Policy regarding the processing of personal data of "NTS" LLC
The most important condition for the implementation of the objectives of "NTS" LLC (hereinafter the Company) is to ensure the necessary and sufficient level of information security of assets, which include personal data and technological processes within which they are processed.
The Company has put into operation a set of organizational and technical measures to ensure the protection of personal data processed both in the information systems of personal data, that is, in the systems, the purpose of which is the processing of personal data, and in other information systems.
This policy defines the principles, procedure and conditions for processing personal data of employees of the Company and other persons, whose personal data are processed by the Company in order to ensure the protection of human and civil rights and freedoms in the processing of personal data, including the protection of rights to privacy, personal and family secrets. In particular, the protection of the rights to privacy, personal and family secrets, as well as establishes the responsibility of employees of the Company with access to personal data for failure to comply with the rules governing the processing and protection of personal data.
2. THE CONCEPT AND SCOPE OF PERSONAL DATA
The list of personal data subject to protection in the Company is formed in accordance with the Federal law of the Russian Federation of July 27, 2006 № 152-FZ "On personal data".
The information constituting personal data in the Company is any information related directly or indirectly to a specific or identifiable natural person (the subject of personal data).
The company processes personal data of the following categories of personal data subjects:
− personal data of employees — information required by the Company in connection with labor relations and relating to a particular employee;
− personal data of the client (potential client, partner, counterparty), as well as personal data of the head, participant (shareholder) or employee of the legal entity that is the client (potential client, partner, counterparty) of the Company, — information necessary for the Company to fulfill its obligations within the framework of contractual relations with the client and to fulfill the requirements of the legislation of the Russian Federation.
3. PURPOSE OF PROCESSING PERSONAL DATA
The company processes personal data for the following purposes:
− conclusion, execution and termination of civil contracts with individuals, legal entities and other persons in cases stipulated by the current legislation and the Charter of the Company;
− organization of personnel records of the Company, conclusion and fulfillment of obligations under labor and civil contracts; management of personnel records management, assistance to employees in employment;
−training and promotion, use of various types of benefits, fulfillment of the requirements of tax legislation in connection with the calculation and payment of tax on personal income. As well as the unified social tax, pension legislation in the formation and presentation of personalized data on each recipient of income taken into account in the calculation of insurance premiums for compulsory pension insurance and security;
− filling in the primary statistical documentation in accordance with the Labor code of the Russian Federation, the Tax code of the Russian Federation, Federal laws, in particular "On personal data", as well as the Charter and internal documents of the Company.
4. THE TIMING OF THE PROCESSING OF PERSONAL DATA
Terms of processing of personal data are determined in accordance with the term of the contract with the subject of personal data.
5. RIGHTS AND OBLIGATIONS
The company as an operator of personal data has the right to:
− to defend their interests in court;
− provide personal data of subjects to the third parties if it is provided by the current legislation (tax, law enforcement agencies, etc.) or it is necessary for the purpose of execution of the contract or other agreement with the Subject of personal data;
− refuse to provide personal data in cases stipulated by the legislation;
− use the personal data of the subject without his consent in the cases provided by the legislation.
The subject of personal data has the right:
− to require clarification of their personal data, their blocking or destruction if the personal data are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
− require a list of their personal data processed by the Company, and the source of their receipt;
− receive information about the processing time of their personal data, including the terms of their storage;
− require notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made to them;
− appeal to the authorized body for the protection of the rights of subjects of personal data or in court illegal actions or omissions in the processing of his personal data;
−to protect their rights and legitimate interests, including damages and (or) compensation for moral damage in court.
6. THE PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
Processing of personal data by the Company is carried out on the basis of the following principles:
− legality and fairness of the purposes and methods of personal data processing;
− compliance of the purposes of personal data processing with the purposes previously defined and declared in the collection of personal data, as well as the powers of the Company;
− compliance of the volume and nature of personal data processed, methods of personal data processing with the purposes of personal data processing;
− reliability of personal data, their sufficiency for the purposes of processing, inadmissibility of processing of personal data excessive in relation to the purposes stated in the collection of personal data;
− the inadmissibility of Association created for incompatible purposes databases containing personal data;
− storage of personal data in a form that allows you to determine the subject of personal data, no longer than required by the purpose of their processing;
−destruction of personal data upon achievement of the processing objectives or in case of loss of the need to achieve them.
Processing of personal data is carried out on the basis of conditions defined by the legislation of the Russian Federation.
7. SECURITY OF PERSONAL DATA
The company takes the necessary organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access and other unauthorized actions.
In order to coordinate actions to ensure the security of personal data, the Company has appointed a person responsible for ensuring the security of personal data.
Personal data are processed mainly automatically and are not freely available to employees of the Company outside the established procedures.
In the case of granting access, the information is transferred to the extent required for the execution of tasks, while employees are required to comply with the confidentiality regime, as well as technical and procedural regulations and security requirements for access and processing of personal data.
8. FINAL PROVISION
This policy is an internal document of the Company, it is publicly available and is subject to publication on the official website of the Company.
The present policy is subject to change, addition in case of new legislation and special regulations on the processing and protection of personal data.
Control of compliance with the requirements of this policy is carried out by the person responsible for ensuring the security of the company's personal data.
Liability of the Company's employees having access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data shall be determined in accordance with the legislation of the Russian Federation and internal documents of the Company.
9. THE RULES OF PERSONAL DATA PROCESSING IN CASE OF SIGNING IN AND/OR UP IN THE CITYDRIVE MOBILE APPLICATION VIA VK ID.
By registering and/or logging on to the Service using VK ID tool, the User agrees and accepts the VK Ecosystem Confidentiality Policy which is available at: https://id.vk.com/privacy.
Personal data and other information that does not constitute personal data are collected in the Service upon registration and/or logging when the User fills the registration form or by other available means including via VK ID tool or any other third-party service, and further when the User edits previously provided information or adds personal data on his/her own initiative (as applicable) using the Service tools.
When the User uses VK ID tool, his/her personal data and other information that does not constitute personal data may be transferred to third parties (VK Ecosystem Services and other Services that utilize VK ID tool when the User uses such Services and/or tools). The Company may also obtain personal data and other information that does not constitute personal data from these third parties to the extent indicated in the User’s VK Ecosystem personal account in order to fulfil agreements with the User of VK Ecosystem.