- General provisions
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) has been drawn up following paragraph 2 of Article 18.1 of the Federal Law “On Personal Data” No. 152-FZ dated July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and acts about all personal data (hereinafter referred to as data) that the Organization (hereinafter referred to as the Operator, the Company) can receive from the subject of personal data, who is a party to a civil law contract, from an Internet user (hereinafter referred to as the User) in the time he uses any of the sites, services, services, programs, products or services of IP “KHAZIEVA”, as well as from the subject of personal data, who is with the Operator in a relationship regulated by labor law (hereinafter – the Employee).
1.2. The operator protects the processed personal data from unauthorized access and disclosure, misuse, or loss by the requirements of the Federal Law of July 27, 2006, No. 152-FZ “On Personal Data”.
1.3. The operator has the right to make changes to this Policy. When making changes in the title of the Policy, the date of the last revision is indicated. The new version of the Policy comes into force from the moment it is posted on the website unless otherwise provided by the new version of the Policy.
- Terms and accepted abbreviations
Personal data – any information relating directly or indirectly to a specific or identifiable individual (the subject of personal data).
Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
A personal data information system (ISPDN) is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Personal data made publicly available by the subject of personal data is personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
Destruction of personal data is acting as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
The operator is an organization that independently or jointly with other persons organizes the processing of personal data, as well as determining the purposes of processing personal data be processed, actions (operations) performed with personal data. The operator is FE “KHAZIEVA”, located at the address: st. Vasilisa Kozhinoy, 1, Moscow, Business Center “Victory Park” Postcode: 121096
- Personal data processing
3.1. Receiving personal data.
3.1.1. All personal data should be obtained from the subject himself. If the personal data of the subject can only be obtained from a third party, then the subject must be notified of this or consent must be obtained from him.
3.1.2. The operator must inform the subject about the purposes, the alleged sources and methods of obtaining personal data, the nature of the personal data to be received, the list of actions with personal data, the period during which the consent is valid, and the procedure for withdrawing it, as well as the consequences of the subject’s refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by:
– copying of original documents (passport, educational document, TIN certificate, pension certificate, etc.);
– entering information into accounting forms;
– obtaining originals of the necessary documents (work record book, medical certificate, characteristics, etc.).
3.2. Processing of personal data.
3.2.1. The processing of personal data is carried out:
– with the consent of the subject of personal data to the processing of his personal data;
– in cases where the processing of personal data is necessary for the implementation and implementation of functions, powers, and duties imposed by the legislation of the Russian Federation;
– in cases when the processing of personal data is carried out, access of an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter – personal data made by the publicly available subject of personal data).
3.2.2. Purposes of personal data processing:
– implementation of labor relations;
– implementation of civil law relations;
– to communicate with the user, in connection with filling out the feedback form on the site, including sending notifications, requests, and information regarding the use of the site of IP “KHAZIEVA”, processing, approval of orders for services/works, execution of agreements and contracts;
– depersonalization of personal data to obtain anonymized statistical data, which are transferred to a third party for research, the performance of work, or provision of services on behalf of the Company.
3.2.3. Categories of subjects of personal data.
Personal data of the following personal data subjects are processed:
– individuals who are in labor relations with the Company;
– individuals who quit the Company;
– individuals who are candidates for work;
– individuals who are in civil law relations with the Company;
– individuals who are Users of the Company’s Website.
3.2.4. Personal data processed by the Operator:
– data obtained during the implementation of labor relations;
– data obtained for the selection of candidates for work;
– data obtained in the implementation of civil law relations;
– data received from the Users of the Company’s Website.
3.2.5. The processing of personal data is carried out:
– using automation tools;
– without using automation tools.
3.3. Storage of personal data.
3.3.1. The personal data of the subjects can be obtained, undergo further processing, and transferred to storage, both on paper and in electronic form.
3.3.2. Personal data recorded on paper is stored in lockable cabinets or locked rooms with limited access rights.
3.3.3. The personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. It is not allowed to store and place documents containing personal data in open electronic catalogs (file sharing) in ISPDN.
3.3.5. The storage of personal data in a form that makes it possible to determine the subject of personal data is carried out no longer than the purpose of their processing requires, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them.
3.4. Destruction of personal data.
3.4.1. The destruction of documents (carriers) containing personal data is carried out by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. A shredder can be used to destroy paper documents.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of the destruction of personal data is documented by an act on the destruction of media.
3.5. Transfer of personal data.
3.5.1. The operator transfers personal data to third parties in the following cases:
– the subject has expressed his consent to such actions;
– the transfer is provided for by Russian or other applicable law within the framework of the procedure established by law.
3.5.2. List of persons to whom personal data is transferred.
– Pension fund of the Russian Federation for accounting (legally);
– tax authorities of the Russian Federation (legally);
– Social Insurance Fund of the Russian Federation (legally);
– territorial fund of compulsory medical insurance (legally);
– insurance medical organizations for compulsory and voluntary medical insurance (legally);
– banks for calculating wages (based on an agreement);
– bodies of the Ministry of Internal Affairs of Russia in cases established by law;
- Personal data protection
4.1. By the requirements of regulatory documents, the Operator has created a personal data protection system (PDPD), which consists of legal, organizational, and technical protection subsystems.
4.2. The subsystem of legal protection is a set of legal, organizational, administrative, and regulatory documents that ensure the creation, functioning, and improvement of the SZPD.
4.3. The organizational protection subsystem includes the organization of the management structure of the data protection system, the permitting system, information protection when working with employees, partners, and third parties.
4.4. The subsystem of technical protection includes a complex of technical, software, software, and hardware tools that ensure the protection of personal data.
4.4. The main measures for protecting personal data used by the Operator are:
4.5.1. Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instruction, internal control over the compliance of the institution and its employees with the requirements for the protection of personal data.
4.5.2. Identification of current threats to the security of personal data during their processing in ISPD and development of measures and measures to protect personal data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishing rules for accessing personal data processed in ISPD, as well as ensuring registration and accounting of all actions performed with personal data in ISPD.
4.5.5. Establishment of individual passwords for employees’ access to the information system by their production responsibilities.
4.5.6. Application of the procedure for assessing the conformity of information protection means that have passed in the prescribed manner
4.5.7. Certified anti-virus software with regularly updated databases.
4.5.8. Compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them.
4.5.9. Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Recovery of personal data modified or destroyed due to unauthorized access to them.
4.5.11. Training of the Operator’s employees who are directly involved in the processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Operator’s policy regarding the processing of personal data, local acts on the processing of personal data.
4.5.12. Internal control and audit.
- Basic rights of the subject of personal data and obligations of the Operator
5.1. Basic rights of the subject of personal data.
The subject has the right to access his personal data and the following information:
– confirmation of the fact of processing of personal data by the Operator;
– legal grounds and purposes of personal data processing;
– the purposes and methods of processing personal data used by the Operator;
– the name and location of the Operator, information about persons (except for the Operator’s employees) who have access to personal data or to whom personal data may be disclosed based on an agreement with the Operator or based on federal law;
– terms of processing personal data, including the terms of their storage;
– the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law;
– name or surname, first name, patronymic, and address of the person who processes personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such a person;
– contacting the Operator and sending him requests;
– appeal against actions or omissions of the Operator.
5.2. Obligations of the Operator.
The operator is obliged:
– when collecting personal data, provide information on the processing of personal data;
– in cases where personal data was not received from the subject of personal data, notify the subject;
– in case of refusal to provide personal data to the subject, the consequences of such refusal are explained;
– publish or otherwise provide unrestricted access to the document defining its policy about the processing of personal data, to information on the implemented requirements for the protection of personal data;
– take the necessary legal, organizational, and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions with personal data;
– to provide answers to requests and requests from personal data subjects, their representatives, and the authorized body for the protection of the rights of personal data subjects.
Personal data controller contact information:
Company: IP “KHAZIEVA”
Our training studio (school) is located at:
10 E 23rd St, Unit 220, New York, NY 10010, United States
Contact email address: email@example.com