Personal Data Processing Regulation
1. GENERAL PROVISIONS
1.1. This Regulation on the processing of personal data (hereinafter – the Regulation, this Regulation) was developed SVETMEDIA LLC. / ITN 7727303674/ PSRN 5167746283634, legal address: 101000, Moscow, str. Myasnitskaya, 24/7, building 3, fl. 3, room III, office 18 (hereinafter also – the Operator) and is applied in accordance with paragraph 2 of Part 1 of Art. 18.1. Federal Law of 27.07.2006 No. 152-FZ «On Personal Data».
This Regulation defines the Operator’s policy regarding the processing of personal data.
All issues related to the processing of personal data not regulated by this Regulation shall be resolved in accordance with the current legislation of the Russian Federation in the field of personal data. This Regulation and its amendments shall be approved by the Operator’s supervisor and introduced by the Operator’s order.
1.2. In accordance with paragraph 1 of Art. 3 of the Federal Law dated 27.07.2006 No. 152-FZ «On Personal Data», personal data of customers and individuals means any information related to a client, an individual, directly or indirectly determined or determined on the basis of such information (hereinafter – personal data).
1.3. Light Media Limited Liability Company is an operator that organizes and/or performs personal data processing, as well as determines the purposes and content of personal data processing.
1.4. The purpose of personal data processing is:
- ensuring the protection of human and civil rights and freedoms in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets;
- provision by the Operator of services related to the Operator’s economic activities to individuals and legal entities, including contacts of the Operator with such persons, including by e-mail, by telephone, at the address provided by the relevant person;
- Sending consultations, replies to the persons contacted by means of communication and contract data indicated by them;
- promotion of goods, works, services of the Operator on the market by making direct contacts with a potential consumer by means of communication (it is allowed only with the prior consent of the personal data subject).
1.5. Processing is organized by the Operator on the following principles:
- legality of purposes and methods of personal data processing, integrity and fairness in the Operator’s activities;
- reliability of personal data, their sufficiency for the purposes of processing, inadmissibility of processing of personal data redundant to the purposes declared during collection of personal data;
- processing of personal data only, which meet the purposes of their processing;
- compliance of content and volume of processed personal data with declared purposes of processing. Personal data processed shall not be redundant with respect to the stated purposes of processing;
- inadmissibility of combining databases containing personal data processed for purposes incompatible with each other;
- ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of personal data processing. The Operator shall take the necessary measures or ensure that they are taken to delete or refine incomplete or inaccurate data;
- storing personal data in a form that allows determining the subject of personal data, no longer than the purposes of processing personal data require.
1.6. Personal data processing shall be carried out in compliance with the principles and rules stipulated by the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data» and this Regulation.1.7. Personal data is processed using and without automation.
1.8. In accordance with the set goals and objectives, the Operator shall appoint a person responsible for the organization of personal data processing prior to the start of personal data processing.
1. The person responsible for the organization of personal data processing receives instructions directly from the Operator’s executive body and is accountable to it.
2. The person responsible for the organization of personal data processing has the right to issue and sign a notification provided for by Part 1 and 3 of Art. 22 of the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data».
1.9. Employees of the Operator directly performing personal data processing shall be familiarized with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the Operator’s policy regarding personal data processing, local acts on personal data processing, with this Regulation and amendments to it.
1.10. When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data in accordance with Art. 19 of the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data».
1.11. When collecting personal data using information and telecommunication networks, the Operator shall publish in the corresponding information and telecommunication network a document defining its policy regarding personal data processing and information on the implemented requirements for personal data protection, as well as provide access to the specified document using the means of the corresponding information and telecommunication network.
1.12. Conditions of personal data processing by the Operator. Personal data processing is allowed in the following cases:
- personal data processing is carried out with the consent of the personal data subject to the processing of his personal data;
- processing of personal data is necessary to achieve the goals stipulated by the international agreement of the Russian Federation or the law, to carry out and fulfill the functions, powers and duties assigned by the legislation of the Russian Federation to the Operator;
- personal data processing is necessary for the execution of a contract to which either the beneficiary or the guarantor is a personal data subject, including in case the Operator exercises its right to assign rights (requirements) under such a contract, as well as for concluding a contract on the initiative of a personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor;
- personal data processing is necessary to protect the life, health or other vital interests of the personal data subject, if it is impossible to obtain the consent of the personal data subject;
- personal data processing is necessary for the exercise of the rights and legitimate interests of the Operator or third parties or for the achievement of socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
- Processing of personal data is carried out for statistical or other research purposes, with the exception of the purposes specified in Art. 15 of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data», provided that personal data is impersonated;
- processing of personal data, access of an unlimited number of persons to which is provided by the personal data subject or at his request;
- processing of personal data subject to publication or mandatory disclosure in accordance with federal law.
1.13. Storage of personal data shall be carried out in a form that allows determining the subject of personal data, no longer than the purposes of their processing require, and they shall be destroyed upon achievement of the processing goals or in case of loss of the need to achieve them in the manner provided for by the Regulation on storage of personal data with the Operator.
1.14. Personal data processed in information systems shall be protected against unauthorized access and copying. The security of personal data during its processing in information systems is ensured using the personal data protection system, which includes organizational measures and means of information protection. Technical and software tools must meet the requirements established in accordance with the legislation of the Russian Federation that ensure the protection of information.
1.15. Interaction with federal executive authorities on the processing and protection of personal data of subjects whose personal data are processed by the Operator is carried out within the framework of the legislation of the Russian Federation.
2. OPERATOR’S PROTECTION OF PERSONAL DATA SUBJECT RIGHTS
2.1. Personal data subjects or their representatives have the rights provided by the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data» and other regulatory legal acts regulating the processing of personal data.
2.2. The operator ensures the rights of personal data subjects in the manner established by chapters 3 and 4 of the Federal Law dated 27.07.2006 No. 152-FZ «On Personal Data».
2.3. The Operator shall provide the personal data subject or his representative free of charge with the opportunity to familiarize himself with personal data related to this personal data subject at the location of the Operator during the Operator’s working hours.
2.4. The right of a personal data subject to access to his personal data may be limited in accordance with federal laws.
2.5. In case of representation of the interests of the personal data subject by the representative, the powers of the representative are confirmed by a power of attorney issued in the prescribed manner.
2.6. In cases when the subject of personal data provides written consent to the use of personal data for such consent, a simple written form is sufficient.
2.7. The operator guarantees the security and confidentiality of the personal data used.
2.8. Processing of personal data in order to promote goods, works, services on the market by making direct contacts with a potential consumer by means of communication is allowed only with the prior consent of the personal data subject.
3. RECEIVING, PROCESSING, STORING PERSONAL DATA
3.1. The Operator shall have the following procedure for obtaining personal data:
1. When applying for services of the Operator, the client shall specify the data set by the corresponding forms.
2. The operator does not receive or process personal data of the client about his race, political opinions, religious and philosophical beliefs, state of health, intimate life, unless otherwise provided by law.
3. In cases directly related to issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, the Organization has the right to receive and process data on the private life of a client only with his written consent.
3.2. If the customer accepts the offer posted on the Operator’s website or enters into another agreement with the Operator, the client’s personal data shall be processed for execution of the relevant agreement, which has entered into force due to acceptance of the terms of the offer by the client or conclusion of another agreement, respectively.
3.3. The Operator also has the right to process personal data of customers who have contacted the Operator of individuals only with their consent to the use of personal data.
3.4. Customer’s consent to personal data processing is not required in the following cases:
- Personal data is publicly available;
- of personal data is carried out on the basis of federal law establishing its purpose, conditions for obtaining personal data and the circle of subjects whose personal data are subject to processing, as well as certain powers of the Organization;
- at the request of authorized state bodies – in cases provided for by federal law;
- processing of personal data for the purpose of execution of the agreement concluded with the Operator;
- Personal data processing is carried out for statistical or other scientific purposes, provided that personal data is necessarily depersonalized;
- The processing of personal data is necessary to protect the life, health or other vital interests of the client, if it is impossible to obtain his consent.
3.5. The Operator shall ensure safe storage of personal data, including:
1. Storage, picking, recording and use of documents containing personal data shall be arranged in the form of a separate archive of the Operator.
2. Personal data storage must be carried out in a form that allows determining the subject of personal data, no longer than the goals of personal data processing require, if the term of personal data storage is not established by federal law, by a contract to which the personal data subject is a party, beneficiary or guarantor. Personal data processed shall be destroyed or depersonalized upon achievement of the purposes of processing or in case of loss of the necessity to achieve these goals, unless otherwise provided by federal law.
4. TRANSFER OF PERSONAL DATA
4.1. Personal data shall be transmitted in compliance with the following requirements:
- It is forbidden to communicate personal data to a third party without the written consent of the client, except when necessary in order to prevent a threat to the life and health of the client, as well as in other cases provided for by law;
- not to report personal data for commercial purposes without the written consent of the subject of such data;
- To warn persons receiving personal data that these data can only be used for the purposes for which they are reported and to require them to confirm that this rule has been complied with;
- Allow access to personal data only to specially authorized persons, and such persons shall have the right to obtain only those personal data necessary for the performance of specific functions;
- not to request information about the client’s health condition, except for those information related to the issue of the client’s ability to fulfill obligations under the agreement with the Operator;
- transfer personal data of the client to its representatives in the manner established by the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data».
5. ACCESS TO PERSONAL DATA
5.1. The right to access personal data has:
- Operator’s Supervisor;
- Operator’s employees working with a certain customer;
- Accounting employees;
- Employees providing technical support for the Operator’s activities.
5.2. In order to protect personal data, customers have the following rights:
- full information about their personal data and processing of these data;
- free and free access to their personal data, including the right to receive copies of any record containing personal data, except as provided by federal law;
- to identify their representatives to protect their personal data;
- the requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of the requirements of the Federal Law of 27.07.2006 No. 152-FZ «On Personal Data».
5.3. It is allowed to copy and make personal data statements only for official purposes with the permission of the manager.
6. LIABILITY FOR VIOLATION OF THE RULES GOVERNING THE PROCESSING OF PERSONAL DATA
6.1. Persons guilty of violating the procedure for handling personal data bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.
6.2. Heads of structural divisions of the Operator shall be personally responsible for performance of duties by their subordinates.