1.2. The policy regarding the processing of personal data in the Kumzha Ethnocomplex (hereinafter – the Regulation) defines the procedure for the collection, storage, transfer and other types of processing of personal data in the Kumzha Ethnocomplex (hereinafter – the Company), as well as information on the implemented requirements for the protection of personal data.
1.3. The policy is developed in accordance with the current legislation of the Russian Federation.
2. The scope of personal data
2.1. Information constituting personal data is any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data). A detailed list of personal data recorded in the local normative documents of the ethno-complexes Trout.
2.2. All personal data processed by the Kumzha Ethnocomplex are confidential and strictly protected information in accordance with the legislation.
3. Purposes of personal data processing
3.1. Personal data are processed by the ethno-complexes Trout in order to formalize their employment and other contractual relationships, human resources, accounting, tax accounting, osnovaniyam provided in article 22 of the Federal law dated 27.06.2006 №152-FZ, 85 to 90 of the Labour code of the Russian Federation, as well as to the organization and conduct of the ethno-complexes Trout (including engaging third parties), loyalty programs, marketing and/or advertising campaigns, studies, surveys and other activities; execution of the ethno-complexes Trout obligations under the contract of retail purchase and sale of goods in retail stores ethno-complexes Trout; provision of other services to personal data subjects; promotion of services and/or goods of the Kumzha ethnocomplex And/or partners of the Kumzha Ethnocomplex on the market through direct contacts with customers of the Kumzha Ethnocomplex via various means of communication, including, without limitation, by phone, e-mail, mailing, on the Internet, etc.; for other purposes, if the actions of the Kumzha Ethnocomplex do not contradict the current legislation.
3.2. Ethnocomplex Kumzha in order to properly perform its duties of the Operator processes the following personal data necessary for the proper performance of contractual obligations:
* personal data of the Operator's employees who are in an employment relationship with the Operator;
* personal data of other individuals, including, but not limited to, contractual, student, civil relations with the Operator, including, but not limited to, students, buyers, regular customers, professional athletes, candidates.
4. Procedure for collection, storage, transfer and other types of personal data processing
4.1. The processing of personal data, carried out without the use of automation, is carried out in such a way that for each category of personal data it is possible to determine the place of storage of personal data (tangible media). The operator has established a list of persons engaged in the processing of personal data or having access to them. Separate storage of personal data (material carriers) is provided, the processing of which is carried out for various purposes. The operator ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.
4.2. Processing of personal data, carried out using automation, is subject to the following actions: the Operator carries out technical measures aimed at preventing unauthorized access to personal data and (or) transfer them to persons who do not have the right to access such information; security tools are configured to timely detect the facts of unauthorized access to personal data; technical means of automated processing of personal data are isolated in order to prevent the impact on them, as a result of which their functioning may be disrupted; the Operator backs up the data in order to be able to immediately restore personal data modified or destroyed as a result of unauthorized access to them; exercises constant control over the level of protection of personal data.
5. Information on the implemented requirements for the protection of personal data.
5.1. The operator carries out the following activities: identifies threats to the security of personal data during their processing, forms on the basis of their threat model; provides development on the basis of model of threats of personal data protection system, providing the neutralization of the prospective threats with the use of methods and ways of protection of personal data provided for the appropriate class of information systems; forms the plan of inspections of preparedness of new information security tools to use with the preparation of the conclusions about possibility of their operation; carries out installation and commissioning of information security in accordance with operational and technical documentation; conducts training of persons using information security tools used in information systems, the rules of work with them; takes into account the applicable information security tools, operational and technical documentation to them, personal data carriers; keeps records of persons admitted to work with personal data in the information system; monitors compliance with the conditions of use of information security tools provided by operational and technical documentation; has the right to initiate proceedings and draw conclusions on the facts of non-compliance with the conditions of storage of personal data carriers, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations that lead to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations; it has a description of the system of personal data protection.
5.2. For the development and implementation of specific measures to ensure the security of personal data during their processing in the information system, The operator or an authorized person is responsible for the information technology division of the Operator. Persons whose access to personal data processed in the information system is necessary for the performance of official (labor) duties are allowed to the relevant personal data on the basis of the list approved by the Operator. Requests of users of information system for receiving personal data, and also the facts of providing personal data on these requests are registered by the automated means of information system in the electronic magazine of addresses. The content of the electronic journal of appeals is periodically checked by the relevant officials (employees) of the Operator or the authorized person. Upon detection of violations of the procedure for the provision of personal data, the Operator or an authorized person shall immediately suspend the provision of personal data to users of the information system until the causes of violations are identified and these reasons are eliminated.
6. Rights and obligations of the Operator
6.1. The ethno-complexes Trout as the personal data Operator shall have the right:
* defend their interests in court;
* provide personal data of subjects to third parties, if it is provided by the current legislation (tax, law enforcement agencies, etc.).);
* refuse to provide personal data in cases stipulated by the legislation;
* use the personal data of the subject without his consent, in cases provided by law.
7. Rights and obligations of the personal data subject
7.1. The personal data subject has the right to::
* require clarification of their personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
* require a list of your personal data processed by the Operator and the source of their receipt;
* receive information about the terms of processing of your personal data, including the terms of their storage;
* require all persons who have previously been provided with incorrect or incomplete personal information to be notified of any exceptions, corrections or additions made thereto;
* appeal to the authorized body for the protection of the rights of subjects of personal data or in court illegal actions or omissions in the processing of his personal data;
* to protect their rights and legitimate interests, including damages and (or) compensation for moral damage in court.
8. Final provision
8.1. This Policy is subject to change, addition in the event of new legislation and special regulations on the processing and protection of personal data.
8.2. This Policy is an internal document Of the ethnocomplex Kumzha, and should be posted on the official website of the Ethnocomplex Kumzha.
8.3. Control over the fulfillment of the requirements of this Policy is carried out by the person responsible for ensuring the security of personal data of the Kumzha Ethnocomplex.
Be always aware of new activities, services and products of the ethnic complex.