Appendix No. 1 to the order
dated September 01, 2022

POLICY OF Firma BIS LLC
regarding the processing of personal data

1. General provisions
1.1. This Policy of Firma BIS LLC regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in pursuance of the requirements of clause 2. Part 1 of Article 18.1 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of rights on privacy, personal and family secrets.
1.2. This Policy is an official document that defines the principles and purposes of processing personal data (hereinafter referred to as PD), for each purpose of processing PD, categories and a list of processed PD are defined, categories of subjects whose PD are processed, methods, terms for their processing and storage, and the procedure for destruction PND upon achievement of the purposes of their processing or upon the occurrence of other legal grounds.
1.3. The Policy applies to all personal data processed by Firma BIS LLC (hereinafter also referred to as the Company).
1.4. The processing of personal data in the Company is carried out in accordance with the Federal Law of July 27, 2006 N 152-FZ "On Personal Data".
1.5. The policy is obligatory for compliance by all employees of Firma BIS LLC who have access to personal data and process it.
2. Basic concepts used in the Policy
Personal Information– any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
Personal data authorized by the subject of personal data for dissemination,- personal data, access of an unlimited circle of persons to which is provided by the subject of personal data by giving consent to the processing of personal data permitted by the subject of personal data for distribution in the manner prescribed by this Federal Law;
Personal Data Society (Society)- a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Subject of personal data– a natural person who is directly or indirectly identified or determined using personal data;
Processing of personal data- any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer ( distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data– processing of personal data using computer technology;
Dissemination of personal data– actions aimed at disclosing personal data to an indefinite circle of persons;
Providing personal data- actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Blocking personal data– temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);
Destruction of personal data- actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
Depersonalization of personal data- actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
Information system of personal data- a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross-border transfer of personal data– transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity.
3. Legal grounds for the processing of personal data
3.1. The processing of personal data is carried out in accordance with the following federal laws, regulatory legal and local acts, documents:
- the Constitution of the Russian Federation;
- the Labor Code of the Russian Federation;
- the Civil Code of the Russian Federation;
- the Tax Code of the Russian Federation;
- Federal Law No. 167-FZ of December 15, 2001 "On Compulsory Pension Insurance in the Russian Federation";
- Federal Law No. 255-FZ of December 29, 2006 "On Compulsory Social Insurance in Case of Temporary Disability and in Connection with Motherhood";
- Federal Law No. 149-FZ of July 27, 2006 "On Information, Information Technologies and Information Protection";
- Federal Law No. 126-FZ of July 7, 2003 "On Communications";
- Law of the Russian Federation of December 27, 1991 N 2124-1 "On the Mass Media".
- Decree of the Government of the Russian Federation of September 15, 2008 N 687 "On approval of the Regulations on the features of the processing of personal data carried out without the use of automation tools";
- Decree of the Government of the Russian Federation of November 1, 2012 N 1119 "On approval of requirements for the protection of personal data during their processing in personal data information systems";
- other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities;
- Charter of LLC "Firma" BIS ";
- contracts concluded between Firma BIS LLC and subjects of personal data;
- consent of personal data subjects to the processing of their personal data;
- Regulations "On the organization of the processing of personal data in Firma BIS LLC".
4. Purposes of processing personal data, categories and list of processed personal data, categories of subjects whose personal data are processed, methods, terms of their processing and storage, procedure for destruction.
Goals Category of personal data - Other. List of processed personal data: Categories of subjects, personale datawhich are being processed Sposowould theirprocessing Terms of processing and storage The procedure for the destruction of personal data Ensuring compliance with the labor legislation of the Russian Federation Full Name; Date of Birth; Place of Birth; marital status (presence of children, data on marriage registration); income information; floor; phone number; E-mail address; residence address; registration address; insurance number of an individual personal account (SNILS); individual numbertaxpayer (TIN); citizenship; data of an identity document (passport data); document data contained in the birth certificate; data of an identity document outside the Russian Federation; bank card details; Employees of the Company; Dismissed employees of the Company Mixed For the duration of the employment relationship Storage periods are determined in accordance with the Federal Law of October 22, 2004 N 125-FZ "On Archiving in the Russian Federation" Destruction of personal data is carried out on the basis of an act on the destruction of personal data and unloading from the event log in the information system of personal data Ways to destroy personal data: for paper carrierspersonal data - mechanical destruction (shredding). for electronic media - erasure on the device, which guarantees the destruction of information or the physical destruction of the electronic media.
current account number; account number; profession; job title; information about work activity, (including the availability of incentives,awards and (or) disciplinary actions); information about education,qualifications, professionalpreparation and promotionqualifications; attitude to military duty; military registration information; Full Name; relation degree; Date of Birth; birth certificate Family members of employees (relative and employees) Recruitment of personnel (applicants) for vacant positions Full Name; Date of Birth; Place of Birth; Family status; floor; phone number; E-mail address; residence address; registration address; information about work activity information about education, experiencejobs, qualifications Candidates for vacant positions (applicants) Mixed Until the end of the competition for the vacant job title The destruction of personal data is carried out on the basis of an act on the destruction of personal data and unloading from the event log in the information system of personal data. Ways to destroy personal data: for paper carrierspersonal data - mechanical destruction (shredding). for electronic media - erasing on the device, guaranteeing
destruction of information or physical destruction of an electronic storage medium. Fulfillment of contractual obligations Full Name; Date of Birth; phone number; E-mail address; registration address; data of an identity document (passport data); TIN; current account number; account number; bank card details; job title Counterparties Mixed Until the end of the action contractual relations and settlements with counterparty. Storage periods are determined in accordance with the Federal Law of October 22, 2004 N 125-FZ "On Archiving in the Russian Federation" The destruction of personal data is carried out on the basis of an act on the destruction of personal data and unloading from the event log in the information system of personal data. Ways to destroy personal data: • for paper carriers of personal data - mechanical destruction (shredding). • for electronic media - erasure on the device, which guarantees the destruction of information or the physical destruction of the electronic media. Full Name; document data, certifyingidentity (passport data; phone number; E-mail address; job title. Representative and counterparty Until the end of the action contractual relationship, or withdrawal of consent to the processing
Storage periods are determined in accordance with the Federal Law of October 22, 2004 N 125-FZ "On Archiving in the Russian Federations" Implementedie professionalnoah activities of a journalist and (or) activity funds mass media Full Name; Date of Birth; Place of Birth; Family status; floor; phone number; E-mail address; residence address; registration address; document data, certifyingpersonality; bank card details current account number; profession; job title; information about labor activity; information about education Individuals - persons whose data is used in stories and published materials mixed Before the expiration date for posting the story on informationalresources Storage periods are determined in accordance with the law of the Russian Federation of December 27, 1991 No. 2124-1 "Oh mass media information" The destruction of personal data is carried out on the basis of an act on the destruction of personal data and unloading from the event log in the information system of personal data. Ways to destroy personal data: • for paper carriers of personal data - mechanical destruction (shredding). • for electronic media - erasure on the device, which guarantees the destruction of information or the physical destruction of the electronic storage medium. 4.1. The processing of personal data relating to race, political opinions, religious or philosophical beliefs, intimate life is not carried out in Firma BIS LLC.
4.2. The processing of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity, and which is used by the Company to identify the subject of personal data) is not carried out by BIS Firm LLC.
5. The procedure and conditions for the processing of personal data
5.1. PD processing is carried out by the Company in accordance with the requirements of the current legislation of the Russian Federation.
5.2. PTI processing is limited to the achievement of specific, predetermined and legitimate purposes. It is not allowed to process PI that is incompatible with the purposes of collecting PI.
5.3. Conditions for the processing of personal data in Firma BIS LLC:
- the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data, or with the consent to the processing of personal data permitted by the subject of personal data for distribution, unless otherwise provided by the legislation of the Russian Federation;
- the processing of personal data is necessary to achieve the goals provided for by law, to implement and fulfill the functions, powers and duties assigned by the legislation of the Russian Federation to Firma BIS LLC;
- the processing of personal data is necessary for the performance of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as to conclude an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be the beneficiary or guarantor. The contract concluded with the subject of personal data may not contain provisions restricting the rights and freedoms of the subject of personal data, establishing the cases of processing personal data of minors, unless otherwise provided by the legislation of the Russian Federation, as well as provisions allowing, as a condition for concluding an agreement, the inaction of the subject of personal data;
- Firma BIS LLC has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, on the basis of an agreement concluded with this person, on behalf of the Company, and also in accordance with the Federal Law of 07.07.2003 N 126-FZ "On Communications";
- Firma BIS LLC, without the consent of the subject of personal data, does not disclose to third parties and does not distribute personal data, unless otherwise provided by the legislation of the Russian Federation.
5.4. When processing personal data, Firma BIS LLC performs the following actions with personal data:
- collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data using databases located on the territory of the Russian Federation.
5.5. There is no cross-border transfer of personal data by Firma BIS LLC.
5.6. Firma BIS LLC takes measures necessary and sufficient to ensure the fulfillment of the obligations stipulated by the Law on Personal Data, Government Decree No. 687 of September 15, 2008 "On Approval of the Regulations on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools", Government Decree No. 1119 dated November 1, 2012 "On approval of requirements for the protection of personal data during their processing in personal data information systems", FSTEC Order No. 21 dated February 18, 2013 "On approval of the composition and content of organizational and technical measures to ensure security of personal data during their processing in personal data information systems" and the regulatory legal acts adopted in accordance with them.
5.7. The storage of documents containing personal data is carried out in the archive of Firma BIS LLC or in the archive of the organization with which the corresponding agreement for the provision of services for the storage of documents has been concluded. Storage of documents containing personal data of personal data subjects is carried out for
the terms of storage of these documents established by the current regulatory enactments. Upon the expiration of the established storage periods, the documents shall be destroyed.
5.8. Personal data of personal data subjects are stored in information systems for processing personal data located on the territory of the Russian Federation.
6. Updating, correction, deletion and destruction of personal data, responses to requests from subjects for access to personal data
6.1. In case of confirmation of the fact of inaccuracy of personal data, Firma
"BIS" on the basis of information provided by the subject of personal data or his representative or the authorized body for the protection of the rights of subjects of personal data, or other necessary documents, is obliged to clarify personal data, or ensure their clarification within seven working days from the date of submission of such information.
6.2. The processing of personal data by Firma BIS LLC is terminated in the manner and within the time limits determined by the current legislation. If the goal of processing personal data is achieved, Firma BIS LLC is obliged to stop such processing or ensure its termination and destroy personal data or ensure their destruction within a period not exceeding thirty days from the date of achieving the goal of processing personal data, unless otherwise provided by the contract to which the subject of personal data is a party, beneficiary or guarantor, another agreement between Firma BIS LLC and the subject of personal data, or if the Company is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by Federal Laws.
6.3. In the event that the subject of personal data withdraws consent to the processing of his personal data, Firma BIS LLC is obliged to stop processing them or ensure the termination of such processing, and if the storage of personal data is no longer required for the purposes of processing personal data, destroy personal data within the time limit not exceeding thirty days from the date of receipt of the said response, unless otherwise provided by the agreement to which the subject of personal data is a party, beneficiary or guarantor, another agreement between the Company and the subject of personal data, or if the Company is not entitled to process personal data without the consent of the subject of personal data data on the grounds provided for by federal laws.
6.4. In the event that the subject of personal data applies to the Company with a request to stop processing personal data, the Company is obliged, within a period not exceeding ten working days from the date of receipt of the relevant request, to stop processing them or ensure the termination of such processing (if such processing is carried out by the person processing personal data ), with the exception of cases provided for by the Federal Law of July 27, 2006 No. 152-FZ. The specified period may be extended, but not more than five business days if the Company sends a reasoned notice to the subject of personal data indicating the reasons for the extension of the period for providing the requested information.
6.5. In case of unlawful processing of personal data by LLC
"Firm" BIS "is obliged, within a period not exceeding three working days from the date of this detection, to stop the illegal processing of personal data or to ensure the termination of the illegal processing of personal data. If it is impossible to ensure the legality of the processing of personal data, Firma BIS LLC, within a period not exceeding ten working days from the date of detection of illegal processing of personal data, is obliged to destroy such personal data or ensure their destruction. The Company is obliged to notify the subject of personal data or his representative about the elimination of the violations committed or the destruction of personal data, and if the appeal of the subject of personal data or his representative or the request of the authorized body for the protection of the rights of subjects of personal data were sent
the authorized body for the protection of the rights of subjects of personal data, as well as the specified body.
6.6. In case of establishing the fact of illegal or accidental transfer (provision, distribution, access) of personal data, which caused a violation of the rights of subjects of personal data, the Company is obliged from the moment such an incident is discovered by the Company, the authorized body for the protection of the rights of subjects of personal data or other interested person to notify the authorized body on protection of the rights of personal data subjects:
6.6.1. within twenty-four hours about the incident, about the alleged causes that led to the violation of the rights of personal data subjects, and the alleged harm caused to the rights of personal data subjects, about the measures taken to eliminate the consequences of the relevant incident, as well as provide information about the person authorized by the Company to interact with the authorized body for the protection of the rights of subjects of personal data, on issues related to the identified incident;
6.6.2. within seventy-two hours on the results of the internal investigation of the identified incident, as well as provide information about the persons whose actions caused the identified incident (if any).
6.7. In the absence of the possibility of destroying personal data within the period specified in paragraphs. 6.3-6.5 of this Policy, BIS Firm LLC is obliged to block such personal data and ensure the destruction of personal data within a period of not more than six months, unless another period is established by federal laws.
6.8. The subject of personal data has the right to receive information regarding the processing of his personal data.
6.9. The list of information that the subject of personal data has the right to request is given in clause 7.1. Politicians. The specified information is provided to the subject of personal data or his representative by the Company within ten working days from the date of application or receipt by the Company of a request from the subject of personal data or his representative. The specified period may be extended, but not more than five business days if the Company sends a reasoned notice to the subject of personal data indicating the reasons for the extension of the period for providing the requested information. The request must contain the number of the main document proving the identity of the subject of personal data or his representative, information about the date of issue of the specified document and the authority that issued it, information confirming the participation of the subject of personal data in relations with the Company (contract number, date of conclusion of the contract, or other information), or information otherwise confirming the fact of processing personal data by the Company, the signature of the subject of personal data or his representative. The Company provides the information specified in clause 7.1. to the subject of personal data or his representative in the form in which the relevant appeal or request is sent, unless otherwise specified in the appeal or request.
7. Rights of the subject of personal data
7.1. The subject of personal data has the right to receive information regarding the processing of his personal data, including information containing (according to clause 7, article 14 of the Federal Law "On Personal Data"):
- confirmation of the fact of personal data processing;
- legal grounds and purposes of personal data processing;
- the purposes and applied methods of processing personal data;
- the location of Firma BIS LLC, information about persons (excluding employees of Firma BIS LLC) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Company or on the basis of federal law;
- processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the provision of such data is provided by applicable law;
- terms of processing personal data, including the terms of their storage;
- the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law
"On personal data";
- information about the performed or proposed cross-border data transfer;
- the name or surname, first name, patronymic and address of the person processing personal data on behalf of BIS Firm LLC, if the processing is or will be entrusted to such a person;
- information on how the Company fulfills the obligations established by Article
18.1 of the Federal Law "On Personal Data";
- other information provided for by the Federal Law "On Personal Data" or other federal laws.
8. Rights and obligations of Firma BIS LLC
8.1. When collecting personal data, Firma BIS LLC is obliged to provide the subject of personal data, at his request, with the information provided for by Part 7 of Article 14 of the Federal Law "On Personal Data".
8.2. If, in accordance with federal law, the provision of personal data and (or) the receipt by the Company of consent to the processing of personal data is mandatory, Firma BIS LLC is obliged to explain to the subject of personal data the legal consequences of the refusal to provide his personal data and (or) give consent to their processing .
8.3. If personal data is not received from the subject of personal data, LLC
"Firm" BIS ", with the exception of cases provided for by part 4 of Art. 18 of the Federal Law "On Personal Data", prior to the processing of such personal data, it is obliged to provide the subject of personal data with the following information:
1) name or surname, first name, patronymic and address of Firma BIS LLC or its representative;
2) the purpose of processing personal data and its legal basis;
3) list of personal data;
4) intended users of personal data;
5) the rights of the subject of personal data established by the Federal Law "On Personal Data";
6) source of personal data.
8.4. Firma BIS LLC has the right not to provide the subject of personal data with the information provided for in paragraph 8.3 of this Policy, in cases where:
1) the subject of personal data is notified of the processing of his personal data by the relevant Company;
2) personal data is received by the Company on the basis of federal law or in connection with the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor;
3) the processing of personal data authorized by the subject of personal data for distribution is carried out in compliance with the prohibitions and conditions provided forArticle 10.1Federal Law "On Personal Data";
4) The Company processes personal data for statistical or other research purposes, for the professional activities of a journalist or for scientific, literary or other creative activities, if the rights and legitimate interests of the subject of personal data are not violated;
5) providing the subject of personal data with the information provided for in clause
9.3 of this Policy violates the rights and legitimate interests of third parties.
8.5. When collecting personal data, including through the Internet information and telecommunication network, Firma BIS LLC is obliged to ensure the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, with the exception of cases specified inparagraphs 2,3,4,8 parts 1 article 6Federal Law "On Personal Data".
Made on
Tilda