PRIVACY POLICY
1. General Provisions.
1.1. This Personal Data Processing Policy (hereinafter - the Personal Data Processing Policy) of LLC "SI Metria Logistic" (hereinafter - the Operator), TIN 6678056570, located at: https://htk-resurs.ru/politic/, is developed in accordance with the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ dated July 27, 2006 "On Information, Information Technologies and Information Protection", Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data", Government Decree No. 1119 dated November 1, 2012 "On Approval of Requirements for Personal Data Protection during their Processing in Personal Data Information Systems", and other federal laws and regulatory legal acts.
1.2. The Policy is developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.
1.3. The Personal Data Processing Policy is developed to ensure the protection of the rights and freedoms of personal data subjects during the processing of their personal data (hereinafter - Personal Data).
1.4. The provisions of the Policy serve as the basis for the development of local regulatory acts governing the processing of personal data of HTK Resource employees and other personal data subjects in HTK Resource.
2. Purposes of Personal Data Processing.
Personal data are processed by the Operator for the following purposes:
1) The implementation and fulfillment of the functions, powers, and duties assigned to the Operator by the legislation of the Russian Federation, in particular:— compliance with labor and tax legislation requirements;— maintaining current accounting and tax records, forming, preparing, and timely submitting accounting, tax, and statistical reports;— compliance with legislation requirements on the procedure for processing and protecting Personal Data of citizens who are clients or counterparties of HTK Resource (hereinafter - personal data subjects). 2) The exercise of rights and legitimate interests of HTK Resource within the scope of activities provided by the Charter and other local regulatory acts of HTK Resource, or third parties, or achieving socially significant goals. 3) For other legitimate purposes.
3. Legal Basis for Personal Data Processing.
Personal Data processing is carried out based on the following federal laws and regulatory legal acts:
1) The Constitution of the Russian Federation;
2) The Labor Code of the Russian Federation;
3) Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data";
4) Federal Law "On Information, Information Technologies and Information Protection" dated July 27, 2006 No. 149-FZ;
5) The regulation on the specific features of personal data processing carried out without the use of automation tools. Approved by Government Decree of the Russian Federation dated September 15, 2008 No. 687;
6) Government Decree No. 1119 dated November 1, 2012 "On Approval of Requirements for Personal Data Protection during their Processing in Personal Data Information Systems";
7) Order of FSTEC of Russia No. 55, FSB of Russia No. 86, Ministry of Communications of Russia No. 20 dated February 13, 2008 "On Approval of the Procedure for Classifying Information Systems of Personal Data";
8) Order of FSTEC of Russia dated February 18, 2013 No. 21 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems";
9) Order of Roskomnadzor dated September 5, 2013 No. 996 "On Approval of Requirements and Methods for Depersonalizing Personal Data";
10) Order of the Federal Tax Service dated November 17, 2010 No. MMV-7-3/611 "On Approval of the Form of Information on Individual Income and Recommendations for its Completion, the Format of Information on Individual Income in Electronic Form, Directories";
11) Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.
4. List of Actions with Personal Data.
During the processing of Personal Data, the Operator will carry out the following actions with Personal Data: collection, recording, systematization, accumulation, storage, updating (modification, alteration), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
5. Composition of Processed Personal Data.
5.1. The following subjects of Personal Data are subject to processing by the Operator: — employees of the Operator;— clients of the Operator;— counterparties of the Operator;— individuals who have contacted the Operator in accordance with the Federal Law "On the Procedure for Considering Appeals from Citizens of the Russian Federation".
5.2. The composition of Personal Data for each of the categories of subjects listed in clause 5.1 of this Regulation is determined in accordance with the regulatory documents listed in section 3 of this Regulation, as well as the regulatory documents of the Institution issued to ensure their implementation.
5.3. In cases provided for by applicable law, the personal data subject decides to provide their Personal Data to the Operator and consents to their processing freely, by their will and in their interest.
5.4. The Operator ensures that the content and volume of processed Personal Data correspond to the declared purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the declared purposes of processing.
5.5. HTK Resource does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, intimate life.
6. Personal Data Processing.
6.1. Personal data in HTK Resource is processed in the following ways:• non-automated processing of personal data;• automated processing of personal data with the transmission of the received information via information and telecommunication networks or without such transmission;• mixed processing of personal data.
7. Ensuring the Protection of Personal Data during Processing by the Operator.
7.1 The Operator takes the necessary and sufficient measures to ensure the fulfillment of the obligations stipulated by Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it. The Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data", Government Decree No. 687 dated September 15, 2008 "On Approval of the Regulation on the Specific Features of Personal Data Processing without the Use of Automation Tools", Government Decree No. 1119 dated November 1, 2012 "On Approval of Requirements for Personal Data Protection during their Processing in Personal Data Information Systems", Order of FSTEC of Russia No. 21 dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during their Processing in Personal Data Information Systems", and other regulatory legal acts unless otherwise provided by federal laws. Such measures include:– appointing a person responsible for organizing the processing of personal data by the Operator;– issuing documents by the Operator that define the Operator's policy regarding the processing of personal data, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;– applying legal, organizational, and technical measures to ensure the security of personal data;– conducting internal control and (or) audit of compliance of personal data processing with Federal Law "On Personal Data" and regulatory legal acts adopted in accordance with it, requirements for personal data protection, the Operator's policy regarding personal data processing, local acts of the Operator;– determining the assessment of harm that may be caused to personal data subjects in the event of a violation of Federal Law "On Personal Data", correlating the specified harm with the measures taken by the Operator aimed at ensuring the fulfillment of the obligations stipulated by Federal Law "On Personal Data";– familiarizing the Operator's employees directly involved in personal data processing with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the Operator's policy regarding personal data processing, local acts on personal data processing, and (or) training these employees.
7.2. The Operator, when processing personal data, takes the necessary legal, organizational, and technical measures or ensures their adoption to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions regarding personal data.
8. The Right of the Personal Data Subject to Access Their Personal Data.
8.1. The personal data subject has the right to demand the Operator to clarify their personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, unlawfully obtained, or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
8.2. Information shall be provided to the personal data subject or his/her representative by the operator upon application or upon receipt of a request of the personal data subject or his/her representative. The request shall contain the number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the said document and the issuing authority, information confirming the participation of the personal data subject in relations with the Operator (contract number, date of the contract, word designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator, signature of the personal data subject or his/her representative. The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
8.3. The operator has the right to refuse to fulfill a repeated request of the personal data subject. Such refusal shall be motivated. The obligation to provide evidence of the reasonableness of the refusal to fulfill a repeated request lies with the Operator.
8.4. The personal data subject has the right to receive information regarding the processing of his/her personal data, including information containing:– confirmation of the fact of personal data processing by the Operator;– legal grounds and purposes of personal data processing;– the purposes and methods of personal data processing applied by the Operator;– name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;– processed personal data related to the respective personal data subject, the source of their obtaining, unless another procedure for the submission of such data is provided for by the federal law;– terms of personal data processing, including the terms of their storage;–the procedure for exercising by the subject of personal data the rights provided for by the Federal Law “On Personal Data”;– information on realized or suspected cross-border data transfers;– name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such a person.
8.5. If the subject of personal data believes that the operator processes his personal data in violation of the requirements of the Federal Law “On Personal Data” or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal the actions or inaction of the operator to the authority authorized to protect the rights of personal data subjects, or in court.
8.6. The subject of personal data has the right to protect his/her rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.