PERSONAL DATA PROCESSING AND SECURITY POLICY
1. GENERAL PROVISIONS
1.1. This Policy in the field of processing and ensuring the security of personal data (hereinafter referred to as the Policy) is the basis for the organization of work on processing and ensuring the security of personal data in LLC "Euclid Technologies" (OGRN 1217700483110, 25480, Moscow, Planernaya ul., 3 K. 1, room. II floor 1 room. 8, hereinafter – the Company). The provisions of this Policy apply to all employees of the Company who have access to personal data.
1.2. This Policy is publicly available and is subject to posting on the Company's website. The Company reserves the right to update and change the Policy at any time.
1.3. The processing of personal data in the Company is carried out in accordance with the requirements of the current legislation and the following basic principles:
· legality of the purposes and methods of personal data processing and integrity;
· compliance of the purposes of personal data processing with the goals previously defined and declared when collecting personal data, as well as the Company's powers;
· compliance of the volume and nature of the processed personal data, methods of personal data processing with the purposes of personal data processing;
· the reliability of personal data, their relevance and sufficiency for the purposes of processing, the inadmissibility of processing excessive in relation to the purposes of collecting personal data;
· legitimacy of organizational and technical measures to ensure the security of personal data;
· continuous improvement of the level of knowledge of the Company's employees in the field of ensuring the security of personal data during their processing;
· striving for continuous improvement of the personal data protection system.
1.4. In order to maintain its business reputation, the Company considers the most important task to ensure the legitimacy of the processing and security of personal data of subjects in the Company's business processes.
1.5. To solve this problem, the Company has introduced, operates and undergoes periodic review (control) of the personal data protection system.
2. BASIC CONCEPTS USED IN THE POLICY
2.1. Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction of personal data.
2.2. Operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.3. The subject of personal data is a certain or identifiable individual to whom personal data directly or indirectly relates.
2.4. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
2.5. Confidentiality of personal data is a mandatory requirement for a person who has access to personal data not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1. In accordance with the principles of personal data processing, the Company defines the purposes of their processing:
3.1.1. The implementation of labor relations with employees of the Company in accordance with applicable labor legislation and concluded labor contracts, including:
· reviewing resumes and selecting candidates for a vacant position for further employment;
· fulfillment by the Company of the obligations stipulated by the concluded contracts and local regulations ensuring their fulfillment;
· ensuring the conditions and processes necessary for the Company's employees to perform their work duties;
· assistance to employees in training and career growth;
· assistance in obtaining social benefits and compensations by the Company's employees.
3.1.2. Conclusion, execution, maintenance, modification, termination of contracts with counterparties, taking into account the requirements of current legislation, including:
· conclusion, maintenance, modification, termination of contracts;
· fulfillment by the Company of the obligations stipulated by the contracts;
· fulfillment by the Company of obligations stipulated by federal legislation and other regulatory legal acts;
· conducting negotiations and contract approval processes;
· providing an opportunity to use the Company's Internet services in accordance with user (license) agreements;
· confirmation of account ownership in the service to the user;
· fulfillment of obligations stipulated by the rules of events (contests), including, but not limited to, the issuance of prizes to participants, payment of taxes;
3.1.3. Registration of guest passes for a single pass to the territory of the Company;
3.1.4. Processing of appeals (complaints, claims, statements, etc.) under concluded contracts (including from users) or in accordance with the current legislation of the Russian Federation.
3.1.5. information support for persons using the Company's information system.
4. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
4.1. The Company processes personal data on the following legal grounds:
· Charter of Euclid Technologies LLC;
· Labor legislation, including the Labor Code of the Russian Federation No. 197-FZ dated 30.12.2001, the Law of the Russian Federation No. 1032-1 dated 19.04.1991 "On Employment of the Population in the Russian Federation";
· Civil Code of the Russian Federation No. 51-FZ of 30.11.1994 (Part One), No. 14-FZ of 26.01.1996 (Part Two), No. 146-FZ of 26.11.2001 (Part Three), No. 230-FZ of 18.12.2006 (Part Four);
· Tax Code of the Russian Federation No. 146-FZ of 31.07.1998 (Part One), No. 117-FZ of 05.08.2000 (Part Two);
· Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
· Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection";
· Federal Law No. 135-FZ of 26.07.2006 "On Protection of Competition";
· Federal Law No. 167-FZ dated 15.12.2001 "On Compulsory Pension Insurance";
· Federal Law No. 27-FZ of 01.04.1996 "On Individual (Personalized) accounting in the compulsory pension Insurance system";
· Federal Law No. 402-FZ dated 06.12.2011 "On Accounting";
· Resolution of the State Committee of the Russian Federation on Statistics No. 1 dated 05.01.2004 "On approval of unified forms of primary accounting documentation on labor accounting and its payment";
· Resolutions of authorized bodies;
· Contract with the counterparty;
· User (license) agreement of the Internet service;
· Rules of events (contests) (agreement);
· Consent to the processing of personal data;
· Consent to the processing of personal data authorized by the subject of personal data for dissemination;
· Local acts adopted by the Company in accordance with the legislation on personal data, including this Policy and the current version of the Regulation on the processing of Personal Data in Euclid Technologies LLC.
4.2. For each of the Company's Internet services, a corresponding privacy policy is provided that does not contradict this Policy.
5. CATEGORIES OF PERSONAL DATA SUBJECTS AND THE VOLUME OF PERSONAL DATA PROCESSED
5.1. The Company processes or allows the processing of personal data of the following categories of personal data subjects:
· applicants;
· employees of the Company;
· former employees of the Company;
· relatives of Company employees;
· individuals affiliated with the Company;
· individuals who have contractual relations with the Company:
o executors of contracts with individuals;
o individual entrepreneurs;
o users of the Company's Internet services;
o guests of the Company on business trips;
o participants of events (contests) held by the Company.
· representatives of persons having contractual relations with the Company;
· employees of persons who have signed a contract with the Company;
· Company visitors;
· subjects of personal data submitting statements, claims and other appeals to the Company;
· representatives of personal data subjects submitting statements, claims and other appeals to the Company on behalf of personal data subjects.
5.2. The volume of personal data processed by the Company for the purpose of concluding, executing, maintaining, changing, terminating agreements with users of the Company's services is determined by the Privacy Policy of the services Mail.ru , posted at https://videus.ru/privacy , and is specified by the privacy policies of the relevant Internet services.
5.3. The volume of personal data processed by the Company for other purposes provided for in this Policy is determined by local acts of the Company and is brought to the attention of personal data subjects upon request.
5.4. Processing of special categories of personal data by the Company is allowed only in cases stipulated by the federal legislation of the Russian Federation.
5.5. The Company does not process biometric personal data unless otherwise explicitly stated in the privacy policy of the Company's Internet Services or in a separate local regulatory act.
6. BASIC RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS
6.1. Personal data subjects have the right to:
6.1.1. receive information concerning their personal data and its processing in the manner and to the extent provided for by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
6.1.2. appoint representatives;
6.1.3. require the Company to clarify personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
6.1.4. take measures provided for by the legislation of the Russian Federation to protect their rights;
6.1.5. revoke consent to the processing of personal data in accordance with the procedure provided for in this Policy;
6.2. Personal data subjects are obliged to exercise their rights in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", including Part 3 of Article 14, which establishes requirements for the content of requests from subjects, as well as other regulatory legal acts.
7. BASIC RULES OF PERSONAL DATA PROCESSING
7.1. The Company processes personal data, namely: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), blocking, deletion and destruction of personal data only if there are grounds and within the time limits provided for by applicable law.
7.2. The processing of personal data by the Company is carried out both with and without the use of automation tools (including mixed processing).
7.3. When processing personal data, the Company respects the rights of personal data subjects and fulfills the operator's obligations provided for by the legislation of the Russian Federation on personal data.
7.4. The Company's processing of personal data may be carried out on behalf of third parties. In such cases, the Company is not an operator and is not obliged to obtain consent to the processing of personal data from personal data subjects.
7.5. When processing personal data of a personal data subject, the Company has the right to entrust the processing of personal data to another person with the consent of the personal data subject and on the basis of an agreement concluded with this person.
7.6. When collecting personal data, the Company ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
7.7. The Company prohibits making decisions regarding personal data subjects based solely on automated processing of their personal data.
7.8. In the course of its activities, the Company may transfer personal data to third parties, in cases provided for by the legislation of the Russian Federation or with the consent of the subject of personal data.
8. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
8.1. In case of confirmation of the fact of inaccuracy of personal data or illegality of their processing, personal data are subject to updating by the Company.
8.2. Upon achieving the purposes of personal data processing, as well as in the case of withdrawal by the subject of personal data of consent to their processing, the Company terminates the processing of personal data in the manner provided for in Part 7 of Article 5 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
8.3. The Company has the right to continue processing personal data if the purpose of processing is achieved, if there are other legal grounds. The Company also has the right to continue processing personal data after revoking the consent of the subject to the processing of personal data, if there are grounds provided for in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of the Federal Law of the Russian Federation No. 152-FZ of 27.07.2006 "On Personal Data".
8.4. In case of detection of unlawful processing of personal data, they are subject to destruction by the Company in accordance with the procedure provided for by the legislation of the Russian Federation on personal data.
8.5. The Company responds to requests/requests of personal data subjects and their representatives, as well as authorized bodies in accordance with the current legislation of the Russian Federation.
8.6. Requests/appeals of the specified subjects concerning inaccuracy of personal data, illegality of their processing, access of the subject of personal data to their personal data are sent to the address of the Company's location in writing or in another manner provided for by the current legislation of the Russian Federation. The withdrawal of consent to the processing of personal data is sent by the personal data subject in writing to the address of the Company's location.
8.7. The Company has the right to restrict the access of a personal data subject to his personal data in cases provided for by federal laws of the Russian Federation, including if access violates the rights and legitimate interests of third parties.
8.8. When sending a request/appeal to the Company in order to exercise the rights of the personal data subject, it is necessary to indicate:
· the surname, first name, patronymic of the personal data subject or his representative;
· the number of the main identity document of the personal data subject or his representative;
· information about the date of issue of the specified document and the issuing authority;
· information confirming that the subject of personal data has a relationship with the Company (for example, the number and date of the contract, the name of the contest, the user ID in the Company's services: login, id, link to profile, phone number, email address or otherwise), or information that may indicate the processing of personal data by the Company of the relevant subject;
· signature of the personal data subject (or his representative).
8.9. When sending a withdrawal of consent to the processing of Personal Data to the Company in order to exercise the rights of the subject of personal data, it is necessary to specify, including:
· the surname, first name, patronymic of the subject of personal data or his representative, the address of the subject of personal data;
· information confirming that the subject of personal data has a relationship with the Company (for example, the number and date of the contract, the name of the contest, the user ID in the Company's services: login, id, link to profile, phone number, email address or otherwise), or information that may indicate the processing of personal data by the Company of the relevant subject;
· signature of the personal data subject (or his representative).
9. FULFILLED REQUIREMENTS TO ENSURE THE SECURITY OF PERSONAL DATA
9.1. In order to ensure the security of personal data during their processing, the Company implements the requirements of applicable regulatory documents in the field of processing and ensuring the security of personal data, including:
· Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
· Decree of the Government of the Russian Federation of 01.11.2012
No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
· Decree of the Government of the Russian Federation of 15.09.2008
No. 687 "On approval of the Regulation on the specifics of personal data processing carried out without the use of automation tools";
· Order of the FSTEC of Russia dated 18.02.2013 No. 21 "On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems".
9.2. The Company evaluates the harm that may be caused to the subjects of personal data and determines the threats to the security of personal data. In accordance with the identified current threats, the Company applies the necessary and sufficient organizational and technical measures, including the use of information security tools, the detection of unauthorized access, the recovery of personal data, the establishment of rules for access to personal data, as well as monitoring and evaluating the effectiveness of the measures applied.
9.3. The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.
9.4. The Company's management is aware of the need and is interested in ensuring that the level of security of personal data processed within the framework of the Company's core activities is adequate both from the point of view of the requirements of regulatory documents of the Russian Federation and reasonable from the point of view of assessing risks to business.
Edition of 04/14/2022
1.1. This Policy in the field of processing and ensuring the security of personal data (hereinafter referred to as the Policy) is the basis for the organization of work on processing and ensuring the security of personal data in LLC "Euclid Technologies" (OGRN 1217700483110, 25480, Moscow, Planernaya ul., 3 K. 1, room. II floor 1 room. 8, hereinafter – the Company). The provisions of this Policy apply to all employees of the Company who have access to personal data.
1.2. This Policy is publicly available and is subject to posting on the Company's website. The Company reserves the right to update and change the Policy at any time.
1.3. The processing of personal data in the Company is carried out in accordance with the requirements of the current legislation and the following basic principles:
· legality of the purposes and methods of personal data processing and integrity;
· compliance of the purposes of personal data processing with the goals previously defined and declared when collecting personal data, as well as the Company's powers;
· compliance of the volume and nature of the processed personal data, methods of personal data processing with the purposes of personal data processing;
· the reliability of personal data, their relevance and sufficiency for the purposes of processing, the inadmissibility of processing excessive in relation to the purposes of collecting personal data;
· legitimacy of organizational and technical measures to ensure the security of personal data;
· continuous improvement of the level of knowledge of the Company's employees in the field of ensuring the security of personal data during their processing;
· striving for continuous improvement of the personal data protection system.
1.4. In order to maintain its business reputation, the Company considers the most important task to ensure the legitimacy of the processing and security of personal data of subjects in the Company's business processes.
1.5. To solve this problem, the Company has introduced, operates and undergoes periodic review (control) of the personal data protection system.
2. BASIC CONCEPTS USED IN THE POLICY
2.1. Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction of personal data.
2.2. Operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.3. The subject of personal data is a certain or identifiable individual to whom personal data directly or indirectly relates.
2.4. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
2.5. Confidentiality of personal data is a mandatory requirement for a person who has access to personal data not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
3. PURPOSES OF PERSONAL DATA PROCESSING
3.1. In accordance with the principles of personal data processing, the Company defines the purposes of their processing:
3.1.1. The implementation of labor relations with employees of the Company in accordance with applicable labor legislation and concluded labor contracts, including:
· reviewing resumes and selecting candidates for a vacant position for further employment;
· fulfillment by the Company of the obligations stipulated by the concluded contracts and local regulations ensuring their fulfillment;
· ensuring the conditions and processes necessary for the Company's employees to perform their work duties;
· assistance to employees in training and career growth;
· assistance in obtaining social benefits and compensations by the Company's employees.
3.1.2. Conclusion, execution, maintenance, modification, termination of contracts with counterparties, taking into account the requirements of current legislation, including:
· conclusion, maintenance, modification, termination of contracts;
· fulfillment by the Company of the obligations stipulated by the contracts;
· fulfillment by the Company of obligations stipulated by federal legislation and other regulatory legal acts;
· conducting negotiations and contract approval processes;
· providing an opportunity to use the Company's Internet services in accordance with user (license) agreements;
· confirmation of account ownership in the service to the user;
· fulfillment of obligations stipulated by the rules of events (contests), including, but not limited to, the issuance of prizes to participants, payment of taxes;
3.1.3. Registration of guest passes for a single pass to the territory of the Company;
3.1.4. Processing of appeals (complaints, claims, statements, etc.) under concluded contracts (including from users) or in accordance with the current legislation of the Russian Federation.
3.1.5. information support for persons using the Company's information system.
4. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
4.1. The Company processes personal data on the following legal grounds:
· Charter of Euclid Technologies LLC;
· Labor legislation, including the Labor Code of the Russian Federation No. 197-FZ dated 30.12.2001, the Law of the Russian Federation No. 1032-1 dated 19.04.1991 "On Employment of the Population in the Russian Federation";
· Civil Code of the Russian Federation No. 51-FZ of 30.11.1994 (Part One), No. 14-FZ of 26.01.1996 (Part Two), No. 146-FZ of 26.11.2001 (Part Three), No. 230-FZ of 18.12.2006 (Part Four);
· Tax Code of the Russian Federation No. 146-FZ of 31.07.1998 (Part One), No. 117-FZ of 05.08.2000 (Part Two);
· Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
· Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection";
· Federal Law No. 135-FZ of 26.07.2006 "On Protection of Competition";
· Federal Law No. 167-FZ dated 15.12.2001 "On Compulsory Pension Insurance";
· Federal Law No. 27-FZ of 01.04.1996 "On Individual (Personalized) accounting in the compulsory pension Insurance system";
· Federal Law No. 402-FZ dated 06.12.2011 "On Accounting";
· Resolution of the State Committee of the Russian Federation on Statistics No. 1 dated 05.01.2004 "On approval of unified forms of primary accounting documentation on labor accounting and its payment";
· Resolutions of authorized bodies;
· Contract with the counterparty;
· User (license) agreement of the Internet service;
· Rules of events (contests) (agreement);
· Consent to the processing of personal data;
· Consent to the processing of personal data authorized by the subject of personal data for dissemination;
· Local acts adopted by the Company in accordance with the legislation on personal data, including this Policy and the current version of the Regulation on the processing of Personal Data in Euclid Technologies LLC.
4.2. For each of the Company's Internet services, a corresponding privacy policy is provided that does not contradict this Policy.
5. CATEGORIES OF PERSONAL DATA SUBJECTS AND THE VOLUME OF PERSONAL DATA PROCESSED
5.1. The Company processes or allows the processing of personal data of the following categories of personal data subjects:
· applicants;
· employees of the Company;
· former employees of the Company;
· relatives of Company employees;
· individuals affiliated with the Company;
· individuals who have contractual relations with the Company:
o executors of contracts with individuals;
o individual entrepreneurs;
o users of the Company's Internet services;
o guests of the Company on business trips;
o participants of events (contests) held by the Company.
· representatives of persons having contractual relations with the Company;
· employees of persons who have signed a contract with the Company;
· Company visitors;
· subjects of personal data submitting statements, claims and other appeals to the Company;
· representatives of personal data subjects submitting statements, claims and other appeals to the Company on behalf of personal data subjects.
5.2. The volume of personal data processed by the Company for the purpose of concluding, executing, maintaining, changing, terminating agreements with users of the Company's services is determined by the Privacy Policy of the services Mail.ru , posted at https://videus.ru/privacy , and is specified by the privacy policies of the relevant Internet services.
5.3. The volume of personal data processed by the Company for other purposes provided for in this Policy is determined by local acts of the Company and is brought to the attention of personal data subjects upon request.
5.4. Processing of special categories of personal data by the Company is allowed only in cases stipulated by the federal legislation of the Russian Federation.
5.5. The Company does not process biometric personal data unless otherwise explicitly stated in the privacy policy of the Company's Internet Services or in a separate local regulatory act.
6. BASIC RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS
6.1. Personal data subjects have the right to:
6.1.1. receive information concerning their personal data and its processing in the manner and to the extent provided for by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
6.1.2. appoint representatives;
6.1.3. require the Company to clarify personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
6.1.4. take measures provided for by the legislation of the Russian Federation to protect their rights;
6.1.5. revoke consent to the processing of personal data in accordance with the procedure provided for in this Policy;
6.2. Personal data subjects are obliged to exercise their rights in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data", including Part 3 of Article 14, which establishes requirements for the content of requests from subjects, as well as other regulatory legal acts.
7. BASIC RULES OF PERSONAL DATA PROCESSING
7.1. The Company processes personal data, namely: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), blocking, deletion and destruction of personal data only if there are grounds and within the time limits provided for by applicable law.
7.2. The processing of personal data by the Company is carried out both with and without the use of automation tools (including mixed processing).
7.3. When processing personal data, the Company respects the rights of personal data subjects and fulfills the operator's obligations provided for by the legislation of the Russian Federation on personal data.
7.4. The Company's processing of personal data may be carried out on behalf of third parties. In such cases, the Company is not an operator and is not obliged to obtain consent to the processing of personal data from personal data subjects.
7.5. When processing personal data of a personal data subject, the Company has the right to entrust the processing of personal data to another person with the consent of the personal data subject and on the basis of an agreement concluded with this person.
7.6. When collecting personal data, the Company ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
7.7. The Company prohibits making decisions regarding personal data subjects based solely on automated processing of their personal data.
7.8. In the course of its activities, the Company may transfer personal data to third parties, in cases provided for by the legislation of the Russian Federation or with the consent of the subject of personal data.
8. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
8.1. In case of confirmation of the fact of inaccuracy of personal data or illegality of their processing, personal data are subject to updating by the Company.
8.2. Upon achieving the purposes of personal data processing, as well as in the case of withdrawal by the subject of personal data of consent to their processing, the Company terminates the processing of personal data in the manner provided for in Part 7 of Article 5 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
8.3. The Company has the right to continue processing personal data if the purpose of processing is achieved, if there are other legal grounds. The Company also has the right to continue processing personal data after revoking the consent of the subject to the processing of personal data, if there are grounds provided for in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of the Federal Law of the Russian Federation No. 152-FZ of 27.07.2006 "On Personal Data".
8.4. In case of detection of unlawful processing of personal data, they are subject to destruction by the Company in accordance with the procedure provided for by the legislation of the Russian Federation on personal data.
8.5. The Company responds to requests/requests of personal data subjects and their representatives, as well as authorized bodies in accordance with the current legislation of the Russian Federation.
8.6. Requests/appeals of the specified subjects concerning inaccuracy of personal data, illegality of their processing, access of the subject of personal data to their personal data are sent to the address of the Company's location in writing or in another manner provided for by the current legislation of the Russian Federation. The withdrawal of consent to the processing of personal data is sent by the personal data subject in writing to the address of the Company's location.
8.7. The Company has the right to restrict the access of a personal data subject to his personal data in cases provided for by federal laws of the Russian Federation, including if access violates the rights and legitimate interests of third parties.
8.8. When sending a request/appeal to the Company in order to exercise the rights of the personal data subject, it is necessary to indicate:
· the surname, first name, patronymic of the personal data subject or his representative;
· the number of the main identity document of the personal data subject or his representative;
· information about the date of issue of the specified document and the issuing authority;
· information confirming that the subject of personal data has a relationship with the Company (for example, the number and date of the contract, the name of the contest, the user ID in the Company's services: login, id, link to profile, phone number, email address or otherwise), or information that may indicate the processing of personal data by the Company of the relevant subject;
· signature of the personal data subject (or his representative).
8.9. When sending a withdrawal of consent to the processing of Personal Data to the Company in order to exercise the rights of the subject of personal data, it is necessary to specify, including:
· the surname, first name, patronymic of the subject of personal data or his representative, the address of the subject of personal data;
· information confirming that the subject of personal data has a relationship with the Company (for example, the number and date of the contract, the name of the contest, the user ID in the Company's services: login, id, link to profile, phone number, email address or otherwise), or information that may indicate the processing of personal data by the Company of the relevant subject;
· signature of the personal data subject (or his representative).
9. FULFILLED REQUIREMENTS TO ENSURE THE SECURITY OF PERSONAL DATA
9.1. In order to ensure the security of personal data during their processing, the Company implements the requirements of applicable regulatory documents in the field of processing and ensuring the security of personal data, including:
· Federal Law No. 152-FZ of 27.07.2006 "On Personal Data";
· Decree of the Government of the Russian Federation of 01.11.2012
No. 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
· Decree of the Government of the Russian Federation of 15.09.2008
No. 687 "On approval of the Regulation on the specifics of personal data processing carried out without the use of automation tools";
· Order of the FSTEC of Russia dated 18.02.2013 No. 21 "On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems".
9.2. The Company evaluates the harm that may be caused to the subjects of personal data and determines the threats to the security of personal data. In accordance with the identified current threats, the Company applies the necessary and sufficient organizational and technical measures, including the use of information security tools, the detection of unauthorized access, the recovery of personal data, the establishment of rules for access to personal data, as well as monitoring and evaluating the effectiveness of the measures applied.
9.3. The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.
9.4. The Company's management is aware of the need and is interested in ensuring that the level of security of personal data processed within the framework of the Company's core activities is adequate both from the point of view of the requirements of regulatory documents of the Russian Federation and reasonable from the point of view of assessing risks to business.
Edition of 04/14/2022
