PERSONAL DATA PROCESSING AT OOO «DK RUS»
1. General provisions
1.1. This Regulation defines the procedure for the processing of personal data and measures to ensure the security of personal data at OOO DK RUS (hereinafter referred to as the Operator) in order to protect the rights and freedoms of a person and citizen when processing their personal data, including the protection of privacy rights, personal and family secrets.
1.2. The Regulation of personal data processing of the Operator has been developed in accordance with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”.
1.3. The following terms and definitions are used in this Regulation:
operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data
personal data - any information relating to a directly or indirectly determined, or designated individual (subject of personal data);
personal data processing - any action (operation) or a set of actions (operations) performed with the use of automation tools or without using such tools with personal data, including the collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
automated personal data processing – the processing of personal data with the help of computers;
personal data distribution - actions intended to disclose personal data to the general public (transfer of personal data) or to familiarize with personal data of an unlimited number of persons, including the disclosure of personal data in the media, placement in information and telecommunication networks or providing access to personal data of some any other way;
personal data provision – actions intended to disclose personal data to a particular person or group of persons;
personal data blocking - temporary termination of processing of personal data (except where the processing is required to specify personal data);
personal data destruction - actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which physical media with personal data are destroyed;
personal data depersonalization - actions as a result of which it is impossible without additional information to determine whether personal data belong to a specific subject of personal data;
personal data information system - a set of personal data contained in databases, and information technologies and technical means ensuring their processing.
1.4. The Regulation applies to all personal data of subjects processed at “DK RUS” OOO using automation tools and without the use of such tools.
1.5. Any subject of personal data should have access to this Regulation.
2. Principles and conditions of personal data processing
2.1. Personal data processing at “DK RUS” OOO performed based on the following principles: personal data processing in “DK RUS” OOO is performed on a legitimate equitable basis; personal data processing is limited to reaching specific predetermined legitimate aims; personal data processing incompatible with the purposes of personal data acquisition is not allowed; combining databases that contain personal data processed for the purposes incompatible with each other is not allowed; personal data meeting the purposes of their processing may only be processed; scope and amount of personal data comply with the stated purposes of processing. The personal data redundancy in relation to the stated purposes is not allowed; while processing personal data, accuracy, adequacy and actuality (if necessary) of personal data are provided in relation to the purposes of personal data processing. in “DK RUS” OOO makes all reasonable efforts to delete or adjust incomplete or inaccurate personal data; personal data are stored in the form that enables to define the data subject no longer than it’s required for the purposes of personal data processing, in case the personal data retention period is not set by a federal law or an agreement under which the data subject acts as a party, beneficiary or guarantor; personal data under processing are deleted or depersonalized once the purposes of processing are achieved or in case achieving these purposes is not required anymore, unless otherwise provided by a federal law.
2.2. The source of information about all personal data of the subject is the subject of personal data. In the event subject`s personal data may be obtained only from a third party, the subject of personal data shall be notified thereof in advance and the written consent shall be obtained from them. Operator must notify the subject of purposes, supposed sources and methods of obtainment of personal data, as well as of consequences of subject’s refusal to give a written consent to their obtainment.
2.3. Operator may not obtain or process special categories of personal data of a subject relating to the subject’s race or nationality, political views, religious or philosophical beliefs, health condition, intimate life or data on subject’s membership with public unions or trade union activities.
2.4. Operator may process the said personal data of a subject without their consent in the following events:
̶ the subject of personal data gave his consent in writing to the processing of the personal data;
̶ the personal data are publicly available;
̶ personal data processing is required to protect life, health or other vital interests of the subject, or life, health or other vital interests of other persons, and no consent of the employee can be obtained;
̶ personal data processing is necessary to achieve the purposes prescribed by law for the implementation and fulfillment of the functions, powers and duties imposed by the legislation of the Russian Federation on the operator;
̶ personal data processing is necessary for the execution of the contract, the party to which is either the beneficiary or guarantor, which is the subject of personal data, as well as to enter into a contract on the initiative of the subject of personal data or the contract on which the subject of personal data will be the beneficiary or surety;
̶ personal data processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;
̶ personal data processing is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request;
̶ personal data processing to be published or mandatory disclosure in accordance with federal law;
̶ in other events provided for by the current legislation of the Russian Federation.
2.5. Operator and other persons who have received access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
2.6. Operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, based on a contract concluded with this person. The person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by the Federal Law 152.
3. List of personal data processed at OOO “DK RUS”
3.1. The list of personal data processed at OOO “DK RUS” is stipulated by the Law of the Russian Federation and corporate statutory acts considering the personal data processing purposes stated in Section 2 of the Regulation).
3.2. Special personal data categories concerning race and national identity, political commitment, religious or philosophic views and private life are not subject to processing at OOO “DK RUS”.
4. Rights of the subject of personal data.
In order to ensure the protection of personal data kept by the Operator the subject of personal data shall have the right to:
̶ receive full information about their personal data and processing of such data;
̶ receive free access to their personal data free of charge, including the right to receive a copy of any entry containing personal data of the employee free of charge;
̶ determine their representatives to protect personal data;
̶ demand that the Operator specify, exclude or correct personal data which are incomplete, inaccurate, outdated, unreliable, illegally obtained or unnecessary for the Operator;
̶ withdrawal of personal data processing consent;
̶ demand that the Operator notify all persons previously provided with incorrect or incomplete personal data of the of all exclusions, corrections or additions made;
̶ challenge in court illegal acts or omissions by the Operator when processing and protecting their personal data;
̶ exercise of other rights stipulated by the legislation of the Russian Federation.
5. Security of personal data.
5.1. While processing personal data, ООО «DK RUS»: takes relevant measures to ensure compliance with the Law of the Russian Federation and corporate statutory acts related to personal data; establishes legal, planning and technical procedures to protect personal data against illegal or accidental access, annihilation, alteration, blocking, copying, presentation, distribution, as well as against other misconduct in relation to personal data; appoints a party responsible for the arrangement of personal data processing at ООО «DK RUS»; issues corporate statutory acts stipulating the Regulation and personal data processing and protection procedures at ООО «DK RUS»; publishes or otherwise provides unlimited access to this Regulation; informs personal data subjects or their representatives in due course of the available data related to the relevant subjects, provides the representation of these personal data upon notification and/or request of the mentioned data subjects or their representatives, unless otherwise provided by the Law of the Russian Federation; terminates the processing and annihilates personal data as stipulated by the Law of the Russian Federation related to personal data; performs other activities stipulated by the Law of the Russian Federation related to personal data.
6. Procedure of storage and use of personal data of subject of personal data. 6.1. Personal data of employees may be obtained, subsequently processed and stored on paper, electronically or in an information system.
7. Final Provisions.
7.1. Other rights and obligations of OOO “DK RUS”, as the Operator of personal data, are determined by the legislation of the Russian Federation in the field of personal data
Operator officials who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by federal laws.