SCHNEIDER GROUP OOO POLICY OF THE COMPANY REGARDING TO THE PERSONAL DATA PROCESSING

Similar documents
DATA PROTECTION POLICY

LAW OF THE REPUBLIC OF ARMENIA ON PROTECTION OF PERSONAL DATA CHAPTER 1 GENERAL PROVISIONS

The Act on Processing of Personal Data

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

INFORMATION PROCESSING POLICIES INSIGHT CRIME DATABASES Preliminary Provisions

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

Instructions on the processing of personal data in the election process

FEDERAL LAW NO. 59-FZ OF MAY 2, 2006 ON THE PROCEDURE FOR HANDLING APPLICATIONS OF CITIZENS OF THE RUSSIAN FEDERATION

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

CONSULTATIVE COMMITTEE OF THE CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA

CHAPTER I. Definitions

LIBRARY LICENSE AGREEMENT - DATABASE

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

RUSSIA Patent Law #3517-I of September 23, 1992, as amended by the federal law 22-FZ of February 7, 2003 ENTRY INTO FORCE: March 11, 2003

The NATIONAL CONGRESS decrees: CHAPTER I PRELIMINARY PROVISIONS

RESTREINT UE/EU RESTRICTED

8557/16 SHO/ra 1 DGD 2

STATE OF ILLINOIS ILLINOIS STATE POLICE ADAM WALSH CHILD PROTECTION ACT USER AGREEMENT BETWEEN THE ILLINOIS STATE POLICE AND

Personal Data Protection Act

NON-DISCLOSURE AGREEMENT

THE RUSSIAN FEDERATION FEDERAL LAW ON TECHNICAL REGULATION

ACT of August 29, 1997 on the Protection of Personal Data

Regulations on Provision of Information to Shareholders of Public Joint Stock Company Oil company LUKOIL (new version)

Number 5 of Vehicle Registration Data (Automated Searching and Exchange) Act 2018

Data Protection Policy. Malta Gaming Authority

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

AmCham EU Proposed Amendments on the General Data Protection Regulation

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.

TEXAS DEPARTMENT OF PUBLIC SAFETY 5805 NORTH LAMAR BOULEVARD POST OFFICE BOX 4087, AUSTIN, TX /

Brussels, 29 November 2007 (Case ) 1. Procedure

FEDERAL LAW 59-FZ of May 2, 2006 ON THE PROCEDURE FOR CONSIDERATION OF APPEALS BY CITIZENS OF THE RUSSIAN FEDERATION

PATENT LAW OF THE RUSSIAN FEDERATION NO OF SEPTEMBER 23, 1992 (with the Amendments and Additions of December 27, 2000)

O R D E R OF THE MINISTER OF THE INTERIOR OF THE REPUBLIC OF LITHUANIA

Patent Law of the Republic of Kazakhstan. Chapter 1. General provisions. Article 1. Basic notions and definitions used in the present Law

REGULATIONS ON THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF NOVATEK JOINT STOCK COMPANY

European College of Business and Management Data Protection Policy

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

ARTICLE 29 Data Protection Working Party

The High Contracting Parties to the present Treaty, Member States of the European Union,

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

South Carolina Department of Motor Vehicles

DATA PROTECTION (JERSEY) LAW 2018

THE GENERAL ADMINISTRATIVE CODE OF GEORGIA

VIETNAM LAWS ONLINE DATABASE License Agreement Multi-user (Special)

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

Purposes of the Law. Information of Public Importance. Public Authority Body. Legal Presumptions of Justified Interest

RUSSIAN FEDERATION FEDERAL LAW

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

Telekom Austria Group Standard Data Processing Agreement

Privacy policy. 1.1 We are committed to safeguarding the privacy of our website visitors.

Annex 1 LAW OF THE REPUBLIC OF KAZAKHSTAN ON ACCESS TO INFORMATION

IRB RELIANCE EXCHANGE PORTAL AGREEMENT

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

1. (1) This Act may be cited as the Anti-Money Laundering and Anti-Terrorism Financing (Amendment) Act 2013.

NOTICES ACCOMPANYING THE ELECTRONIC PROSPECTUS/INFORMATION MEMORANDUM/KNOWLEDGE PACK AND E-IPO APPLICATION FORMS FROM THE WEBSITE

COUNCIL OF THE EUROPEAN UNION. Brussels, 7 July 2005 (28.07) (OR. nl) 10900/05 LIMITE CRIMORG 65 ENFOPOL 85 MIGR 30

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

Personal Data Protection Law

GENERAL DATA LIVING HOTELS

CHAPTER 308B ELECTRONIC TRANSACTIONS

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

AKTIVA sistem doo, Novi Sad

BINDING CORPORATE RULES PRIVACY policy. Telekom Albania. Çaste që na lidhin.

MARITEC-X MARINE AND MARITIME RESEARCH, INNOVATION, TECHNOLOGY CENTRE OF EXCELLENCE. Consortium Agreement

ACCESS AND PRIVACY POLICY

Patent Law of the Republic of Kazakhstan

SECTION I. GENERAL PROVISIONS

Last revised: 6 April 2018 By using the Agile Manager Website, you are agreeing to these Terms of Use.

Archives Law. The Saeima 1 has adopted and the President has proclaimed the following Law: Section 1. Terms used in this Law

INTERNATIONAL CONVENTION ON MUTUAL ADMINISTRATIVE ASSISTANCE IN CUSTOMS MATTERS. Brussels 27 June, 2003

Coordinated text from 10 August 2011 Version applicable from 1 September 2011

ENTERTAINMENT IDENTIFIER REGISTRY TERMS OF USE

202.5-b. Electronic Filing in Supreme Court; Consensual Program.

Freedom Of Access To Information Act For The Republika Srpska 18/5/2001

Identity Documents Act

DATA PROTECTION (JERSEY) LAW 2005

BILL NO. 42. Health Information Act

REGISTRANT AGREEMENT Version 1.5

Midwest Real Estate Data, LLC. MRED Participant Agreement 1 DEFINITIONS AND USAGE. MRED S OBLIGATIONS. PARTICIPANT ACKNOWLEDGMENTS.

Identity Documents Act

LAW OF THE KYRGYZ REPUBLIC "ON TRADEMARKS, SERVICE MARKS AND APPELLATIONS OF PLACES OF ORIGIN OF GOODS"

MERITOCRACY PRIVACY POLICY. Updated on March 27, 2017.

Is information about legal entities personal data? No. The DPA only applies to information about individuals as opposed to legal entities.

Brussels, 16 May 2006 (Case ) 1. Procedure

The English translation and publication of the Election Code have been made by IFES with financial support of USAID.

FOIL REGULATIONS FOR HCR

FREEDOM OF INFORMATION ACT

PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Terms of Use Coach Me

closer look at Rights & remedies

January 2017 Eteach, Norwich House, Camberley, Surrey, GU15 3SY T:

the Notices section below.

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

Transcription:

SCHNEIDER GROUP OOO POLICY OF THE COMPANY REGARDING TO THE PERSONAL DATA PROCESSING

CONTENTS: 1. GENERAL PROVISIONS... Ошибка! Закладка не определена. 2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING...4 Principles of Personal Data Processing...4 Conditions of Personal Data Processing...4 Confidentiality of Personal Data...5 Publicly Accessible Sources of Personal Data...5 Assigning the processing of Personal Data to another person...5 The processing of Personal Data of the Russian Federation citizens...5 Cross-Border Transfer of Personal Data...6 3. RIGHTS OF THE PERSONAL DATA SUBJECT...6 Consent of the Personal Data Subject to the processing his Personal Data...6 Rights of the Personal Data Subject...6 4. ENSURING THE SECURITY OF PERSONAL DATA...7 5. FINAL PROVISIONS...8 Page 2

1. GENERAL PROVISIONS The policy regarding to the personal data processing ( hereinafter Policy ) is developed according to the Federal Law of 27 July 2006 N 152-FZ On personal data ) ( hereinafter FZ-152 ). This policy determines the procedure of the personal data processing and measurements to ensure the security of personal data in SCHNEIDER GROUP LLC ( hereinafter Operator ) in order to protect human and citizens rights and freedoms during the processing of his personal data, including the protection of the following rights: right of privacy, personal and family secret. In this Policy the following main terms are used: automated personal data processing - personal data processing by means of computer technology; blocking of personal data the temporary cessation of personal data processing (except for the cases when the processing is needed for personal data specification); personal data information system a database that contains personal data as well as information technologies and hardware used for data processing; anonymization of personal data actions performed on personal data that do not permit the identity of the individual concerned to be verified solely from such anonymized data; personal data processing any action (operation) or a combination of actions (operations) performed both automatically and manually with personal data, including collection, recording, arrangement, accumulation, storage, specification (updating, changing), extraction, use, distribution (including transfer), anonymizing, blocking and destruction of personal data; operator state agency, municipal authority, legal entity or individual who independently or in cooperation with other entities organizes and/or processes personal data as well as determines the purposes and scope of personal data processing; personal data any information referring directly or indirectly to a particular or identified individual (personal data subject) provision of personal data actions related to making the data available to a definite person or a definite range of persons; distribution of personal data actions related to making the data available to indefinite range of persons (submission of personal data) or to the familiarization with the personal data to unlimited range of persons, including divulgation in mass media, placement in information and telecommunications networks or providing access to the personal data in any other way; cross-border transfer of personal data cross-border transfer of personal data to a foreign state agency, foreign legal entity or individual located in a foreign state. Page 3

destruction of personal data actions performed on personal data contained in the respective database that prevent such data from being restored and (or) actions aimed at the physical destruction of the tangible medium of personal data; The company is obliged to issue or in any other way to provide unlimited access to this Policy of the personal data processing in accordance with part2, article 18.1 of FZ-152. 2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING Principles of Personal Data Processing The Operator s personal data processing is based on the following principles: on a legal and equitable basis; restriction by achieving specific pre-determined and legal purposes; it is not allowed to process personal data for incompatible purposes of personal data collection; it is not allowed to combine the data bases containing personal data to be processed for incompatible purposes; there shall be processed only personal data that comply with the purposes of their processing; the scope and character of personal data to be processed shall comply with the intended purposes; it is not allowed to process odd personal data regarding to the stated purposes of the processing; ensuring the personal data accuracy, their sufficiency and relevancy regarding to the stated purposes of the processing; personal data shall be destroyed or depersonalized upon achieving the set goals as well as when such goals cease to be relevant unless otherwise stipulated by federal laws. Conditions of Personal Data Processing Operator processes Personal data if meeting one of the following criteria: processing of personal data is carried out with the consent of the data subject to the processing of his personal data; personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or by a law, or for exercise and fulfillment of functions, powers and obligations imposed on operators by the Russian Federation law; personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings; personal data processing is required for performance of an agreement to which a personal data subject is a party or under which the data subject is a beneficiary or surety, or for conclusion of an agreement on the initiative of a personal data subject or an agreement under which a personal data subject shall be a beneficiary or surety; processing of personal data is required for realization of the rights and legitimate interests of an operator or third parties or for the attainment of socially significant objectives, provided that this not cause the rights and freedoms of the personal data subject to be violated; Page 4

public access to the personal data being processed has been granted by or at the request of the personal data subject (hereinafter referred to as personal data made public by the personal data subject ); the personal data being processed are subject to publication or compulsory disclosure in accordance with federal laws. Confidentiality of Personal Data Operator and other persons who have obtained an access to personal data shall be obliged to refrain from disclosing to third parties or disseminating those personal data without the consent of the personal data subject, except as otherwise provided by federal laws. Publicly Accessible Sources of Personal Data Publicly accessible sources of personal data, including directories and address books may be created for the purposes of information provision. Subject to the written consent of a personal data subject, the surname, first name and patronymic, year and place of birth, address, subscriber number, occupation details of that data subject and other personal data communicated by the personal data subject. Details of a personal data subject shall at any time be excluded from publicly accessible sources of personal data at the request of the personal data subject or by decision of a court or other authorized state bodies. Assigning the processing of Personal Data to another person An operator shall have the right to assign the processing of personal data to another person with the consent of a personal data subject, except as otherwise provided by federal laws, on the basis of a contract concluded with that person, including a state or municipal contract, or by means of adoption of an appropriate act by a state or municipal body (hereinafter referred to as instruction of an operator ). A person carrying out the processing of personal data on the instruction of an operator shall be obliged to comply with the principles and rules for the processing of personal data which are stipulated by FZ-152 and this Policy. The processing of Personal Data of the Russian Federation citizens In accordance with Article 2 of the Federal Law No. 242-FZ of July 21, 2014 on Amending Some Legislative Acts of the Russian Federation in as Much as It Concerns Updating the Procedure for Personal Data Processing in Information-Telecommunication Networks, while the Personal Data collection, including the information and telecommunications network "Internet", Operator shall be obliged to provide the record, systematization, aggregation, storage, clarification (update, modification), extraction of the Personal Data of the Russian Federation citizens with the database, which are on the territory of the Russian Federation, except the following cases: the processing of personal data is necessary to achieve the purposes in connection with the implementation of international agreement or with the law for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the Operator; Page 5

personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings (hereinafter referred to as enforcement of a judicial act); personal data processing is required for the execution of the powers of federal executive bodies, bodies of state extra-budgetary funds, executive bodies of state power of the constituent entities of the Russian Federation, local self-government bodies and the functions of organizations participating in the provision of state and municipal services in accordance with the Federal law of 27 July 2010 N 210-FZ About provision of state and municipal services, for ensuring the provision of this service and (or) for registration of personal data subjects on the uniform portal of state and municipal services; processing of personal data is required for the purposes of professional activities of a journalist and (or) the legitimate activities of a mass medium or for the purposes of scientific, literary or other creative activity, provided that this not cause the rights and freedoms of the personal data subject to be violated. Cross-Border Transfer of Personal Data An operator shall be obliged to satisfy itself that the foreign state into whose territory personal data are to be transferred provides adequate protection of the personal data subjects rights before commencing the crossborder transfer of personal data. The cross-border transfer of personal data into the territories of foreign states which do not provide an adequate protection of the personal data subjects rights may be carried out in the following cases: where the personal data subject has given his written consent to the cross-border transfer of his personal data; for the purpose of the performance of a contract to which the personal data subject is a party. 3. RIGHTS OF THE PERSONAL DATA SUBJECT Consent of the Personal Data Subject to the processing his Personal Data A personal data subject shall decide whether or not to provide his personal data and shall give consent to the processing thereof freely, of his own will and in his own interest. Consent to the processing of personal data may be given by the personal data subject or his representative in any form which provides evidence of its receipt, except as otherwise established by federal laws. Rights of the Personal Data Subject A personal data subject shall have the right to receive information from Operator except in cases this right is limited by federal laws. A personal data subject shall have the right to request an Operator to rectify, block or destroy his personal data in the event that the personal data are incomplete, out-of-date, inaccurate or unlawfully obtained or are not needed for the stated purpose of the processing, and shall have the right to take measures provided for by law to protect his rights. Page 6

The processing of personal data for the purpose of the market promotion of goods, work and services by means of making direct contact with a potential consumer with the aid of communications facilities, and for purposes of political campaigning, shall be permitted only on condition of the prior consent of the subject of the personal data. An operator shall be obliged, upon the request of a data subject, immediately to terminate the processing of his personal data upon abovementioned purposes. Shall be prohibited for making decisions which give rise to legal consequences for a personal data subject or otherwise affect his rights and legitimate interests to be taken solely on the basis of the automated processing of personal data, except the cases provided by federal laws or with consent of the Personal Data Subject. Where a personal data subject believes that an Operator is processing his personal data not in compliance with the requirements of FZ-152 or is otherwise violating his rights and freedoms, the personal data subject shall have the right to appeal against the actions or inaction of the operator to the authorized body for the protection of the personal data subjects rights or through the courts. A personal data subject shall have the right to protection of his rights and legal interests, including the right to reimbursement for losses and (or) compensation for moral injury. 4. ENSURING THE SECURITY OF PERSONAL DATA An operator shall be obliged, when processing data, to take or arrange for the taking of such legal, organizational and technical measures as are necessary to protect personal data against unlawful or accidental access to and destruction, alteration, blocking, copying, provision or dissemination of personal data and against other unlawful actions in relation to personal data. To prevent unauthorized access to the personal data, Operator apply the following organizational and technical measures: the appointment of a person responsible for organizing the processing of personal data; limitation of number of persons authorized to process personal data; restriction of the persons admitted to the processing of personal data; familiarization of subjects with the requirements of the federal legislation and regulatory documents of the Operator for the processing and protection of personal data; organization of recording, storage and circulation of tangible media containing information with personal data; identification of threats to the security of personal data during processing, the formation of threat models on their basis; the development on the basis of the threat model of the personal data protection system; verification of the readiness and effectiveness of the use of the information protection means; Page 7

restricted access of users to information sources and programs for information processing; registration and action record by users of the information system of personal data; if necessary, use of screening means, if an intrusion is detected, and an analysis of the protective measures and the protection of the information by means of cryptic means; the organization of an access regime to the Operator s territory, the protection of premises with technical means for processing personal data. 5. FINAL PROVISIONS Other Operator s rights and obligations in connection with the processing of Personal Data are determined by the legislation of the Russian Federation in the jurisdiction of personal data. Operator s employees who are guilty of violating the rules governing the processing and protection of Personal Data bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by federal laws. Page 8

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback