1. Basic Terms and Definitions
The following basic concepts are used in this policy:
Personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
Operator – IP Shamova Yulia Aleksandrovna, independently organizing and processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data;
Personal data processing – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
Automated processing of personal data – processing of personal data using computer technology;
Dissemination of personal data – actions aimed at the disclosure of personal data to an indefinite circle of persons;
Provision of personal data – actions aimed at the disclosure of personal data to a certain person or a certain circle of persons;
Blocking of personal data – temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data);
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data – actions as a result of which it becomes impossible to determine the identity of personal data to a specific subject of personal data without the use of additional information;
Personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross–border transfer of personal data – the transfer of personal data to the territory of a foreign state to the authority of a foreign state, a foreign individual, or a foreign legal entity.
2. General Provisions
IP Shamova Yulia Aleksandrovna, based on the goals of unconditional compliance with the requirements of the legislation of the Russian Federation and maintaining its business reputation, considers its tasks to comply with the principles of fairness, legality, confidentiality, and security in the processing of personal data.
This policy regarding the processing of personal data:
- Is developed taking into account the requirements of the Constitution of the Russian Federation, the legislation of the Russian Federation, and regulatory legal acts of the Russian Federation in the field of personal data;
- Defines the basic principles, goals, and methods of personal data processing, the composition of personal data subjects and their rights, the actions of IP Shamova Yulia Alexandrovna when processing personal data, the measures taken by IP Shamova Yulia Alexandrovna for the protection of personal data, as well as measures to monitor compliance with the requirements of legislation and this policy;
- Is a publicly available document that regulates the activities of IP Shamova Yulia Aleksandrovna in the processing of personal data.
3. Information about the Operator
Name: IP Shamova Yulia Aleksandrovna
TIN: 0277113903
Actual address:
450098, Ufa, Bulevar Davletkildeeva, Building 1, Office 212
Phone: +7 (347) 266-72-17
4. Legal Grounds for Processing Personal Data
This policy regarding the processing of personal data is compiled in accordance with the requirements of the following regulatory legal acts of the Russian Federation:
- Constitution of the Russian Federation;
- The Labor Code of the Russian Federation;
- Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
- Decree of the President of the Russian Federation No. 188 dated March 06, 1997 "On Approval of the List of Confidential Information";
- Resolution of the Government of the Russian Federation No. 687 of September 13, 2008 "On Approval of Provisions on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools";
- Decree of the Government of the Russian Federation No. 512 dated July 06, 2008 "On Approval of Requirements for Material Carriers of Biometric Personal Data and Technologies for Storing Such Data Outside of Personal Data Information Systems";
- Resolution of the Government of the Russian Federation No. 1119 dated November 01, 2012 "On Approval of Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems";
- Order No. 21 of the FSTEC of Russia dated February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems";
- Roskomnadzor Order No. 996 dated September 05, 2013 "On Approval of Requirements and Methods for Depersonalization of Personal Data";
- Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.
5. Purposes of Personal Data Processing
IP Shamova Yulia Aleksandrovna processes personal data solely for the purposes of:
- Carrying out economic activities aimed at making a profit;
- Provision of forwarding and transport services necessary for the provision of services;
- Provision of supply, sales, legal, financial, information and consulting, and marketing services;
- Execution of the contract, one of the parties (or beneficiary) of which is the subject of personal data (including employment relations with employees of the Operator, relations with contractors/suppliers, and with buyers/customers of the Operator).
- Processing of personal data that does not meet the purposes of processing is not allowed.
6. Subjects and Categories of Personal Data
In the information systems of IP Shamova Yulia Aleksandrovna, personal data of the following subjects are processed:
- Regular and non-regular employees who are in labor/contractual relations with IP Shamova Yulia Aleksandrovna;
- Individuals – buyers/clients of IP Shamova Yulia Aleksandrovna;
- Individuals – contractors under contracts concluded by IP Shamova Yulia Aleksandrovna.
IP Shamova Julia Alexandrovna processes the following categories of general personal data: surname, first name, patronymic, date of birth, month of birth, year of birth, place of birth, data of identity documents, military registration documents, address (registration at the place of residence and actual residence), contact data (phone numbers, email addresses), data about the place of work and position, data contained in the work record, data on education (including information on income, financial obligations of the subject of personal data), TIN, the data of the insurance certificate of the state pension fund, the details of the power of attorney or other document confirming the authority.
7. Basic Principles of Personal Data Processing
Processing of personal data in IP Shamova Yulia Aleksandrovna is conducted taking into account the protection of the rights and freedoms of both employees of IP Shamova Yulia Aleksandrovna and other persons when processing their personal data, including the rights to privacy, personal and family secrets, based on the following principles:
- Legality and fairness of personal data processing;
- Restrictions on the processing of personal data to achieve specific, predetermined, and legitimate goals;
- Compliance of the purposes and methods of personal data processing with the purposes that were stated during data collection;
- The inadmissibility of combining databases created for different purposes for the processing of personal data;
- Compliance with the necessity and sufficiency of the volume, nature, and methods of personal data processing with the stated purposes of their processing;
- Ensuring accuracy, reliability, and, if necessary, relevance in relation to the purposes of processing;
- Storage of personal data in a form that allows identifying the subject of personal data for no longer than required by the purposes of processing, the requirements of legislation, or the contract under which the beneficiary is the subject of personal data.