The Rosnet LLC Personal Data Processing Policy (hereinafter - the Policy) defines basic principles, objectives, conditions and methods of data processing, lists of subjects of personal data, rights of subjects, as well as requirements to protection of personal data implemented in the Company.
The Policy was developed taking into account the provisions of the Constitution of the Russian Federation, legislative and other regulatory acts in the field of personal data:
- Labour Code of the Russian Federation;
- Federal Law No. 152-FZ of 27 July 2006 "On Personal Data";
- Decree of the President of the Russian Federation dated March 6, 1997 No. 188 "On Approval of the List of Information of Confidential Nature";
- Decree of the Government of the Russian Federation No. 1119 dated November 1, 2012 "On Approval of the Requirements for the Protection of Personal Data during their Processing in Personal Data Information Systems";
- Order of the Federal Service for Technical and Export Control of Russia No. 55, the Federal Security Service of Russia No. 86 and the Ministry of Communications of Russia No. 20 dated February 13, 2008. "On Approval of the Procedure for Classification of Personal Data Information Systems";
- FSTEC Order No. 21 dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure Security of Personal Data during Processing in Personal Data Information Systems";
- Order of Roskomnadzor No. 996 dated September 05, 2013 "On Approval of Requirements and Methods for Depersonalization of Personal Data";
- Other regulatory legal acts of the Russian Federation and regulatory documents of authorised state authorities.
Key terms and definitions
Personal data is any information that directly or indirectly relates to an identified or identifiable individual (the subject of the PD).
Information - any data about a subject, regardless of the form in which it is presented.
Operator - state body, legal entity or individual, independently or together with other persons arranging and (or) carrying out PD processing, as well as defining the purpose of their processing, the composition of information to be processed, actions (operations) performed with personal data.
Processing of personal data - any action (operation) or set of actions (operations), performed with or without use of automated means, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
Provision of personal data - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
Information system of personal data is an aggregate of personal data contained in databases of personal data and information technologies and technical means ensuring its processing.
Principles and objectives of personal data processing
Rosnet LLC, as the operator of personal data, processes personal data of the Company's clients.
The Company processes personal data in order to protect the rights of data subjects, including the protection of the right to privacy, personal and family secrets, based on the following principles:
- the processing is lawful and fair;
- Processing shall be limited to specific, predetermined and legitimate purposes;
- Processing that is incompatible with the purposes for which personal data is collected shall not be permitted;
- databases containing personal data may not be combined for purposes which are incompatible with one another;
- Only data that meets the purposes for which the data is being processed may be processed;
- the content and volume of processed information shall comply with the stated processing purposes;
- the processing of personal data shall ensure the accuracy of personal data, its adequacy and, where necessary, relevance in relation to the purposes of personal data processing;
- Personal data shall be stored in a form enabling identification of the personal data subject no longer than required by the purposes of personal data processing, unless the term of personal data storage is established by the Federal Law or any other document;
- Processed personal data shall be destroyed or depersonalised upon attainment of the processing objectives or if it is no longer necessary to attain such objectives, unless otherwise provided for by the Federal Law.
Personal data is processed by Rosnet LLC for the following purposes:
- Ensuring compliance with the Constitution of the Russian Federation, legislative and other regulatory acts;
- Performing the functions, powers and duties imposed on Rosnet LLC by the Russian legislation, including the provision of personal data to public authorities, as well as to other public authorities;
- protection of life, health or other vital interests of personal data;
- preparation, conclusion, execution and termination of contracts with counterparties;
- formation of reference materials for internal information support of the Company's activities;
- Execution of judicial acts, acts of other bodies or officials subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
- for other lawful purposes.
ROSNET LLC functions when processing personal data
The list of personal data processed by the Company is determined in accordance with Russian law and local regulations.
The Company, when processing Personal Data:
- Take necessary and sufficient measures to ensure compliance with Russian law in the area of personal data;
- Takes legal, organisational and technical measures to protect data from unauthorised or accidental access;
- Appoints the person responsible for the organization of data processing in the Company
- Publishes local normative acts, defining the policy and issues related to processing and protection of personal data in the Company;
- publishes and provides unrestricted access to this Policy;
- Informs in the prescribed manner subjects of the availability of personal data relating to them, provides an opportunity to become familiar with these personal data when they apply and (or) the receipt of requests of these personal data subjects or their representatives, unless otherwise provided by Russian legislation
- Terminate personal data processing in cases envisaged by Russian laws
- Perform other actions required by Russian Federation laws in the field of personal data.
Terms and conditions for the processing of personal data
The Company processes personal data with the consent of the subject of personal data, unless otherwise required by Russian law.
The Company does not disclose or distribute personal data to third parties without the consent of the data subject, unless otherwise provided for by Federal Law.
Rights of subjects of personal data
Personal data subjects have the right to the following:
- Full information about the data processed by Rosnet LLC;
- Access to their personal data, including the right to obtain a copy of any record containing their personal data, except in cases provided for by the Federal Law;
- clarification of their personal data, their blocking or destruction in case the information is incomplete, outdated or inaccurate;
- withdrawal of consent for processing of personal data;
- Appealing against the Company's actions in processing personal data;
- Exercise other rights provided by the legislation of the Russian Federation
Measures taken by Rosnet LLC to protect personal data
Personal data protection measures in the Company include:
- Appointing a person responsible for the organisation of personal data processing
- Adopting local regulations and other documents in the field of processing and protection of personal data;
- Obtaining consent from the subjects to process their personal data, except in cases provided for by the legislation of the Russian Federation
- Exercising internal control over compliance of personal data processing with the Federal Law "On Personal Data";
- Other measures envisaged by the Russian legislation in the field of personal data.
This Policy shall take effect on the date of its publication. An up-to-date version of the Policy shall be published on the website www.ros-net.ru; if it is amended or supplemented, the date of the latest revision shall be added to the title of the document.
Clients of the Company have the right to familiarise themselves with this document. In case of violation of the provisions of the Policy, Rosnet LLC shall be liable in accordance with the legislation of the Russian Federation.
Any complaints may be sent by the subject of personal data to the Company's legal address: 34 Kozhevennaya Liniya, St. Petersburg, 199106.