Developer of network and telecommunications equipment

+7 (495) 477-81-18
Contact Us
RU
Request a call
Leave your phone so that our specialist can contact you.
+7 (495) 477-81-18, Moscow, st. Ryabinovaya, 26
Main page
Privacy Statement

Send request


Personal Data Protection and Processing Policy

1. General Provisions

1.1. This Policy of KYUTEK Limited Liability Company regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his or her personal data, including the protection of the rights to privacy, personal and family secrets.

1.2. The Policy applies to all personal data processed by KYUTEK Limited Liability Company (hereinafter referred to as the Operator, KYUTEK LLC).

1.3. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

1.4. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Operator's website on the Internet information and telecommunications network.

2. Terms and accepted abbreviations

Personal data (PD) - any information related to a directly or indirectly defined or determinable individual (personal data subject).

Personal data permitted for distribution by the personal data subject - these are personal data, access to which by an unlimited number of persons is provided by the personal data subject by giving consent to the processing of personal data permitted for distribution by the personal data subject.

Personal data operator (operator) - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.

Personal data processing – any action (operation) or set of actions (operations) with personal data, performed with or without the use of automation tools. Personal data processing includes, among other things:

collection;

recording;

systematization;

accumulation;

storage;

clarification (updating, modification);

retrieval;

use;

transfer (provision, access);

distribution;

depersonalization;

blocking;

deletion;

destruction.

Automated personal data processing – processing of personal data using computer technology.

Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons.

Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).

Destruction of personal data – actions that make it impossible to restore the contents of personal data in the personal data information system and (or) that destroy the tangible media of personal data.

Depersonalization of personal data – actions that make it impossible to determine the ownership of personal data by a specific personal data subject without using additional information.

Personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign government agency, a foreign individual or a foreign legal entity.

Personal data protection – activities aimed at preventing the leakage of protected personal data, unauthorized and unintentional impacts on protected personal data.

3. Procedure and conditions for processing and storing personal data

3.1. The personal data is processed by the Operator in accordance with the requirements of the legislation of the Russian Federation.

3.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Russian Federation.

3.3. Consent to the processing of personal data permitted by the subject of personal data for distribution is drawn up separately from other consents of the subject of personal data to the processing of his personal data.

3.4. Consent to the processing of personal data permitted by the subject of personal data for distribution may be provided to the operator:

directly;

using the information system of the authorized body for the protection of the rights of subjects of personal data

3.5. The Operator carries out both automated and non-automated processing of personal data.

3.6. The Operator's employees whose job responsibilities include the processing of personal data are allowed to process personal data.

3.7. Personal data are processed by:

obtaining personal data in oral and written form directly with the consent of the personal data subject to the processing or distribution of his personal data;

entering personal data into the Operator's journals, registers and information systems;

using other methods of processing personal data.

3.8. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is prohibited, unless otherwise provided by federal law.

3.9. Transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.

3.10. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:

determines threats to the security of personal data during their processing;

adopts local regulations and other documents governing relations in the field of processing and protection of personal data;

appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;

creates the necessary conditions for working with personal data;

organizes the accounting of documents containing personal data;

organizes work with information systems in which personal data is processed;

stores personal data in conditions that ensure their safety and exclude unauthorized access to them;

organizes training for the Operator's employees who process personal data.

3.11. The Operator stores personal data in a form that allows identifying the subject of personal data for no longer than required for the purposes of processing personal data, unless the storage period for personal data is established by federal law, contract or agreement.

3.12. When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.

3.13. Purposes of processing personal data:

3.13.1. Only personal data that meets the purposes of their processing are subject to processing.

3.13.2. The Operator processes personal data for the following purposes:

ensuring compliance with the Constitution, federal laws and other regulatory legal acts of the Russian Federation;

carrying out its activities in accordance with the charter of KYUTEK LLC;

maintaining personnel records;

assisting employees in finding employment, obtaining education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;

attracting and selecting candidates for employment with the Operator;

organizing the registration of employees for individual (personalized) records in the compulsory pension insurance system;

filling out and submitting to executive authorities and other authorized organizations the required reporting forms;

implementing civil law relations;

maintaining accounting records;

implementing an access control system.

3.14.3. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.

3.15. Categories of personal data subjects.

The following personal data subjects are processed:

individuals who are in employment relations with KYUTEK LLC;

individuals who have resigned from KYUTEK LLC;

individuals who are job candidates;

individuals who have civil law relations with KYUTEK LLC, including individuals registered on the official website of KYUTEK LLC on the Internet: https://qtech.ru/

3.16. PD processed by the Operator:

data obtained in the course of employment relations;

data obtained for the selection of job candidates;

3.16. PD processed by the Operator:

data obtained in the course of employment relations;

data obtained for the selection of job candidates;

data obtained in the course of civil law relations;

3.17. Storage of PD.

3.17.1. PD of subjects may be received, undergo further processing and transferred for storage both on paper and in electronic form.

3.17.2. PD recorded on paper are stored in locked cabinets or in locked rooms with limited access rights.

3.17.3. PD of subjects processed using automation tools for different purposes are stored in different folders.

3.17.4. Storage and placement of documents containing PD in open electronic directories (file sharing services) in the ISPD is prohibited.

3.17.5. Storage of PD in a form that allows identifying the subject of PD is carried out no longer than required by the purposes of their processing, and they are subject to destruction upon achieving the processing purposes or in the event of loss of the need to achieve them.

3.17. Destruction of PD.

3.17.1. Destruction of documents (media) containing PD is carried out by burning, crushing (grinding), chemical decomposition, turning into a shapeless mass or powder. A shredder may be used to destroy paper documents.

3.17.2. PD on electronic media are destroyed by erasing or formatting the media.

3.17.3. The fact of destruction of PD is documented by an act on the destruction of media.

4. Protection of personal data

4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPS), consisting of subsystems of legal, organizational and technical protection.

4.2. The legal protection subsystem is a set of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the SPPD.

4.3. The organizational protection subsystem includes the organization of the SPPD management structure, the permit system, and the protection of information when working with employees, partners and third parties.

4.4. The technical protection subsystem includes a set of technical, software, and hardware and software tools that ensure the protection of personal data.

4.5. The main measures to protect personal data used by the Operator are:

4.5.1. Appointment of a person responsible for processing personal data, who organizes the processing of personal data, training and instruction, internal control over compliance by the institution and its employees with the requirements for the protection of personal data.

4.5.2. Determination of current threats to the security of personal data when processing them in the ISPD and development of measures and activities to protect personal data.

4.5.3. Development of a policy regarding the processing of personal data.

4.5.4. Establishing rules for access to PD processed in the ISPD, as well as ensuring the registration and accounting of all actions performed with PD in the ISPD.

4.5.5. Establishing individual passwords for employee access to the information system in accordance with their work responsibilities.

4.5.6. Using information security tools that have undergone the established compliance assessment procedure.

4.5.7. Certified anti-virus software with regularly updated databases.

4.5.8. Compliance with conditions that ensure the safety of PD and exclude unauthorized access to them.

4.5.9. Detecting facts of unauthorized access to personal data and taking measures.

4.5.10. Restoring PD modified or destroyed due to unauthorized access to them.

4.5.11. Training of the Operator's employees directly involved in the processing of personal data in the provisions of the Russian Federation legislation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, and local acts on issues of processing personal data.

4.5.12. Implementation of internal control and audit.

5. Basic rights of the personal data subject and obligations of the Operator

5.1. Basic rights of the personal data subject.

The subject has the right to access his personal data and the following information:

confirmation of the fact of personal data processing by the Operator;

legal grounds and purposes of personal data processing;

purposes and methods of personal data processing used by the Operator;

name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;

periods for processing personal data, including periods of storage;

procedure for the personal data subject to exercise the rights provided for by this Federal Law;

the name or surname, first name, patronymic and address of the person processing the PD on behalf of the Operator, if the processing is or will be entrusted to such person;

contacting the Operator and sending him requests;

appealing the actions or inactions of the Operator.

5.2. Operator's Responsibilities.

The Operator is obliged to:

provide information on the processing of PD when collecting PD;

notify the subject if the PD was not received from the PD subject;

in case of refusal to provide PD, the subject is informed of the consequences of such refusal;

publish or otherwise provide unlimited access to the document defining its policy regarding the processing of PD, to information on the implemented requirements for the protection of PD;

take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;

respond to requests and appeals from PD subjects, their representatives and the authorized body for the protection of the rights of PD subjects.

6. Updating, correcting, deleting and destroying personal data, responding to requests from subjects for access to personal data

6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the "Law on Personal Data" shall be provided by the Operator to the personal data subject or his representative upon request or upon receipt of a request from the personal data subject or his representative.

The information provided shall not include personal data related to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.

The request must contain:

the number of the main document certifying the identity of the personal data subject or his representative, information on the date of issue of the said document and the body that issued it;

information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;

signature of the personal data subject or his/her representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

If the request (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him/her.

The right of the personal data subject to access his/her personal data may be limited in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the personal data subject's access to his/her personal data violates the rights and legitimate interests of third parties.

6.2. In the event that inaccurate personal data is discovered upon the request of the personal data subject or his/her representative or at their request or at the request of Roskomnadzor, the Operator blocks the personal data related to this personal data subject from the moment of such request or receipt of the said request for the verification period, if the blocking of the personal data does not violate the rights and legitimate interests of the personal data subject or third parties.

In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of the personal data.

6.3. In case of detection of unlawful processing of personal data upon an appeal (request) of the personal data subject or his representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data related to this personal data subject from the moment of such appeal or receipt of the request.

6.4. Upon achievement of the purposes of processing personal data, as well as in case of withdrawal of consent to their processing by the personal data subject, personal data are subject to destruction, unless:

otherwise provided by the agreement to which the personal data subject is a party, beneficiary or guarantor;

the operator has no right to carry out processing without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other federal laws;

unless otherwise provided by another agreement between the Operator and the personal data subject.

7. Final Provisions

7.1. Liability for violation of the requirements of the legislation of the Russian Federation and regulatory documents of KYUTEK LLC in the field of personal data is determined in accordance with the legislation of the Russian Federation.

7.2. This Policy shall enter into force upon approval and shall be valid indefinitely until the adoption of a new Policy.

7.3. All changes and additions to this Policy must be approved