Privacy policy

Policy regarding the processing of personal data in BUSINESS TOUR LLC

GENERAL PROVISIONS

The Personal Data Processing Policy (hereinafter referred to as the Policy) has been developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” (hereinafter referred to as FZ-152).

This Policy defines the procedure for processing personal data and measures to ensure the security of personal data at BUSINESS TOUR LLC (hereinafter referred to as the Operator) in order to protect human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets.

The following basic concepts are used in Politics:

• automated personal data processing is the processing of personal data using computer technology;
• blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data);
• personal data information system is a set of personal data contained in databases and information technologies and technical means that process them.;
• Depersonalization of personal data is an action that makes it impossible to determine the identity of personal data to a specific personal data subject without using additional information.;
• personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
• operator – a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.;
• personal data – any information relating directly or indirectly to a specific or identifiable natural person (personal data subject);
• providing personal data is an action aimed at disclosing personal data to a specific person or a specific group of people.;
• dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or at familiarizing with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;
• cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.;
• destruction of personal data – actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
• The Operator is obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with Part 2 of art. 18.1. FZ-152.

PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING

Principles of personal data processing

The processing of personal data by the Operator is based on the following principles:

• legality and fair basis;
• restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
• preventing the processing of personal data incompatible with the purposes of personal data collection;
• preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
• processing only those personal data that meet the purposes of their processing;
• compliance of the content and volume of personal data processed with the stated purposes of processing;
• preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
• ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
• destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law.

Confidentiality of personal data

The operator and other persons who have obtained access to personal data are obliged not to disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.

Procedure and conditions of personal data processing

In its activities, the operator ensures compliance with the principles of personal data processing specified in Article 5 of Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data”. Conditions for processing special categories of personal data. These categories of personal data are not processed by the Operator.

Conditions for processing biometric personal data.
Information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity (biometric personal data) and which is used by the Operator to establish the identity of the personal data subject is not processed by the Operator.

Conditions for processing other categories of personal data.
The processing of other categories of personal data is carried out by the Operator in compliance with the following conditions:

• the processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
• The processing of personal data is necessary to achieve the goals stipulated by an international agreement of the Russian Federation or a law, to carry out and fulfill the functions, powers and duties assigned to the operator by the
• legislation of the Russian Federation.;
• The processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party or beneficiary or guarantor, as well as for the conclusion of an agreement on the initiative of the personal data subject or an agreement under which the personal data subject will be the beneficiary or guarantor.
• The operator processes other categories of personal data, both in personal data information systems and without using automation tools.
• The operator carries out cross-border transfer of personal data.
• In order to comply with the legislation of the Russian Federation, to achieve the purposes of processing, as well as in the interests and with the consent of PD subjects, the Operator may provide personal data to the following organizations in the course of its activities: Pension Fund, Social Insurance Fund, Federal Tax Service.
  2.4. Scope and categories of personal data processed, categories of subjects of personal data

Subjects of personal data are:

• Operator’s staff;
• individuals (individual entrepreneurs) with whom civil law contracts have been concluded;
• persons applying for positions of the Company’s employees;
  customers;
• representatives of legal entities;
• users of the Operator’s Website who interact with the Operator through the Website;
  suppliers and performers.

List of personal data of employees

The following personal data of employees are stored on paper:

• Last name, first name, patronymic;
• date of birth;
• Place of birth;
• floor;
• citizenship;
• registration address;
• residential address;
• Contact phone numbers;
• details of the identity document;
• name of the authority that issued the identity document;
• date of issue of the identity document;
• INN;
• SNILS;
• Full name and date of birth of relatives;
• degree of kinship;
• work experience;
• military accounting specialty;
• information about education;
• bank requisites;
• the amount of wages and other charges.
• The list of personal data of the subjects who applied to the Company

The following personal data of the subjects who applied to the Company are stored on paper:

• Last name, first name, patronymic;
• date of birth;
• Place of birth;
• floor;
• citizenship;
• registration address;
• residential address;
• Contact phone numbers;
• details of the identity document;
• name of the authority that issued the identity document;
• date of issue of the identity document;
• INN;
• SNILS;
• bank requisites.
• List of PD of counterparties
• full name of the counterparty
• form (LLC, JSC, etc.)
• short name
• authorized capital
• powers of the head
• powers of the trustee (if necessary)
• licenses (if necessary)
• contact details
• confirmation of the contractor’s qualifications (if necessary)
• balance sheet for the last reporting period

RIGHTS OF THE PERSONAL DATA SUBJECT

Consent of the personal data subject to the processing of his personal data

The personal data subject decides on the provision of his personal data and agrees to their processing freely, voluntarily and in his own interest. Consent to the processing of personal data may be given by the personal data subject or his representative in any form that allows to confirm the fact of its receipt, unless otherwise established by federal law.

Rights of the personal data subject

A personal data subject has the right to receive information from the Operator regarding the processing of his personal data, unless such right is limited in accordance with federal laws. The personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take legally prescribed measures to protect their rights.

The processing of personal data for the purpose of promoting goods, works, and services on the market through direct contact with the personal data subject (potential consumer) by means of communication, as well as for political campaigning purposes, is permitted only with the prior consent of the personal data subject.

The operator is obliged to immediately terminate, at the request of the personal data subject, the processing of his personal data for the above purposes.

It is prohibited to make decisions based solely on automated processing of personal data that give rise to legal consequences with respect to the personal data subject or otherwise affect his rights and legitimate interests, except in cases provided for by federal laws, or with the written consent of the personal data subject.

If the personal data subject believes that the Operator is processing his personal data in violation of the requirements of FZ-152 or otherwise violates his rights and freedoms, the personal data subject has the right to appeal the actions or omissions of the Operator to the Authorized Body for the Protection of the Rights of personal Data subjects or in court.

The personal data subject has the right to protect his rights and legitimate interests, including compensation for damages and (or) compensation for moral damage.

4. Measures to ensure the security of personal data during their processing

When processing personal data, the operator takes all necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data.

Ensuring the security of personal data is achieved, in particular:

• appointment of the person responsible for the organization of personal data processing;
• implementation of internal control over the compliance of personal data processing with Federal Law No. 152-FZ dated 27.07.2006 “On Personal Data” and regulatory legal acts adopted in accordance with it, requirements for
• personal data protection, local acts;
• familiarization of the Operator’s employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection,
• local acts regarding the processing of personal data, and (or) training of these employees;
• the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for personal data protection;
• taking into account personal data carriers;
• detection of unauthorized access to personal data and taking measures;
• recovery of personal data modified or destroyed due to unauthorized access to them;
• control over the measures taken to ensure the security of personal data.

Terms of processing (storage) of personal data

The duration of the processing of personal data begins from the moment they are received by the Operator.

The operator stores personal data in a form that allows determining the subject of personal data for no longer than the purposes of their processing require.

The personal data of the Operator’s employees, including the employee’s relatives, is used during their employment in accordance with the employment contract, as well as during the period of storage of personal files in the archive (50 years) established by law.

Personal data of citizens who have applied to the Operator in accordance with the established procedure is stored in the files of the Operator’s structural divisions for a period determined by the legislation and the nomenclature of the Operator’s affairs (5 years).

Clarification, blocking and destruction of personal data

The purpose of clarifying personal data, including updates and changes, is to ensure the accuracy, completeness and relevance of the personal data processed by the Operator.

Clarification of personal data is carried out by the Operator on his own initiative, at the request of the personal data subject or his representative, at the request of the authorized body for the protection of the rights of personal data subjects in cases where it is established that the personal data is incomplete, outdated, unreliable.

The purpose of blocking personal data is to temporarily stop processing personal data until the circumstances that served as the basis for blocking personal data are eliminated.

The blocking of personal data is carried out by the Operator at the request of the personal data subject or his representative, as well as at the request of the authorized body for the protection of the rights of personal data subjects in case of identification of false personal data or illegal actions with them.

The destruction of personal data is carried out by the Operator:

• upon achieving the purpose of personal data processing;
• in case of loss of the need to achieve the purposes of personal data processing;
• if the personal data subject withdraws consent to the processing of his personal data;
• at the request of the personal data subject or the authorized body for the protection of the rights of personal data subjects in the event that the facts of illegal actions with personal data are revealed by the Operator, when it is not possible to eliminate the relevant violations.
• Upon destruction of tangible personal data carriers, an act on the destruction of media containing personal data is drawn up.

FINAL PROVISIONS

Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data. The Operator’s employees who are guilty of violating the rules governing the processing and protection of personal data bear financial, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by federal laws.