1. General Provisions
1.1 This document defines the policy of "Sojitz" LLC (hereinafter referred to as the Company) regarding the processing of personal data and sets out a system of basic principles applicable to the processing of personal data in the Company.
1.2 This Policy applies to all actions performed in the Company with personal data with the use of automation tools or without their use.
1.3 This Policy is mandatory for review and execution by all persons allowed to process personal data in the Company and persons involved in the organization of processing processes and ensuring the security of personal data in the Company.
1.4 This Policy has been drawn up in accordance with the Council of Europe Convention No. 108 on the Protection of the Person with regard to automatic processing of personal data, and the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006.
1.5 This Policy is subject to updating in the event of a change in the legislation of the Russian Federation on personal data.
2. Introduction
2.1 The Company is the operator of personal data.
2.2 An important condition for the implementation of the company's goals is to ensure the protection of the rights and freedoms of the subject of personal data when processing his personal data.
2.3 The Company has developed and put into effect documents establishing the procedure for processing and ensuring the security of personal data, which ensure compliance with the requirements of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it.
3. Principles and conditions of personal data processing in the Company
3.1 The Company, being the operator, processes personal data of the following categories of personal data subjects:
- applicants for filling vacant positions - in the composition and period necessary for the employer to make a decision on hiring or refusing to hire (conclude an employment contract) with the consent of the subjects of personal data;
- employees who are or were in an employment relationship with the Company - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and duties assigned by the legislation of the Russian Federation to the employer, for the conclusion and execution of the contract, the party to which is either the beneficiary or guarantor of which is the subject of personal data, including for the purpose of providing insurance services; to form a personnel reserve with the consent of personal data subjects;
- relatives of the Company's employees - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfillment of the functions, powers and duties assigned by the legislation of the Russian Federation to the employer, for the conclusion and execution of the contract, the party to which is either the beneficiary or guarantor under which is the subject of pd (including for the purpose of providing medical insurance with the consent of personal data subjects);
- representatives of foreign companies of the Sojitz Group - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and duties assigned by the legislation of the Russian Federation to the Company, including to assist foreign citizens in issuing invitations, visas, migration registration;
- suppliers - individuals - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and obligations assigned by the legislation of the Russian Federation to the employer, as well as for the conclusion and execution of the contract, the party to which is either the beneficiary or guarantor for which is the subject of personal data;
- representatives of potential and existing clients - legal entities - in the composition and period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and obligations assigned by the legislation of the Russian Federation to the employer, as well as to interact with potential and existing customers, with the consent of the subjects of personal data;
- representatives of suppliers - legal entities - in the composition and the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and obligations assigned by the legislation of the Russian Federation to the employer, as well as to interact with suppliers with the consent of personal data subjects;
- representatives of potential and existing partners - legal entities - in the composition and period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and obligations assigned by the legislation of the Russian Federation to the employer, as well as to interact with potential and existing partners, with the consent of the subjects of personal data;
- participants in the accident - in the composition and the period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfilment of the functions, powers and duties assigned by the legislation of the Russian Federation to the Company.
3.2 The terms of personal data processing are determined taking into account:
- the established purposes of personal data processing;
- the terms of validity of contracts with personal data subjects and consents of personal data subjects to the processing of their personal data;
- the terms defined by the Order of the Ministry of Culture of the Russian Federation dated August 25, 2010 No. 558 "On approval of the "List of standard management archival documents formed in the course of the activities of state bodies, local self-government bodies and organizations, indicating the storage periods".
3.3 The Company processes personal data on a lawful and fair basis.
3.4 When processing personal data, their accuracy, sufficiency and, if necessary, relevance in relation to the purposes of personal data processing are ensured.
3.5 The Company does not disclose to third parties and does not distribute personal data without the consent of the subject of personal data (unless otherwise provided by the federal law of the Russian Federation).
3.6 The Company processes special categories of personal data of employees (state of health of employees and nationality within the framework of labour relations). At the same time, the Company complies with the requirements for the processing of special categories of personal data provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the Labour Code of the Russian Federation.
3.7 The Company does not process biometric personal data.
3.8 The Company carries out cross-border transfer of personal data. At the same time, the Company complies with the requirements for the cross-border transfer of personal data provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006.
3.9 The Company does not make decisions that generate legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, on the basis of exclusively automated processing of personal data.
3.10 The Company entrusts the processing of personal data to other persons. At the same time, the Company complies with the requirements for the task of processing personal data provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006.
3.11 The Company processes personal data using automation tools and without their use. At the same time, the Company complies with the requirements for automated and non-automated processing of personal data provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it.
4. Rights of subjects of personal data processed by the Company
The subject of personal data has the right to receive information regarding the processing of his personal data. To obtain this information, the subject of personal data may send a written request (the request may also be sent in the form of an electronic document and signed with an electronic signature) to the address: 115114, Russian Federation, Moscow, Letnikovskaya Street, 2, p. 1, in accordance with the procedure established by Art. 14 of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006.
5. Performance of the operator's duties in the Company
5.1 The Company receives personal data from personal data subjects and from third parties (persons who are not subjects of personal data). At the same time, the Company fulfils the obligations provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the Labour Code of the Russian Federation when collecting personal data.
5.2 The Company stops processing personal data in the following cases:
- upon achievement of the purposes of their processing, or in case of loss of the need to achieve these goals;
- at the request of the subject of personal data, if the personal data processed by the Company are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- in case of detection of illegal processing of personal data, if it is impossible to ensure the legality of the processing of personal data;
- in case of withdrawal by the subject of personal data of consent to the processing of his personal data or expiration of such consent (if personal data are processed by the Companies solely on the basis of the consent of the subject of personal data);
- in case of liquidation of the Company.
5.3 In order to ensure the fulfilment of the obligations provided for by the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, the following measures have been taken:
- a person responsible for organizing the processing of personal data has been appointed;
- local acts on the processing and security of personal data have been issued, as well as local acts establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation, eliminating the consequences of such violations:
- Regulations on the processing of personal data;
- this Policy;
- other local acts on the processing and security of personal data.
- legal, organizational and technical measures have been applied to ensure the security of personal data;
- internal control over the compliance of personal data processing with the requirements of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, this Policy, local regulatory acts of the Company are carried out;
- an assessment of the harm that may be caused to the subjects of personal data in case of violation of the requirements of the federal legislation on personal data was carried out, a ratio of this harm and the measures taken by the Companies aimed at ensuring the fulfilment of the obligations provided for by the requirements of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it were made;
- employees of the Company directly engaged in the processing of personal data are familiar with the provisions of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, this Policy and local regulatory acts of the Company on the processing of personal data.
5.4 The Company implements the following requirements for the protection of personal data:
- a security regime has been organized for the premises in which information systems are located, which prevents the possibility of uncontrolled entry or stay in these premises of persons who do not have the right to access these premises;
- ensuring the safety of personal data carriers has been implemented;
- a document has been approved that defines the list of persons whose access to personal data processed in information systems is necessary for the performance of their official (labour) duties;
- means of information protection are used;
- the requirements established by the Decree of the Government of the Russian Federation dated September 15, 2008 No. 687 "On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools" were implemented.