Personal Data Processing Policy on the website

1. General provisions
1.1. This document defines the policy of the Penetron-Russia Group of Companies (hereinafter referred to as the Company) regarding the processing of personal data.
1.2. This Policy has been developed in accordance with the current legislation of the Russian Federation on the protection of personal data and applies to all personal data that the Company can access from the subject of personal data.
1.3. This Policy applies to all processes for the collection, recording, systematization, accumulation, storage, clarification, extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data carried out using automation tools and without the use of such tools.
1.4. The Policy is mandatory for review and execution by all persons authorized to process personal data in the personal data information system.
2. Basic concepts used in this Policy
2.1. Personal data - any information relating directly or indirectly to a specific or identifiable individual (personal data subject).
2.2. The operator - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the personal data processing, as well as defining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) committed with personal data;
2.3. Personal data processing - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.4. Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite circle of persons;
2.5. Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
2.6. Blocking of personal data - temporary termination of processing of personal data (except in cases where processing is necessary to clarify personal data);
2.7. Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
2.8. Personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
2.9. Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
3. Purposes, principles, conditions of personal data processing
3.1. Personal data is processed in the Company for the purposes of:
- ensuring compliance with the legislation of the Russian Federation, local regulations of the Company;
- regulation of labor relations with employees of the Company;
- formation of reference materials for internal information support of the Company's activities;
- conclusion, execution, termination of contracts with counterparties;
- for other legitimate purposes.
3.2. The processing of personal data is carried out on the basis of the following principles:
- personal data processing is carried out in the Company on a legal and fair basis;
- the processing of personal data is limited to the achievement of specific, predetermined and legitimate goals;
- processing of personal data incompatible with the purposes of personal data collection is not allowed;
- the processing of personal data ensures the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of personal data processing. The Company takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
- the storage of personal data is carried out in a form that allows determining the subject of personal data, no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor. The processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.
3.3. The processing of personal data is carried out in the Company on the basis of the conditions defined by the legislation of the Russian Federation.
4. List of subjects whose personal data is processed in the Company
4.1. The Company, being the operator, processes the personal data of the following categories of subjects:
- employees who are or have been in an employment relationship with the Company;
- counterparties, as well as authorized representatives of counterparties;
- site visitors www.penetron.ru ;
- applicants for vacant positions;
-other subjects of personal data (to ensure the implementation of the processing purposes specified in section 3 of the Policy).
5. List of personal data processed by the Company
5.1. The list of personal data processed by the Company is determined in accordance with the legislation of the Russian Federation and local regulations of the Company, taking into account the purposes of processing personal data set out in Section 3 of this Policy.
6. Rights of personal data subjects
6.1. Personal data subjects have the right to:
- full information about their personal data processed by the Company if such right is not restricted in accordance with federal laws;
- clarification of their personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing
- withdrawal of consent to the processing of personal data
- exercise of other rights provided for by the legislation of the Russian Federation.
7. Ensuring the security of personal data processed by the Company
7.1. When processing personal data, the Company takes the necessary legal, organizational and technical measures and ensures that they are taken to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with respect to personal data.
7.2. The Company does not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by the legislation of the Russian Federation.
8. Final provisions
8.1. This Policy is an internal document of the Company. The electronic version of the Policy is available on the website www.penetron.ru
8.2. This Policy is subject to change, addition in the event of new legislative acts and special regulations on the processing and protection of personal data.
8.3. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for organizing the processing of personal data in the Company.
8.4. The responsibility of the Company's employees who process personal data and have the right to access them for non-compliance with the requirements of the norms governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and internal documents of the Company.
CONSENT TO THE PROCESSING OF PERSONAL DATA
1. By submitting their personal data, the User gives consent to the Site Administration[1] www.penetron.ru to process, store and use their personal data on the basis of Federal Law No. 152-FZ "On Personal Data" dated 27.07.2006 for the following purposes:
- identification of the party within the use of the Site Services;
- execution of the contract to which the subject of personal data is a party;
- communication with the User, if necessary, including sending notifications, requests and information related to the use of Services, the provision of services, as well as processing requests and requests from the User;
2. Within the framework of this Consent, "personal data" means:
- personal information that the User provides about himself/herself when submitting an application or during the use of the Site's Services, including the user's personal data. The information required for the provision of the Site's Services is marked in a special way (with a "*" sign and a warning about the obligation to provide information). Other information is provided by the user at his discretion.
- data that is automatically transmitted to the Site Services during their use using the software installed on the user's device, including IP address, cookie information, information about the user's browser (or other program that accesses the Services), access time, the address of the requested page and other data.
- other information about the user, the collection and/or provision of which is necessary for the use of the Services.
3. Users' personal data is stored exclusively on electronic media and processed using automated systems, except in cases when non-automated processing of personal data is necessary in connection with compliance with legal requirements.