Privacy Policy

1. General

1.1. This Personal Data Processing Policy (hereinafter — the Policy) is intended to protect rights and freedoms of physical entities whose personal data is processed by OOO TsNP Tekhnologii Ideala (hereinafter — the Operator).

1.2. The Policy has been designed in accordance with Paragraph 2 Part 1 to Article 18.1 of the Federal Law No. 152-FZ 'On Personal Data' of July 27, 2006 (hereinafter — the Federal Law 'On Personal Data").

1.3. The Policy is a public document containing data subject to be disclosed under Paragraph 1 to Article 14 of the Federal Law 'On Personal Data'.

2. The Operator

2.1. The Operator performs its activities on www.7spsy.com.

2.2. Pavel P. Khoroshutin, General Director, phone no. +7 964-650-09-55, is assigned responsible for personal data processing management.

2.3. A database containing personal data of citizens of the Russian Federation is located at: Suite 41, 16 Gogolya St., Novosibirsk, Russia, 630005.

3. Information on personal data processing

3.1. The Operator processes personal data on a legal and fair basis to perform functions, assignments and obligations imposed by legislation, exercise rights and legal interests of the Operator, Operator's employees and third persons. 

3.2. The Operator receives personal data directly from data subjects.

3.3. The Operator processes personal data with automated and non-automated methods, with or without the use of computers.

3.4. Personal data processing includes collection, recording, systematization, accumulation, storage, validation (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

3.5. Databases containing personal data of citizens of the Russian Federation are located in the Russian Federation.

4. Processing of employees' personal data 

4.1. The Operator processes personal data of the Operator's employees in the course of legal relations regulated by the Labor Code of the Russian Federation No. 197-FZ dated December 30, 2001 (hereinafter referred to as the RF Labor Code), including Article 14 of the RF Labor Code pertinent to employees' personal data protection.

4.2. The Operator processes employees' personal data with a view to fulfill employment contracts, comply with the Russian statutory regulations, and in order to:

— keep personnel records;

— maintain accounting records;

— carry out functions, assignments and duties imposed by the Russian legislation imposed on the Operator, including provision of personal data to state authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Compulsory Medical Insurance Fund, as well as to other state bodies;

— comply with occupational health and safety requirements of employees of OOO TsNP Tekhnologii Ideala, and the integrity of its property;

— monitor quantity and quality of work;

— provide compensations and benefits as stipulated by the laws of the Russian Federation;

— post the data to the website, internal reference and address books of the organization.

4.3. The Operator shall not make decisions affecting employees' interests based on their personal data obtained by electronic means or solely as a result of automated processing.

4.4. The Operator protects employees' personal data at its own expense in accordance with the procedure established by the Russian Labor Code, the Federal Law "On Personal Data", and other federal laws.

4.5. The Operator get its employees and their representatives acknowledged against receipt with the documents establishing the employee data processing procedure, as well as their rights and obligations in this field.

4.6. The Operator allows access to employees' personal data only to authorized persons who are entitled to receive as few as the data required to perform their functions.

4.7. The Operator receives all personal data from the employees. If employee's data can be obtained only from a third party, the Operator informs the employee in advance and secures his written consent. The Operator informs the employee on the purposes, sources, and methods of obtaining data, as well as on the nature of the data to be obtained and the consequences of employee's refusal to give a written consent to obtain such data.

4.8. The Operator processes employees' personal data upon their written consent given for the term of the employment contract.

4.9. The Operator processes employees' personal data during the term of the employment contract. The Operator processes personal data of dismissed employees within the period specified in Paragraph 5, Part 3, Article 24 of Part 1 of the Tax Code of the Russian Federation No. 146-FZ dated July 31, 1998, Part. 1, Art. 29 of the Federal Law "On Accounting" No. 402-FZ dated December 6, 2011, and other regulatory legal acts.

4.10. The operator may process special categories of employees' personal data (health data related to the possibility of performing their job functions) as per Part 2 of Paragraph 2.3, Article. 10 of the Federal Law "On personal data".

4.11. The Operator shall not process biometric data of employees.

4.12. The Operator shall not receive any data on employees' membership in public associations or their trade union activities, unless provided for by the Russian Labour Code or other federal laws.

4.13. The Operator processes the following employees' personal data:

— Surname, name, patronymic;

— Type, series and number of identification document;

— Issue dateand issuing authority of identification document;

— Address;

— Proceeds;

— Job title;

— Tax ID;

— State pension insurance certificate number;

— Marital status;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Contact phone number;

— Ethnical identity;

— Education;

— Employment record;

— Military service record;

— Social benefits record;

— Photo;

— Information on staying abroad;

— Occupation;

— Contributions for compulsory pension insurance;

— Contributions for compulsory medical insurance;

— Tax deductions;

— Date of retirement;

— Employee ID.

4.14. The Operator shall not share employee's personal data with any third party without the employee's written consent, except when it is necessary to prevent a threat to the employee's life and health, as well as in other cases stipulated by the Russian Labor Code, the Federal Law "On personal data", or other federal laws.

4.15. The Operator shall not disclose employee's personal data for commercial purposes without his written consent.

4.16. The Operator transfers employees' personal data to their representatives in accordance with the procedure established by the Russian Labor Code, the Federal Law "On personal data", and other federal laws, and limits this information only to data required by representatives to perform their functions

4.17. The Operator warns persons obtaining employee's personal data that the data can only be used for the purposes they have been communicated for, and requires them to confirm compliance with this rule.

4.18. Under the statutory procedure, in accordance with Article 7 of the Federal Law "On Personal Data, for the purposes of personal data processing, and with the consent of employees the Operator provides employees' personal data or consign data processing to the following entities:

— State agencies (Pension Fund of Russia, Federal Tax Service, Social Insurance Fund, etc.);

— Bank (on a salary project).

4.19. An employee may get free access to his or her personal data and any information on processing of this data, as well as obtain a copy of any record containing his or her personal data, except as provided by the Federal law.

4.20. An employee may access medical records reflecting his or her state of health with the assistance of a chosen medical officer.

4.21. An employee may choose a representative to protect his or her personal data.

4.22. An employee may claim any incorrect or incomplete personal data, as well as any personal data processed in violation of the Labor Code of Russia, the Federal Law "On personal data", or other federal law, to be excluded or corrected. Should the Oprerator refuse to eliminate or correct employee's personal data, the employee may declare his or her disagreement in writing and reason such a disagreement. Any employee may supplement his or her personal data that is a matter of judgement with a statement expressing his or her point of view.

4.23. An employee may request that all persons who have previously been reported his or her incorrect or incomplete personal data be notified of any exceptions, corrections or additions.

4.24. An employee may appeal to court against any illegal actions or acts of omission of the Operator in processing and protecting his personal data.

5. Processing of customers' personal data 

5.1. The Operator processes personal data of its customers (hereinafter - the Customers) within their legal relations regulated by Part Two of the Civil Code of the Russian Federation No. 14-FZ dated January 26, 1996.

5.2. The Operator processes personal customer data to comply with the laws of the Russian Federation, as well as to:

— enter into and fulfil its obligations under customer contracts;

— carry out activities stipulated in the founding documents of OOO TsNP Tekhnologii Ideala;

— inform of new products, special offers and promotions.

5.3. The Operator processes personal data of customers with their consent given for the period of validity of contracts concluded with them. In cases stipulated by the Federal Law "On personal data", customer's consent shall be given in writing. In other cases consent is considered to be received upon entering into a contract or implied by conduct.

5.4. The Operator processes personal data of customers within the validity period of contracts concluded with them. The Operator may process personal data of customers after expiration of contracts concluded with them during the period set forth in the Paragraph 5, Part 3, Article 24 of the Tax Code of the Russian Federation, Part 1, Article 29 of the Federal Law "On Accounting", and other regulatory acts.

5.5. The Operator processes special categories of personal data of underage customers with the written consent of their legal representatives based on Part 1, Article 9, Paragraph 1, Part. 2, Article 10 of the Federal Law "On personal data".

5.6. The Operator processes the following personal customer data:

— Surname, name, patronymic;

— Mobile phone number;

— Address;

— Marital status;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Contact phone number;

— Ethnicity;

— Education;

— Employment record;

— Occupation;

— Job title.

6. Processing of job seekers' personal data

6.1. The Operator processes personal data of job seekers (hereinafter - the Job Seekers).
6.2. The Operator processes personal data of the Job Seekers in order to:
- make decisions on whether to hire or not to hire.

6.3. The Operator processes personal data of the Job Seekers with their written consent provided for the period required to make a decision on whether to hire or not to hire a person. An exception to this is where a personnel agency contracting with the Job Seeker acts on his or her behalf, as well as where the Job Seeker places his/her CV in the Internet, so it becomes available to an unlimited number of people.

6.4. The Operator processes personal data of the Job Seekers for the period required to make a decision on whether to hire or not to hire them. In case of job rejection, the Operator stops processing personal data of a job seeker within 30 days in accordance with Paragraph 4, Article 21 of the Federal Law "On Personal Data". If the Job Seeker has given his/her consent to be added to an employee pool, the Operator may continue processing of his/her personal data within the period specified in the consent.

6.5. The Operator shall not process special categories of Job Seekers' personal data or their biometric data.

6.6. The Operator processes the following personal data of the Job Seekers:

— Surname, name, patronymic;

— Type, series and number of identification document;

— Issuance date of identity document, issuing authority;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Address;

— Taxpayer ID;

— State Pension Insurance Certificate number;

— Ethnicity;

— Occupation;

— Income;

— Date of retirement;

— Job title;

— Employment record.

7. Information on personal data security

7.1. The Operator assigns a person responsible for personal data processing management to perform duties provided for by the Federal Law "On personal data" and any regulations made thereunder.

7.2. The Operator applies a set of legal, organizational and technical measures to ensure safety, confidentiality and protection of personal data against illegal actions:

— provides unlimited access to the Policy, a copy of which is available at the Operator's location and can be placed on the Operator's website (if any);

— pursuant to the Policy, approves and implements Regulations on Personal Data Processing (hereinafter referred to as the Regulations) and other internal policies and procedures;

— brings legal provisions on personal data, the Policy and the Regulations to the attention of employees;

— authorizes employees' to access personal data processed within Operator's information system, as well as their own physical storage media for the only purpose to perform their job duties;

— establishes privacy policy — a set of rules to access personal data processed within Operator's information system and provides for registration and logging of all actions concerning personal data;

— assesses any damages that may be caused to personal data subject in case of violation of the Federal Law "On Personal Data";

— identifies threats to personal data security imposed during their processing by Operator's information system;

— takes organizational and technical measures and uses information protection means to achieve the established level of personal data security;

— detects actual instances of unauthorized access to personal data and takes response actions including recovery of personal data modified or destroyed as a result of unauthorized access;

— assesses efficiency of measures taken to ensure personal data security before putting Operator's information system into operation;

— manages compliance of personal data processing with Federal Law "On personal data", any regulations thereunder, personal data protection requirements, the Policy, the Regulations and other policies and procedures, including control over measures taken on personal data security and their security level when processed by information system of the Operator.

 8. Rights of personal data subjects

8.1. Personal data subject shall be entitled to:

— receive personal data regarding this subject and information related to their processing;

— validate, lock or destroy his/her personal data if it is incomplete, outdated, inaccurate, illegally obtained or not required for the stated purpose of processing;

— withdraw his/her consent to personal data processing;

— protect his/her rights and legitimate interests through the courts, including compensation for losses and moral damages;

— appeal against Operator's actions or inaction to the authorized body on protection of the rights of personal data subjects, or lodge a judicial appeal.

8.2. Personal data subjects shall be entitled to address to the Operator or send an inquiry in person via representative in terms of exercising their rights and legitimate interests. The inquiry should contain information specified in Part 3, Article 14 of Federal Law "On personal data".