This document defines the Policy of the limited liability Company "Flynet" (hereinafter - the "Company") in relation to the processing of personal data and the implementation of requirements for the protection of personal data (hereinafter - the "Policy") in accordance with the requirements of the Federal law of 27.07.2006 № 152-FZ "On personal data".
the Present position is extending its actions on the personal data collected through the telecommunications network "Internet". Processing of personal data of employees is carried out in accordance with the Regulations on protection, storage, processing and transfer of personal data of employees of LLC "Flynet".
1. Terms and definitions
1.1. This policy uses special concepts, the meaning of which is determined in the order specified below. Other terms and definitions that are not reflected in this Provision will be interpreted by the parties on the basis of the current legislation, unless they are assigned a different meaning on the basis of the meaning of the Provision:
- automated processing of personal data-processing of personal data using computer technology;
- blocking of personal data-temporary termination of processing of personal data (except if processing is necessary to clarify personal data);
- information system of personal data-a set of personal data contained in databases and providing their processing of information technologies and technical means;
- depersonalization of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a particular subject of personal data;
- processing of personal data - any action (operation) or set of actions (operations) committed with use of means of automation or without use of such means with personal data including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, granting, access), depersonalization, blocking, deletion, destruction of personal data;
- personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
- provision of personal data-actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
- distribution of personal data-actions aimed at disclosure of personal data to an indefinite number of persons;
- special categories of personal data-data relating to race, nationality, political opinion, religious belief, health status, as well as biometric personal data;
- personal data subject (hereinafter - LDS) - an individual to whom personal data directly or indirectly refer;
- destruction of personal data-actions that make it impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
- cookiesare text files, usually of a small size, or pieces of information that can be stored in the computer memory when you visit the site.
- service (or services) – provision of computing environment in the global Internet, as provided by the Public contract-offer for the provision of computing environment posted on the site https://www.flynet.pro/en
2. Legal basis of personal data processing
Processing of personal data is carried out in accordance with the requirements of the legislation:
- Civil code of the Russian Federation;
- Labour code of the Russian Federation;
- Federal law of 27 July 2006 №152-FZ "On personal data";
- FZ of the Russian Federation dated on 07 July 2003 No. 126-FZ "On communication";
- Federal law of 27 July 2006 №149-FZ "On information, information technologies and information protection".
3. Acceptance of the terms of this provision
3.1. The use of the website, its individual parts or services constitutes acceptance of this Policy and the terms of processing of personal data, as well as consent to the processing.
3.2. The policy is considered to be accepted, and the consent to the processing of data in the Commission of LDS of any of their actions:
- LDS registered;
- SPD has concluded an agreement with the Company (including in the form of acceptance, performance of actions to fulfill the terms of the agreement);
- LDS filled in form fields providing personal data;
- LDS provided personal data by e-mail, through the online consultant system, ordering a call back, through the attachment of the file (attachment) file and/or LDS reported them in a different form;
- LDS sent resume to fill position;
- actual start of LDS use of the services.
Other additional actions aimed at the expression of the will LDS not required.
3.3. In case of disagreement with the terms of this Policy, the LDS must stop using the site, its part or service, refuse to provide data, and the refusal to provide data may result in the inability to provide services.
In the latter case, the Company shall not be liable for a possible breach of its obligations, as well as the impossibility of achieving the expected result of the LDS.
3.4. This Policy applies only to the website, services, service of the Company. The company does not control and is not responsible for the websites of third parties to which the LDS can follow the links available on the website.
3.5. LDS is responsible for the completeness and accuracy of the data it provides. In case of discrepancies and/or incorrectness in the provided data, they shall be changed, including by reference to the Company.
4. Principles of personal data processing
4.1. Processing of personal data is carried out on a legal and fair basis;
4.2. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Personal data processing incompatible with the purposes of personal data collection is not allowed;
4.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
4.4. Only personal data that meet the purposes of their processing are subject to processing;
4.5. The content and volume of the processed personal data correspond to the declared purposes of processing and are not excessive in relation to the declared purposes of their processing;
4.6. When processing personal data, the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing personal data are ensured and, where necessary, the necessary measures are taken to delete or clarify incomplete or inaccurate data;
4.7. Storage of personal data is carried out in a form that allows to determine the SPD, no longer than it is required for the purpose of processing personal data, if the period of storage of personal data is not established by Federal law, an agreement to which the beneficiary or guarantor is a SPD. The processed personal data upon achievement of the purposes of processing or in case of loss of need for achievement of these purposes, unless otherwise provided by the Federal law, are subject to destruction or depersonalization.
If summary is not specified, the purpose of LDS employment consents to the inclusion in the personnel reserve of the company. In this case, personal data may be processed until the moment of employment or the application of the LDS for exclusion from the personnel reserve.
5. Place of storage of personal data
5.1. The company ensures the collection of personal data and their processing using databases located on the territory of the Russian Federation.
6. Purposes of personal data processing:
6.1. The company processes only those personal data that are necessary for the provision of LDS services, carrying out the company's activities, ensuring compliance with applicable legislation, the rights and legitimate interests of third parties, provided that this does not violate the rights of LDS.
6.2. LDS personal data may be processed by the Company for the following purposes:
- Conducting research using impersonal data;
- To identify the SAP;
- To provide LDS services by the Company;
- To provide services with the involvement of authorized registrars, certifying centers, payment systems and/or other persons in charge of the provision of ordered SPD services, its part;
- To communicate with LDS on issues arising from the provision of services, employment, including for sending information, notifications, SMS messages, messages using messengers, e-mail newsletters, requests related to the provision of services, as well as to process requests and applications from LDS;
- Sending newsletters and promotional mailings, if the corresponding LDS subscriptions have not been canceled;
- Service quality control;
- Provide technical support;
- Making payments;
- Assessment of LDS when deciding on employment, formation of personnel reserve;
6.3. The company does not collect or process special categories of personal data.
7. Composition of personal data
7.1. The company can process personal data: surname, name, patronymic, e-mail, telephone, Fax, data of identity document, data of residence/place of stay, payment details, place of work, position, date and place of birth.
For the purpose of assessment of LDS at employment personal data can be processed: passport data, personal and biographical data, data on education and professional development, data on a specialty or profession, data on labor and General experience, the insurance certificate of obligatory pension insurance, individual number of the taxpayer, data on the military account, data on a state of health, the address of the actual residence, home and mobile phone, the e-mail address, data on structure of a family, existence of criminal records, the post, information about the employee's salary. The composition of the processed data is determined based on the amount of information required to assess the compliance of the LDS position for which it applies.
the Company does not process special categories of data, if the current legislation does not require their processing to verify compliance with the LDS of the position for which it claims
7.2. The company may collect other personal data if it is necessary to provide LDS services and to comply with the requirements of the legislation of the Russian Federation in the field of personal data protection.
7.3. The company may also collect data related to the IP address, statistical information on the actions taken when using the Services of the Company, unique identifiers automatically generated when using the services, data on transactions, language, territory from which the services are accessed, as well as other information on the SAP.
the Company uses temporary (session) and permanent cookies on its website.
Temporary files are different in that they are deleted after the web browser is closed, while permanent files remain in the computer's memory until they are deleted manually or until they expire.
SPD can change the settings of your web browser so that you have already saved the cookies have been deleted and a new cookie was not saved (detailed information about this contains, as a rule, in the manual of use of each particular web browser).
If you delete cookies and/or configure your web browser so that new cookies are not stored, some or all features of the site and services may not be available. In the latter case, the Company is not responsible for the inability to use its Services and/or the inability to provide them.
8. The processing of personal data:
8.1. Processing of personal data is carried out by the Company with the consent of the LDS, both with the use of automation tools and without the use of such tools.
8.2. The company does not provide or disclose information containing personal data to a third party without the consent of the SPD, except in cases established by the current legislation of the Russian Federation in the field of personal data protection (at the request of the authorized body), as well as for the purpose of fulfillment of obligations to the SPD, investigation of fraud in the implementation of payments and any other illegal activities, in order to protect the rights of the injured party, when there are reasonable suspicions of a potential or existing violation of rights, in cases of violation of intellectual property rights, in the case of claims against the activities of the JPA.
Personal data may be transferred to the company's service provider to the extent necessary for the provision of services to the Company and/or LDS without the consent of the LDS. Such service providers will use personal data only in accordance with the instructions of the Company and for the purposes specified in this Policy.
8.3. In case of withdrawal of consent to the processing of personal data, the Company has the right to continue processing of personal data without consent in the cases provided for by the current legislation.
8.4. If personal data, as well as documents containing them, are provided/stored in writing, the destruction is carried out in a way that excludes the possibility of restoring their text.
8.5. The company may combine (merge, merge) and use the combined data with other information to provide, manage and develop services.
9. Privacy of personal data
9.1. Information relating to personal data is confidential.
9.2. Prior to providing access to personal data of the persons processing them, the company shall ensure the signing of the obligation of non-disclosure of confidential information, warn about the established responsibility in the field of personal data protection.
10. Measures to protect personal data
10.1. For the protection of personal Data by the Company:
- a person responsible for the organization of personal data processing in the Company has been appointed;
- approved local acts on the processing of personal data, establishing procedures aimed at the prevention and detection of violations of the legislation of the Russian Federation, the elimination of the consequences of such violations;
- the legal, organizational and technical measures to ensure the security of personal data during their processing provided for by the relevant regulatory legal acts are applied;
- periodic inspections of personal data processing conditions are organized;
- employees directly processing personal data shall be familiarized with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents and other internal documents of the Company on the processing of personal data.
11. Rights of personal data subjects. Direction of appeals
11.1. SPD has the right to receive information from the Company about the processing of its personal data, the right to protection, the right to withdraw consent to the processing of personal data, as well as other rights provided for by the Federal law of July 27, 2006 № 152-FZ "On personal data" and other legal acts.
11.2. An individual has the right to erasure, also known as 'the right to be forgotten'. The principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. For remove personal data send request to email firstname.lastname@example.org.
12. Policy publication
12.1. To ensure unlimited access to the Policy, its text shall be posted on the company's website.
12.2. The company has the right to unilaterally amend this policy at any time. All changes come into force from the date specified in such changes, and in the absence of instructions – 10 days from the date of posting on the company's website.
12.3. The JPA shall independently take necessary and sufficient measures to familiarize itself with the changes to this policy, for which it shall at least once a month familiarize itself with the changes and/or other information.
the Company does not provide additional information, notice of changes to the policy except for posting on the official website.
13. Direction of appeals
13.1. Any treatment the SAP may be taken in address: 634055, Tomsk, PR-t Akademicheskiy, d. 8/8, a/I, OOO "Flynet"