Terms of agreement for the processing of personal data
Policy regarding the processing of personal data of SLS-GROUP LLC (as amended on June 30, 2017)
1. General provisions.
1.1 This document defines the policy of SLS-GROUP LLC (hereinafter referred to as the Company) regarding the processing of personal data and sets out a system of basic principles applied in relation to the processing of personal data in the Company.
1.2 This Policy applies to all actions performed in the Company with personal data using or without the use of automation tools.
1.3 This Policy is mandatory for familiarization and execution by all persons authorized to process personal data in the Company and persons involved in organizing the processing and ensuring the security of personal data in the Company.
1.4 This Policy has been drawn up in accordance with the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006.
1.5 This Policy is subject to updating in the event of changes in the legislation of the Russian Federation on personal data.
2. Introduction
2.1 The company is the operator of personal data.
2.2 An important condition for achieving the goals of the Company’s activities is to ensure the protection of the rights and freedoms of the subject of personal data when processing his personal data.
2.3 The Company has developed and put into effect documents establishing the procedure for processing and ensuring the security of personal data, which ensure compliance with the requirements of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and regulatory legal acts adopted in accordance with it.
3. Principles and conditions for processing personal data at SLS-GROUP LLC
3.1 The company, being an operator, processes the following personal data:
– applicants for vacant positions – in the composition and for the period necessary for the Company to make a decision to accept or refuse employment (conclude an employment contract), as well as for the formation of a personnel reserve with the consent of the subjects of personal data
– employees who are or have been in labor relations with the Company - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, to implement and fulfill the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company; for concluding and executing an agreement to which the subject of personal data is a party or beneficiary or guarantor, including for the purpose of providing health insurance; to form a personnel reserve with the consent of the subjects of personal data;
– relatives of the Company’s employees – in the composition and for the period necessary for the implementation and fulfillment of the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company, as well as for the purpose of providing medical insurance with the consent of the subjects of personal data;
– representatives of the Company’s suppliers – legal entities – in the composition and for the period necessary to interact with suppliers;
– suppliers – individuals – in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, to implement and fulfill the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company, as well as to conclude and execute an agreement to which the subject of personal data is a party or beneficiary or guarantor;
– counterparties (under an agreement) who enter into, are or have been in contractual or other civil relations with the Company in the composition and period necessary to achieve the goals provided for by the legislation of the Russian Federation, the implementation and fulfillment of the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company; for concluding and executing an agreement to which the subject of personal data is a party or beneficiary or guarantor;
- proxies of counterparties - in the composition and for the period necessary for the conclusion and execution of an agreement to which the counterparty is a party or beneficiary or guarantor;
– visitors to the site www.horizonsecurity.ae – including (information about the device, device operating system and mobile phone model of the site visitor, unique identifier of the site visitor) and the period necessary for collecting marketing and statistical information with the consent of the subjects of personal data.
3.2 The terms for processing personal data are determined taking into account: – the established purposes of processing personal data;
– validity periods of contracts with personal data subjects and consents of personal data subjects to the processing of their personal data;
– deadlines determined by the Order of the Ministry of Culture of the Russian Federation dated August 25, 2010. No. 558 “On approval of the “List of standard management archival documents generated in the process of activities of state bodies, local governments and organizations, indicating storage periods.”
3.3 The company processes personal data on a legal and fair basis.
3.4 When processing personal data, their accuracy, sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data are ensured.
3.5 The Company does not disclose or distribute personal data to third parties without the consent of the subject of personal data (unless otherwise provided by the federal law of the Russian Federation).
3.6 The company processes special categories of personal data of certain categories of personal data subjects. At the same time, the Company complies with the requirements for processing special categories of personal data provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the Labor Code of the Russian Federation.
3.7 The company does not process biometric personal data.
3.8 The company carries out cross-border transfer of personal data. At the same time, the Company complies with the requirements for cross-border transfer of personal data provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006.
3.9 The Company does not make decisions that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, based solely on automated processing of personal data.
3.10 The company entrusts the processing of personal data to other persons. At the same time, the Company fulfills the requirements for the assignment of processing personal data provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006.
3.11 The company processes personal data using and without automation tools. At the same time, the Company complies with the requirements for automated and non-automated processing of personal data provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it.
4. Rights of subjects of personal data processed by the Company.
The subject of personal data has the right to receive information regarding the processing of his personal data. To obtain this information, the subject of personal data can send a written request (the request can also be sent in the form of an electronic document and signed with an electronic signature) to the address: in the manner established by Article 14 of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006.
5. Performance of operator duties by the Company.
5.1 The company receives personal data from subjects of personal data and from third parties (persons who are not subjects of personal data). At the same time, the Company fulfills the obligations provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the Labor Code of the Russian Federation when collecting personal data.
5.2 The company stops processing personal data in the following cases:
– upon achieving the goals of their processing, or in case of loss of the need to achieve these goals;
– at the request of the subject of personal data, if the personal data processed by the Company is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
– in case of detection of unlawful processing of personal data, if it is impossible to ensure the legality of the processing of personal data;
– in the event that the subject of personal data withdraws consent to the processing of his personal data or the expiration of such consent (if personal data is processed by the Company solely on the basis of the consent of the subject of personal data);
– in case of liquidation of the Company.
5.3 To ensure the fulfillment of the obligations provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, the following measures have been taken:
– a person responsible for organizing the processing of personal data has been appointed;
– local acts have been issued on the issues of processing and ensuring the security of personal data, as well as local acts establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation, eliminating the consequences of such violations:
a) Regulations on the processing of personal data;
b) this Policy;
c) other local acts on the processing and security of personal data;
– legal, organizational and technical measures have been applied to ensure the security of personal data;
– internal control is carried out over the compliance of the processing of personal data with the requirements of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, this Policy, and local acts of the Company;
– an assessment of the harm that may be caused to personal data subjects in the event of violation of the requirements of federal legislation on personal data was carried out, a correlation was made between the said harm and the measures taken by the Company aimed at ensuring the fulfillment of the obligations provided for by the requirements of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it;
– Company employees directly involved in the processing of personal data are familiar with the provisions of the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006 and the regulatory legal acts adopted in accordance with it, this Policy and local acts of the Company on the processing of personal data.
5.4 The Company implements the following requirements for the protection of personal data:
– a security regime has been organized for the premises in which information systems are located, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have access to these premises;
– ensuring the safety of personal data carriers has been implemented;
– the head of the Company approved a document defining a list of persons whose access to personal data processed in information systems is necessary for them to perform their official (labor) duties;
– information security tools are used that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security;
– an employee responsible for ensuring the security of personal data in information systems has been appointed;
– the requirements established by the Decree of the Government of the Russian Federation of September 15, 2008 No. 687 “On approval of the Regulations on the specifics of processing personal data carried out without the use of automation tools” have been implemented.