Limited Liability Company
UralHimSorb Trade House
94 Magistralnaya str., office 210, 614032 Perm: Magistralnaya str., office 210;
www.uralhimsorb.ru;
E-mail: market@uraihirnsorb.ru
PERSONAL
DATA PROCESSING RULES
1. Personal data shall be processed at
UralHimSorb Trade House LLC (hereinafter referred to as the Operator) on a
legal basis.
2. Personal data processing at
UralHimSorb Trade House LLC should be limited to achieving specific,
predetermined and legitimate goals. Processing of personal data incompatible
with the purposes of personal data collection is not allowed.
3. Combining databases containing
personal data processed for purposes incompatible with each other is not
allowed.
4. Only personal data that meet the
purposes of their processing shall be processed.
5. The content and volume of the
processed personal data shall correspond to the stated purposes of processing.
The processed personal data should not be redundant in relation to the stated
purposes of their processing.
6. When processing personal data, the
accuracy of personal data, their sufficiency, and, if necessary, relevance to
the purposes of personal data processing should be ensured. The person
responsible for the processing of personal data at UralHimSorb Trade House LLC
should take the necessary measures to delete or clarify incomplete or
inaccurate personal data.
7. Measures aimed at identifying and
preventing violations provided for by law are:
1) internal control of compliance of
personal data processing with the norms of Federal Law No. 152-FZ "On
Personal Data" (hereinafter referred to as the Federal Law) and regulatory
legal acts adopted in accordance therewith on July 27, 2006;
2) assessment of the harm that may be
caused to personal data subjects in case of violation of the Federal Law, the
ratio of this harm and the measures taken by UralHimSorb Trade House LLC aimed
at ensuring the fulfillment of obligations provided for by the Federal Law;
3) familiarization of employees
directly engaged in the processing of personal data with the provisions of the
legislation of the Russian Federation on personal data, including requirements
for the protection of personal data, and (or) training of employees.
8. Ensuring the security of personal
data is achieved, in particular, by:
1) identification of threats to the
security of personal data during their processing in personal data information
systems;
2) application of organizational and
technical measures to ensure the security of personal data during their
processing in personal data information systems necessary to meet the
requirements for the protection of personal data, the implementation of which
ensures the levels of personal data protection established by the Government of
the Russian Federation;
3) carrying out, in accordance with the
established procedure, the procedure for assessing the conformity of
information security tools;
4) assessment of the effectiveness of
the measures taken to ensure the security of personal data before the
commissioning of a personal data information system;
5) accounting computer-based personal
data carriers;
6) detection of unauthorized access to
personal data and taking measures to prevent it;
7) recovery of personal data modified
or destroyed due to unauthorized access to them;
8) establishing rules for access to
personal data processed in the personal data information system, as well as
ensuring registration and accounting of all actions performed with personal data
in the personal data information system.
9. The purpose of processing personal
data at UralHimSorb Trade House LLC is to ensure compliance with laws and other
regulatory legal acts.
10. Personal data shall be stored in a
form that allows determination of the subject of personal data, no longer than
the purposes of personal data processing require, unless the period of personal
data storage is established by the Federal Law, an agreement to which
the subject
of personal data is a party. The processed personal data shall be destructed or
depersonalized upon achievement of the processing purposes or if there is no
further need to achieve these purposes, unless otherwise provided by the
Federal Law.
11. In case of detection of illegal
processing of personal data by the Operator, within a period not exceeding
three business days from the date of this detection, the Operator shall stop
the illegal processing of personal data. If it is impossible to ensure the
legality of the processing of personal data, the Operator shall destroy such
personal data within a period not exceeding ten business days from the date of
detection of illegal processing of personal data. The Operator shall notify the
personal data subject or their representative about the elimination of violations
or destruction of personal data, and if the request of the personal data
subject or their representative or the request of an authorized privacy
authority was sent by the authorized privacy authority, also the specified
authority.
12. If the purpose of personal data
processing is achieved, the Operator shall stop processing personal data and
destroy personal data within a period not exceeding thirty days from the date
of achievement of the purpose of personal data processing, unless otherwise provided
by an agreement to which the subject of personal data is a party, another
agreement between the Operator and the subject of personal data, or if the
Operator is not entitled to process personal data without the consent of the
subject of personal data, on the grounds provided for by the Federal Law or
other federal laws.
13. If the subject of personal data
withdraws consent to the processing of their personal data, the Operator shall
stop processing personal data and destroy personal data within a period not
exceeding three business days from the date of receipt of the withdrawal,
unless otherwise provided by an agreement between the Operator and the subject
of personal data. UralHimSorb Trade House LLC shall notify the subject of
personal data about the destruction of personal data no later than three
business days from the date of destruction.
14. If there is no possibility of
destruction of personal data within the terms specified above, the Operator
shall block such personal data and ensure the destruction of personal data
within a period not exceeding six months, unless another period is established
by federal laws.
1. General Provisions
1.1. Personal Data Processing Policy
(hereinafter — the Policy) is aimed at protecting the rights and freedoms of
individuals whose personal data are processed by Limited Liability Company
UralHimSorb Trade House (hereinafter — the Operator). 1.2. The Policy was
developed in accordance with Clause 2, Part 1, Article 18.1 of Federal Law No.
152-FZ dated July 27, 2006 "On Personal Data" (hereinafter — Federal
Law "On Personal Data"). 1.3. The Policy contains information subject
to disclosure in accordance with Part 1 of Article 14 of Federal Law "On
Personal Data" and is a publicly available document.
2. Information about the Operator
2.1. The Operator performs its activities at:
94 Magistralnaya str., office 210, Perm
3. Information about personal data
processing
3.1. The Operator processes personal data on
a lawful and fair basis in order to perform the functions, powers and duties assigned
by law, exercise the rights and legitimate interests of the Operator,
Operator's employees and third parties 3.2. The Operator receives personal data
directly from the subjects of personal data (hereinafter — PD).
3.3. The Operator processes personal data in
automated and non-automated ways, using and without the use of computer
technology. 3.4. Actions for processing personal data include collection,
recording, systematization, accumulation, storage, clarification (updating,
modification), extraction, use, transfer (distribution, provision, access),
depersonalization, blocking, deletion and destruction.
4. Processing of personal data of
customers
4.1. The Operator processes personal data of
customers within the framework of legal relations with the Operator regulated
by Part Two of the Civil Code of the Russian Federation dated January 26, 1996
No. 14-FZ, (hereinafter — customers).
4.2. The Operator processes the personal data
of customers in order to comply with the legislation of the Russian Federation,
as well as in order to:
— receive appeals and requests from a subject of PD;
— inform about new products, special
promotions and offers; — conclude and fulfil the
conditions of a contract.
4.3. The Operator processes the personal data
of customers with their consent provided by the customers and/or their legal
representatives by performing certain actions on this website, including, but
not limited to, placing an order, signing on the personal account, subscribing
to the newsletter, in accordance with this Policy. 4.4. The Operator processes
the personal data of customers no longer than the purposes of processing
personal data require, unless otherwise provided by the requirements of the
legislation of the Russian Federation.
4.5. The Operator can process the following
personal data of customers: — Last name, first
name, middle name;
— Address;
— Contact phone number;
— E-mail.
4.6. Special categories of personal data are
not processed:
4.6.1. concerning race, nationality;
4.6.2. political stance, religious or
philosophical beliefs;
4.6.3. health and intimate life.
5. Information on ensuring personal
data security
5.1. When processing personal data, the
Operator takes the necessary legal, organizational and technical measures or
causes that such measures are taken to protect personal data from unauthorized
or accidental access to them, destruction, modification, blocking, copying,
provision, dissemination of personal data, as well as from other illegal
actions with respect to personal data.
5.2. Measures to ensure the security of
personal data during their processing, applied by the Operator, are planned and
implemented in order to ensure compliance with the requirements set out in
Article 19 of Federal Law 152 "On Personal Data".
5.3. In accordance with Article 18.1 of
FZ-152, the Operator independently determines the composition and list of
measures necessary and sufficient to ensure compliance with the requirements of
the legislation. The Operator, in particular, has taken the following measures:
- a person responsible for the
organization of PD processing has been appointed;
- local acts on PD processing have
been developed and implemented, as well as local acts establishing procedures
aimed at preventing and detecting violations of established procedures for PD
processing and eliminating the consequences of such violations;
- legal, organizational and
technical measures have been applied to ensure PD security in accordance with
Article 19 of FZ-152;
- internal control of compliance of
PD processing with FZ-152 and regulatory legal acts adopted in accordance with
it, requirements for PD protection, Operator's policy regarding PD processing,
Operator's local acts is implemented;
- assessment of the harm that may be
caused to personal data subjects in case of violation of FZ-152, the ratio of
this harm and the measures taken by the Operator aimed at ensuring the
fulfillment of the obligations provided for by FZ-152 is carried out;
- the Operator's employees who
directly process PD are familiar with the provisions of the legislation of the
Russian Federation on PD, including the requirements for PD protection,
documents defining the Operator's policy regarding PD processing, local acts on
PD processing;
- In addition to the requirements of
152-FZ "On Personal Data", the Operator carries out a set of measures
aimed at protecting information about customers, employees and contractors.
6. Rights of personal data subjects
6.1. Personal data subject has the right to:
— obtain personal data related to the
subject and information related to their processing;
— clarify, block or destroy their
personal data if they are incomplete, outdated, inaccurate, illegally obtained
or are not necessary for the stated purpose
of processing;
— withdraw their consent to the
processing of personal data; — the protection of their rights and legitimate
interests, including compensation for damages and compensation for moral damage
in court;
— to appeal against the actions or
omissions of the Operator to the authorized body for the protection of the
rights of personal data subjects or in court.
6.2. In order to exercise their rights and
legitimate interests, personal data subjects have the right to contact the
Operator or send a request personally or with the help of a representative. The
request must contain the information specified in Part 3 of Article 14 of
Federal Law "On Personal Data".
JOB
DESCRIPTION
OF PERSONAL
DATA PROCESSING
MANAGER
1. The job description of personal data
protection manager (hereinafter —Job Description) was developed in accordance
with Federal Law No. 152- FZ dated July 27, 2006 "On Personal Data"
and other regulatory legal acts.
2. The Job Description defines the
responsibilities, duties and rights of the person appointed responsible for
personal data processing.
3. Personal data processing manager is
responsible for the implementation of internal control over compliance with the
legislation of the Russian Federation on personal data, including the
requirements for the protection of personal data, informing employees of the
relevant subdivision of the provisions of the legislation of the Russian
Federation on personal data, legal acts of UralHimSorb Trade House LLC on the
processing of personal data, requirements to the protection of personal data,
the organization of reception and processing of requests and the control over
the reception and processing of such requests.
4. Personal data processing manager
shall:
- determine the procedure and
conditions for the application of organizational and technical measures to
ensure the security of personal data during their processing, necessary to meet
the requirements for the protection of personal data, the implementation of
which ensures the established levels of personal data security;
- determine the procedure and
conditions for the use of information security tools;
- analyze the effectiveness of the
application of measures to ensure the security of personal data;
- monitor the status of accounting
of computer-based personal data carriers;
- check compliance with the rules of
access to personal data;
- monitor the implementation of
measures to recover personal data modified or destroyed due to unauthorized
access to them;
- ensure the confidentiality of
personal data that became known during internal control measures.
5. Personal data processing manager has
the right to:
- carry out checks to control the
compliance of personal data processing with the requirements for the protection
of personal data;
- require officials responsible for
the processing of personal data to clarify, block or destroy unreliable or
illegally obtained personal data;
- apply measures to suspend or
terminate the processing of personal data carried out in violation of the
requirements of the legislation of the Russian Federation;
- make proposals on improving the
legal, technical and organizational regulation of ensuring the security of
personal data during their processing;
- make proposals on bringing to
disciplinary responsibility employees of UralHimSorb Trade House LLC violating
the legislation of the Russian Federation regarding the processing of personal
data.
January 10, 2022 O. V. Shergina