PRIVACY POLICY and personal data processing rules for www.contrust-mra.ru (Contrust LLC)
1. General provisions
1.1. The present document (hereinafter referred to as the "Policy") defines purposes and principles of personal data processing in Contrust LLC (primary state registration N: 1207700051767, registered address: MASTERKOVA UL, 4-I/1-2 115280, MOSCOW, RF) (hereinafter referred to as the "Company"), as well as implemented measures protecting the rights of the personal data subjects.
1.2. The Policy was developed and implemented based on the requirements of the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data» with due regard to other regulatory documents related to privacy of personal data, such as General Data Protection Regulation. At the same time terms and expressions used herein without definition shall have the meanings assigned to them in the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data».
1.3. The present Policy establishes the conditions for processing personal data of the following personal data subjects:
· Survey participants (respondents) — individuals who agreed to participate in surveys conducted by the Company;
· Suppliers who provide services or deliver goods to the Company under executed contracts;
· Employees of the Company;
· Internet users who visited the present web-site of the Company;
· Candidates for vacancies in the Company;
· Other persons having no labor relations with the Company.
1.2. The Policy was developed and implemented based on the requirements of the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data» with due regard to other regulatory documents related to privacy of personal data, such as General Data Protection Regulation. At the same time terms and expressions used herein without definition shall have the meanings assigned to them in the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data».
1.3. The present Policy establishes the conditions for processing personal data of the following personal data subjects:
· Survey participants (respondents) — individuals who agreed to participate in surveys conducted by the Company;
· Suppliers who provide services or deliver goods to the Company under executed contracts;
· Employees of the Company;
· Internet users who visited the present web-site of the Company;
· Candidates for vacancies in the Company;
· Other persons having no labor relations with the Company.
2. Definitions
2.1. "Data Controller" or Data Operator" means an entity who, separately or jointly with other entities, arranges and/or carries out personal data processing, as well as determines the purposes of personal data processing, scope of personal data to be processed, and actions (operations) performed on personal data;
2.2. Personal Data means Any information relating directly or indirectly to an identified or identifiable individual;
2.3. Sensitive Data means Personal data related to race, national origin, political views, religious and philosophical convictions, and health and intimacy;
2.4. Personal Data Processing means any activity (operation) or set of activities (operations) which are performed upon personal data, whether or not by automatic means, including the collection, recording, systematisation, gathering, storage, specification, updating, alteration, retrieval, use, transfer, dissemination, making available, access, depersonalisation, blocking, deletion, and destruction of personal data;
2.5. Personal Data Subject means an individual to whom personal data relates.
2.2. Personal Data means Any information relating directly or indirectly to an identified or identifiable individual;
2.3. Sensitive Data means Personal data related to race, national origin, political views, religious and philosophical convictions, and health and intimacy;
2.4. Personal Data Processing means any activity (operation) or set of activities (operations) which are performed upon personal data, whether or not by automatic means, including the collection, recording, systematisation, gathering, storage, specification, updating, alteration, retrieval, use, transfer, dissemination, making available, access, depersonalisation, blocking, deletion, and destruction of personal data;
2.5. Personal Data Subject means an individual to whom personal data relates.
3. Principles of the Personal data processing
3.1. The Company shall process personal ensuring protection of rights and freedoms of personal data subjects, including protection of the right to privacy, personal and family secrets, on the basis of the following principles:
· The principle of legality of purposes and methods of processing personal data;
· The principle of compliance of personal data processing objectives with the purposes predetermined and declared during the collection of personal data, as well as the authority of the Company as a personal data operator;
· The principle of conformity of the volume and nature of personal data processed, as well as the methods of their processing with the declared purposes;
· The principle of ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of personal data processing;
· The principle of inadmissibility of processing personal data redundant to the purposes declared in the collection of personal data.
3.2. The Personal data processing is carried out by the Company on a legal and fair basis. The main legal grounds for processing of personal data include:
· Constitution of the Russian Federation;
· Labour Code of the Russian Federation;
· Civil Code of the Russian Federation;
· Tax Code of the Russian Federation;
· Federal Law of January 10, 2002, No 1-FZ "Concerning Electronic Digital Signatures";
· Federal Law of April 06, 2011, No 63-FZ "Concerning Electronic Digital Signatures";
· Federal Law of July 7, 2003 No. 126-FZ "On Communications";
· Federal Law of 27 July 2006 No. 149-FZ "On Information, Information Technologies and Protection of Information";
· Federal Law of May 04, 2011 No. 99-FZ "Concerning the Licensing of Certain Types of Activity";
· Federal Law of December 6, 2011 No. 402-FZ "On Accounting";
· Federal Law of April 01, 1996 No. 27-FZ "On Individual Personalized Record-Keeping in the Compulsory Pension Insurance System";
· Other laws and regulations in force on the territory of the Russian Federation;
· Articles of Association of the Company;
· Regulations and policies of the Company;
· Contracts of the Company;
· Consent of personal data subjects
3.3. The processing of personal data in the Company is carried out in a mixed way: with and without usage of automation tools.
3.4. The personal data processing actions include: collection, recording, systematisation, gathering, storage, specification, updating, alteration, retrieval, use, transfer, dissemination, making available, access, depersonalisation, blocking, deletion, and destruction of personal data.
3.5. In the course of personal data processing the Company ensures the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing. If inaccurate or incomplete personal data is found, the Company may initiate a process to rectify and update the personal data. In case updating of personal data is beyond the Company's capabilities, the processing may be suspended until the personal data is updated accordingly. Obligations and liability for timely updating of personal data for specific cases may be established by agreements or local acts of the Company.
3.6. In case the purpose of processing personal data is achieved, the Company immediately stops processing of personal data and shall destroy it within thirty days from the date of achievement of the purpose of processing personal data, unless otherwise provided by the agreement between the Company and the personal data subject.
3.7. In case of revocation by the personal data subject of the consent to the processing of his personal data, the Company shall stop such processing of personal data and destroy personal data within thirty days from the date of receipt of the said recall, unless otherwise provided by the agreement between the Company and the personal data subject.
When processing personal data, the Company shall take the necessary legal, organizational and technical measures to protect the personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
· The principle of legality of purposes and methods of processing personal data;
· The principle of compliance of personal data processing objectives with the purposes predetermined and declared during the collection of personal data, as well as the authority of the Company as a personal data operator;
· The principle of conformity of the volume and nature of personal data processed, as well as the methods of their processing with the declared purposes;
· The principle of ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of personal data processing;
· The principle of inadmissibility of processing personal data redundant to the purposes declared in the collection of personal data.
3.2. The Personal data processing is carried out by the Company on a legal and fair basis. The main legal grounds for processing of personal data include:
· Constitution of the Russian Federation;
· Labour Code of the Russian Federation;
· Civil Code of the Russian Federation;
· Tax Code of the Russian Federation;
· Federal Law of January 10, 2002, No 1-FZ "Concerning Electronic Digital Signatures";
· Federal Law of April 06, 2011, No 63-FZ "Concerning Electronic Digital Signatures";
· Federal Law of July 7, 2003 No. 126-FZ "On Communications";
· Federal Law of 27 July 2006 No. 149-FZ "On Information, Information Technologies and Protection of Information";
· Federal Law of May 04, 2011 No. 99-FZ "Concerning the Licensing of Certain Types of Activity";
· Federal Law of December 6, 2011 No. 402-FZ "On Accounting";
· Federal Law of April 01, 1996 No. 27-FZ "On Individual Personalized Record-Keeping in the Compulsory Pension Insurance System";
· Other laws and regulations in force on the territory of the Russian Federation;
· Articles of Association of the Company;
· Regulations and policies of the Company;
· Contracts of the Company;
· Consent of personal data subjects
3.3. The processing of personal data in the Company is carried out in a mixed way: with and without usage of automation tools.
3.4. The personal data processing actions include: collection, recording, systematisation, gathering, storage, specification, updating, alteration, retrieval, use, transfer, dissemination, making available, access, depersonalisation, blocking, deletion, and destruction of personal data.
3.5. In the course of personal data processing the Company ensures the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing. If inaccurate or incomplete personal data is found, the Company may initiate a process to rectify and update the personal data. In case updating of personal data is beyond the Company's capabilities, the processing may be suspended until the personal data is updated accordingly. Obligations and liability for timely updating of personal data for specific cases may be established by agreements or local acts of the Company.
3.6. In case the purpose of processing personal data is achieved, the Company immediately stops processing of personal data and shall destroy it within thirty days from the date of achievement of the purpose of processing personal data, unless otherwise provided by the agreement between the Company and the personal data subject.
3.7. In case of revocation by the personal data subject of the consent to the processing of his personal data, the Company shall stop such processing of personal data and destroy personal data within thirty days from the date of receipt of the said recall, unless otherwise provided by the agreement between the Company and the personal data subject.
When processing personal data, the Company shall take the necessary legal, organizational and technical measures to protect the personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
4. Purposes of personal data processing
4.1. Personal data processing should be limited to the achievement of specific, predetermined and legitimate purposes. Personal data processing incompatible with the purposes of collecting personal data is not allowed.
4.2. The Company may from time to time process personal data for the following purposes:
· Ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation, international treaties of the Russian Federation and the requirements of other international legal documents;
· Conducting of the principal activity of the Company;
· Recruitment of respondents — involvement of these persons in the surveys to be conducted by the Company;
· Interviewing of respondents in the course of survey conducting;
· Quality control of surveys;
· Fulfillment of contractual obligations under contracts executed by the Company with third parties;
· Search and selection of candidates for work in the Company;
· Filling out and submitting required reporting forms to the executive authorities and other authorized organizations;
· Accounting;
· Access control;
· Observance of the rights and legitimate interests of personal data subjects;
· Protection of the rights and legitimate interests of the Company from unlawful conduct or conduct that does not comply with the legislation of the Russian Federation or this Policy;
4.2. The Company may from time to time process personal data for the following purposes:
· Ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation, international treaties of the Russian Federation and the requirements of other international legal documents;
· Conducting of the principal activity of the Company;
· Recruitment of respondents — involvement of these persons in the surveys to be conducted by the Company;
· Interviewing of respondents in the course of survey conducting;
· Quality control of surveys;
· Fulfillment of contractual obligations under contracts executed by the Company with third parties;
· Search and selection of candidates for work in the Company;
· Filling out and submitting required reporting forms to the executive authorities and other authorized organizations;
· Accounting;
· Access control;
· Observance of the rights and legitimate interests of personal data subjects;
· Protection of the rights and legitimate interests of the Company from unlawful conduct or conduct that does not comply with the legislation of the Russian Federation or this Policy;
5. Scope and types of processed personal data
5.1. Depending on the specific goals stated in this Policy, the Company may process the following categories (types) of personal data:
5.1.1. personal information (last name, first name, patronymic, including the previous ones; gender; year, month, date of birth; age; place of birth, nationality, citizenship);
5.1.2. contact details (postal address, telephone numbers, e-mail addresses, pseudonyms, identifiers in social networks and communication services); registration and actual place of residence ;
5.1.3. information about identity documents; driving license; information about the identification numbers of the subject in state accounting systems (for example, TIN, SNILS, etc.); information on compulsory and voluntary medical insurance policies;
5.1.4. 5.1.4. professional activity (place of work; position; structural unit; personnel number; length of service; interest in legal entities; powers);
5.1.5. skills and qualifications (education received; profession; assigned specialties; knowledge of foreign languages; completed training courses, internships and practices);
5.1.6. information about the family (marital status; family composition; legal representatives, closest relatives);
5.1.7. social status; property status; information about vehicles;
5.1.8. information about contracts and agreements, their statuses; information about participation in partnership and bonus programs; referral promo codes; information about the products and services used;
5.1.9. recommendations and reviews; information on personnel assessment;
5.1.10.financial position; level of income; information on tax and other deductions to state funds; information about accruals and deductions of funds, remuneration in a different form; information about purchases made, orders for goods and services; payment details;
5.1.11.information about the presence in separate state registers, databases and lists;
5.1.12.information about military registration; information on migration registration;
5.1.13.electronic user data; electronic signature certificates;
5.1.14.hobbies and hobbies; personal interests; tastes and preferences; subscription to mailing lists;
5.1.15.health status; information about disability, incapacity for work;
5.1.16.information about incentives, awards, penalties and prosecution;
5.1.17.other information provided.
5.2. The volume and content of personal data must comply with the stated purposes of their processing provided for in this Policy. Personal data should not be redundant in relation to the declared purposes of their processing.
5.1.1. personal information (last name, first name, patronymic, including the previous ones; gender; year, month, date of birth; age; place of birth, nationality, citizenship);
5.1.2. contact details (postal address, telephone numbers, e-mail addresses, pseudonyms, identifiers in social networks and communication services); registration and actual place of residence ;
5.1.3. information about identity documents; driving license; information about the identification numbers of the subject in state accounting systems (for example, TIN, SNILS, etc.); information on compulsory and voluntary medical insurance policies;
5.1.4. 5.1.4. professional activity (place of work; position; structural unit; personnel number; length of service; interest in legal entities; powers);
5.1.5. skills and qualifications (education received; profession; assigned specialties; knowledge of foreign languages; completed training courses, internships and practices);
5.1.6. information about the family (marital status; family composition; legal representatives, closest relatives);
5.1.7. social status; property status; information about vehicles;
5.1.8. information about contracts and agreements, their statuses; information about participation in partnership and bonus programs; referral promo codes; information about the products and services used;
5.1.9. recommendations and reviews; information on personnel assessment;
5.1.10.financial position; level of income; information on tax and other deductions to state funds; information about accruals and deductions of funds, remuneration in a different form; information about purchases made, orders for goods and services; payment details;
5.1.11.information about the presence in separate state registers, databases and lists;
5.1.12.information about military registration; information on migration registration;
5.1.13.electronic user data; electronic signature certificates;
5.1.14.hobbies and hobbies; personal interests; tastes and preferences; subscription to mailing lists;
5.1.15.health status; information about disability, incapacity for work;
5.1.16.information about incentives, awards, penalties and prosecution;
5.1.17.other information provided.
5.2. The volume and content of personal data must comply with the stated purposes of their processing provided for in this Policy. Personal data should not be redundant in relation to the declared purposes of their processing.
6. Organizational and technical measures to protect and secure personal data
6.1. The Company implemented the measures provided for in Articles 18.1. and 19 of the Federal Law of 27.07.2006, No. 152-FZ "On Personal Data", as well as other measures ensuring security of personal data in accordance with the data privacy requirements established by the Government of the Russian Federation. More specifically the following actions were done:
6.1.1. a data privacy officer was appointed;
6.1.2. organizational and administrative documents and policies in regard of processing of personal data were developed and approved;
6.1.3. a list of persons having access to personal for the performance of their employment or contractual duties was approved;
6.1.4. employees directly involved in processing of personal data were briefed and acknowledged that they understand i) the data privacy provisions of the legislation of the Russian Federation; ii) a internal policies and rules of the Company regarding the processing of personal data; iii) organizational and administrative documents on the processing of personal data;
6.1.5. this Policy on the personal data processing rules and principles in the Company was duly published;
6.1.6. internal control system to ensure compliance of the Company's activity with the requirements of the Federal Law of 27.07.2006, No. 152-FZ "On Personal Data" and other regulatory legal acts was adopted and implemented accordingly;
6.1.7. various technical measures were taken to secure personal data in the course of its processing with information systems of the Company;
6.1.8. other measures provided for by applicable law.
6.1.1. a data privacy officer was appointed;
6.1.2. organizational and administrative documents and policies in regard of processing of personal data were developed and approved;
6.1.3. a list of persons having access to personal for the performance of their employment or contractual duties was approved;
6.1.4. employees directly involved in processing of personal data were briefed and acknowledged that they understand i) the data privacy provisions of the legislation of the Russian Federation; ii) a internal policies and rules of the Company regarding the processing of personal data; iii) organizational and administrative documents on the processing of personal data;
6.1.5. this Policy on the personal data processing rules and principles in the Company was duly published;
6.1.6. internal control system to ensure compliance of the Company's activity with the requirements of the Federal Law of 27.07.2006, No. 152-FZ "On Personal Data" and other regulatory legal acts was adopted and implemented accordingly;
6.1.7. various technical measures were taken to secure personal data in the course of its processing with information systems of the Company;
6.1.8. other measures provided for by applicable law.
7. Personal data localization requirements
7.1. In case the personal data are collected through the Internet and telecommunication network, the Company shall ensure recording, systematization, accumulation, storage, refinement (updating, modification), extraction of personal data of the Russian citizens/residents using databases located in the territory of the Russian Federation, except in cases provided by the legislation of the Russian Federation.
8. Rights of personal data subjects
8.1. A personal data subject has the right to withdraw consent to personal data processing by sending a corresponding notice to the Company by mail, to the email address yuriy.podtserkovskiy@contrust-mra.ru or by visiting the Company at the address: 115280, Moscow, 11, st. Avtozavodskaya, office № 419.
8.2. The personal data subject has the right to obtain the following information regarding processing of the personal data of such person:
8.2.1. confirmation that personal data of this person are processed by the Company;
8.2.2. legal grounds and purposes of personal data processing;
8.2.3. the purposes and methods of personal data processing;
8.2.4. the scope of processed personal data relating to the requesting person, the source of their receipt or collection, unless another procedure for submitting such data is provided for by federal law;
8.2.5. terms of personal data processing, including the terms of personal data storage;
8.2.6. the procedure for the exercise by the personal data subject of its rights provided for by 152-FZ;
8.2.7. information about the carried out or intended cross-border personal data transfer(s);
8.2.8. name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Company, if the processing is entrusted or will be entrusted to a third party;
8.2.9. other information provided for by 152-FZ or other federal laws.
8.3. The personal data subject has the right to demand from the Company correction of his personal data, as well as their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and to take measures provided for by the applicable law to protect their right.
8.4. The personal data subject has the right to protect his rights and legitimate interests by addressing its claims to the court demanding compensation of losses and non-pecuniary damage.
8.2. The personal data subject has the right to obtain the following information regarding processing of the personal data of such person:
8.2.1. confirmation that personal data of this person are processed by the Company;
8.2.2. legal grounds and purposes of personal data processing;
8.2.3. the purposes and methods of personal data processing;
8.2.4. the scope of processed personal data relating to the requesting person, the source of their receipt or collection, unless another procedure for submitting such data is provided for by federal law;
8.2.5. terms of personal data processing, including the terms of personal data storage;
8.2.6. the procedure for the exercise by the personal data subject of its rights provided for by 152-FZ;
8.2.7. information about the carried out or intended cross-border personal data transfer(s);
8.2.8. name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Company, if the processing is entrusted or will be entrusted to a third party;
8.2.9. other information provided for by 152-FZ or other federal laws.
8.3. The personal data subject has the right to demand from the Company correction of his personal data, as well as their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and to take measures provided for by the applicable law to protect their right.
8.4. The personal data subject has the right to protect his rights and legitimate interests by addressing its claims to the court demanding compensation of losses and non-pecuniary damage.
9. Miscellaneous
9.1. The provisions of this Policy are binding on employees of the Company whose job responsibilities include processing personal data and ensuring security of such data.
9.2. Pursuant to the requirements of Part 2 of Article 18.1 of the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data», this Policy is published in the public domain on the Company's website.
9.3. The Company checks the contents of this Policy for compliance with applicable law and, if necessary, makes changes to the terms of this Policy from time to time.
9.4. Third parties mentioned in this Policy may contact the Company on issues related to the processing of their personal data, in cases provided for by this Policy and applicable law, at the following address: MASTERKOVA UL, 4-I/1-2 115280, MOSCOW, RF, as well as by e-mail: yuriy.podtserkovskiy@contrust-mra.ru.
9.2. Pursuant to the requirements of Part 2 of Article 18.1 of the Federal Law dated 27 July 2006 No. 152-FZ «On Personal Data», this Policy is published in the public domain on the Company's website.
9.3. The Company checks the contents of this Policy for compliance with applicable law and, if necessary, makes changes to the terms of this Policy from time to time.
9.4. Third parties mentioned in this Policy may contact the Company on issues related to the processing of their personal data, in cases provided for by this Policy and applicable law, at the following address: MASTERKOVA UL, 4-I/1-2 115280, MOSCOW, RF, as well as by e-mail: yuriy.podtserkovskiy@contrust-mra.ru.
По всем вопросам свяжитесь с нами любым удобным способом:
E-mail: ask@contrust-mra.ru
Телефон: +7 926 344 54 31
Соцсети: Facebook | Instagram | Youtube
E-mail: ask@contrust-mra.ru
Телефон: +7 926 344 54 31
Соцсети: Facebook | Instagram | Youtube
МЕНЮ
© 2020 CONTRUST Все права защищены
Продукт
Стратегия/Рынок
Концепция/Упаковка
Счастливый клиент
Стратегия/Рынок
Концепция/Упаковка
Счастливый клиент
ИССЛЕДОВАНИЯ
Контакты
Написать нам
Оставить заявку
Политика конфиденциальности
Написать нам
Оставить заявку
Политика конфиденциальности
INFO
