X

St. Petersburg, Voskresenskaya emb., 4

+7 (812) 671-02-00

Request a call

Personal Area

Privacy policy

Personal Data Protection and Processing Policy
LLC "Sail"

1. General Provisions

1.1. This Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) is drawn up in accordance with paragraph 2 of Article 18.1 of the Federal Law “On Personal Data” No. 152-FZ of July 27, 2006, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing personal data and applies to all personal data (hereinafter referred to as data) that the Organization (hereinafter referred to as the Operator, Company) can receive from the personal data subject that is a party to a civil law contract from a user For the Internet (hereinafter referred to as the User) during its use of any of the sites, services, services, programs, products or services of Parus LLC, as well as from the personal data subject who is with the Operator in relations governed by labor legislation (hereinafter the Employee) )

1.2. The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of Federal Law of July 27, 2006 No. 152-ФЗ “On Personal Data”.

1.3. The operator has the right to make changes to this Policy. When making changes, the heading of the Policy indicates the date of the last update of the editorial office. The new version of the Policy comes into force from the moment it is posted on the site, unless otherwise provided by the new version of the Policy.

2. Terms and abbreviations

Personal data - any information relating directly or indirectly to a specific or determinable natural person (subject of personal data).

Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Automated processing of personal data - processing of personal data using computer technology.

Personal data information system (ISPD) - a set of personal data contained in databases and processing of information technologies and technical means.

Personal data made publicly available by the subject of personal data - personal data, access to an unlimited circle of persons to which is provided by the subject of personal data or at his request.

Blocking of personal data - temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).

Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

Operator - an organization that independently or jointly with other persons organizes the processing of personal data, as well as defines the goals of processing personal data to be processed, actions (operations) performed with personal data. The operator is Fitness Club “Parus”, located at the address: Paradnaya 3, k2.

3. Processing of personal data

3.1. Receiving personal data.

3.1.1. All personal data should be obtained from the subject itself. If the personal data of the subject can be obtained only from a third party, then the subject must be notified of this or consent must be obtained from him.

3.1.2. The operator must inform the subject about the goals, the alleged sources and methods of obtaining personal data, the nature of the personal data to be received, the list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to their receipt.

3.1.3. Documents containing personal data are created by:

copying of original documents (passport, certificate of education, TIN certificate, pension certificate, etc.);

entering information into accounting forms;

obtaining the originals of the necessary documents (work book, medical report, description, etc.).

3.2. Processing personal data.

3.2.1. The processing of personal data is carried out:

with the consent of the personal data subject to the processing of his personal data;

in cases where the processing of personal data is necessary for the implementation and implementation of the functions, powers and duties assigned by the legislation of the Russian Federation;

in cases when personal data is being processed, access to an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter - personal data made publicly available by the subject of personal data).

3.2.2. Objectives

labor relations;

implementation of civil law relations;

to contact the user in connection with filling out the feedback form on the site, including sending notifications, requests and information regarding the use of the site, processing, approval of orders and their delivery, execution of agreements and contracts;

depersonalization of personal data to obtain anonymized statistical data that is transmitted to a third party for research, work or services.

3.2.3. Categories of personal data subjects.

The personal data of the following subjects of personal data are processed:

individuals who are in labor relations with the Company;

individuals who quit the Company;

individuals who are candidates for work;

individuals who are in civil law relations with the Company;

individuals who are Users of the Site.

3.2.4. Personal data processed by the Operator:

data obtained during the implementation of labor relations;

data obtained for the selection of candidates for work;

data obtained in the implementation of civil law relations;

data received from Site Users.

3.2.5. The processing of personal data is carried out:

using automation tools;

without using automation tools.

3.3. Storage of personal data.

3.3.1. Personal data of entities can be obtained, undergo further processing and transferred to storage both on paper and in electronic form.

3.3.2. Personal data recorded on paper is stored in locked cabinets or in locked rooms with limited access.

3.3.3. Personal data of entities processed using automation tools for various purposes are stored in different folders.

3.3.4. Storage and placement of documents containing personal data in open electronic directories (file sharing) in ISPD is not allowed.

3.3.5. The storage of personal data in a form that allows to determine the subject of personal data is carried out no longer than the purpose of their processing requires, and they must be destroyed upon achievement of the processing goals or in case of loss of need to achieve them.

3.4. Destruction of personal data.

3.4.1. The destruction of documents (media) containing personal data is carried out by burning, crushing (grinding), chemical decomposition, turning into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.

3.4.2. Personal data on electronic media is destroyed by erasing or formatting the media.

3.4.3. The fact of the destruction of personal data is documented by the act on the destruction of media.

3.5. Transfer of personal data.

3.5.1. The operator transfers personal data to third parties in the following cases:

the subject has expressed his consent to such actions;

the transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

3.5.2. The list of persons to whom personal data is transmitted.

Pension Fund of the Russian Federation for accounting (legally);

tax authorities of the Russian Federation (legally);

Social Insurance Fund of the Russian Federation (legally);

territorial fund of compulsory medical insurance (legally);

insurance medical organizations for compulsory and voluntary medical insurance (legally);

banks for payroll (based on the contract);

Ministry of Internal Affairs of Russia in cases established by law;

depersonalized personal data of the Website Users is transferred to the counterparties.

4. Protection of personal data

4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (SZPD), consisting of subsystems of legal, organizational and technical protection.

4.2. The legal protection subsystem is a complex of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the CPA.

4.3. The organizational protection subsystem includes the organization of the management structure of the CPAA, the licensing system, and the protection of information when working with employees, partners, and third parties.

4.4. The technical protection subsystem includes a set of technical, software, software and hardware tools that protect personal data.

4.5. The main personal data protection measures used by the Operator are:

4.5.1. Appointment of a person responsible for the processing of personal data, which organizes the processing of personal data, training and briefing, internal control over compliance by the institution and its employees with requirements for the protection of personal data.

4.5.2. Identification of current threats to the security of personal data during their processing in ISPD and development of measures and measures to protect personal data.

4.5.3. Develop a policy regarding the processing of personal data.

4.5.4. Establishing rules for access to personal data processed in the ISPD, as well as ensuring the registration and accounting of all actions performed with personal data in the ISPD.

4.5.5. The establishment of individual passwords for employees to access the information system in accordance with their production responsibilities.

4.5.6. The use of the procedures for assessing the conformity of information protection facilities that have passed in the prescribed manner.

4.5.7. Certified antivirus software with regularly updated databases.

4.5.8. Compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them.

4.5.9. Detection of facts of unauthorized access to personal data and taking measures.

4.5.10. Recovery of personal data modified or destroyed due to unauthorized access to it.

4.5.11. Training of the Operator’s employees who directly process personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents that determine the Operator’s policy regarding the processing of personal data, local acts on the processing of personal data.

4.5.12. Implementation of internal control and audit.

5. Basic rights of the subject of personal data and obligations of the Operator

5.1. Basic rights of the subject of personal data.

The subject has the right to access his personal data and the following information:

confirmation of the fact of processing personal data by the Operator;

legal grounds and purposes of processing personal data;

goals and methods of processing personal data used by the Operator;

the name and location of the Operator, information about persons (except for the employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;

terms for processing personal data, including periods for their storage;

the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law;

name or surname, name, patronymic and address of the person who processes personal data on behalf of the Operator, if processing is or will be entrusted to such a person;

appeal to the Operator and sending him inquiries;

appeal against the actions or omissions of the Operator.

5.2. Responsibilities of the Operator.

The operator must:

when collecting personal data, provide information on the processing of personal data;

in cases where personal data was obtained not from the subject of personal data, notify the subject;

in case of refusal to provide personal data, the consequences of such refusal are explained to the subject;

publish or otherwise provide unrestricted access to a document defining its policy regarding the processing of personal data, to information about the implemented requirements for the protection of personal data;

take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;

give answers to requests and appeals of personal data subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.