Personal data processing policy

PERSONAL DATA PROCESSING POLICY
for IE (Individual Entrepreneur) E. S. Permyakova

1.   General

  • Personal Data Processing Policy (hereinafter referred to as the “Policy”) is aimed at protection of rights and freedoms of natural persons, whose personal data is processed by Individual Entrepreneur S. Permyakova (hereinafter referred to as the “Processor”).
  • The Policy was developed in accordance with Clause 2, Part 1, Article 18.1 of Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as FZ “On Personal Data”).
  • The Policy contains information subject to disclosure in accordance with Part 1, Article 14 of FZ “On Personal Data” and is a public document.

2.   Information about the Processor

  • The operator operates at the registration
  • Individual Entrepreneur Elena Sergeevna Permyakova (phone +7 (910) 411-3244) was appointed as a person responsible for organizing personal data
  • The database with information containing personal data of citizens of the Russian Federation is located Processor’s business address.

 

3.   Information on personal data processing

  • The Processor processes personal data on a legal and equitable basis to perform functions, exercise powers and meet obligations imposed thereupon by the law as well as to exercise rights and legal interests of the Processor, the Processor’s employees and third
  • The Processor receives personal data directly from the personal data
  • The Processor processes personal data using automated and non-automated techniques by means of computer equipment and without computer
  • Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, provision of access), depersonalization, blocking, deletion,
  • The databases with information containing personal data of citizens of the Russian Federation are located on the territory of the Russian

 

4.   Client Personal Data Processing

  • The Processor processes client personal data within the framework of legal relationships with the Processor governed by Part Two of the Civil Code of the Russian Federation dated January 26, 1996 No. 14-FZ (hereinafter referred to as the “clients”).
  • The Processor processes personal data of the clients to comply with Russian law as well as with the following goal:
  • to enter into contracts with clients and perform obligations thereunder;
  • to perform activities provided for in constituent documents of Individual Entrepreneur S. Permyakova.
    • The Processor processes client personal data upon their consent provided for the duration of the contracts entered into with the clients. In cases provided for by FZ “On Personal Data” the consent is provided in writing. In other cases, the consent shall be deemed received upon entering into a contract or performing actions evidencing a concluded
    • The Processor processes the client personal data within duration of the contracts entered into with the clients. The Processor may process the client personal data upon expiration of the contracts with the clients within the period specified in Clause 5, Part 3, Article 24 of Part One of the Tax Code of the Russian Federation, Part 1, Article 29 of FZ “On Financial Accounting” and other regulatory legal
  • The Processor processes special categories of minor client personal data upon a written consent of their legal representatives on the basis of Part 1, Article 9, Clause 1, Part 2, Article 10 of FZ “On Personal Data”.
  • The Processor processes the following client personal data:
  • Full name;
  • Contact phone number;
  • E-mail address;
  • Type, series and number of a personal identification document;
  • Issue date of personal identification document and information about its issuing authority;
  • Year of birth;
  • Month of birth;
  • Date of Birth;
  • Place of birth;
  • Address;
  • Taxpayer Identification Number;
  • State Pension Insurance Certificate Number;
  • Marital status;
  • Nationality;
  • Occupation;
  • Revenue;
  • Insurance Premiums for compulsory pension insurance;
  • Insurance Premiums for compulsory health insurance;
  • Tax deductions;
  • Position;
  • Employee

5.   Information on Personal Data Security

  • The Processor appoints a person responsible for organizing personal data processing for performance of obligations provided for by FZ “On personal data” and the regulatory legal acts passed in accordance therewith.
  • The Processor implements a set of legal, organizational and technical measures to ensure personal data security for the purpose of maintaining personal data confidentiality and its protection from inappropriate actions:
  • provides unlimited access to the Policy, a copy of which is kept at the Processor’s place of business address and may also be uploaded on the Provider’s website (if any);
  • to perform the Policy, approves and brings into effect Regulations on Personal Data Processing (hereinafter referred to as the “Regulations”) and other internal legal acts;
  • familiarizes its employees with the law on personal data as well as the Policy and the Regulations;
  • provides access for the employees to the personal data processed in the Provider’s information system as well as to physical carriers of such data only for performance of employment duties;
  • sets rules for access to personal data processed in the information system of the Processor and ensures registration and recording of all actions therewith;
  • assesses harm, which may be suffered by the personal data subjects in case of failure to comply with FZ “On Personal Data”;
  • determines security threats for personal data in case of its processing in the information system of the Processor;
  • applies organizational and technical measures and uses information security tools required to achieve the established level of personal data protection;
  • identifies unauthorized access to personal data and takes response measures, which include restoration of personal data modified or damaged due to unauthorized access thereto;
  • assesses efficiency of measures taken to ensure security of personal data before the information system of the Processor is put into operation;
  • performs internal control of compliance of personal data processing to FZ “On Personal Data”, regulatory legal acts passed in accordance therewith, personal data protection requirements, the Policy, the Regulations and other internal acts, which includes control of the measures taken to ensure personal data security and maintain its level of protection in the course of processing in the information system of the

6.   Rights of the personal data subjects

  • The personal data subject may:
  • receive personal data related thereto and information related to processing of such personal data;
  • request clarification, blocking or erasure of his personal data if his personal data is incomplete, outdated, incorrect, was illegally received or is not required for the declared processing goal;
  • withhold his consent to personal data processing;
  • protect his rights and legitimate interests, including seek compensation before a court for losses and/or moral damages;
  • appeal against actions or omission of the Processor to an authorized body for protection of rights of personal data subjects or in
    • To exercise their rights and legal interests, the personal data subjects may contact the Processor or forward a request in person or by proxy. The request shall contain the information specified in Part 3, Article 14 of FZ “On Personal Data”.