PROTECTION AND PROCESSING POLICY PERSONAL DATA
1. General Provisions
1.1. This Policy with respect to the processing of personal data (hereinafter-the Policy) is made in accordance with paragraph 2 of article 18.1 of the Federal law "on personal data" № 152-FZ of July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and acts in respect of all personal data (hereinafter – the Data), which "PMP ventilation" can receive from the subject of personal data, which is a party to the civil contract, from the Internet user (hereinafter- – The user) while using any of the sites, services, services, programs, products or services"PMP Ventilation", as well as from the subject of personal data consisting with "PMP Ventilation" in the relations regulated by the labor legislation (hereinafter – the Employee).
1.2. "PMP Ventilation" provides protection of processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal law of July 27, 2006 № 152-FZ "on personal data".
1.3. "PMP Ventilation" have the right to make changes in this Policy. When you make changes to The policy header, the date that the revision was last updated is specified. The new version of the Policy comes into force from the moment of its posting on the site, unless otherwise provided by the new version of the Policy.
2. Terms and abbreviations accepted
Personal data – any information related directly or indirectly to a specific or identifiable individual (subject of personal data).
Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data by means of computer equipment.
Information system of personal data (ISPD) is a set of personal data contained in databases and providing their processing of information technologies and technical means.
Personal data made available to the public subject of personal data – personal data, access to which is granted to an unlimited number of persons by the subject of personal data or at his request.
Blocking of personal data – temporary termination of personal data processing (except for cases where processing is necessary to clarify personal data).
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
"PMP ventilation", independently or jointly with other persons organizing the processing of personal data, as well as defining the purpose of processing personal data to be processed, actions (operations) performed with personal data.
3. Personal data processing
3.1. Obtaining personal data.
3.1.1. All personal data should be obtained from the subject. If the personal data of the subject can only be obtained from a third party, the subject must be notified or consent must be obtained.
3.1.2. PMP Ventilation shall inform the subject of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be received, the list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
- copies of the original documents (passport, education document, INN certificate, pension certificate, etc.).);
- entering information into accounting forms;
- obtaining the originals of the necessary documents (work book, medical report, characteristics, etc.).
3.2. Personal data processing.
3.2.1. The processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his personal data;
– in cases where the processing of personal data is necessary to carry out and perform the functions, powers and duties assigned by the legislation of the Russian Federation;
– in cases where the processing of personal data is carried out, the access of an unlimited number of persons to whom is provided by the subject of personal data or at his request (hereinafter – personal data made available to the public subject of personal data).
3.2.2. Purposes of personal data processing:
- implementation of labour relations;
- implementation of civil law relations;
– to contact you in connection with completing the feedback form on the website, including sending notifications, requests and information regarding use of the site "PMP Ventilation", treatment, coordination of orders and delivery execution of agreements and contracts;
- depersonalization of personal data to obtain anonymous statistical data that is transmitted to a third party for conducting research, performing works or rendering services on behalf of the store.
3.2.3. Categories of personal data subjects.
Personal data of the following personal data subjects is processed:
– natural persons "of PMP Ventilation" in labor relations;
– individuals who have resigned from "PMP Ventilation»;
– individuals who are candidates to work in the "PMP Ventilation»;
– natural persons "of PMP Ventilation" in civil-legal relations;
- individuals who are Users of the site "PMP Ventilation".
3.2.4. Personal data processed by " PMP Ventilation»:
- data obtained in the implementation of labor relations;
– data obtained for the selection of candidates for employment;
- data obtained in the implementation of civil law relations;
- data obtained from the website users of"PMP Ventilation".
3.2.5. Processing of personal data is carried out:
- with the use of automation;
- without the use of automation.
3.3. Storage of personal data.
3.3.1. Subjects ' personal data can be obtained, to be further processed and transmitted to storage, such as on paper and in electronic form.
3.3.2. The personal information recorded on paper is stored in lockable cabinets or in lockable rooms with restricted access.
3.3.3. Personal data of subjects processed with the use of automation for different purposes are stored in different folders.
3.3.4. Storage and placement of documents containing personal data in open electronic catalogs (file-sharing offices) in ISPD is not allowed.
3.3.5. Storage of personal data in the form that allows to determine the subject of personal data is carried out no longer than the purpose of their processing requires, and they are subject to destruction upon achieving the goals of processing or in case of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. Destruction of documents (carriers) containing personal data is carried out by burning, crushing (grinding), chemical decomposition, transformation into shapeless mass or powder. For the destruction of paper documents allowed the use of the shredder.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented by the act of destruction of carriers.
3.5. Transfer of personal data.
3.5.1. The operator transfers personal data to third parties in the following cases:
- the subject has expressed his consent to such actions;
- transfer is provided for by Russian or other applicable law within the procedure established by law.
3.5.2. The list of persons to whom personal data are transmitted.
– The pension Fund of the Russian Federation to account (legally);
- tax authorities of the Russian Federation (legally);
- Social insurance Fund of the Russian Federation (legally);
- territorial Fund of compulsory health insurance (legally);
- insurance medical organizations for compulsory and voluntary health insurance (legally);
- banks for payroll (on the basis of the contract);
- bodies of the Ministry of internal Affairs of Russia in the cases established by the legislation;
– anonymised personal data of Users of website "PMP Ventilation" transferred contractors "PMP Ventilation".
4. Protection of personal data
4.1. In accordance with the requirements of regulatory documents "PMP Ventilation" created a system of personal data protection (SZPD), consisting of subsystems of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a set of legal, organizational, administrative and regulatory documents that ensure the creation, functioning and improvement of the FDD.
4.3. The subsystem of organizational protection includes the organization of the structure of management of the FDD, permitting system, information protection when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a set of technical, software, software and hardware that provide protection of personal data.
4.4. The main measures of personal data protection used by "PMP Ventilation" are::
4.5.1. Appointment of a person responsible for the processing of personal data, which organizes the processing of personal data, training and instruction, internal control over compliance of the institution and its employees with the requirements for the protection of personal data.
4.5.2. Identification of actual threats to the security of personal data during their processing in the ISPD and development of measures and measures for the protection of personal data.
4.5.3. Development of a policy on the processing of personal data.
4.5.4. Establishment of rules of access to personal data processed in ISPD, as well as ensuring registration and accounting of all actions performed with personal data in ISPD.
4.5.5. Establishment of individual passwords for employees ' access to the information system in accordance with their production duties.
4.5.6. The use of the past in the prescribed manner and procedure of conformity assessment of information security tools.
4.5.7. Certified anti-virus software with regularly updated databases.
4.5.8. Compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them.
4.5.9. Detection of unauthorized access to personal data and taking measures.
4.5.10. Recovery of personal data modified or destroyed as a result of unauthorized access to them.
4.5.11. Training of employees of " PMP Ventilation "directly engaged in the processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the policy of" PMP Ventilation " in respect of personal data processing, local acts on personal data processing.
4.5.12. Implementation of internal control and audit.
5. Basic rights of the personal data subject and obligations of PMP Ventilation
5.1. Basic rights of the subject of personal data.
The subject has the right to access his / her personal data and the following information:
– confirmation of the processing of personal data "PMP Ventilation»;
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by PMP Ventilation;
- the name and location of "PMP Ventilation", information about persons (except employees of "PMP Ventilation") who have access to personal data or who may be disclosed personal data on the basis of the contract with "PMP Ventilation" or on the basis of Federal law;
- terms of processing of personal data, including their storage;
- procedure for the exercise by the subject of personal data of the rights provided for by the Federal law;
- name or surname, name, patronymic and address of the person processing personal data on behalf of "PMP Ventilation", if the processing is or will be entrusted to such person;
– an appeal to the "PMP Ventilation" and sending requests;
- appeal against the actions or omissions of "PMP Ventilation".
5.2. Obligations "PMP Ventilation".
"PMP Ventilation" is obliged:
- when collecting personal data to provide information about the processing of personal data;
– in cases if personal data were received not from data subject, to notify the subject;
- in case of refusal to provide personal data to the subject, the consequences of such refusal are explained;
- publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information on the requirements for the protection of personal data;
- take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions with respect to personal data;
- to respond to requests and appeals of personal data subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.