Privacy Policy (User Agreement)

1. General provisions

• 1.1. The privacy policy for the website located on the Internet information and telecommunications network at https://icontext.ai(https://in-context.online;https://text.rucont.ru)(hereinafter referred to as the website) is valid in relation to all information that LLC "NTsR "Rukont" (OGRN: 1137746876090, INN: 7702823270; legal entity address: 129090, MOSCOW, VN.TER.G. MUNICIPAL DISTRICT MESHCHANSKY, PER PROTOPOPOVSKY, 19, Bldg. 12; hereinafter - the Company, operator) can obtain information about the user in the process of using the site.
• 1.2. This Policy establishes the specifics of the Operator’s processing of the user’s personal data, as well as the terms of use of the site.
• 1.3. Use of the site means the user’s unconditional consent to this Policy and indicates that the user has given consent to the processing of his personal data under the conditions specified therein. In case of disagreement, the user must refrain from using the site.
• 1.4. The following basic concepts are used within the Policy:
  
  personal data - any information related directly or indirectly to to a specific or identifiable individual (subject of personal data);
  
  processing of personal data - any action (operation) or combination actions (operations) with personal data performed using automation tools or without their use. Processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
  
  Personal data operator (operator) - government body, a municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
  
  automated processing of personal data - processing of personal data using computer technology;
  
  dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
  
  provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
  
  blocking of personal data - temporary cessation of processing personal data (except for cases where processing is necessary to clarify personal data);
  
  destruction of personal data - actions as a result of which it becomes it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material media of personal data are destroyed;
  
  depersonalization of personal data - actions that result in it is impossible to determine the ownership of personal data to a specific subject of personal data without the use of additional information;
  
  information system of personal data - the totality contained in databases of personal data and information technologies and technical means that ensure their processing;
  
  user - a person who navigated to the site and provided the Operator with personal data, incl. subsequently entered into a contractual relationship with the Operator, or is directly related to the person who entered into such a relationship.

2. Scope of personal data processed

2.1. Within the framework of the Policy, the user’s personal data is recognized as:
• 2.1.1. Data that the user provides about himself independently while using the site, or that the Operator receives otherwise, including the following personal data of the user: last name, first name, patronymic (if available); contact details (mailing address, telephone number, email address).
• 2.1.2. Data from cookies and other tracking technologies that are automatically transmitted to the Operator during the use of the site using software installed on the device. Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to the browser from the site and stored on the user's device. The user can refuse all cookies (by changing browser settings, as well as by changing service settings if technically possible). If you refuse the use of cookies, the user agrees that some functions of the site may not be available for use.
  The operator uses the following cookies: Necessary cookies help provide you with a great website experience by enabling basic functionality such as page navigation and access to secure areas of the website. The site cannot function properly without these cookies. “Customization cookies” allow the site to remember information that changes the way the site works or looks, for example, taking into account the preferred language and region in which the User is located. It is possible to view and manage cookies, as well as refuse and delete them from the internal memory of the device using the software used by the user. Tracking technologies that are also used are beacons, tags and scripts to collect and track information to improve site performance, including: the Internet Protocol address of the user's computer; browser type, its version; site pages, user visit time, time spent on these pages; unique device identifiers and other diagnostic data; type of mobile device; mobile operating system; type of mobile browser, its version.
• 2.1.3. Other information about the user, the processing of which is provided for by consent to the processing of the user’s personal data and/or an agreement to which the subject of personal data is a party, beneficiary or guarantor, or another agreement between the Operator and the subject of personal data.

3. Purposes and conditions for processing personal data

• 3.1. The processing of users’ personal information is carried out in accordance with the Operator’s internal local regulations and legal requirements.
• 3.2. In relation to all personal data of the user, its confidentiality is maintained and security is ensured, except in cases where the user voluntarily provides information about himself for general access to an unlimited number of persons.
• 3.3. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
• 3.4. Only personal data that meets the purposes of their processing are subject to processing.
• 3.5. Disclosure of personal data to third parties without the consent of the subject of personal data is not permitted, unless otherwise provided by federal law.
• 3.6. When processing personal data, the Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (except for distribution), depersonalizes, blocks, deletes, destroys personal data both using automation tools and and without the use of such means, as well as through mixed processing for the following purposes: user identification; providing information about the Operator’s services, information about the Operator; providing the user with access to personalized site features; notifying the user about important events, sending the user information and newsletters of a non-commercial nature; establishing feedback with the user, including sending notifications, requests, processing requests and applications from the user; execution of the contract with the user; determining the user’s location to ensure security and prevent fraud; confirmation of the accuracy and completeness of the personal data provided by the user; providing the user with effective customer and technical support; monitoring site usage; sending advertising messages with the user’s consent, providing the user with personalized offers, additional opportunities and services, subject to compliance with the requirements of the Federal Law of March 13, 2006 No. 38-FZ “On Advertising”; improving user experience, quality of service and website operation, ease of use, development of new services; analysis of user data, conducting statistical and other studies of user interaction with the Operator; for other purposes that may be provided for by consent to the processing of personal data, an agreement between the Operator and the user, as well as legislation.
• 3.7. The operator has the right to transfer the user’s personal information and/or assign its processing to third parties in the following cases: the user has consented to such actions; the transfer is necessary for the user to use the site or to fulfill an agreement with the user; in order to ensure the possibility of protecting the rights and legitimate interests of the Operator; the transfer is provided for by law within the established procedure.
• 3.8. Representatives of government authorities (including regulatory, supervisory, law enforcement, inquiry and investigation and other authorized bodies on the grounds provided for by current legislation) receive access to personal data processed by the Operator to the extent and in the manner prescribed by law.
• 3.9. The site may contain links to other resources on the Internet that are not administered by the Operator. The operator strongly recommends that the user read the document establishing the terms of use of the specific third party website he is visiting, as well as the specifics of the third party’s processing of the user’s personal data. The operator does not control and does not accept any responsibility for the information posted on these sites, as well as the conditions for processing personal data by third parties.
• 3.10. The legal basis for the processing of personal data is federal laws and regulations adopted on their basis that regulate relations, including those related to the processing of personal data, as well as the activities of the Operator; charter, local acts of the Operator; agreements concluded between the Operator and the subject of personal data; consent to the processing of personal data.
• 3.11. The condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the withdrawal of the consent of the subject of personal data to the processing of his personal data, as well as the identification of unlawful processing of personal data.
• 3.12. When the purpose of processing personal data is achieved, the consent of the subject of personal data to the processing of his personal data expires, the subject of personal data withdraws consent to the processing of his personal data, the Operator is obliged to stop processing them or ensure the termination of such processing (if the processing of personal data is carried out by another person, acting on behalf of the Operator) and if the preservation of personal data is no longer required for the purposes of processing personal data, destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the Operator) within the period established by law, unless otherwise is not provided for by an agreement to which the subject of personal data is a party, beneficiary or guarantor, or another agreement between the Operator and the subject of personal data, or if the Operator does not have the right to process personal data without the consent of the subject of personal data on the grounds provided for by law.
  In case of detection of unlawful processing of personal data carried out by the Operator or a person acting on behalf of the Operator, the Operator, within the period established by law, is obliged to stop the unlawful processing of personal data or ensure the cessation of unlawful processing of personal data by a person acting on behalf of the Operator. If it is impossible to ensure the legality of the processing of personal data, the Operator will within a period not exceeding ten working days from the date of detection of unlawful processing of personal data, he is obliged to destroy such personal data or ensure its destruction.
• 3.13. The operator stores personal data in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. . The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
  In this case, the limitation period, as well as other deadlines established by law, are taken into account.
• 3.14. If inaccurate personal data is identified when contacting a subject of personal data or his representative or at their request or at the request of an authority for the protection of the rights of subjects of personal data, the Operator blocks personal data relating to this subject of personal data from the moment of such contact or receipt of the specified request for verification period, if blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
  If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the subject of personal data or his representative or the body for the protection of the rights of personal data subjects, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data .
• 3.15. If unlawful processing of personal data is detected upon an appeal (request) from a personal data subject or his representative or an authority for the protection of the rights of personal data subjects, the Operator shall block unlawfully processed personal data relating to this personal data subject from the moment of such appeal or receipt of the request.
• 3.16. When processing personal data, the Operator ensures the processing of personal data using databases located on the territory of the Russian Federation.

4. Measures used to protect personal data

• 4.1. When processing personal information, the Operator takes the necessary legal, organizational and technical measures to protect personal information. information from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal information, as well as from other unlawful actions in relation to personal information of the User in accordance with the local regulations of the Operator and the requirements of the legislation on personal data.
• 4.2. Measures to ensure the security of personal data during their processing in personal data information systems of the Operator are determined and applied taking into account the established levels of security of personal data during their processing in personal data information systems.
• 4.3. Protection of personal data during their processing in the Operator’s personal data information systems from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, the dissemination of personal data, as well as from other unlawful actions in relation to personal data, is ensured by the use of an interrelated set of measures and means of protection, in particular: threats to the security of personal data during their processing in personal data information systems are determined; information security tools that have passed the compliance assessment procedure and are designed to neutralize current security threats are used; the effectiveness of measures taken to ensure the security of personal data is assessed before the personal data information system is put into operation; accounting of machine storage media of personal data is carried out; measures are taken to detect facts of unauthorized access to personal data and take appropriate measures, including measures to detect, prevent and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents in them; it is possible to restore personal data modified or destroyed due to unauthorized access to it; rules for access to personal data processed in the personal data information system are established, registration and accounting of actions performed with personal data in the personal data information system is ensured; control is exercised over the measures taken to ensure the security of personal data.

5. Basic rights and obligations

• 5.1. The operator has the right: Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
  entrust the processing of personal data to another person with the consent of the subject personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Law on Personal Data. The Operator’s instructions must define a list of actions (operations) with personal data that will be performed by the person processing personal data and the purposes of processing, must establish the obligation of such a person to maintain confidentiality and ensure the security of personal data during their processing, and must also the requirements for the protection of processed personal data are specified in accordance with Art. 19 of the Law on Personal Data;
  in case of withdrawal by the subject of personal data of consent to processing personal data The Operator has the right to continue processing personal data data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data;
  taking into account the purposes of processing personal data provided for in the Policy send the user, on his own behalf, independently or with the involvement of third parties, messages, including advertising messages (with the user’s consent), to the user’s email or mobile phone number.
• 5.2. The operator undertakes: organize the processing of personal data in accordance with the requirements Personal Data Law;
  when processing personal data, take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
  respond to requests and requests from personal data subjects in accordance with with the requirements of the Personal Data Law;
  report to the authorized body for the protection of the rights of subjects of personal data at the request of this body, the necessary information within the period prescribed by law;
  in the manner determined by the federal executive body, authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on the information resources of the Russian Federation, including informing him about computer incidents that resulted in the unlawful transfer (provision, distribution, access) of personal data.
• 5.3. The user has the right: receive information regarding the processing of his personal data for except in cases provided for by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data relating to other subjects of personal data, except in cases where there are legal grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
  withdraw consent to the processing of personal data;
  require the Operator to clarify his personal data, block it or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect your rights;
  demand the deletion of personal data if the personal data is no longer are required for the purposes for which they were received, and the Operator has no legal grounds for processing them;
  appeal to the authorized body for the protection of the rights of subjects of personal data or in court unlawful actions or inaction of the Operator when processing his personal data.
  refuse to receive advertising and other information without giving reasons refusal.
• 5.4. The user undertakes: do not take actions that may be considered as violations of the the field of intellectual property, copyright and/or related rights, as well as actions that lead or may lead to disruption of the normal operation of the site;
  do not use automated scripts (programs) to collect information and/or interaction with the site.

6. Additional terms

• 6.1. The operator has the right to make changes to the Policy without notice user. The User undertakes to periodically review the Policy for any changes.
• 6.2. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.

7. Consent to receive advertising

• 7.1. The user agrees to receive advertising information from the Operator about the Operator's services/products via the user's email address.
• 7.2. The user has the right not to consent to receive advertising information by unchecking the corresponding box when filling out the registration form, and also subsequently withdraw consent to receive advertising information by unchecking the corresponding box in the user’s personal account.

POLICY REGARDING THE PROCESSING OF PERSONAL DATA

1. General provisions

• 1.1. This Policy regarding the processing of personal data of the limited liability company LLC "NTsR "Rukont" (hereinafter referred to as the Operator) was developed in accordance with the requirements of clause 2, part 1, art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of rights to privacy, personal and family secrets.
• 1.2. The Policy defines the goals and general principles of processing personal data and measures to ensure the security of personal data taken by the Operator.
• 1.3. The policy is subject to revision and, if necessary, updating in connection with changes in legislation in the field of personal data, based on the results of an analysis of the sufficiency and effectiveness of the measures used to ensure the security of personal data when processed by the Operator, as well as based on the results of other control measures.
• 1.4. In pursuance of the requirements of Part 2 of Art. 18.1 of the Law on Personal Data, this Policy on paper is stored at the Operator’s address. An electronic image of the Policy is freely available on the Internet information and telecommunications network (hereinafter referred to as the Internet) on the Operator’s website.
• 1.5. Basic concepts used in the Policy: personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data); personal data operator (operator) - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data; processing of personal data - any action (operation) or set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
  
  automated processing of personal data - processing of personal data using computer technology;
  
  dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
  
  provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
  
  blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
  
  destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed;
  
  depersonalization of personal data - actions as a result of which it becomes impossible to determine without the use of additional information personal data belongs to a specific subject of personal data;
  
  personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

• 1.6. Basic rights and obligations of the Operator.

  
  

  • 1.6.1. The operator has the right:

    
    
    • 1.6.1.1. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
    • 1.6.1.2. entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Law on Personal Data. The Operator’s instructions must define a list of actions (operations) with personal data that will be performed by the person processing personal data and the purposes of processing, must establish the obligation of such a person to maintain confidentiality and ensure the security of personal data during their processing, and must also the requirements for the protection of processed personal data are specified in accordance with Art. 19 of the Law on Personal Data;
    • 1.6.1.3. if the subject of personal data withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.

  • 1.6.2. The operator is obliged:

    
    
    • 1.6.2.1. organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
    • 1.6.2.2. when processing personal data, take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.
    • 1.6.2.3. respond to requests and requests from subjects of personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
    • 1.6.2.4. report to the authorized body for the protection of the rights of personal data subjects, at the request of this body, the necessary information within 10 working days from the date of receipt of such a request. This period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notification indicating the reasons for extending the period for providing the requested information;
    • 1.6.2.5. in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that resulted in unlawful transfer (providing, distribution, access) of personal data.

• 1.7. Basic rights of the subject of personal data.

  
  

  1.7.1. The subject of personal data has the right:

  
  
  • 1.7.1.1. Receive information regarding the processing of his personal data, except for cases provided for by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data relating to other subjects of personal data, except in cases where there are legal grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
  • 1.7.1.2. Require the operator to clarify his personal data, block it or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights;
  • 1.7.1.3. Put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market;
  • 1.7.1.4. Appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or inaction of the Operator when processing his personal data.
• 1.8. Control over compliance with the requirements of this Policy is carried out by authorized persons responsible for organizing the processing of personal data by the Operator.
• 1.9. Responsibility for violation of the requirements of the legislation of the Russian Federation and regulations of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.

2. Purposes of processing personal data

• 2.1. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes.
• 2.2. Only personal data that meets the purposes of their processing are subject to processing.

• 2.3. The processing of personal data is carried out by the Operator for the following purposes:

  • Ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
  • Implementation of civil law relations;
  • Attracting and selecting job candidates; assistance to employees in employment, training and career advancement; ensuring working conditions, guarantees, benefits and compensation established by law; ensuring personal safety of workers; control the quantity and quality of work performed;
  • Providing the personal data subject with the opportunity to use the Operator’s website on the Internet, including his registration to use the Operator’s services.

3. Legal grounds for processing personal data

• 3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in pursuance of which and in accordance with which the Operator processes personal data, including:

  • Constitution of the Russian Federation;
  • Civil Code of the Russian Federation;
  • Labor Code of the Russian Federation;
  • Tax Code of the Russian Federation;
  • Federal Law of 02/08/1998 No. 14-FZ “On Limited Liability Companies”;
  • Federal Law dated December 6, 2011 No. 402-FZ “On Accounting”;
  • Federal Law of December 15, 2001 No. 167-FZ “On Compulsory Pension Insurance in the Russian Federation”;
  • Other federal laws and regulations adopted on their basis regulating relations related to the processing of personal data.

• 3.2. The legal basis for the processing of personal data is also:

  • Operator's charter;
  • Agreements concluded between the Operator and subjects of personal data;
  • Consent of personal data subjects to the processing of their personal data;
  • Exercise of the rights and legitimate interests of the Operator or third parties.

4. Volume and categories of personal data processed, categories of personal data subjects

• 4.1. The content and volume of personal data processed must correspond to the stated purposes of processing. The personal data processed should not be redundant in relation to the stated purposes of their processing.

• 4.2. The operator may process personal data of the following categories of personal data subjects.

  • 4.2.1. Candidates for vacant Operator positions.
  • 4.2.2. Employees and former employees of the Operator.
  • 4.2.3. Relatives of the Operator's employees.
  • 4.2.4. Clients (counterparties) of the Operator and their representatives.
  • 4.2.5. Users of the Operator's website on the Internet.
• 4.3. The operator does not process biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).
• 4.4. The operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except as provided by law.

5. Procedure and conditions for processing personal data

• 5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
• 5.2. Processing of personal data is carried out with the consent of the subjects of personal data for the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
• 5.3. The operator carries out automated, non-automated and mixed processing of personal data.
• 5.4. When processing personal data, the Operator collects, records, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (except for distribution), depersonalization, blocking, deletion, destruction of personal data.
• 5.6. Disclosure of personal data to third parties without the consent of the subject of personal data is not permitted, unless otherwise provided by federal law.
• 5.7. The transfer of personal data to the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.

• 5.8. The operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:

  • Identifies threats to the security of personal data during their processing;
  • Adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
  • Appoints persons responsible for ensuring the security of personal data;
  • Creates the necessary conditions for working with personal data;
  • Organizes recording of documents containing personal data;
  • Organizes work with information systems in which personal data is processed;
  • Stores personal data under conditions that ensure their safety and prevent unauthorized access to them;
  • Organizes training for the Operator’s employees processing personal data. Employees of the Operator whose job responsibilities include the processing of personal data are allowed to process personal data, in those cases and when this is required for the effective performance of their official duties. The Operator's employees processing personal data act in accordance with job descriptions, regulations and other administrative documents of the Operator, and comply with the Company's requirements for maintaining confidentiality.
• 5.9. The operator stores personal data in a form that makes it possible to identify the subject of personal data for no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. . The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal law.
  In this case, the storage periods established, in particular, in Art. 22.1 of the Federal Law of October 22, 2004 No. 125-FZ “On archiving in the Russian Federation” and the List of standard management archival documents generated in the process of activities of state bodies, local governments and organizations, indicating their storage periods (approved by the Order of the Federal Archive of Russia dated 20.12.2019 No. 236), limitation periods, as well as other deadlines established by law.
• 5.10. When collecting personal data, including via the Internet, the Operator ensures the processing of personal data using databases located on the territory of the Russian Federation.

6. Updating, correction, deletion, destruction of personal data and termination of their processing, responses to requests from subjects for access to personal data

• 6.1. Confirmation of the fact of processing of personal data by the Operator, legal grounds and purposes of processing personal data, as well as other information specified in Part. 7 tbsp. 14 of the Law on Personal Data are provided by the Operator to the subject of personal data or his representative within 10 working days from the date of application or receipt of the request of the subject of personal data or his representative. This period may be extended, but not more than five working days. To do this, the Operator should send a reasoned notification to the subject of personal data indicating the reasons for extending the period for providing the requested information.
  The information provided does not include personal data relating to other subjects of personal data, unless there are legal grounds for disclosing such personal data. The request must contain:
  • Number of the main document identifying the subject of personal data or his representative, information about the date of issue of the specified document and the issuing authority;
  • Information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
  • Signature of the subject of personal data or his representative.
  The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation. The operator provides the information specified in Part 7 of Art. 14 of the Law on Personal Data, to the subject of personal data or his representative in the form in which the relevant appeal or request was sent, unless otherwise specified in the appeal (request).
  
  If the appeal (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Personal Data Law or the subject does not have the rights to access the requested information, then a reasoned refusal is sent to him.
  
  The right of the subject of personal data to access his personal data may be limited in accordance with Part 8 of Art. 14 of the Law on Personal Data, including if the personal data subject’s access to his personal data violates the rights and legitimate interests of third parties.
• 6.2. If inaccurate personal data is identified when contacting a subject of personal data or his representative or at their request or at the request of an authority for the protection of the rights of subjects of personal data, the Operator blocks personal data relating to this subject of personal data from the moment of such contact or receipt of the specified request for verification period, if blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
  If the fact of inaccuracy of personal data is confirmed, the Operator based on the information provided by the subject of personal data or his representative or the body for the protection of the rights of personal data subjects, or other necessary documents clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
• 6.3. If unlawful processing of personal data is detected upon an appeal (request) from a personal data subject or his representative or an authority for the protection of the rights of personal data subjects, the Operator shall block unlawfully processed personal data relating to this personal data subject from the moment of such appeal or receipt of the request.
• 6.4. If the Operator, the body for the protection of the rights of personal data subjects or another interested party identifies the fact of unlawful or accidental transfer (provision, distribution) of personal data (access to personal data), resulting in a violation of the rights of personal data subjects, the Operator:
  • Within 24 hours notifies the body for the protection of the rights of personal data subjects about the incident that occurred, the alleged reasons that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the Operator to interact with the body for the protection of the rights of personal data subjects on issues related to the incident;
  • Within 72 hours, notifies the body for the protection of the rights of personal data subjects about the results of the internal investigation of the identified incident and provides information about the persons whose actions caused it (presence).
• 6.5. If the purpose of processing personal data is achieved or the consent of the subject of personal data to the processing of his personal data expires, the operator is obliged to stop processing personal data or ensure its termination (if the processing of personal data is carried out by another person acting on behalf of the operator) and destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the operator) within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by the agreement to which the subject of personal data is a party, beneficiary or guarantor, another agreement between the operator and the subject of personal data, or if the operator does not have the right to process personal data without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws.
• 6.6. If the subject of personal data withdraws consent to the processing of his personal data, the operator is obliged to stop processing them or ensure the termination of such processing (if the processing of personal data is carried out by another person acting on behalf of the operator) and in the event that the storage of personal data is no longer required for the purposes of processing personal data, destroy personal data or ensure their destruction (if the processing of personal data is carried out by another person acting on behalf of the operator) within a period not exceeding thirty days from the date of receipt of the said response, unless otherwise provided by the agreement to which, a party, the beneficiary or guarantor of which is the subject of personal data, another agreement between the operator and the subject of personal data, or if the operator does not have the right to process personal data without the consent of the subject of personal data on the grounds provided for by the Law on personal data or other federal laws.
• 6.7. When a personal data subject applies to the Operator with a request to stop processing personal data within a period not exceeding 10 business days from the date the Operator receives the corresponding request, the processing of personal data is terminated, except in cases provided for by the Law on Personal Data or other federal laws. This period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notice to the personal data subject indicating the reasons for extending the period.

• 6.8. The destruction of personal data is carried out by a commission created by order of the head of the Operator.

  • 6.8.1. The selection of material media and (or) information in information systems containing personal data that is subject to destruction is carried out by persons responsible for processing and protecting information classified as personal data.
  • 6.8.2. The commission compiles a list indicating material media and (or) information in information systems containing personal data that are subject to destruction.
  • 6.8.3. Personal data on paper is destroyed by shredding into small pieces, excluding the possibility of subsequent data recovery. Shredding is carried out using a document shredder.
  • 6.8.4. Personal data on electronic media is destroyed by causing irreparable physical damage to it, mechanical violation of the integrity of the media, which does not allow reading or restoring the data, as well as by deleting data from electronic media, including deleting data from personal data information systems, methods and means of guaranteed removal of residual information.
  • 6.8.5. The destruction of personal data is confirmed by the commission in accordance with the Requirements for Confirming the Destruction of Personal Data, approved by Roskomnadzor Order No. 179 dated October 28, 2022, or other subsequently imposed requirements.

7. Liability for violations

• 7.1. Persons guilty of violating the rules for processing and protecting personal data bear disciplinary, administrative, civil and criminal liability in accordance with current legislation.