Policy regarding the processing of personal data
1.1 This document defines the policy of LLC "HELIOS" (hereinafter - the Company) with respect to the processing of personal data (hereinafter - PDD).
1.2 This Policy has been developed in accordance with the current legislation of the Russian Federation on personal data.
1.3 This Policy applies to all processes for collecting, recording, systemizing, storing, storing, clarifying, extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying personal data carried out using automation and without using such means.
2 PRINCIPLES OF PROCESSING PERSONAL DATA
Processing of personal data is based on the following principles:
1) Processing of personal data is carried out on a legal and fair basis;
2) Processing of personal data is limited to the achievement of specific, pre-determined and legitimate purposes. It is not allowed to process personal data incompatible with the purpose of collecting personal data;
3) It is not allowed to combine databases containing personal data, processing of which is carried out for purposes incompatible with each other;
4) Only those personal data that are suitable for processing purposes are subject to processing;
5) The content and volume of processed personal data are consistent with the stated processing objectives. The processed personal data are not excessive in relation to the stated processing purposes;
6) When processing personal data, the accuracy of personal data is ensured, their sufficiency, and, if necessary, relevance to the stated purposes of their processing.
7) The storage of personal data is carried out in a form that allows the subject of personal data to be determined no longer than the purpose of personal data processing requires, unless the period of personal data storage is established by a federal law, a contract to which the subject of personal data is a party whose beneficiary or guarantor is the subject. Processed personal data are subject to destruction, or depersonalization upon achievement of treatment objectives or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
3 TERMS OF PERSONAL DATA PROCESSING
3.1. Processing of personal data is carried out in compliance with the principles and rules established by the Federal Law "On Personal Data". Processing of personal data is allowed in the following cases:
1) The processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
2) The processing of personal data is necessary to achieve the objectives stipulated by the international treaty of the Russian Federation or the law for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the operator;
3) The processing of personal data is necessary for the administration of justice, the enforcement of a judicial act, an act of another body or official subject to enforcement in accordance with the law of the Russian Federation on enforcement proceedings;
4) the processing of personal data is necessary for the performance of a contract to which the subject of personal data or a beneficiary or guarantor is a party, as well as for the conclusion of a contract on the initiative of a personal data subject or a contract whereby the personal data subject will be a beneficiary or guarantor;
5) the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject if obtaining the consent of the personal data subject is impossible;
6) the processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant purposes, provided that the rights and freedoms of the subject of personal data are not thereby violated;
7) the processing of personal data is carried out for statistical or other research purposes, subject to the obligatory depersonalization of personal data. The exception is the processing of personal data in order to promote goods, works, services on the market by making direct contacts with the potential consumer by means of communications, as well as for political agitation;
8) processing of personal data, access of an unlimited circle of persons to which is provided by the subject of personal data, or at his request (hereinafter - personal data made by a public entity of personal data);
9) processing of personal data subject to publication or mandatory disclosure in accordance with federal law.
Disclosure in accordance with federal law.
3.2 The Company may include the personal data of the entities in the publicly available sources of personal data, while the Company takes the written consent of the entity to process its personal data.
3.3 The Company may process special categories of personal data related to race, nationality, health status, and the Company undertakes to take written consent of the subject to the processing of his personal data
3.4 Biometric personal data (information that characterizes the physiological and biological characteristics of a person on the basis of which it is possible to establish his identity and which are used by the operator to establish the identity of the subject of personal data) are not processed by the Company.
3.5 The Company carries out the cross-border transfer of personal data only to the territory of foreign countries that provide adequate protection of the rights of subjects of personal data.
3.6 The adoption on the basis of exclusively automated processing of personal data of decisions that give rise to legal consequences with respect to the subject of personal data or otherwise affecting his rights and legitimate interests is not carried out.
3.7 In the conditions of a license to conduct the activities of the Company, there is no prohibition on the transfer of personal data to third parties without the written consent of the subject of personal data.
3.8 If there is no need for the written consent of the subject to process his personal data, the subject's consent may be given by the subject of personal data or his representative to any form that allows receiving the fact of its receipt.
3.9 The Company has the right to entrust processing of personal data to another person with the consent of the personal data subject, unless otherwise stipulated by the federal law, on the basis of a contract concluded with that person (hereinafter - the operator's instruction). In this case, the Company in the contract obliges the person carrying out the processing of personal data on behalf of the Company to comply with the principles and rules for the processing of personal data provided for by this Federal Law.
3.10 If the Company entrusts the processing of personal data to another person, the Company bears responsibility to the personal data subject for the actions of the specified person. The person carrying out the processing of personal data on behalf of the Company is liable to the Company.
3.11 The Company undertakes and undertakes that other persons who have access to personal data do not disclose to third parties or disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.
4 DUTIES OF THE COMPANY
In accordance with the requirements of the Federal Law No. 152-FZ "On Personal Data", the Company is obliged:
• To provide the subject of personal data upon his request with information concerning the processing of his personal data, or on a legal basis to provide a refusal.
• At the request of the subject of personal data to refine processed personal data, block or delete, if the personal data are incomplete, obsolete, inaccurate, illegally obtained or are not necessary for the stated purpose of processing.
• Maintain the Journal of Registration of Appeals of Personal Data Subjects, in which inquiries of subjects of personal data should be recorded for the receipt of personal data, as well as the facts of the provision of personal data for these requests.
• Notify the subject of personal data on the processing of personal data in the event that personal data were not obtained from the subject of personal data. The following cases are an exception:
1. The PDD subject is notified of the processing of his PDE by the relevant operator;
2. The PDDs are received by the Company on the basis of a federal law or in connection with the performance of a contract to which the party is either a beneficiary or a guarantor under which the entity is a party;
3. PDN are made publicly available to the PDD or obtained from a public source;
4. The company carries out the processing of PD for statistical or other research purposes, for the professional activities of a journalist or for scientific, literary or other creative activities, provided that the rights and legitimate interests of the PDD subject are not violated;
5. Providing to the subject of PD the information contained in the Notice of Processing PD violates the rights and legitimate interests of third parties.
• If the purpose of personal data processing is achieved, immediately stop processing personal data and destroy the relevant personal data within a period not exceeding thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract, data, other agreement between the Company and the personal data subject or if the Company is not entitled to process personal data without the consent of the subject of personal data on the grounds provided №152-FZ "On personal data" or other federal laws.
• In the event of the subject's withdrawal of personal data consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal, unless otherwise provided by agreement between the Company and the personal data subject. On the destruction of personal data the Company is obliged to notify the subject of personal data.
• In case of receipt of the subject's request to stop processing personal data in order to promote goods, works, services on the market, immediately stop processing personal data.
5 SAFETY MEASURES FOR PERSONAL DATA IN THEIR PROCESSING
5.1 When processing personal data, the Company shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions against personal data .
5.2 Ensuring the security of personal data is achieved, in particular:
• Identification of threats to the security of personal data when processing them in personal data information systems;
• use of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems required to meet the requirements for the protection of personal data, the fulfillment of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation;
• the use of procedures that passed in accordance with the established procedure to assess the compliance of information protection means;
• evaluation of the effectiveness of measures taken to ensure the safety of personal data prior to putting into operation the personal data information system;
• taking into account the computer carriers of personal data;
• detection of unauthorized access to personal data and taking measures;
• restoration of personal data, modified or destroyed due to unauthorized access to them;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
• control over the measures taken to ensure the security of personal data and the level of security of information systems of personal data.
CONDITIONS AND METHODS OF PROCESSING AND STORAGE OF PERSONAL DATA.
The protection and integrity of your personal data is very important to us. For this reason, we will only use your information in accordance with applicable law.
We collect, process and use the personal data that you provide to us, solely for the purpose of providing information support.
By submitting your personal data to HELIOS LLC for processing (including systematization, storage, storage, clarification, updating, modification, use, transfer (including distribution, provision, access), depersonalization, blocking, destruction, collection, recording, accumulation use, removal, as well as automated and other methods of processing), you agree that this information will be used by LLC "HELIOS", solely for the purpose of providing you with information upport (including, but not limited to invitations to events, providing information on new products and services, and other information related to the Company "HELIOS" as well as in research customer opinions about service and product company "Helios".
By submitting your personal data in accordance with the purposes and conditions above, you acknowledge your consent to the cross-border transfer and distribution of your personal data and express your prior consent to the processing of personal data for the purposes specified above, including for the promotion and improvement of goods and services LLC "HELIOS", through direct contacts by means of communication.
Your consent is given for an indefinite period.