Protection policy and the processing of personal data from 01 Nov 2017 limited liability company "Parklane».
1.General terms
- This Policy for the processing of personal data (hereinafter – the policy) is made in accordance with paragraph 2 of article 18.1 of the Federal law "on personal data" No. 152-FL of July 27, 2006, as well as other legal acts of the Russian Federation in the field of protection and processing of personal data and is valid for all personal data (hereinafter-the Data), which are limited liability company "Parkline", PSRN 1167847069367 (hereinafter – The Policy). – The operator, the Company) may receive from the personal data subject, who is a party to the service agreement, civil law agreement, as well as from the personal data subject, consisting with the Operator in the relations regulated by labor legislation (hereinafter – the Employee).
- The operator provides protection of the processed personal data from unauthorized access and disclosure, illegal use or loss in accordance with the requirements of the Federal law of July 27, 2006 No 152-FZ "on personal data".
- Policy change
- The operator has the right to make changes to this Policy. When changes are made, the Policy title indicates the date of the last update of the revision. The new version of the Policy shall enter into force upon its posting on the website, unless otherwise provided by the new version of the Policy.
2.Terms and abbreviations used
Personal data (PD) – any information relating directly or indirectly to a particular or identifiable individual (subject of personal data).
Processing of personal data – any action (operation) or a set of actions (operations) performed using automation or without the use of such means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Information system of personal data (PDIS) – a set of databases of personal data and ensure their processing of information technologies and technical means.
Personal data made publicly available by the subject of personal data-PD, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data is a temporary cessation of processing of personal data (except for cases when processing is necessary to clarify personal data).
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Operator-an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purpose of processing of personal data to be processed, actions (operations) performed with personal data. The operator is LLC Parklane, legal address: 197110, St. Petersburg, Ryukhina St., 9, lit. A
3.Personal data processing
- Getting PD.
- All PD should be received from the subject. If the subject's PD can only be obtained from a third party, the subject must be notified or consent must be obtained from the subject.
- The operator must inform the subject about the purposes, the intended sources and methods of obtaining PD, the nature of PD to be obtained, the list of actions with PD, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to their receipt.
- Documents containing PD, are created by:
- entering data from the original documents (passport, education document, TIN certificate, pension certificate, etc.) into the registration forms on paper and / or electronic media;
- obtaining the originals of the necessary documents in accordance with the requirements of the current legislation (employment record, medical report, characteristics, etc.).
- The treatment of PD.
- Processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his personal data;
- in cases where the processing of personal data is necessary for the implementation and performance of the functions, powers and duties assigned to the Operator by the legislation of the Russian Federation;
- in cases where the processing of personal data, access of an unlimited circle of persons to which is provided by the personal data subject or at the request of (hereinafter – the personal data made publicly available personal data subject).
- Purposes of personal data processing:
- implementation of labour relations;
- the implementation of civil-legal relations;
- for the proper performance of obligations under contracts for the provision of services.
- Categories of personal data subjects.
PD of the following subjects of PD are processed:
- natural persons with the company in labor relations;
- individuals who have resigned from the Society;
- natural persons who are candidates for employment;
- individuals who are in civil relations with the Company;
- individuals to whom the Operator provides services in accordance with the concluded contracts for the provision of services.
- PD processed by the Operator:
- data received by the labor relations;
- data obtained for the selection of candidates for the job;
- data obtained in the implementation of civil law relations;
- data obtained for the proper execution of obligations under contracts for the provision of services.
- Processing of personal data is carried out:
- with the use of automation;
- without the use of automation.
3.Storage PD.
- PD of subjects can be received, processed further and transferred to storage both on paper and in electronic form.
- PD recorded on paper are stored in locked cabinets or in locked rooms with limited access.
- PD subjects processed using automation for different purposes are stored in different folders.
- It is not allowed to store and place documents containing PD in open electronic catalogs in ISP.
- Storage of PD in a form that allows to identify the subject of PD is carried out no longer than required by the purpose of their processing, and they are subject to destruction upon achievement of the processing objectives or in case of loss of the need to achieve them.
- The destruction PD.
- Destruction of documents (carriers) containing PD is made by burning, crushing (grinding), chemical decomposition, transformation into the shapeless weight or a powder. For destruction of paper documents use of the shredder is allowed.
- PD on electronic media are destroyed by erasing or formatting the media.
- The fact of destruction of the PD is confirmed by a documented act of destruction of carriers.
- Transmission of PD.
- The operator transfers PD to third parties in the following cases:
-the entity has expressed its consent to such actions;
-the transfer is provided for by Russian or other applicable law within the procedure established by law.
- List of persons to whom PD is transferred.
- Pension Fund of the Russian Federation for accounting (legally);
- Tax authorities of the Russian Federation (on legal grounds);
- Social insurance Fund of the Russian Federation (legally);
- territorial Fund of obligatory medical insurance (legally);
- The licensed medical organizations performing a complex of services in carrying out obligatory preliminary and periodic medical review, and also for obligatory psychiatric examination (on the lawful bases, on the basis of the agreement);
- District military Commissariat of St. Petersburg and nonresident military commissariats and other institutions in the absence of military commissariats (legally);
- Organizations that perform work on special assessment of working conditions in the workplace (on the basis of the contract);
- Banks for payroll (under contract);
- The organizations rendering to the Operator of service in transfer in electronic form to Head Department of the Ministry of internal Affairs of the Russian Federation across St. Petersburg and the Leningrad region of information on registration and removal of citizens of the Russian Federation from registration in the place of stay; data (notifications) for the purposes of implementation of migration registration of foreign citizens);
- Bodies of the Ministry of internal Affairs of Russia in cases established by law.
4.Personal data protection
- In accordance with the requirements of regulatory documents, the Operator has created a system of personal data protection (FDD), consisting of subsystems of legal, organizational and technical protection.
- The subsystem of legal protection is a complex of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the FDD.
- The subsystem of organizational protection includes the organization of the management structure of the SZPD, the licensing system, the protection of information when working with employees, partners, customers and third parties.
- The subsystem of technical protection includes a complex of technical, software, hardware and software, providing protection of PD.
- The main PD protection measures used by the Operator are:
- Appointment of persons responsible for PD processing, who organize PD processing, training and instruction, internal control over compliance by the Operator and its employees with the requirements for PD protection.
- Identification of actual threats to PD security during their processing in the ISPD and development of measures and measures to protect PD.
- Develop a policy for the processing of personal data.
- Establishment of rules of access to PD processed in the ISPD, as well as ensuring the registration and accounting of all actions taken with the PD in the ISPD.
- Establishment of individual passwords for access of employees to the information system in accordance with their work responsibilities.
- Application of information security tools that have passed the established procedure of conformity assessment.
- Certified anti-virus software with regularly updated databases.
- Compliance with the conditions that ensure the safety of PD and exclude unauthorized access to them.
- Detection of unauthorized access to personal data and taking measures.
- Recovery of PD modified or destroyed due to unauthorized access to them.
- Training of the Operator's employees directly engaged in the processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Operator's policy with respect to the processing of personal data, local acts on the processing of personal data.
- Implementation of internal control and audit.
5.The basic rights of PD subjects and obligations of the Operator
- The basic rights of PD subjects.
The subject has the right to access his / her personal data and the following information:
- confirmation of PD processing by the Operator;
- legal basis and purpose of PD processing;
- objectives and methods of PD processing used by the Operator;
- he name and location of the Operator, information about the persons (except for the Operator's employees) who have access to PD or who can be disclosed PD on the basis of an agreement with the Operator or on the basis of Federal law;
- terms of processing of personal data, including the terms of their storage;
- the procedure for exercising the rights provided for by this Federal law by the subject of PD;
- name or surname, name, patronymic and address of the person performing PD processing on behalf of the Operator, if the processing is or will be entrusted to such person;
- contacting the Operator and sending him requests;
- appeal against the Operator's actions or inaction.
- Responsibilities Of The Operator.
- in the collection of PD to provide information about the processing of PD;
- in cases where PD has not been received from the PD subject, notify the subject;
- in case of refusal to provide the PD to the subject, the consequences of such refusal are explained;
- publish or otherwise provide unrestricted access to the document that defines its PD processing policy, to information about the requirements for PD protection that are being implemented;
- take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from illegal or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as other illegal actions in respect of PD;
- to give answers to the queries and complaints of subjects of PD, their representatives and the authorized body for the protection of human subjects of PD.