PRIVACY POLICY
1. General provisions
1.1. This Policy on Personal Data Processing (hereinafter referred to as the "Policy") is compiled in accordance with paragraph 2 of article 18.1 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing and applies to all personal data (hereinafter referred to as "data") that the Organization (hereinafter referred to as the "Operator," "Company") may obtain from a personal data subject who is a party to a civil contract, a user of the Internet (hereinafter referred to as the "User") during their use of any of the clique.design sites, services, programs, products, or services, as well as from a personal data subject who has employment relations with the Operator regulated by labor legislation (hereinafter referred to as the "Employee").
1.2. The Operator ensures the protection of processed personal data from unauthorized access and disclosure, unlawful use, or loss in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
1.3. The Operator has the right to make changes to this Policy. When changes are made to the title of the Policy, the date of the latest version update is indicated. The new version of the Policy comes into effect from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
2.1. Personal data - any information relating to an identified or identifiable natural person (data subject), whether directly or indirectly.
2.2. Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.3. Automated processing of personal data - processing of personal data using computer technology.
2.4. Personal data information system (PDIS) - a set of personal data contained in databases and providing their processing with the use of information technology and technical means.
2.5. Personal data made publicly available by the data subject - personal data to which an unlimited number of persons have access, provided by the data subject or at their request.
2.6. Blocking of personal data - temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.7. Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and/or result in the destruction of material carriers of personal data.
2.8. Operator - an organization that independently or jointly with other persons organizes the processing of personal data and determines the purposes of processing, the personal data subject to processing, and the actions (operations) performed with personal data. The operator in this case is the self-employed individual ANNA ALEXANDROVNA ISASHINA, actual address: 191014, RUSSIA, ST. PETERSBURG, UL.PARADNAYA, 3, FLAT 587
3.1. Obtaining Personal Data
3.1.1. All personal data should be obtained directly from the subject. If the personal data of the subject can only be obtained from a third party, the subject should be notified or their consent should be obtained.
3.1.2. The operator must inform the subject about the purposes, sources, and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the duration of the consent, the procedure for revoking it, as well as the consequences of the subject's refusal to give written consent to their obtaining.
3.1.3. Documents containing personal data are created by:
3.2.1. Processing of personal data is carried out:
3.2.3. Categories of personal data subjects.
3.2.3. Categories of personal data subjects. The personal data of the following data subjects are processed:
3.3.1. Personal data of subjects may be obtained, further processed, and stored on paper or in electronic form.
3.3.2. Personal data recorded on paper is stored in locked cabinets or in locked rooms with limited access rights.
3.3.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. It is not allowed to store and place documents containing personal data in open electronic catalogs (file-sharing systems) in the ISPD.
3.3.5. Storage of personal data in a form that allows the identification of the subject of personal data is carried out no longer than necessary for the purposes of their processing, and they are subject to destruction upon achieving the purposes of processing or in case of loss of the need for their achievement.
3.4. Destruction of personal data
3.4.1. Destruction of documents (carriers) containing personal data is carried out by burning, shredding (grinding), chemical decomposition, transformation into a shapeless mass or powder. The use of a shredder is allowed for destroying paper documents.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented by an act of destruction of carriers.
3.5. Transfer of personal data
3.5.1. The Operator transfers personal data to third parties in the following cases:
4. Personal data protection
4.1. In accordance with regulatory documents requirements, the Operator has established a personal data protection system (PDPS) consisting of legal, organizational, and technical protection subsystems.
4.2. The legal protection subsystem is a complex of legal, organizational, and regulatory documents that ensure the creation, functioning, and improvement of the PDPS.
4.3. The organizational protection subsystem includes the organization of the PDPS management structure, the authorization system, and the protection of information when working with employees, partners, and third parties.
4.4. The technical protection subsystem includes a complex of technical, software, and hardware tools that ensure the protection of personal data.
4.5. The main measures for personal data protection used by the Operator are:
4.5.1. Appointment of a person responsible for personal data processing, who organizes personal data processing, provides training and instruction, and internal control over compliance with the institution's requirements for personal data protection.
4.5.2. Identification of actual threats to personal data security during their processing in the PDPS and the development of measures and actions to protect personal data.
4.5.3. Development of policies regarding personal data processing.
4.5.4. Establishment of rules for access to personal data processed in the PDPS, as well as ensuring registration and accounting of all actions performed with personal data in the PDPS.
4.5.5. Establishment of individual access passwords for employees to the information system in accordance with their job responsibilities.
4.5.6. Application of the procedure for assessing compliance of information security tools that has passed in the established order.
4.5.7. Certified antivirus software with regularly updated databases.
4.5.8. Compliance with conditions ensuring the safety of personal data and excluding unauthorized access to them.
4.5.9. Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Recovery of personal data modified or destroyed due to unauthorized access to them.
4.5.11. Training of Operator employees directly involved in personal data processing in the provisions of the Russian Federation legislation on personal data, including requirements for personal data protection, documents determining the Operator's policy regarding personal data processing, and local acts on personal data processing issues.
4.5.12. Internal control over compliance with personal data processing legislation, including requirements for personal data protection, and the Operator's policies regarding personal data processing.
5. Main rights of the personal data subject
5.1 The subject
The subject has the right to access their personal data and the following information:
1.1. This Policy on Personal Data Processing (hereinafter referred to as the "Policy") is compiled in accordance with paragraph 2 of article 18.1 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing and applies to all personal data (hereinafter referred to as "data") that the Organization (hereinafter referred to as the "Operator," "Company") may obtain from a personal data subject who is a party to a civil contract, a user of the Internet (hereinafter referred to as the "User") during their use of any of the clique.design sites, services, programs, products, or services, as well as from a personal data subject who has employment relations with the Operator regulated by labor legislation (hereinafter referred to as the "Employee").
1.2. The Operator ensures the protection of processed personal data from unauthorized access and disclosure, unlawful use, or loss in accordance with the requirements of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
1.3. The Operator has the right to make changes to this Policy. When changes are made to the title of the Policy, the date of the latest version update is indicated. The new version of the Policy comes into effect from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
- Terminology and accepted abbreviations
2.1. Personal data - any information relating to an identified or identifiable natural person (data subject), whether directly or indirectly.
2.2. Processing of personal data - any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.3. Automated processing of personal data - processing of personal data using computer technology.
2.4. Personal data information system (PDIS) - a set of personal data contained in databases and providing their processing with the use of information technology and technical means.
2.5. Personal data made publicly available by the data subject - personal data to which an unlimited number of persons have access, provided by the data subject or at their request.
2.6. Blocking of personal data - temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data).
2.7. Destruction of personal data - actions that make it impossible to restore the content of personal data in the personal data information system and/or result in the destruction of material carriers of personal data.
2.8. Operator - an organization that independently or jointly with other persons organizes the processing of personal data and determines the purposes of processing, the personal data subject to processing, and the actions (operations) performed with personal data. The operator in this case is the self-employed individual ANNA ALEXANDROVNA ISASHINA, actual address: 191014, RUSSIA, ST. PETERSBURG, UL.PARADNAYA, 3, FLAT 587
3.1. Obtaining Personal Data
3.1.1. All personal data should be obtained directly from the subject. If the personal data of the subject can only be obtained from a third party, the subject should be notified or their consent should be obtained.
3.1.2. The operator must inform the subject about the purposes, sources, and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the duration of the consent, the procedure for revoking it, as well as the consequences of the subject's refusal to give written consent to their obtaining.
3.1.3. Documents containing personal data are created by:
- copying original documents (passport, education certificate, TIN certificate, pension certificate, etc.);
- entering information into accounting forms;
- obtaining original documents if necessary (employment record book, medical certificate, characteristics, etc.).
3.2.1. Processing of personal data is carried out:
- with the consent of the subject of personal data to the processing of their personal data;
- in cases where the processing of personal data is necessary to perform the functions, powers, and duties imposed by the legislation of the Russian Federation;
- 3.2.2. Purposes of personal data processing:
- employment relationships;
- civil law relationships;
- for communication with the user in connection with filling out the feedback form on the clique.design website, including the sending of notifications, requests and information related to the use of the clique.design website, processing, coordination of orders for services/work, execution of agreements and contracts;
3.2.3. Categories of personal data subjects.
- Personal data of the following personal data subjects are processed:
- individuals who are in employment relationships with the company;
- individuals who have resigned from the company;
- individuals who are candidates for a job;
- individuals who are in civil law relationships with the company;
- individuals who are Users of the company's website.
3.2.3. Categories of personal data subjects. The personal data of the following data subjects are processed:
- individuals who are in employment relationships with the Company;
- individuals who have resigned from the Company;
- individuals who are candidates for employment;
- individuals who are in civil-law relationships with the Company;
- individuals who are Users of the Company's website.
- 3.2.4. Personal data processed by the Operator:
- data obtained during the employment relationship;
- data obtained for the purpose of selecting candidates for employment;
- data obtained during civil-law relationships;
- data obtained from Users of the Company's website.
- 3.2.5. Personal data processing is carried out:
- using automation tools;
- without the use of automation tools.
3.3.1. Personal data of subjects may be obtained, further processed, and stored on paper or in electronic form.
3.3.2. Personal data recorded on paper is stored in locked cabinets or in locked rooms with limited access rights.
3.3.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.3.4. It is not allowed to store and place documents containing personal data in open electronic catalogs (file-sharing systems) in the ISPD.
3.3.5. Storage of personal data in a form that allows the identification of the subject of personal data is carried out no longer than necessary for the purposes of their processing, and they are subject to destruction upon achieving the purposes of processing or in case of loss of the need for their achievement.
3.4. Destruction of personal data
3.4.1. Destruction of documents (carriers) containing personal data is carried out by burning, shredding (grinding), chemical decomposition, transformation into a shapeless mass or powder. The use of a shredder is allowed for destroying paper documents.
3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.
3.4.3. The fact of destruction of personal data is documented by an act of destruction of carriers.
3.5. Transfer of personal data
3.5.1. The Operator transfers personal data to third parties in the following cases:
- the subject has given consent to such actions;
- 3.5.2. The list of persons to whom personal data is transferred:
- Pension Fund of the Russian Federation for accounting (on legal grounds);
- tax authorities of the Russian Federation (on legal grounds);
- Social Insurance Fund of the Russian Federation (on legal grounds);
- territorial compulsory medical insurance fund (on legal grounds);
- insurance medical organizations for mandatory and voluntary medical insurance (on legal grounds);
- banks for salary payments (based on the contract);
- bodies of the Ministry of Internal Affairs of Russia in cases provided for by law.
4. Personal data protection
4.1. In accordance with regulatory documents requirements, the Operator has established a personal data protection system (PDPS) consisting of legal, organizational, and technical protection subsystems.
4.2. The legal protection subsystem is a complex of legal, organizational, and regulatory documents that ensure the creation, functioning, and improvement of the PDPS.
4.3. The organizational protection subsystem includes the organization of the PDPS management structure, the authorization system, and the protection of information when working with employees, partners, and third parties.
4.4. The technical protection subsystem includes a complex of technical, software, and hardware tools that ensure the protection of personal data.
4.5. The main measures for personal data protection used by the Operator are:
4.5.1. Appointment of a person responsible for personal data processing, who organizes personal data processing, provides training and instruction, and internal control over compliance with the institution's requirements for personal data protection.
4.5.2. Identification of actual threats to personal data security during their processing in the PDPS and the development of measures and actions to protect personal data.
4.5.3. Development of policies regarding personal data processing.
4.5.4. Establishment of rules for access to personal data processed in the PDPS, as well as ensuring registration and accounting of all actions performed with personal data in the PDPS.
4.5.5. Establishment of individual access passwords for employees to the information system in accordance with their job responsibilities.
4.5.6. Application of the procedure for assessing compliance of information security tools that has passed in the established order.
4.5.7. Certified antivirus software with regularly updated databases.
4.5.8. Compliance with conditions ensuring the safety of personal data and excluding unauthorized access to them.
4.5.9. Detection of facts of unauthorized access to personal data and taking measures.
4.5.10. Recovery of personal data modified or destroyed due to unauthorized access to them.
4.5.11. Training of Operator employees directly involved in personal data processing in the provisions of the Russian Federation legislation on personal data, including requirements for personal data protection, documents determining the Operator's policy regarding personal data processing, and local acts on personal data processing issues.
4.5.12. Internal control over compliance with personal data processing legislation, including requirements for personal data protection, and the Operator's policies regarding personal data processing.
5. Main rights of the personal data subject
5.1 The subject
The subject has the right to access their personal data and the following information:
- confirmation of the processing of personal data by the Operator;
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing applied by the Operator;
- name and location of the Operator, information about persons (excluding employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;
- processing periods for personal data, including storage periods;
- procedure for the subject to exercise their personal data rights provided by the Federal Law;
- name or full name, address and contact details of the person who processes personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such a person;
- contact details of the Operator and the procedure for sending requests to them;
- appealing against actions or inaction of the Operator.