Personal Data Processing and Protection Policy of DIRECTUM, LLC
1. General Terms
1.1. The present document (hereinafter, the Policy) determines the stance of DIRECTUM, LLC (hereinafter, the Company) on processing of personal data and declares general terms of personal data processing.
1.2. The purpose of this Policy is to ensure safety of rights and freedoms of the subject while processing his or her personal data.
1.3. The Policy has been created in accordance with the legislation of the Russian Federation, including Federal law #152 «On personal data» as of July 27, 2006. The terms and definitions of the Policy are determined according to the Federal law #152 «On personal data» as of July 27, 2006.
1.4. In the Company, the provisions of the Policy serve as the basis for local legal acts that regulate the processing of personal data of employees of the Company and other Data subjects.
1.5. The Policy applies to all employees of the Company (including employees who work under employment contracts or contractor’s agreements) and all business units of the Company, including standalone units. The Policy requirements are also taken into account and presented to other individuals if they should participate in processing of personal data of the Company, as well as in cases they receive personal data in the established order according to agreements, contracts, or assignments to process data.
1.6. Beyond the scope of the current legislation or contract, personal data will be processed after the Data subject’s consent is received. The Data subject may express his or her consent by committing actions, accepting formal offer conditions, leaving the appropriate marks, filling in the fields of forms, blanks, or in written form according to the legislation.
1.7. The Policy remains valid for an indefinite period after approval and until it is replaced by a new version.
Read the Policy to find out:
- How long and why we store your personal data.
- How to change your personal data or delete it from our server.
2. Personal Data Processing
2.1. The Company processes personal data based on:
2.1.1. Constitution of the Russian Federation
2.1.2. Civil Code of the Russian Federation
2.1.3. Labor Code of the Russian Federation
2.1.4. Tax Code of the Russian Federation
2.1.5. Federal law #152 «On personal data» as of July 27, 2006, article 6, part 1, clauses 1,2,5
2.1.6. Federal law #63 «On electronic signature» as of April 06, 2011
2.1.7. Federal law #212 «On insurance fees to the Pension Fund of the Russian Federation, Social Insurance Fund of the Russian Federation, Federal Fund of compulsory medical insurance and Territorial Funds of compulsory medical insurance» as of July 24, 2009
2.1.8. Federal law #125 «On archiving in the Russian Federation» as of October 22, 2004
2.1.9. Federal law #273 «On education in the Russian Federation» as of December 29, 2012
2.1.10. Charter of DIRECTUM, LLC.
2.2. The Company processes the personal data for the purpose of:
2.2.1. Registration of labor and other contractual relations, human resources management, accounting, tax records, and also for the purpose of organizing and carrying out loyalty programs, marketing and/or sales promotion, researches, surveys and other events by the Company (as well as with the involvement of third parties).
2.2.2. Performing obligations within contracts concerning supply of products, execution of events and provision of other services to the Data subjects by the Company.
2.2.3. Promotion of the Company’s and/or its partner’s services and/or goods in the market by directly contacting the Company’s clients by using different means of communication, including, but not limited to phone, e-mail, post, the Internet, etc.
2.2.4. Protection of the Data subject’s life, health and other vital interests. Ensuring access control on the Company’s premises.
2.2.5. Creation of reference materials for internal information support of the Company, its subsidiaries and representative offices.
2.2.6. Enforcement of judicial acts, acts of other authorities and public individuals, which are subjects to enforcement in accordance with the legislation of the Russian Federation on enforcement proceeding.
2.2.7. Execution of rights and legitimate interests of the Company within business activities provided by the Charter or other local legal acts of the Company, or execution of rights and legitimate interests of third parties. Achievement of socially significant purposes or other purposes if the actions of the Company do not conflict with the legislation of the Russian Federation.
2.3. While processing personal data, the Company performs actions which are required or expected to achieve purposes specified above, including, but not limited to collection, systematization, accumulation, storage, clarification (updating, modification), usage, distribution (including transfer), depersonalization, blocking, destruction, as well as performing any other actions to user’s personal data in accordance with the legislation of the Russian Federation.
We collect and process your personal data to make our website more useful.
2.4. In the Company, processing of personal data is carried out in the following manner: manual processing of personal data, automated processing of personal data with the transfer of received information through information and telecommunications networks if such information exists, mixed processing of personal data.
2.5. While processing, the accuracy of personal data, its sufficiency and relevance in relation to the purposes of processing personal data are ensured. If there is inaccurate or incomplete personal data, it will be clarified and updated.
2.6. For the purpose of due performance of its duties, the Company processes personal data of the following subjects categories:
2.6.1. Applicants for vacant positions — to the extent and within the time the Company needs to decide whether to employ the applicant or not, with the consent of the Data subjects; as well as to create a candidates pool, with the consent from the Data subjects.
2.6.2. Employees who are or have been in an employment relationship with the Company — to the extent and within the time required to achieve the purposes provided by the legislation of the Russian Federation; the execution of the functions, authorities and duties assigned to the Company by the legislation of the Russian Federation to create a candidates pool, with the consent from the Data subjects.
2.6.3. Relatives of the employees of the Company — to the extent and within the time required for the implementation and execution of the functions, authorities and duties assigned to the Company by the legislation of the Russian Federation; the enjoyment of the rights and legitimate interests of the Company, as well as for concluding and executing a contract to which a Data subject is a party, a beneficiary or a guarantor.
2.6.4. Representatives of the suppliers of the Company — to the extent and within the time required to interact with suppliers, with the consent from the Data subjects.
2.6.5. Representatives of the potential and existing clients — to the extent and within the time required to interact with the potential and existing clients, with the consent from the Data subjects.
2.6.6. Representatives of the partners — to the extent and within the time required to interact with the partners, with the consent from the Data subjects.
2.6.7. Other data subjects that are parties, beneficiaries, or guarantors under a contract concluded with the Company.
2.7. For the specified subjects categories, the following can be processed: surname, given name and patronymic of the Data subject, date and place of birth, address, marital status, education, profession, income, passport data, Taxpayer Identification Number, Insurance Number of Individual Ledger Account, contact information (phone number, e-mail) and other personal data according to standard forms and the established processing order.
2.8. The Company processes biometric data of the employees (photos).
Personal data is private information. The confidential treatment of the personal data is finished in the cases of depersonalization, common availability of data or in the other cases provided by the legislation of the Russian Federation.
The Policy does not apply only to website users. We respect the law and do not disclose information about employees, applicants and counterparties representatives to third parties.
2.9. Periods of the personal data processing are determined taking the following into account:
2.9.1. Established purposes of the personal data processing.
2.9.2. The periods of validity of the contracts with the Data subjects and the Data subjects consents for processing of personal data.
2.9.3. Legislation of the Russian Federation in the archiving.If the processing purposes are achieved or it is not required to achieve them anymore, the personal data that is being processed shall be deleted or depersonalized, unless otherwise provided by the legislation of the Russian Federation.
2.9.4. Personal data that is being processed shall be deleted or depersonalized in the following cases:
2.9.4.1. If the purposes of the personal data processing or critical storage time were achieved— within 30 days.
2.9.4.2. If it is not required to achieve the purposes of the personal data processing — within 30 days.
2.9.4.3. If the Data subject or his or her official representative confirmed that personal data was received illegally, or it is not necessary for the purpose of personal data processing — within 7 days.
2.9.4.4. If it is impossible to ensure the legitimacy of processing personal data — within 10 days.
2.9.4.5. If the Data subject recalled the consent for the personal data processing and it is not required to store personal data for the declared purpose anymore — within 30 days.
2.9.4.6. If the Data subject recalled the consent to use personal data for promoting goods and services to potential clients — within 2 days.
2.9.4.7. If the period of limitation of legal arrangements within which personal data is processed or was processed has expired.
2.9.4.8. If the Company is liquidated (reorganized).
2.10. The Company does not transfer personal data abroad. Personal data of all subjects is stored on the territory of the Russian Federation.
2.11. The Company submits personal data to third parties within the execution of the obligations assigned to the Company by the legislation of the Russian Federation, or with the consent of the Data subject.
We obey the laws of the Russian Federation and store your personal information on our server in Russia.
3. Measures to Ensure Safety of Personal Data
3.1.1. The Company shall take all necessary legal, organizational and technical measures to ensure safety of personal data, to protect it from unauthorized access (including accidental one), destruction, modification, access denial and other unauthorized actions. Particularly, the Company shall:
3.1.2. Appoint employees responsible for protection and organization of processing of personal data;
3.1.3. Check if contracts include sections on ensuring confidentiality of personal data; include such sections into contracts if necessary;
3.1.4. Issue local acts on processing of personal data, acquaint employees with these acts, train users;
3.1.5. Ensure physical safety of premises and processing tools, access control, security, CCTV monitoring;
3.1.6. Restrict and control access of employees and other individuals to personal data and tools designed to process it; monitor actions performed on personal data;
3.1.7. Determine threats to security of personal data that may occur during the processing; create threat models based on these threats;
3.1.8. Use security tools (antivirus tools, firewalls, unauthorized access protection tools, data cryptographic protection facilities), including those that have gone through the compliance assessment in accordance with the established procedure;
3.1.9. Keep track of and store data storage devices in a way that prevents their theft, substitution, unauthorized copying or destruction;
3.1.10. Back up data to be able to restore it;
3.1.11. Exercise internal control over the established order, make sure the initiated measured are effective, and react to incidents.
Your personal data is always safe, both from a legal and technical point of view.
4. Rights and Obligations of Data Subjects
4.1. The Data subject shall provide authentic personal data and documents containing personal data to the Company according to the Labor code of the Russian Federation, Federal law #152 as of July 27, 2006 «On personal data», other Federal laws and the current Policy.
4.2. In case of change of personal data, the Data subject shall notify the Company in written form within 14 days. The Company is entitled to request additional information and documents confirming its authenticity from the Data subject.
4.3. The Data subject shall acquaint himself or herself with the current Policy and with the legislation of the Russian Federation on processing of personal data.
4.4. The Data subject is entitled to receive information concerning the processing of his or her personal data, including, but not limited to:
4.4.1. Confirming the fact of processing of personal data by the Company;
4.4.2. Legal basis and purpose of personal data processing;
4.4.3. Purposes and methods of personal data processing used by the Company;
4.4.4. Name and location of the Company, information about individuals (except for employees of the Company) who have access to personal data or to whom personal data may be disclosed based on a contract with the Company or based on the federal laws;
4.4.5. Personal data that is being processed and that concerns the corresponding Data subject; the origin of this data, unless another procedure for granting of such data is provided for by the federal law;
4.4.6. Time period within which the personal data will be processed and stored;
4.4.7. Procedure for the execution of rights provided for by the Federal law «On personal data» by the Data subject;
4.4.8. Information about the transferring of data abroad that took place or may potentially take place in the future;
4.4.9. Name or surname, given name, patronymic and address of the person in charge of processing of personal data on behalf of the Company if such processing is assigned or will be assigned to this person;
4.4.10. Other information specified in the Federal law «On personal data» or other federal laws.
4.5. The Data subject is entitled to demand that the Company clarifies his or her personal data, blocks or destroys it in case the personal data is incomplete, obsolete, or inaccurate, illegally obtained or is not necessary for the claimed processing purpose. The Data subject is also entitled to take steps to protect his or her rights as prescribed by law.
4.6. If the Data subject believes that the Company processes his or her personal data in contravention of the Federal law «On personal data», or otherwise infringes on his or her rights and freedoms, the Data subject is entitled to appeal against actions or inactions of the Company in the authorized body protecting the rights of data subjects or in a judicial procedure.
4.7. The Data subject is entitled to protect his or her rights and legitimate interests, including the reimbursement of damages and (or) compensation for psychological trauma in a judicial procedure.
4.8. The Data subject is entitled to withdraw his or her consent by drawing up a corresponding paper document (claim) that can be sent to the Company address by registered post with a confirmation receipt or given to a Company representative in person with a signed acknowledgment.
We are interested in a long-standing and mutually beneficial cooperation. That is why we guarantee that your rights will be respected.
5. Rights and Obligations of the Company
5.1. The Company is entitled to delegate the processing of personal data to another person by virtue of the contract concluded with this person and with the consent from the Data subject. The contract shall contain the list of actions (operations) on personal data that will be performed by the person processing the personal data, the purposes of processing, the obligation of this person to respect confidentiality of personal data and ensure safety of personal data during the processing, and also the requirements to the protection of personal data according to the article 19 of the Federal law «On personal data».
5.2. For the purposes of internal information management, and with the written consent from the Data subject, unless otherwise provided for by the legislation of the Russian Federation, the Company can create internal reference materials that may include surname, given name and patronymic of the Data subject, his or her place of employment, position, date and place of birth, address, line number, email and other personal data received from the Data subject.
5.3. The Company is entitled to process personal data without the consent of the Data subject in the cases provided for by the article 6 of the Federal law «On personal data» or by other legislative acts of the Russian Federation.
5.4. The Company is entitled to refuse to fulfill a request of the Data subject to receive information concerning the processing of his or her personal data in the cases provided for by the Federal law «On personal data» or by other legislative acts of the Russian Federation.
5.5. The Company is entitled to collect the following information on its websites: IP address, browser type, device type (PC, phone), operating system type, time and duration of the visit, logical resolution of the screen, cookie information and addresses of the requested pages.
5.6. The Policy published on the Website is an effective one. The Company has the right to make changes to the Policy at any moment. In that case, the Company shall notify the users by placing a new version of the privacy policy to the Website.
We can make changes to the Policy. And we commit ourselves to update it on the website in a timely manner.
6. Final Provisions
6.1. The current Policy is governed by and construed in accordance with the legislation of the Russian Federation. All issues not settled by the current Policy are subjects to settlement in accordance with the legislation of the Russian Federation. All possible disputes arising from the relations governed by the current Policy are subjects to settlement in accordance with the current legislation of the Russian Federation. In the text of the current Policy, unless expressly stated otherwise, term «legislation» is construed as the legislation of the Russian Federation.
6.2. In case of questions and complaints from the User, he or she shall contact the Company by any means available. The parties shall endeavor to resolve any arising disputes through negotiations. If not resolved through negotiations, the dispute shall be submitted to a judicial authority in accordance with the current legislation of the Russian Federation.
6.3. Inaction of the Company in case of a breach of the Policy by the User does not deprive the Company of the right to take action to protect its interests later. It also does not mean that the Company relinquishes its rights in case the same or similar breaches happen in the future.
6.4. All disputes related to the Policy and its provisions are subjects to review by court at the location of the Company according to the current procedural law of the Russian Federation.
6.5. If the court declares a provision of the current Policy ineffective, other provisions shall not be deemed ineffective.
6.6. Persons guilty of a violation of provisions governing the processing and protection of personal data shall be subjects to financial, disciplinary, administrative, civil and criminal sanctions according to the federal laws, local acts and agreements of the Company.
Do you have any questions left? We are open to you suggestions. Contact us:
By phone: +7 (3412) 72-11-00
By email: pr@directum.ru.