This policy describes how the REAB website and its owner accept, process, use, store and protect your personal data.
Your use of the REAB website means your acceptance of this policy. If you do not accept this policy, you must stop using this website.
Version 1.0
Moscow
2022
1.1. This policy regarding the processing of personal data (hereinafter the «Policy») has been developed in pursuance of the requirements of paragraph 2 of part 1 of article 18.1 of the Federal Law dated July 27th, 2006 No. 152-FZ "On Personal Data" (hereinafter the «Law on Personal Data») in order to ensure the protection of the rights and freedoms of a human and citizen in the processing of its personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. This Policy applies to the following categories of personal data subjects processed by the Operator:
1.3. Basic definitions used in the Policy:
Personal data — any information relating directly or indirectly to a definite or identifiable natural person (subject of personal data);
Personal data operator (Operator) — LLC "REAB", PSRN (OGRN) 1076606000063, TIN/KPP 6606023960/667101001, Uspensky lane, 4A, office 4, Russia, Moscow, independently or jointly with other parties organizes and (or) carries out the processing of personal data, and also determines the purposes of processing of personal data, the details of personal data to be processed, actions (operations ) committed with personal data;
Personal data processing — any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. The processing of personal data includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
Automated processing of personal data — processing of personal data using computer technology;
Dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons;
Provision of personal data — actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Blocking of personal data — temporary suspension of the processing of personal data (except where the processing is necessary to clarify personal data);
Destruction of personal data — actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
Anonymization of personal data — actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
Personal Data Information System — details of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
1.4.1. The Operator has the right:
1.4.2. The Operator is obliged:
1.5. Basic rights of personal data subjects. The subject of personal data has the right:
The subject of personal data can exercise the rights to receive information regarding the processing of its personal data, as well as the right to clarify its personal data, block or destroy it by contacting the Operator with a corresponding request at: Uspensky lane, 4A, office 4, Russia, Moscow, 127006, or by contacting the Operator with a corresponding request by e-mail kalinin@reab.pro and skorokhodov@reab.pro In both cases, the request should be executed in compliance with the requirements of Article 7.1. hereof.
1.6. Control over the fulfillment of the requirements hereof is carried out by an authorized person responsible for organizing the processing of personal data in the Operator.
1.7. Responsibility for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in execution of which and in accordance with which the Operator processes personal data, including:
3.2. The legal basis for the processing of personal data is also:
4.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of collecting of personal data is prohibited. Only personal data that meet the purposes of its processing are subject to processing.
4.2. The content and scope of the processed personal data shall comply with the stated purposes of processing provided for in this section. The processed personal data shall not be excessive in relation to the stated purposes of its processing.
4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:
4.3.1.1. The Operator processes the personal data of employees for the following purpose(s):
4.3.1.2. When concluding an employment contract, employees give written consent to the Operator for the processing of its personal data. The content of the employee's consent shall be specific and informed, that is, contain information that allows one to unambiguously draw a conclusion about the purposes, methods of processing, indicating the actions performed with personal data, the amount of personal data being processed.
4.3.1.3. When concluding an employment contract, employees provide the Operator with the following documents containing its personal data:
4.3.1.4. In the case of the initial conclusion of an employment contract with employees, a work record book, an insurance certificate of state pension insurance is issued by the Operator.
4.3.1.5. In the event that other documents are required for the employment of an employee in accordance with the legislation, the Operator applies to the person applying for a work with a request to provide such documents containing personal data.
4.3.1.6. If required by the above purposes, the Operator processes the following categories of personal data of employees:
General:
4.3.1.7. Processing by the Operator of biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish its identity) is not carried out.
4.3.1.8. Processing by the Operator of special categories of personal data of employees relating to information about the state of health of employees necessary to determine suitability for the performance of assigned work and the prevention of occupational diseases, as provided for by the current legislation of the Russian Federation, as well as data from a medical book, certificates and vaccination certificates, is carried out in accordance with the requirements legislation of the Russian Federation.
4.3.1.9. The list of actions performed by the Operator with personal data of employees: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.3.1.10. The Operator carries out mixed processing of personal data of employees with transmission over the internal network, with transmission over the Internet.
4.3.1.11. The Operator has the right to process personal data of dismissed employees in cases and within the time limits stipulated by the legislation of the Russian Federation. Such cases, among other things, include the processing of personal data in the framework of accounting and tax accounting, including to ensure the safety of documents necessary for the calculation, withholding and transfer of tax.
4.3.1.12. The operator is obliged to store accounting documentation for the periods established in accordance with the rules for organizing state archives, but at the same time, the minimum storage period cannot be less than 5 (five) years.
4.3.1.13. After the expiration of the periods determined by the legislation of the Russian Federation, the personal files of employees and other documents are transferred for archival storage for a period of 50 years. The processing of this information does not require compliance with the conditions related to obtaining consent to the processing of personal data. Consent of employees to the processing of their personal data in cases provided for in Clauses 4.3.1.11—4.3.1.12 hereof is not required.
4.3.1.14. Disclosure to third parties and distribution of personal data without the consent of the employee is prohibited, unless otherwise provided by federal law.
4.3.1.15. When transferring personal data of an employee, the Operator shall comply with the following requirements:
4.3.1.16. The Operator does not carry out cross-border transfer of personal data of employees.
4.3.1.17. Employees are required to familiarize themselves against signature with the Operator's local regulations that establish the procedure for processing personal data, as well as their rights and obligations in this area.
4.3.2.1. The Operator processes the personal data of applicants for vacant positions for the following purpose(s):
4.3.2.2. Obtaining consent from applicants for vacant positions is carried out in the event of an invitation to an interview.
4.3.2.3. Applicants for vacant positions send its personal data to the Operator directly to an email address or via specialized Internet resources (vacancy aggregators).
4.3.2.4. Placement of resumes for vacant positions by applicants of resumes on electronic Internet resources (vacancy aggregators) is carried out in accordance with the rules of these resources. By sending a resume to the Operator's e-mail, applicants for vacant positions thereby consent in a conclusive form to the processing of its personal data.
4.3.2.5. For the abovementioned purposes, the Operator processes the following categories of personal data of applicants for vacant positions:
4.3.2.6. Processing of biometric personal data of applicants for vacant positions (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish its identity) is not carried out by the Operator.
4.3.2.7. Processing of special categories of personal data of applicants for vacant positions is not carried out by the Operator.
4.3.2.8. The list of actions performed by the Operator with the personal data of applicants for vacant positions: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, blocking, deletion, destruction.
4.3.2.9. The Operator carries out manual processing of personal data of applicants for vacant positions with transmission over the internal network, with transmission over the Internet.
4.3.2.10. When conducting interviews with applicants for vacant positions, personal data contained in questionnaires and resumes may be documented. Copies of supporting documents may be kept by the Operator, but not longer than until the goals of its processing are achieved or the need to achieve such goals is no longer necessary. Upon achieving the purpose of its processing, the personal data of applicants for vacant positions are subject to deletion within 30 days.
4.3.2.11. Disclosure to third parties and distribute personal data without the consent of the applicant for a vacant position is not allowed, unless otherwise provided by federal law.
4.3.2.12. The Operator does not carry out cross-border transfer of personal data of applicants for vacant positions.
4.3.3.1. The Operator processes personal data of counterparties (individuals) for the following purpose(s):
4.3.3.2. The processing of personal data of counterparties (natural persons) does not require obtaining additional consent, in the case of processing personal data in accordance with paragraph 5 of part 1 of Article 6 of the Law on Personal Data.
4.3.3.3. For the abovementioned purposes, the Operator processes the following categories of personal data of counterparties (individuals):
4.3.3.4. Processing of biometric personal data of counterparties (individuals) (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out by the Operator.
4.3.3.5. Processing of special categories of personal data of counterparties (individuals) is not carried out by the Operator.
4.3.3.6. Counterparties (individuals) transfer personal data when concluding a contract. Personal data of counterparties (individuals) are subject to storage during the period of fulfillment of contractual obligations and (or) within the periods established by law.
4.3.3.7. The list of actions performed by the Operator with personal data of counterparties (individuals): collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, blocking, deletion, transfer, destruction.
4.3.3.8. The Operator carries out mixed processing of personal data of counterparties (individuals) with transmission over the internal network, with transmission over the Internet.
4.3.3.9. Disclosure to third parties and distribute personal data without the consent of the counterparty is not allowed, unless otherwise provided by federal law.
4.3.3.10. The Operator does not carry out cross-border transfer of personal data of counterparties (individuals).
4.3.4.1. The Operator processes personal data of clients for the following purpose(s):
4.3.4.2. The processing of personal data of clients does not require obtaining additional consent from them, in the case of processing personal data in accordance with paragraph 5 of paragraph 1 of Article 6 of the Law on Personal Data.
4.3.4.3. For the abovementioned purposes, the Operator processes the following categories of personal data of customers:
4.3.4.4. Processing of biometric personal data of clients (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is not carried out by the Operator.
4.3.4.5. Processing of special categories of personal data of customers is not carried out by the Operator.
4.3.4.6. Customers transfer personal data when concluding a contract. Personal data of clients is subject to storage during the period of performance of contractual obligations and (or) within the periods established by law.
4.3.4.7. The list of actions performed by the Operator with personal data of clients: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, blocking, deletion, destruction.
4.3.4.8. The Operator carries out mixed processing of personal data of customers without transmission over the internal network, without transmission over the Internet.
4.3.4.9. Disclosure to third parties and distribute personal data without the consent of the client is not allowed, unless otherwise provided by federal law.
4.3.4.10. The Operator does not carry out cross-border transfer of personal data of customers.
5.1. When collecting personal data, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
5.2. Persons who transferred to the Operator information about another Personal Data Subject, without the consent of the subject whose personal data were transferred, are liable in accordance with the legislation of the Russian Federation.
5.3. The Operator stores personal data in a form that allows determining the subject of personal data, no longer than required by the purposes of processing of personal data, if the period for storing personal data is not established by federal law, an agreement to which the Personal Data Subject is a party, beneficiary or guarantor.
5.4. The processed personal data is subject to destruction in the event of:
6.1. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
7.1. Confirmation of the fact of processing of personal data by the Operator, the legal grounds and purposes of processing of personal data, as well as other information specified in part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the Personal Data Subject or its representative when contacting or upon receiving a request from the Personal Data Subject or its representative within 10 (ten) working days from the date of receipt of the application or receipt of the request. The provided information does not include personal data relating to other Personal Data Subjects, unless there are legal grounds for disclosing such personal data.
Request shall contain:
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the Personal Data Subject's request does not contain all necessary information in accordance with the requirements of the Law on Personal Data or the Subject does not have the right to access the requested information, then a reasoned refusal is sent to the Subject.
The right of the Personal Data Subject to access his personal data may be limited in accordance with part 8 of Article 14 of the Law on Personal Data, including if the Personal Data Subject's access to his personal data violates the rights and legitimate interests of third parties.
7.2. If inaccurate personal data is detected when the Personal Data Subject or its representative contacts or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this Personal Data Subject from the moment of such request or receipt of the specified request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the Personal Data Subject or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the Personal Data Subject or its representative or Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
7.3. In the event that illegal processing of personal data is detected upon contact (request) by the Personal Data Subject or its representative or Roskomnadzor, the Operator shall block the illegally processed personal data relating to this Personal Data Subject from the moment of such request or receipt of the request.
7.4. Upon reaching the goals of processing of personal data, as well as in the event that the Personal Data Subject withdraws consent to their processing, personal data is subject to destruction if:
8.1. In pursuance of the requirements of part 2 of article 18.1 of the Law on Personal Data, this Policy is posted at the address of the Operator's location in the public domain.