1. GENERAL PROVISIONS 1.1. This policy of IE Gomzyakov Mikhail Yuryevich regarding the processing of personal data (hereinafter – the Policy) is approved in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" and applies to all personal data that IE Gomzyakov Mikhail Yuryevich (hereinafter – the Operator) can receive from the subject of personal data. 1.2. The Policy applies to personal data received both before and after the approval of this Policy. 1.3. This Policy is a publicly available document that declares the conceptual basis of the Operator's activities in the processing and protection of personal data.
2. PERSONAL DATA PROCESSED BY THE OPERATOR 2.1. Within the framework of this Policy, personal data is understood as: 2.1.1. Personal data received by the Operator for the performance of the contract, to which the personal data subject is a party, or the beneficiary or guarantor. 2.1.2. Personal data received by the Operator in connection with the implementation of labor relations. 2.2. The terms and conditions of termination of processing and storage of personal data of the personal data subject are determined in accordance with the procedure established by the legislation of the Russian Federation.
3. THE PURPOSES OF COLLECTION, PROCESSING AND STORAGE AND THE LEGAL JUSTIFICATION FOR THE PROCESSING OF PERSONAL DATA 3.1. The Operator collects, processes and stores the personal data of the personal data subject for the purposes of: 3.1.1. Execution of the contract. At the same time, in accordance with paragraph 5 of Part 1 of Article 6 of the Federal Law "On Personal Data", the processing of personal data necessary for the execution of a contract to which the personal data subject is a party or a beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor, is carried out without the consent of the personal data subject. 3.1.2. Implementation of labor relations. 3.1.3. Implementation and execution of the functions, powers and duties assigned to the Operator by the legislation of the Russian Federation on the basis of and in accordance with Articles 23, 24 of the Constitution of the Russian Federation; the Federal Law "On Personal Data"; the Federal Law "On Information, Information Technologies and Information Protection" and other requirements of the legislation of the Russian Federation in the field of processing and protection of personal data.
4. CONDITIONS FOR THE PROCESSING OF PERSONAL DATA AND THEIR TRANSFER TO THIRD PARTIES 4.1. The Operator processes personal data using automation tools and without using automation tools. 4.2. The Operator has the right to transfer the personal data of the personal data subject to third parties in the following cases: 4.2.1. The subject of personal data has explicitly expressed his consent to such actions. 4.2.2. The transfer is provided for by the current legislation of the Russian Federation within the established procedure. 4.3. When processing personal data of a personal data subject, the Operator is guided by the Federal Law "On Personal Data", other requirements of the legislation of the Russian Federation in the field of processing and protection of personal data and this Policy.
5. RIGHTS OF THE PERSONAL DATA SUBJECT 5.1. The subject of personal data has the right to receive information concerning the processing of his personal data, including: 5.1.1. Confirmation of the fact of processing personal data by the Operator. 5.1.2. Legal grounds and purposes of personal data processing. 5.1.3. The methods of processing personal data used by the Operator. 5.1.4. The name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of a federal law. 5.1.5. Processed personal data related to the relevant personal data subject, the source of their receipt, unless another procedure for submitting such data is provided for by federal law. 5.1.6. Terms of processing of personal data, including the terms of their storage. 5.1.7. The procedure for the exercise by the personal data subject of the rights provided for by this Federal Law. 5.1.8. Information about the performed or proposed cross-border data transfer. 5.1.9. The name or surname, first name, patronymic and address of the person who processes personal data on behalf of the operator, if the processing is or will be entrusted to such a person. 5.2. Information concerning the processing of personal data of a personal data subject provided to a personal data subject must not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for the disclosure of such personal data. 5.3. In accordance with Clause 3 of Article 14 of the Federal Law "On Personal Data", information concerning the processing of personal data of a personal data subject may be provided to the personal data subject or his legal representative of the Operator when contacting or receiving a request from the personal data subject or his legal representative. 5.3.1. The request must contain the number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority, information confirming the participation of the personal data subject in contractual relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator, the signature of the personal data subject or his representative. 5.3.2. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation. 5.4. The personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his rights.
6. INFORMATION ABOUT THE IMPLEMENTED REQUIREMENTS FOR THE PROTECTION OF PERSONAL DATA 6.1. The most important condition for the implementation of the Operator's goals is to ensure the necessary and sufficient level of security of personal data information systems, confidentiality, integrity and availability of processed personal data and the safety of data carriers containing personal data at all stages of working with them. 6.2. The conditions created by the Operator and the mode of protection of information related to personal data allow ensuring the protection of the processed personal data. 6.3.In accordance with the current legislation of the Russian Federation, the Operator has developed and put into effect a set of organizational, administrative, functional and planning documents regulating and ensuring the security of the processed personal data. 6.4. A security regime for processing and handling personal data has been introduced, as well as a regime for protecting the premises in which personal data carriers are processed and stored. 6.5.A person responsible for organizing the processing of personal data, administrators of personal data information systems and an administrator of the security of personal data information systems have been appointed, they have defined responsibilities and developed instructions for ensuring the security of information. 6.6. The circle of persons entitled to process personal data has been determined, instructions have been developed for users to work with personal data, anti-virus protection, and actions in crisis situations. 6.7. The requirements for personnel, the degree of responsibility of employees for ensuring the security of personal data are defined. 6.8. Employees engaged in the processing of personal data were familiarized with the provisions of the legislation of the Russian Federation on ensuring the security of personal data and requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data. The specified employees are periodically trained in the rules of personal data processing. 6.9. Necessary and sufficient technical measures have been taken to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions: 6.9.1. An access control system has been introduced. 6.9.2. Protection against unauthorized access to automated workplaces, information networks and personal data databases has been established. 6.9.3. Protection against malicious software and mathematical effects is installed. 6.9.4. Regular backup of information and databases is carried out. 6.9.5. The transmission of information over public networks is carried out using means of cryptographic protection of information. 6.10. A system of control over the procedure for processing personal data and ensuring their security is organized. The compliance checks of the personal data protection system, the audit of the level of personal data security in personal data information systems, the functioning of information protection tools, the identification of changes in the processing and protection of personal data are planned.
7. UPDATING AND APPROVING THE POLICY 8.1. The Policy is approved and put into effect by an administrative document signed by the head of the Operator. 8.2. The Operator has the right to make changes to this Policy. When making changes in the name of the Policy, the date of the last revision update is indicated. The new version of the Policy comes into force from the moment it is posted on the Operator's website, unless otherwise provided by the new version of the Policy. 8.3. The norms of the current legislation of the Russian Federation apply to this Policy and the relations between the subject of personal data and the Operator