RUENG
8 800 350 70 97
Personal Area
RUENG
Back
Web Development
TildaCMS DevelopmentDevelopment on LavarelOnline storeCustom Web SolutionsMobile appsSPA applicationsDevelop MVP
Marketing
Bundling MarketingOutsourcing MarketingYandex directSEO promotionInstagram/FB AdsTiktok AdYoutube AdSMM promotion
Design
SitesMob. ApplicationsInterfacesBannersSocial networksPrinted materials
Branding
LogoCorporate identityIdentityBrandbook
Video production
Capture videoInstallGraphicsScripts
ГлавнаяО насКак мы работаемУслугиКейсыКонтакты
Контактный телефон
(беслпатно по РФ):8 800 350 70 97
Email:info@quantm.ru
x
MainPrivacy Policy

Privacy Policy

Personal data processing policy

IP Shushpanov Anton Vladimirovich

Key concepts used in policy

Automated processing of personal data– processing of personal data using computer technology;

Personal data blocking– temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);

Personal data destruction- actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;

Personal Data Information System- a set of personal data contained in databases and information technologies and technical means that ensure their processing;

Depersonalization of personal data- actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information; Processing of personal data - any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use.

Personal data operator- a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

Personal data- any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);

Provision of personal data- data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;

Personal data subjecta natural person who is directly or indirectly identified, or identified through personal data;

Dissemination of personal data– actions aimed at disclosing personal data to an indefinite circle of persons;

Cross-border transfer of personal data– transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.

1. General provisions

1.1. This document (hereinafter referred to as the Policy) defines the policy regarding the processing of personal data, IP Shushpanov Anton Vladimirovich, TIN 110314238613, OGRN320911200033082

1.2. This Policy has been developed in pursuance of the requirements of paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data).

1.3. The concepts contained in Art. 3 of the Law on Personal Data are used in this Policy with the same meaning.

1.4. This Policy applies to all operations performed by the Operator with personal data using automation tools or without their use.

1.5. Basic rights and obligations of the Operator.

1.5.1. The operator has the right:

  • – receive reliable information and/or documents containing personal data from the subject of personal data;
  • - require the subject of personal data to timely clarify the provided personal data.

1.5.2. The operator is obliged:

  • - process personal data in the manner prescribed by the current legislation of the Russian Federation;
  • - consider the appeals of the subject of personal data (his legal representative) on the processing of personal data and give reasoned answers;
  • - provide the subject of personal data (his legal representative) with the opportunity of free access to his personal data;
  • - take measures to clarify, destroy a person personal data of the subject of personal data in connection with his (his legal representative) handling legal and reasonable requirements;
  • - organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.

    • 1.6. Basic rights and obligations of personal data subjects:

    1.6.1. Subjects of personal data have the right to:

    • - for full information about their personal data processed by the Operator;
    • - to access their personal data, including the right to receive a copy of any record containing their personal data, except as otherwise provided by federal law;
    • - to clarify their personal data, their blocking or destruction in cases where personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
    • - to withdraw consent to the processing of personal data;
    • - to take legally prescribed measures to protect their rights;
    • - to exercise other rights provided for by the legislation of the Russian Federation.

    1.6.2. Subjects of personal data are obliged to:

    • - provide the Operator with only reliable data about yourself;
    • - provide documents containing personal data to the extent necessary for the purpose of processing;
    • - inform the Operator about the clarification (update, change) of their personal data.

    1.6.3. Persons who have provided the Operator with false information about themselves or information about another subject of personal data without the consent of the latter, are liable in accordance with the legislation of the Russian Federation.

    2. Scope and categories of personal data processed, categories of personal data subjects

    2.1. The Operator may process personal data of the following personal data subjects:

    • - employees of the Operator, former employees, candidates for vacant positions, as well as relatives of employees;
    • – clients and counterparties of the Operator (individuals);
    • – representatives/employees of the Operator's clients and counterparties (legal entities);
    • - visitors to the site (sites) of the Operator (hereinafter referred to as the Site and Sites);
    • - the Operator's clients who applied by phone or to the hotline.

    2.2. The personal data processed by the Operator includes:

    2.2.1. In the event that the subjects of personal data are employees of the Operator, former employees, candidates for vacant positions, as well as relatives of employees:

    • - last name, first name, patronymic of the subject of personal data;
    • – date and place of birth;
    • - information about citizenship;
    • – permanent registration address;
    • is the address of the actual place of residence;
    • - marital status;
    • - information about the passport of a citizen of the Russian Federation and foreign passports;
    • - information about the driver's license;
    • - information about the attitude to military duty;
    • - information about education;
    • – information about professional activity;
    • - information about the closest relatives (degree of relationship, last name, first name, patronymic, date and place of birth, home address, place of work, study);
    • – mobile phone number;
    • - email address (e-mail).

      • 2.2.2. If the subjects of personal data are the Operator's clients (individuals):

      • - last name, first name, patronymic of the subject of personal data;
      • – date and place of birth;
      • - information about citizenship;
      • – permanent registration address;
      • is the address of the actual place of residence;
      • - information about the document confirming the identity of a citizen of the Russian Federation (series, number, issued by whom);
      • – mobile phone number;
      • – email address (e-mail);
      • - information about the state of health;
      • - other personal data necessary to fulfill contractual obligations.

      2.2.3. In the event that the subjects of personal data are the counterparties of the Operator (individuals providing services under an agreement without forming a legal entity (self-employed, individual entrepreneurs)):

      • - last name, first name, patronymic to the subject of personal data;
      • – date and place of birth;
      • - information about citizenship;
      • – permanent registration address;
      • is the address of the actual place of residence;
      • - information about the passport of a citizen of the Russian Federation;
      • – mobile phone number;
      • – email address (e-mail);
      • - other personal data necessary to fulfill contractual obligations.

        • 2.2.4. In the event that the subjects of personal data are representatives/employees of the Operator's clients and counterparties (legal entities):

        • - last name, first name, patronymic of the subject of personal data;
        • – date and place of birth;
        • – permanent registration address;
        • is the address of the actual place of residence;
        • - information about the passport of a citizen of the Russian Federation;
        • – mobile phone number;
        • – email address (e-mail);
        • - other personal data necessary to fulfill contractual obligations.

        2.2.5. In the event that the subjects of personal data are visitors to the site (sites) of the Operator:

        • - last name, first name, patronymic of the subject of personal data;
        • – date of birth;
        • – email address (e-mail);
        • - cookies
        • is the mobile phone number.

        2.2.6. In the event that the subjects of personal data are the Operator's clients who contacted by phone or hotline:

        • - last name, first name, patronymic of the subject of personal data;
        • - recording of a telephone conversation;
        • - phone number;
        • - email address (e-mail).

        2.3. The operator ensures that the content and scope of the processed personal data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.

        2.4. The Operator processes biometric personal data subject to the written consent of the relevant subjects of personal data, as well as in other cases provided for by the legislation of the Russian Federation.

        2.5. Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life is not carried out by the Operator.

        2.6. There is no cross-border transfer of personal data by the Operator.

        3. Purposes of collecting personal data

        3.1. Personal data is processed by the Operator for the following purposes:

        • - conclusion of any contracts with personal data subjects and their further execution;
        • - provision of personal data subjects with services and services, as well as information on the development by the Operator of new products and services, including advertising;
        • - feedback from the subjects of personal data, including the processing of their requests and requests, informing about the work of the Operator;
        • - control and improvement of the quality of the services and services of the Operator, including those offered on the Site (Sites);
        • - conducting personnel work and organizing records of the Operator's employees, regulation of labor and other relations directly related to them;
        • - attraction and selection of candidates for employment;
        • - formation of statistical reporting;
        • - implementation of economic activity;
        • - the implementation of other functions, powers and duties assigned to the Operator by the legislation of the Russian Federation.

        4. Legal grounds for the processing of personal data

        4.1. The legal grounds for the processing of personal data by the Operator are:

        • - "The Constitution of the Russian Federation" (adopted by a popular vote on 12/12/1993 with amendments approved during a nationwide vote on 07/01/2020);
        • - “Labor Code of the Russian Federation” dated December 30, 2001 N 197-FZ (as amended on April 30, 2021) (as amended and supplemented, entered into force on May 1, 2021) Civil Code of the Russian Federation (Civil Code of the Russian Federation) dated November 30, 1994 N 51-FZ;
        • - Federal Law of July 27, 2006 No.149-FZ "On Information, Information Technologies and Information Protection";
        • - Law of the Russian Federation of December 27, 1991 No. 2124-1 "On the Mass Media";
        • - Federal Law of December 26, 2008 No. 294-FZ "On the protection of the rights of legal entities and individual entrepreneurs in the exercise of state control (supervision) and municipal control";
        • - Decree of the President of the Russian Federation of March 6, 1997 No. 188 "On approval of the list of confidential information";
        • - Decree of the Government of the Russian Federation of July 6, 2008 No. 512 "On approval of requirements for material carriers of biometric personal data and technologies for storing such data outside personal data information systems";
        • - Decree of the Government of the Russian Federation of September 15, 2008 No. 687 "On approval of the Regulations on the features of the processing of personal data carried out without the use of automation tools";
        • - Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 "On approval of the requirements for the protection of personal data during their processing in personal data information systems";
        • - Order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";
        • – statutory documents of the Operator;
        • - agreements concluded between the Operator and subjects of personal data;
        • - consent of personal data subjects to the processing of personal data;
        • - other grounds when consent to the processing of personal data is not required by law.

        5. Procedure and conditions for processing personal data

        5.1. The processing of personal data by the Operator is carried out in the following ways:

        • - non-automated processing of personal data;
        • - automated processing of personal data - processing of personal data using computer technology (clause 4, article 3 152-FZ).

        5.2. The list of actions performed by the Operator with personal data: collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction, as well as the implementation of any other actions in accordance with the current the legislation of the Russian Federation.

        5.3. The processing of personal data is carried out by the Operator subject to obtaining the consent of the subject of personal data (hereinafter referred to as the Consent), except for the cases established by the legislation of the Russian Federation when the processing of personal data can be carried out without such Consent.

        5.4. The subject of personal data decides to provide his personal data and gives Consent freely, of his own free will and in his own interest.

        5. p 5. Consent is given in any form that allows you to confirm the fact of its receipt. In cases stipulated by the legislation of the Russian Federation, Consent is made in writing.

        5.6. The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the Consent or the withdrawal of Consent by the subject of personal data, as well as the identification of unlawful processing of personal data.

        5.7. Consent may be withdrawn by written notice sent to the Operator by registered mail.

        5.8. The operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by the Federal Law, on the basis of a contract. The person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by 152-FZ "On Personal Data" and this Policy.

        In accordance with the requirements of 152-FZ “On Personal Data”, contracts with persons processing personal data on behalf of the Operator define a list of actions (operations) with personal data that will be performed by a person processing personal data and the purposes of processing, the obligations of such a person to respect the confidentiality of personal data and ensure the security of personal data during their processing are established, the requirements for the protection of processed personal data are indicated in accordance with Article 19 of 152-FZ "On Personal Data". The list of third parties is approved by order and provided upon written request.

        5.9. When processing personal data, the operator takes or ensures that the necessary legal, organizational and technical measures are taken to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.

        5.10. The storage of personal data is carried out in a form that allows you to determine the subject of personal data for a period not longer than required by the purposes of processing personal data, except when the period for storing personal data is established by federal law, an agreement to which a party, beneficiary or guarantor, under which is the subject of personal data.

        5.11. When storing personal data, the Operator uses databases located on the territory of the Russian Federation.

        5.12. The terms for processing personal data are determined taking into account:

        • - established purposes for the processing of personal data;
        • - the duration of contracts with personal data subjects and consents of personal data subjects to the processing of their personal data;
        • - Order of the Federal Archives of December 20, 2019 N 236 “On approval of the List of standard administrative archival documents generated in the course of the activities of state bodies, local governments and organizations, indicating their storage periods” (Registered in the Ministry of Justice of Russia on February 6, 2020 N 57449)
        • - periods of storage of documentation established by the internal regulations of the Operator.

        The termination of the processing of personal data is carried out upon the expiration of the established terms for the processing of personal data, upon withdrawal of the consent of the subject of personal data to the processing of his personal data (unless the Operator has the right to continue processing personal data on a different legal basis), upon reaching the purpose of processing personal data or loss of the need to achieve the goal, as well as in case of unlawful processing of personal data.

        6. Update, correction, deletion and destruction of personal data, responses to requests from personal data subjects for access to personal data

        6.1. The subject of personal data has the right to contact the Operator regarding the processing of his personal data in the following cases:

        • - to obtain information regarding the processing of his (the subject's) personal data:
        • - to clarify their personal data, block or destroy them if they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
        • - to file a complaint about the unlawful processing of his (the subject's) personal data;
        • - to withdraw your consent to the processing of personal data.

        6.2. According to the requirements of 152-FZ "On Personal Data", the request must contain, in particular:

        • - series, number of the identity document of the subject of personal data (his representative), information about the date of issue of the specified document and the issuing authority;
        • - information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator;
        • - signature of the personal data subject (his representative);
        • - if the request is sent by a representative of the subject of personal data, it must contain a document (copy of the document) confirming the authority of this representative.

        6.3. In the event that the subject of personal data withdraws his consent to the processing of personal data, the corresponding request must comply with the conditions specified in such consent.

        The response to the request is sent to the subject of personal data or his representative within a period not exceeding 30 (thirty) days from the date of the request.

        6.4. In case of refusal to provide information or perform the action reflected in the request, the subject is sent a reasoned response containing a reference to the provision of part 8 of Article 14 152-FZ "On Personal Data" or other federal law, which is the basis for such a refusal, within a period not exceeding 30 (thirty) days from the date of the request of the personal data subject or his representative.

        6.5. The subject of personal data may re-apply to Opethe author to receive information regarding the processing of his (the subject's) personal data no earlier than 30 (thirty) days after the initial request or the initial request. If the personal data subject was not provided with information in full based on the results of consideration of the initial request, the subject may re-apply to the Operator ahead of the deadline, indicating the rationale for sending a second request.

        6. The operator has the right to refuse the subject of personal data to fulfill a repeated request if there is evidence of the reasonableness of the refusal.

        6.7. In case of detection of illegal processing of personal data or inaccurate personal data, the Operator ensures the blocking of personal data (including when processing personal data by another person acting on behalf of the Operator) for the period of the audit.

        6.8. If the fact of inaccuracy of personal data is confirmed, the Operator ensures the clarification of personal data (including when processing personal data by another person acting on behalf), within 7 (seven) working days from the date of submission of such information and removes the blocking of personal data.

        6.9. In the event that illegal processing of personal data is detected, the Operator, within a period not exceeding 3 (three) business days from the date of this detection, ensures the termination of illegal processing of personal data (including when processing personal data by another person acting on behalf). If it is impossible to ensure the legality of the processing of personal data, the Operator, within a period not exceeding 10 (ten) working days from the date of detection of illegal processing of personal data, is obliged to destroy such personal data or ensure their destruction. The Operator is obliged to notify the subject of personal data or his representative, or the authorized body for the protection of the rights of subjects of personal data (if the request was sent by the specified body) about the elimination of the violations committed or the destruction of personal data.

        6.10. In the event that the subject of personal data withdraws consent to the processing of his personal data, the Operator ensures the destruction of personal data (including the processing of personal data by a third party acting on behalf), within a period not exceeding 30 (thirty) days from the date of receipt of the said withdrawal (for with the exception of cases of a reasoned refusal to withdraw consent established by the legislation of the Russian Federation).

        6.11. Upon the expiration of the personal data storage period, the Operator ensures the destruction of personal data (including the processing of personal data by a third party acting on behalf) within a period not exceeding 30 (thirty) days.

        6.12. If it is not possible to destroy personal data within the established period, the Operator ensures the blocking of such personal data (including when processing personal data by a third party acting on behalf), and ensures the destruction of personal data within a period of no more than 6 (six) months, unless another period is established by the legislation of the Russian Federation.

        7. Ensuring the confidentiality and security of personal data during their processing

        7.1. The security of personal data processed by the Operator is ensured by the adoption of legal, organizational and technical measures determined by the current legislation of the Russian Federation, as well as by the Operator's internal regulatory documents in the field of information protection.

        7.2. Ensuring by the Operator the protection of personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data is achieved, in particular, by the following measures taken:

        • - appointment of a person responsible for organizing the processing of personal data;
        • - appointment of a person responsible for ensuring the security of personal data processed in personal data information systems;
        • - definition of the list of employees with access to personal data;
        • - development and approval of organizational and administrative documents that determine the procedure for processing personal data;
        • - definition of the list of places of storage of material carriers of personal data;
        • - organization of the procedure for the destruction of personal data after the expiration of their processing;
        • - accounting of machine carriers of personal data;
        • - identify security threats personneldata during their processing, the formation of a threat model based on them;
        • - conducting internal audits for compliance with the requirements for ensuring the security of personal data;
        • - familiarization of the Operator's employees who process personal data with the requirements of the legislation of the Russian Federation, organizational and administrative documents that determine the procedure for processing and ensuring the security of personal data;
        • - increasing the level of awareness of employees about the requirements for ensuring the security of personal data;
        • - assessing the harm that may be caused to personal data subjects in the event of a violation of 152-FZ "On Personal Data", the ratio of the specified harm and the measures taken to ensure the fulfillment of the obligations provided for by 152-FZ "On Personal Data";
        • - physical protection of the premises in which the processing of personal data is carried out (access control, electronic access system to the premises, video surveillance);
        • - ensuring anti-virus protection of personal data information systems;
        • - software update on a regular basis;
        • - protection of network infrastructure (access control, firewalling);
        • - providing fault tolerance and backup;
        • - definition of access rules to personal data processed in personal data information systems;
        • - registration and accounting of information security events;
        • - definition of the procedure for responding to information security incidents;
        • - external penetration testing;
        • - the use of information security tools that have passed the conformity assessment procedure in the prescribed manner;
        • - assessing the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.

        7.3. Ensuring the confidentiality of personal data processed by the Operator is a mandatory requirement for all employees of the Operator admitted to the processing of personal data in connection with the performance of their work duties. All employees who have active labor relations, whose activities are related to the receipt, processing and protection of personal data, sign a non-disclosure obligation, undergo information security training under the signature and are personally responsible for compliance with the requirements for processing and ensuring the security of personal data.

        8. Final provisions

        8.1. All relations relating to the processing of personal data that are not reflected in this Policy are regulated in accordance with the provisions of the legislation of the Russian Federation.

        8.2. The Operator has the right to make changes to this Policy. The new version of the Policy comes into force from the moment of its approval.