Regulation of personal data
General provisions
This Policy is represented by Open Mind Consulting LLC (143002, Russia, Moscow region, Odintsovsky district, city of Odintsovo, Akulovskaya street, 2a, letter B2, office 307, tax number 7724938316), which is acting on the basis of a certificate of registration as an individual entrepreneur, regarding the processing of personal data (hereinafter referred to as the Policy) was developed in pursuance of the requirements of paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of a citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
The Policy applies to all personal data processed by the Open Mind Consulting LLC (hereinafter referred to as the Operator). This document regarding the processing of personal data» (hereinafter referred to as the Policy) was developed in accordance with the Constitution of the Russian Federation, Federal Law No. 160-FZ «On Ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data», Mining Code of the Russian Federation No. 197-FZ, Federal Law No. 152-FZ «On Personal Data» (hereinafter — FZ-152), other federal laws and by-laws of the Russian Federation that determine the cases and features of the processing of personal data and ensuring the security and confidentiality of such information.
The provisions of this Policy apply to relations of personal data processing field that arose with the Operator both before and after the approval of this Policy; are binding on all employees of the Operator who process personal data; are the basis for organizing work on the processing of personal data by the Operator, including the development of internal regulatory documents governing the processing and protection of personal data by the Operator.
In pursuance of the requirements h. 2 Article. 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator’s website.
Basic concepts
Automated processing of personal data — processing of personal data using computer technology.
Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
Personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Depersonalization of personal data — actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
Processing of personal data — any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among other things: collection; record; systematization; accumulation; storage; clarification (update, change); extraction; usage; transfer (distribution, provision, access); depersonalization; blocking; removal; destruction.
Personal data operator (Operator) — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
Information resources of the Operator: an address consisting of the name of the protocol — http, the server — www, the domain, the name of the directory on the server and the file name of the web page), through which access will be provided to an unlimited number of persons and other actions with the personal data of the subject of personal data.
Personal data — any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain circle of persons.
Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons.
Destruction of personal data — actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
Rights and obligations
Operatot has a right:
· to determine the composition independently and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.
· to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by the Law on Personal Data
· in the case that the subject of personal data withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data
Operator is obligated:
· to organize the processing of personal data in accordance with the requirements of the Law on Personal Data.
· to respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data.
The subject of personal data has the right:
· to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.
· to put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market.
· To withdraw his consent to the processing of personal data.
· to appeal against illegal actions or inaction of the Operator when processing his personal data
· to control over the fulfillment of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data by the Operator
Responsibility for violation of the requirements of the legislation of the Russian Federation and the regulations of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation
Conditions for processing personal data
The content and scope of the processed personal data must correspond to the stated purposes of processing, based on the following principles:
· legitimacy and fairness.
· limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes.
· preventing the processing of personal data that is incompatible with the purposes of collecting personal data.
· preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
· processing only those personal data that meet the purposes of their processing
· compliance of the content and scope of the processed personal data with the stated purposes of processing;
· preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
· ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
· destruction or depersonalization of personal data upon reaching the goals of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate the committed violations of personal data, unless otherwise provided by federal law.
· purposes of collecting personal data. The operator processes personal data in the presence of at least one of the following conditions:
· the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
· the processing of personal data is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or the law.
· Purposes of collecting personal data. The operator processes personal data in the presence of at least one of the following conditions:
· the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data
· to exercise and fulfill the functions, powers and obligations assigned to the operator by the legislation of the Russian Federation;
· the processing of personal data is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or the law, to exercise and fulfill the functions, powers and obligations assigned to the operator by the legislation of the Russian Federation;
· the processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor.
· the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated.
· processing of personal data is carried out, access to an unlimited circle of persons to which is provided by the subject of personal data or at his request (hereinafter referred to as personal data permitted for distribution.
· processing of personal data subject to publication or mandatory disclosure in accordance with federal law.
· the processing of personal data is carried out automatically by:
· receiving personal data in oral and written form (both in paper and electronic form) directly from the subjects of personal data.
· obtaining personal data from publicly available sources;
· entering personal data into the journals, registers and Information systems of the Operator.
· Cookies are used when using the website https://apalienko.com and its subdomains. The use of cookies allows you to control the availability of the site, analyze data. When you are visiting the site https://apalienko.com asks the User’s consent to use cookies. The user has the right at any time to independently change the settings for accepting cookies in the settings of his browser or disable them completely without guaranteeing that the full functionality of the site will be preserved.
· use of other methods of personal data processing the requirements for the content of the consent to the processing of personal data permitted by the subject of personal data for distribution are approved by Order of Federal Service for Supervision of Communications, Information Technology and Mass Communications dated February 24, 2021 N 18.
Consent must contain the following information:
· surname, name, patronymic (if any) of the subject of personal data
· contact information (telephone number, e-mail address or postal address of the subject of personal data)
· information about the operator-organization — the name, address specified in the Unified State Register of Legal Entities, taxpayer identification number, main state registration number (if it is known to the subject of personal data).
· other information that does not contradict the Legislation of the Russian Federation, including the address of the subject of personal data (if applicable)
· Confidentiality of personal data. The operator and other persons who have gained access to personal data do not disclose to third parties and do not distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
· The processing by the Operator of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the legislation of the Russian Federation.
· The Operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, unless the subject of personal data has consented in writing to the processing of his personal data, including number sent and received via the Internet.
· It is not allowed to disclose to third parties and distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the subject of personal data for distribution is issued separately from other consents of the subject of personal data to the processing of his personal data.
· the transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation
· the operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
· determines threats to the security of personal data during their processing
· adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
· appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator
· creates the necessary conditions for working with personal data
· organizes accounting of documents containing personal data;
· organizes work with information systems in which personal data is processed
· stores personal data under conditions that ensure their safety and exclude unauthorized access to them;
· organizes training for the Operator’s employees who process personal data.
· The operator stores personal data in a form that allows to determine the subject of personal data, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law, contract
· When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, for except in the cases specified in the Law on Personal Data.
· Cross-border transfer of personal data. The operator makes sure that the foreign state, to whose territory the transfer of personal data is supposed to be carried out, provides adequate protection of the rights of personal data subjects, before the start of such transfer. Cross-border transfer of personal data on the territory of foreign states that do not provide adequate protection of the rights of subjects of personal data may be carried out in the following cases: the consent in writing of the subject of personal data to the cross-border transfer of his personal data; execution of an agreement to which the subject of personal data is a party.
Access to personal data
Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Art. 14 of the Law on Personal Data are provided by the Operator to the subject of personal data or his representative when applying or upon receipt of a request from the subject of personal data or his representative.
The information provided does not include personal data relating to other subjects of personal data, unless there are legal grounds for disclosing such personal data.
The request must contain:
· Number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the said document and the authority that issued it.
· Information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator.
· signature of the personal data subject or his representative.
The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If in the appeal (request) of the subject of personal data, in accordance with the requirements of the Law on Personal Data, all the necessary information is not reflected or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
The right of the subject of personal data to access his personal data may be limited in accordance with Part 8 of Art. 14 of the Law on Personal Data, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.
In the event that inaccurate personal data is detected when the subject of personal data or his representative contacts, or at their request or at the request of Federal Service for Supervision of Communications, Information Technology and Mass Communications, the Operator blocks personal data relating to this subject of personal data from the moment of such request or receipt of the specified request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the subject of personal data or his representative or Federal Service for Supervision of Communications, Information Technology and Mass Communications, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
If unlawful processing of personal data is detected when a personal data subject or his representative or Federal Service for Supervision of Communications, Information Technology and Mass Communications contacts (requests) the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment of such a request or receipt of a request.
Upon reaching the goals of processing personal data, as well as in the event that the subject of personal data withdraws consent to their processing, personal data shall be destroyed if otherwise is not provided by the agreement, the party of which, the beneficiary or the guarantor, under which the subject of personal data is; The operator is not entitled to process without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws; otherwise not provided by another agreement between the Operator and the subject of personal data.
Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data
Miscellaneous
Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data.
We do not use personal or other user data for advertising purposes and strictly adhere to all privacy requirements.
Limited liability company «Open Mind Consulting»
143002, Russia, Moscow region, Odintsovsky district, city of Odintsovo, Akulovskaya street, 2a, letter B2, office 307
Tax number 7724938316