Policy of storage and processing of personal data

1 INTRODUCTION

1.1 This document defines the policy of the EICO organization regarding the processing of personal data (hereafter - PDD).
1.2 This Policy was developed in accordance with the current legislation of the Russian Federation on personal data.
1.3 This Policy applies to all processes for collecting, recording, systemizing, storing, storing, clarifying, extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying personal data carried out using automation and without using such funds.

2 PRINCIPLES FOR PERSONAL DATA PROCESSING

Processing of personal data is based on the following principles:
1) The processing of personal data is carried out on a legal and fair basis; 2) Processing of personal data is limited to the achievement of specific, pre-determined and legitimate purposes. It is not allowed to process personal data incompatible with the purpose of collecting personal data.
3) It is not allowed to combine databases containing personal data, processing of which is carried out for purposes incompatible with each other

4) Only those personal data that are suitable for processing are subject to processing; 5) The content and volume of processed personal data are consistent with the stated processing objectives. Processed personal data are not redundant in relation to the stated treatment objectives;
6) When processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, the relevance to the stated purposes of their processing are ensured.
7) The storage of personal data is carried out in a form that allows the subject of personal data to be determined no longer than the purpose of personal data processing requires, unless the period of personal data storage is established by a federal law, a contract to which the subject of personal data is a party whose beneficiary or guarantor is the subject. Processed personal data are subject to destruction, or depersonalization upon achievement of treatment objectives or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3 PERSONAL DATA PROCESSING TERMS

3.1. Processing of personal data is carried out in compliance with the principles and rules established by the Federal Law "On Personal Data". Processing of personal data is allowed in the following cases:
1) The processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
2) The processing of personal data is necessary to achieve the goals stipulated by the international treaty of the Russian Federation or the law for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation; 3) The processing of personal data is necessary for the administration of justice, the enforcement of a judicial act, an act of another body or official subject to enforcement in accordance with the law of the Russian Federation on enforcement proceedings; 4) the processing of personal data is necessary for the performance of a contract to which the subject of personal data or a beneficiary or guarantor is a party, as well as for the conclusion of a contract on the initiative of a personal data subject or a contract whereby the personal data subject will be a beneficiary or guarantor; 5) the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject if obtaining the consent of the personal data subject is impossible;
6) the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties, or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated; 7) the processing of personal data is carried out for statistical or other research purposes, subject to the obligatory depersonalization of personal data. The exception is the processing of personal data in order to promote goods, works, services on the market by making direct contacts with the potential consumer by means of communications, as well as for political agitation.
8) processing of personal data, access of an unlimited circle of persons to which is provided by the subject of personal data, or at his request (hereinafter - personal data made by a public entity of personal data)

9) processing of personal data subject to publication or mandatory disclosure in accordance with federal law. 3.2 A company may include personal data of entities in the publicly available sources of personal data, while the Company takes the written consent of the entity to process its personal data.
3.3 The Company can process special categories of personal data related to race, nationality, health status, and the Company undertakes to take written consent of the subject to the processing of his personal data
3.4 Biometric personal data (information that characterizes the physiological and biological characteristics of a person on the basis of which it is possible to establish his identity and which are used by the operator to establish the identity of the subject of personal data) are not processed in the Company.
3.5 In the absence of the need for a written consent of the subject to the processing of his personal data, the subject's consent may be given by the subject of personal data or his representative in any form that allows him to receive the fact of his receipt.
3.6 The Company has the right to entrust processing of personal data to another person with the consent of the personal data subject, unless otherwise stipulated by federal law, on the basis of a contract concluded with that person (hereinafter referred to as the operator's instruction). At the same time, the Company in the contract obliges the person who performs the processing of personal data on behalf of the Company to comply with the principles and rules for the processing of personal data provided for by this Federal Law.
3.7 In case the Company entrusts the processing of personal data to another person, the Company bears responsibility to the personal data subject for the actions of this person. A person carrying out the processing of personal data on behalf of the Company is liable to the Company.
3.8 The Company undertakes and undertakes other persons who have access to personal data, do not disclose to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

4 DUTIES OF THE COMPANY

In accordance with the requirements of the Federal Law No. 152-FZ "On Personal Data", the Company is obliged:
• To provide the subject of personal data upon his request with information regarding the processing of his personal data, or on legal grounds to refuse.
• At the request of the subject of personal data, to refine processed personal data, block or delete, if personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing.
• Maintain the Journal of Registration of Appeals of Personal Data Subjects, which should record the requests of personal data subjects for obtaining personal data, as well as the facts of providing personal data on these requests.
• Notify the subject of personal data on the processing of personal data in the event that personal data were not obtained from the subject of personal data. The following cases are an exception:
1. The PDD subject is notified of the processing of his PDE by the relevant operator;
2. PDD obtained by the Company on the basis of a federal law or in connection with the performance of a contract to which the party is either a beneficiary or a guarantor under which the entity is a party; 3. PDN made publicly available PDD subject or obtained from a public source;
4. Granting to the subject of PD the information contained in the Notice of Processing PD violates the rights and legitimate interests of third parties.
• In the event that the purpose of processing personal data is achieved, immediately stop processing personal data and destroy the relevant personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by an agreement, data, other agreement between the Company and the personal data subject or if the Company is not entitled to process personal data without the consent of the subject of personal data on the grounds provided №152-FZ "On personal data" or other federal laws.
• In the event of the subject's withdrawal of personal data consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by agreement between the Company and the personal data subject. On the destruction of personal data the Company is obliged to notify the subject of personal data.
• In case of receipt of the subject's request for termination of the processing of personal data in order to promote goods, works, services on the market, immediately stop processing personal data.

5 SECURITY MEASURES FOR PERSONAL DATA IN THEIR PROCESSING

5.1 When processing personal data, the Company shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions against personal data .
5.2 Ensuring the security of personal data is achieved, in particular:
• Identifying threats to the security of personal data when processing them in personal data information systems.
• use of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems required to meet the requirements for the protection of personal data, the fulfillment of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation.
• application of the procedure for assessing the compliance of information protection means that passed in the established procedure;
• evaluation of the effectiveness of measures taken to ensure the security of personal data prior to commissioning of the personal data information system;
• taking into account computer personal data carriers;
• detection of unauthorized access to personal data and measures;
• restoration of personal data, modified or destroyed due to unauthorized access to them;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
• control over the measures taken to ensure the security of personal data and the level of security of information systems for personal data.





Sign up to our newsletter
Fill out your email and try again!
By clicking the "Subscribe" button you agree with the offer contract
The information provided on the website is for informational purposes only and is not a public offer. © eico.group 2009-2019. All rights reserved.