The Regulation on the processing of personal data

1. General information

1.1. The Regulation on the processing of personal data (as the Regulation) defines the conditions and procedure for the processing of personal data, which is carried out by LLC “Concord Solutions” (as the Operator).

1.2. The Regulation is developed in compliance with the Policy on the Processing of Personal Data (as the Policy) and in accordance with clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 " On Personal Data "(as the Federal Law "On Personal Data"), as well as the following regulatory legal acts:
— Part two of the Civil Code of the Russian Federation No. 14-FZ of January 26, 1996 (as Part Two of the Civil Code of the Russian Federation)
- Labor Code of the Russian Federation No. 197-FZ of December 30, 2001 (as the Labor Code of the Russian Federation);
— Part one of the Tax Code of the Russian Federation No. 146-FZ of July 31, 1998 (as Part One of the Tax Code of the Russian Federation)
- Federal Law" On Accounting "of December 6, 2011 No. 402-FZ (as the Federal Law" On Accounting»);
- Resolution of the Government of the Russian Federation No. 687 of September 15, 2008 " On Approval of the Regulations on the Specifics of Personal Data Processing Carried Out without the Use of Automation Tools»;
- Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of the Requirements for the protection of personal Data when processing them in Personal Data Information Systems".

2. Organization of personal data processing

2.1. In order to ensure the fulfillment of the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, the Operator is appointed responsible for organizing the processing of personal data (hereinafter — Responsible).

2.2. The responsible person is obliged to:
- ensure the approval, implementation, and updating, if necessary, of the Policy, Regulations and other local acts on the processing of personal data;
- provide unrestricted access to the Policy, a copy of which is placed at the address of the Operator's location;
- evaluate the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator's information system;
- annually assess the damage that may be caused to personal data subjects in the event of a violation of the Federal Law " On Personal Data»;
- annually carry out internal control over the compliance of the Operator and its employees with the legislation on personal data, Policies, Regulations and other local acts on the processing of personal data, including the requirements for the protection of personal data (hereinafter referred to as Regulations);
- to bring to the employees under the signature of the provisions of Normative Acts at the conclusion of an employment contract, as well as on their own initiative;
- to allow employees to access personal data processed in the Operator's information system, as well as to their material carriers, only for the performance of their work duties;
- organize and control the reception and processing of requests and requests of personal data subjects, ensure the exercise of their rights;
- ensure interaction with the authorized body for the protection of the rights of personal data subjects (hereinafter-Roskomnadzor).

3. The security of personal data

3.1. Employees who have obtained access to personal data are obliged not to disclose them to third parties and not to distribute them without the consent of the personal data subject, unless otherwise provided by federal law.

3.2. In order to protect personal data from illegal actions (in particular, illegal or accidental access, destruction, modification, blocking, copying, provision, distribution), the Operator applies a set of legal, organizational and technical measures to ensure the security of personal data, which is a system for the protection of personal data.

3.3. The application of a set of measures to ensure the security of personal data ensures the established level of protection of personal data when processing them in the Operator's information system.

3.4. In order to ensure the fulfillment of the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, the Operator is appointed responsible for ensuring the security of personal data in the information system.

3.5. The person responsible for ensuring the security of personal data in the information system is obliged to:
- annually identify threats to the security of personal data during their processing in the Operator's information system;
- ensure the implementation of organizational and technical measures to ensure the security of personal data and the use of information protection tools necessary to achieve the established level of personal data security when processing in the Operator's information system;
- establish rules for access to personal data processed in the Operator's information system, as well as ensure registration and accounting of all actions with them;
- organize the detection of unauthorized access to personal data and the adoption of response measures, including the recovery of personal data modified or destroyed as a result of unauthorized access to them; - annually carry out internal control over ensuring the established level of protection of personal data when processing in the Operator's information system.

4. Exercise of the rights of personal data subjects

4.1. When the personal data subject applies or receives his request (as the Request) The responsible person ensures that the subject of personal data is provided with information about the availability of personal data related to him, as well as the possibility of getting acquainted with this personal data within 30 days from the date of the Request.

4.2. If there are legal grounds for refusing to provide the personal data subject with information about the availability of personal data related to him, as well as the possibility of getting acquainted with this personal data, the Responsible Person ensures that the personal data subject receives a reasoned response in writing, containing a reference to the provision of Part 8 of Article 14 of the Federal Law "On Personal Data" or another federal law that is the basis for such refusal, within 30 days from the date of the Request.

4.3. If the subject of personal data provides information confirming that his personal data processed by the Operator is incomplete, inaccurate or irrelevant, the Responsible Person ensures that the necessary changes are made to the personal data within 7 working days from the date of the Request.

4.4. When the subject of personal data provides information confirming that his personal data processed by the Operator is illegally obtained or is not necessary for the stated purpose of processing, the Responsible Person ensures the destruction of such personal data within 7 working days from the date of the Request.

4.5. The responsible person ensures that the personal data subject is notified of the changes made to his personal data and the measures taken, and also takes reasonable measures to notify third parties to whom the personal data of this subject has been transferred.

4.6. If the subject of personal data withdraws consent to their processing, it can be continued if there are grounds specified in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of the Federal Law "On Personal Data".

5. Interaction with Roskomnadzor

5.1. At the request of Roskomnadzor, the Responsible Person will arrange for the provision of local acts regarding the processing of personal data and documents confirming the adoption of measures to comply with the requirements of the Federal Law "On Personal Data", within 30 days from the date of receipt of the request.

5.2. At the request of Roskomnadzor, the Responsible Person will organize the clarification, blocking or destruction of false or illegally obtained personal data within 30 days from the date of receipt of the request.

5.3. In the cases provided for in Article 22 of the Federal Law "On Personal Data", the Responsible Person sends a notification to Roskomnadzor about the intention to process personal data.

5.4. If necessary, the Responsible Person sends requests to Roskomnadzor regarding the processing of personal data carried out by the Operator.

6. Liability for violation of the procedure for processing and ensuring the security of personal data

6.1. If an employee violates the provisions of the legislation in the field of personal data, he may be brought to disciplinary, material, civil, administrative and criminal liability in accordance with the procedure established by the Labor Code of the Russian Federation and other federal laws, in accordance with Part 1 of Article 24 of the Federal Law "On Personal Data" and Article 90 of the Labor Code of the Russian Federation.

6.2. If an employee discloses personal data that has become known to him in connection with the performance of his work duties, the employment contract with him may be terminated in accordance with subclasses "b" of clause 6 of Article 81 of the Labor Code of the Russian Federation.

Позвонить