1. General Provisions
1.1. This SETA LLC Policy regarding the processing of personal data (hereinafter referred to as the Policy) was developed in accordance with the requirements of clause 2, part 1, art. 18.1 of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of rights to privacy, personal and family secrets.
1.2. The policy applies to all personal data processed by SETA LLC (hereinafter referred to as the Operator).
1.3. The Policy applies to relationships in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. The provisions of this Policy are binding on employees of SETA LLC who have access to personal data.
1.5. In pursuance of the requirements of Part 2 of Art. 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator’s website.
1.6. Basic concepts used in the Policy:
personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);
personal data operator (operator) - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
processing of personal data - any action (operation) or set of actions (operations) with personal data performed with or without the use of automation tools. Processing of personal data includes, among other things:
• collection;
• recording;
• systematization;
• accumulation;
• storage;
• clarification (update, change);
• extraction;
• usage;
• transmission (distribution, provision, access);
• depersonalization;
• blocking;
• removal;
• destruction;
automated processing of personal data - processing of personal data using computer technology;
dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material media of personal data are destroyed;
depersonalization of personal data - actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data;
personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing;
cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
1.7. Basic rights and obligations of the Operator.
1.7.1. The operator has the right:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by the Law on Personal Data;
3) if the subject of personal data withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.
1.7.2. The operator is obliged:
1) organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
2) respond to requests and requests from subjects of personal data and their legal representatives in accordance with the requirements of the Law on Personal Data;
3) report to the authorized body for the protection of the rights of human subjects
2. Purposes of collecting personal data
2.1. The processing of personal data is limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
2.2. Only personal data that meets the purposes of their processing are subject to processing.
2.3. The processing of personal data by the Operator is carried out for the following purposes:
• ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
• carrying out its activities in accordance with the Operator’s charter;
• conducting personnel records; assistance to employees in finding employment, obtaining education and promotion, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;
• attracting and selecting candidates for work with the Operator; organizing individual (personalized) registration of employees in the compulsory pension insurance system;
• filling out and submitting the required reporting forms to executive authorities and other authorized organizations;
• implementation of civil law relations;
• establishing feedback with the User, including sending notifications, requests regarding the use of services, provision of services, processing requests and applications of the subject of personal data
• accounting;
• implementation of access control.
2.4. Processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulations.
3. Legal grounds for processing personal data
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in pursuance of which and in accordance with which the Operator processes personal data, including:
• Constitution of the Russian Federation;
• Civil Code of the Russian Federation;
• Labor Code of the Russian Federation;
• Tax Code of the Russian Federation;
• Federal Law of 02/08/1998 N 14-FZ “On Limited Liability Companies”;
• Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”;
• Federal Law of July 27, 2006 No. 149-FZ “On information, information technologies and information protection”;
• Federal Law No. 132-FZ of November 24, 1996 “On the fundamentals of tourism activities in the Russian Federation”;
• Federal Law No. 2300-1 of 02/07/1992 “On the Protection of Consumer Rights”;
• Federal Law of December 6, 2011 N 402-FZ “On Accounting”;
• Federal Law of December 15, 2001 N 167-FZ “On Compulsory Pension Insurance in the Russian Federation”;
• other regulatory legal acts governing relations related to the activities of the Operator.
3.2. The legal basis for the processing of personal data is also:
• charter of SETA LLC;
• agreements concluded between the Operator and subjects of personal data;
• consent of personal data subjects to the processing of their personal data.
4. Volume and categories of personal data processed, categories of personal data subjects
4.1. The content and volume of personal data processed must correspond to the stated purposes of processing provided for in Section. 2 of this Policy. The personal data processed should not be redundant in relation to the stated purposes of their processing.
4.2. The operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment with the Operator:
• Full Name;
• floor;
• citizenship;
• Date and place of birth;
• Contact details;
• information about education, work experience, qualifications;
• other personal data provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator:
• Full Name;
• floor;
• citizenship;
• Date and place of birth;
• image (photography);
• passport details;
• registration address at the place of residence;
• address of the actual residence;
• Contact details;
• individual taxpayer number;
• individual personal account insurance number (SNILS);
• information about education, qualifications, professional training and advanced training;
• marital status, presence of children, family ties;
• information about work activity, including the presence of incentives, awards and (or) disciplinary sanctions;
• data on marriage registration;
• information about military registration;
• information about disability;
• information about the withholding of alimony;
• information about income from previous employment;
• other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of the Operator's employees:
• Full Name;
• relation degree;
• year of birth;
• other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. Clients and counterparties of the Operator (individuals):
• Full Name;
• Date and place of birth;
• passport details;
• registration address at the place of residence;
• Contact details;
• position to be filled;
• individual taxpayer number;
• current account number;
• other personal data provided by clients and counterparties (individuals) necessary for the conclusion and execution of contracts.
4.2.5. Users of the Operator's website:
• Full Name;
• email address;
• phone numbers;
• Data that is automatically transferred to the site services during their use using the software installed on the User’s device, including IP address, cookie data, information about the User’s browser (or other program through which the services are accessed), technical characteristics of the equipment and software used by the User, date and time of access to services, addresses of the requested pages and other similar information.
• other personal data provided by users, including those necessary for the conclusion and execution of contracts.
4.2.6. Representatives (employees) of the Operator’s clients and counterparties (legal entities):
• Full Name;
• passport details;
• Contact details;
• position to be filled;
• other personal data provided by representatives (employees) of clients and counterparties necessary for concluding and executing contracts.
4.3. The Processing by the Operator of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is carried out in accordance with the legislation of the Russian Federation.
4.4. The operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except for cases provided for by the legislation of the Russian Federation.
4.5. The Operator’s website collects and processes anonymized data about visitors (including cookies) using Internet statistics services (Yandex Metrica and Google Analytics and others). Anonymized data of Users, collected using Internet statistics services, serves to collect information about the actions of Users on the site, improve the quality of the site and its content.
5. Procedure and conditions for processing personal data
5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. Processing of personal data is carried out with the consent of the subjects of personal data for the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
5.3. The operator carries out both automated and non-automated processing of personal data.
5.4. Employees of the Operator whose job responsibilities include the processing of personal data are allowed to process personal data.
5.5. Processing of personal data is carried out by:
• receiving personal data in oral and written form directly from the subjects of personal data;
• obtaining personal data from publicly available sources;
• entering personal data into journals, registers and information systems of the Operator;
• use of other methods of processing personal data.
5.6. Disclosure to third parties and dissemination of personal data without the consent of the subject of personal data is not permitted, unless otherwise provided by federal law. Consent to the processing of personal data authorized by the subject of personal data for distribution is issued separately from other consents of the subject of personal data to the processing of his personal data. Requirements for the content of consent to the processing of personal data authorized by the subject of personal data for distribution are approved by Roskomnadzor Order No. 18 dated February 24, 2021.
5.7. The transfer of personal data to the bodies of inquiry and investigation, to the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
• identifies threats to the security of personal data during their processing;
• adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
• appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
• creates the necessary conditions for working with personal data;
• organizes recording of documents containing personal data;
• organizes work with information systems in which personal data is processed;
• stores personal data under conditions that ensure their safety and prevent unauthorized access to them;
• organizes training for the Operator’s employees processing personal data.
5.9. The operator stores personal data in a form that allows identifying the subject of personal data for no longer than required by the purposes of processing personal data, unless the storage period for personal data is established by federal law or agreement.
5.10. When collecting personal data, including through the information and telecommunications network Internet, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, for except in cases specified in the Personal Data Law.
6. Updating, correction, deletion and destruction of personal data, responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of processing of personal data by the Operator, legal grounds and purposes of processing personal data, as well as other information specified in Part 7 of Art. 14 of the Law on Personal Data are provided by the Operator to the subject of personal data or his representative upon application or upon receipt of a request from the subject of personal data or his representative.
The information provided does not include personal data relating to other subjects of personal data, unless there are legal grounds for disclosing such personal data.
The request must contain:
• number of the main document identifying the subject of personal data or his representative, information about the date of issue of the specified document and the issuing authority;
• information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conventional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
• signature of the subject of personal data or his representative.
The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the appeal (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Personal Data Law or the subject does not have the rights to access the requested information, then a reasoned refusal is sent to him.
The right of the subject of personal data to access his personal data may be limited in accordance with Part 8 of Art. 14 of the Law on Personal Data, including if the personal data subject’s access to his personal data violates the rights and legitimate interests of third parties.
6.2. If inaccurate personal data is identified when contacting a subject of personal data or his representative or at their request or at the request of Roskomnadzor, the Operator blocks personal data relating to this subject of personal data from the moment of such request or receipt of the specified request for the period of verification, if the blocking of personal data data does not violate the rights and legitimate interests of the subject of personal data or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the subject of personal data or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
6.3. If unlawful processing of personal data is detected upon an appeal (request) from the subject of personal data or his representative or Roskomnadzor, the Operator shall block unlawfully processed personal data relating to this subject of personal data from the moment of such appeal or receipt of the request.
6.4. When the goals of processing personal data are achieved, as well as in the event that the subject of personal data withdraws consent to their processing, personal data is subject to destruction if:
• otherwise not provided for by the agreement to which the subject of personal data is a party, beneficiary or guarantor;
• The operator does not have the right to process without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws;
• otherwise is not provided for in another agreement between the Operator and the subject of personal data.