1. GENERAL PROVISIONS
1.1. The personal data processing policy (hereinafter as the Policy) is intended to protect the rights and freedoms of individuals whose data are being processed by Symbionix LLC (hereinafter as the Operator).
1.2. The Policy has been developed pursuant to Paragraph 2, Part 1, Article 18.1 of Federal Law No. 152-FZ, “On Personal Data,” dated 27 July 2006 (hereinafter as the Personal Data Federal Law).
1.3. The Policy contains data that are subject to disclosure pursuant to Part 1, Article 14 of the Personal Data Federal Law, and is a public document.
2. OPERATOR DATA
2.1. The Operator shall carry out its business at Suite 404, 9 Svobodny Lane, Tver.
2.2. Anastasiya Andreevna Malakhova, the Director (email This email address is being protected from spambots. You need JavaScript enabled to view it.), has been appointed as the responsible in charge of arranging personal data processing.
2.3. The database of information that contains personal data of the Russian Federation citizens is located at Suite 404, 9 Svobodny Lane, Tver.
3. PERSONAL DATA PROCESSING INFORMATION
3.1. The Operator shall process personal data on the legitimate and fair basis to perform the functions, powers and duties imposed by the laws, to exercise the rights and legitimate interests of the Operator, its employees and third parties.
3.2. The Operator shall obtain personal data directly from a personal data subject.
3.3. The Operator shall process personal data by automated and manual methods, using computer equipment and without using such.
3.4. The personal data processing actions include collection, recording, arrangement, accumulation, storage, specification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymising, blocking, deletion and destruction.
3.5. The databases of information with personal data of the Russian Federation citizens are located in the Russian Federation.
4. CLIENT PERSONAL DATA PROCESSING
4.1. The Operator shall process the client personal data in the scope of legal relationships with the Operator governed by Part II of the Civil Code of the Russian Federation, No. 14-FZ dated 26 January 1996 (hereinafter the Clients).
4.2. The Operator shall process the client personal data seeking observance of the RF statutory regulations, and also:
— to maintain statistics, analysing which will enable to improve the product
— to conduct a dialogue (verbally, in writing, electronically) with clients
— to assume / fulfil obligations under contracts with clients
— to carry out the types of business stipulated by the founding documents of Symbionix LLC
— to inform about new products, special promotions and offers.
4.3. The Operator shall process the personal data of clients after having obtained their consent given for the validity period of the contracts entered into with them. In the cases stipulated in the Personal Data Federal Law, the consent is given in writing. In other case such consent shall be deemed to have been given upon entry into the contract or in taking implied actions.
4.4. The Operator may process the personal data of clients within the validity periods of contracts it has entered into. The Operator may process the personal data of clients upon expiration of contracts it has entered into, within a timeframe laid down in Paragraph 5, Part 3, Article 24 of Part I of the RF Civil Code, Part 1, Article 29 of the Federal Law “On Accounting,” other laws and regulations.
4.5. The Operator shall process the following personal data of clients:
— Surname, name, middle name
— Company details
— Medical indicators
— Address
— Contact telephone number
— Passport details
5. PERSONAL DATA SECURITY INFORMATION
5.1. The Operator shall appoint a responsible for personal data processing arrangements seeking to perform the duties stipulated in the Personal Data Federal Law, the laws and regulations passed based on that law.
5.2. The Operator shall utilise a set of legal, organisational and technical measures to ensure personal data security in order to maintain confidentiality of personal data and protect them from wrongdoing:
— grant unrestricted access to the Policy whose copy is available at the Operator’s address, and likewise may be published on the Operator’s website (if any)
— in pursuance of the Policy approve and give effect to the document “Personal Data Processing Regulations” (hereinafter the Regulations) and other bylaws;
— introduce employees to the new legal provisions on personal data, the Policy, and the Regulations
— authorise employees to access the personal data being processed in the Operator’s information system, and their tangible media solely to perform its employment duties
— lay down the rules of accessing the personal data being processed in the Operator’s information system, ensures registration and recording of all actions therewith
— assess the damage that may be inflicted to personal data subjects in case of breaching the Personal Data Federal Law
— identify the personal data security threats while such data is being processed in the Operator’s information system
— apply organisational and technical measures and use information security tools required to achieve the prescribed security level of personal data
— identify cases of unauthorised access to personal data and adequately respond, which includes recovery of personal data modified or destroyed as a consequence of unauthorised access thereto
— evaluate the efficiency of personal data security measures being taken prior to commissioning the Operator’s information system;
— perform internal control for compliance of personal data processing with the Personal Data Federal Law, laws and regulations passed based on that law, personal data protection requirements, the Policy, the Regulations and other bylaws, including control over actions taken to ensure personal data security and their security level while such data is being processed in the Operator’s information system.
6. RIGHTS OF PERSONAL DATA SUBJECTS
6.1. A personal data subject is entitled:
— to obtain the personal data in respect of a given subject, and information related to the processing of such
— to specify, block or destroy his/her personal data where such data are incomplete, outdated, inaccurate, illegally obtained or are not required for meeting the declared processing goal
— to revoke his/her consent to personal data processing
— to defend his/her rights and legitimate interests, including the indemnity for losses and compensation for moral injury at law
— to appeal against actions or inaction of the Operator to the authorised body that deals with protecting the rights of personal data subjects, or at law
6.2. To exercise their rights and legitimate interests the personal data subjects may refer to the Operator or else send an inquiry in person or via a proxy. The inquiry shall contain the data specified in Part 3, Article 14 of the Personal Data Federal Law.