<div><img src="https://mc.yandex.ru/watch/48959447" style="position:absolute;left:-9999px" alt=""/></div>

Legal information

Personal Data Processing Policy

1. General Provisions

1.1. This Policy is developed in accordance with the provisions of the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Federal Law "On Personal Data", the Federal Law "On Information, Information Technologies and the Protection of Information" and other regulatory legal acts governing the protection of personal data.

1.2. This Policy defines the main issues related to the processing of personal data in Taletsky IP (hereinafter referred to as the Organization) using automation tools, including information and telecommunication networks, or without using such tools.

1.3. Personal data is confidential, protected information and they are subject to all the requirements established by the internal documents of the Organization for the protection of confidential information.

2. The concept and composition of personal data

2.1. Information constituting personal data is any information relating directly or indirectly to a defined, or determined individual (subject of personal data).

2.2. The organization processes personal data of the following categories of personal data subjects:

  • personal data of employees of the Organization - information necessary for the Organization in connection with labor relations;
  • personal data of the client (potential client), partner, counterparty (potential counterparty), as well as personal data of the head, participant (shareholder) or employee of the legal entity that is the client or counterparty (potential client, partner, counterparty) of the Organization - information necessary for the Organization for fulfillment of their obligations under contractual relations with a client (counterparty);

3. Purposes and cases of processing personal data

3.1. The purposes of processing personal data are:

  • organization of personnel records, maintaining personnel records management, assisting employees in finding employment, training and promotion, the implementation of the tax legislation of the Russian Federation in connection with the calculation and payment of personal income tax, as well as the pension legislation of the Russian Federation in the formation and presentation of personalized data about each recipient of income, taken into account when calculating insurance contributions for compulsory pension insurance and security, filling out the primary statistical documentation;
  • conclusion, execution and termination of civil law contracts;

3.2. The processing of personal data in the Organization is allowed in the following cases:

  • if the processing of personal data is carried out with the consent of the subject of personal data;
  • if the processing of personal data is necessary for the execution of an agreement to which either the beneficiary or guarantor is a party under which the personal data subject is, as well as for the conclusion of an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor;
  • if the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data, if obtaining the consent of the subject of personal data is impossible;
  • if the processing of personal data is necessary to exercise the rights and legitimate interests of the Organization or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of the subject of personal data;
  • if the processing of personal data is necessary for the implementation of scientific, literary or other creative activities, provided that this does not violate the rights and legitimate interests of the subject of personal data;
  • if the processing of personal data is carried out for research, statistical or other purposes, subject to the mandatory depersonalization of personal data;
  • if the processing of personal data is carried out, access to an unlimited number of persons to which is provided by the subject of personal data or at his request;
  • if the processing of personal data is subject to publication or mandatory disclosure in accordance with the law;

4. The basic principles of personal data processing

4.1. The processing of personal data is possible only in accordance with the purposes that determined their receipt.

4.2. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other.

4.3. The right of access to the processing of personal data are employees of the Organization in accordance with the functional responsibilities assigned to them.

4.4. When processing personal data, the accuracy of personal data is ensured, its adequacy, and, if necessary, its relevance in relation to the stated purposes of their processing.

4.5. The storage of personal data is carried out in a form that allows to determine the subject of personal data, no longer than the purpose of processing personal data requires, if the storage period for personal data is not established by federal law, by an agreement to which the beneficiary or guarantor is a party to which the subject of personal data is.

4.6. The processed personal data is destroyed or depersonalized when the processing goals are achieved or if the need to achieve these goals is lost, unless otherwise provided by federal law.

4.7. The storage periods of personal data are determined in accordance with the validity period of civil law relations between the subject of personal data and the Organization, the limitation period, the storage periods of documents on paper and documents in electronic databases, other requirements of the legislation of the Russian Federation, as well as the validity period of the consent of the subject to processing of his personal data.

5. Measures to ensure the security of personal data

5.1. When processing personal data, the Organization takes the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

5.2. Ensuring the security of personal data is achieved, in particular:

  • the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation;
  • the discovery of unauthorized access to personal data and the adoption of necessary measures;
  • the establishment of rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
  • control over measures taken to ensure the security of personal data and the level of security of the personal data information system.

6. Rights of the subject of personal data

The subject of personal data has the right:

6.1. To receive information regarding the processing of his personal data, including containing:

  • confirmation of the fact of processing personal data by the operator;
  • legal grounds and purposes of processing personal data;
  • goals and methods of processing personal data used by the Organization;
  • the name and location of the Organization, information about persons (with the exception of employees of the Organization) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Organization or on the basis of federal law;
  • processed personal data relating to the relevant subject of personal data, the source of their receipt, unless otherwise provided for by federal law;
  • terms for processing personal data, including periods for their storage;
  • the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law "On Personal Data";
  • information on completed or suspected cross-border data transfer;
  • the name or surname, name, patronymic and address of the person processing the personal data on behalf of the Organization, if processing is or will be entrusted to such a person;
  • other information provided for by the Federal Law "On Personal Data" or other federal laws.

6.2. Require the Organization to clarify its personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures prescribed by law to protect their rights.

6.3. For free, free access to your personal data, including the right to receive copies of any record containing personal data, with the exception of cases provided for by the legislation of the Russian Federation.

6.4. Appeal to the court any unlawful actions or inaction of the Organization in the processing and protection of its personal data.

7. Responsibilities of the organization

The organization undertakes:

7.1. To take the necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

7.2. Take measures for the organizational and technical protection of personal data in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.

7.3. In order to ensure the protection of personal data, conduct an assessment of the harm that may be caused to personal data subjects in the event of a violation of the security of their personal data, as well as identify current threats to the security of personal data when they are processed in personal data information systems.

7.4. If urgent threats are identified, apply the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including:

  • identification of threats to the security of information containing personal data during its processing;
  • application of organizational and technical measures to ensure the security of information containing personal data during its processing;
  • assessment of the effectiveness of measures taken before the commissioning of the personal data information system;
  • accounting of computer storage media containing personal data;
  • detection of unauthorized access to information containing personal data and taking measures;
  • restoration of personal data modified or destroyed due to unauthorized access to them;
  • establishing rules for access to information containing personal data, ensuring registration and recording of all actions performed with information containing personal data in the personal data information system;
  • control over the measures taken.

8. Duties and responsibilities of the organization’s employees

8.1. Employees of the Organization who are allowed to process personal data are required to:

  • know and strictly comply with the requirements of this Policy;
  • process personal data only as part of the performance of their duties;
  • not to disclose personal data obtained as a result of the performance of their official duties, as well as become known to them by the nature of their activities;
  • suppress the actions of third parties that may lead to the disclosure (destruction, distortion) of personal data;
  • to reveal the facts of disclosure (destruction, distortion) of personal data and inform the immediate supervisor about this;
  • keep secret about information containing personal data in accordance with the local acts of the Organization.

8.2. Employees of the Organization who are allowed to process personal data are prohibited from unauthorized and unregulated copying of personal data to paper information carriers and to any electronic information carriers not intended for storing personal data.

8.3. Each new employee of the Organization directly carrying out the processing of personal data is subject to familiarization with the requirements of the legislation of the Russian Federation on processing and ensuring the security of personal data, with this Policy and other local acts on the processing and ensuring the security of personal data and undertakes to comply with them.

8.4. Persons guilty of violating the requirements of the legislation of the Russian Federation in the field of personal data bear disciplinary, material, civil, administrative or criminal liability.

9. Final Provisions

9.1. The current version of the Policy on paper is stored with the manager of the organization

9.2. The electronic version of the current version of the Policy is publicly available on the Organization`s website on the Internet https://leotrado.com/agreements

9.3. When making changes, the heading of the Policy indicates the date of approval of the current version of the Policy.

9.4. The policy is updated and reapproved on a regular basis as legislation changes.

9.5. The policy may be updated and reapproved earlier than the deadline specified in clause 9.4 of this Policy, as changes are made to regulatory legal acts in the field of personal data or to local acts governing the organization of processing and ensuring the security of personal data.