PERSONAL DATA PROCESSING POLICY OF JSC «AVEXIMA»

1. General provisions

1.1. For the execution of the current legislation of the Russian Federation in full Aveksima, OAO (7714856826 INN, address: 125284, Moskva, Leningradskiy PR-kt., d. 31A bld. 1) (hereinafter referred to as the Society, Operator) considers to be essential to compliance with the principles of lawfulness, fairness and privacy when processing personal data, and security processes of their treatment.

1.2. This policy of organizing the processing and ensuring the security of personal data in the Company (hereinafter referred to as the Policy) is characterized by the following features:

1.2.1. Developed in order to implement the requirements of the current legislation of the Russian Federation in the field of personal data processing and protection;

1.2.2. Discloses the methods and principles of personal data processing by the Operator, the rights and obligations of the Operator when processing personal data, the rights of personal data subjects, and also includes a list of measures applied by the Operator to ensure the security of personal data during their processing;

1.2.3. It is a publicly available document declaring the conceptual foundations of the Operator's activities in the processing and protection of personal data.

1.3. Prior to the start of personal data processing, the Operator notified the authorized body for the protection of the rights of personal data subjects of its intention to process personal data. The Operator updates the information specified in the notification in good faith and at the appropriate time.

1.4. The processing of personal data should be limited to achieving specific, predetermined and legitimate goals. When giving consent to the processing of their personal data, the personal data subject must be informed about the purposes of their processing. The purposes of the processing must be included in the consent form of the personal data subject if the processing of personal data is based on consent. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

2. Basic concepts used in Politics

2.1 Personal data is any information related directly or indirectly to a specific or identifiable individual (subject of personal data).

2.2 Personal data operator (operator) is a Company that independently or jointly with other persons organizes and/or performs the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed processing, actions (operations) performed with personal data.

2.3 A person who processes personal data is a government agency, municipal body, legal entity or individual who processes personal data on behalf of the personal data operator with the consent of the personal data subject, unless otherwise provided by federal laws. laws, but not defining the purposes of processing the specified personal data, the composition of personal data, or actions performed with personal data.

2.4 Personal data subject(s) - the person to whom the relevant personal data relates;

2.5 Personal data processing is any action (operation) or set of actions (operations) with personal data performed with or without automation tools. The processing of personal data includes, but is not limited to: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

2.6 Automated personal data processing is the processing of personal data using computer technology.

2.7 Dissemination of personal data is an action aimed at disclosing personal data to an unspecified group of people.

2.8 Provision of personal data is an action aimed at disclosing personal data to a specific person or a specific group of people.

2.9 Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

2.10 Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

2.11 Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.

2.12 The Personal Data Information system is a collection of personal data contained in databases and information technologies and technical means that ensure their processing.

2.13 Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

2.14 Special categories of personal data – special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status and intimate life.

2.15 Biometric personal data is information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established, and which is used by the operator to establish the identity of the personal data subject

2.16 Publicly available sources of personal data are publicly available data sources that may include personal data provided by the personal data subject with the written consent of the personal data subject.

2.17 Responsible for the organization of personal data processing is a natural or legal person appointed by the Company responsible for the organization of personal data processing.

3. Basic rights and obligations of the Operator

3.1. The Operator has the right to:

3.1.1. Receive reliable information and/or documents containing personal data from the personal data subject;

3.1.2. Require the personal data subject to provide timely clarification of the personal data provided in order to ensure the accuracy, sufficiency and relevance of the personal data.

3.2. The Operator is obliged to:

3.2.1. Process personal data in accordance with the procedure established by the current legislation of the Russian Federation;

3.2.2. Consider the requests of the personal data subject (his legal representative) regarding the processing of personal data and provide reasoned answers;

3.2.3. Provide the personal data subject (his legal representative) with the opportunity to get acquainted with his personal data free of charge in accordance with the procedure provided for by the current legislation of the Russian Federation;

3.2.4. Take measures to clarify and destroy the personal data of the personal data subject in connection with his (his legal representative's) handling of legitimate and reasonable demands;

3.2.5. Organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.

4. Basic rights and obligations of personal data subjects

4.1. The personal data subject has the right to receive information about the processing of his personal data by the Operator.

4.2. The personal data subject has the right to require the Operator to clarify, block or destroy this personal data if it is incomplete, outdated, inaccurate, illegally obtained or They may not be deemed necessary for the stated purpose of processing, nor may they take legal measures to protect their rights.

4.3. The right of a personal data subject to access his/her personal data may be restricted in accordance with federal laws, including if the personal data subject's access to his/her personal data this data violates the rights and legitimate interests of third parties.

4.4. In order to exercise and protect their rights and legitimate interests, the personal data subject has the right to contact the Operator. The Operator considers any appeals and complaints from personal data subjects, thoroughly investigates the facts of violations and takes all necessary measures to eliminate them immediately, punish the perpetrators and resolve disputes and conflict situations in a pre-trial manner within the time limits established by the current legislation of the Russian Federation.

4.5. The personal data subject has the right to withdraw consent to the processing of personal data.

4.6. The personal data subject is obliged to provide the Operator with only reliable information about himself, as well as provide documents containing personal data to the extent necessary for the purpose of processing.

4.7. The personal data subject is obliged to inform the Operator in a timely manner about the clarification (updating, modification) of his personal data.

4.8. A person who has provided the Operator with false information about himself or information about another personal data subject without the consent of the latter, is responsible responsibility in accordance with the legislation of the Russian Federation.

5. Purposes of personal data collection

5.1. The processing of personal data in the Company is limited to achieving specific, predetermined and legitimate goals.

5.2. Personal data is processed by the Company for the following purposes:

5.2.1. Ensuring compliance with the labor and other related legislation of the Russian Federation and the rights of the Company's employees;

5.2.2. Selection of candidates and their subsequent employment;

5.2.3. Conclusion and implementation of contracts with counterparties;

5.2.4. Website optimization;

5.2.5. Implementation of access and intra-facility regime;

5.2.6. Implementation of other goals stipulated by the current legislation.

5.3. The Company does not process personal data incompatible with the purposes of personal data collection.

5.4. Not allowed combining databases containing personal data, processing of which is carried out for purposes that are not compatible with each other.

6. Legal grounds for processing personal data

6.1. The Policy has been developed in accordance with the current legislation of the Russian Federation in the field of personal data processing and protection.

6.2. The legal basis for the processing of personal data, in accordance with which the COMPANY processes personal data, except for the legislation of the Russian Federation in the field of personal data processing and protection, include:

6.2.1. Agreements concluded between the Company and personal data subjects;

6.2.2. Consent of personal data subjects to the processing of personal data;

6.2.3. Other grounds where consent to the processing of personal data is not required by law.

6.3. In accordance with the Policy, the head of the Operator has adopted relevant local acts in the field of personal data processing and protection.

7. Scope and categories of personal data processed, categories of personal data subjects

7.1. In its activities, the Operator ensures compliance with the principles of personal data processing specified in art. 5 of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data".

7.2. The composition of personal data and their categories, taking into account the purposes of personal data processing, as well as the categories of personal data subjects processed by the Operator, is defined in the Operator's internal documents in relation to each processing purpose.

7.3. The Operator ensures that the content and volume of the processed personal data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy. in relation to the stated purposes of processing.

7.4. If it is necessary to process a special category of personal data, the Operator processes special categories of personal data subject to the written consent of the relevant personal data subjects, as well as in other cases provided for by the legislation of the Russian Federation.

8. Procedure and conditions for processing personal data

8.1. The processing of personal data is carried out by the Operator subject to obtaining the consent of the personal data subject, with the exception of cases established by the legislation of the Russian Federation when the processing of personal data it may be carried out without such consent.

8.2. The personal data subject decides on the provision of his personal data and gives consent freely, voluntarily and in his own interest. Consent to the processing of personal data must be specific, substantive, informed, conscious and unambiguous.

8.3. Consent is given in any form that allows you to confirm the fact of its receipt. In cases stipulated by the legislation of the Russian Federation, consent is given in writing.

8.4. Consent can be revoked by sending a notification to the Operator.

8.5. Processing of personal data by the Operator is carried out in the following ways:

8.5.1. Non-automated processing of personal data;;

8.5.2. Automated processing of personal data with or without transmission of the received information via information and telecommunication networks;

8.5.3. Mixed processing of personal data.

8.6. The Operator does not make decisions that have legal consequences for personal data subjects or otherwise affect their rights and legitimate interests based on exclusively automated processing of their personal data.

8.7. The processing of personal data by the Operator includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

8.8. The Operator has the right to transfer personal data to the bodies of inquiry and investigation and other authorized bodies in accordance with the procedure and conditions provided for by the current legislation of the Russian Federation.

8.9. In cases where it is necessary to interact with third parties in order to achieve the purposes of personal data processing, the Operator has the right to transfer personal data to authorized third parties in accordance with the procedure established by the Legislation of the Russian Federation. and on the terms stipulated by the current legislation of the Russian Federation.

8.10. The Operator creates sources of personal data of the Operator's employees (reference books, address books) available to the Operator's employees.

8.11. The terms of processing personal data are determined in accordance with the purposes for which they were collected, as well as the consents received to the processing of personal data.

8.12. The Operator has established the following conditions for the termination of personal data processing:

8.12.1. Achievement of personal data processing goals and/or expiration of retention periods;

8.12.2. Loss of the need to achieve the purposes of personal data processing;

8.12.3. Provision by the personal data subject or his legal representative of information confirming that the personal data was illegally obtained or is not necessary for the stated purpose of processing;

8.12.4. Inability to ensure the legality of personal data processing;

8.12.5. Revocation by the personal data subject of consent to the processing of personal data if the storage of personal data is no longer required for the purposes of personal data processing or in connection with the requirements of the current legislation of the Russian Federation;

8.12.6. Expiration of the limitation period for legal relations in which personal data is being processed or has been processed;

8.12.7. Other grounds provided for by the current legislation of the Russian Federation.

8.13. Personal data is stored in a form that allows you to identify the subject of personal data for a period not longer than the purposes of personal data processing require, except in cases where the storage period of personal data personal data is established by federal law, an agreement to which the personal data subject is a party, beneficiary or guarantor

8.14. When storing personal data, the Operator uses databases located on the territory of the Russian Federation. When collecting personal data, including through the Internet information and telecommunications network, it is not allowed to record, systematize, accumulate, store, clarify (update, modify), extract personal data of citizens of the Russian Federation using databases located outside the territory of the Russian Federation.

9. Measures for proper organization of personal data processing and security

9.1. When processing personal data, the Operator takes all necessary legal, organizational and technical measures to protect them from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as other illegal actions. Ensuring the security of personal data is achieved, in particular, in the following ways:

9.1.1. Appointment of a responsible person for the organization of personal data processing;

9.1.2. Implementation of internal control and/or audit of compliance of personal data processing with Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" and other regulatory legal acts adopted in accordance with it, local acts of the Operator;

9.1.3. Familiarization of the Operator's employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, local acts regarding the processing of personal data and (or) training of these employees;

9.1.4. Identification of threats to the security of personal data during their processing in personal data information systems;

9.1.5. The application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems;

9.1.6. Assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;

9.1.7. Taking into account the machine storage of personal data;

9.1.8. Identification and detection of unauthorized access to personal data and taking appropriate measures;

9.1.9. Recovery of personal data modified or destroyed as a result of unauthorized access to them;

9.1.10. By establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;

9.1.11. Control over the measures taken to ensure the security of personal data and the level of security of personal data information systems;

9.1.12. Other methods, methods and requirements provided for by the current legislation of the Russian Federation, as well as local acts of the Operator.

10. The person responsible for organizing the processing of personal data

10.1. The rights, duties and legal responsibility of the person responsible for organizing the processing of personal data are established by Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" and local acts of the Operator.

10.2. The appointment of a person responsible for organizing the processing of personal data and the discharge from these duties is carried out by order of the sole executive body of the Operator. When appointing a person responsible for organizing the processing of personal data, the powers, competencies and personal qualities of the official are taken into account, designed to allow him to properly and fully exercise his rights and fulfill his duties.

10.3. The person responsible for organizing the processing of personal data:

10.3.1.1. Organizes the implementation of internal control over the compliance of the Operator and its employees with the legislation of the Russian Federation on personal data, including the requirements for protection of personal data;

10.3.1.2. Informs employees of the Operator of the provisions of the legislation of the Russian Federation on personal data, local acts on the processing of personal data or ensures awareness;

10.3.1.3. Monitors the reception and processing of requests and requests from personal data subjects or their representatives.

10.4. Treatment (queries) of personal data subjects for the processing of personal data in Society to send to the email address pdn@avexima.pro

11. Withdrawal of consent, updating, correction, deletion and destruction of personal data, responses to requests from subjects access to personal data

11.1. In case of confirmation of the inaccuracy of personal data or the illegality of their processing, personal data must be updated by the Operator, or their processing must be terminated accordingly.

11.2. At the request of the personal data subject or his representative, the Operator is obliged to provide information about the processing of the personal data of the specified subject.

11.3. Unless otherwise provided by the legislation of the Russian Federation, the request must contain:

11.3.1. the number of the main identity document of the personal data subject or his representative,

11.3.2. information about the date of issue of the specified document and the issuing authority,

11.3.3. information confirming the personal data subject's participation in the relationship with the Operator (contract number, date of conclusion of the contract, conventional word designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator,

11.3.4. Signature of the personal data subject or his representative.

11.4. The request may be sent in electronic form, in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

11.5. If the request of the personal data subject does not reflect all the information necessary to confirm the rights of the subject or the subject does not have access rights to the requested information, then a clarifying request and/or a reasoned refusal accordingly.

11.6. In accordance with the procedure provided for in clause 11.3, the personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegal received or are not necessary for the stated purpose of processing, as well as take measures provided for by law to protect their rights.

11.7. The Subject has the right to withdraw consent to the processing of his personal data by contacting the Operator. Such a review should contain information that makes it possible to reliably establish the identity of such a subject and the fact that his personal data is being processed by the Operator.

11.8. Upon achieving the purposes of personal data processing, as well as in the case of revocation of consent by the personal data subject, personal data is subject to destruction if:

11.8.1. Nothing else is provided for in the contract to which the personal data subject is a party, beneficiary or guarantor.;

11.8.2. The operator does not have the right to process personal data without the consent of the subject on the grounds provided for by the Federal Law "On Personal Data" or other federal laws;

11.8.3. Unless otherwise provided by another agreement between the Operator and the subject of personal data or the current legislation of the Russian Federation.

12. Privacy

12.1. The Operator ensures the confidentiality of personal data of personal data subjects.

12.2. The Operator does not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by law.

12.3. With respect to the personal data of the personal data subject, its confidentiality is maintained, except in cases of processing personal data, access to which is granted to an unlimited number of persons by the subject with his consent, or at his request. The Company has the right to transfer the user's personal information to third parties in the following cases:

12.3.1. The user has provided his consent to such actions;

12.3.2. The transfer is necessary to achieve the goals, exercise and perform the functions, powers and duties assigned by law.;

12.3.3. In other cases provided for by applicable law.

13. Responsibility

13.1. Persons guilty of violating the rules governing the processing and protection of personal data are liable in accordance with the legislation of the Russian Federation, local acts of the Operator and contracts (agreements) governing the Operator's legal relations with third parties..

14. Policy Access

14.1. The current version of the Policy is stored at the Operator's location.

14.2. The electronic version of the current version of the Policy is publicly available on the Operator's website on the Internet at https://avexima.ru /

15. Making changes

15.1. The Policy is approved and put into effect solely by the executive body of the Operator.

15.2. The Operator has the right to make changes to the Policy. When making changes, the title of the Policy indicates the date of approval of the current version of the Policy.

15.3. The Policy is reviewed on a regular basis, at least once every 3 years since the previous review of the Policy. The Policy is re-approved if changes are made to the Policy as a result of the review.

15.4. The Policy may be reviewed and re-approved earlier than the deadline specified above, as changes are made:

15.4.1. Amendments to regulatory legal acts in the field of personal data;

15.4.2. To the Operator's local acts regulating the organization of processing and ensuring the security of personal data;

15.4.3. In the processing of personal data of the Operator.

15.5. All relationships related to the processing of personal data that are not reflected in this Policy are regulated in accordance with the provisions of the legislation of the Russian Federation.

15.6. The Operator has the right to make changes to this Policy without the User's consent by publishing a new version of the Policy on the website specified in clause 14.2 of this Policy. The current version of the Policy comes into force from the date of its publication.

The website uses cookies to personalize user services. By continuing to use the website, you agree to the Cookie Policy and consent to the processing of personal data by Avexima OJSC (31a Leningradsky Ave., building 1, 125284, Moscow). You can disable the storage of cookies in your browser settings.

accept and close