PRYAN LLC's Personal Data Processing Policy
1. General provisions
The Personal Data Processing Policy (hereinafter referred to as the "Policy") is developed in accordance with Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter referred to as "FZ-152").
This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in PRIAN LLC (hereinafter referred to as the Operator) in order to protect the rights and freedoms of a person and citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets.
The Policy uses the following basic concepts:
- automated processing of personal data-processing of personal data using computer technology;
- blocking of personal data-temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data);
- personal data information system-a set of personal data contained in databases, and information technologies and technical means that ensure their processing;
- depersonalization of personal data-actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information;
- personal data processing-any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution provision, access), depersonalization, blocking, deletion, destruction of personal data;
- operator-a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and /or performs the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
- personal data-any information related directly or indirectly to a specific or identifiable individual (subject of personal data);
- provision of personal data-actions aimed at disclosing personal data to a certain person or a certain group of persons;
- dissemination of personal data-actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at making personal data available to an unlimited number of persons, including publishing personal data in the mass media, posting it in information and telecommunications networks, or providing access to personal data to any third party. otherwise;
- cross-border transfer of personal data-transfer of personal data on the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
- destruction of personal data-actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
The subjects whose personal data is processed in PRIAN LLC with or without the use of automation tools are:
- job candidates for the Operator;
- employees of the Operator and their family members (spouses and close relatives);
- persons who previously had an employment relationship with the Operator;
- persons who have a civil nature of contractual relations with the Operator, or who are at the stage of pre-contractual or fulfilled relations of a similar nature;
- persons undergoing various types of internships (internships) with the Operator;
- founders (participants) of the Operator;
- contractors of the Operator represented by individual entrepreneurs, their employees; founders, managers, representatives (persons acting on the basis of powers of attorney) and employees of legal entities that have or have had contractual relations with the Operator, or wish to conclude contracts with the Operator;
- users of the Operator's office;
- subscribers of the website of PRIAN LLC on the Internet;
- other persons whose personal data processing is necessary for the Operator to fulfill the purposes specified in this Policy.
Receiving personal data from the Operator is organized in such a way as not to violate the confidentiality of the collected personal data. The list of cases when it is necessary to obtain the written consent of the personal data subject to the processing of his /her personal data, as well as the procedure and form for obtaining consent, are determined by the Company's documents in accordance with the provisions of the Federal Law "On Personal Data".
If the personal data subject is incapacitated, written consent to the processing of his /her personal data is obtained from his /her legal representative. Personal data may be obtained by the Operator from a person who is not the subject of personal data, provided that the operator provides confirmation of the existence of the grounds specified in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of the Federal Law "On Personal Data".
When collecting personal data, including through the information and telecommunications network "Internet", recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data must be carried out by the Operator using databases located on the territory of the Russian Federation, with the exception of cases provided for by Federal Law &"About personal data".
PRIAN LLC is obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with Part 2 of Article 18.1 of the Federal Law "On Personal Data".
2. Principles and conditions of personal data processing
2.1. Principles of personal data processing
The Operator processes personal data on the basis of the following principles:
- legality and fair basis;
- restricting the processing of personal data to achieve specific, pre-defined and legitimate goals;
- preventing the processing of personal data that is incompatible with the purposes of personal data collection;
- preventing the association of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
- processing only those personal data that meet the purposes of their processing;
- compliance of the content and volume of personal data processed with the stated purposes of processing;
- preventing the processing of personal data that is redundant in relation to the stated purposes of their processing;
- ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
- destruction or depersonalization of personal data after achieving the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate the violations of personal data committed, unless otherwise provided by federal law.
2.2. Terms of personal data processing
The Operator processes personal data if at least one of the following conditions is met:
- processing of personal data is carried out with the consent of the personal data subject to the processing of his/her personal data;
- the processing of personal data is necessary for achieving the goals stipulated by an international treaty of the Russian Federation or a law, for performing and fulfilling the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;
- processing of personal data is necessary for the administration of justice, execution of a judicial act, or an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
- the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor;
- processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
- processing of personal data is carried out, access to which is granted to an unlimited number of persons by the subject of personal data or at his request (hereinafter-publicly available personal data);
- processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.
2.3. Confidentiality of personal data
The operator and other persons who have obtained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
2.4. Publicly available sources of personal data
For information support purposes, the Operator may create publicly available sources of personal data of personal data subjects, including reference books and address books. Publicly available sources of personal data may include, with the written consent of the personal data subject, his/her last name, first name, patronymic, date and place of birth, position, contact phone numbers, email address, and other personal data provided by the personal data subject.
Information about the personal data subject must be excluded at any time from publicly available sources of personal data at the request of the personal data subject, the authorized body for the protection of the rights of personal data subjects, or by a court decision.
2.5. Special categories of personal data
Processing by the Operator of special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life is allowed only in relation to employees of the Operator or persons who are applicants for vacant positions of the Operator, if:
- the personal data subject has given written consent to the processing of their personal data;
- personal data is made publicly available by the personal data subject;
- processing of personal data is carried out in accordance with the legislation on state social assistance, labor legislation, legislation of the Russian Federation on state pension provision pensions, on labor pensions;
- processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of other persons, and obtaining the consent of the personal data subject is impossible;
- the processing of personal data is necessary to establish or exercise the rights of the personal data subject or third parties, as well as in connection with the administration of justice;
- processing of personal data is carried out in accordance with the legislation on mandatory types of insurance, with the insurance legislation;
- the processing of special categories of personal data carried out in the cases provided for in paragraph 4 of Article 10 of Federal Law No. 152 must be immediately terminated if the reasons for their processing have been eliminated, unless otherwise established by federal law;
- processing of personal data on criminal records may be carried out by the Operator only in cases and in accordance with the procedure determined in accordance with federal laws.
2.6. Biometric personal data
Information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity-biometric personal data - can be processed by the Operator only in relation to employees of the Operator or persons who are applicants for vacant positions of the Operator, with the written consent of the subject of personal data.
2.7. Assignment of personal data processing to another person
The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with this person. A person who processes personal data on behalf of the Operator must comply with the principles and rules for processing personal data provided for in Federal Law No. 152 and this Policy.
2.8. Cross-border transfer of personal data
The Operator is obliged to make sure that the foreign state to whose territory it is intended to transfer personal data provides adequate protection of the rights of personal data subjects, before such transfer begins.
Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of personal data subjects can be carried out in the following cases:
- availability of written consent (including using the hardware of the PRIAN LLC website on the Internet) of the personal data subject to the cross-border transfer of their personal data;
- execution of a contract to which the personal data subject is a party.
2.9. Automatic collection of personal information
2.9.1. IP addresses
An IP address is a number assigned to your computer every time you access the Internet. It allows computers and servers to recognize each other and exchange information. The IP addresses of visitors to our sites may be taken into account for information security and system diagnostics purposes. This information can also be used in aggregated form to analyze trends in site usage and their effectiveness.
2.9.2. Cookies technology
A cookie is a file placed on your computer or device connected to the Internet each time you visit our website. This allows the site to remember your computer or device. In addition, cookies can be used for other purposes.
An information window that appears on some of our websites will ask for your consent to the collection of cookies. To maintain the functionality of the site, you may also need a second type of cookie, called "user cookies". The use of an informational banner does not block these cookies. The selected item will be saved in a cookie and will be valid for 90 days. If you wish to cancel it, you can do so by deleting the cookies in your browser.
Although most browsers accept cookies automatically, you can configure your browser so that only you can decide whether to accept a cookie or block it (see the Tools menu or your browser's Settings). You can delete cookies from your device at any time. Please note that if you do not accept cookies, some of the site's functions may be lost.
More detailed information about managing cookies can be found in the help file of your browser or on specialized sites, for example www.allaboutcookies.org.
Third-party tools and widgets can be used on our individual web pages to provide additional features for online visitors. In this case, a cookie may be placed on your device, which will make the use of tools and widgets more convenient and correctly reflect the process of your communication with other users on our web pages.
Cookies themselves do not inform us of your email address or otherwise identify you. In our analytical reports, we may use other identifiers, including IP addresses, but only for the purpose of determining the number of unique online visitors to our websites and collecting information about their geographical location, and not for identifying individual online visitors.
By accessing our websites or entering your login credentials to gain access to areas that only registered users can log in to, you agree to our placing cookies on your computer or device connected to the Internet.
2.9.3. Google Analytics Internet Service
PRIAN LLC uses the Google Analytics Internet service. You can find more information about using Google Analytics here: https://marketingplatform.google.com/about/analytics/terms/us/
2.9.4. Web beacons (web beacon technology)
A web beacon is a small graphic file on a web page that can be used to get certain information from your computer, such as the IP address, the duration of studying the content of the web page, the browser type, and the presence of cookies previously created by the same server.
PRIAN LLC uses these web beacons in strict compliance with applicable laws.
PRIAN LLC or service providers may use web beacons to monitor the performance of third-party websites that provide us with recruitment or marketing services, or to collect aggregated statistics about online site visitors and manage cookies.
You can disable some web beacons by blocking the associated cookies. In this case, the web beacon will be able to register an anonymous visit from your IP address, but the information in the cookie will not be recorded.
If you subscribe to our newsletters or other materials, we can monitor the actions of recipients. For example, through embedded links inside messages, we can collect information about the number of recipients who have opened a particular message. This information is collected in order to evaluate which sections of the site are most interesting to users, and to improve user settings.
2.9.5. Location services
PRIAN LLC may collect and use information about the geographical location of your computer or mobile device. The purpose of collecting this data is to provide you with information about services in your region that might be of interest to you, and to improve the products and services offered in it.
2.9.6 Yandex.Metrica Internet service
PRIAN LLC uses the Yandex.Metrica Internet service. You can find more information about using Yandex.Metrica here: https://yandex.com/legal/metrica_eea_termsofuse/ and https://yandex.com/legal/confidential/?lang=en
3. Rights of the personal data subject
3.1. Consent of the personal data subject to the processing of his/her personal data
The personal data subject makes a decision on the provision of his /her personal data and gives consent to their processing freely, voluntarily and in his /her own interest. Consent to the processing of personal data may be given by the personal data subject or his representative in any form that allows us to confirm the fact of its receipt, unless otherwise established by federal law.
3.2. Rights of the personal data subject
The subject of personal data has the right to receive information from the Operator concerning the processing of his /her personal data, if such right is not restricted in accordance with federal laws. The personal data subject has the right to demand that the Operator clarify his /her personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.
Processing of personal data for the purpose of promoting goods, works, and services on the market through direct contacts with the personal data subject (potential consumer) by means of communication tools, as well as for the purpose of political campaigning, is allowed only with the prior consent of the personal data subject.
The Operator is obliged to immediately stop processing the personal data for the above-mentioned purposes at the request of the personal data subject.
It is prohibited to make decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, except in cases provided for by federal laws, or with the written consent of the subject of personal data.
If the personal data subject considers that the Operator processes his /her personal data in violation of the requirements of Federal Law No. 152 or otherwise violates his /her rights and freedoms, the personal data subject has the right to appeal the Operator's actions or omissions to the Authorized Body for the Protection of the Rights of Personal data Subjects or in court.
The subject of personal data has the right to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage.
4. Ensuring the security of personal data
The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to meet the requirements of federal legislation in the field of personal data protection.
To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
- appointment of officials responsible for organizing the processing and protection of personal data;
- restriction of the number of persons allowed to process personal data;
- familiarization of subjects with the requirements of federal legislation and regulatory documents of the Operator for the processing and protection of personal data;
- organization of accounting, storage and circulation of media containing information with personal data;
- identification of threats to the security of personal data during their processing, formation of threat models based on them;
- development of a personal data protection system based on the threat model;
- checking the availability and effectiveness of information security tools;
- delineating user access to information resources and software and hardware information processing tools;
- registration and accounting of actions of users of personal data information systems;
- use of anti-virus tools and personal data protection system recovery tools;
- use of inter-network shielding, intrusion detection, security analysis, and cryptographic information protection tools when necessary;
- organization of access control to the Operator's territory, security of premises with technical means of processing personal data.
5. Terms of processing (storage) of personal data
The terms of processing (storing) personal data are determined in accordance with the term of the contract with the personal data subject, the statute of limitations, as well as other terms established by the legislation of the Russian Federation and the Operator's documents.
Personal data whose processing (storage) period has expired must be destroyed, unless otherwise provided by federal law or regulatory documents of the Operator.
Storage of personal data after the expiration of the storage period is allowed only after their depersonalization.
6. Final provisions
Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data.
Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by federal laws.
Last updated version published: 14.05.2018
Quoting conditions of Prian.info materials