1. General Information
1.1. The Policy of personal data (as the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed by LLC “Concord Solutions” (as the Operator).
1.2. The Policy has been established in accordance with clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006 (as the Federal Law "On Personal Data"). 1.3. The Policy contains information to disclose in accordance with Part 1 of Article 14 of the Federal Law "On Personal Data" and it is a publicly available document.
2. Information about the operator
2.1. The Operator operates at the address Yeltsin Center, Yekaterinburg, st. Boris Yeltsin, 3
2.2. LLC “Concord Solutions” (phone number +7 (995) 38-90-386) is appointed responsible for the organization of personal data processing.
2.3. The database of information containing personal data of citizens of the Russian Federation is located at the address: Yeltsin Center, Yekaterinburg, st. Boris Yeltsin, 3
3. Information about the processing of personal data
3.1. The Operator processes personal data on a legal basis for performing the functions, powers and duties assigned by the legislation, to exercise the rights and legitimate interests of the Operator, the Operator's employees and third parties.
3.2. The Operator receives personal data directly from the personal data subjects.
3.3. The Operator processes personal data in automated and non-automated ways, using computer technologies and without them.
3.4. Actions related to the processing of personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of the information.
3.5. Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.
4. Processing of personal data of clients
4.1. The Operator processes the personal data of the clients within the framework of the legal relations with the Operator regulated by Part two of the Civil Code of the Russian Federation No. 14-FZ of January 26, 1996 (as the clients).
4.2. The Operator processes the personal data of customers in order to comply with the legislation of the Russian Federation, to conclude and fulfill obligations under contracts with customers and to inform about new products and special offers.
4.3. The Operator processes the personal data of customers with their consent provided for the duration of the contracts concluded with them. In the cases provided for by the Federal Law "On Personal Data", the consent is provided in written form. In other cases, the consent is considered to have been obtained at the conclusion of the contract or while performing certain actions.
4.4. The Operator processes the personal data of the clients during the validity period of the contracts concluded with them. The Operator may process the personal data of clients after the expiration of the contracts concluded with them within the period established by clause 5, Part 3, Article 24 of Part one of the Tax Code of the Russian Federation, Part 1, Article 29 of the Federal Law "On Accounting" and other regulatory legal acts.
4.5. The Operator processes the following personal data of clients:
- Last name, first name, patronymic;
- Type, series and number of the identity document;
- Date of issue of the identity document and information about the issuing authority;
- Year of birth;
- Month of birth;
- Date of birth;
- Place of birth;
- Contact phone number;
- Taxpayer identification number;
- Number of the insurance certificate of the state pension insurance;
5. Information about the security of personal data
5.1. The Operator appoints a person responsible for organizing the processing of personal data to perform the duties provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.
5.2. The Operator applies a set of legal, organizational and technical measures to ensure the security of personal data,to ensure the confidentiality of personal data and protect them from illegal actions:
- provides unrestricted access to the Policy, a copy is posted at the Operator's location, and can also be posted on the Operator's website (if it is available);
- in compliance with the Policy, approves and puts into effect the document "Regulation on the Processing of Personal Data" (as the Regulation) and other local acts;
- informs employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
- allows employees to access personal data processed in the Operator's information system, as well as to their material carriers, only for the performance of their work duties;
- sets the rules for access to personal data processed in the Operator's information system, as well as ensures the registration and accounting of all actions with them;
- assesses the harm that may be caused to the subjects of personal data in the event of a violation of the Federal Law " On Personal Data»;
- determines the security threats to personal data when they are processed in the Operator's information system;
- applies organizational and technical measures and uses information security tools which are necessary to achieve the established level of personal data security;
- detects the facts of unauthorized access to personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them;
- assesses the effectiveness of the measures taken to ensure the security of personal data before the Operator's information system is put into operation;
- performs internal control over the compliance of personal data processing with the Federal Law "On Personal Data", the regulatory legal acts adopted in accordance with it, the requirements for personal data protection, the Policy, Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security when processing in the Operator's information system.
6. Rights of personal data subjects
6.1. The personal data subject has the right to:
- to receive personal data related to this subject and information related to their processing;
- to clarify, block or delete their personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- to revoke their consent to the processing of personal data;
- to protect their rights and legitimate interests, including compensation for damages and compensation for non-pecuniary damage in court;
- to appeal against the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.
6.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain the information specified in Part 3 of Article 14 of the Federal Law "On Personal Data".