Personal data processing policy

ИП КФХ Ибраева М.Е.

1. General provisions

1. This Policy regarding the processing of personal data (hereinafter - the Policy) compiled in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-ФЗ dated July 27, 2006, as well as other regulatory legal acts Of the Russian Federation in the field of protection and processing of personal data and operates in relation to all personal data (hereinafter referred to as data) that ИП КФХ Ибраева М.Е. (hereinafter referred to as the Operator) may receive from the subject of personal data, being a party to a civil law contract from a network user The Internet (hereinafter referred to as the User) while using any of the sites, services, services, programs, products or services of the Operator, as well as from the subject of personal data who is in a relationship with the Operator, regulated by labor legislation (hereinafter referred to as the Employee).
2. The operator ensures the protection of the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data".
3. The operator has the right to make changes to this Policy. When making changes the heading of the Policy indicates the date of the last revision of the edition. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new edition of the Policy.

2. Terms and accepted abbreviations

Personal data

any information related to directly or indirectly defined or determinable an individual (subject of personal data).

Personal data processing

any action (operation) or a set of actions (operations) performed with or without automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Automated processing of personal data

processing of personal data using computer technology.

Personal Data Information System (ISPD)

the set of personal data contained in databases and providing their processing of information technology and technical means.

Personal data made publicly available by the subject of personal data

personal data, access to an unlimited number of persons to which is provided the subject of personal data or at his request.

Blocking personal data

temporary termination of the processing of personal data (except in cases where if processing is necessary to clarify personal data).

Personal data destruction

actions that make it impossible to restore the content personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

Operator

an organization that independently or jointly with other persons organizes processing of personal data, as well as determining the purpose of processing personal data to be processed, actions (operations) performed with personal data. Operator is ИП КФХ Ибраева М.Е. (INN 665816629453 , legal address ул. Молодежная, д. 2, Республика Татарстан (Татарстан), р-н Агрызский, село Пелемеш, индекс 422219) ).

3. Personal data processing

1. Receiving personal data.
   • All personal data should be obtained from the subject himself. If personal the subject's data can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him.
   • The operator must inform the subject of the purposes, the alleged sources and methods of obtaining personal data, the nature of the subject to be obtained personal data, a list of actions with personal data, the term, during which the consent is valid, and the procedure for its withdrawal, and on the consequences of the subject's refusal to give written consent to receive them.
   • Documents containing personal data are created by:
     • copying of original documents (passport, educational document, TIN certificate, pension certificate, etc.);
     • entering information into accounting forms;
     • obtaining originals of the necessary documents (work record book, medical conclusion, characteristics, etc.).
2. Processing of personal data.
   • The processing of personal data is carried out:
     • with the consent of the subject of personal data to the processing of his personal data;
     • in cases where the processing of personal data is necessary to carry out and fulfillment of functions, powers and duties imposed by the legislation of the Russian Federation;
     • in cases where personal data are processed, access an unlimited number of persons to whom the subject of personal data or at his request (hereinafter - personal data made publicly available subject of personal data).
   • Purposes of processing personal data:
     • implementation of labor relations;
     • implementation of civil law relations;
     • to identify users (visitors) of the Operator's website, to contact the user, in connection with filling out the feedback form on the site, including sending notifications, requests and information, regarding the use of the Operator's website, the execution of agreements and contracts, processing requests and requests from the user, processing, order approval and their delivery;
     • anonymization of personal data to obtain anonymized statistical data that is transferred to a third party for research, performance of work or provision of services on behalf of the Operator.
   • Categories of personal data subjects.
     The personal data of the following personal data subjects are processed:
     • individuals who have an employment relationship with the Operator;
     • individuals who quit the Operator;
     • individuals who are job candidates;
     • individuals who are in civil law relations with the Operator;
     • individuals who are users of the Operator's website.
   • Personal data processed by the Operator:
     • data obtained during the implementation of labor relations;
     • data obtained for the selection of candidates for work;
     • data obtained in the implementation of civil law relations;
     • data received from users of the Operator's website.
   • The processing of personal data is carried out:
     • using automation tools;
     • without the use of automation tools.
3. Storage of personal data.
   • Personal data of subjects can be obtained, undergo further processing and transferred to storage both on paper and in electronic form.
   • Personal data recorded on paper are stored in lockable cabinets or in locked rooms with limited access rights.
   • Personal data of subjects processed using the means automation for different purposes, stored in different folders.
   • Storage and placement of documents containing personal data in open electronic catalogs (file sharing) in ISPD.
   • Storing personal data in a form that allows you to identify the subject personal data is carried out no longer than required by the purpose their processing, and they are subject to destruction upon achievement of the processing objectives or if there is no need to achieve them.
4. Destruction of personal data.
   • Destruction of documents (media) containing personal data, produced by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.
   • Personal data on electronic media is destroyed by erasing or formatting the media.
   • The fact of destruction of personal data is documented by an act on the destruction of media.
5. Transfer of personal data.
   • The operator transfers personal data to third parties in the following cases:
     • the subject has expressed his consent to such actions;
     • the transfer is provided for by Russian or other applicable law within the framework of the procedure established by law.
   • The list of persons to whom personal data is transferred:
     • Pension fund of the Russian Federation for accounting (legally);
     • tax authorities of the Russian Federation (legally);
     • Social Insurance Fund of the Russian Federation (legally);
     • territorial compulsory health insurance fund (legally);
     • insurance medical organizations for compulsory and voluntary health insurance (legally);
     • banks for payroll (on the basis of an agreement);
     • bodies of the Ministry of Internal Affairs of Russia in cases established by law;
     • anonymized personal data of the Operator's website Users are transferred to the Operator's counterparties.

4. Personal data protection

1. In accordance with the requirements of regulatory documents, the Operator has created a system protection of personal data (PDPD), consisting of subsystems of legal, organizational and technical protection.
2. The subsystem of legal protection is a complex of legal, organizational and administrative and normative documents providing for the creation, operation and improvement of the PDPD.
3. The organizational protection subsystem includes the organization of the management structure SZPD, authorization system, information protection when working with employees, partners and third parties.
4. The subsystem of technical protection includes a set of technical, software, software and hardware to ensure the protection of personal data.
5. The main measures for the protection of personal data used by the Operator are:
   • Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instructing, internal control over the compliance of the institution and its employees with the requirements for the protection of personal data.
   • Identification of actual threats to the security of personal data during their processing in the ISPD and the development of measures and measures for the protection of personal data.
   • Development of a policy regarding the processing of personal data.
   • Establishment of rules for access to personal data processed in ISPD, as well as ensuring registration and accounting of all actions performed with personal data in the ISPD.
   • Establishment of individual passwords for employees' access to the information system according to their production responsibilities.
   • Application of the conformity assessment procedure passed in accordance with the established procedure means of information protection.
   • Certified anti-virus software with regularly updated databases.
   • Compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them.
   • Detection of facts of unauthorized access to personal data and taking measures.
   • Recovery of personal data modified or destroyed due to unauthorized access to them.
   • Training of the Operator's employees directly involved in processing personal data, the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data.
   • Internal control and audit.

5. Basic rights of the subject of personal data and obligations of the Operator

1. Basic rights of the subject of personal data.
   The subject has the right to access his personal data and the following information:
   • confirmation of the fact of personal data processing by the Operator;
   • legal grounds and purposes of personal data processing;
   • the purposes and methods of processing personal data used by the Operator;
   • name and location of the Operator, information about persons (except Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
   • terms of processing personal data, including the terms of their storage;
   • the procedure for the exercise by the subject of personal data of the rights provided for Federal law;
   • name or surname, name, patronymic and address of the person carrying out processing of personal data on behalf of the Operator, if the processing entrusted or will be entrusted to such a person;
   • contacting the Operator and sending him requests;
   • appeal against the actions or inaction of the Operator.
2. Obligations of the Operator.
   The operator is obliged:
   • when collecting personal data, provide information on the processing of personal data;
   • in cases where personal data was not received from the subject of personal data, notify the subject;
   • in case of refusal to provide personal data to the subject, the consequences of such a refusal are explained;
   • publish or otherwise provide unrestricted access to the document, defining its policy regarding the processing of personal data, to information about the implemented requirements for the protection of personal data;
   • take the necessary legal, organizational and technical measures or ensure their acceptance to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, providing, distributing personal data, as well as from other illegal actions in relation to personal data;
   • to provide answers to requests and appeals of subjects of personal data, their representatives and the authorized body for the protection of the rights of subjects of personal data.