SMART RECRUITMENT Search
Privacy Policy
1. General Provisions: The Processing Policy (hereinafter referred to as the Policy) is developed in accordance with the Federal Law of 27.07.2006. N 152-FZ "On Personal Data" (hereinafter - FZ-152). This Policy determines the procedure of personal data processing and measures to ensure security of personal data by individual entrepreneur Sukharkova Y. V. (hereinafter - the Operator) in order to protect the rights and freedoms of individuals and citizens when processing their personal data, including the protection of the rights to privacy, personal and family secrets.
The Policy defines the following basic concepts:
· Automated processing of personal data - processing of personal data by means of digital technology;
· Blocking of personal data - temporary termination of personal data processing (except when processing is necessary to clarify personal data);
· Information system of personal data - a set of personal data contained in personal data bases, and information technologies and technical means ensuring their processing;
· Anonymizing personal data - actions that make it impossible to determine, without the use of additional information, whether the personal data belongs to a particular subject of personal data;
· Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data;
· Operator - a state body, municipal authority, a legal entity or an individual, independently or together with other parties, organizing and/or carrying out the processing of personal data, as well as determining the purpose of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
· Personal data - any information related to a directly or indirectly identified or identifiable individual (the subject of personal data);
· Provision of personal data - actions aimed at disclosure of personal data to select third parties;
· Dissemination of personal data - actions aimed at disclosure of personal data to select third parties (provision of personal data) or disclosure of personal data to an unrestricted number of parties, including publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;
· Cross-border provision of personal data - provision of personal data to a foreign country: to a foreign authority, a foreign individual or legal entity;
· Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data processing system and (or) result in the destruction of tangible storage devices that contain personal data.
The Company is obliged to publish or otherwise provide unrestricted access to this personal data processing policy in accordance with Part 2 of Article 18.1. of FZ-152.
2. TERMS AND CONDITIONS OF PERSONAL DATA PROCESSING
2.1 Terms of personal data processing.
The Operator's processing of personal data is based on the following terms:
- lawfulness and fair basis;
- limiting the processing of personal data to specific, predetermined and legitimate purposes;
- avoiding any processing of personal data that is incompatible with the purposes of gathering personal data;
- avoiding combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- processing only those types of personal data that meet the purposes of its processing;
- correspondence of the content and amount of processed personal data with the stated processing purposes;
- avoiding processing of personal data that is excessive in relation to the stated purposes of its processing;
- ensuring accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
- destruction or anonymization of personal data upon achieving the objectives of personal data processing or in case of loss of necessity to achieve such objectives, in case of impossibility to eliminate violations of personal data committed by the Operator, unless otherwise provided by federal law.
2.2 Conditions for personal data processing.
The Operator processes personal data in the presence of at least one of the following conditions:
- processing of personal data is carried out with the consent of the subject of personal data to the processing of their personal data;
- processing of personal data is necessary to achieve the objectives provided by an international treaty the Russian Federation is a part of or the law of the Russian Federation, to implement and carry out functions, powers and duties imposed on the operator by the law of the Russian Federation;
- processing of personal data is necessary for administration of justice, execution of a judicial act, an act of another authority or an executive officer, subject to execution in accordance with the law of the Russian Federation on enforcement proceedings;
- processing of personal data is necessary to perform the contract, under which the subject of personal data is a party or beneficiary or guarantor, as well as for the conclusion of the contract initiated by the subject of personal data, or the contract, under which the subject of personal data will be a beneficiary or guarantor;
- processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially important objectives, provided that this does not violate the rights and freedoms of the subject of personal data;
- processing of personal data subject to publication or compulsory disclosure in accordance with the federal law.
2.3 Personal data protection
The Operator and third parties that have access to personal data are obligated not to disclose to any external party and not to disseminate personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
2.4 Publicly accessible sources of personal data
In order to ensure information management, the Operator may create publicly accessible sources of personal data of subjects, including reference lists and registers of personal data.
Surname, name, patronymic, date and place of birth, position, telephone numbers, e-mail addresses and other personal data provided by the subject of personal data may be included in publicly available sources of personal data with written consent of the subject.
Personal data regarding the subject shall at any time be removed from publicly available sources of personal data at the request of the subject or by court order or decision of other authorized state bodies.
2.5 Special categories of personal data
The Operator may process special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, health status, personal life in cases as follows:
- the subject of personal data has given their written consent to the processing of their personal data;
- personal data has been made publicly available by the subject of personal data;
- processing of personal data is carried out in accordance with the law regarding state social assistance, labor regulations, the law of the Russian Federation regarding state pensions and labor pensions;
- processing of personal data is necessary for protection of life, health or other vital interests of other individuals while obtaining the consent of the subject of personal data is impossible;
- processing of personal data is performed for preventive medical purposes, in order to establish a medical diagnosis, to provide medical and socio-medical services, given that the processing of personal data is performed by a party professionally engaged in medical activities and obliged in accordance with federal law to maintain medical confidentiality;
- processing of personal data is necessary to establish or exercise the rights of the subject of personal data or third parties, as well as in connection with the exercise of justice;
- processing of personal data is carried out in accordance with the law relating to compulsory types of insurance or other types of insurance legislation.
Processing of special categories of personal data shall be immediately terminated if the reasons that led to its processing have been eliminated, unless otherwise provided by federal law.
The Operator may process personal data on criminal records only in cases and in the manner determined in accordance with federal law.
2.6 Biometric personal data
Information that characterizes the physiological and biological characteristics of an individual, on the basis of which their identity can be established - biometric personal data - can be processed by the Operator only with written consent of the subject.
2.7 Entrusting processing of personal data to a third party
The Operator has the right to entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by federal law, based on a contract signed with said party. The party processing the personal data on behalf of the Operator must comply with the terms and conditions of personal data processing provided by FZ-152.
2.8 Cross-border provision of personal data
The Operator shall ensure that the foreign country to which the provision of personal data is supposed to be performed, provides adequate protection of the rights of the subjects of personal data, prior to initiating the provision of personal data.
Cross-border provision of personal data to foreign countries that do not provide adequate protection of the rights of the subjects of personal data may be carried out in cases as follows:
- existence of written consent of the subject of personal data for cross-border provision of their personal data;
- compliance with the contract, to which the subject of personal data is a party.
3. RIGHTS OF THE SUBJECT OF PERSONAL DATA
3.1 Consent of the subject of personal data to the processing of their personal data.
The subject of personal data shall make the decision to provide their personal data and consent to its processing freely, willingly and in their own interest. Consent to processing of personal data may be given by the subject of personal data or their representative in any form allowing to confirm the fact of its obtaining, unless otherwise provided by federal law.
The obligation to provide proof of consent of the subject of personal data or proof of the existence of the grounds specified in FZ-152 is incumbent on the Operator.
3.2 Rights of the subject of personal data
The subject of personal data has the right to receive information from the operator concerning the processing of their personal data, unless such right is limited in accordance with federal law. The subject of personal data has the right to receive information from the Operator concerning the processing of their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated objective of processing, as well as to take statutory measures to protect their rights.
Processing of personal data in order to promote goods, operations, services on the market through direct contact with the potential consumer by means of electronic communication, as well as for political campaigning is allowed only with the prior consent of the subject of personal data. Such processing of personal data shall be deemed carried out without prior consent of the subject of personal data, unless the Operator proves that such consent was obtained.
The Operator shall immediately terminate the processing of personal data at the request of the subject of personal data for the above-mentioned purposes.
Making decisions based solely on automated processing of personal data that generate any legal implications regarding the subject of personal data or otherwise affect their rights and legitimate interests is prohibited, except in cases provided for by federal law, or with written consent of the subject of personal data.
If the subject of personal data believes that the Operator carries out the processing of their personal data in violation of the provisions of FZ-152 or otherwise violates their rights and freedoms, the subject of personal data has the right to appeal against the action or inaction of the Operator to the competent authority to protect the rights of subjects of personal data or in court.
The subject of personal data has the right to protection of his rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court.
4. PERSONAL DATA SECURITY
Security of personal data processed by the Operator is provided by the implementation of legal, organizational and technical measures necessary to ensure the requirements of federal law in the field of personal data protection.
In order to prevent unauthorized access to personal data, the Operator shall implement the following organizational and technical procedures:
- designating authorized agents responsible for the organization of processing and protection of personal data;
- limiting the number of parties granted access to personal data;
- familiarizing the subjects with the requirements of federal law and the Operator's regulatory documents on processing and protection of personal data;
- organization of accounting, storage and circulation of data storage devices;
- determination of personal data security threats in the course of personal data processing, development of the personal data security threat models based on such threats;
- verification of readiness and efficiency of information protection measures;
- differentiation of user access to information resources and software and hardware for information processing;
- logging and record-keeping of actions of users of personal data information systems;
- using antivirus and recovery tools of personal data information systems;
- application of firewall, intrusion detection, security analysis and cryptographic protection of information where necessary;
- arrangement of access control to the premises of the Operator, and protection of premises with technical means of personal data processing.
5. FINAL CLAUSES
Other rights and obligations of the Operator, as the operator of personal data are determined by the law of the Russian Federation in the field of personal data management.
The Operator's executive agents guilty of violating the rules governing the processing and security of personal data shall bear material, disciplinary, administrative, civil or criminal liability in the manner provided by federal law.
The Policy defines the following basic concepts:
· Automated processing of personal data - processing of personal data by means of digital technology;
· Blocking of personal data - temporary termination of personal data processing (except when processing is necessary to clarify personal data);
· Information system of personal data - a set of personal data contained in personal data bases, and information technologies and technical means ensuring their processing;
· Anonymizing personal data - actions that make it impossible to determine, without the use of additional information, whether the personal data belongs to a particular subject of personal data;
· Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data;
· Operator - a state body, municipal authority, a legal entity or an individual, independently or together with other parties, organizing and/or carrying out the processing of personal data, as well as determining the purpose of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
· Personal data - any information related to a directly or indirectly identified or identifiable individual (the subject of personal data);
· Provision of personal data - actions aimed at disclosure of personal data to select third parties;
· Dissemination of personal data - actions aimed at disclosure of personal data to select third parties (provision of personal data) or disclosure of personal data to an unrestricted number of parties, including publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;
· Cross-border provision of personal data - provision of personal data to a foreign country: to a foreign authority, a foreign individual or legal entity;
· Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data processing system and (or) result in the destruction of tangible storage devices that contain personal data.
The Company is obliged to publish or otherwise provide unrestricted access to this personal data processing policy in accordance with Part 2 of Article 18.1. of FZ-152.
2. TERMS AND CONDITIONS OF PERSONAL DATA PROCESSING
2.1 Terms of personal data processing.
The Operator's processing of personal data is based on the following terms:
- lawfulness and fair basis;
- limiting the processing of personal data to specific, predetermined and legitimate purposes;
- avoiding any processing of personal data that is incompatible with the purposes of gathering personal data;
- avoiding combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- processing only those types of personal data that meet the purposes of its processing;
- correspondence of the content and amount of processed personal data with the stated processing purposes;
- avoiding processing of personal data that is excessive in relation to the stated purposes of its processing;
- ensuring accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
- destruction or anonymization of personal data upon achieving the objectives of personal data processing or in case of loss of necessity to achieve such objectives, in case of impossibility to eliminate violations of personal data committed by the Operator, unless otherwise provided by federal law.
2.2 Conditions for personal data processing.
The Operator processes personal data in the presence of at least one of the following conditions:
- processing of personal data is carried out with the consent of the subject of personal data to the processing of their personal data;
- processing of personal data is necessary to achieve the objectives provided by an international treaty the Russian Federation is a part of or the law of the Russian Federation, to implement and carry out functions, powers and duties imposed on the operator by the law of the Russian Federation;
- processing of personal data is necessary for administration of justice, execution of a judicial act, an act of another authority or an executive officer, subject to execution in accordance with the law of the Russian Federation on enforcement proceedings;
- processing of personal data is necessary to perform the contract, under which the subject of personal data is a party or beneficiary or guarantor, as well as for the conclusion of the contract initiated by the subject of personal data, or the contract, under which the subject of personal data will be a beneficiary or guarantor;
- processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially important objectives, provided that this does not violate the rights and freedoms of the subject of personal data;
- processing of personal data subject to publication or compulsory disclosure in accordance with the federal law.
2.3 Personal data protection
The Operator and third parties that have access to personal data are obligated not to disclose to any external party and not to disseminate personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
2.4 Publicly accessible sources of personal data
In order to ensure information management, the Operator may create publicly accessible sources of personal data of subjects, including reference lists and registers of personal data.
Surname, name, patronymic, date and place of birth, position, telephone numbers, e-mail addresses and other personal data provided by the subject of personal data may be included in publicly available sources of personal data with written consent of the subject.
Personal data regarding the subject shall at any time be removed from publicly available sources of personal data at the request of the subject or by court order or decision of other authorized state bodies.
2.5 Special categories of personal data
The Operator may process special categories of personal data relating to race, ethnicity, political views, religious or philosophical beliefs, health status, personal life in cases as follows:
- the subject of personal data has given their written consent to the processing of their personal data;
- personal data has been made publicly available by the subject of personal data;
- processing of personal data is carried out in accordance with the law regarding state social assistance, labor regulations, the law of the Russian Federation regarding state pensions and labor pensions;
- processing of personal data is necessary for protection of life, health or other vital interests of other individuals while obtaining the consent of the subject of personal data is impossible;
- processing of personal data is performed for preventive medical purposes, in order to establish a medical diagnosis, to provide medical and socio-medical services, given that the processing of personal data is performed by a party professionally engaged in medical activities and obliged in accordance with federal law to maintain medical confidentiality;
- processing of personal data is necessary to establish or exercise the rights of the subject of personal data or third parties, as well as in connection with the exercise of justice;
- processing of personal data is carried out in accordance with the law relating to compulsory types of insurance or other types of insurance legislation.
Processing of special categories of personal data shall be immediately terminated if the reasons that led to its processing have been eliminated, unless otherwise provided by federal law.
The Operator may process personal data on criminal records only in cases and in the manner determined in accordance with federal law.
2.6 Biometric personal data
Information that characterizes the physiological and biological characteristics of an individual, on the basis of which their identity can be established - biometric personal data - can be processed by the Operator only with written consent of the subject.
2.7 Entrusting processing of personal data to a third party
The Operator has the right to entrust the processing of personal data to a third party with the consent of the subject of personal data, unless otherwise provided by federal law, based on a contract signed with said party. The party processing the personal data on behalf of the Operator must comply with the terms and conditions of personal data processing provided by FZ-152.
2.8 Cross-border provision of personal data
The Operator shall ensure that the foreign country to which the provision of personal data is supposed to be performed, provides adequate protection of the rights of the subjects of personal data, prior to initiating the provision of personal data.
Cross-border provision of personal data to foreign countries that do not provide adequate protection of the rights of the subjects of personal data may be carried out in cases as follows:
- existence of written consent of the subject of personal data for cross-border provision of their personal data;
- compliance with the contract, to which the subject of personal data is a party.
3. RIGHTS OF THE SUBJECT OF PERSONAL DATA
3.1 Consent of the subject of personal data to the processing of their personal data.
The subject of personal data shall make the decision to provide their personal data and consent to its processing freely, willingly and in their own interest. Consent to processing of personal data may be given by the subject of personal data or their representative in any form allowing to confirm the fact of its obtaining, unless otherwise provided by federal law.
The obligation to provide proof of consent of the subject of personal data or proof of the existence of the grounds specified in FZ-152 is incumbent on the Operator.
3.2 Rights of the subject of personal data
The subject of personal data has the right to receive information from the operator concerning the processing of their personal data, unless such right is limited in accordance with federal law. The subject of personal data has the right to receive information from the Operator concerning the processing of their personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated objective of processing, as well as to take statutory measures to protect their rights.
Processing of personal data in order to promote goods, operations, services on the market through direct contact with the potential consumer by means of electronic communication, as well as for political campaigning is allowed only with the prior consent of the subject of personal data. Such processing of personal data shall be deemed carried out without prior consent of the subject of personal data, unless the Operator proves that such consent was obtained.
The Operator shall immediately terminate the processing of personal data at the request of the subject of personal data for the above-mentioned purposes.
Making decisions based solely on automated processing of personal data that generate any legal implications regarding the subject of personal data or otherwise affect their rights and legitimate interests is prohibited, except in cases provided for by federal law, or with written consent of the subject of personal data.
If the subject of personal data believes that the Operator carries out the processing of their personal data in violation of the provisions of FZ-152 or otherwise violates their rights and freedoms, the subject of personal data has the right to appeal against the action or inaction of the Operator to the competent authority to protect the rights of subjects of personal data or in court.
The subject of personal data has the right to protection of his rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court.
4. PERSONAL DATA SECURITY
Security of personal data processed by the Operator is provided by the implementation of legal, organizational and technical measures necessary to ensure the requirements of federal law in the field of personal data protection.
In order to prevent unauthorized access to personal data, the Operator shall implement the following organizational and technical procedures:
- designating authorized agents responsible for the organization of processing and protection of personal data;
- limiting the number of parties granted access to personal data;
- familiarizing the subjects with the requirements of federal law and the Operator's regulatory documents on processing and protection of personal data;
- organization of accounting, storage and circulation of data storage devices;
- determination of personal data security threats in the course of personal data processing, development of the personal data security threat models based on such threats;
- verification of readiness and efficiency of information protection measures;
- differentiation of user access to information resources and software and hardware for information processing;
- logging and record-keeping of actions of users of personal data information systems;
- using antivirus and recovery tools of personal data information systems;
- application of firewall, intrusion detection, security analysis and cryptographic protection of information where necessary;
- arrangement of access control to the premises of the Operator, and protection of premises with technical means of personal data processing.
5. FINAL CLAUSES
Other rights and obligations of the Operator, as the operator of personal data are determined by the law of the Russian Federation in the field of personal data management.
The Operator's executive agents guilty of violating the rules governing the processing and security of personal data shall bear material, disciplinary, administrative, civil or criminal liability in the manner provided by federal law.
Helping you find your way to success!
© All Rights Reserved. SMART RECRUITMENT SEARCH