1. General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) is compiled in accordance with paragraph 2 of Article 18.1 of the Federal Law "On Personal Data" No. 152-FZ dated July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing and applies to all personal data (hereinafter referred to as data) that an Organization (hereinafter referred to as the Operator, the Company) may receive from a personal data subject who is a party to a civil contract, from an Internet user (hereinafter referred to as – The User) during the use of any of the sites, services, services, programs, products or services of LLC "APK Astrakhan", as well as from a personal data subject who is in a relationship with the Operator regulated by labor legislation (hereinafter referred to as the Employee).
1.2. The Operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
1.3. The Operator has the right to make changes to this Policy. When making changes, the date of the last revision update is indicated in the Policy header. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
2. Terms and accepted abbreviations
Personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data).
Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data is the processing of personal data using computer technology.
The Personal Data Information System (ISPS) is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Personal data made publicly available by the subject of personal data is personal data, access to which is granted to an unlimited number of persons by the subject of personal data or at his request.
Blocking of personal data is a temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
Operator is an organization that independently or jointly with other persons organizes the processing of personal data, as well as determines the purposes of processing personal data to be processed, actions (operations) performed with personal data. The operator is a website located at:____________.ru.
3. Processing of personal data
3.1. Receiving personal data.
3.1.1. All personal data should be obtained from the subject himself. If the subject's personal data can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him.
3.1.2. The operator must inform the subject about the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid and the procedure for its withdrawal, as well as the consequences of the subject's refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
- copying of original documents (passport, education document, TIN certificate, pension certificate, etc.);
- entering information into accounting forms;
- obtaining the originals of the necessary documents (work record, medical report, characteristics, etc.).
3.2. Processing of personal data.
3.2.1. Processing of personal data is carried out:
- with the consent of the personal data subject to the processing of his personal data;
– in cases where the processing of personal data is necessary for the implementation and fulfillment of the functions, powers and duties assigned by the legislation of the Russian Federation;
– in cases when personal data is processed, access to an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter referred to as personal data made publicly available by the subject of personal data).
3.2.2. Purposes of personal data processing:
- implementation of labor relations;
- implementation of civil law relations;
– to contact the user in connection with filling out the feedback form on the site, including sending notifications, requests and information regarding the use of the store's website, processing, approving orders and their delivery, execution of agreements and contracts;
- depersonalization of personal data in order to obtain depersonalized statistical data that is transferred to a third party for conducting research, performing work or providing services on behalf of the store.
3.2.3. Categories of personal data subjects.
Personal data of the following personal data subjects are processed:
- individuals who are in labor relations with the Company;
- individuals who have resigned from the Company;
- individuals who are candidates for a job;
- individuals who are in civil law relations with the Company;
- individuals who are Users of the Store's Website.
3.2.4. Personal data processed by the Operator:
- data obtained during the implementation of labor relations;
- data obtained for the selection of candidates for work;
- data obtained during the implementation of civil law relations;
- data received from Users of the Store's Website.
3.2.5. Personal data processing is carried out:
– using automation tools;
- without using automation tools.
3.3. Storage of personal data.
3.3.1. Personal data of subjects can be obtained, further processed and transferred to storage both on paper and in electronic form.
3.3.2. Personal data recorded on paper media are stored in lockable cabinets or in lockable rooms with limited access rights.
3.3.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. It is not allowed to store and place documents containing personal data in open electronic directories (file sharing sites) in the ISPD.
3.3.5. The storage of personal data in a form that allows to identify the subject of personal data is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. The destruction of documents (carriers) containing personal data is carried out by burning, crushing (crushing), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented by the act of destruction of media.
3.5. Transfer of personal data.
3.5.1. The Operator transfers personal data to third parties in the following cases:
- the subject has expressed his consent to such actions;
- the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
3.5.2. The list of persons to whom personal data is transferred.
- Pension Fund of the Russian Federation for accounting (legally);
- tax authorities of the Russian Federation (legally);
- Social Insurance Fund of the Russian Federation (legally);
- territorial fund of compulsory medical insurance (legally);
- insurance medical organizations for compulsory and voluntary medical insurance (legally);
- banks for payroll (based on the contract);
- bodies of the Ministry of Internal Affairs of Russia in cases established by law;
- depersonalized personal data of Users of the online store's website is transferred to the Store's counterparties.
4. Personal data protection
4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (NWPD) consisting of subsystems of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a complex of legal, organizational, administrative and regulatory documents that ensure the creation, functioning and improvement of the NWPD.
4.3. The subsystem of organizational protection includes the organization of the management structure of the NWPD, the licensing system, the protection of information when working with employees, partners and third parties.
4.4. The subsystem of technical protection includes a complex of technical, software, hardware and software tools that ensure the protection of personal data.
4.4. The main personal data protection measures used by the Operator are:
4.5.1. Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instruction, internal control over the compliance of the institution and its employees with the requirements for the protection of personal data.