1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been drawn up in accordance with clause 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter referred to as data) that the Organization (hereinafter referred to as the Operator, the Company) can receive from the subject of personal data, who is a party to a civil law contract, from an Internet user (hereinafter referred to as the User) during his use of any of the sites, services, services, programs, products or services of LLC "", as well as from the subject personal data that is with the Operator in a relationship governed by labor legislation (hereinafter referred to as the Employee).
1.2. The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".
1.3. The operator has the right to make changes to this Policy. When making changes in the heading of the Policy, the date of the last revision is indicated. The new version of the Policy comes into force from the moment it is posted. on the site, unless otherwise provided by the new edition of the Policy.
2. Terms and accepted abbreviations
2.1. Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
2.2. Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3. Automated processing of personal data - processing of personal data using computer technology.
2.4. Personal data information system (ISPD) is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.5. Personal data made publicly available by the subject of personal data - personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
2.6. Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
2.7. Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible carriers of personal data are destroyed.
2.8. Operator - an organization that independently or jointly with other persons organizes the processing of personal data, as well as determining the purposes of processing personal data to be processed, actions (operations), committed with personal data. The operator is LLC "", located at:
3. Processing of personal data
3.1. Receiving personal data
3.1.1. All personal data should be obtained from the subject himself. If the personal data of the subject can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him. 3.1.2. The operator must inform the subject about the purposes, intended sources and methods of obtaining personal data, the nature of the subject to be obtained. personal data, a list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the subject's refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by: - copying of original documents (passport, educational document, TIN certificate, pension certificate, etc.); - entering information into accounting forms; - obtaining originals of the necessary documents (work book, medical certificate, characteristics, etc.).
3.2. Personal data processing
3.2.1. The processing of personal data is carried out: - with the consent of the subject of personal data to the processing of his personal data; - in cases where the processing of personal data is necessary for the implementation and implementation of the functions, powers and duties imposed by the legislation of the Russian Federation; - in cases when processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter - personal data made publicly available subject of personal data).
3.2.2. Purposes of personal data processing: - implementation of labor relations; - implementation of civil law relations; - to contact the user, in connection with filling out the feedback form on website, including sending notifications, requests and information, concerning the use of the website of LLC "", processing, approval orders for services / works, execution of agreements and contracts; - anonymization of personal data to obtain anonymized statistical data that are transferred to a third party for conducting research, performance of work or rendering of services on behalf of the Company.
3.2.3. Categories of subjects of personal data. Personal data of the following subjects of personal data: - individuals who are in labor relations with the Company; - individuals who quit the Company; - individuals who are job candidates; - individuals who are with the Company in civil law relationships; - individuals who are Users of the Company's Website.
3.2.4. Personal data processed by the Operator: - data obtained during the implementation of labor relations; - data obtained for the selection of candidates for work; - data obtained in the implementation of civil law relations; - data received from the Users of the Company's Website.
3.2.5. The processing of personal data is carried out: - using automation tools; - without the use of automation tools. 3.3. Storage of personal data
3.3.1. Personal data of subjects can be obtained, passed further processing and transferred to storage as on paper, and in electronic form.
3.3.2. Personal data recorded on paper, stored in lockers or locked rooms with limited access right.
3.3.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. Storage and placement of documents containing personal data in open electronic catalogs (file sharing) in ISPD.
3.3.5. Storing personal data in a form that allows you to determine the subject of personal data, carried out no longer than required the purposes of their processing, and they are subject to destruction upon reaching the goals processing or in case of loss of the need to achieve them.
3.4. Destruction of personal data 3.4.1. Destruction of documents (media) containing personal data, produced by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. Fordestruction of paper documents, the use of a shredder is allowed.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented the media destruction act.
3.5. Transfer of personal data 3.5.1. The operator transfers personal data to third parties in the following cases: - the subject has expressed his consent to such actions; - the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
3.5.2. List of persons to whom personal data is transferred. - Pension fund of the Russian Federation for accounting (legally); - tax authorities of the Russian Federation (legally); - Social Insurance Fund of the Russian Federation (legally); - territorial compulsory health insurance fund (for legal grounds); - medical insurance organizations for compulsory and voluntary health insurance (legally); - banks for calculating wages (on the basis of an agreement); - bodies of the Ministry of Internal Affairs of Russia in cases established by law.
4. Protection of personal data
4.1. In accordance with the requirements of regulatory documents by the Operator a personal data protection system (PDS) has been created, consisting of subsystems legal, organizational and technical protection.
4.2. The subsystem of legal protection is a complex of legal, organizational, administrative and regulatory documents providing creation, operation and improvement of the PDSD.
4.3. The organizational security subsystem includes the organization structure of management of PDPD, authorization system, information protection when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a set of technical, software, software and hardware that provide protection personal data.
4.5. The main measures of protection of personal data used. The operator are: 4.5.1. Appointment of the person responsible for the processing of personal data, which organizes the processing of personal data, training and briefing, internal monitoring of the institution's compliance and employees of the requirements for the protection of personal data.
4.5.2. Identification of actual threats to the security of personal data when they processing in the ISPD and the development of measures and measures to protect personal data. 4.5.3. Development of a policy regarding the processing of personal data. 4.5.4. Establishment of rules for access to personal data processed in ISPD, as well as ensuring registration and accounting of all actions performed with personal data in ISPD. 4.5.5. Establishment of individual access passwords for employees in information system in accordance with their production responsibilities. 4.5.6. Application of duly completed assessment procedures compliance of information protection means. 4.5.7. Certified antivirus software with regular updated databases. 4.5.8. Compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them. 4.5.9. Detection of facts of unauthorized access to personal data and taking action. 4.5.10. Recovery of personal data modified or destroyed due to unauthorized access to them. 4.5.11. Training of the Operator's employees who directly carry out processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy in relation to processing personal data, local acts on the processing of personaldata. 4.5.12. Implementation of internal control and audit. 5. Basic rights of the subject of personal data and obligations of the Operator 5.1. Basic rights of the subject of personal data The subject has the right to access to his personal data and the following information: - confirmation of the fact of processing of personal data by the Operator; - legal grounds and purposes of personal data processing; - the purposes and methods of processing personal data used by the Operator; - name and location of the Operator, information about persons (for excluding workers Operator) who have access to personal data or who may be disclosed personal data on the basis of an agreement with the Operator or on the basis of federal law; - terms of processing personal data, including the terms of their storage; - the procedure for the exercise by the subject of personal data of rights, stipulated by the Federal Law; - name or surname, name, patronymic and address of the person carrying out processing of personal data on behalf of the Operator, if the processing entrusted or will be entrusted to such a person; - contacting the Operator and sending him requests; - appeal against the actions or inaction of the Operator. 5.2. Obligations of the Operator The operator is obliged: - when collecting personal data, provide information about the processing personal data; - in cases where personal data was not received from the subject personal data, notify the subject; - in case of refusal to provide personal data, the subject is explained the consequences of such a refusal; - publish or otherwise provide unrestricted access to document defining its policy regarding the processing of personal data, to information about the implemented requirements for the protection of personal data; - take the necessary legal, organizational and technical measures, or ensure their acceptance to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, providing, distributing personal data, as well as from other illegal actions in relation to personal data; - to give answers to requests and requests of subjects of personal data, their representatives and the authorized body for the protection of the rights of subjects personal data.