Policy on protection and processing of personal data
2.1 Personal data - any information relating to a directly or indirectly identified or identifiable individual (personal data subject).
2.2 Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3 Automated processing of personal data means processing of personal data by means of computer equipment.
2.4 Personal data information system (PDIS) - a set of personal data contained in databases of personal data and information technology and technical means ensuring its processing.
2.5 Personal data made publicly available by a subject of personal data - personal data, access to which is provided to the general public by the subject of personal data or at his request.
2.6 Blocking of personal data - temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.7 Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which tangible carriers of personal data are destroyed.
2.8 Operator - an organization, independently or together with other persons, organizing the processing of personal data, as well as determining the purposes of processing of personal data subject to processing, actions (operations) performed with personal data. The operator is Web Focus LLC located at the address: 7, bld. 1, Vertoletchikov St., office 66, Moscow, 111674.
2.2 Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3 Automated processing of personal data means processing of personal data by means of computer equipment.
2.4 Personal data information system (PDIS) - a set of personal data contained in databases of personal data and information technology and technical means ensuring its processing.
2.5 Personal data made publicly available by a subject of personal data - personal data, access to which is provided to the general public by the subject of personal data or at his request.
2.6 Blocking of personal data - temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.7 Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which tangible carriers of personal data are destroyed.
2.8 Operator - an organization, independently or together with other persons, organizing the processing of personal data, as well as determining the purposes of processing of personal data subject to processing, actions (operations) performed with personal data. The operator is Web Focus LLC located at the address: 7, bld. 1, Vertoletchikov St., office 66, Moscow, 111674.
2. Terms and accepted abbreviations
3.1 Obtaining personal data
3.1.1 All personal data must be obtained from the subject himself/herself. If the subject's personal data can only be obtained from a third party, the subject must be notified or their
consent.
3.1.2 The operator must inform the subject of the purpose, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid and the procedure for withdrawing it, and the consequences of the subject's refusal to give written consent to obtain it.
3.1.3 Documents containing personal data are created by:
- copying original documents (passport, education document, INN certificate, pension certificate, etc.)
- Making information in accounting forms;
- obtaining originals of necessary documents (work record book, medical report, characteristic, etc.).
3.2 Processing of personal data
3.2.1 Processing of personal data is carried out:
- With the consent of the subject of personal data for processing of his/her personal data;
- In cases where the processing of personal data is necessary for implementation and execution of functions imposed by the legislation of the Russian Federation,
powers and duties imposed by the legislation of the Russian Federation;
- In cases where the processing of personal data, access to which is provided to the general public by the subject of personal data or at his request (hereinafter - personal data, made public by the subject of personal data).
3.2.2 Purposes of personal data processing:
- carrying out labor relations;
- Fulfillment of civil legal relations;
- for communication with the user, in connection with filling the feedback form on the website, including sending notifications, requests and information regarding the use of the Web Focus LLC website, processing, approval of orders for services / works, execution of agreements and contracts;
- depersonalization of personal data for obtaining depersonalized statistical data, which are transferred to a third party to conduct research, perform work or provide services on behalf of the Company.
3.2.3 Categories of personal data subjects.
Personal data of the following subjects of personal data are processed:
- Individuals who are in an employment relationship with the Company;
- Individuals, who left the Company;
- Individuals, who are candidates for employment;
- Individuals, who have civil relations with the Company; Individuals, who are candidates for a job; Individuals, who have been
civil law relations with the Company;
- Individuals, who are the Users of the Company's Website. 3.2.4.
3.2.4 Personal data processed by the Operator:
- data obtained in the implementation of labor relations;
- Data received for the implementation of the selection of candidates for employment;
- Data received in the course of civil law relations;
- Data received from the users of the Company's website.
3.2.5 Processing of personal data is carried out:
- With the use of means of automation;
- Without use of automated means.
3.3 Storage of personal data
3.3.1 Personal data of subjects may be received, further processed and transmitted for storage in both paper and electronic form.
3.3.2 Personal data recorded on paper is stored in locked cabinets or in locked rooms with restricted access rights.
3.3.3 Personal data of subjects, processed by means of automation for different purposes, shall be stored in different folders.
3.3.4 It shall not be permitted to store and place documents containing personal data in open electronic catalogs (file exchanges) in the ISPD.
3.3.5 Retention of personal data in a form enabling identification of personal data subject shall not be longer than required by the purposes of its processing, and shall be destroyed upon achievement of processing purposes or in case of loss of necessity in their achievement.
3.4 Destruction of personal data
3.4.1 Destruction of documents (media) containing personal data shall be performed by incineration, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.
3.4.2 Personal data on electronic media shall be destroyed by erasing or formatting the media.
3.4.3 The fact of destruction of personal data shall be documented by a media destruction report.
3.5 Transfer of personal data
3.5.1 The operator shall transfer personal data to third parties in the following cases
- the subject has expressed his or her consent to such action;
- The transfer is stipulated by Russian or other applicable law in the framework of the procedure established by law.
3.5.2 List of persons to whom personal data is transferred.
- Pension Fund of the Russian Federation for accounting (on legal grounds);
- Tax authorities of the Russian Federation (on legal grounds);
- The Social Insurance Fund of the Russian Federation (on the lawful grounds);
- Territorial Fund for Obligatory Medical Insurance (on legal grounds);
- medical insurance organizations for compulsory and voluntary medical insurance (on legal grounds);
- banks for the accrual of wages (on the basis of a contract);
- bodies of the Ministry of Internal Affairs of Russia in cases prescribed by law.
3.1.1 All personal data must be obtained from the subject himself/herself. If the subject's personal data can only be obtained from a third party, the subject must be notified or their
consent.
3.1.2 The operator must inform the subject of the purpose, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid and the procedure for withdrawing it, and the consequences of the subject's refusal to give written consent to obtain it.
3.1.3 Documents containing personal data are created by:
- copying original documents (passport, education document, INN certificate, pension certificate, etc.)
- Making information in accounting forms;
- obtaining originals of necessary documents (work record book, medical report, characteristic, etc.).
3.2 Processing of personal data
3.2.1 Processing of personal data is carried out:
- With the consent of the subject of personal data for processing of his/her personal data;
- In cases where the processing of personal data is necessary for implementation and execution of functions imposed by the legislation of the Russian Federation,
powers and duties imposed by the legislation of the Russian Federation;
- In cases where the processing of personal data, access to which is provided to the general public by the subject of personal data or at his request (hereinafter - personal data, made public by the subject of personal data).
3.2.2 Purposes of personal data processing:
- carrying out labor relations;
- Fulfillment of civil legal relations;
- for communication with the user, in connection with filling the feedback form on the website, including sending notifications, requests and information regarding the use of the Web Focus LLC website, processing, approval of orders for services / works, execution of agreements and contracts;
- depersonalization of personal data for obtaining depersonalized statistical data, which are transferred to a third party to conduct research, perform work or provide services on behalf of the Company.
3.2.3 Categories of personal data subjects.
Personal data of the following subjects of personal data are processed:
- Individuals who are in an employment relationship with the Company;
- Individuals, who left the Company;
- Individuals, who are candidates for employment;
- Individuals, who have civil relations with the Company; Individuals, who are candidates for a job; Individuals, who have been
civil law relations with the Company;
- Individuals, who are the Users of the Company's Website. 3.2.4.
3.2.4 Personal data processed by the Operator:
- data obtained in the implementation of labor relations;
- Data received for the implementation of the selection of candidates for employment;
- Data received in the course of civil law relations;
- Data received from the users of the Company's website.
3.2.5 Processing of personal data is carried out:
- With the use of means of automation;
- Without use of automated means.
3.3 Storage of personal data
3.3.1 Personal data of subjects may be received, further processed and transmitted for storage in both paper and electronic form.
3.3.2 Personal data recorded on paper is stored in locked cabinets or in locked rooms with restricted access rights.
3.3.3 Personal data of subjects, processed by means of automation for different purposes, shall be stored in different folders.
3.3.4 It shall not be permitted to store and place documents containing personal data in open electronic catalogs (file exchanges) in the ISPD.
3.3.5 Retention of personal data in a form enabling identification of personal data subject shall not be longer than required by the purposes of its processing, and shall be destroyed upon achievement of processing purposes or in case of loss of necessity in their achievement.
3.4 Destruction of personal data
3.4.1 Destruction of documents (media) containing personal data shall be performed by incineration, crushing (shredding), chemical decomposition, transformation into a shapeless mass or powder. A shredder may be used to destroy paper documents.
3.4.2 Personal data on electronic media shall be destroyed by erasing or formatting the media.
3.4.3 The fact of destruction of personal data shall be documented by a media destruction report.
3.5 Transfer of personal data
3.5.1 The operator shall transfer personal data to third parties in the following cases
- the subject has expressed his or her consent to such action;
- The transfer is stipulated by Russian or other applicable law in the framework of the procedure established by law.
3.5.2 List of persons to whom personal data is transferred.
- Pension Fund of the Russian Federation for accounting (on legal grounds);
- Tax authorities of the Russian Federation (on legal grounds);
- The Social Insurance Fund of the Russian Federation (on the lawful grounds);
- Territorial Fund for Obligatory Medical Insurance (on legal grounds);
- medical insurance organizations for compulsory and voluntary medical insurance (on legal grounds);
- banks for the accrual of wages (on the basis of a contract);
- bodies of the Ministry of Internal Affairs of Russia in cases prescribed by law.
3 Processing of personal data
4.1 In accordance with the requirements of regulatory documents, the Operator created a personal data protection system (PDPS), which consists of legal, organizational and technical protection subsystems.
4.2 The legal protection subsystem is a set of legal, organizational and regulatory documents which ensure creation, functioning and improvement of SPPA.
4.3 The organizational protection subsystem includes organization of the SPPA management structure, permit system, information protection when working with employees, partners and third parties.
Technical protection subsystem includes a set of technical, software, hardware and software tools ensuring protection of personal data. 4.5.
4.5 The main personal data protection measures used by the Operator are:
4.5.1 Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instruction, internal control over the observance of personal data protection requirements by the institution and its employees.
4.5.2 Identification of current threats to security of personal data in processing of personal data in the ISPD and development of measures and measures for protection of personal data.
4.5.3 Development of policy regarding processing of personal data.
4.5.4 Establishing rules for access to personal data processed in the ISPD, and ensuring registration and accounting of all actions performed with personal data in the ISPD.
4.5.5 Establishment of individual passwords for employees' access to the information system in accordance with their job duties.
4.5.6. Use of information protection tools that have passed the conformity assessment procedure in accordance with the established procedure.
4.5.7. Certified antivirus software with regularly updated databases.
4.5.8. Observance of conditions ensuring safety of personal data and excluding unauthorized access to it.
4.5.9 Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Restoration of personal data modified or destroyed as a result of unauthorized access to it.
4.5.11. Training of Operator's employees, directly engaged in processing of personal data, on provisions of Russian Federation legislation on personal data, including requirements to protection of personal data, documents defining Operator's policy on processing of personal data, local acts on processing of personal data.
4.5.12. Implementation of internal control and audit.
4.2 The legal protection subsystem is a set of legal, organizational and regulatory documents which ensure creation, functioning and improvement of SPPA.
4.3 The organizational protection subsystem includes organization of the SPPA management structure, permit system, information protection when working with employees, partners and third parties.
Technical protection subsystem includes a set of technical, software, hardware and software tools ensuring protection of personal data. 4.5.
4.5 The main personal data protection measures used by the Operator are:
4.5.1 Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instruction, internal control over the observance of personal data protection requirements by the institution and its employees.
4.5.2 Identification of current threats to security of personal data in processing of personal data in the ISPD and development of measures and measures for protection of personal data.
4.5.3 Development of policy regarding processing of personal data.
4.5.4 Establishing rules for access to personal data processed in the ISPD, and ensuring registration and accounting of all actions performed with personal data in the ISPD.
4.5.5 Establishment of individual passwords for employees' access to the information system in accordance with their job duties.
4.5.6. Use of information protection tools that have passed the conformity assessment procedure in accordance with the established procedure.
4.5.7. Certified antivirus software with regularly updated databases.
4.5.8. Observance of conditions ensuring safety of personal data and excluding unauthorized access to it.
4.5.9 Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Restoration of personal data modified or destroyed as a result of unauthorized access to it.
4.5.11. Training of Operator's employees, directly engaged in processing of personal data, on provisions of Russian Federation legislation on personal data, including requirements to protection of personal data, documents defining Operator's policy on processing of personal data, local acts on processing of personal data.
4.5.12. Implementation of internal control and audit.
4. Protection of personal data
5.1 Basic rights of the subject of personal data The subject has the right of access to his personal data and the following information:
- confirmation of the fact of personal data processing by the Operator;
- The legal basis and purpose of personal data processing;
- the objectives and methods of personal data processing used by the operator;
- Name and location of the Operator, information about persons (except for the Operator's employees), who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- terms of processing of personal data, including terms of their storage;
- The procedure for exercising the personal data subject's rights under the Federal Law;
- The name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such person;
- Appealing to the Operator and submitting requests to it;
- Appealing against the actions or omissions of the Operator.
5.2 Duties of the Operator
The operator shall:
- When collecting personal data, provide information about the processing of personal data;
- In cases where personal data was not received from the subject of personal data, notify the subject;
- In case of refusal to provide personal data, explain to the subject the consequences of such refusal;
- Publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, information about the implemented requirements to the protection of personal data;
- Take necessary legal, organizational and technical measures, or to ensure their adoption to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other unlawful acts in relation to personal data
- Provide answers to inquiries and requests of subjects of personal data, their representatives and the authorized body for the protection of the rights of subjects of personal data.
- confirmation of the fact of personal data processing by the Operator;
- The legal basis and purpose of personal data processing;
- the objectives and methods of personal data processing used by the operator;
- Name and location of the Operator, information about persons (except for the Operator's employees), who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- terms of processing of personal data, including terms of their storage;
- The procedure for exercising the personal data subject's rights under the Federal Law;
- The name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be assigned to such person;
- Appealing to the Operator and submitting requests to it;
- Appealing against the actions or omissions of the Operator.
5.2 Duties of the Operator
The operator shall:
- When collecting personal data, provide information about the processing of personal data;
- In cases where personal data was not received from the subject of personal data, notify the subject;
- In case of refusal to provide personal data, explain to the subject the consequences of such refusal;
- Publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, information about the implemented requirements to the protection of personal data;
- Take necessary legal, organizational and technical measures, or to ensure their adoption to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other unlawful acts in relation to personal data
- Provide answers to inquiries and requests of subjects of personal data, their representatives and the authorized body for the protection of the rights of subjects of personal data.
5. Basic rights of the subject of personal data and responsibilities of the Operator
1.1 This Personal Data Processing Policy (hereinafter - the Policy) is drawn up in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ of July 27, 2006, as well as other Russian Federation regulations in the field of protection and processing of personal data and applies to all personal data (hereinafter - the data) which the Organization (hereinafter - the operator, the Company) may receive from the subject of personal data, which is a party to a civil law contract, from an Internet user (hereinafter - the User) while using any of Web Focus LLC websites, services, services, programs, products or services, as well as from a subject of personal data consisting in relations with the Operator regulated by labor legislation (hereinafter - the Employee).
1.2 The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law of July 27, 2006 № 152-FZ "On Personal Data".
1.3 The Operator has the right to make changes to this Policy. When changes are made, the date of the last update of the Policy shall be specified in the title of the Policy. The new version of the Policy becomes effective as soon as it is posted on the website, unless otherwise stipulated by the new version of the Policy.
1.2 The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law of July 27, 2006 № 152-FZ "On Personal Data".
1.3 The Operator has the right to make changes to this Policy. When changes are made, the date of the last update of the Policy shall be specified in the title of the Policy. The new version of the Policy becomes effective as soon as it is posted on the website, unless otherwise stipulated by the new version of the Policy.
1.General Provisions
We use cookies to provide the best site experience.
Ok, don't show again
