Personal Data Processing Policy
- General provisions
- This Personal Data Processing Policy (hereinafter referred to as the Policy) has been drawn up in accordance with paragraph 2 of part 1 of article 18.1 of the Federal Law "On Personal Data" No. 152-FZ dated 27.07.2006 (hereinafter referred to as the Personal Data Law) and applies to all personal data that OOO "IMOTECH", hereinafter referred to as the Operator, may receive from personal data subjects who are a party to a civil law contract, from users of the imotech.ru website (hereinafter referred to as the Website), from registered users of the Website.
- The Operator ensures the protection of processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Personal Data Law.
- The Operator has the right to make changes to this Policy. When making changes, the date of the last update of the version is indicated in the heading of the Policy. The new version of the Policy shall enter into force from the moment it is posted on the website,unless otherwise provided by the new version of the Policy.
- Terms and accepted abbreviations
Personal data (PD) – any information related to a directly or indirectly identified or determinable natural person (subject of personal data).
Processing of personal data – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Personal data information system (PDIS) – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.
Personal data made publicly available by the subject of personal data – personal data, access to which is provided to an unlimited number of persons by the subject of personal data or at his request.
Blocking of personal data is a temporary cessation of processing of personal data (except for cases when processing is necessary to clarify personal data).
Destruction of personal data is an action as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible media of personal data are destroyed.
Operator is an organization that independently or jointly with other persons organizes the processing of personal data, and also determines the purposes of processing of personal data subject to processing, actions (operations) performed with personal data. Within the framework of this Policy, the Operator is Imotech LLC Website – https://imotech.ru/
- Processing personal data
- Obtaining PD.
- All PD should be obtained from the subject. If the subject's PD can only be obtained from a third party, the subject must be notified of this or consent must be obtained from him.
- The operator must inform the subject of the purposes, intended sources and methods of obtaining PD, the nature of the PD to be obtained, the list of actions with PD, the period during which consent is valid and the procedure for its revocation, as well as the consequences of the subject's refusal to give written consent to receive them.
- Documents containing PD are created by:
- copying original documents (passport, education document, TIN certificate, pension certificate, etc.);
- entering information into accounting forms;
- obtaining originals of the necessary documents (work record book, medical report, characteristics, etc.).
- Processing PD.
- Personal data shall be processed:
- with the consent of the personal data subject to the processing of his/her personal data;
- in cases where the processing of personal data is necessary for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation;
- in cases where personal data is processed, access to which is provided to an unlimited number of persons by the personal data subject or at his/her request.
- Purposes of personal data processing
- implementation of civil law relations;
- maintenance of the client base;
- informing about new products, special promotions and offers;
- conclusion, execution and termination of civil law contracts with individuals, legal entities, sole proprietors and other persons;
- organization of training events (webinars, conferences, trainings and other events);
- analysis of an individual's actions on the website and the functioning of the website;
- conducting advertising and newsletters.
- Categories of personal data subjects.
Обрабатываются ПД следующих субъектов ПД:- The following PD subjects are processed:
- individuals who are in civil law relations with the Operator;
- registered users of the Website;
- users of the Operator's Website.
- PD processed by the Operator:
- data obtained upon conclusion of the agreement;
- data obtained when submitting applications for participation in events organized by the Operator;
- data obtained during the execution of agreements;
- data obtained during registration on the website (name, surname, patronymic, telephone number, email);
- information received in connection with participation in advertising and marketing campaigns;
- information about visiting the website (IP address, browser information, duration of stay on the website, address of the website from which the transition was made, requests on the website).
- Personal data is processed:
- using automation tools;
- without the use of automation tools.
- Personal data shall be processed:
-
Storage of PD.
- Personal data of subjects may be received, further processed and transferred for storage both on paper and in electronic form.
- Personal data recorded on paper are stored in locked cabinets or in locked rooms with limited access rights.
- Personal data of subjects processed using automation tools for different purposes are stored in different folders.
- Storage and placement of documents containing personal data in open electronic catalogues (file sharing services) in the ISPD is not permitted.
- Storage periods for personal data:
Personal data are stored for no longer than is necessary to achieve the purposes for which they were collected, but not more than three years from the date of the last interaction of the personal data subject with the Operator. Upon expiration of the specified period, personal data are destroyed or depersonalized. - Location of personal data:
Personal data is processed and stored on the territory of the Russian Federation, on servers located in Yandex Cloud data centers at the following addresses:
Vladimir Region — Vladimir, Energetik microdistrict, Poiskovaya str. 1, bldg. 2;
Ryazan Region — Sasovo, Pushkin str. 21;
Kaluga Region — Kaluga, 1st Avtomobilny pr-d 8;
Moscow Region — Mytishchi, Silikatnaya str. 19.
The Operator does not carry out cross-border transfer of personal data.
- Obtaining PD.
- When transferring PD, the Operator must comply with the following requirements:
- Not disclose the subject's PD to a third party without the subject's written consent, except in cases where this is necessary to prevent a threat to the subject's life and health, as well as in cases established by federal law.
- Warn persons who have received the subject's PD that this data may only be used for the purposes for which it was communicated, and require these persons to confirm that this rule has been observed. Persons who have received the subject's PD are required to maintain confidentiality. This Regulation does not apply to the exchange of subjects' PD in the manner established by federal laws.
- Transfer subjects' PD within the Organization in accordance with this Regulation.
- Allow access to the personal data of subjects only to specially authorized persons, and the said persons must have the right to receive only those personal data of subjects that are necessary to perform a specific function.
- Do not request information about the health status of subjects, with the exception of the information that relates to the issue of the employee's ability to perform a work function.
- Transfer the personal data of subjects to their legal representatives in the manner established by the Federal Law "On Personal Data", and limit this information only to those personal data of subjects that are necessary for the said representatives to perform their function.
- The operator does not carry out cross-border transfer of personal data of personal data subjects.
- The following persons have the right to access the personal data of subjects:
- the person responsible for organizing the processing of personal data;
- the subject of personal data.
- The subject of personal data has the right:
- To receive information concerning the processing of his/her personal data, except for cases stipulated by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and it must not contain personal data related to other subjects of personal data, except for cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
- To demand that the Operator clarify his personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also to take measures provided by law to protect his rights.
- To demand the provision of information about the personal data transferred by the Operator to third parties on the basis of a written request.
- To appeal to the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) or in court against the illegal actions or inactions of the Operator in the processing and protection of his PD.
- The subject of personal data has the right to revoke his consent to the processing of personal data at any time by sending a written notice to the Operator by e-mail info@imotech.ru
The Operator is obliged to stop processing the subject's personal data within 10 (ten) business days after receiving the said notice.
- It is prohibited to transfer information about the health status of personal data subjects, except in cases stipulated by Russian legislation.
- The threat or danger of loss of PD is understood as a single or complex, real or potential, active or passive manifestation of malicious capabilities of external or internal sources of threat to create adverse events, have a destabilizing effect on the protected information.
- The risk of a threat to any information resources is created by natural disasters, extreme situations, terrorist acts, accidents of technical equipment and communication lines, other objective circumstances, as well as persons interested and disinterested in the emergence of a threat.
- Protection of PD is the prevention of a violation of the availability, integrity, reliability and confidentiality of personal data and ensuring the security of information in the course of the Organization's activities.
- Protection of PD of subjects from their unauthorized use or loss is ensured by the Operator at its expense in the manner established by federal law.
- To ensure internal protection of PD of subjects, the Operator:
organizes the procedure for the destruction of information. - The protection of information stored in the Operator's electronic databases from unauthorized access, distortion and destruction of information, as well as from other illegal actions, is ensured by delimiting access rights using an account and a password system.
- To ensure external protection of the personal data of subjects, the Operator:
- ensures the procedure for receiving, recording and monitoring the activities of visitors;
- organizes an access control system;
- ensures the security of the territory, buildings, premises;
- ensures the protection of information during interactive interaction with the information system on the Internet.
- The Operator applies the following measures to protect personal data:
- Using a secure HTTPS connection on the Site;
- Using antivirus and specialized security software;
- Restricting access to personal data using passwords and two-factor authentication;
- Regular monitoring of the security of the ISPD;
- Regular backup of personal data.
- In the event of a personal data leak, the Operator is obliged to notify the authorized body (Roskomnadzor) within 24 hours and also take the necessary measures to minimize the consequences of the incident.
- This document is an internal document of the Operator, publicly available and subject to posting on the official website of the Operator.
- This Policy is subject to change, supplementation in the event of the emergence of new legislative acts and special regulatory documents on the processing and protection of personal data, but not less than once every three years.
- Control over compliance with the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data.
- The liability of officials with access to personal data for failure to comply with the requirements of the rules governing the processing and protection of PD is determined in accordance with the legislation of the Russian Federation.
- The person responsible for organizing the processing of personal data is obliged to:
- Organize the process of timely response to requests from personal data subjects;
- Organize regular monitoring of compliance with the requirements of legislation in the field of personal data;
- Ensure timely training and consulting on personal data protection issues.
- Personal data operator
Company: OOO «IMOTECH»
Адрес: 194100, Saint Petersburg, Kantemirovskaya st., bld. 39 A, room 39-n, office 320a
E-mail: info@imotech.ru - Responsible for organizing the processing of personal data
Company: OOO «IMOTECH»
Адрес: 194100, Saint Petersburg, Kantemirovskaya st., bld. 39 A, room 39-n, office 320a
E-mail: info@imotech.ru