Working hours: 9 am - 6 pm (GMT+3) +7 (8182) 42-19-20
Arrange a call back
Ru En

PERSONAL DATA PROTECTION AND PROCESSING POLICY OF TRANSSTROY

1 General Provisions

1.1 This policy regarding processing of personal data (hereinafter – the Policy) is drawn up in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006, as well as other statutory acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter – the data), which the Organization (hereinafter - the Operator, the Company) can obtain from the subject of personal data, which is a party to a civil law contract, from an Internet user (hereinafter - the User) during his/her use of any of OOO TransStroy websites, services, programs, products or services, as well as from a subject of personal data, which is in relations with the Operator regulated by the labor legislation (hereinafter – the Employee).

1.2 The Operator shall ensure protection of the processed personal data against unauthorized access and disclosure, unauthorized use or loss in accordance with the requirements of the Federal Law of July 27, 2006 #152-FZ On Personal Data

1.3 The Operator shall have the right to amend this Policy. When changes are made, the header of this Policy specifies the date of the last update of the revision. A new version of this Policy shall take effect upon posting on the website, unless otherwise stipulated in the new version of this Policy.

2 Terms and accepted abbreviations

Personal Data – any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
Processing of personal data - any action (operation) or set of actions (operations), performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Information system of personal data (ISPD) – a set of personal data contained in databases of personal data and providing information technology and technical means for their processing.
Personal data made publicly available by the subject of personal data – personal data, access to which by the subject of personal data or at his request, is provided to the general public.
Blocking of personal data – temporary suspension of processing of personal data (except in cases where the processing is necessary to clarify the personal data). Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material media of personal data is destroyed.
Operator is an organization that independently or together with other persons organizes processing of personal data, as well as determines the purposes of processing of personal data to be processed, actions (operations) performed with personal data. The operator is OOO TransStroy, located at: 163000, Russian Federation, Arkhangelsk, 15 Karl Marx st., office 204.

3 Processing of personal data

3.1 Collecting personal data.

3.1.1 All personal data shall be obtained from the subject himself/herself. If the subject's personal data can only be obtained from a third party, the subject must be notified or their consent must be obtained.

3.1.2 The operator shall inform the data subject of the purpose, intended sources and means of obtaining the personal data, the nature of the personal data to be obtained, the list of actions with the personal data, the period during which the consent is valid and the procedure for withdrawing it, and the consequences of the subject's refusal to give written consent to obtain it.

3.1.3 Documents containing personal data shall be created by
- copying original documents (passport, education document, TIN certificate, pension certificate, etc.)
- entering information in accounting forms;
- obtaining original copies of necessary documents (work record book, medical certificate, description, etc.).

3.2 Processing of personal data.

3.2.1 Processing of personal data shall be carried out:
- With the consent of the personal data subject for processing of his/her personal data;
- In cases where processing of personal data is necessary for implementation and execution of functions, powers and duties imposed by the legislation of the Russian Federation;
- In cases, when processing of personal data, access to which is provided to an unlimited range of persons by the personal data subject or at his request (hereinafter - personal data, made public by the subject of personal data).

3.2.2 Purposes of personal data processing:
- carrying out the employment relationship;
- fulfillment of civil legal relations;
- for communication with the user, in connection with the completion of the feedback form on the website, including sending notices, requests and information relating to the use of the shop's website, processing, coordination of orders and their delivery, performance of agreements and contracts;
- depersonalization of personal data in order to obtain depersonalized statistical data that is transferred to a third party for the purpose of conducting research, performing work or providing services on behalf of the shop.

3.2.3 Categories of personal data subjects.
The personal data of the following personal data subjects are processed:
- Individuals who are in an employment relationship with the Company;
- Individuals who have left the Company;
- Individuals who are candidates for employment;
- Individuals who have civil relations with the Company;
- Individuals who are users of the Company's web-site.

3.2.4 Personal data processed by the Operator:
- Data obtained in the performance of labor relations;
- Data obtained for the performance of the selection of job applicants;
- Data received in the course of civil-law proceedings;
- Data obtained from the users of the Company's website.

3.2.5 Processing of personal data is carried out:
- With the use of automated means;
- Without use of automated means.

3.3 Retention of personal data.

3.3.1 Personal data on subjects can be obtained, further processed and transmitted for storage in both paper and electronic form.

3.3.2 Paper-based personal data is stored in locked cabinets or locked rooms with restricted access rights.

3.3.3 Personal data of subjects processed using automation for different purposes shall be stored in different folders.

3.3.4 It shall not be permitted to store or place documents containing personal data in open electronic directories (file exchanges) in the ISPD.

3.3.5 Personal data shall not be stored in a form enabling identification of the personal data subject for longer than the purposes of its processing and shall be destroyed upon attainment of the purposes of processing or in the event of loss of the need to attain such purposes.

3.4 Destruction of personal data.

3.4.1 Destruction of documents (media) containing personal data shall be performed by incineration, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.

3.4.2 Personal data on electronic media shall be destroyed by erasing or formatting the media.

3.4.3 The fact of destruction of personal data shall be confirmed by a documented statement on destruction of media.

3.5 Transfer of personal data.

3.5.1 The Operator shall transfer personal data to third parties in the following cases:
- The data subject has expressed his or her consent to such action;
- The transfer is provided for by Russian or other applicable law within the framework of the procedure prescribed by law.

3.5.2 List of persons to whom personal data is transferred.
- Pension Fund of the Russian Federation for registration (on legal grounds);
- The tax authorities of the Russian Federation (on legal grounds);
- The Social Insurance Fund of the Russian Federation (on the lawful basis);
- Territorial Fund for Obligatory Medical Insurance (on legal grounds);
- Compulsory and voluntary medical insurance organizations (for legitimate reasons);
- Banks for wage payments (on the basis of an agreement);
- Bodies of the Ministry of Internal Affairs of Russia in cases prescribed by the law;
- Impersonal personal data of the Company's Site users shall be transferred to the Company's counterparties.

4. Protection of personal data

4.1 In accordance with the requirements of regulatory documents Operator has created a system of protection of personal data (SPPD), which consists of subsystems of legal, organizational and technical protection.

4.2 The subsystem of legal protection is a set of legal, organizational and regulatory documents, ensuring creation, functioning and improvement of SPPD.

4.3 Organizational protection subsystem includes organization of SPPM management structure, authorization system, protection of information when working with employees, partners and third parties.

4.4 The technical protection subsystem includes a set of technical, software, hardware and software tools ensuring protection of personal data.

4.4 The main personal data protection measures used by the Operator are:

4.5.1 Appointment of a person responsible for personal data processing, who shall organize personal data processing, training and briefing, internal control over observance of personal data protection requirements by the institution and its employees.

4.5.2 Identification of actual threats to security of personal data in processing of personal data in the ISPD and development of measures and measures for protection of personal data.

4.5.3. Development of policy regarding processing of personal data.

4.5.4. Establish rules of access to personal data processed in ISPD, as well as ensure registration and recording of all actions performed with personal data in ISPD.

4.5.5 Establish individual passwords for employees' access to the information system in accordance with their job duties.

4.5.6. Use of duly passed procedure of conformity assessment of information protection means.

4.5.7. Certified anti-virus software with regularly updated databases.

4.5.8. Compliance with conditions ensuring security of personal data and precluding unauthorized access to it.

4.5.9. Detection of facts of unauthorized access to personal data and taking measures.

4.5.10. Restoration of personal data, modified or destroyed as a result of unauthorized access to it.

4.5.11. Training of the Operator's employees, directly engaged in processing of personal data, on provisions of personal data legislation of the Russian Federation, including requirements to protection of personal data, documents defining the Operator's policy in relation to processing of personal data, local acts on processing of personal data.

4.5.12. Implementation of internal control and audit.

5. Basic rights of the subject of personal data and obligations of the Operator

5.1 Basic rights of the subject of personal data.
The data subject has the right to access his/her personal data and the following
- Confirmation of the fact of processing of personal data by the Operator;
- The legal basis and purposes for processing personal data;
- The purposes and methods of personal data processing used by the operator;
- name and location of the operator, information on persons (other than the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of federal law;
- Terms of processing of personal data, including terms of their storage;
- The procedure for exercising the personal data subject's rights under the Federal Law;
- The name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
- Addressing and making enquiries to the Operator;
- appealing against acts or omissions of the Operator.

5.2 Obligations of the Operator.
The Operator shall:
- When collecting personal data, provide information about the processing of personal data;
- In cases where personal data has not been received from the personal data subject, notify the subject;
- In case of refusal to provide personal data, explain to the data subject the consequences of such refusal;
- Publish or otherwise provide unrestricted access to the document defining its policy on personal data processing, to information about the implemented personal data protection requirements
- Take necessary legal, organizational and technical measures or ensure their adoption for protection of personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data
- Provide answers to enquiries and requests of subjects of personal data, their representatives and the authorized body on protection of rights of subjects of personal data.

Thank you! Your request has been sent!