure to third parties and dissemination of personal data without the consent of the subject of personal data is not allowed, unless otherwise provided by Federal law.
5.7. The transfer of personal data to the bodies of inquiry and investigation, the Federal tax service, the Pension Fund of the Russian Federation, the social insurance Fund and other authorized Executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
identifies threats to the security of personal data during processing;
adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
appoints persons responsible for ensuring the security of personal data in the structural units and information systems of the Operator;
creates the necessary conditions for working with personal data;
organizes accounting of documents containing personal data;
organizes work with information systems in which personal data is processed;
stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
organizes training of the Operator's employees engaged in the processing of personal data.
5.9. The operator stores personal data in a form that allows to determine the subject of personal data, no longer than required by the purpose of processing personal data, if the period of storage of personal data is not established by Federal law, the contract.
5.10. When collecting personal data, including through the information and telecommunication Internet, the Operator shall ensure the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the law on personal data.
6. Updating, correcting, deleting and destroying
personal data, responses to requests of subjects
access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in part 7 of article 14 Of the law on personal data are provided by the Operator to the personal data subject or his representative when applying or receiving a request from the personal data subject or his representative.
The information provided does not include personal data relating to other subjects of personal data, except in cases where there are legal grounds for the disclosure of such personal data.
The request must contain:
number of the main identity document of the subject of personal data or its representative, information on the date of issue of the document and the issuing authority;
information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the processing of personal data by the Operator;
signature of the personal data subject or its representative.
The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the request (request) of the subject of personal data does not reflect in accordance with the requirements of the Law on personal data all the necessary information or the subject does not have the right of access to the requested information, it is sent a reasoned refusal.
The right of the personal data subject to access to his personal data may be restricted in accordance with part 8 of article 14 of the personal data Law, including if the access of the personal data subject to his personal data violates the rights and legitimate interests of third parties.
6.2. In case of detection of inaccurate personal data handling the personal data subject or his representative either at their request or at the request of Roskomnadzor the Operator shall block the personal data related to that data subject, since such treatment or receipt of the request for the period of the test if blocking of personal data does not violate the rights and legitimate interests of the data subject or third parties.
In case of confirmation of the fact of inaccuracy of personal data the Operator on the basis of the data provided by the subject of personal data or his representative or Roskomnadzor, or other necessary documents specifies personal data within seven working days from the date of submission of such data and removes blocking of personal data.
6.3. In case of detection of illegal processing of personal data at the address (request) of the subject of personal data or his representative or Roskomnadzor the Operator performs blocking of illegally processed personal data relating to this subject of personal data from the moment of such address or receipt of request.
6.4. Upon achievement of the purposes of personal data processing, as well as in the case of withdrawal by the personal data subject of consent to their processing, personal data shall be destroyed if:
otherwise is not provided by the contract, the party to which, the beneficiary or the guarantor of which is the subject of personal data;
the operator shall not be entitled to process without the consent of the personal data subject on the grounds provided for by the personal data Law or other Federal laws;
no other agreement between the Operator and the personal data subject provides otherwise.