Font size

Background and font color

Images

Text scoring

Regular version of the site

Submit an application

+7 (47148) 2-48-22
- Telephones
- +7 (47148) 2-48-22
- +7 (47148) 3-46-87 fax
- Request a call
307170, Russia, Kursk region, Zheleznogorsk, Mira str., 1
mail@rudavt.ru

1. General provisions

1.1. This Personal Data Processing Policy at V. V. Safoshin RUDOAUTOMATIKA JSC (hereinafter referred to as the Operator), TIN 4633000397, located at the address: 307170, Kursk region, Zheleznogorsk, Mira Street, 1, has been developed in accordance with the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149–FZ of July 27, 2006 "On Information, Information Technologies and Information Protection", Federal Law of July 27, 2006 No. 152–FZ "On Personal Data", Decree of the Government of the Russian Federation No. 1119 dated November 01, 2012 "On Approval of requirements for the protection of personal data during their Processing in Personal Data Information Systems", other federal laws and regulations.

1.2. The Policy has been developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data.

1.3. The Personal Data Processing Policy is designed to ensure the protection of the rights and freedoms of the personal data subject when processing his personal data.

1.4. The provisions of the Policy serve as the basis for the development of local regulations regulating the issues of processing personal data of employees of JSC "RUDOAUTOMATIKA named after V.V. Safoshin" and other subjects of personal data in JSC "RUDOAUTOMATIKA named after V.V. Safoshin".

1.5. The following basic terms are used in the Personal Data Processing Policy:

1) personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);

2) operator – a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

3) personal data processing – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

4) automated processing of personal data – processing of personal data using computer technology;

5) dissemination of personal data – actions aimed at disclosure of personal data to an indefinite circle of persons;

6) provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons; 7) blocking of personal data – temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data);

8) destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;

9) depersonalization of personal data – actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without the use of additional information;

10) personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;

11) cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

2. Purposes of personal data processing

Personal data is processed by the Operator for the following purposes:

1. Implementation and fulfillment of the functions, powers and duties assigned to the Operator by the legislation of the Russian Federation, in particular:

compliance with the requirements of legislation in the field of labor and taxation;
maintenance of current accounting and tax accounting, formation, production and timely submission of accounting, tax and statistical reports;
preparation, conclusion, execution and termination of contracts with counterparties;
providing access and in-object modes at Operator's facilities;
formation of reference materials for internal information support of the Operator's activities;
execution of judicial acts, acts of other bodies or officials subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
compliance with the requirements of legislation to determine the procedure for processing and protection of personal data data of citizens who are clients or counterparties of JSC "RUDOAVTOMATIKA named after V. V. Safoshin" (hereinafter referred to as personal data subjects).

2. Exercising the rights and legitimate interests of V. V. Safoshin RUDOAUTOMATICS JSC within the framework of the activities provided for by the Charter and other local regulations of V. V. Safoshin RUDOAUTOMATICS JSC, or third parties, or achieving socially significant goals.

3. For other legitimate purposes.

3. Legal basis of personal data processing

The processing of personal data is carried out on the basis of the following federal laws and regulations:

1) The Constitution of the Russian Federation;

2) The Labor Code of the Russian Federation;

3) The Convention of the Council of Europe on the Protection of Individuals with Automated Processing of Personal Data (concluded in Strasbourg on 28.01.1981)

4) Federal Law No. 152–FZ of July 27, 2006 "On Personal Data";

5) Federal Law "On Information, Information Technologies and Information Protection" dated 27.07.2006 No. 149–FZ;

6) Federal Law No. 160–FZ dated December 19, 2005 "On Ratification of the Council of Europe Convention on the Protection of Individuals with Automated Processing of Personal Data data";

7) Decree of the President of the Russian Federation dated March 06, 1997 No. 188 "On approval of the list of confidential information";

8) Decree of the President of the Russian Federation of May 30, 2005 No. 609 "On Approval of the Regulations on Personal Data of a State Civil Servant of the Russian Federation and the Conduct of his Personal file";

9) Decree of the President of the Russian Federation No. 351 dated March 17, 2008 "On measures to ensure information security of the Russian Federation when Using information and telecommunication networks of international information exchange";

10) Decree of the President of the Russian Federation No. 366–RP dated July 10, 2001 "On Signing the Convention on the Protection of Individuals with Automated Processing of Personal Data";

11) Decree of the Government of the Russian Federation No. 211 of March 21, 2012 "On Approval of the List of Measures Aimed at Ensuring the Fulfillment of Obligations Provided for by the Federal Law "On Personal Data" and Regulatory Legal Acts Adopted in Accordance with it by Operators who are state or Municipal Bodies";

12) Decree of the Government of the Russian Federation No. 1233 of November 03, 1994 "On Approval of the Regulations on the Procedure for Handling Official Information of Limited Distribution in Federal Executive Authorities";

13) Decree of the Government of the Russian Federation No. 1119 of November 01, 2012 "On Approval of requirements for the protection of personal data during their processing in personal data information systems";

14) Decree of the Government of the Russian Federation No. 512 dated July 06, 2008 "On Approval of Requirements for Material Carriers of Biometric personal Data and technologies for Storing such Data outside of Personal Data information systems";

15) Decree of the Government of the Russian Federation No. 687 dated September 15, 2008 "On Approval of the Regulation on the specifics of personal data processing carried out without the use of automation tools";

16) Decree of the Government of the Russian Federation No. 125 dated March 4, 2010 "On the list of personal data recorded on electronic media contained in the Main Identity documents of a Citizen of the Russian Federation, according to which citizens of the Russian Federation leave the Russian Federation and enter the Russian Federation";

17) Roskomnadzor Order No. 996 dated September 5, 2013 "On approval of requirements and methods for depersonalization of personal data";

18) Decree of the Government of the Russian Federation of August 15, 2007 No. 1055–R "On the plan for the preparation of Draft Regulations necessary for the Implementation of the Federal Law "On Personal Data";

19) of the Order of the FSB of Russia dated February 09, 2005 No. 66 "On approval of the Regulations on the development, production, Sale and Operation of encryption (cryptographic) means of information protection. The regulation of the PKZ 2005)";

20) Order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the Regulations on methods and methods of information protection in Personal Data information Systems";

21) Order of the Ministry of Communications of the Russian Federation dated July 20, 2017 No. 373 "On Invalidation of Orders of the Ministry of Communications and Mass Communications of the Russian Federation" dated December 21, 2011 No. 346, dated August 28, 2015 No. 315 and item 9 of the Order of the Ministry of Communications and Mass Communications of the Russian Federation dated November 24, 2014 No. 403;

22) Order of Roskomnadzor dated May 30, 2017 No. 94 "On approval of methodological recommendations for notifying the authorized body of the beginning of personal data processing and on Amendments to previously submitted information";

23) Methodological recommendations for ensuring the security of personal data with the help of cryptographic means when processing them in personal data information systems using automation tools (approved by the 8th FSB Center of Russia No. 149/54–144 dated February 21, 2008);

24) Standard requirements for the organization and Operation of encryption (cryptographic) tools designed to protect information that does not contain information constituting a state secret in the case of their use to ensure the security of personal data during their processing in personal data information systems (approved by the 8th Center of the FSB of Russia dated February 21, 2008 No. 149/6/6-622);

25) Provisions on the specifics of personal data processing carried out without the use of automation tools. Approved by Decree of the Government of the Russian Federation No. 687 of September 15, 2008;

26) Government Decree No. 1119 of November 1, 2012 "On Approval of requirements for the protection of personal data during their processing in Personal Data information systems";

27) Order of the FSTEC of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";

28) Roskomnadzor Order No. 996 dated September 05, 2013 "On approval of requirements and methods for depersonalization of personal data";

29) Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.

4. List of actions with personal data

When processing personal data, the Operator will perform the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

5. The composition of the processed personal data

5.1. Personal data of the following personal data subjects are subject to processing by the Operator:

Operator's employees;
Operator's clients;
Operator's counterparties;
individuals who applied to the Operator in accordance with the procedure established by the Federal Law "On the Procedure for Considering Appeals of Citizens of the Russian Federation".

Personal data of the Operator's employee — information required by the Operator in connection with labor relations and concerning a specific employee;
personal data of an affiliated person or personal data of a manager, participant (shareholder) or employee of a legal entity that is affiliated with the Operator – information required by the Operator to be reflected in the accounting documents on the Company's activities in accordance with the requirements of federal laws and other regulatory legal acts;
personal data of the Counterparty (partner, counterparty, potential counterparty, potential partner), as well as personal data of the head, participant (shareholder) or employee of the legal entity that is the Counterparty (partner, counterparty, potential counterparty, potential partner) of the Operator – information necessary for the Operator to fulfill its obligations under contractual relations with the Counterparty and to fulfill the requirements of the legislation of the Russian Federation.

5.2. The composition of personal data of each of the categories of subjects listed in clause 5.1 of this Regulation is determined in accordance with the regulatory documents listed in section 3 of this Regulation, as well as the regulatory documents of the Institution issued to ensure their implementation.

5.3. In the cases provided for by the current legislation, the personal data subject makes a decision to provide his personal data to the Operator and gives consent to their processing freely, of his own free will and in his own interest.

5.4. The Operator ensures that the content and volume of the processed personal data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.

5.5. Processing of special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, intimate life, in JSC "RUDOAUTOMATIKA named after V. V. Safoshin" is not carried out.

6. Processing of personal data

6.1. Processing of personal data in JSC "RUDOAUTOMATIKA named after V. V. Safoshin" is carried out in the following ways:

non–automated processing of personal data is the processing of personal data without the use of computer technology, corresponding to the nature of actions (operations) performed with personal data using automation tools, that is, allowing the search for personal data recorded on a tangible medium and contained in card files or other systematized collections of personal data in accordance with a given algorithm., and (or) access to such personal data;
automated processing of personal data – processing of personal data by means of computer technology;
mixed processing of personal data – processing of personal data by means of automation, as well as without it.

6.2. The processing of personal data in JSC "RUDOAUTOMATIKA named after V.V. Safoshin" is carried out on a legal and fair basis and is limited to achieving specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

6.4. Only personal data that meet the purposes of their processing are subject to processing.

6.5. The Operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data.

6.6. The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person, including a state or municipal contract, or by adopting a state or municipal body of the relevant act (hereinafter referred to as the operator's order). The person processing personal data on behalf of the operator is obliged to comply with the principles and rules of personal data processing provided for in this Policy. The operator's instruction should specify a list of actions (operations) with personal data that will be performed by the person processing personal data and the purposes of processing, the obligation of such a person to respect the confidentiality of personal data and ensure the security of personal data during their processing should be established, and the requirements for the protection of processed personal data in in accordance with Article 19 of this Federal Law.

6.7. The person processing personal data on behalf of the Operator is not obliged to obtain the consent of the personal data subject to the processing of his personal data.

7. Ensuring the protection of personal data during their processing by the Operator

7.1. The Operator shall take measures necessary and sufficient to ensure the fulfillment of the obligations provided for by Federal Law No. 152–FZ of July 27, 2006 "On Personal Data" and regulatory legal acts adopted in accordance with it. The Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by Federal Law No. 152 of July 27, 2006 "On Personal Data", Government Decree of September 15, 2008. No. 687 "On Approval of the Regulation on the Specifics of Personal Data Processing carried out without the Use of Automation Tools", Government Decree No. 1119 dated November 01, 2012 "On Approval of the Requirements for the Protection of Personal Data during their Processing in Personal Data Information Systems", Order of the Federal Technical Service of February 18, 2013. No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems", and other regulatory legal acts, unless otherwise provided by federal laws. Such measures include:

appointment by the Operator of the person responsible for the organization of personal data processing;
publication by the Operator of documents defining the operator's policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
application of legal, organizational and technical measures to ensure the security of personal data;
implementation of internal control and (or) audit of compliance of personal data processing with the Federal Law "On Personal Data" and regulatory legal acts adopted in accordance with it, requirements for personal data protection, Operator's policy regarding personal data processing, Operator's local acts;
determination of the assessment of the harm that may be caused to personal data subjects in case of violation of the Federal Law "On Personal Data", the ratio of this harm and the measures taken by the operator aimed at ensuring the fulfillment of obligations provided for by the Federal Law "On Personal Data";
familiarization of the Operator's employees directly engaged in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data, and (or) training of these employees;
informing personal data subjects or their representatives in accordance with the established procedure about the availability of personal data related to the relevant subjects, providing an opportunity to get acquainted with these personal data when contacting and (or) receiving requests from these personal data subjects or their representatives, unless otherwise established by the legislation of the Russian Federation;
termination of processing and destruction of personal data in cases stipulated by the legislation of the Russian Federation in the field of personal data;
identification of threats to the security of personal data during their processing in personal data information systems;
detection of unauthorized access to personal data and taking measures;
accounting of personal data machine carriers;
detection of unauthorized access to personal data and taking measures;
recovery of personal data modified or destroyed due to unauthorized access to them;

8. The right of the personal data subject to access his personal data

8.1. The personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, and also take measures provided for by law to protect their rights.

8.2. The information is provided to the personal data subject or his representative by the operator when contacting or receiving a request from the personal data subject or his representative. The request must contain the number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority, information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information, otherwise confirming the fact of personal data processing by the Operator, the signature of the personal data subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

8.3. The operator has the right to refuse a repeated request to the subject of personal data. Such a refusal must be motivated. The obligation to provide evidence of the validity of the refusal to fulfill the repeated request lies with the Operator.

8.4. The subject of personal data has the right to receive information concerning the processing of his personal data, including information containing:

confirmation of the fact of personal data processing by the Operator;
legal grounds and purposes of personal data processing;
purposes and methods of personal data processing used by the Operator;
name and location of the Operator, information about persons (except for employees of the operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the operator or on the basis of federal law;
processed personal data related to the relevant subject of personal data, the source of their receipt, unless another procedure for the submission of such data is provided by federal law;
terms of processing of personal data, including the terms of their storage;
the procedure for the subject of personal data rights provided for by the Federal Law "On Personal Data";
information about the trans-border data transfer carried out or proposed;
the name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if processing is or will be entrusted to such a person.

8.6. The subject of personal data has the right to protect his rights and legitimate interests, including compensation for damages and (or) compensation for moral damage in court.

9. Final provisions

9.1. This Personal Data Processing Policy comes into force from the moment of its approval.

9.2. This Personal Data Processing Policy is brought to the attention of all employees under signature.

9.3. Amendments and additions to this Personal Data Processing Policy are made on the basis of a decision of the Board of Directors of JSC "RUDOAUTOMATIKA named after V.V. Safoshin".