1.1.This Policy for the Processing of Personal Data (hereinafter referred to as the Policies for processing PDD) LLC Necropolis 21 Century (hereinafter referred to as the Operator), Taxpayer Identification Number 5433957776 located at the address Voskhod, Voentorgovskaya 4/10, Novosibirsk Region, was developed in accordance with the Constitution of the Russian Federation, The Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", Federal Law No. 152-FZ of July 27, 2006 "On Personal data, "Government Decree of 01.11.2012 № 1119" On the approval of the requirements for the protection of personal data when processing them in personal information systems ", other federal laws and regulations.
1.2. The policy is developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other normative legal acts of the Russian Federation in the field of personal data.
1.3.The policy of processing PDN is designed to protect the rights and freedoms of the subject of personal data when processing his personal data (hereinafter - PDN).
1.4.The provisions of the Policy form the basis for the development of local regulations governing the processing of personal data of employees of Necropolis 21 Century LLC and other subjects of personal data at LLC Necropolis of the 21st Century.
- The purposes of processing personal data
Personal data is processed by the Operator for the following purposes:
1) оimplementation and implementation of the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator, in particular:
- compliance with labor law and taxation requirements,
- maintenance of current accounting and tax accounting, formation, production and timely submission of accounting, tax and statistical reporting;
- compliance with the requirements of the law to determine the procedure for processing and protecting PDD of citizens who are customers or counterparties of LLC Necropolis 21 Century (hereinafter referred to as personal data subjects).
2) the exercise of the rights and legitimate interests of LLC Necropolis 21 Century in the framework of carrying out activities specified in the Charter and other local regulatory acts of LLC Necropolis 21 Century, or third parties or achieving socially significant goals;
3) for other legitimate purposes.
- Legal basis for processing personal data
Processing PDN is carried out on the basis of the following federal laws and regulations:
- The Constitution of the Russian Federation;
- of the Labor Code of the Russian Federation;
- Federal Law of July 27, 2006 No. 152-FL "On Personal Data";
- Federal Law "On Information, Information Technologies and Information Protection" of 27.07.2006 N 149-FL ;
- Provisions on the features of processing personal data, carried out without the use of automation. Approved by Resolution of the Government of the Russian Federation dated September 15, 2008 No. 687.;
- FSTEC Order No. 55, Federal Security Service of Russia No. 86, Ministry of Information and Communications of the Russian Federation No. 20 dated February 13, 2008 "On Approving the Procedure for the Classification of Information Systems for Personal Data;
- FSTEC Order No. 21 of February 18, 2013, "On Approving the Composition and Content of Organizational and Technical Measures to Ensure the Safety of Personal Data when Handled in Personal Data Information Systems";
- Roskomnadzor Order No. 996 of September 5, 2013 "On Approval of Requirements and Methods for the Decrease of Personal Data";
- Order of the Federal Tax Service of November 17, 2010 № MMV-7-3 / 611 "On the approval of the form of information on the income of individuals and recommendations for its completion, the format of information on the income of individuals in electronic form, directories."
- Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state bodies
- List of actions with personal data
When processing the PDN, the Operator will perform the following actions with PDD: collection, recording, systematization, accumulation, storage, updating (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data .
- Composition of personal data processes
5.1. ОThe following PDD subjects are subject to processing by the Operator:
- Operator staff;
- Clients Opera;
5.2. The composition of the PDE for each of the categories of subjects listed in article 5.1 of this Regulation is determined in accordance with the normative documents listed in Section 3 of this Regulation, as well as regulatory documents of the Institution issued to ensure their execution.
5.3. In cases stipulated by the current legislation, the personal data subject decides to provide his PDD to the Operator and agrees to their processing freely, by his own will and in his interest
5.4.The operator ensures that the content and volume of the processed PDDs are in accordance with the stated processing objectives and, if necessary, takes measures to eliminate their redundancy in relation to the stated processing objectives.
5.5. The processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life, is not carried out in LLC "Necropolis 21" Century.Processing of personal data
- Processing of personal data
6.1. Processing of personal data in OOO Necropolis 21 Century is carried out in the following ways:
- manual processing of personal data;
- automated processing of personal data with the transfer of information received through information and telecommunications networks or without it;
- mixed processing of personal data.
- Responce the protection of personal data when processed by the Operator
The operator takes measures necessary and sufficient to ensure the fulfillment of the duties provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it. The operator independently determines the composition and the list of measures necessary and sufficient to ensure the fulfillment of duties stipulated by Federal Law No. 152 "On Personal Data" of July 27, 2006, Government Resolution No. 687 of September 15, 2008 "On Approval of the Regulation on the Specifics of Processing Personal Data , carried out without the use of automation, "Government Decree of November 1, 2012 № 1119" On the approval of the requirements for the protection of personal data when processing them in information personal data systems ", Order No. 21 of February 18, 2013," On Approving the Composition and Content of Organizational and Technical Measures to Ensure the Safety of Personal Data in the Processing of Personal Data Information Systems ", and other normative legal acts, unless otherwise provided federal laws. Such measures include:
– the appointment by the Operator of the person responsible for organizing the processing of personal data;
– the issuance by the Operator of documents defining the operator's policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
– application of legal, organizational and technical measures to ensure the safety of personal data;
- implementation of internal control and (or) audit of compliance of personal data processing with the Federal Law "On Personal Data" and regulatory legal acts adopted in accordance with it, requirements for the protection of personal data, the Operator's policy regarding the processing of personal data, local acts of the Operator;
- determination of the assessment of harm that may be caused to personal data subjects in the event of a violation of the Federal Law "On Personal Data", the ratio of this harm and measures taken by the operator aimed at ensuring the fulfillment of obligations stipulated by the Federal Law "On Personal Data";
- familiarization of the Operator's employees who directly process personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data, and or) training of these employees.
7.2. The operator, while processing personal data, takes the necessary legal, organizational and technical measures or ensures their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in concerning personal data.
- The rules of the subject of personal data to access his personal data
8.1. The PDD subject has the right to demand from the Operator the specification of his personal data, their blocking or destruction in case personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights
8.2. The information is provided to the subject of personal data or his representative by the operator at the request or upon receipt of the request of the subject of personal data or his representative. The request must contain the number of the main document certifying the identity of the personal data subject or its representative, information on the date of issue of the specified document and the issuing body, information confirming the participation of the personal data subject in relations with the Operator (contract number, contract date, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator, the signature of the subject of personal data or his representative. The request can be sent in the form of an electronic document and signed by an electronic signature in accordance with the legislation of the Russian Federation.
8.3. The operator has the right to deny the subject of personal data in the execution of a repeated request. Such refusal should be motivated. The obligation to provide evidence of the reasonableness of refusal to perform a second request lies with the Operator
8.4. The subject of personal data has the right to receive information concerning the processing of his personal data, including:
– confirmation of the fact of processing of personal data by the Operator;
– legal grounds and objectives for the processing of personal data
–purposes and methods of processing personal data used by the Operator;
– the name and location of the Operator, information about persons (with the exception of the operator's employees) who have access to personal data or who can disclose personal data on the basis of a contract with the operator or on the basis of a federal law;
– processed personal data relating to the relevant personal data subject, the source of their receipt, if another procedure for the submission of such data is not provided for by federal law;
– the terms of processing of personal data, including the terms of their storage;
–order of the subject's exercise of personal data of rights provided for by the Federal Law "On Personal Data";
– information on the carried out or expected transboundary data transfer;
– the name or surname, name, patronymic and address of the person carrying out the processing of personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such person..
8.5. If the subject of personal data considers that the operator carries out the processing of his personal data in violation of the requirements of the Federal Law "On Personal Data" or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal against the operator's actions or inaction to the body authorized to protect the rights of subjects personal data, or in court.
8.6. The subject of personal data has the right to protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in the courts.