Personal data processing policy
1.1 Policy of JSC "Conflex SPb" (hereinafter referred to as the Company) regarding the processing of personal data (hereinafter referred to as the Policy) defines the main goals, principles and conditions for the processing of personal data, as well as measures to ensure the security of personal data of the Company’s employees.
1.2 This Policy has been developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
1.3 This Policy is a public document and is subject to publication on the Company’s official website on the Internet.
1.4 The provisions of the Policy serve as the basis for the development of local regulations detailing the issues of processing and protection of personal data in the Company.
2. Main purposes and principles of processing personal data.
2.1 The company processes personal data for the purposes of:
- implementation of the functions, powers and duties assigned by the legislation of the Russian Federation to the Company, including the provision of personal data to government authorities, the Pension Fund, the Social Insurance Fund, the Federal Compulsory Medical Insurance Fund, as well as to other government bodies;< /p>
- regulation of labor relations with the Company’s employees (assistance in employment, training and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property);
- providing the Company’s employees with additional guarantees and compensation, including voluntary medical insurance and other types of social security;
- protection of life, health or other vital interests of personal data subjects;
- preparation, conclusion, execution and termination of contracts with the Company’s counterparties;
- organizing and ensuring access control in the Company;
- execution of judicial acts, acts of other bodies or officials subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
- as well as for other legal purposes.
2.2 Processing of personal data in the Company is carried out in compliance with the following principles:
- processing of personal data is carried out on a legal and fair basis;
- the processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes;
- processing of personal data incompatible with the purposes of collecting personal data is not permitted;
- it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
- the content and volume of personal data processed corresponds to the stated purposes of processing;
- when processing personal data, the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing personal data are ensured;
- storage of personal data is carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of processing personal data, unless the period for storing personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor;
- processed personal data is destroyed or anonymized upon achievement of the processing goals or in the event of the loss of the need to achieve these goals, unless otherwise provided by federal legislation.
3. Categories of personal data subjects.
3.1 The Company processes the personal data of its employees, as well as other subjects of personal data who are not in an employment relationship with the Company, to implement the processing purposes specified in this Policy.4. Categories of personal data processed.
4.1 The list of personal data processed by the Company is determined in accordance with the legislation of the Russian Federation and local regulations of the Company, taking into account the purposes of processing personal data specified in this Policy.
4.2 The Company does not process special categories of personal data relating to race, nationality, political views, intimate life, religious and philosophical beliefs.
4.3 The Company may process biometric personal data of personal data subjects only with the written consent of the subjects, unless otherwise provided by the legislation of the Russian Federation.
5.1 Processing of personal data in the Company is carried out with the consent of the subject of personal data to the processing of his personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data.
5.2 The company does not disclose or distribute personal data to third parties without the consent of the subject of personal data, unless otherwise provided by federal law.
6.1 The company collects, records, systematizes, accumulates, stores, refines (updates, changes), extracts, uses, transfers (distribution, provision, access), depersonalizes, blocks, deletes and destroys personal data.
6.2 Processing of personal data in the Company is carried out in the following ways:
- non-automated processing of personal data;
- automated processing of personal data with or without transmission of information via information and telecommunication networks;
- mixed processing of personal data.
7. Rights of personal data subjects.7.1 Personal data subjects have the right to:
- full information about their personal data processed by the Company;
- access to their personal data, including the right to receive a copy of any record containing their personal data, except in cases provided for by the legislation of the Russian Federation;
- clarification of your personal data, its blocking or destruction if personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
- withdrawal of consent to the processing of personal data;
- taking measures provided for by the legislation of the Russian Federation to protect their rights;
- appeal to the authorized body for the protection of the rights of personal data subjects or in court against unlawful actions or inactions in the processing and protection of his personal data;
- exercise of other rights provided for by the legislation of the Russian Federation.
8. Ensuring the security of personal data.8.1 Measures necessary and sufficient to ensure that the Company fulfills the obligations of the operator provided for by the legislation of the Russian Federation in the field of personal data include:
- appointment of a person responsible for organizing the processing of personal data;
- adoption of local regulations and other documents in the field of processing and protection of personal data;
- identification of threats to the security of personal data during their processing in personal data information systems;
- application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems;
- familiarization of the Company employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data and local acts on the processing of personal data;
- obtaining consents of personal data subjects for the processing of their personal data, except for cases provided for by the legislation of the Russian Federation;
- implementation of internal control over the measures taken to ensure the security of personal data;
- other measures provided for by the legislation of the Russian Federation in the field of personal data.
9. Control and responsibility.9.1 The person responsible for organizing the processing of personal data organizes a continuous process of monitoring compliance in the Company with the requirements of Federal legislation in the field of personal data.
9.2 Company officials guilty of violating the rules governing the processing and protection of personal data bear liability under the legislation of the Russian Federation.