POLICY Regarding the Processing of Personal Data
This document defines the policy of the Limited Liability Company "Internet Technologies" (hereinafter referred to as "the Company") regarding the processing of personal data and the implementation of requirements for the protection of personal data (hereinafter referred to as "the Policy") in accordance with the requirements of the Federal Law of July 27, 2006, No. 152-FZ "On Personal Data". The Policy applies to the personal data of users obtained using the telecommunications network "Internet". The processing of the personal data of employees is carried out in accordance with the local regulations of LLC "Internet Technologies".
1. TERMS AND DEFINITIONS
1.1. This Policy uses specific terms, the meanings of which are defined in the order specified below. Other terms and definitions not reflected in the Policy will be interpreted by the parties based on the current legislation: Automated processing of personal data - processing of personal data using computing devices;
Blocking of personal data - temporary cessation of the processing of personal data (except in cases where processing is necessary to clarify personal data);
Information system of personal data - a collection of personal data contained in databases and providing processing through information technologies and technical means;
Anonymization of personal data - actions that make it impossible to determine the belonging of personal data to a specific personal data subject without the use of additional information;
Processing of personal data - any action (operation) or set of actions (operations) performed with personal data using automation or without automation, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
Personal data - any information that relates directly or indirectly to a specific or identifiable individual (the personal data subject);
Provision of personal data - actions aimed at disclosing personal data to a specific person or a specific group of persons;
Distribution of personal data - actions aimed at disclosing personal data to an indefinite group of persons;
Special categories of personal data - data concerning race, nationality, political views, religious beliefs, health status, as well as biometric personal data;
Personal data subject (hereinafter referred to as PDS) - an individual to whom personal data relate directly or indirectly;
Destruction of personal data - actions that make it impossible to restore the content of personal data in the information system of personal data and/or destroy the physical media of personal data;
Cookies - text files, usually of small size, or fragments of information that may be stored in the computer's memory when visiting a website;
Service (or services) - provision of a computing environment in the global Internet, as provided in the public offer agreement posted on the websites: bithost.ru.
2. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
Processing of personal data is carried out in accordance with the requirements of legislation: The Civil Code of the Russian Federation;
The Labor Code of the Russian Federation;
The Federal Law of July 27, 2006, No. 152-FZ "On Personal Data";
The Federal Law of July 7, 2003, No. 126-FZ "On Communications";
The Federal Law of July 27, 2006, No. 149-FZ "On Information, Information Technologies and Information Protection".
3. ACCEPTANCE OF THE TERMS OF THIS POLICY
3.1. Use of the site and its individual parts or services by the personal data subject means acceptance of this Policy and the terms of personal data processing, as well as consent to the processing of personal data.
3.2. The Policy is considered accepted, and consent to the processing of data is obtained upon the execution of any actions by the personal data subject: Registration in the personal account and/or in the billing system;
Conclusion of an agreement with the Company, including in the form of acceptance, action to fulfill the terms of the agreement;
Filling out fields of forms that involve the provision of personal data;
Providing personal data via e-mail, through the online consultant system, when ordering a callback, while attaching (enclosing) a file or in any other form;
Sending a resume for the position;
Actual use of services.
3.3. If the personal data subject does not agree with the terms of this Policy, they must cease to use the site, its part, or service and refuse to provide data, with refusal to provide such data possibly resulting in an inability to provide services. In this case, the Company is not responsible for any violation of its obligations and the inability to achieve the expected result for the personal data subject.
3.4. This Policy applies only to the site and services of the Company. The Company does not control and is not responsible for third-party websites that the personal data subject may visit via links available on the site.
3.5. The personal data subject is responsible for the completeness and accuracy of the data provided. In case of discrepancies and/or inaccuracies in the provided data, such data must be corrected, including by contacting the Company.
4. PRINCIPLES OF PERSONAL DATA PROCESSING
4.1. Processing of personal data is carried out on a lawful and fair basis.
4.2. Processing of personal data is limited to achieving specific, predetermined, and lawful goals. Processing of personal data incompatible with the purposes of personal data collection is not permitted.
4.3. Combining databases containing personal data, the processing of which is performed for incompatible purposes, is not permitted.
4.4. Only personal data that corresponds to the purposes of their processing is subject to processing.
4.5. The content and volume of processed personal data correspond to the declared purposes of processing and are not excessive in relation to these declared purposes.
4.6. When processing personal data, accuracy, adequacy, and relevance of personal data in relation to the purposes of personal data processing are ensured, and where necessary, necessary measures are taken to delete or clarify incomplete or inaccurate data.
4.7. Storage of personal data is carried out in a form that allows identifying the personal data subject no longer than is necessary for achieving the purposes of processing personal data unless the period of storage of personal data is established by federal law, an agreement to which the personal data subject is a party (beneficiary). Processed personal data is destroyed or anonymized upon achieving the purposes of processing or upon losing the need to achieve those purposes, unless otherwise provided by federal law.
If the resume does not state otherwise, for employment purposes, the personal data subject consents to being included in the personnel reserve of the Company. In this case, personal data may be processed until employment or the personal data subject requests exclusion from the personnel reserve.
5. PLACE OF STORAGE OF PERSONAL DATA
5.1. The Company ensures the collection and processing of personal data using databases located on the territory of the Russian Federation.
6. PURPOSES OF PERSONAL DATA PROCESSING:
6.1. The Company processes only the personal data necessary to provide services to the personal data subject, conduct the Company’s activities, ensure compliance with applicable laws, and uphold the rights and legitimate interests of third parties, provided that the rights of the personal data subject are not violated.
6.2. Personal data of the personal data subject may be processed by the Company for the following purposes: conducting research using anonymized data;
identifying the personal data subject;
providing services to the personal data subject by the Company;
providing services with the involvement of authorized registrars, certification centers, payment systems, and/or other entities responsible for providing the requested services to the personal data subject;
communicating with the personal data subject on matters arising from the provision of services, employment, including sending information, notices, SMS messages, messages using messengers, e-mail notifications, requests related to the provision of services, as well as processing requests and applications from the personal data subject;
sending informational and promotional newsletters, if such subscriptions by the personal data subject are not canceled;
quality control of services;
providing technical support;
processing payments;
assessing the personal data subject in making employment decisions, forming the personnel reserve.
6.3. The Company does not collect or process special categories of personal data.
7. COMPOSITION OF PERSONAL DATA
7.1. The Company may process personal data: surname, first name, patronymic, e-mail, phone, fax, data of the document proving identity, data of the place of residence/registration, payment details, workplace, position, date and place of birth. For assessing the personal data subject when applying for employment, the following personal data may be processed: passport data, questionnaire and biography data, educational and training information, data on specialty or profession, work and total experience, data of the compulsory pension insurance certificate, individual taxpayer number, military registration data, health status, actual residence address, home and mobile phone, e-mail address, family composition data, criminal record status, position held, salary data. The composition of the processed data is determined based on the volume of information needed to assess the relevance of the personal data subject for the position they are applying for. The Company does not process special categories of data unless required by applicable law to verify the relevance of the personal data subject for the position they are applying for.
7.2. The Company may also collect other personal data if their presence is necessary for providing services to the personal data subject and for complying with the requirements of the legislation of the Russian Federation regarding the protection of personal data.
7.3. The Company may also collect data related to the IP address, statistical information about actions taken while using the Company's services, unique identifiers automatically generated during the use of services, transaction data, the language of the region from which access to the services is made, as well as other information about the personal data subject.
7.4. The Company uses cookies. The Company uses temporary (session) and permanent cookies on its website. Temporary cookies are deleted after closing the web browser, while permanent cookies remain in the computer's memory until deleted by the user or until their storage period expires. The personal data subject can change the settings of their web browser to delete already saved cookies and to not save new cookies (detailed information is usually contained in the user manual of each specific web browser). If cookies are deleted and/or the web browser is configured to not save new cookies, some or all features of the site and services may be unavailable. In that case, the Company is not responsible for the inability to use its services and/or the inability to provide them.
8. PERSONAL DATA PROCESSING:
8.1. Personal data processing is carried out by the Company with the consent of the personal data subject, both with the use of automation and without such means.
8.2. The Company does not provide or disclose information containing personal data of the personal data subject to third parties without consent from the personal data subject, except in cases established by the current legislation of the Russian Federation on personal data protection (at the request of an authorized body), as well as for the purposes of fulfilling obligations to the personal data subject, investigating cases of fraud in payment processing and any other illegal activities, or in order to protect the rights of the aggrieved party, when there are reasonable suspicions of potential or actual violations of rights, in cases of violations of intellectual property rights, or in case of claims regarding the activities of the personal data subject.
8.3. In the event that the personal data subject withdraws their consent for processing personal data, the Company has the right to continue processing the personal data without consent in cases stipulated by current legislation.
8.4. If personal data and/or documents containing them are provided/stored in written form, then their destruction is carried out in a manner that prevents the possibility of restoring their content.
8.4.1. The Company blocks personal data in the manner and under the conditions stipulated by legislation in the field of personal data.
8.4.2. Upon achieving the purposes of personal data processing or if there is no further need for them, personal data is destroyed or anonymized. Exceptions may include federal law.
8.4.3. Illegally obtained personal data or data that is not necessary for the purposes of processing is destroyed within 7 (seven) working days from the date of presentation of the confirming information by the personal data subject or their representative.
8.4.4. Personal data processing which is terminated due to its unlawfulness and whose legality cannot be ensured is destroyed within 10 (ten) working days from the date of identification of unlawful processing.
8.4.5. Personal data is destroyed within 30 (thirty) days from the date of achieving the processing purposes unless otherwise stipulated by the agreement whose party (beneficiary) is the personal data subject, other agreements made between them and the Company, or if the Company does not have the right to process personal data without the consent of the personal data subject based on grounds provided by federal laws, as well as upon reaching the maximum storage periods for documents containing personal data.
8.4.6. Personal data is destroyed (if their retention is not required for the purposes of personal data processing) within 30 (thirty) days from the date of withdrawal of the personal data subject's consent for their processing. Other conditions may be provided by contracts or agreements where the parties (beneficiary or guarantor) are the personal data subject and the Company. Additionally, personal data is destroyed within this specified period if the Company does not have the right to process them without the consent of the personal data subject based on grounds provided by federal laws.
8.4.7. Selection of physical carriers (documents, hard drives, flash drives, etc.) and/or information contained in the information systems that is subject to destruction is carried out by the divisions of the Company that process personal data.
8.4.8. Destruction of personal data is carried out by a commission appointed by the order of the general director.
8.4.9. The commission prepares an act specifying the documents, other physical carriers, and/or information in the information systems containing personal data that are to be destroyed.
8.4.10. Personal data on paper carriers are destroyed using a shredder. Personal data on electronic carriers are destroyed by mechanically breaking the carrier's integrity, making it impossible to read or restore the personal data, as well as by deleting data from electronic carriers using guaranteed deletion methods.
8.4.11. Immediately after the destruction of personal data, an act of destruction is prepared. The form of the act is approved by the order of the general director.
8.5. The Company may combine (merge, connect) and use combined data with other information to ensure, manage, and develop services.
8.6. Personal data processing in the Company ceases in the following cases: when a fact of unlawful personal data processing is identified. The termination period is within 3 (three) working days from the date of identifying such fact;
when the processing purposes are achieved (with some exceptions);
upon expiration of the validity period or upon withdrawal of the personal data subject’s consent for processing their personal data (with some exceptions) if their processing is allowed only with consent according to the Personal Data Law.
8.7. Personal data is stored in a form that allows identifying the personal data subject no longer than is required to achieve the purposes of processing such personal data. Exceptions are cases where the period for storing personal data is established by federal law, agreement, or any act of the party (beneficiary or guarantor) that is the personal data subject.
8.8. Personal data on paper carriers are stored within the time limits for document storage established by the legislation on archive affairs in the Russian Federation (Federal Law of October 22, 2004 No. 125-FZ "On Archives in the Russian Federation", List of typical management archive documents generated in the course of activities of state bodies, state authorities, and organizations, indicating their storage periods (approved by the Order of Rosarchiv dated December 20, 2019 No. 236)).
8.9. The storage period for personal data processed in information systems of personal data corresponds to the storage period for personal data on paper carriers.
9. CONFIDENTIALITY OF PERSONAL DATA
9.1. Information related to personal data is confidential.
9.2. The Company ensures that access to personal data is provided only to those individuals processing them, who are obligated to sign a non-disclosure agreement and are warned of the established liability for the protection of personal data.
10. MEASURES TO PROTECT PERSONAL DATA
10.1. In order to protect personal data, the Company has: appointed an individual responsible for organizing the processing of personal data in the Company;
approved local regulations on personal data processing that establish procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, as well as eliminating the consequences of such violations;
applied legal, organizational, and technical measures to ensure the security of personal data during processing, as stipulated by relevant regulatory legal acts;
organized periodic checks on the conditions for processing personal data;
familiarized employees directly involved in personal data processing with the provisions of the legislation of the Russian Federation regarding personal data, including the requirements for personal data protection, documents, and other internal documents of the Company on personal data processing.
10.2. An internal investigation is conducted if a fact of unauthorized or accidental transmission (provision, distribution, access) of personal data is revealed, which led to a violation of the rights of the personal data subject (hereinafter referred to as the Incident).
10.2.1. In the event of an Incident, the Company notifies Roskomnadzor within 24 (twenty-four) hours: about the incident;
its presumed causes and the harm caused to the rights of the personal data subject (several personal data subjects);
measures taken to eliminate the consequences of the incident;
the representative of the Company authorized to interact with Roskomnadzor on matters related to the incident.
10.2.2. Within 72 (seventy-two) hours, the Company is obliged to do the following: notify Roskomnadzor of the results of the internal investigation;
provide information about the individuals whose actions caused the Incident (if available).
10.2.3. If the personal data subject (or their representative) provides confirmed information that the personal data is incomplete, inaccurate, or outdated, changes are made within 7 (seven) working days. The Company will notify the personal data subject (or their representative) in writing about the changes made and will inform (via email) any third parties to whom the personal data were transferred.
11. RIGHTS OF PERSONAL DATA SUBJECTS
11.1. The personal data subject has the right to receive information from the Company regarding the processing of their personal data, the right to protection, the right to withdraw consent for processing personal data, as well as other rights provided by the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and other regulatory legal acts.
12. PUBLICATION OF THE POLICY
12.1. To ensure unlimited access to the Policy, its text is to be posted on the Company's website.
12.2. The Company has the right to unilaterally make changes to this Policy at any time. All changes take effect from the date stated in such changes, and in the absence of such indication - 10 (ten) days from the moment of posting on the Company's website.
12.3. The personal data subject independently takes the necessary and sufficient measures to familiarize themselves with changes to this Policy, for which they review the changes and/or other information at least once a month.
12.4. The Company does not carry out additional notifications or notices regarding changes to the Policy, except for the posting on the official website.
13. SUBMISSION OF REQUESTS
13.1. Any requests from the personal data subject should be sent to the address of the Company: 144002 Elektrostal, Gorky Street, 14, Office 105.