1. General provisions.
1.1. This Policy of personal data processing (hereinafter referred to as the Policy) sets forth the system of basic principles of information security applicable to the processing of personal data in the Joint-Stock Company CHETRA-Industrial Machines (hereinafter referred to as the Company), defines the general principles, procedure and conditions for the processing of personal data of employees of the Company and other persons whose personal data is processed by the Company in order to ensure the protection of the rights and freedoms of man and citizen in the processing of his/her personal data.
1.2. The policy is drawn up in accordance with the Convention of the Council of Europe No. 108 on the Protection of the Person in Connection with the Automatic Processing of Personal Data and the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data (cl. 2 of Art. 18.1).
1.3. The policy is subject to change, addition in case of new and amendment of existing laws and special regulatory documents on the processing and protection of personal data. The new version of the Policy comes into force from the moment of its publication or providing unrestricted access in another way, unless otherwise provided by the new version of the Policy.
1.4. The Policy applies to personal data obtained both before and after the entry into force of this Policy.
2. Introduction.
2.1. The Company is the operator of personal data.
2.2. An important condition for the implementation of the goals of the Company is to ensure the necessary and sufficient level of information security of personal data.
2.3. The Company carries out processing of personal data on a legal and fair basis, in particular, in accordance with the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data.
2.4. The Company has developed and implemented documents establishing procedure for processing and protection of personal data, which ensure compliance with the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data and regulatory legal acts adopted in accordance with it, and allow to ensure the protection of personal data processed in the Company.
3. Personal data processed by the Company.
3.1. Information constituting personal data in the Company is any information relating directly or indirectly to a specific or determinable individual (subject of personal data).
3.2. Legal grounds for the processing of personal data:
- The Constitution of the Russian Federation;
- The Labor Code of the Russian Federation;
- The Civil Code of the Russian Federation;
- Federal Law No. 160-FZ dated December 19, 2005 On Ratification of the Convention of the Council of Europe on the Protection of Individuals during Automatic Processing of Personal Data;
- Federal Law No. 152-FZ dated July 27, 2006 On Personal Data;
- Federal Law No. 149-FZ dated July 27, 2006 On Information, Information Technologies and the Protection of Information.
3.3. Purpose of personal data processing:
- implementation of the provisions of regulatory acts referred to in cl. 3.2;
- conclusion and fulfillment of obligations under labor contracts, civil law contracts and contracts with contractors;
- implementation of access control and the on-site regime.
3.4. The composition of personal data is determined by the purposes of their processing and is fixed in the List of personal data processed by the Company.
3.5. The company processes the following personal data:
- general information about the legal entity that entered into an agreement with the Company;
- general information about the individual who entered into an agreement with the Company;
- general information about individuals who entered into an agreement with the Company;
- general information about a person once admitted to the Company;
- personnel information about the employee of the Company;
- financial information on the employee of the Company;
- information about the relatives of the employee of the Company;
- information about violations of labor discipline by the employee;
- information recognized as generally available in the Company.
Principles and conditions for the processing of personal data in the Company.
3.6. The processing of personal data is carried out until the achievement of the objectives of such processing. Periods of Personal data storage:
- employment contracts and information in accordance with the Labor Code of the Russian Federation - 50 years;
- financial documents for the employee - 5 years;
- civil law contracts - 5 years;
- single-entry registration books - 3 years.
3.7. When processing personal data in the Company, its accuracy, sufficiency, and, if necessary, its relevance with respect to the purposes of personal data processing in the Company are ensured.
3.8. The Company processes the biometric personal data of employees - photographs in the electronic pass and access control and management system.
3.9. Processing of special categories of personal data is not carried out.
3.10. Cross-border transfer of personal data is not carried out.
3.11. Processing of personal data is carried out both with the use of tangible media, and with the use of computer technology. When processing personal data, the requirements of federal law and by-laws with respect to the processing of personal data are observed.
3.12. The Company does not take decisions that give rise to legal consequences in relation to the subject of personal data or otherwise affect his/her rights and legitimate interests on the basis of exclusively automated processing of personal data.
3.13. To organize access control and processing using computer equipment, the Company may transfer, with the consent of the subject of personal data, its personal data for processing to another legal entity (processor) in accordance with a specially prepared order for the Company to the processor.
3.14. The employees of the Company (including employees working remotely) are familiarized with the documents of the Company, establishing the procedure for processing and protecting personal data, as well as the rights and obligations arising from the processing and protection of personal data.
3.15. Employees of the Company are prohibited from collecting, processing and storing personal data of subjects of the Russian Federation for purposes that lie outside the scope of processing personal data of the Company, including with a view to promoting goods, works, services on the market through direct contacts with potential consumers.
3.16. Personal data comes to the Company directly from the subject of personal data or from persons who are not subjects of personal data, on the basis of an agreement. Moreover, the Company fulfills all the requirements for the processing of such data provided for by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data, and also ensures the security of personal data received.
3.17. The Company transfers personal data to third parties on the basis of an instruction for the processing of personal data in accordance with the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data, as well as in the framework of the implementation of the norms of the current legislation of the Russian Federation.
4. Rights of subjects of personal data processed in the Company.
4.1. The personal data subject has the right to receive information regarding the processing of his/her personal data, containing:
- confirmation of the fact of personal data processing by the Company;
- legal grounds and purposes of personal data processing;
- goals and methods of personal data processing used by the Company;
- name and location of the Company, information about persons (except for employees of the Company) who have access to personal data or to which personal data may be disclosed on the basis of an agreement with the Company or on the basis of the Federal Law;
- processed personal data relating to the relevant subject of personal data, its source, unless another procedure for the submission of such data is provided for by the Federal Law;
- time for processing personal data, including the period of its storage;
- procedure for exercising by the subject of personal data the rights provided for by the Federal Law;
- information on the implementation or on the alleged cross-border data transfer;
- company name or last name, first name, middle name and address of the person who processes personal data on behalf of the Company, if processing is or will be entrusted to such person;
- other information not provided for by Federal Laws.
4.2. The subject of personal data has the right to request from the Company a form for information regarding the processing of personal data of the subject.
4.3. The right of the personal data subject to access his/her personal data may be restricted in accordance with Federal Laws, including if the access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.
4.4. The personal data subject has the right to require the Company to clarify its personal data, to block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures prescribed by law to protect their rights.
4.5. Information regarding the processing of the personal data of the subject is provided to him by the Company in an accessible form and does not contain personal data relating to other personal data subjects, unless there are legal grounds for the disclosure of such personal data.
4.6. Information regarding the processing of personal data of the subject is provided to him or his/her representative by the Company upon request, or upon receipt of a request from the subject of personal data or his/her representative. The request may be sent in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation.
4.7. If information regarding the processing of personal data of the subject, as well as processed personal data, was provided for review by the subject of personal data upon request, the subject of personal data has the right to re-apply to the Company or send a second request no earlier than thirty days after the initial appeal or referral of the initial request, if a shorter period is not established by the Federal Law, a normative legal act or an agreement adopted in accordance with it, to which either the beneficiary or guarantor is a subject of personal data.
4.8. The personal data subject has the right to apply again to the Company or send a second request in order to obtain information regarding the processing of the personal data of the subject, as well as to familiarize himself with the processed personal data before thirty days after the initial appeal, if such information and (or) processed personal data was not provided to him for review in full based on the results of consideration of the initial appeal. A repeated request, along with information regarding the processing of personal data of the subject, should contain a justification for the direction of the repeated request.
4.9. If the personal data subject believes that the Company is processing his/her personal data in violation of the Federal Law or otherwise violates his/her rights and freedoms, the personal data subject is entitled to appeal the actions or omissions of the Company to the authorized body for the protection of the rights of personal data subjects or in court.
4.10. The subject of personal data has the right to protect his/her rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court.
5. Fulfillment of the obligations of the personal data operator by the Company.
5.1. The Company shall fulfill the obligations stipulated for personal data operators by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data and regulatory legal acts adopted in accordance with it, including:
5.1.1. informs the subject of personal data or his/her representative regarding the processing of his/her personal data, or motivated refusals to provide such information in the form and cases and within the time stipulated by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data";
5.1.2. carries out an explanation to the subject of personal data of the legal consequences of the refusal to provide his/her personal data in the cases provided for by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data";
5.1.3. makes the necessary changes to personal data, destroys them, notifies the personal data subject or his/her representative of the changes made and measures taken, and takes reasonable measures to notify third parties to whom the personal data of this subject were transferred, on time and in cases provided for by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data";
5.1.4. notifies the authorized body for the protection of the rights of subjects of personal data of its intention to process personal data in case of changes in information regarding the processing of personal data of subjects, as well as in case of termination of the processing of personal data in the form, within the time and in cases provided for by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data";
5.1.5. reports to the authorized body for the protection of the rights of subjects of personal data at the request of this body the necessary information within the time period stipulated by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data";
5.1.6. if the goal of personal data processing is achieved, it ensures the termination of the processing of personal data and their destruction within the time period stipulated by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data".
5.2. In order to ensure fulfillment of the obligations stipulated by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and the regulatory legal acts adopted in accordance with it, the Company has taken the following necessary and sufficient measures:
- a person responsible for organizing the processing of personal data has been appointed;
- local acts have been issued on the processing and protection of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations:
o Regulation on the processing of personal data in the Company;
o Regulation on ensuring the security of personal data in the Company;
o other local acts on the processing and protection of personal data.
- legal, organizational and technical measures have been applied to ensure the security of personal data;
- internal control of personal data processing compliance with the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data and regulatory legal acts adopted in accordance with it, this Policy, local acts of the Company is carried out;
- an assessment of the harm that may be caused to personal data subjects in case of violation of the requirements of the federal legislation on personal data is made, the ratio of the specified harm to the measures taken by the Company aimed at ensuring the fulfillment of obligations stipulated by the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data and normative legal acts adopted in accordance with it;
- Company employees who directly process personal data are familiarized with the provisions of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 On Personal Data and the regulatory legal acts adopted in accordance with it, this Policy and local acts on the processing of personal data data.
5.3. At the request of the authorized body for the protection of the rights of personal data subjects, the Company was prepared to confirm the adoption of measures provided for by the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it.
6. Responsibility for violation of the rules governing the processing and protection of personal data.
6.1. Persons guilty of violating the requirements of the Federal Law of the Russian Federation No. 152-FZ dated July 27, 2006 "On Personal Data", pursuant to which this Policy has been developed, bear civil, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation.
7. Amendment of the Policy.
7.1. The Company has the right to amend this Policy.
7.2. When making changes, the heading of the Policy shall indicate the date of the last update of the edition.
7.3. The new version of the Policy comes into force from the moment it is posted on the Company's website, unless otherwise provided by the new version of the Policy.
✖
Получить
Скажите, пожалуйста, как Вас зовут и как с Вами связаться.
Мы пришлем Вам прямо сейчас.
Отправляя данную форму, я даю Согласие на обработку моих персональных данных в соответствии с Политикой