Policy for the protection of personal data
Article 1. GENERAL PROVISIONS
In the process of carrying out the statutory activities, the Models Laboratory Limited Liability Company (hereinafter referred to as the Company) processes personal data. By processing personal data (hereinafter also - PD). The Company considers as its most important tasks the observance of the principles of legality, fairness and confidentiality in the processing of personal data. The Company is responsible for maintaining the confidentiality and security of the personal data processed.
This Policy for the protection of personal data in LLC “Models Laboratory” (hereinafter referred to as the Policy) ensures the implementation of the requirements of the legislation of the Russian Federation in the field of processing personal data of personal data subjects. The Policy discloses the main categories of personal data processed by the Company, the goals, methods and principles of the Company's processing of personal data, the rights and obligations of the Company when processing personal data, the rights of personal data subjects, as well as measures taken by the Company to ensure the security of personal data during their processing .
This Policy applies to all cases of processing of personal data by the Company, regardless of whether the processing of personal data is automated or not automated, it is done manually or automatically.
This Policy is an internal local regulatory enactment of the Company and is binding for all departments and Employees of the Company.
Every employee newly recruited to the Company during the first induction should be familiar with this Policy.
This Policy is approved by the General Director oversees compliance with the Policy in the Company.
The term of this Policy is two years after its approval. The policy is subject to revision at least once every two years. The new version of the revised Policy is approved by the General Director of the Company.
Responsibility for updating this Policy and current control over the implementation of the norms of the Policy rests with the authorized officer appointed by the order of the Company responsible for organizing the processing and protection of personal data.
The Company, on the basis of the requirements of this Policy, develops all internal local acts and other documents of the Company related to the processing of PD.
This Policy is a publicly available document. To ensure unrestricted access to the document, the text of this Policy is posted on the public website: www.lab-model.com.
Article 2. BASIC TERMS
Policy - a local local regulatory act approved by the General Director of the Company - “Policy for the protection of personal data in Limited Liability Company“ Laboratory of Models ”.
Personal data (PDN) - any information relating to directly or indirectly determined, or defined by an individual - the subject of personal data.
Personal data processing - any action with personal data, performed with the use of automation tools or without the use of such tools.
The subject of personal data is an identified or unidentified individual in relation to which the personal data is being processed.
An employee is an individual (subject of personal data) who has entered into an employment contract with the Company.
Applicant is a natural person (personal data subject) who submitted personal data to the Company with a proposal to conclude an employment contract.
Partner - a legal entity or an individual entrepreneur, personal data operator, with whom the Company has contractual relations, in fulfillment of obligations under which the Partner entrusts the Company as a third party with the processing of PD Clients.
The client is an individual who orders non-food products and services (personal data subject), who has entered into an agreement with the Company or a Partner, formed by the Company; or an individual - a buyer (personal data subject), on whose behalf the customer of goods and services has entered into an agreement with the Company or a Partner, which is formed by the Company.
Other individual - an individual (personal data subject) who has entered into an agreement with the Company for the provision of a certain type of services or works or an employee of the Partner.
Visitor - a natural person (personal data subject) who is not an Employee and legally obtained admission to the Company's premises.
Authorized employee - An employee appointed by the order of the Director General of the Company responsible for ensuring information security and protection of personal data.
Dissemination of personal data - personal data to an indefinite circle of persons.
Provision of personal data - actions directed to personal data to a specific person or a specific circle of persons.
Article 3. BASIC PROVISIONS
1. Legal grounds for PD processing
The Company is obliged to process personal data only on a legal and fair basis.
The Company's policy in the field of personal data processing is determined in accordance with the following regulatory legal acts of the Russian Federation:
Constitution of the Russian Federation
Labor Code of the Russian Federation
Civil Code of the Russian Federation
Tax Code of the Russian Federation
Federal Law of December 19, 2005 No. 160-ФЗ “On Ratification of the Council of Europe Convention on the Protection of Individuals with the Automated Processing of Personal Data”
Federal Law of 27.07.2006 No 152-ФЗ “On Personal Data”
Federal Law of 27.07.2006 No 149-ФЗ “On Information, Information Technologies and Information Protection”
Federal Law No 2300-1 of February 07, 1992 on the Protection of Consumer Rights
Federal Law of 29.11.2010 No 326-ФЗ “On Compulsory Medical Insurance in the Russian Federation”
Federal law of 15.12.2001 No 167-FZ "On Compulsory Pension Insurance in the Russian Federation"
Federal Law No. 165-FZ of July 16, 1999 “On the Basics of Compulsory Social Insurance”
Federal Law No. 14-ФЗ of February 8, 1998, “On Limited Liability Companies”
Decree of the Government of the Russian Federation dated November 01, 2012 No 1119 “On approval of the requirement for the protection of personal data when it is processed in personal data information systems”
Decree of the Government of the Russian Federation of September 15, 2008 No 687 “On Approval of the Regulation on Peculiarities of Processing Personal Data Performed Without Using Automation Tools”.
The processing of personal data may not be used by the Company or its Employees for the purpose of inflicting material and moral damage to the subjects of personal data, impeding the exercise of their rights and freedoms.
The processing of personal data in the Company should be limited to the achievement of legitimate, specific and predetermined goals. Only those personal data are subject to processing, and only to the extent that meet the purposes of their processing.
All local regulations adopted by the Company governing the processing of personal data in the Company are developed on the basis of this Policy.
2. Objectives of PD processing
The Company processes personal data solely for the purpose of:
a) implementation of the functions entrusted to the Company by the Charter and the legislation of the Russian Federation in accordance with the regulatory acts specified in paragraph 1. Article 3. Policies;
b) organizing the accounting of the Company's employees in accordance with the requirements of laws and other regulatory acts, assisting them in their career growth and employment, in training, for health insurance and for providing them with other benefits and compensations;
c) the decision to enter into an employment contract with the Applicant;
d) the fulfillment of the Company's obligations and the exercise of the Company's rights under the contracts concluded with Clients in accordance with the legislation of the Russian Federation;
e) the fulfillment of the Company's obligations and the exercise of the Company's rights under the concluded contracts, of which either the beneficiary or the guarantor is a party, under which the Client is, and also for entering into contracts on the initiative of the Client or of contracts under which the Client will be the beneficiary or guarantor;
g) fulfillment of the Company's obligations and the exercise of the Company's rights under agreements concluded with Partners in accordance with the legislation of the Russian Federation;
h) the fulfillment of the Company's obligations and the exercise of the Company's rights under agreements concluded with other individuals or legal entities in accordance with the provisions of the Civil Code of the Russian Federation;
i) to fulfill the Company's obligations and exercise the Company's rights in legal proceedings on claims against the Company of Employees, Clients or Partners, or claims of the Company against Employees, Clients or Partners within the framework of the Civil Procedure Code of the Russian Federation, the Arbitration Procedure Code of the Russian Federation, the Code of the Russian Federation administrative offenses;
j) to fulfill the obligations of the Company and exercise the Company's rights in carrying out claims filing on complaints to the Company of Employees, Customers or Partners, or the Company's claims on Employees, Customers and Partners in the framework of the Civil Code of the Russian Federation; Civil Procedure Code of the Russian Federation, Arbitration Procedure Code of the Russian Federation, Code of the Russian Federation on administrative offenses;
l) the processing of personal data, access by an unlimited number of persons to which is provided by the Employee or the Client or at their request;
m) performing marketing and advertising activities in order to establish and further develop relations with Clients and Partners;
m) implementation of access control and intra-object regime in the Company's premises.
The Company does not process special categories of personal data relating to race, nationality, political opinion, religious or philosophical beliefs, intimate life, criminal record.
In the event that in order to achieve the above purposes of processing personal data, the Company needs to process biometric personal data or health related data, then such processing is carried out only on the basis of the consent of the subject of personal data. The processing of special categories of personal data should be immediately terminated if the reasons for which it was carried out are eliminated.
3. Employee admission to PD processing
Personal data in the Company may be processed only by authorized employees in the prescribed manner.
Employees in the Company are allowed to process personal data only by decision of the General Director.
Employees admitted to the processing of personal data in the Company have the right to start working with personal data only after they have been personally inspected with local regulations governing the processing of personal data in the Company.
Employees who process personal data in the Company must act in accordance with the job descriptions, regulations and other administrative documents of the Company, and comply with the Company's confidentiality requirements.
4. Receiving PD, their categories, shelf life
The Company receives personal data only on the basis that the subject of personal data decides to provide the Company with his personal data and gives consent to their processing freely, by his own will and in his interest. Consent to the processing of personal data must be specific, informed and conscious. Consent to the processing of personal data may be given by the subject of personal data or his representative in any form, allowing to confirm the fact of its receipt. As a rule, such consent is given when concluding written agreements with the Company or Partners, or in the form of a subject performing personal data on conspicuous actions on the Company's Internet site or Partners' websites.
Consent to the processing of personal data may be withdrawn by the subject of personal data
The Company processes the following categories of personal data:
a) Personal data of Employees. Sources of receipt: from subjects of personal data, on the basis of labor contracts concluded and Federal Law No. 14-ФЗ dated February 8, 1998 “On Limited Liability Companies”.
b) Customer Personal Data. Sources of receipt: from the subjects of personal data or Partners, on the basis of concluded contracts.
c) Personal data of Partners and their representatives. Sources of receipt: from the subjects of personal data or Partners, on the basis of concluded contracts.
d) Visitors' personal data. Sources of receipt: from the subjects of personal data.
e) Applicants' personal data. Sources of receipt: from the subjects of personal data.
The terms of processing and storage of personal data are determined in accordance with the term of the contract with the subject of personal data, the limitation period, the storage of documents established by the Order of the Ministry of Culture of the Russian Federation dated August 25, 2010 No 558 "On approving the list of typical administrative archive documents formed in the process of activities of state bodies, local self-government bodies and organizations, with an indication of the periods of storage ", other requirements of legislation documents, as well as the term of the consent given by the subject for processing personal, in cases where such consent must be provided in accordance with the requirements of the law.
5. Transfer of PD to third parties
The transfer of personal data is carried out by the Company solely for the achievement of the objectives stated for the processing of personal data in paragraph 2. this article policy.
The transfer of personal data to third parties is carried out either with the written consent of the personal data subject, which is drawn up in the form prescribed by law, or for the execution of the contract, to which the personal data subject is a party or beneficiary or guarantor, as well as to enter into a contract initiated by the personal data subject or a contract under which the subject of personal data will be a beneficiary or guarantor, or in cases when it is necessary in order to prevent threats to life and health of the personal data subject; or in other cases established by federal law.
The transfer of personal data to third parties is carried out by the Company only on the basis of a relevant agreement with a third party, the essential condition of which is the obligation to ensure the third party confidentiality of personal data and the security of personal data during their processing.
In order to comply with the legislation of the Russian Federation, in order to achieve the processing objectives, as well as in the interests and with the consent of the subjects of personal data, the Company in the course of its activities provides personal data to the following third parties.
a) The personal data of the Employees on the basis of an employment contract and / or written consent are transferred to the following organizations:
- to the bank - to issue a non-cash account, to which the Company will transfer the salary and other incomes of the Employee, provided that the Company informs the Employee in advance of the name and address of the bank.
- To credit organizations to which the Employee applied for processing loans, loans or receiving other services, provided that the Employee informs the Employer in advance of the names of the said credit institutions.
- Insurance company - to apply for a voluntary medical insurance policy, provided that the Company informs the Employee in advance of the name and address of this insurance company.
- Printing organization or printing house - for the manufacture of business cards of the Employee, provided that the Company informs them in advance of the name and address of this printing company.
- to the Landlord - for registration to the Employee of the permit to the territory and to the building in which the office of the Company is located, provided that the Company informs them in advance of the name and address of the given Landlord.
- To a private security company that protects the premises in which the Company's office is located, provided that the Company informs the Employee in advance of the name and address of this private security company.
- To a private security company that protects the premises in which the Company's office is located, provided that the Company informs the Employee in advance of the name and address of this private security company.
- To the Company's Partners - to fulfill the obligations imposed on the Company by contracts and other legal transactions, the fulfillment of which is stipulated by the official duties of the Employee, provided that the Company informs the Employee in advance of the names and addresses of these organizations.
- Ambassadorial and consular missions of foreign countries, visa centers - for the Company to fulfill official requests for the provision of entry visas to the Employee, provided that the Employee will notify the names of these organizations in advance.
- Russian and foreign organizations organizing and / or carrying out aviation, and / or railway and / or road transportation of the Employee, provided that the Employee will notify the names of these organizations in advance.
- To tax authorities, units of the Pension Fund of the Russian Federation, divisions of the Federal Migration Service of Russia, employment centers for the fulfillment of obligations imposed on the Company by legislative and regulatory acts, as well as the execution of legal official requests relating to the Employee.
b) Personal data of Clients in accordance with a written contract entered into with the Company or by Partners, and / or with the written consent of the personal entity, the Company on the basis of contracts transfers to the following third parties below:
- Partners of the Company for the fulfillment of the Company's obligations under the concluded agreements, of which the party is either a beneficiary or guarantor, under which the Customer is, as well as for entering into agreements on the initiative of the Customer or contracts under which the Customer will be the beneficiary or guarantor.
- Banks - for non-cash transfer of funds in payment for services ordered by the Client.
- to credit organizations to which the Client, through the mediation of the Company, applied for a loan to pay for non-food products and services ordered by them.
- Tax and law enforcement agencies - to fulfill the obligations imposed on the Company by legislative and regulatory acts, as well as the execution of legal official requests relating to the Client;
- Russian and foreign organizations organizing and / or property insurance of the clients' interests and their financial risks.
6. Obtaining by the Company as a third party of personal data from Partners
Obtaining personal data of Clients from Partners - personal data operators, is carried out by the Company solely for the achievement of the goals stated for processing personal data in clause 2. of this article of the Policy, and on the basis of written agreements concluded with Partners.
In the text of contracts with Partners, the purposes of processing personal data, the list of operations with them are determined, and the Company is obliged to respect the confidentiality of personal data and ensure the safety of personal data during their processing, as well as the requirements for the protection of personal data being processed.
The Company, processing personal data on behalf of the Partner, is not required to obtain the consent of the subject of personal data to the processing of his personal data. In this case, the responsibility to the subject of personal data for the actions of the Company shall be borne by the Partner. The Company, carrying out the processing of personal data on behalf of the Partner, is liable to the Partner.
7. Measures to ensure the safety of PD when processing them
Prior to the processing of personal data, the Company took legal, technical and organizational measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, submission, dissemination, as well as from other illegal actions in relation to them. Ensuring the security of personal data is achieved, in particular, in the following ways:
Entry in the Company of the confidentiality of personal data, when all documents and information containing information about personal data are confidential in the Company.
The organization of the security regime of the premises in which information systems are placed that prevents the possibility of uncontrolled penetration or stay in these premises of persons who do not have the right of access to these premises.
Approval of the complete list of personal data and other objects to be protected in the Company.
Ensuring the non-proliferation of documents and information containing information about personal data, without the consent of the subject of personal data, or the availability of other legal grounds.
The appointment of an authorized officer responsible for organizing the processing of personal data.
Introducing the personal responsibility of the managers of the Company and its divisions for ensuring the security mode of personal data during their processing is ensured.
Approval of the list of persons engaged in the processing of personal data in the Company or having access to it.
Determining the type of threats to the security of personal data relevant to the Company's information systems, taking into account the assessment of possible harm that may be caused to the subjects of personal data.
The development and approval of local regulations governing the duties of officials in charge of processing and protecting personal data in the Company, their responsibility for compromising personal data.
Internal control and audit of the compliance of personal data processing with the Federal Law of 27.07.2006 No 152-ФЗ “On Personal Data” and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, and local acts.
The prohibition for Workers engaged in the processing of personal data to conduct unauthorized or unregistered copying of personal data, including using removable media, mobile devices for copying and transferring information, communication ports and input-output devices that implement various interfaces (including wireless ones) that store mobile devices (for example, laptops, personal digital assistants, smartphones, mobile phones), as well as photo and video devices de-filming.
Ensuring the safety of carriers of personal data.
Using information security tools that have undergone a procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, in the event that the use of such tools is necessary to neutralize actual threats.
Acquaintance of the Company's Employees who directly process personal data with the provisions of the Russian Federation legislation on personal data, including requirements for the protection of personal data, local acts regarding the processing of personal data, and the training of specified employees.
Allocation of specific places for storage of personal data (material carriers), which are processed by the Company and the organization of the security regime for premises and storage places for personal data carriers PD.
Providing separate storage of personal data (material carriers), processing of which is carried out without the use of automation tools and for various purposes.
Recording personal data processing documents without using automated systems in separate office work, storing documents with the “Personal data” mark in securely locked cabinets and safes, the keys of which are stored only in the Employees responsible for this activity.
Identifying threats to the security of personal data when it is processed in personal data information systems.
The use of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data.
Evaluation of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.
Accounting for machine media personal data.
Identifying the facts of unauthorized access to personal data and taking appropriate measures.
Restoration of personal data modified or destroyed due to unauthorized access to them.
Establishment of the rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system.
Providing access to the content of the electronic message log only for the Company's Employees or an authorized employee, who need the information contained in this journal to fulfill their job duties.
8. Rights and obligations of the subject of PD
The subject of personal data has the right to:
- to receive information about the Company, its location, the availability of the Company's personal data relating to the relevant subject of personal data, as well as acquaintance with such personal data;
- require the Company to clarify its personal data, to block or destroy it if personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
- require the termination of the processing of their personal data;
- to receive information concerning the processing of his personal data, including containing: confirmation of the fact of processing of personal data by the Company, as well as the purpose of such processing; methods of processing personal data used by the Company; information about persons who have access to personal data or who may be granted such access; the list of processed personal data and the source of their receipt; terms of processing personal data, including the periods of their storage; information on what legal consequences for the subject of personal data may entail the processing of his personal data.
The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including in the following cases:
- If the processing of personal data, including those obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out in order to strengthen the defense of the country, ensure the security of the state and protect the rule of law.
- Provided that the processing of personal data is made by the bodies that detained the personal data subject on suspicion of committing a crime, or charged the personal data subject in a criminal case, or applied a personal measure to the personal data subject before a charge, except as provided by the criminal procedure the legislation of the Russian Federation when the suspect or the accused is allowed to familiarize himself with such personal data and.
- If the processing of personal data is carried out in accordance with the legislation on countering the legalization (laundering) of criminal proceeds and the financing of terrorism.
- When the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.
In order to exercise their rights and protect their legitimate interests, the subject of personal data has the right to appeal to the Company. The Company considers any appeals and complaints from the subjects of personal data, thoroughly investigates violations and takes all necessary measures for their immediate elimination, punishment of the guilty persons and settlement of disputed and conflict situations in the pretrial order.
The personal data subject has the right to appeal against the actions or omissions of the Company by contacting the authorized body for the protection of the rights of personal data subjects.
The subject of personal data has the right to protect their rights and legitimate interests, including compensation of damages and / or compensation for moral damage in a court of law.
The personal data subject is obliged to provide only reliable and complete personal data, which, if necessary, must be documented.
9. The procedure for providing information to the subject of personal data
Access to their personal data is provided to the subject of personal data or its legal representative by the Company when applying or upon receiving a request from the subject of personal data or its legal representative. The request must contain the number of the main document certifying the identity of the subject of personal data or his legal representative, information about the date of issue of the specified document and the issuing authority and the handwritten signature of the subject of personal data or his legal representative. 8The request may be sent in electronic form and signed with an electronic digital signature in accordance with the legislation of the Russian Federation.
The Company informs the subject of personal data or its legal representative information about the availability of personal data relating to the relevant subject of personal data, as well as to provide the opportunity to get acquainted with them when the subject of personal data or its legal representative is contacted or within ten working days data or its legal representative.
The right of the subject of personal data to access his personal data is limited if the provision of personal data violates the constitutional rights and freedoms of others.
An unlawful refusal to provide documents collected in the prescribed manner containing personal data, or the late submission of such documents or other information in cases provided by law, or the provision of incomplete or deliberately false information may result in the imposition of an administrative fine on officials in the amount determined by the Administrative Code offenses.
You can use the capabilities of our website www.lab-model.com to pre-order non-food products and services. At the same time, by providing Lab Models LLC your personal data and performing impartial actions by clicking “I agree”, you express your consent and give your permission to process your personal data in the manner provided for in this Policy. If you do not agree with the provisions of this Policy, we ask you to refrain from using this Internet site and transfer to LLC “LabModel” of your personal data.
10. Responsibility for PD security
The Company is responsible for the development, introduction and effectiveness of the rules governing the receipt, processing and protection of personal data complying with legal requirements. The Company secures the personal responsibility of the Employees for the compliance with the confidentiality regime established by the Company.
The head of the department is personally responsible for the compliance by the Employees of its department with the rules governing the receipt, processing and protection of personal data. A manager who allows an employee to access documents and information containing personal data is personally responsible for this permission.
Each Employee of the Company who receives a document containing personal data for work is solely responsible for the safety of the carrier and the confidentiality of information.
Employees guilty of violating the rules governing the receipt, processing and protection of personal data are subject to disciplinary, administrative, civil or criminal liability in accordance with federal laws.
The Company shall not be liable for losses and other expenses incurred by personal data subjects as a result of the provision of unreliable and incomplete personal data.
Article 4. INFORMATION ABOUT THE COMPANY AND CONTROL BODIES
Limited Liability Company "LabModel" (LLC "LabModel")
PSRN 1177847043550
Jur. Address: 199155, St. Petersburg, Kim Avenue, 6 lit. A room 10
Mailing address: 199155, St. Petersburg, Kim Avenue, 6 lit. A room 265
Phone: +7 (981) 981 3580
Website address: www.lab-model.com
E-mail addresses (e-mail) info@lab-model.com
If, after reviewing this Policy, you still have questions, you can get explanations on all issues of interest to you by sending a request to the person responsible for organizing the processing and ensuring the safety of PD, as well as by email info@lab-model.com.
Controlling organizations authorized in the field of protection of the rights of subjects of personal data:
- Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Communications (Roskomnadzor):
Address: BOX 1048, St. Petersburg, 190000 ul Galernaya, 27
Phone: (812) 571-27-31; Fax (812) 678-95-57
General email address: rsockanc78@rkn.gov.ru
- Office of the Federal Service for Supervision of Communications, Information Technology and Mass Communications in the North-West Federal District (including the territorial body of Roskomnadzor in St. Petersburg and the Leningrad Region)
Postal address (for sending correspondence): VOC 1048, St. Petersburg, 190000
Address of the reception: St. Petersburg, st. Sadovaya, d. 14/52, 5 floor, room. 504.
Reception phone: (812) 678-95-26; fax reception: (812) 678-95-57, 571-27-31
General email address: rsockanc78@rkn.gov.ru
Website: www.78.rkn.gov.ru
LabModel company
INFORMATION
ABOUT
We are engaged in the design, development and production of prefabricated models and parts, accessories for trucks in scale 1/14.
The products of our company are compatible with all standard sets of trucks models.
FOLLOW US
CONTACTS
"Labmodel" LLC
Saint-Petersburg, Russia
By continuing to use the site, you consent to the use of cookies by the site and the processing of personal data in order to operate the site, conduct retargeting, statistical research, improve the service and provide relevant advertising information based on your preferences and interests.
"LabModel" LLC © 2017-2021 At full or partial use of materials from the site, a link to the source is required. All rights reserved. The trademark is the property of the company.