POLICY ON PERSONAL DATA PROCESSING The Personal Data Processing Policy (hereinafter, the "Policy") has been developed in accordance with the Federal Law dated July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter, the "152-FZ"). No. 152-FZ "On Personal Data" (hereinafter "152-FZ").
This Policy defines the procedure of personal data processing and measures to ensure personal data security by the Personal Data Operator (hereinafter - the Operator) to protect human and civil rights and freedoms in processing personal data, including protection of privacy rights, personal and family secrets.
1. TERMS AND DEFINITIONS Automated processing of personal data - processing of personal data by means of computer technology;
Blocking of personal data - temporary termination of personal data processing (except when processing is necessary to clarify personal data);
Information system of personal data - a set of personal data contained in databases of personal data, and information technologies and technical means ensuring their processing;
Personal data depersonalization - actions, as a result of which it is impossible to determine, without the use of additional information, whether the personal data belongs to a particular personal data subject;
Processing of personal data - any action (operation) or a set of actions (operations), performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data;
Operator - "Cerevrum" Limited Liability Company (INN 7716877250; OGRN 5177746205896), independently or jointly with others, organize and (or) carry out the processing of personal data, as well as determine the purpose of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data;
Personal data - any information relating to, directly or indirectly identified or defined by an individual (the subject of the personal data);
User - a natural person - subject of personal data in accordance with 152-FZ "On Personal Data";
Provision of personal data - actions aimed at the disclosure of personal data to a certain person or a certain range of persons;
Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite range of persons (transfer of personal data) or to familiarize the general public with personal data, including the publication of personal data in the media, placing in information and telecommunications networks or provide access to personal data in any other way;
Website means an electronic resource located at the e-mail address https://dailo.co, including all Internet pages of the specified domain name;
Cross-border transfer of personal data - transfer of personal data to a foreign country to a foreign authority, a foreign individual or a foreign legal entity;
Destruction of personal data - actions, as a result of which it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING 2.1 Principles of processing of personal data
Processing of personal data at the Operator is based on the following principles:
legality and fair basis; limitation of processing of personal data by achieving specific, predetermined and legitimate purposes; inadmissibility of processing of personal data incompatible with the purposes of personal data collection; inadmissibility of combining databases containing personal data whose processing is incompatible with each other; processing only those personal data that meet the purposes of processing; compliance of content and scope of processed personal data with stated processing purposes; Inadmissibility of processing of personal data, excessive in relation to stated objectives of its processing; Ensuring accuracy, sufficiency and relevance of personal data in relation to objectives of personal data processing; Destruction or depersonalization of personal data upon achievement of objectives of its processing or in case of loss of necessity in achievement of such objectives, if the Operator fails to eliminate committed violations of personal data, unless otherwise provided by the federal law.
2.2 Conditions for processing of personal data
The operator performs processing of personal data in the presence of at least one of the following conditions:
Processing of personal data is carried out with the consent of the subject of personal data for processing of his/her personal data; Processing of personal data is necessary to achieve the purposes provided for by an international treaty of the Russian Federation or law, to implement and perform the functions, powers and duties imposed on the operator by the legislation of the Russian Federation; Processing of personal data is necessary for administration of justice, execution of a court act, act of another body or official, subject to the Processing of personal data is necessary to perform the contract, which party or beneficiary or guarantor under which the subject of personal data, as well as for the conclusion of the contract on the initiative of the subject of personal data or the contract, under which the subject of personal data will be a beneficiary or guarantor; Processing of personal data is necessary for exercise of rights and legal interests of the operator or third parties or to achieve socially important goals, provided that the rights and freedoms of the personal data subject are not violated; processing of personal data, access to which is provided to the unlimited range of persons by the subject of personal data or at his request (hereinafter - public personal data); processing of personal data subject to publication or compulsory disclosure in accordance with federal low.
2.3 Confidentiality of personal data
The operator and other persons who obtained access to personal data are obliged not to disclose to third parties and not to disseminate personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
2.4 Publicly accessible sources of personal data
For information purposes, the Operator may create publicly available sources of personal data of subjects of personal data, including directories and address books. Surname, name, patronymic, date and place of birth, position, contact telephone numbers, e-mail address and other personal data provided by the subject of personal data may be included in public sources of personal data with written consent of the subject of personal data.
Information about the subject of personal data shall at any time be excluded from publicly available sources of personal data at the request of the subject of personal data, the authorized body for protection of rights of subjects of personal data or by a court decision.
2.5 Special categories of personal data
The operator's processing of special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, health status, intimate life shall be permitted in cases where:
the subject of personal data has given consent in writing to the processing of his personal data; personal data is made publicly available by the subject of personal data; processing of personal data is carried out in accordance with the legislation on state social assistance, labor legislation, the legislation of the Russian Federation on state pension pensions, on labor pensions; processing of personal data is necessary to protect the life, health or other vital interests of the subject Processing of personal data is performed for medico-prophylactic purposes, in order to establish a medical diagnosis, provision of medical and medico-social services provided that the processing of personal data is performed by a person professionally engaged in medical activities and obliged in accordance with the legislation of the Russian Federation to maintain medical confidentiality; processing of personal data is necessary to establish or exercise the rights of the subject of personal data or third parties, and also in connection with the implementation of The processing of special categories of personal data, carried out in cases stipulated by point 4 of Article 10 of the Federal Law № 152, should be immediately terminated, if the reasons, due to which they were processed, were eliminated, unless otherwise provided by the federal law.
The operator may process personal data on criminal records only in cases and in the manner determined in accordance with federal laws.
2.6 Biometric personal data
Information that characterizes a person's physiological and biological characteristics, on the basis of which it is possible to establish his identity - biometric personal data - may be processed by the Operator only with the consent of the subject of personal data in writing.
2.7 Mandating the processing of personal data to another person
The operator may entrust processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, based on a contract to be entered into with that person. The person processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing stipulated by FZ-152 and this Policy
2.8 Processing of personal data of citizens of the Russian Federation
In accordance with Article 2 of the Federal Law dated July 21, 2014 N 242-FZ "On Amendments to Certain Legislative Acts of the Russian Federation in terms of clarifying the procedure for processing personal data in information and telecommunications networks" when collecting personal data, including through the information and telecommunications network "Internet", the operator shall ensure recording, systematization, accumulation, storage, clarification (updating, changing), extraction of personal data of citizens of the Russian Federation using databases,
Processing of personal data is necessary for achievement of the purposes envisaged by the international treaty of the Russian Federation or the law, for implementation and execution of the functions, powers and duties imposed on the operator by the legislation of the Russian Federation
Processing of personal data is necessary for administration of justice, execution of a judicial act, act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings (hereinafter - execution of a judicial act);
Processing of personal data is necessary for execution of authorities of federal executive bodies, bodies of state extra-budgetary funds, executive bodies of state authorities of constituent entities of the Russian Federation, local governments, and functions of organizations, participating in provision of state and municipal services provided by the Federal Law dated July 27, 2010 N 210-FZ "On Organization of provision of state and municipal services", including registration of a subject of personal data
Processing of personal data is necessary for professional activities of a journalist and (or) the legitimate activities of the mass media or scientific, literary or other creative activity, provided that the rights and legitimate interests of the subject of personal data are not violated.
2.9.Cross-border transfer of personal data
The operator shall make sure that the foreign country, to the territory of which the transfer of personal data is supposed to be carried out, provides adequate protection of the rights of personal data subjects before starting such transfer.
Cross-border transfer of personal data to the territory of foreign countries, not providing adequate protection of the rights of personal data subjects, may be carried out in cases where:
Presence of the consent in writing of the subject of personal data for the cross-border transfer of his/her personal data; Execution of an agreement, to which the subject of personal data is a party.
3. RIGHTS OF THE SUBJECT OF PERSONAL DATA 3.1 Consent of the subject of personal data to the processing of his/her personal data
The subject of personal data decides to provide his/her personal data and consents to its processing freely, willingly and in his/her own interest. Consent to the processing of personal data may be given by the subject of personal data or his representative in any form which allows to confirm the fact of its receipt, unless otherwise provided by federal law.
3.2 Rights of the subject of personal data
The subject of personal data has the right to obtain from the operator information relating to the processing of his personal data, unless such right is limited in accordance with federal laws. The subject of personal data has the right to demand from the Operator clarification of his personal data, their blocking or destruction in case personal data are incomplete, outdated, inaccurate, illegally received or are not necessary for the declared purpose of processing, and to take statutory measures to protect their rights.
The processing of personal data in order to promote goods, works, services on the market through direct contact with the subject of personal data (potential consumer) by means of communication, as well as for political agitation purposes is allowed only with the prior consent of the subject of personal data.
The operator shall immediately cease, at the request of the personal data subject, the processing of his personal data for the aforementioned purposes.
No decision may be made based solely on automated personal data processing that produces legal consequences with respect to the personal data subject or otherwise affects his or her rights and legitimate interests, except as provided by federal laws, or with the consent in writing of the personal data subject.
If the subject of personal data believes that the operator carries out processing of his personal data in violation of the requirements of FZ-152 or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal the actions or inaction of the operator to the competent authority to protect the rights of subjects of personal data or in court.
The subject of personal data is entitled to protection of his/her rights and legitimate interests, including compensation for losses and (or) compensation for moral harm.
4. ENSURING SECURITY OF PERSONAL DATA Security of personal data processed by the Operator is ensured by implementation of legal, organizational and technical measures required to ensure the requirements of federal legislation in the field of protection of personal data.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
Appointment of officials responsible for the organization of processing and protection of personal data;
Restricting the composition of persons allowed to process personal data;
Familiarization of subjects with the requirements of federal legislation and regulatory documents of the Operator on processing and protection of personal data;
Organization of accounting, storage and circulation of media containing information on personal data;
Identification of threats to the security of personal data in their processing, the formation of models of threats;
Development of the system of protection of personal data based on the threat model;
Verifying the readiness and effectiveness of the use of information security tools;
Delimitation of user access to information resources and software and hardware for information processing;
Registration and accounting of actions of users of personal data information systems;
Use of antivirus and recovery tools of personal data protection system;
Application of firewall, intrusion detection, security analysis and cryptographic protection of information where necessary;
Organization of security of premises with technical means of personal data processing.
5. CONSENT TO THE PROCESSING OF PERSONAL DATABy providing his data on all pages of the site by filling in the fields of the online application, the User:
- Confirms that the personal data indicated by him personally belongs to him; acknowledges and confirms that he has carefully and fully read this Agreement and the terms of processing of his personal data contained therein, indicated by him in the fields of the online application on the Site;
- acknowledges and confirms that he understands all the provisions of this Agreement and the terms of processing of his personal data;
- agrees to the processing of personal data provided by the Site for the purposes of the User's registration on the Site;
- agrees to the terms of processing of personal data without any reservations or limitations.
The user gives his consent to the processing of his personal data, namely the performance of the actions stipulated in paragraph. 3 ч. Article 3, Part 1 of the 152-FZ "On Personal Data", and confirms that by giving such consent he acts freely, of his own free will and in his own interest. User's consent to the processing of personal data is specific, informed and conscious.
This User's consent applies to the processing of the following personal data:
- surname, first name, patronymic;
- telephone numbers;
E-mail addresses (e-mail).
The User, gives the Operator the right to perform the following actions (operations) with personal data:
- collection and accumulation;
- Storage for the statutory retention periods, but not less than three years, from the date of termination of the User's use of the Site;
- specification (updating, modification);
- use for the purposes of the User's registration on the Site;
- destruction;
- transfer by court order, including to third parties, subject to measures to ensure the protection of
personal data from unauthorized access.
This consent is valid indefinitely from the date of data submission and may be revoked by the user by submitting an application to the operator indicating the data defined in Art. 14 of the Federal Law "On Personal Data".
Withdrawal of consent to personal data processing may be made by the user by sending a corresponding order in simple written form to the e-mail address (e-mail) info@cerevrum.com.
The operator is not responsible for the use (both lawful and unlawful) by third parties of the information posted by the User on the Site, including its reproduction and distribution, carried out by all possible means. The Site has the right to change this Agreement. The date of the last update shall be specified when making changes in the current edition. The new version of the Agreement comes into force from the moment of its posting, unless otherwise provided by the new version of the Agreement.
The current version is always available at
www.cerevrum.ru/data_processing. This Agreement and the relations between the User and the Operator arising from the application of the Agreement shall be governed by the substantive and procedural law of the Russian Federation.
6. FINAL PROVISIONS
Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data.
7. REFERENCE
For information regarding the processing of your personal data, to send all statements regarding the processing of your personal data, write to us at: info@cerevrum.com