Personal data processing policy
This personal data processing policy was created in accordance with paragraph 2 of Article 18.1 of the Federal Law No. 152-FZ «On Personal Data» dated July 27, 2006 and applies to all personal data that NL Continent LLC (hereinafter – the Company) may receive from the subject of personal data.
The company is registered in the Register of personal data processors under registration number 54-17-0002790.
1. Legal grounds for personal data processing.
- Constitution of the Russian Federation (article 23);
- Federal Law No. 261-FZ of July 25, 2011 "On Personal Data" (articles 1, 6, 22);
- Civil Code of the Russian Federation (chapters governing relevant types of agreements);
- Labour code of the Russian Federation (articles 86-90);
2. Purposes and means of personal data processing.
The purpose of processing of personal data (hereinafter referred to as "PD") is to ensure the execution of works and provision of services defined in the Company Charter, as well as to ensure the performance of contractual obligations to the Company's customers.
Processing (collection, systematization, accumulation, storage, updating (modification, alternation), use, distribution, (including transfer to third parties), depersonalization, blocking and destruction) of personal data is divided into:
- processing of personal data by means of computer technology;
- processing of personal data without the use of automation.
3. Categories and types of data processed.
The procedure for collecting and processing personal data in the Company is conducted in accordance with the legislation of the Russian Federation.
Personal data, corresponding to the purpose of their processing, may include: surname, name, patronymic; year of birth; month of birth; date of birth; place of birth; address; marital status; place of work, position, education; profession; income; gender; ID details (series and number of the document, date of issue, name of issuing authority and division code); citizenship; taxpayer identification number (if any).
4. List of actions (operations) with personal data:
Collection; Systematization: Accumulation; Storage; Updating (modification, alternation); Use; Distribution, (including transfer to third parties); Depersonalization; Blocking; Destruction.
5. Categories of subjects whose personal data are processed:
- employees of the Company.
- individuals – employees of the Company's clients, under service agreements and commercial concessions.
- individuals who are in contractual and other civil relations with the Company.
6. Conditions for termination of personal data processing.
Personal data are subject to destruction upon achievement of the processing objectives or in case of loss of the need to achieve them, unless otherwise provided by Federal laws, as well as in case of detection of illegal actions with personal data and impossibility to eliminate violations within the period established by law.
7. Guarantee of confidentiality.
Personal data of clients and partners contained in the contracts concluded with them, documents relating to the execution of these contracts and information systems of personal data are confidential.
The company independently determines the structure and the list of necessary and sufficient measures to ensure the security of personal data during their processing, unless otherwise provided by 152-FZ or other Federal laws.
8. Measures to ensure the security of personal data during their processing
8.1 The Company takes necessary and sufficient legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, granting, distribution, as well as from other unlawful actions involving personal data.
8.2 To ensure the security of personal data, the Company:
- identifies the threats to Personal Data security when processing them in information systems;
- when processing personal data in information systems of personal data, applies organizational and technical measures to ensure the security of personal data, meets the requirements for the protection of personal data in compliance with the rules established by the Government of Russian Federation;
- uses the information processing tools that have been certified in an appropriate manner;
- assesses the effectiveness of measures taken to ensure the security of personal data before putting in operation the information system of personal data;
- registers machine carriers of personal data;
- detects facts of unauthorized access to personal data and takes appropriate measures;
- restores personal data that has been modified or destroyed due to unauthorized access to them;
- establishes rules for accessing personal data processed in the information system of personal data, as well as ensures registration and recording of all actions performed with personal data in the information system of personal data;
- controls the measures taken to ensure the security of personal data and high level of protection of information systems of personal data;
- assesses the harm that may be caused to the subjects of personal data in case of violation of the legislation of the Russian Federation in the field of personal data and takes adequate measures to ensure the implementation of the legislation of the Russian Federation in the field of personal data.
9. Getting access to personal data.
Access to personal data is granted to the subject of personal data (his/her legal representative) on the basis of a request. The request must contain the identity number of the main identification document of the personal data subject or his/her legal representative, date of issue and body which issued such document and the handwritten signature of the personal data subject or his/her legal representative.
10. Terms of disclosure and use of data by partners and third parties.
The company ensures the confidentiality of personal data and is obliged not to transfer them to third parties without the consent of personal data subjects, unless otherwise provided by law. If the transfer of personal data to third parties occurs on the basis of the relevant agreement, an essential condition of such agreement is the obligation to ensure the confidentiality of personal data by a third party.