This Policy has been developed in accordance with the Constitution of the Russian Federation,
Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", the Labor Code of the Russian Federation No. 197-FZ of 30.12.2001, as well as in accordance with other applicable federal laws and by-laws of the Russian Federation defining the rules and features of personal data processing and ensuring the security and confidentiality of such processing.
1. General provisions
1.1. This document defines the policy of LLC "Ice Cream" (hereinafter-the Company) in relation to the processing and security of personal data.
1.2. This policy has been developed in order to implement the requirements of the legislation in the field of processing and ensuring the security of personal data and is aimed at ensuring the full protection of the rights and freedoms of a person and a citizen when processing his personal data in the Company.
1.3. The provisions of this Policy are mandatory for all employees of the Company.
1.4. The provisions of this Policy are the basis for the organization of all processes in the Company related to the processing and protection of personal data.
1.5. This Policy establishes: the purposes of personal data processing; general principles and rules for personal data processing; classification of personal data and Personal Data Subjects; rights and obligations of Personal Data Subjects and the Company for their processing; the procedure for organizing personal data processing.
1.6. This Policy is subject to posting on the public resource - the Company's website in unlimited access.
1.7. This Policy comes into force from the moment of approval by the General Director of the Company.
1.8. This Policy is subject to revision in connection with changes in the legislation of the Russian Federation in the field of personal data processing and protection, based on the results of an assessment of the relevance, sufficiency and effectiveness of the measures taken to ensure the security of personal data processing in the Company.
1.9. This Policy applies to actions (operations) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data carried out using automation tools and without the use of such tools.
2. Basic terms and definitions
- Automated processing of personal data - processing of personal data using computer technology.
- Blocking of personal data - temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).
- Personal data security - the state of personal data security, characterized by the ability of users, technical means and information technologies to ensure the confidentiality, integrity and availability of personal data when they are processed in personal data information systems.
- Personal data information system - a set of personal data databases, information technologies and technical means that allow the processing of such personal data with or without automation tools.
- Confidentiality of personal data is a mandatory requirement for the Company or other person who has access to personal data to prevent their dissemination without the consent of the subject of personal data or the presence of other legal grounds.
- Personal data processing - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
- Publicly available personal data - personal data that an unlimited number of people have access to with the consent of the personal data subject or that, in accordance with federal laws, is not subject to the requirement of confidentiality.
- Depersonalization of personal data - actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information.
- Operator - a state body, a municipal body, a legal entity or an individual who independently or jointly with other persons organize and (or) carry out the processing of personal data, as well as determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
- Provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons.
- Personal data - any information related directly or indirectly to a specific or identifiable individual (the subject of personal data).
- Special categories of personal data - personal data relating to race, nationality, political views, religious or philosophical beliefs, health status and intimate life of the subject of personal data.
- Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
3. Purposes of personal data processing.
3.1. The Company processes personal data for the purposes of:
- ensuring compliance with the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation, local regulatory acts of the Company;
- conclusion of any contracts and agreements with the Subject of personal data and their further execution;
- attracting and selecting candidates for work in the Company;
- implementation of administrative and economic activities by the Company;
- as well as for other purposes, the achievement of which is not prohibited by federal legislation, international treaties of the Russian Federation.
4. Classification of personal data
4.1. Personal data includes any information related directly or indirectly to a specific or identifiable individual (the subject of personal data) processed by the Company to achieve these goals.
4.2. The Company does not process special categories of personal data related to race, nationality, political views, religious and philosophical beliefs, health status, intimate life, criminal record of individuals, unless otherwise established by the legislation of the Russian Federation.
4.3. The Company processes personal data of the following categories of Personal data subjects:
- individuals who are candidates for the positions of employees of the Company;
- individuals who leave an application on the website for the possibility of cooperation under a commercial concession agreement;
- individuals who perform work and provide services under civil contracts concluded with the Company;
- other individuals who have expressed their consent to the processing of their personal data by the Company or whose personal data processing is necessary for the Company to perform duties, perform functions or powers assigned and / or provided for by an international agreement of the Russian Federation or a law of the Russian Federation.
5. Basic principles of personal data processing
5.1. The processing of personal data in the Company is carried out on the basis of the following principles:
- legality of the purposes and methods of processing personal data;
- compliance of the purposes of personal data processing with the goals defined in advance and declared when collecting personal data
- compliance of the composition and volume of the processed personal data, as well as the methods of processing personal data with the stated processing goals;
- the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
- the inadmissibility of processing personal data that is incompatible with the purposes of collecting personal data;
- the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- ensuring the storage of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by a federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor;
- destruction or depersonalization of personal data upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by the legislation of the Russian Federation, the contract to which the subject of personal data is a party, beneficiary or guarantor;
- ensuring the confidentiality and security of the processed personal data.
6. Organization of personal data processing
6.1. The processing of personal data is carried out in compliance with the principles and rules established by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
6.2. The Company processes personal data both with the use of automation tools and without the use of automation tools.
6.3. The Company may include the personal data of subjects in publicly available sources of personal data, while the Company takes the written consent of the subject to the processing of his personal data.