Privacy Policy ➤ CLA Group

CLA Group Policy with regard to the processing of personal data

1. General provisions

1.1. This Policy of CLA GROUP regarding the processing of personal data (hereinafter referred to as the Policy) developed for the purposes ensuring the protection of the rights and freedoms of man and citizen when processing it personal data, including the protection of privacy rights life, personal and family secrets.

1.2. The policy applies to all personal data that processes the "CLA GROUP" (hereinafter - Operator, CLA GROUP).

1.3. The policy applies to relations in the field of processing personal data that the Operator has both before and after the approval of this Policies.

1.4. The Policy is published in free access in the Internet information and telecommunication network on the Operator's website.

1.5. Basic concepts used in the Policy:
personal data — any information relating directly or indirectly to certain or identifiable natural person (subject of personal data);
personal data operator (operator) — state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing personal data, as well as determining the purposes of processing personal data, composition of personal data to be processed, actions (operations), committed with personal data;
processing of personal data - any action (operation) or set actions (operations) with personal data performed using automation tools or without their use.

Processing of personal data includes including:

collection;
record;
systematization;
accumulation;
storage;
refine (update, change);
extract;
use;
transfer (distribution, provision, access);
depersonalization;
blocking;
remove;
destruction;

automated processing of personal data — processing of personal data data using computer technology;
dissemination of personal data - actions aimed at disclosure personal data to an indefinite circle of persons;
provision of personal data - actions aimed at disclosure personal data to a certain person or a certain circle of persons;
blocking of personal data - temporary suspension of processing personal data (unless the processing is necessary for clarification of personal data);
destruction of personal data — actions that result in it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the destruction material carriers of personal data;
depersonalization of personal data — actions that result in impossible to determine without using additional information belonging of personal data to a specific subject of personal data;
information system of personal data - a set of information contained in databases of personal data and ensuring their processing information technologies and technical means;
cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or foreign legal entity.

1.6. Basic rights and obligations of the Operator.

1.6.1. The operator has the right to:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations under the Law on personal data and regulations adopted in accordance with it legal acts, unless otherwise provided by the Law on Personal data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the subject
personal data, unless otherwise provided by federal law, on on the basis of an agreement concluded with this person. Person exercising processing of personal data on behalf of the Operator, must comply principles and rules for the processing of personal data provided for Personal Data Law;
3) in case of withdrawal by the subject of personal data of consent to processing personal data The operator has the right to continue processing personal data without the consent of the subject of personal data, if there are grounds, specified in the Law on Personal Data.

1.6.2. Operator must:
1) organize the processing of personal data in accordance with requirements of the Personal Data Law;
2) respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3) notify the authorized body for the protection of the rights of subjects of personal data (Federal Service for Supervision in the Sphere of Communications, Information technologies and mass communications at the request of this body necessary information within 30 days from the date of receipt of such request.

1.7. Basic rights of the subject of personal data. Subject of personal data is entitled to:
1) receive information regarding the processing of his personal data, for except as otherwise provided by federal law. Details provided to the subject of personal data by the Operator in an accessible form, and they should not contain personal data relating to other subjects of personal data, except when there are legitimate grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on personal data;
2) require the operator to clarify his personal data, block them or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of the processing, as well as accept legal measures to protect their rights;
3) put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market;
4) appeal against illegal actions or in court or inaction of the Operator when processing his personal data.

1.8. Control over the fulfillment of the requirements of this Policy is carried out
authorized person responsible for organizing the processing of personal data from the Operator.

1.9. Responsibility for violation of the requirements of the legislation and regulations of CLA GROUP in the field of processing and protection personal data is determined in accordance with the legislation.

2. Purposes of collecting personal data

2.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data.

2.2. Only personal data that meet the purposes of their processing are subject to processing processing.

2.3. Processing by the Operator of personal data is carried out in the following purposes:

ensuring compliance with the Constitution, federal laws and other regulatory legal acts;
attracting and selecting candidates for work with the Operator;
organization of individual (personalized) registration employees in the mandatory pension insurance system;
filling in and submitting to executive authorities and others authorized organizations of the required reporting forms;
implementation of civil law relations;
accounting;
implementation of access control;
conclusion of any agreements with the Operator with personal data subjects and their further execution;
providing personal data subjects with services and services by the Operator, as well as information about the development by the Operator of new products and services, including advertising;
feedback to personal data subjects, including their processing requests and requests, informing about the work of the Operator's website;
monitoring and improving the quality of the Operator's services, including offered on the site;
conducting personnel work and organizing records of the Operator's employees, regulation of labor and other, directly related to them relations;
formation of statistical reporting;
carrying out business activities in accordance with the charter of CLA GROUP;
implementation of other functions, powers and duties assigned to Operator by the legislation.

2.4. The processing of personal data of employees may be carried out solely for the purpose of enforcing laws and other regulations legal acts.

3. Legal grounds for the processing of personal data

3.1. The legal basis for the processing of personal data is the totality regulatory legal acts, in pursuance of which and in accordance with which
The operator processes personal data, including:

Constitution;
Civil Code;
Labor Code;
Tax Code;
other regulatory legal acts regulating relations related to activities of the Operator.

3.2. The legal basis for the processing of personal data is also:

Charter of CLA GROUP;
contracts concluded between the Operator and subjects of personal
data;
consent of personal data subjects to the processing of their personal data
data.

4. Scope and categories of personal data processed, categories of personal data subjects

4.1. The content and scope of the processed personal data must comply with the stated purposes of processing provided for in sect. 2 of this Policy. The personal data being processed must not be excessive in relation to the stated purposes of their processing.

4.2. The Operator may process personal data of the following categories subjects of personal data.

4.2.1. Candidates for employment with the Operator:

last name, first name, patronymic;
gender;
citizenship;
date and place of birth;
contact details;
information about education, work experience, qualifications;
other personal data reported by candidates in resumes and cover letters.

4.2.2. Employees and former employees of the Operator:

last name, first name, patronymic;
gender;
citizenship;
date and place of birth;
image (photo);
passport data;
registration address at the place of residence;
address of actual residence;
contact details;
individual tax number;
insurance number of an individual personal account;
information about education, qualifications, training and advanced training;
marital status, presence of children, family ties;
information about work activity, including the availability of incentives, awards and (or) disciplinary sanctions;
marriage registration data;
military registration information;
disability information;
support deduction information;
information about income from the previous place of work;
other personal data provided by employees in accordance with labor law requirements.

4.2.3. Family members of the Operator's employees:

last name, first name, patronymic;
degree of relationship;
year of birth;
other personal data provided by employees in accordance with labor law requirements.

4.2.4. Clients and counterparties of the Operator (individuals):

last name, first name, patronymic;
date and place of birth;
passport data;
registration address at the place of residence;
contact details;
position to be filled;
individual tax number;
account number;
other personal data provided by customers and contractors (individuals) necessary for the conclusion and execution of contracts.

4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities persons):

last name, first name, patronymic;
passport data;
contact details;
position to be filled;
other personal data provided by representatives (employees) clients and counterparties necessary for the conclusion and execution
contracts.

4.3. Processing by the Operator of biometric personal data (information, which characterize the physiological and biological characteristics of a person, on on the basis of which it is possible to establish his identity) is carried out in accordance with the legislation.

4.4. The Operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, except as provided by the legislation.

5. The procedure and conditions for the processing of personal data

5.1. The processing of personal data is carried out by the Operator in accordance with requirements of the legislation.

5.2. The processing of personal data is carried out with the consent of the subjects personal data to the processing of their personal data, as well as without it in cases provided for by the legislation.

5.3. The operator performs both automated and non-automated processing of personal data.

5.4. Employees of the Operator are allowed to process personal data, in whose job responsibilities include the processing of personal data.

5.5. The processing of personal data is carried out by:

receiving personal data in oral and written form directly from personal data subjects;
obtaining personal data from public sources;
entering personal data into journals, registers and information Operator systems;
use of other methods of personal data processing.

5.6. It is not allowed to disclose to third parties and distribute personal data without the consent of the subject of personal data, unless otherwise provided
federal law.

5.7. Transfer of personal data to bodies of inquiry and investigation, to the Federal tax service, the Pension Fund, the Fund for Social insurance and other authorized executive bodies and organization is carried out in accordance with the requirements of the legislation.

5.8. The operator accepts the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and others unauthorized activities, including:

identifies threats to the security of personal data during their processing;
adopts local regulations and other regulatory documents relations in the field of processing and protection of personal data;
appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
creates the necessary conditions for working with personal data;
organizes accounting of documents containing personal data;
organizes work with information systems in which personal data;
stores personal data under the conditions under which it is provided safety and illegal access to them is excluded;
organizes training for the Operator's employees involved in the processing personal data.

5.9. The operator stores personal data in a form that allows determine the subject of personal data, no longer than the purposes require processing of personal data, if the period of storage of personal data is not established by federal law, contract.

5.10. When collecting personal data, including through the information and telecommunication network Internet, The operator provides recording, systematization, accumulation, storage, clarification (updating, changing), extraction of personal data of citizens using databases located on the territory, with the exception of cases specified in the Law on Personal Data.

6. Updating, correcting, deleting and destroying personal data, responses to requests from subjects on access to personal data

6.1. Confirmation of the fact of personal data processing by the Operator, legal the grounds and purposes of processing personal data, as well as other information, provided by the Operator to the subject of personal data or his representative when applying or when receiving a request from the subject of personal data or his representative. The information provided does not include personal data related to other subjects of personal data, unless there are legitimate grounds for disclosing such personal data.

The request must contain:

number of the main identity document of the subject personal data or his representative, information about the date of issue specified document and the issuing authority;
information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information, otherwise confirming the fact of processing personal data by the Operator;
signature of the personal data subject or his representative.

The request can be sent in the form of an electronic document and signed electronic signature in accordance with the legislation. If the appeal (request) of the subject of personal data is not reflected in in accordance with the requirements of the Personal Data Law, all necessary information or the subject does not have access rights to the requested information, then a reasoned refusal is sent to him. The right of the subject of personal data to access his personal data may be limited in accordance with , including including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.

6.2. In case of detection of inaccurate personal data when contacting the subject personal data or his representative or at their request The operator blocks personal data,relating to this subject of personal data, from the moment of such treatment or receiving a specified request for a check period, if blocking personal data does not violate the rights and legitimate interests of the subject personal data or third parties.

In case of confirmation of the fact of inaccuracy of personal data, the Operator on on the basis of information provided by the subject of personal data or his representative, or other necessary documents clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.

6.3. In the event of unlawful processing of personal data when appeal (request) of the subject of personal data or his representative. The operator performs blocking unlawfully processed personal data relating to this subject personal data, from the moment of such contact or receipt of a request.

6.4. When achieving the goals of processing personal data, as well as in the event of a withdrawal the subject of personal data consent to their processing of personal data are to be destroyed if:

otherwise is not provided by the contract, the party of which is the beneficiary or the guarantor for which the subject of personal data is;
The operator is not entitled to process without the consent of the subject personal data on the grounds provided for by the Law on personal data or other federal laws;
otherwise not provided by another agreement between the Operator and the subject personal data.

"CLA GROUP"