About the Foundation
Неверный информационный блок
Processing of personal data
Position about processing of personal data in Fund of good deeds "to be to GOOD" TERMS AND DEFINITIONS
TERMS AND DEFINITIONS
Fund of good deeds "to BE GOOD" (hereinafter - the Fund) is a non – profit organization (bin: 1167700050077), registered address: Russia, 127550, Moscow, Pryanishnikova str., 19a, p. 4, office 16.
Protection of personal data – the Fund's activities to ensure through local regulation of the order of processing of personal data and organizational and technical measures of confidentiality of information.
Information system of personal data is a set of personal data contained in databases and providing their processing of information technologies and technical means.
Beneficiary – an individual who has entered into a contractual relationship with the Fund.
Counterparty-a representative of a legal entity and / or individual entrepreneur who entered into contractual relations with the Fund.
Confidentiality of personal data is a mandatory requirement for a person who has access to personal data, to prevent their distribution without the consent of the personal data subject or other legal grounds.
Processing of personal data - any action (operation) or a set of actions (operations) performed using automation or without the use of such means with personal data, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Operator-a person, independently or jointly with other persons, organizing and (or) carrying out the processing of personal data, as well as determining the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
Personal data - any information relating to a particular or determined on the basis of such information to an individual (subject of personal data).
1.GENERALITIES
1.1. The regulation " on processing of personal data of Beneficiaries and contractors Of the Fund for good deeds "BE GOOD" (hereinafter – the Regulation) defines a single procedure for processing personal data of Beneficiaries/ Contractors in the Fund.
1.2. This Regulation has been developed in accordance with:
Russian Constitution;
The Federal law of the Russian Federation of 27.07.2006 № 152-FZ "On personal data»;
Federal law of the Russian Federation of 27.07.2006 № 149-FZ " on information, information technology and information protection»;
Resolution of the Government of the Russian Federation of 01.11.2012 No. 1119 " on approval of Requirements for the protection of personal data during their processing in information systems of personal data»;
The order of the Government of the Russian Federation of 15.09.2008 No. 687 " about the statement of Regulations on features of processing of the personal data performed without use of automation equipment»;
as well as regulatory legal acts in force on the territory of the Russian Federation in the field of personal data processing and information security.
1.3. This Regulation applies to the Fund's employees processing personal data of Beneficiaries/ Contractors with registration in the familiarization Sheet (in the form in Annex No. 6).
1.4. The Fund grants the right to the Beneficiaries / Contractors to familiarize themselves with this Regulation before providing their personal data.
2.GOALS, MATERIALS AND MEANS OF PROCESSING PERSONAL DATA
2.1. The Fund, as an Operator, processes the personal data of the Beneficiary / Counterparty, solely for the purpose of ensuring compliance with the current legislation of the Russian Federation, and other regulatory legal acts regulating the implementation of contractual obligations of the Fund.
2.2. The Fund delegates by order the authority to persons (employees of the Fund) for the organization of personal data processing and implementation of measures for their protection.
2.3. The Fund, as well as its authorized representatives, when processing the personal data of the Beneficiary/ Counterparty comply with the following General requirements:
2.3.1. The purposes and content of personal data processing, as well as the list of personal data processed, are subject to regulation prior to their processing.
2.3.2. The Fund processes personal data received from the personal data subject on the basis of his consent, except for the cases provided for by the Federal law of the Russian Federation of 27.07.2006 № 152-FZ "on personal data" (article 6), when they can be obtained only from a third party.
2.3.3. The Fund, in order to achieve the stated goals, carries out operations: including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer, blocking, deletion, destruction of personal data.
2.3.4. Processing of personal data received from third parties is not performed by the Fund.
2.3.5. The Fund does not receive or process personal data of the Beneficiary/ Counterparty on his / her political, religious and other beliefs, as well as private life.
2.3.6. The use of personal data for the purpose of causing property and moral harm to the Beneficiary/ Counterparty, difficulties in the implementation of its rights and freedoms, is not allowed.
2.3.7. The Fund, when making decisions affecting the interests of the Beneficiary/ Counterparty, is not based on information obtained solely as a result of automated processing of personal data without the written consent of the Beneficiary/ Counterparty to such actions.
2.4. The Fund, when identifying the Beneficiary / Counterparty, has the right to require the presentation of identity documents and confirming the authority of the representative.
2.5. When concluding a contractual relationship with the Beneficiary/ Counterparty, and in the course of their implementation, it may be necessary to provide the Beneficiary/ Counterparty with other documents containing information about it, from the moment of which the provision of additional guarantees and compensation may be related.
2.6. After the decision on the conclusion of the contract or the submission of documents confirming the authority of the representative, as well as subsequently, in the process of execution of the contract containing the personal data of the Beneficiary/ Counterparty, will also include:
contract;
orders for main activities;
office memorandum;
orders on admission of representatives of the Counterparty;
one-time or temporary passes;
other documents in which the personal data of the Beneficiary or the Counterparty must be included in accordance with the current legislation of the Russian Federation.
2.7. The processing of personal data is carried out by the Fund, both with the use of automation and without the use of such means.
3.ORGANIZATION OF PERSONAL DATA PROTECTION
3.1. The personal data of the Beneficiary / Counterparty are classified as confidential information.
3.2. Compliance with the confidential processing regime, including access to information assets of the Fund containing personal data of Beneficiaries and Contractors, is provided by the managers and authorized employees of the Fund, in accordance with the administrative and regulatory documents of the Fund. Internal access (access within the Fund) to the personal data of the Beneficiaries/ Contractors is provided only to persons allowed to process personal data according to the order of the Fund.
3.3. Access to personal data of Beneficiaries / Contractors without special permission is available to the persons holding the following positions in the Fund:
President
3.4. Persons who have access to the personal data of the Beneficiaries/ Contractors sign a non-disclosure obligation.
3.5. Protection of personal data of the Beneficiaries / Contractors from illegal use or loss is provided by the Fund in the manner prescribed by the legislation of the Russian Federation (legal, organizational and technical measures).
3.6. Personal data of the subject (Beneficiary/ Counterparty) are subject to protection):
in paper form-documents containing personal data of the subject;
in electronic form-placed in the information systems of the Fund and / or on computer media (including alienated).
3.7. Persons processing (including storing) personal data on paper and alienated computer media, ensure the implementation of measures to protect them from unauthorized access, according to the approved Decree of the Government of the Russian Federation 15.09.2008 № 687 "Regulations on the features of personal data processing, carried out without the use of automation".
3.8. Persons who process personal data in electronic form (files, databases) in the information systems of the personal data of the Fund, including on computer media, ensure the implementation of measures to protect in accordance with the:
RF Government decree No. 1119 of 01.11.2012 " on approval Of requirements for the protection of personal data during their processing in information systems of personal data»;
RF Government decree No. 512 of 06.07.2008 " on approval of requirements for material carriers of biometric personal data and technologies for storage of such data outside the information systems of personal data»;
other regulatory and guidance documents of the authorized Federal Executive authorities for the protection of personal data.
4.STORAGE OF PERSONAL DATA
4.1. Personal data of the Beneficiaries / Contractors are stored on paper and machine (in electronic form) media, only in the premises, access to which is limited and regulated by the Fund.
4.2. When storing paper and alienated machine media, appropriate conditions are observed to ensure their safety (specially equipped cabinets and safes are used).
4.3. Storage of specific documents (on paper and alienated machine media) containing personal data of the Beneficiaries/ Contractors, including keys to cabinets and safes, is provided by the person responsible for the organization of the personal data processing process, which is in charge of this place of storage.
4.4. The storage of personal data is carried out in a form that allows to determine the subject of personal data, no longer than the purposes of their processing require.
4.5. Personal data are destroyed upon the achievement of processing purposes or in case of loss of the need to achieve them, unless otherwise provided by the legislation of the Russian Federation.
5.TRANSFER OF PERSONAL DATA
5.1 the Fund shall comply with the following requirements when transferring the personal data of the Beneficiary / Counterparty::
5.1.1. Transfers personal data of the Beneficiary / Counterparty within its organization in accordance with this Regulation.
5.1.2. Allows access of the Fund's employees to the personal data of the Beneficiaries/ Contractors according to the list of access approved by the order, while these persons are entitled to receive only those personal data of the Beneficiary/ Counterparty that are necessary for the performance of specific functions.
5.1.3. Warns the persons receiving the personal data of the Beneficiary / Counterparty about the obligation to comply with the confidentiality requirements, as well as use only for the purposes for which they are reported, and requires mandatory compliance with these rules.
5.1.4. Does not request information about the health of the Beneficiary/ Counterparty, except for those information that relate to the possibility of performing the Beneficiaries or Counterparties of their representative functions, or that the Beneficiary/Counterparty has provided independently.
5.1.5. Transfers the personal data of the Beneficiary/ Counterparty to its representatives in the manner prescribed by the legislation of the Russian Federation, and limits this information only to those personal data of the Beneficiary / Counterparty that are necessary for the performance of their functions by the specified representatives.
5.1.6. Reports the personal data of the Beneficiary / Contractor to a third party only with the written consent (personal or legal representative), except as provided by Federal laws:
prevention of threat to life and health of the subject;
upon receipt of a formal request in accordance with the provisions of the Federal law of 12.08.1995 No. 144-FZ "About operatively-search activity»;
upon receipt of official requests from the tax authorities, Pension Fund of Russia, Federal social insurance, judicial authorities, etc.
5.1.7. The Fund has the right to refuse to provide personal data to the person who has made a request in the following cases:
no authority to obtain the personal data of the Beneficiary of the Counterparty;
no written consent of the beneficiary/ Counterparty to the provision of His / her personal data;
according to the Fund, there is a threat to the life or health of the Beneficiary/ Counterparty.
The Fund in each case makes an independent assessment of the seriousness, inevitability, degree of such a threat.
The person who made the request is given a written notice of refusal to provide the requested personal data.
5.2 if the Fund provides services to legal entities or individuals on the basis of concluded agreements (or other grounds), and by virtue of these agreements, these persons must have access to personal data of Beneficiaries/ Contractors, the necessary personal data are provided to the Fund only after signing with them the confidentiality agreement (non-disclosure of confidential information). In this case, the Fund shall notify the subject of the processing, or include the item in the agreement with the Beneficiary of the possibility of processing personal data of the subject, persons who are not employees of the Fund.
5.3 All information on the transfer of personal data of the Beneficiaries/ Contractors shall be recorded in the Register of registration and accounting of the transfer of personal data (in the form in Annex No. 5) in order to control the legality of the use of this information by the persons who received it.
5.4 Appeals of personal data subjects and their legal representatives to the Fund related to the processing of personal data, terms, objectives and security of personal data are reflected in the Register and accounting of personal data subjects. The log records information about the person who sent the request, the date of transfer of personal data or the date of notification of refusal to provide them, and also notes what information was transferred.
6.CHARGE
6.1 The Beneficiary/ Contractor
6.1.1. Provide the Fund with full and accurate data about yourself (pre-contractual relations; conclusion of the contract).
6.1.2. In case of changes in the information constituting the personal data of the Beneficiary/ Counterparty, immediately, but not later than 5 (five) working days, to provide this information to the Fund.
6.2 The Fund (The Operator)
6.2.1. Ensure the processing and protection of personal data of the subject in the manner prescribed by the legislation of the Russian Federation.
6.2.2. Provide the Beneficiary / Counterparty or their legal representatives with the opportunity to familiarize themselves with this Regulation and its rights in the field of personal data.
6.2.3.Provide storage of primary accounting documentation. In this case, personal data shall be stored in accordance with the purposes for which they were collected, or longer than is required for the benefit of the persons about whom the data is collected.
6.2.4.Keep records of the transfer of personal data of the Beneficiary / Counterparty to third parties by maintaining a corresponding Log and accounting for the transfer of personal data (in the form in Annex No. 5).
6.2.5. To carry out, in case of reorganization or liquidation of the Fund, measures for accounting and preservation of documents containing personal data, transfer them to state storage in accordance with the rules provided by the constituent documents and the current legislation of the Russian Federation.
6.2.6. Keep a Log of registration and accounting of personal data subjects ' applications (in the form in Annex 4) in accordance with the requirements of the Federal law of the Russian Federation of 27.07.2006 No. 152-FZ "on personal data".
6.2.7. To transfer personal data of the subject in accordance with this Regulation and the legislation of the Russian Federation.
6.2.8. At the request of the subject or his legal representative to provide him with full information about his personal data and the processing of this data.
6.2.9. The operator, when making changes, notifies the personal data Subject or its representative, and takes reasonable measures to notify third parties to whom the personal data of this Subject have been transferred.
6.2.10.The operator, upon receipt of the request (request) of the personal data subject, immediately stops processing of his personal data.
7.THE RIGHTS OF BENEFICIARIES OR THE CONTRACTORS
7.1. The subject of personal data has the right to receive information concerning the processing of his personal data( hereinafter-personal data), including:
1) confirmation of personal data processing by the Operator;
2) legal grounds and purposes of personal data processing;
3) purposes and methods of personal data processing used by the Operator;
4) the name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or who may be disclosed personal data on the basis of an agreement with the operator or on the basis of the Federal law of the Russian Federation dated 27.07.2006 № 152-FZ " on personal data»;
5) processed personal data relating to the relevant subject of personal data, the source of their receipt, unless another procedure for the submission of such data is provided by the Federal law of the Russian Federation of 27.07.2006 № 152-FZ " on personal data»;
6) terms of processing of personal data, including the terms of their storage;
7) the procedure for the subject of personal data rights under this Federal law of the Russian Federation dated 27.07.2006 № 152-FZ " on personal data»;
8) information on the performed or intended cross-border data transfer;
9) name or surname, name, patronymic and address of the person processing personal data on behalf of the operator, if the processing is or will be entrusted to such person;
10) other information provided by the Federal law of the Russian Federation of 27.07.2006 № 152-FZ "on personal data" or other Federal laws.
7.2. Free free access to your personal data, including the right to obtain copies of any record containing the personal data of the Beneficiary/ Counterparty, except in cases where the provision of personal data violates the constitutional rights and freedoms of others.
7.3. Identification of their representatives to protect their interests in terms of maintaining the confidentiality of personal data.
7.4. The requirement to exclude or correct incorrect or incomplete outdated, inaccurate, illegally obtained or not necessary for the Fund of personal data.
7.5. The beneficiary / Counterparty, in case of refusal of the Fund to exclude or correct his / her personal data, has the right to declare in writing to the Fund its disagreement with the relevant justification of such disagreement.
7.6. The requirement for the Fund to notify all persons who have previously been reported incorrect or incomplete personal data of the Beneficiary/ Counterparty about all exceptions, corrections or additions made in them.
8. RESPONSIBILITY FOR VIOLATION OF NORMS REGULATING PROCESSING AND PROTECTION OF PERSONAL DATA
8.1. Persons guilty of violation of the rules governing the processing and protection of personal data of the Beneficiary/ Counterparty shall be held liable in accordance with the current legislation of the Russian Federation.
9. Review procedure
The regulation is subject to revision in the event of the appearance/ change of documents affecting the processing of personal data of the Beneficiaries and Counterparties of the Fund.
10. Final provision
This Regulation " on the processing of personal data of Beneficiaries and Contractors of CF "Simay" shall enter into force on the date of approval by the authorized body of the Fund.
01.01.2018 G.