Policy regarding the processing of personal data and information on the implemented requirements for the protection of personal data.
Section 1. POLICY OBJECTIVES
This document defines the policy regarding the processing of personal data, and also contains information on the implemented requirements for the protection of personal data, and was developed in pursuance of Art. 18-1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" in accordance with this law and other legislative and regulatory legal acts that determine the procedure for working with personal data and the requirements for ensuring their security.
Section 2. BASIC CONCEPTS
2.1. This Policy uses the concepts in the meaning in which they are given in Article 3 of July 27, 2006 No. 152-FZ "On Personal Data".
2.2. The Operator in this Policy means INARS, and the website means the Operator's website located on the Internet at: https://inars.biz .
2.3. This Policy applies to all information that the Operator may receive about the User while using the Operator's website or services (hereinafter referred to as the Services) and in the course of the Operator's execution of any agreements and contracts with the User. The User's consent to the Policy, expressed by him in the framework of relations with one of the listed persons, applies to all other listed persons.
2.4. The use of the Operator's services (any contact with the site) means the User's unconditional consent to this Policy and the conditions for processing his personal information specified therein; in case of disagreement with these conditions, the User must refrain from using the Services.
Section 3. POLICY REGARDING THE PROCESSING OF PERSONAL DATA
3.1. The Operator processes personal data of the following categories of subjects: - counterparties - individuals associated with the Operator by civil law relations; - employees of the counterparty - individuals associated with the counterparty by labor or civil law relations; - users of the portal and/or operator's website, incl. representatives of Dealers, Companies, Buyers, random visitors and third parties, as well as Buyers of goods or services, advertising information about which is posted on the website and / or portal; - other entities in connection with the existence of legal relations with the Operator that do not contradict the legislation of the Russian Federation.
3.2. The operator is guided by the following principles for establishing the purposes of processing personal data. - the processing of personal data must be carried out on a lawful and fair basis. - the content and scope of the processed personal data must correspond to the stated purposes of processing. - when processing personal data, the Operator complies with other principles and processing rules established by the legislation of the Russian Federation.
3.3. The purposes of processing personal data vary. The Operator is guided by the terms of personal data processing depending on the categories of personal data subjects and taking into account the provisions of the regulatory legal acts of the Russian Federation. The Operator has the right to process personal data only for legitimate purposes, and the processing of personal data should be limited to the achievement of these purposes.
3.4. The purposes of processing personal data by the Company are: - in relation to contractors, their representatives and employees - the implementation of the norms of the Civil Code of the Russian Federation on contractual obligations, the conclusion and execution of contracts with counterparties, the provision by the operator of an Internet service for working with contracts, the performance by the operator of actions on behalf of representatives of subjects personal data; - in relation to Users - provision by the Operator of an Internet service for working with contracts, identification of a party within the framework of the Services and services, agreements and contracts with the operator; promotion of goods, works, services on the market; providing the User with personalized Services and services, as well as the execution of agreements and contracts; conclusion of transactions (agreements and contracts) with the User for the sale of goods, the provision of services, the performance of work and others; communication with the User, including sending notifications, requests and information regarding the use of the Services and services, execution of agreements and contracts, processing requests and applications from the User, as well as information, news and advertising mailings; improving the quality of the Services and services, the convenience of their use, the development of new Services; - the purposes indicated in the Privacy Policy.
3.5. The processing of personal data by the Operator is allowed in the following cases:
3.5.1. If there is the consent of the subject of personal data to the processing of his personal data. The procedure for obtaining the consent of the subject of personal data by the Company is defined in section 5 of the Policy.
3.5.2. The processing of personal data is necessary for the implementation and fulfillment of the functions, powers and obligations assigned to the operator by law.
3.5.3. To conclude an agreement on the initiative of the personal data subject and to execute the contract to which the personal data subject is a party. Such contracts, without limitation, are any civil law contracts, incl. in the form of an accepted offer with Users. Until the conclusion of contracts, the Operator processes personal data at the stage of pre-contractual work, when the consent of the subject to processing is confirmed by filling out an application on the portal and / or website or sending an electronic message indicating personal data to the operator by e-mail.
3.5.4. The processing of personal data by the Operator is necessary for the implementation of the rights and legitimate interests of the operator and / or third parties or for the achievement of socially significant goals, provided that the rights and freedoms of personal data subjects are not violated.
3.5.5. The processing of personal data is carried out by the Operator for statistical or other research purposes, subject to the mandatory depersonalization of personal data.
3.5.6. Processing of personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
3.5.7. Personal data is subject to publication or mandatory disclosure in accordance with the law.
3.6. The Operator does not process personal data belonging to special categories and relating to nationality, political views, religious or philosophical beliefs, intimate life, membership of personal data subjects in public associations or their trade union activities, with the exception of information related to the issue of the possibility of the Employee to perform labor function and necessary for the purposes determined by the pension legislation.
3.7. The processing of personal data on a criminal record can be carried out by the operator only in cases and in the manner prescribed by law.
3.8. The operator does not process biometric personal data.
3.9. When collecting personal data, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data using databases located on the territory of the Russian Federation.
3.10. The operator may carry out cross-border transfer of personal data in cases of concluding agreements with users and counterparties located abroad, to the extent necessary for the conclusion and execution of such agreements. In case of cross-border transfer of personal data to states that are not parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, or do not provide adequate protection of personal data, the subjects of personal data agree in writing to such transfer.
3.11. The Operator does not make decisions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and legitimate interests, based solely on automated processing of personal data.
3.12. When processing personal data, the Operator is obliged to observe the security and confidentiality of the personal data being processed, as well as to comply with other requirements provided for by the legislation of the Russian Federation in the field of personal data.
3.13. In accordance with the Federal Law "On Personal Data", the operator appoints a person responsible for organizing the processing of personal data.
3.14. The person responsible for organizing the processing of personal data is obliged to exercise internal control over the compliance of the processing of personal data with the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, this policy of the operator, local acts of the operator.
Section 4. Confidentiality of personal data
4.1. Operator employees who have access to personal data must ensure the confidentiality of such data. Ensuring confidentiality is not required in relation to: - personal data after their depersonalization; - publicly available personal data. 4.2. The procedure for ensuring the confidentiality of personal data of Users and other subjects of personal data is determined in the Privacy Policy, which is an integral part of this Policy regarding the processing and protection of personal data of the Operator.
Section 5. Consent of the subject of personal data to the processing of his personal data
5.1. The subject of personal data decides to provide his personal data to the Operator and agrees to their processing freely, by his own will and in his own interest. Consent to the processing of personal data must be specific, informed and conscious and may be provided by the subject in any form that allows confirming the fact of its receipt, unless otherwise provided by law.
5.2. The consent of an individual client using the services provided by the Operator through the portal and / or website is not required, because he is a party to the agreement with the Operator, who has accepted the public offer posted on the Operator's website and / or the User Agreement. Filling out by the buyer on the portal and / or website of the registration form and / or order for the purchase of goods or services (or other order form, application, etc.) expresses his will and consent to the processing of his personal data.
5.3. User registration on the portal and/or website of the Operator (dealer), confirmed by his login and password, is his simple electronic signature. An electronic document signed using such a login and password is equivalent to a document signed with a handwritten signature.
5.4. Representatives of clients, Users agree to the processing of their personal data by the operator, and / or its dealers, in the form of conclusive actions, expressed in the provision of their data for posting on the site and / or portal.
5.5. In the event that the Operator receives personal data from the counterparty on the basis of and for the purpose of fulfilling the contract concluded with him, including from the client-legal entity using the services provided by the portal and / or the website of the Operator, responsibility for the legality and accuracy of personal data, and also for obtaining the consent of the Representatives of counterparties and Representatives of clients to transfer their personal data to the Operator, the counterparty transferring personal data is borne, which is fixed in the text of the agreement between the Operator and the counterparty (client).
5.6. An operator who has received personal data from a counterparty and a client-legal entity does not assume the obligation to inform the subjects (their representatives), whose personal data has been transferred to him, about the start of processing personal data, since the obligation to inform accordingly when concluding an agreement with the subject of personal data and / or upon obtaining consent to such a transfer, the counterparty (client) that transferred the personal data is responsible. This obligation of the counterparty (client) is included in the contract concluded with him by the Operator, including the contract in the form of an offer posted on the portal and / or website.
5.7. The personal data of persons who have signed contracts with the Operator, contained in the unified state registers of legal entities and individual entrepreneurs, are open and publicly available, with the exception of information about the number, date of issue and the authority that issued the identity document of an individual. The protection of their confidentiality and the consent of the subjects of personal data for the processing of such data is not required.
5.8. In all other cases, it is necessary to obtain the consent of personal data subjects who are Representatives of counterparties, with the exception of persons who have signed agreements with the Operator or provided powers of attorney with the right to act on behalf and on behalf of the Operator’s counterparties, who independently sent personal data by e-mail and thereby performed implicit actions , confirming their consent to the processing of personal data specified in the text of the agreement (power of attorney) or an email.
5.9. Consent of the Representatives of the subjects to the processing of their personal data is provided in the form of conclusive actions by providing a power of attorney with the right to act on behalf of and on behalf of the subjects of personal data and an identity document of the Representative of the subject.
5.10. The consent of the subjects to provide their personal data is not required when the Operator receives, within the established powers, reasoned requests from the prosecutor's office, law enforcement agencies, investigation and inquiry agencies, security agencies, from state labor inspectors when they exercise state supervision and control over compliance with labor laws , and other bodies authorized to request information in accordance with the competence provided for by law. A reasoned request must include an indication of the purpose of the request, a reference to the legal grounds for the request, including confirming the authority of the body that sent the request, as well as a list of the requested information.
5.11. In the event of requests from organizations that do not have the appropriate authority, the Operator is obliged to obtain from the subject, which is not an Employee, consent to the provision of his personal data in any provable form, and warn the persons receiving personal data that these data can be used only for the purposes for which they are communicated, as well as require these persons to confirm that the specified rule will (was) observed.
5.12. Consent to the processing of personal data, the processing of which is not established by the requirements of the law or is not required for the performance of an agreement with the Operator, to which the subject of personal data is a party, may be withdrawn by the subject of personal data. In this case, the Operator destroys such personal data, in respect of which the consent to processing is withdrawn, and ensures their destruction by the counterparties to whom such data were transferred, within 30 days from the date of receipt of the withdrawal of the consent of the subject to the processing of his personal data.
5.13. In all cases, the obligation to provide proof of obtaining the consent of the subject of personal data to the processing of his personal data or proof of the existence of the grounds specified in the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" rests with the Operator.
Section 6. INFORMATION ON IMPLEMENTED PERSONAL DATA PROTECTION REQUIREMENTS
6.1. The operator implements the following requirements of the legislation in the field of personal data: - requirements for confidentiality of personal data; - requirements to ensure the implementation by the subject of personal data of their rights; - requirements to ensure the accuracy of personal data, and, if necessary, relevance in relation to the purposes of processing personal data (with the adoption (ensuring the adoption) of measures to delete or clarify incomplete or inaccurate data); - requirements for the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data; - other legal requirements.
6.2. In accordance with the Federal Law "On Personal Data", the Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the legislation in the field of personal data. In particular, the protection of personal data is achieved by the Operator by: - appointing a person responsible for organizing the processing of personal data; - publication by the Operator of this Policy; - publication of a local regulatory act on the personal data of an employee and the transfer of personal data within one organization; - familiarization of employees admitted to the processing of personal data of subjects with the requirements established by the legislation of the Russian Federation in the field of personal data, this Policy, as well as other local regulations of the Operator; - organization of the proper procedure for working with personal data carried out using automation tools (use of certified software, password restriction of access to computers, software that processes personal data, local network, approval of the list of persons who have access to personal data due to official duties) ; - organization of the proper procedure for working with personal data, carried out without the use of automation tools (organization of the proper storage of documents containing personal data, approval of appropriate measures and a list of positions); - organization of employees' access to information containing personal data of personal data subjects, in accordance with their official (functional) duties; - implementation of internal control and (or) audit of compliance of the processing of personal data with the federal law and regulations adopted in accordance with it, the requirements for the protection of personal data, the operator's policy regarding the processing of personal data, local acts of the operator.
Section 7. FINAL PROVISIONS
7.1. This Policy is an internal document of the Operator.
7.2. Other obligations and rights of the Operator as a person organizing the processing of personal data, both independently and on behalf of other operators, are determined by the legislation of the Russian Federation in the field of personal data.
7.3. Pursuant to Part 2 of Art. 18.1. Law, this Policy must be published or unrestricted access to it must otherwise be provided.
7.4. Officials and Employees of the Operator guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil and criminal liability in accordance with the legislation of the Russian Federation.
7.5. The Operator reserves the right to make changes to this Policy (in all its sections and preamble, as well as in the name).