ATTENTION!
Cases of using the name of the Rusvinyl LLC in fraudulent schemes have become more frequent!
BE CAREFUL! Check phone numbers and email addresses with the official website of the company!

Policy in relation to processing of personal data

1 GENERAL PROVISIONS

1.1 The present Policy in relation to processing of personal data (hereinafter referred to as Policy) is developed according to item 2 Part 1 Article 18.1 of the Federal law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data" and determines the basic principles, purposes, terms and methods of processing of Personal Data (hereinafter referred to as – Personal Data), categories of subjects of Personal Data and processed Personal Data, rights and obligations of the Company (hereinafter referred to as - the Company) at processing of Personal Data, rights for the subjects of Personal Data, as well as measures realized to the Company on provision of security of Personal Data when carrying out an activity, established in the Articles of Association.

1.2 Provisions of the present Policy are the basis for development of local acts, regulating the questions of processing of Personal Data in the Company.

1.3 The action of the present Policy covers all processes of the Company, within the limits of which processing of Personal Data is carried out, both with the use of facilities of the computing technique, including with the use of information and telecommunication networks and without the use of such facilities.

1.4 The use of services of the Company means the consent of the subject of Personal Data with the present Policy and terms and conditions of processing of its personal data specified hereto.

 2 CONCEPT OF INFORMATION SECURITY

2.1 Information security of the Company is protection of confidentiality, integrity and availability of information.

2.2 Confidentiality is a property of information resources, including an information, related to that these resources will not become accessible and will not be disclosed for the unauthorized persons.

2.3 Integrity is invariability of information in the process of its transmission or storage.

2.4 Accessibility is a property of information resources, including information, which defines a possibility of their receipt and use on request of the authorized persons.

2.5 The automated processing of Personal Data is processing of Personal Data by means of facilities of the computing technique .

2.6 The information system of Personal Data is an aggregate of Personal Data contained in the bases and information technologies and hardware, which provide its processing.

2.7 Processing of Personal Data is any action (operation) or aggregate of actions (operations), carried out with the use of facilities of automation or without the use of such facilities in relation to Personal Data, including collection, record, systematization, accumulation, storage, clarification (updating, change), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deleting, elimination of Personal Data.

2.8 Personal Data are any information, directly or indirectly related to the determined physical person (the subject of Personal Data).

2.9 The subject of Personal Data is a physical person, having Personal Data, which determine him directly or indirectly.

3 PRINCIPLES OF PROCESSING OF PERSONAL DATA OF THE SUBJECTS

OF PERSONAL DATA

3.1 The Company applies the following principles at organization of processing of Personal Data:

3.1.1 Processing of Personal Data is carried out on an equitable and legal basis.

3.1.2 Processing of Personal Data is restricted to achievement of specific, predetermined and legal purposes.

3.1.3 It is prohibited combination of databases, containing Personal Data, processing of which is carried out for the, purposes inconsistent against each other;

3.1.4 It is allowed processing of such Personal Data, which meet the purpose of their processing;

3.1.5 Content and volume of processed Personal Data are in correspondence with the stated purpose of processing.

3.1.6 It is necessary to provide the exactness of Personal Data, their sufficiency and actuality at processing of Personal Data;

3.1.7 Storage of Personal Data is carried out in the form, allowing to define a subject of Personal Data only as long as is needed for the purposes of processing of Personal Data, if the term of storage of Personal Data is not established by the Federal law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data", by a Contract, the Party of which, a beneficial owner or guarantor under such Contract is the subject of Personal Data. The processed Personal Data is subject to elimination or depersonalization after achievement of the purposes of processing or in case of loss of necessity for achievement of these purposes.

3.2 The company in its activity comes from that the subject of Personal Data should provide exact and reliable information during cooperation with the Company, as well as it should inform the representatives of Company about the change of Personal Data.

3.3 The company carries out of processing of Personal Data under the contractual obligations (execution of agreements, contracts and obligations), economic activity of the Company, as well as according to the requirements of legislation of the Russian Federation in the field of Personal Data .

3.4 The special classes of Personal Data and public Personal Data are not processed in the Company. The list of the processed Personal Data is determined by the current legislation of the Russian Federation, as well as local documents of the Company. Collection, record, systematization, accumulation, storage, clarification (updating, change), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deleting, elimination of Personal Data at their processing are carried out both with the use of facilities of automation and without the use of such facilities.

 

4 TERMS AND CONDITIONS OF PROCESSING OF PERSONAL DATA OF THE SUBJECTS OF PERSONAL DATA AND ITS TRANSMISSION TO THE THIRD PERSONS

4.1 The company carries out processing of Personal Data of the subjects of Personal Data according to internal normative documents, designed according to the requirements of legislation of the Russian Federation in the field of Personal Data.

4.2 At processing of Personal Data of the subject it is necessary to provide their confidentiality, integrity and availability. Transmission of Personal Data to the third persons for execution of contractual obligations is carried out only with consent of the subject Personal Data and for execution of the requirements of legislation of the Russian Federation in the order established by legislation.

4.3 The company can entrust processing of Personal Data to other person at execution of the following terms and conditions:

4.3.1 The consent of the subject of Personal Data for entrusting of processing of Personal Data is obtained for other person;

4.3.2 The entrusting of processing of Personal Data is carried out on the grounds of Contract, concluded with this person, developed taking into account the requirements of the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data".

4.4 A person, who carries out processing of Personal Data by order of the Company, is under an obligation to follow the principles and rules of processing of Personal Data and bears the responsibility before the Company. The Company bears responsibility before the subject of Personal Data for actions of the authorized person who was entrusted by the Company on processing of Personal Data.

4.5 At processing of Personal Data of the subjects, the Company follows the provisions of the Federal law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data".

5 RIGHTS OF THE SUBJECT ON AN ACCESS AND CHANGE OF HIS PERSONAL DATA

5.1 For provision of observance of the rights, established by the legislation for the subjects of Personal Data, the order of work with appeals and queries of the subjects of Personal Data, as well as the order of provision of information to the subjects of Personal Data, established by the legislation of the Russian Federation in the field of Personal Data are developed and entered into force in the Company.

5.2 This order provides the observance of the following rights for the subject of Personal Data:

5.2.1 Right on the receipt of information, related to processing of Personal Data, of the corresponding subject the Personal Data, including:

- confirmation of the fact of processing of Personal Data;

- legal grounds and purposes of processing of Personal Data;

- purposes and methods of processing of Personal Data, applied by the Company;

- the name and place of location of the Company, information about persons (except for employees of the Company), who have an access to Personal Data or who can disclose Personal Data on the basis of the Contract with the Company or on the basis of another requirements of the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

- the processed Personal Data, related to the corresponding subject of Personal Data, source of their receipt, if another order of representation of such Personal Data is not provided by the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

- the terms of processing of Personal Data, including terms of its storage;

- the order of execution of rights by the subject of Personal Data, provided by the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

- information about forecasting or carrying out of across boundary transmission of Personal Data;

- the business name or surname, name, patronymic and address of the entity (person), carrying out processing of Personal Data by the order of the Company, if processing is entrusted or will be entrusted to such person;

- another information, provided by the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data" or other requirements of legislation in the field of Personal Data.

5.2.2 Right on clarification, blocking or elimination of Personal Data, if Personal Data are incomplete, out-of-date, inexact, illegal or such Personal Data are not necessary for the stated purpose of processing, as well as making arrangements on protection of rights, provided by the legislation of the Russian Federation in the field of Personal Data.

5.3 The query of the subject of Personal Data can be directed in the form of electronic document and signed by computer generated signature (an electronic signature) according to the legislation of the Russian Federation.

 6 RIGHTS AND OBLIGATIONS OF THE COMPANY

6.1 According to the requirements of the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data" the Company is under the following obligations:

6.1.1 To carry out processing of Personal Data with the observance of principles and rules, provided by the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

6.1.2 Not to disclose to the third persons and not distribute Personal Data without the consent of the subject of Personal Data, if another is not provided the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

6.1.3 To furnish proofs of consent on processing of Personal Data of the subject of Personal Data or proofs of availability of the grounds, in according to which such consent is not required;

6.1.4 To carry out processing of Personal Data only with written consent of the subject of Personal Data, in the cases, provided by the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

6.1.5 To submit to the subject of Personal Data or his representative an information upon a request, related to processing of Personal Data of the corresponding subject of Personal Data, or to provide the reasonable refusal in provision of the mentioned information, containing reference to the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data", during a period not exceeding thirty days from the day of request of the subject of Personal Data or his representative.

6.1.6 To explain the legal consequences of refusal to provide him Personal Data to the subject of Personal Data, if provision of Personal Data is obligatory under the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

6.1.7 To assume all necessary legal, organizational and technical measures or provide their making for protection of Personal Data against illegal or casual access to such data, elimination, change, blocking, reprinting, provision, distribution of Personal Data, as well as against another wrong acts in regard to Personal Data;

6.1.8 To introduce amendments to the processed Personal Data on request of the subject of Personal Data or his representative, in case of confirmation of the fact of inaccuracy of the processed Personal Data of the corresponding subject of Personal Data during seven working days;

6.1.9 To discontinue processing of Personal Data during a period, not exceeding three working days, in case of discovering of illegal processing on request of the subject of Personal Data or his representative, if blocking of Personal Data does not violate rights and legal interests of the corresponding subject of Personal Data or the third persons;

6.1.10 To eliminate Personal Data of the corresponding subject of Personal Data during a period, not exceeding ten working days, in case if provision of legal processing of Personal Data is impossible;

6.1.11 To inform the subject of Personal Data or his representative about all changes, related to the corresponding subject of Personal Data;

6.1.12 To keep a registration book of requests of the subjects of Personal Data, all queries and appeals of the subject of Personal Data or his representative should be recorded in such book;

6.1.13 To stop processing of Personal Data and eliminate of Personal Data of the corresponding subject of Personal Data, in case of achievement of purposes of processing of Personal Data during a period, not exceeding thirty days from the date of achievement of purposes on processing of Personal Data, if another is not provided by the Contract, the Party of which, a beneficial owner or guarantor under such Contract is the subject of Personal Data, by another agreement between the Company and the subject of Personal Data, or the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data" or other federal laws;

6.1.14 To stop processing of Personal Data and eliminate Personal Data of the corresponding subject of Personal Data, in case of withdrawal of consent on processing of Personal Data by the subject of Personal Data during a period, not exceeding thirty days from the date of receipt of the above mentioned withdrawal, if another is not provided by the Contract between the Company and the subject of Personal Data.

6.2 According to the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data" the Company has the following rights:

6.2.1 To carry out processing of Personal Data without the consent of the subject of Personal Data at availability of grounds, specified in Articles 6, 10, 11 of the Federal Law of the Russian Federation dd. July 27, 2006 No. 152-FZ "Concerning Personal Data";

6.2.2 To refuse to the subject of Personal Data on execution of query/the repeated query, in case if the reasonable reply was given about the refuse of execution of such query to the subject of Personal Data;

6.2.3 To carry out processing of Personal Data without sending of notification to Roskomnadzor about processing of Personal Data in the following cases of processing of Personal Data:

- according to a labour legislation;

- Personal Data were receipt by the Company in connection with the conclusion of the Contract, the Party of which is the subject of Personal Data, if Personal Data are not distributed and transferred to the third persons without the consent of the subject of Personal Data and such data are used by the Company exceptionally for execution of the above contract and conclusion of contracts with the subject of Personal Data;

- Personal Data composed of surnames, names and patronymics of the subjects of Personal Data;

- without the use of facilities of automation according to federal laws or another normative legal acts of the Russian Federation in the field of Personal Data.

7 MEASURES, APPLIED FOR SECURITY OF PERSONAL DATA OF THE SUBJECTS

7.1 The Company takes necessary and sufficient organizational and technical measures for security of Personal Data of the subjects of Personal Data against illegal or casual access to such data, elimination, change, blocking, reprinting, distribution as well as against another wrong actions.

7.2 Measures on provision of security of Personal Data, applied by the Company as follows:

7.2.1 Appointment of the responsible person for organization of processing of Personal Data ;

7.2.2 Issue of documents, which determine the policy of the Company in regard to processing of Personal Data, local acts on the matters questions of processing of Personal Data, as well as local acts, which provide the procedures, intended for prevention and discovering of violations of the legislation of the Russian Federation in the field of Personal Data, mitigation of consequences of such violations;

7.2.3 Estimation of harm, which can be inflicted to the subjects of Personal Data in case of violation of the legislation of the Russian Federation in the field of Personal Data, correlation of the above mentioned harm and measures, intended for provision of execution of the legislation of the Russian Federation in the field of Personal Data ;

7.2.4 Familiarization of employees of the Company, carrying out processing of Personal Data directly, with Provisions of the legislation of the Russian Federation in the field of Personal Data , including requirements on security of Personal Data, documents, which determine the policy of the Company in relation to processing of Personal Data, local acts on the matters of processing of Personal Data, and (or) training of the above employees;

7.2.5 Determination of security threats for Personal Data at processing in the information systems of Personal Data (hereinafter referred to as – information systems of Personal Data);

7.2.6 Taking of organizational and technical measures on provision of security of Personal Data at their processing in the information systems of Personal Data, necessary for execution of requirements to protection of Personal Data, execution of which is provided by levels of security of the personal data, established by the Government of the Russian Federation;

7.2.7 Application of facilities of information security, passing the procedure of conformity evaluation according to the established order;

7.2.8 Estimation of efficiency of the assume measures on provision of security of Personal Data before putting into the operation of the information systems of Personal Data;

7.2.9 Accounting of Personal Data mediums;

7.2.10 Discovering of the facts of unauthorized access to Personal Data and taking of measures;

7.2.11 Renewal of Personal Data, modified or eliminated because of unauthorized access to such data;

7.2.12 Establishment of the rules on access to Personal Data, processed by the information systems of Personal Data, as well as provision of registration and accounting of all actions, carried out with Personal Data in the information systems of Personal Data;

7.2.13 Control of the assume measures on provision of security of Personal Data and level of protection of the information systems of Personal Data.

 8 PERSONS, RESPONSIBLE FOR ORGANIZATION OF PROCESSING OF PERSONAL DATA IN ORGANIZATIONS

8.1 The Company appoints a person, responsible for organization of processing of Personal Data .

8.2 A person responsible for organization of processing of Personal Data, is instructed directly by Director General of the Company.

8.3 A person responsible for organization of processing of Personal Data is under an obligation:

- to carry out internal control of observation of legislation of the Russian Federation in the field of Personal Data by the Company and its employees, as well as internal organizational and administrative documents of the Company on the matters of processing and security of Personal Data;

- to inform employees of the Company about the provisions of legislation of the Russian Federation in the field of Personal Data, local acts on the matters of processing of Personal Data, requirements on security of Personal Data ;

- to take part in the review of internal organizational and administrative documents of the Company on the matters of processing and security of Personal Data;

- to organize reception and processing of resorts and queries of the subjects of Personal Data or their representatives and (or) carry out control of reception and processing of such resorts and queries.

 9 RESPONSIBILITY FOR EXECUTION OF PROVISIONS OF THE POLICY

9.1 Employees of the Companies, who carry out processing of Personal Data, as well as the persons, responsible for organization and provision of security of Personal Data in the Company, bear the disciplinary and administrative responsibility according to the current legislation of the Russian FEDERATION for violation of Provisions of the present Policy, local acts of the Company, another requirements, provided by the legislation of Russian FEDERATION in the field of Personal Data.