POLICY FOR PERSONAL DATA PROCESSING IN VERTEST LLC
1. General Provisions
1.1. The policy regarding the processing of personal data (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data are processed by VERTEST LLC (the "Operator").
1.2. The policy was developed in accordance with clause 2 of Part 1 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - the Federal Law "On Personal Data").
1.3. The policy contains information to be disclosed in accordance with Part 1 of Art. 14 of the Federal Law "On Personal Data", and is a public document.
2. Information about the operator
2.1. The operator is operating at office 352, 3rd floor, 8 Vasiliya Petushkova st., Moscow, Russia, 125476.
2.2. General Director Suprun Roman Valerievich (phone +7 (495) 740-0655) was appointed responsible for organizing the personal data processing.
2.3. The database of information containing personal data of citizens of the Russian Federation is located at: office 352, 3rd floor, 8 Vasiliya Petushkova st., Moscow, Russia, 125476.
3. Information on personal data processing
3.1. The operator processes personal data on a legal and fair basis for the performance of the functions, powers and duties entrusted to him by law, the implementation of the rights and legal interests of the Operator, employees of the Operator and third parties.
3.2. The operator receives personal data directly from the subjects of personal data.
3.3. The operator processes personal data in automated and non-automated ways, using computer facilities and without using such means.
3.4. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion and destruction.
3.5. Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.
4. Processing of personal data of employees
4.1. The operator processes the personal data of the Operator's employees within the framework of legal relations regulated by the Labor Code of the Russian Federation of December 30, 2001 No. 197-FZ (hereinafter referred to as the RF LC), including Chapter 14 of the Labor Code relating to the protection of personal data of employees.
4.2. The operator processes personal data of employees for the purpose of executing labor contracts, compliance with the legislation of the Russian Federation, as well as with the aim to:
- keep personnel records;
- keep accounting;
- exercise the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator, including the provision of personal data to public authorities, the Pension Fund of the Russian Federation, the Social Security Fund of the Russian Federation, the Federal Compulsory Medical Insurance Fund, and other state bodies;
- comply with the norms and requirements for labor protection and ensuring the personal safety of the employees of VERTEST LLC, the safety of property;
- control the quantity and quality of the work;
- provide privileges and compensations provided for by the legislation of the Russian Federation;
- open personal bank accounts of the employees of VERTEST LLC for the salary transfer;
- insure under programs of voluntary medical insurance;
- transfer insurance contributions to non-state pension funds;
- provide access to the territory of the Operator;
- organize training for VERTEST’s employees;
- publish on the site, in internal directories, address books of the organization.
4.3. The operator does not take decisions affecting the interests of employees based on their personal data received electronically or exclusively as a result of automated processing.
4.4. The operator protects the personal data of employees at their own expense in the manner established by the Labor Code of the Russian Federation, the Federal Law "On Personal Data" and other federal laws.
4.5. The operator introduces workers and their representatives to the list with documents that establish the procedure for processing personal data of employees, as well as their rights and responsibilities in this area.
4.6. The operator allows access to personal data of employees only to those who are authorized to receive only those data that are necessary for the performance of their functions.
4.7. The operator receives all the personal data of employees from them. If the employee's data can only be obtained from a third party, the Operator shall notify the employee in advance and receive his written consent. The operator informs the employee about the objectives, sources, methods of obtaining, as well as the nature of the data to be received and the consequences of the worker's refusal to give written consent to receive them.
4.8. The operator processes personal data of employees with their written consent provided for the term of the employment contract.
4.9. The operator processes personal data of employees during the term of the employment contract. The operator processes the personal data of the laid-off workers within the period established by clause 5, part 3 of Art. 24 parts of the first Tax Code of the Russian Federation of July 31, 1998 No. 146-FZ, part 1 of Art. 29 of the Federal Law "On Accounting" dated December 6, 2011 No. 402-FZ and other normative legal acts.
4.10. The operator can handle special categories of personal data of employees (information on the state of health relating to the issue of the possibility of performing their labor functions) on the basis of clause 2.3 of part 2 of Art. 10 of the Federal Law "On Personal Data".
4.11. The operator does not process biometric personal data of employees.
4.12. The operator does not receive data on the membership of employees in public associations or their trade union activities, except as provided for by the LC RF or other federal laws.
4.13. The operator processes the following personal data of employees:
- Full Name;
- Type, series and number of the document proving the identity;
- Date of issue of the identity document and information on the issuing authority;
- Address;
- Year of birth;
- Month of birth;
- Date of Birth;
- Place of Birth;
- Contact phone number;
- E-mail address;
- Taxpayer identification number;
- Number of insurance certificate of state pension insurance;
- Income;
- Position;
- Personnel Number;
- The photo;
- Education;
- Profession;
- Seniority;
- National affiliation;
- Insurance premiums for TSOs;
- Insurance premiums on compulsory medical insurance;
- Tax deductions;
- Retirement.
4.14. The operator does not disclose the employee's personal data to the third party without his written consent, except when necessary to prevent a threat to the life and health of the employee, as well as in other cases provided for by the LC RF, the Federal Law "On Personal Data" or other federal laws.
4.15. The operator does not disclose the employee's personal data for commercial purposes without his written consent.
4.16. The operator transmits the personal data of employees to their representatives in the manner established by the RF LC, the Federal Law "On Personal Data" and other federal laws, and restricts this information to only those data that are necessary for the representatives to perform their functions.
4.17. The operator warns persons who receive personal data of the employee that these data can only be used for the purposes for which they are communicated, requires these persons to confirm that this rule is observed.
4.18. In accordance with the procedure established by law, and in accordance with Art. 7 of the Federal Law "On Personal Data" to achieve the purposes of processing personal data and with the consent of employees. The operator provides personal data of employees or instructs them to process the following:
- State bodies (FIU, FTS, FSS, etc.);
- Bank (within the salary project);
- Insurance company (as part of the VHI program);
- Companies of passenger transportation and hotels (within the organization of business trips);
- Customer enterprises.
4.19. The employee can obtain free, free access to information about his personal data and about the processing of this data. An employee may receive a copy of any record containing his personal data, except as provided for by federal law.
4.20. An employee can access medical records reflecting his state of health with the help of a medical worker of his choice.
4.21. An employee can identify a representative to protect his personal data.
4.22. An employee may request the exclusion or correction of his incorrect or incomplete personal data, as well as data processed in violation of the requirements of the Labor Code of the Russian Federation, the Federal Law "On Personal Data" or other federal law. If the Operator refuses to exclude or correct the personal data of the employee, he can declare in writing his disagreement and justify such disagreement. The employee can supplement the personal data of the evaluation character with a statement expressing his own point of view.
4.23. The employee may request to notify all persons who had previously been informed of his incorrect or incomplete personal data about all exceptions, corrections or additions made in them.
4.24. An employee may appeal to the court any wrongful acts or omissions by the Operator when processing and protecting his personal data.
5. Processing of personal data of employees under contracts of a civil-law nature
5.1. The operator processes the personal data of employees under civil law contracts within the framework of legal relationships with the Operator, regulated by Part II of the Civil Code of the Russian Federation of January 26, 1996, No. 14-FZ.
5.2. The operator processes personal data of employees under civil law contracts in order to comply with the legislation of the Russian Federation, as well as: - conclude and implement civil law contracts.
5.3. The operator processes the personal data of employees under contracts of a civil-law nature with their consent, granted for the duration of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is granted in writing. In other cases, consent is deemed to be received at the conclusion of the contract or in the performance of conclusive acts.
5.4. The operator processes personal data of employees under contracts of a civil-law nature during the term of validity of contracts concluded with them. The operator can process personal data of employees under contracts of a civil-law nature after the expiry of the term of validity of contracts concluded with them within the period established by clause 5, part 3 of Art. 24 parts of the first Tax Code, Part 1 of Art. 29 FZ "On Accounting" and other regulatory legal acts.
5.5. The operator processes special categories of personal data of under-age employees under contracts of a civil-law nature with the written consent of their legal representatives on the basis of Part 1 of Art. 9, item 1 of part 2 of Art. 10 of the Federal Law "On Personal Data".
5.6. The operator processes the following personal data of employees under civil law contracts:
- Full Name;
- Type, series and number of the document proving the identity;
- Date of issue of the identity document and information on the issuing authority;
- Address;
- Year of birth;
- Month of birth;
- Date of Birth;
- Place of Birth;
- Contact phone number;
- E-mail address;
- Taxpayer identification number;
- Number of insurance certificate of state pension insurance;
- Income;
- Position;
- Personnel Number;
- National affiliation;
- Profession;
- Insurance premiums for TSOs;
- Insurance premiums on compulsory medical insurance;
- Tax deductions;
- Retirement;
- Seniority.
5.7. To achieve the objectives of processing personal data and with the consent of employees under civil law contracts, the Operator provides personal data or instructs them to process the following:
- State bodies (FIU, FTS, FSS, etc.);
- Bank.
6. Processing of personal data of applicants
6.1. The operator processes the personal data of job applicants for vacant posts (hereinafter referred to as job seekers).
6.2. The operator processes the personal data of applicants in order to:
- to make decisions about admission or refusal to apply for a job;
- maintain a reserve pool.
6.3. The operator processes the personal data of the applicants with their written consent, provided for the period necessary to make a decision on admission or denial of employment. The exception is cases where on behalf of the applicant there is a recruitment agency with which he has entered into the relevant agreement, as well as when the competitor independently places his resume accessible to an unlimited number of persons on the Internet.
6.4. The operator processes the personal data of the applicants for the period necessary to make a decision on admission or refusal to apply for a job. In case of refusal in hiring, the Operator stops processing the personal data of the applicant within 30 days in accordance with Part 4 of Art. 21 of the Federal Law "On Personal Data". If the applicant has consented to be included in the personnel reserve, the Operator can continue processing personal data within the period specified in the agreement.
6.5. The operator does not process special categories of personal data of applicants and biometric personal data of applicants.
6.6. The operator processes the following personal data of applicants:
- Full Name;
- Type, series and number of the document proving the identity;
- Date of issue of the identity document and information on the issuing authority;
- Year of birth;
- Month of birth;
- Date of Birth;
- Place of Birth;
- Address;
- Contact phone number;
- E-mail address;
- Taxpayer identification number;
- Number of insurance certificate of state pension insurance;
- National affiliation;
- Profession;
- Income;
- Insurance premiums for TSOs;
- Insurance premiums on compulsory medical insurance;
- Tax deductions;
- Retirement;
- Position;
- Personnel Number;
- Seniority.
7. Processing of personal data of employees of the counterparty
7.1. The operator processes the personal data of the counterparty's employees within the framework of legal relationships with the Operator, regulated by Part II of the Civil Code of the Russian Federation of January 26, 1996, No. 14-FZ.
7.2. The operator processes the personal data of the counterparty's employees to:
- conclude and fulfill obligations under contracts with counterparties;
- carry out the types of activities provided for in the constitutive documents of LLC VERTEST.
7.3. The operator processes the personal data of the counterparty's employees with their consent, granted for the duration of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is granted in writing. In other cases, consent is deemed to be received at the conclusion of the contract or in the performance of conclusive acts.
7.4. The operator processes the personal data of the counterparty's employees during the validity periods of contracts concluded with them. The operator can process the personal data of the counterparty's employees after the expiry of the term of validity of the contracts concluded with them within the period established by clause 5, part 3 of Art. 24 parts of the first Tax Code, Part 1 of Art. 29 FZ "On Accounting" and other regulatory legal acts.
7.5. The operator processes special categories of personal data of minor counteragent workers with the written consent of their legal representatives on the basis of Part 1 of Art. 9, item 1 of part 2 of Art. 10 of the Federal Law "On Personal Data".
7.6. The operator processes the following personal data of the counterparty's employees:
- Full Name;
- Type, series and number of the document proving the identity;
- Date of issue of the identity document and information on the issuing authority;
- Year of birth;
- Month of birth;
- Date of Birth;
- Place of Birth;
- Address;
- Contact phone number;
- E-mail address;
- Taxpayer identification number;
- Number of insurance certificate of state pension insurance;
- National affiliation;
- Profession;
- Income;
- Insurance premiums for TSOs;
- Insurance premiums on compulsory medical insurance;
- Tax deductions;
- Retirement;
- Position;
- Personnel Number;
- Seniority.
8. Processing of customer's personal data
8.1. The operator processes personal data of clients within the framework of legal relationships with the Operator, regulated by Part 2 of the Civil Code of the Russian Federation of January 26, 1996 No. 14-FZ, (hereinafter referred to as "customers").
8.2. The operator processes personal data of clients in order to comply with the norms of the legislation of the Russian Federation, as well as with the aim to:
- conclude and fulfill obligations under contracts with customers;
- carry out the types of activities provided for in the constituent documents of OOO VERTEST;
- inform about new products, special promotions and offers;
- place information about customers on the site vertest.ru.
8.3. The operator processes the personal data of the customers with their consent, provided for the duration of the contracts concluded with them. In cases stipulated by the Federal Law "On Personal Data", consent is granted in writing. In other cases, consent is deemed to be received at the conclusion of the contract or in the performance of conclusive acts.
8.4. The operator processes the personal data of the clients during the validity periods of the contracts concluded with them. The operator can process the personal data of the clients after the expiration of the validity of the contracts concluded with them within the period established by clause 5, part 3 of Art. 24 parts of the first Tax Code, Part 1 of Art. 29 FZ "On Accounting" and other regulatory legal acts.
8.5. The operator processes special categories of personal data of minor clients with the written consent of their legal representatives on the basis of Part 1 of Art. 9, item 1 of part 2 of Art. 10 of the Federal Law "On Personal Data".
8.6. The operator processes the following personal customer data:
- Full Name;
- Type, series and number of the document proving the identity;
- Date of issue of the identity document and information on the issuing authority;
- Year of birth;
- Month of birth;
- Date of Birth;
- Place of Birth;
- Address;
- Contact phone number;
- E-mail address;
- Taxpayer identification number;
- Number of insurance certificate of state pension insurance;
- Position;
- Education;
- Profession;
- Personnel Number;
- Seniority;
- Degree, academic degree;
- National affiliation;
- Income;
- Insurance premiums for TSOs;
- Insurance premiums on compulsory medical insurance;
- Tax deductions;
- Retirement.
9. Information about the security of personal data
9.1. The operator appoints the person responsible for organizing the processing of personal data in order to fulfill the duties stipulated by the Federal Law "On Personal Data" and the normative legal acts adopted in accordance with it.
9.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:
- provides unlimited access to the Policy, a copy of which is located at the address of the Operator, and can also be posted on the Operator's website (if available);
- in compliance with the Policy, approves and enforces the document "Regulation on the processing of personal data" (hereinafter - the Regulations) and other local acts;
- acquaints workers with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
- admission of employees to personal data processed in the information system of the Operator, as well as to their material carriers only for the performance of labor duties;
- establishes rules for access to personal data processed in the information system of the Operator, and also ensures registration and accounting of all actions with them;
- assesses the harm that may be caused to the subjects of personal data in the event of violation of the Federal Law "On Personal Data";
- Identifies threats to the security of personal data when processing them in the information system of the Operator;
- applies organizational and technical measures and uses the means of information protection necessary to achieve the established level of protection of personal data;
- Detects the facts of unauthorized access to personal data and takes response measures, including the restoration of personal data modified or destroyed due to unauthorized access to them;
- assesses the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the Operator's information system;
- carries out internal control over the compliance of the processing of personal data of the Federal Law "On Personal Data", regulatory acts adopted in accordance with it, requirements for the protection of personal data, Policies, Regulations and other local acts, including control over measures taken to ensure the security of personal data and their level Security in processing in the Operator's information system.
10. Rights of subjects of personal data
10.1. The subject of personal data has the right to:
- receive personal data relating to this subject and information regarding their processing;
- clarify, block or destroy his personal data in case they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- revoke his consent to the processing of personal data;
- protect their rights and legitimate interests, including compensation for damages and compensation for moral harm in the courts;
- appeal against actions or omissions of the Operator to the authorized body for the protection of the rights of subjects of personal data or in court.
10.2. To realize their rights and legitimate interests, personal data subjects have the right to apply to the Operator or send a request personally or with the help of a representative. The request must contain the information specified in Part 3 of Art. 14 of the Federal Law "On Personal Data".