Policy of LLC "STALTORG" regarding the processing of personal data

1. Company Profile

1.1. STALTORG Limited Liability Company, hereinafter referred to as the Company, is registered in the Russian Federation.

Short name: OOO STALTORG

TIN/KPP: 4825124011/482501001

Legal address: 398007, Lipetsk, st. Kovaleva, building 109E, room 3.

Official website of the Company: https://staltorg.su/

2. General provisions

2.1. This Policy regarding the processing of personal data (hereinafter referred to as the "Policy") has been prepared in accordance with paragraph 2 of part 1 of Art. 18.1 of the Federal Law of the Russian Federation "On Personal Data" N 152-FZ dated July 27, 2006 (hereinafter referred to as "152-FZ") and discloses the methods and principles of processing personal data by the Company, the rights and obligations of the Company in the processing of personal data, the rights of subjects of personal data, and also includes a list of measures applied by the Company in order to ensure the security of personal data during their processing.

3. Principles of personal data processing

3.1. The company in its activities ensures compliance with the principles of processing personal data specified in Art. 5 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.

3.2. The processing by the Company of personal data is carried out only in accordance with the purposes that determined their receipt, while personal data received by the Company's employees, in the performance of their official duties, is subject to protection.

3.3. The Company does not allow the consolidation of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.

3.4. The employees of the Company are obliged to maintain the confidentiality of the information received. Only responsible officials (employees of the Company) have the right to access the processing of personal data in accordance with their functional duties.

3.5. The processing of personal data by the Company is carried out taking into account the compliance of the volume and nature of the processed personal data, the methods of processing personal data with the purposes of processing personal data, the reliability of personal data, their sufficiency for the purposes of processing, and, if necessary, relevance in relation to the purposes of processing personal data, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data. The Company takes the necessary measures to delete or clarify incomplete or inaccurate data in accordance with the local regulations of the Company.

3.6. The storage of personal data in the Company is carried out in a form that allows you to determine the subject of personal data, no longer than required by the purposes of processing personal data, if the period for storing personal data is not established by federal law, an agreement to which the beneficiary or guarantor is a party, under which the subject of personal data is data. The processed personal data is subject to destruction or depersonalization upon reaching the goals of processing or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3.7. The terms of storage of personal data are determined in accordance with the period of validity of civil law relations between the subject of personal data and the Company, the limitation period, the period of storage of documents on paper and documents in electronic databases, other requirements of the legislation of the Russian Federation, as well as the period of validity of the consent of the subject to the processing of his personal data.

3.8. The processing of personal data for the purpose of conducting marketing activities by making direct contacts with the subjects of personal data using means of communication is allowed only subject to obtaining consent from the subject of personal data. The Company does not place the personal data of the subject of personal data in public sources without his prior consent.

3.9. The processing of personal data is carried out in compliance with the principles and rules provided for in this Policy.

3.10. The processing of personal data by the Company includes the collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

3.11. The company does not process biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity).

3.12. The Company does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life.

3.13. When collecting personal data, including through the information and telecommunications network "Internet", the Company ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation .

3.14. The company does not carry out cross-border transfer of personal data.

3.15. The Company does not make decisions that give rise to legal consequences in relation to the subjects of personal data or otherwise affect their rights and legitimate interests, based solely on the automated processing of their personal data.

3.16. The company carries out mixed processing of personal data using automation tools and without using automation tools.

3.17. The Company has the right to entrust the processing of personal data to a third party with the consent of the subject of personal data and in other cases provided for by the current legislation of the Russian Federation, on the basis of an agreement concluded with this party (hereinafter referred to as the instruction). A third party that processes personal data on behalf of the Company is obliged to comply with the principles and rules for the processing of personal data provided for by Federal Law-152, ensuring the confidentiality and security of personal data during their processing.

4. Measures for the proper organization of the processing and security of personal data

4.1. When processing personal data, the Company takes all necessary legal, organizational and technical measures to protect them from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation to them. Ensuring the security of personal data is achieved, in particular, in the following ways:

• The appointment of a person responsible for organizing the processing and ensuring the security of personal data.
• Implementation of internal control and/or audit of compliance of personal data processing with Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and regulations adopted in accordance with it, requirements for the protection of personal data, local acts.
• Familiarization of the Company's employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, local acts regarding the processing of personal data and / or training of these employees.
• Identification of threats to the security of personal data during their processing in personal data information systems.
• The application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data.
• Assessing the effectiveness of the measures taken to ensure the security of personal data before the commissioning of the personal data information system.
• According to machine carriers of personal data.
• Identifying the facts of unauthorized access to personal data and taking appropriate measures.
• Recovery of personal data modified or destroyed due to unauthorized access to them.
• Establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system.
• Control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

5. Rights of personal data subjects

5.1. Subjects whose PD are processed by the Company may obtain clarifications on the processing of their PD by contacting the Company in person or by sending a corresponding written request to the address of the Company's location.

5.2. If an official request is sent to the Company, the text of the request must include:

• last name, first name, patronymic of the PD subject or his representative;
• number of the main document proving the identity of the PD subject or his representative, information on the date of issue of the specified document and the authority that issued it;
• information confirming that the PD subject has relations with the IF (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information);
• Signature of the PD subject (or his representative).

5.3. The subject of personal data has the right to receive information regarding the processing of his personal data, including the following:

• confirmation of the fact of personal data processing by the operator;
• legal grounds and purposes for processing personal data;
• purposes and methods used by the Company for processing personal data;
• name and location of the Company, information about persons (excluding employees of the operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the operator or on the basis of Federal Law No. 152-FZ;
• processed personal data relating to the respective subject, the source of their receipt;
• terms of personal data processing, including the terms of their storage;
• information about a cross-border data transfer that has taken place or is to be carried out;
• name of the person who processes personal data on behalf of the Company, if the processing is or will be entrusted to such a person;
• other information provided for by Federal Law No. 152-FZ or other federal laws.

5.4. The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including if the subject's access to his personal data violates the rights and legitimate interests of third parties;

5.5. The subject of personal data has the right to demand from the Company the clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights .

5.6. In order to exercise and protect their rights and legitimate interests, the subject of personal data has the right to apply to the Company. The company considers appeals and complaints from the subjects of personal data, carefully investigates the facts of violations and takes all necessary measures to eliminate them immediately, punish the perpetrators and resolve disputes and conflict situations in pre-trial order.

5.7. The subject of personal data has the right to appeal against the actions or inaction of the Company by contacting the authorized body for the protection of the rights of subjects of personal data.

5.8. The subject of personal data has the right to protect his rights and legitimate interests, including compensation for losses and / or compensation for moral damage in court.

6. Final Provisions

6.1. This Policy is publicly available and is subject to posting on the official website of the Company at: https://staltorg.su

6.2. This Policy is subject to change, addition in the event of the emergence of new legislative acts and special regulatory documents on the processing and protection of personal data, but at least once every three years.

6.3. Control over the fulfillment of the requirements of this Policy is carried out by the Company's Personal Data Processing Organizer.

6.4. The liability of Company officials who have access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and internal documents of the Company.