Personal data processing policy in the Regional Public Organization "Dental Association of the Republic of Tatarstan" (RPO "DA RT")
General Provisions.
1.1. This "Regulation on the processing and protection of personal data of customers (in hereinafter the "Regulation") is developed on the basis of:
Constitution of the Russian Federation,
Labor Code;
Federal Law of July 27, 2006 No. 152-ФЗ "On Personal Data", and other applicable regulatory legal acts of the Russian Federation.
Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 "On approval of the requirements for the protection of personal data during their processing in personal data information systems";
Decree of the Government of the Russian Federation of September 15, 2008 No. 687 "On approval of the Regulation on the features of the processing of personal data carried out without the use of automation";
Order of the FSTEC (Federal Service for Technical and Export Control) of Russia dated February 18, 2013 No. 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems";
Guidance document of the FSTEC of Russia "Basic model of threats to the security of personal data when they are processed in personal data information systems" dated February 15, 2008;
Guidance document of the FSTEC of Russia "Methodology for Determining Actual Threats to the Security of Personal Data during Their Processing in Personal Data Information Systems" dated February 14, 2008
1.2. The Regulation establishes the procedure for receipt, accounting, processing, accumulation and storage of documents containing information related to the personal data of Clients of RPO "DA RT" (hereinafter referred to as the Company)
1.3. The purpose of this Regulation is to protect the personal data of Clients from unauthorized access and disclosure. Personal data are confidential, strictly protected information.
Goals and objectives of processing personal data of the Company's customers.
2.1. The processing of personal data in the Company is carried out in order to provide personal data subjects learning languages and fulfilling their obligations under contractual relations and current legislation of the Russian Federation. Treatment personal data of clients is carried out to solve the following tasks:
Formation and processing of documents for the purpose of recording on rental services;
Accounting and control of the financial and economic activities of the Company and the fulfillment of financial obligations under the concluded agreements;
Maintaining contacts with the subject of personal data or his legal representatives;
Other tasks necessary to improve the quality and efficiency of the Company.
The composition of the processed personal data of customers.
3.1. Personal data - any information relating directly or indirectly to a specific or determinable natural person (personal data subject).
Client is an individual to whom training services are provided.
3.2. The personal data of the Customers (subjects of personal data) means any information relating to a directly or indirectly determined or determined individual (subject of personal data), including his last name, first name, middle name, gender, year, month, date and place of birth, address of the place of residence, contact phone numbers, passport data necessary to fulfill the obligations of the Educational Center, other information with the current legislation of the Russian Federation.
This information is collected solely with written consent to the processing of personal data of the personal data subject or his legal representative. At the refusal of the subject of personal data to give consent to him explains the consequences of such a refusal.
The principles of processing personal data.
4.1 Processing personal data of customers, the Company adheres to the principles of:
good faith and legitimacy of the purposes and methods of processing personal data;
compliance with the law of receipt, processing, storage, as well as other actions with
personal data;
compliance of the volume and content of processed personal data and methods of processing personal data with the purposes of processing;
the reliability of personal data, its relevance and sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the goals stated during the collection of personal data;
Inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
restrictions on the processing of personal data in achieving specific and legitimate goals, prohibition of the processing of personal data incompatible with the purposes of collecting personal data;
storage of personal data in a form that allows you to determine the subject of personal data, no longer than the purpose of their processing requires, if the storage period for personal data is not established by applicable law.
Personal data is subject to destruction or depersonalization upon achievement of processing goals or in case of loss of need to achieve these goals, unless otherwise provided by applicable law.
Information about the implemented requirements for the protection of personal data.
5.1. The company takes the necessary legal, organizational and technical measures to protection of personal data from unlawful or accidental access to them, destruction, changes, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
Collection (receipt) of personal data, processing of personal data, storagepersonal data.
6.1. The organization receives personal data of clients only personally from the client or from his legal representative. Personal data of the client can be obtained from his words and not checked.
6.2. The processing of personal data in an organization occurs both in an non-automated and automated way.
6.3. Employees with access to personal data receive only the information which they need to perform specific labor functions.
6.4. Personal data of customers is stored in paper and electronic form. In electronic personal customer data is stored in the organization's personal data information system, as well as in archival copies of the databases of these systems.
When storing personal data of customers and employees, organizational and technical measures ensuring their safety and excluding unauthorized access to them.
Transfer of personal data to third parties.
7.1. The transfer of personal data to third parties is possible only with the consent of the Client and only for the purpose of fulfilling the obligations of the Company within the framework of existing contractual relations, unless this obligation arises as a result of requirements of the current legislation of the Russian Federation or upon receipt of a request from authorized state bodies. In this case, the Company limits the transfer of personal data to the requested volume. In this case, a notification is sent to the Client about the fact of the transfer of his personal data to a third party, if this is possible.
The Client's personal data (including research results) can be provided to relatives or members of his family only with the written permission of the Client himself, unless the transfer of personal data without his consent is permitted by the current legislation of the Russian Federation.
Rights and responsibilities of the subject of Personal Data.
8.1. The subject of Personal Data has the right:
demand clarification of their personal data, their blocking or destruction if the data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures prescribed by law to protect their rights;
require a list of their personal data processed by the educational center and the source of their receipt;
receive information on the processing time of their personal data, including the periods of their storage;
appeal to the authorized body for the protection of the rights of personal data subjects or to judicial action unlawful acts or omissions in the processing of his personal data;
to protect their rights and legitimate interests, including compensation for losses and (or) judicial compensation for non-pecuniary damage
other rights provided by the current legislation of the Russian Federation the customer is responsible for providing untrue personal data.
Final provisions. 9.1. The Company provides unlimited access to the Policy, including placing it on its official website.
9.2. This Policy is subject to change, addition in case of new legislative acts and special regulatory documents on processing and protection personal data.
9.3. Monitoring the implementation of the requirements of this Policy is carried out by the head.
9.4. In case of refusal of the subject of personal data to provide information or sign consent to the processing of personal data, the Company reserves the right to refuse the provision of educational services.
9.5. Responsibility of Company officials with access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data, determined in accordance with the current legislation of the Russian Federation and internal documents of the educational center.
9.6. All suggestions or questions regarding this Policy should be reported to the Company Administration.
This Policy for the processing of personal data applies to all information that the Company may receive about the user while using the site's services. Use of the site's services means the unconditional consent of the user to this Policy and the conditions for processing his personal information specified in it; in case of disagreement with these conditions, the user should refrain from using the site services.
Согласие на обработку персональных данных
Пользователь, оставляя заявку на интернет-сайте, принимает настоящее Согласие на обработку персональных данных (далее – Согласие). Действуя свободно, своей волей и в своем интересе, а также подтверждая свою дееспособность, Пользователь дает свое согласие Региональной Общественной Организации «Стоматологическая Ассоциация Республики Татарстан» (РОО «СА РТ»), на обработку своих персональных данных со следующими условиями: 1. Данное Согласие дается на обработку персональных данных, как без использования средств автоматизации, так и с их использованием. 2. Согласие дается на обработку следующих моих персональных данных: Персональные данные, не являющиеся специальными или биометрическими:
номера контактных телефонов; адреса электронной почты;
пользовательские данные (сведения о местоположении; тип и версия ОС; тип и версия Браузера;
тип устройства и разрешение его экрана;
источник откуда пришел на сайт пользователь;
с какого сайта или по какой рекламе;
язык ОС и Браузера;
какие страницы открывает и на какие кнопки нажимает пользователь;
ip-адрес.
3. Персональные данные не являются общедоступными. 4. Цель обработки персональных данных: обработка входящих запросов физических лиц с целью оказания консультирования; аналитики действий физического лица на веб-сайте и функционирования веб-сайта; проведение рекламных и новостных рассылок. 5. Основанием для обработки персональных данных является: ст. 24 Конституции Российской Федерации; ст.6 Федерального закона №152-ФЗ «О персональных данных»; настоящее согласие на обработку персональных данных. 6. В ходе обработки с персональными данными будут совершены следующие действия:
7. Персональные данные обрабатываются до отписки физического лица от рекламных и новостных рассылок. Также обработка персональных данных может быть прекращена по запросу субъекта персональных данных. Хранение персональных данных, зафиксированных на бумажных носителях осуществляется согласно Федеральному закону №125-ФЗ «Об архивном деле в Российской Федерации» и иным нормативно правовым актам в области архивного дела и архивного хранения. 8. Согласие может быть отозвано субъектом персональных данных или его представителем путем направления письменного заявления РОО «СА РТ» или его представителю по адресу, указанному в начале данного Согласия. 9. В случае отзыва субъектом персональных данных или его представителем согласия на обработку персональных РОО «СА РТ» вправе продолжить обработку персональных данных без согласия субъекта персональных данных при наличии оснований, указанных в пунктах 2 – 11 части 1 статьи 6, части 2 статьи 10 и части 2 статьи 11 Федерального закона №152-ФЗ «О персональных данных» от 27.07.2006 г. 10. Настоящее согласие действует все время до момента прекращения обработки персональных данных, указанных в п.7 и п.8 данного Согласия.