Ru

Privacy Policy



1. General Provisions
1.1. The policy of processing personal data in OJSC «Sasta» (hereinafter referred to as the Policy) applies to all personal data tha OJSC «Sasta» can receive from personal data subjects - employees of OJSC «Sasta» in connection with the implementation of labor relations, customers and counterparties of JSC «Sasta» "in connection with the implementation of OJSC" «Sasta» "statutory activities. This Policy defines the principles, procedure and conditions for the processing of personal data of employees, clients and contractors of OJSC «Sasta», whose personal data are processed by OJSC «Sasta» in order to ensure the protection of human and civil rights and freedoms while processing its personal data, including protection of rights to privacy, personal and family secrets, and also establishes the responsibility of employees of «Sasta» OJSC who have access to personal data for non-compliance with the requirements of the rules governing processing and protection from personal data.
1.2. The policy is developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other normative legal acts of the Russian Federation in the field of personal data.
1.3. The provisions of the Policy form the basis for the development of local regulations governing the processing of personal data of employees of OJSC «Sasta» and other subjects of personal data in OJSC «Sasta».


2. Legislative and other normative legal acts of the Russian Federation, in accordance with which the Policy for the processing of personal data is determined in OJSC «Sasta».

 2.1. The policy of processing personal data in OJSC «Sasta» is determined in accordance with the following regulatory legal acts:
2.2. In order to implement the provisions of the Policy, OJSC «Sasta» develops appropriate local regulations and other documents.


  3. The basic concepts used in OJSC «Sasta» in this Policy of processing personal data.

Personal data - any information related to a directly or indirectly defined or determined individual (subject of personal data).

 Information - information (messages, data) regardless of the form of their presentation.

 Operator - a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as defining the purposes of processing personal data, the composition of the personal data subject to processing, the actions (operations) performed with personal data.
 Personal data processing is any action (operation) or set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

 Automated processing of personal data - processing of personal data by means of computer facilities. Provision of personal data - actions aimed at disclosing personal data to a specific person or a certain circle of persons.

 Dissemination of personal data - actions aimed at disclosing personal data to an undetermined number of persons.

 Blocking of personal data - temporary termination of processing of personal data (except for cases when processing is necessary for specification of personal data).

 Destruction of personal data is an action that makes it impossible to restore the contents of personal data in the personal data information system and (or) as a result of which material data carriers of personal data are destroyed.

 The depersonalization of personal data is an action that makes it impossible to use the additional information to determine whether personal data belongs to a particular personal data subject.

 Information system of personal data - a set of personal data contained in databases and providing their processing of information technologies and technical means.

 Employees (subjects of personal data) are individuals who are in labor and other civil law relations with the Operator-Operator, including: state civil servants (citizens permanently employed in state civil service positions, replaced by the conclusion of an employment contract); job seekers for vacant positions and persons in the personnel reserve (individuals who are preparing to enter into employment or other civil law relations with the Operator Office).


4. Principles and purposes of personal data processing

4.1. OJSC «Sasta» carries out processing of personal data of employees of OJSC «Sasta» and other subjects of personal data that do not belong to OJSC «Sasta» in labor relations.
4.2. The processing of personal data in OJSC «Sasta» is carried out taking into account the need to ensure the protection of the rights and freedoms of employees of «Sasta» and other personal data subjects, including protection of the right to privacy, personal and family secrets, based on the following principles:
 4.3. Personal data is processed by OJSC «Sasta» in order to:
With the consent of the subject of personal data, OJSC «Sasta» can use the personal data of customers and counterparties for the following purposes:


5. The list of entities whose personal data are processed in OJSC «Sasta»

5.1.O JSC "«Sasta»" processes personal data of the following categories of subjects:
 
6. The list of personal data processed in OJSC «Sasta»

6.1. The list of personal data processed by OJSC «Sasta» is determined in accordance with the laws of the Russian Federation and local statutory acts of OJSC «Sasta», taking into account the purposes of processing personal data specified in section 4 of the Policy.
 

7. Functions of OJSC "«Sasta»" in the processing of personal data

7.1. OJSC "«Sasta»" in the processing of personal data:
 
8. Rights of the subject of personal data

8.1. Consent of the subject of personal data to the processing of his personal data
8.1.1. The subject of personal data decides to provide his personal data and agrees to their processing freely, his will and in his interest. Consent to the processing of personal data can be given by the subject of personal data or his representative in any form that allows to confirm the fact of its receipt, unless otherwise provided by federal law.
8.2. Rights of subjects of personal data
8.2.1. The subject of personal data has the right to:

9. List of actions with personal data and ways of its processing

9.1. OJSC "«Sasta»" collects, records, systemizes, accumulates, stores, updates (updates, changes), extracts, uses, transfers (distributes, provides, accesses), depersonalizes, blocks, deletes and destroys personal data.
9.2. Processing of personal data in OJSC "«Sasta»" is carried out by a method of mixed processing of personal data.


10. Measures to ensure the protection of personal data taken by OJSC «Sasta»

10.1. Measures that are necessary and sufficient to ensure the performance of OJSC «Sasta» of the operator's duties, provided for by the legislation of the Russian Federation in the field of personal data, include:
 
11. Guarantee of confidentiality

11.1. Information related to personal data that has become known in connection with the implementation of labor relations in connection with the implementation of the statutory activities of OJSC «Sasta» and in connection with cooperation with counterparties of OJSC «Sasta» is confidential information and is protected by law.
11.2. Employees of OJSC «Sasta» and other persons who have access to the processed personal data are warned about possible disciplinary, administrative, civil or criminal liability in case of violation of the norms and requirements of the current legislation regulating the rules for processing and protecting personal data.
11.3. Employees of OJSC «Sasta», through the fault of which there was a violation of the confidentiality of personal data, and employees who created the prerequisites for the violation of the confidentiality of personal data are liable under the current legislation of the Russian Federation, internal documents of OJSC «Sasta» and terms of the employment contract.
11.4. Employees carrying out the processing of personal data and responsible for ensuring its safety must have the qualifications sufficient to maintain the required mode of personal data security.


12. Changes to this Policy

12.1. This Policy is an internal document of OJSC «Sasta».
12.2. This Policy is subject to amendment, addition in the event of the emergence of new legislation and special regulations for the processing and protection of personal data. If changes are introduced to this Policy, they will be provided with unlimited access to all interested subjects of personal data.