Approved:
General manager
OOO "EVO"
_____________ E.S. Ivanov
04.08.2020
Privacy Policy
(Personal data policy
in the limited liability company "EVO")
Ulyanovsk city
2020
1. General Provisions
1.1. This Privacy Policy (personal data policy) (hereinafter referred to as the
Policy) has been developed in accordance with paragraph 2 of part 1 of article 18.1
of the Federal Law of the Russian Federation "On Personal Data" No. 152-FZ of
July 27, 2006, the Labor Code of the Russian Federation, and other regulatory legal
acts and applies to all personal data processed by EVO LLC (hereinafter referred to
as the Operator)
1.2. The Policy establishes the basic principles of processing personal data
(hereinafter referred to as PD) of the Operator, the purposes, legal grounds,
procedure and conditions for processing PD, determines the volume and category of
processed PD, as well as the requirements for their protection implemented by the
Operator.
1.3. The purpose of developing this Policy is to determine the categories of
personal data processed by the Operator, as well as the main conditions and
principles that the Operator follows when processing personal data.
1.4. The provisions of this Policy are mandatory for all employees of the
Operator.
1.5. The Policy is a publicly available document posted on the Operator’s
website on the Internet information and telecommunications network, with
unlimited access provided to any interested person.
1.6. If, as a result of contractual and other civil-law relations of the Operator
with third parties, the said persons may gain access to the personal data of any groups
of personal data subjects provided for in this Policy, the Operator is obliged to obtain
from such persons a written commitment to ensure the confidentiality of the personal
data, a commitment to use this data only for the purposes for which it was
communicated and only in permitted ways, as well as a commitment to take the
necessary legal, organizational and technical measures or ensure their adoption to
protect the personal data from unauthorized or accidental access to them,
destruction, modification, blocking, copying, provision, distribution and from other
illegal actions.
1.7. The Operator's employees who have received access to PD in connection
with the performance of their official duties are informed by the Operator about the
confidentiality of PD and undertake an obligation to keep it confidential. The
requirement to formalize the written obligation specified in this paragraph does not
apply to the transfer of information to authorized state and municipal bodies, state
extra-budgetary funds and in other cases established by law.
1.8. The Operator has the right to make changes to this Policy. When making
changes, the date of the last revision is indicated in the heading of the Policy. The
new version of the Policy comes into force from the moment of its approval by the
Operator's order.
2. Regulatory framework
The following regulatory documents were used in developing this Policy:
• Constitution of the Russian Federation;
• Civil Code of the Russian Federation;
• Labor Code of the Russian Federation;
• Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On
Personal Data" (hereinafter referred to as Federal Law No. 152-FZ);
• Federal Law of 06.04.2011 No. 63-FZ "On Electronic Signature";
• Federal Law of 22.10.2004 No. 125-FZ "On Archival Affairs in the Russian
Federation";
• Resolution of the Government of the Russian Federation of 01.11.2012 No.
1119 “On approval of requirements for the protection of personal data when
processing them in personal data information systems”;
• Resolution of the Government of the Russian Federation of 15.09.2008 No.
687 “On approval of the Regulation on the specifics of personal data processing
carried out without the use of automation tools”;
• Order of the FSTEC of Russia dated 18.02.2013 No. 21 “On approval of the
Composition and content of organizational and technical measures to ensure the
security of personal data when processing them in personal data information
systems”;
• Order of the Federal Archival Agency dated 20.12.2019 No. 236 "On
approval of the List of standard management archival documents generated in the
course of activities of state bodies, local government bodies and organizations,
indicating their storage periods";
• Order of the FSB of Russia dated 10.07.2014 No. 378 "On approval of the
Composition and content of organizational and technical measures to ensure the
security of personal data when processing them in personal data information systems
using cryptographic information protection tools necessary to meet the requirements
for the protection of personal data for each level of security established by the
Government of the Russian Federation."
3.Terms and definitions
Personal data (PD)
- any information relating directly or indirectly to
a specific or determinable individual (personal
data subject);
Automated processing of
personal data
- processing of personal data using computer
technology;
Biometric PDn
- information that characterizes the physiological
and biological characteristics of a person, on the
basis of which his identity can be established and
which is used by the Operator to establish the
identity of the subject of personal data;
Blocking of personal data
- temporary termination of the processing of
personal data (except in cases where processing is
necessary to clarify personal data);
Special categories of
personal data
- personal data concerning the racial, national
origin, political views, religious or philosophical
beliefs, health status, intimate life, criminal record
of the personal data subject;
PDn Operator (Operator)
- Limited Liability Company "EVO";
Representative
- an individual who is a representative of an
individual or legal entity whose powers are based
on a power of attorney, agreement, law or act of
an authorized state body or local government
body;
Subject(s) of PD
- an individual or sole proprietor who has entered
into an agreement and/or is planning a contractual
relationship with the Operator, including through
the Operator’s Partners; - representatives or
employees of legal entities, information about
which the legal entities transfer to the Operator;
- employees of the Operator, including former,
dismissed, retired and applicants for vacant
positions; - relatives of employees;
- visitors to the site atwww.evo73.ru. and its sub-
domains;
- other persons whose personal data processing is
necessary for the establishment and/or
performance of contractual and other civil law
relations with the Operator;
Access to information
- the ability to obtain information and use it (in
particular, copying, modifying or destroying
information; obtaining by the subject the ability to
become familiar with the information, including
with the help of technical means);
Personal Data Information
System
- a set of personal data contained in databases and
information technologies and technical means that
ensure their processing;
Confidentiality of personal
data
- requirement not to disclose, not to provide
access to third parties and not to allow the
distribution of personal data without the consent
of the subject of personal data or the presence of
other grounds in accordance with the current
legislation of the Russian Federation
Material carrier of PDn
- a material object used to secure and store
information. For the purposes of this Policy, a
material medium shall mean a paper document, a
floppy disk, a flash card, external hard drives,
CDs, DVDs, etc.
Depersonalization of
personal data
- actions as a result of which it becomes
impossible to determine the ownership of personal
data by a specific subject without the use of
additional information;
Processing of personal data
- any action (operation) or set of actions
(operations) performed with the use of automation
tools or without the use of such tools with
personal data, including collection, recording,
systematization, accumulation, storage,
clarification (updating, modification), extraction,
use, transfer (distribution, provision, access),
depersonalization, blocking, deletion, destruction
of personal data;
Personal data permitted for
distribution by the subject
of personal data
- PDn, access to which by an unlimited number of
persons is provided by the subject of PDn by
providing consent to the processing of PDn,
permitted by the subject of PDn for distribution in
the manner prescribed by the legislation on PDn;
Operator Partner
- a legal entity or an individual cooperating with
the Operator within the framework of the
implementation of its statutory activities.
Provision of personal data
- actions aimed at disclosing personal data to a
specific person or a specific group of persons
Distribution of personal
data
- actions aimed at disclosing personal data to an
indefinite number of persons, including the
publication of personal data in the media, posting
in information and telecommunications networks
or providing access to personal data in any other
way;
Roskomnadzor
- the authorized body for the protection of the
rights of personal data subjects is the Federal
Service for Supervision of Communications,
Information Technology and Mass Media
(Roskomnadzor);
Cross-border transfer of
personal data
- transfer of personal data to the territory of a
foreign state to a foreign government body, a
foreign individual or a foreign legal entity;
Destruction of personal
data
- actions that make it impossible to restore the
content of personal data in the personal data
information system and (or) that result in the
destruction of the material carriers of personal
data;
Purpose of personal data
processing
- a specific final result of actions performed with
PD, arising from the requirements of the current
legislation of the Russian Federation or
contractual relations of the parties, and aimed at
fulfilling the requirements of the legislation, as
well as creating the necessary legal conditions for
achieving optimal consideration of the interests of
the parties
Website
- the Operator's page on the Internet information
and telecommunications network, the electronic
address of which includes a domain name, the
rights to which belong to the
Operatorwww.evo73.ru.
Information about website
visitors
- a list of user data collected using Internet
services for assessing website traffic/collecting
metrics.
4. Principles of personal data processing
4.1. The processing of the Operator’s personal data is carried out on the
basis of the following principles:
• the legality and fairness of the basis for processing personal data, the
legality of the purposes and methods of processing personal data;
• compliance of the purposes of processing personal data with the purposes
previously determined and declared when collecting personal data;
• compliance of the content and volume of processed personal data,
methods of processing personal data with the stated purposes of processing
personal data, and the inadmissibility of using an excessive volume of personal
data in relation to the stated purposes of their processing;
• ensuring the accuracy, sufficiency and, where necessary, relevance of
personal data in relation to the purposes of their processing, and the
inadmissibility of redundancy of processed personal data in relation to the stated
purposes of their processing;
• the inadmissibility of combining personal data databases created for
incompatible purposes.
4.2. Storage of personal data is carried out in a form that allows the
identification of the subject of personal data, no longer than required by the
purposes of their processing, unless another storage period for personal data is
established by federal law and/or an agreement to which the subject of personal
data is a party, beneficiary or guarantor.
5. Purposes of personal data processing
5.1. PDn are processed by the Operator for the following purposes (by
groups):
5.1.1. Compliance with the requirements of labor legislation (fulfillment of
the Operator’s duties as an employer, as provided for by labor
legislation):
• calculation of wages; calculation of insurance premiums;
• selection and employment of personnel;
• providing information to the bank for the transfer of wages and
payment of remuneration;
• conclusion, execution and termination of an employment
contract;
• military registration of employees;
• arrangement of business trips;
• recording of information necessary to support labor relations
between an employee and an employer in accordance with the
legislation of the Russian Federation).
5.1.2. Compliance with the requirements of financial and tax legislation:
• maintaining current accounting and tax records, forming,
preparing and submitting accounting, tax and statistical reports,
reports to government funds;
• compliance with tax legislation requirements for the calculation,
withholding and payment of taxes, and the provision of tax
deductions.
5.1.3. Implementation of the statutory goals of the organization,
development of corporate governance of corporate relations:
• ensuring comprehensive security of the Organization;
• registration of passes for entry into the Operator’s territory and
registration of the transportation of goods by vehicle;
• execution of powers of attorney;
• development of corporate information systems;
• formation of corporate culture.
5.1.4. Conclusion, execution, modification and termination of civil law
contracts with counterparties (clients) and partners of the Operator.
Execution of orders for processing personal data received from third
parties.
5.1.5. Execution of an order for processing personal data received from third
parties.
5.2. Processed personal data are subject to destruction or depersonalization
upon expiration of the storage period, achievement of the processing purposes,
or in the event of loss of the need to achieve these purposes, unless otherwise
provided by law.
5.3. Processing of PD that is incompatible with the approved purposes is not
permitted. The categories and lists of processed PD, categories of PD subjects,
methods, terms of their processing and storage, the procedure for destroying PD
upon achieving the purposes of their processing or upon the occurrence of other
legal grounds for each purpose (by group) of PD processing are determined inin
accordance with Appendix No. 1 toof this Policy and may be specified in separate
local regulations of the Operator.
6. Categories of personal data processed
6.1. When determining the composition of the processed personal data of
subjects, the Operator is guided by the minimum necessary composition of
personal data to achieve the purposes of their receipt.
6.2. The Operator processes personal data of the following categories of
subjects:
6.2.1. Category: an individual or sole proprietor who has entered into an
agreement and/or is planning a contractual relationship with the
Operator, including through the Operator’s Partners.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence;
• registration address;
• education data;
• citizenship; status (resident/non-resident);
• information about TIN, SNILS;
• details of personal data subjects' accounts;
• contact information (phone, email, postal address);
• photo and video images;
• geolocation data;
• IP - the address of the device from which the system was logged
in;
• the source of the transition to the site and information about the
search or other request;
• data about the user device (including resolution, version and
other attributes that characterize the user device);
• user interaction with the site interface (logs of work with
interfaces, routes of movement, displays and views of banners,
videos, activation of sections, fields, etc.);
• data characterizing audience segments;
• other information about the subject of personal data depending
on the services provided to the Operator and the type of
contractual relationship.
6.2.2. Category: representatives or employees of legal entities, information
about whom legal entities transfer to the Operator.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence
• registration address;
• citizenship; status (resident/non-resident);
• contact information (phone, email, postal address);
• photo and video images;
• geolocation data;
• IP - the address of the device from which the system was logged
in;
• the source of the transition to the site and information about the
search or other request;
• data about the user device (including resolution, version and
other attributes that characterize the user device);
• other information about the subject of personal data depending
on the services provided to the Operator and the type of
contractual relationship.
6.2.3. Category: visitors who are issued one-time temporary passes to visit
the Organization.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence
• registration address;
• citizenship; status (resident/non-resident);
• contact information (phone, email, postal address);
• photo and video images.
6.2.4. Category: employees of the Operator, including former, dismissed,
retired and applicants for vacant positions; relatives of employees.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence
• citizenship; status (resident/non-resident); marital status;
• social status (including information on social benefits);
• information about guardianship and trusteeship;
• data on education; data on advanced training; position;
profession, place of work; income; information on work activity;
data from identity documents and other documents issued in the
name of the subject of personal data (work books, driver's
licenses, migration cards, temporary residence permits, etc.);
• date and address (of residence, registration, registration);
• information about family members;
• information about TIN, SNILS;
• details of personal data subjects' accounts;
• contact information (phone, email, postal address);
• information contained in documents confirming the right to
benefits;
• photo and video images;
• information specified in the marriage certificate;
• information specified in the children's birth certificate;
• information from the employee's employment contract;
• work permit or patent data;
• personnel number;
• military registration data;
• information about work experience, previous places of work,
income from previous places of work;
• information about the state of health (confirming the ability to
perform work functions).
6.2.5. Category: website visitors atwww.evo73.ru. and its subdomains.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence;
• data on work activity (name, position, specialization, duties,
place of work, period of work)
• competencies;
• citizenship; status (resident/non-resident); marital status;
• social status (including information on social benefits);
• information about legal representatives (last name, first name,
patronymic; gender; date, month, year of birth, place of birth,
country of birth; details of the identity document (series, number,
when and by whom issued, department code); citizenship; status
(resident/non-resident); marital status; place of residence, date
and address (of residence, registration, registration));
• education;
• date and address (of residence, registration, registration);
• information about TIN, SNILS;
• details of personal data subjects' accounts;
• contact information (phone, email, postal address);
• photo and video images;
• information about website visitors;
• cookies;
• information about interests.
• photo;
• links to online course certificates;
• links to social media accounts;
• account identifier, business and personal characteristics and any
other data obtained using mobile and web applications installed
or used on personal devices, as well as by any other means
during the educational and other events, including digital audio
and video recordings of events, photographic materials, software
products, documents and any other digital resources created
during the events;
• geolocation data;
• IP - the address of the device from which the system was logged
in;
• the source of the transition to the site and information about the
search or other request;
• data about the user device (including resolution, version and
other attributes that characterize the user device);
• user interaction with the website interface (logs of work with
information system interfaces, travel routes, banner displays and
views, videos, activation of sections, fields, etc.);
• data characterizing audience segments;
• results of responses to questions from questionnaires and
diagnostic surveys, tests located on the website;
• other information about the subject of personal data depending
on the services provided by the Operator and the operations
carried out.
6.2.6. Category: other persons whose personal data processing is necessary
for the occurrence and/or performance of contractual and other civil
law relations with the Operator.
The processed personal data may include:
• last name, first name, patronymic;
• floor;
• date, month, year of birth, place of birth, country of birth;
• identity document details (type of document, series, number,
when and by whom issued, department code);
• place of residence;
• registration address;
• education data;
• citizenship; status (resident/non-resident);
• information about TIN, SNILS;
• details of personal data subjects' accounts;
• contact information (phone, email, postal address);
• photo and video images;
• geolocation data;
• IP - the address of the device from which the system was logged
in;
• the source of the transition to the site and information about the
search or other request;
• data about the user device (including resolution, version and
other attributes that characterize the user device);
• user interaction with the website interface (logs of work with
information system interfaces, travel routes, banner displays and
views, videos, activation of sections, fields, etc.);
• data characterizing audience segments;
• other information about the subject of personal data depending
on the services provided to the Operator and the type of
contractual relationship.
6.3. The processing of special categories of personal data concerning racial,
national origin, political views, religious or philosophical beliefs, and intimate
life is carried out by the Operator only with the written consent of the personal
data subject.
6.4. Processing of information about the state of health is carried out in
accordance with the Labor Code of the Russian Federation, Federal Law of
November 29, 2010 No. 326-FZ "On Compulsory Medical Insurance in the
Russian Federation", as well as paragraph 1 and paragraph 2.3 of Part 2 of Article
10 of Federal Law No. 152-FZ.
6.5. The processing of biometric personal data by the Operator is carried out
in accordance with Article 11 of Federal Law No. 152-FZ.
6.6. Cross-border transfer of PD on the territory of foreign states that do not
ensure adequate protection of the rights of PD subjects (or in the absence of the
possibility of assessing the adequacy of protection) may be carried out by the
Operator only in cases of execution of an agreement to which the PD subject is
a party, or in the presence of written consent from the PD subject to the cross-
border transfer of his PD.
7. Legal grounds for processing personal data
7.1. Constitution of the Russian Federation, Chapter 14 of the Labor Code,
Civil Code of the Russian Federation, Tax Code of the Russian Federation,
Federal Law of 29.12.2012 No. 273-FZ "On Education in the Russian
Federation", Federal Law of 06.12.2011 No. 402-FZ "On Accounting", Federal
Law of 08.08.2001 No. 129-FZ "On State Registration of Legal Entities and
Individual Entrepreneurs", Federal Law of 01.04.1996 No. 27-FZ "On Individual
(Personalized) Accounting in the Compulsory Pension Insurance System",
Federal Law of 16.07.1999 No. 165-FZ "On the Fundamentals of Compulsory
Social Insurance", Federal Law of 29.12.2006. No. 255-FZ "On Compulsory
Social Insurance in Case of Temporary Disability and in Connection with
Maternity", Federal Law of July 24, 1998 No. 125-FZ "On Compulsory Social
Insurance against Industrial Accidents and Occupational Diseases", Federal Law
of March 28, 1998 No. 53-FZ "On Military Duty and Military Service", Federal
Law of February 26, 1997 No. 31-FZ "On Mobilization Preparation and
Mobilization in the Russian Federation", Order of Rosarchive of December 20,
2019 No. 236 "On Approval of the List of Standard Management Archival
Documents Generated in the Process of Activities of State Bodies, Local
Governments and Organizations, Indicating Their Storage Periods";
7.2. Operator Charter;
7.3. Civil law contracts of the Operator, to which the subject of personal
data is a party, beneficiary or guarantor;
7.4.Agreements-assignments under which the Organization is the party
processing personal data;
7.5. Consent to the processing of personal data.
7.6.Employment contracts.
8. Basic rights and obligations of the Operator and the Subject of
personal data:
Personal data subjects or their legal representatives have the right to:
8.1. Personal data subjects or their legal representatives have the right to:
• receive complete information about your personal data and the processing
of this data (including automated processing);
• exercise free and unrestricted access to their personal data, including the
right to receive copies of any record containing the personal data of the
subject, except in cases provided by law;
• demand the exclusion or correction of incorrect or incomplete personal
data, as well as data processed in violation of the law, clarification of their
personal data, their blocking or destruction;
• if the Operator or a person authorized by him refuses to exclude or correct
the subject’s personal data, state his disagreement in writing, providing the
relevant justification;
• revoke your consent to the processing of personal data;
• require the Operator or a person authorized by it to notify all persons who
were previously informed of incorrect or incomplete personal data of the
subject, of all changes made to them or exclusions from them;
• appeal in court any illegal actions or inactions of the Operator or a person
authorized by him, carried out during the processing and protection of the
subject’s personal data;
• demand that the transfer (distribution, provision, access) of their personal
data previously permitted for distribution be stopped.
8.2. Personal data subjects or their legal representatives are obliged to:
• provide the Operator with personal data that corresponds to reality;
• promptly notify the Operator of all changes to personal data.
8.3. The operator has the right:
• carry out the processing of personal data subject to the existence of legal
grounds, compliance of the processing processes with the stated purposes
of processing, the requirements of the legislation of the Russian
Federation, the provisions of this Privacy Policy and other local regulatory
acts of the Operator;
• process the personal data of the Personal Data Subject in accordance with
the stated purpose;
• require the Personal Data Subject to provide reliable Personal Data;
• restrict the access of the Personal Data Subject to his/her Personal Data if
the Personal Data Processing is carried out in accordance with the
legislation on combating the legalization (laundering) of proceeds from
crime and the financing of terrorism, or if the Personal Data Subject’s
access to his/her Personal Data violates the legal rights and interests of
third parties, as well as in other cases stipulated by the legislation of the
Russian Federation;
• process personal data permitted by the subject of personal data for
distribution, in compliance with the requirements of Article 10.1. of
Federal Law No. 152-FZ and depersonalized PD of individuals;
• process personal data subject to publication or mandatory disclosure in
accordance with the legislation of the Russian Federation;
• entrust the processing of personal data to another person with the consent
of the Personal Data Subject.
8.4. The operator is obliged:
• at its own expense, ensure the protection of personal data from unlawful
use or loss in accordance with the procedure established by the legislation
of the Russian Federation;
• provide the subject of personal data, upon his request, with information
concerning the processing of his personal data, or, on legal grounds,
provide a refusal;
• provide the subject with free access to his/her personal data, including the
right to receive copies of any record containing his/her personal data,
except in cases stipulated by law;
• at the request of the subject of personal data, clarify the personal data being
processed, block or delete them if the personal data are incomplete,
outdated, inaccurate, illegally obtained or are not necessary for the stated
purpose of processing;
• in the event of confirmation of the fact of inaccuracy of personal data, on
the basis of information provided by the personal data subject or his
representative or the authorized body for the protection of the rights of
personal data subjects, or other necessary documents, clarify the personal
data or ensure their clarification (if the processing of personal data is
carried out by another person acting on behalf of the operator) within seven
working days from the date of submission of such information and remove
the blocking of personal data;
• maintain a Log of requests and inquiries from personal data subjects or
their representatives and monitor the receipt and processing of such
requests and inquiries;
• notify the subject of personal data about the processing of personal data in
the event that the personal data were not received from the subject of
personal data;
• in the event that the purpose of processing personal data is achieved,
immediately stop processing personal data and destroy the relevant
personal data within a period not exceeding thirty days from the date of
achieving the purpose of processing personal data, unless otherwise
provided by federal laws, if the appeal or request was sent by the
authorized body for the protection of the rights of personal data subjects,
also the said body;
• in the event that illegality of the processing of personal data is detected,
within a period not exceeding three working days from the date of such
detection, stop the processing of personal data or ensure that the processing
of personal data is stopped by the person acting on the instructions of the
operator;
• if it is impossible to ensure the legality of the processing of personal data,
within a period not exceeding ten working days from the date of detection
of the illegal processing of personal data, destroy such personal data or
ensure their destruction;
• in the event of destruction of unlawfully processed personal data, notify
the subject of personal data or his representative, and in the event that the
appeal of the subject of personal data or his representative or the request
of the authorized body for the protection of the rights of subjects of
personal data were sent by the authorized body for the protection of the
rights of subjects of personal data, also the said body;
• in the event of the personal data subject’s withdrawal of consent to the
processing of their personal data, stop the processing of personal data and
destroy the personal data within a period not exceeding thirty days from
the date of receipt of the said withdrawal, unless otherwise provided by the
agreement between the Operator and the personal data subject;
• provide the Subject's PD only to authorized persons and only to the extent
necessary for them to perform their work duties in accordance with this
Policy
confidentiality and the legislation of the Russian Federation;
• publish, no later than three working days from the date of receipt of the
relevant consent of the personal data subject, information on the conditions
of processing and on the existence of prohibitions and conditions for the
processing of personal data by an unlimited number of persons, permitted
by the personal data subject for distribution;
• stop, at the request of the subject of personal data, the transfer
(distribution, provision, access) of personal data previously permitted by
him for distribution.
9. Procedure and conditions for processing personal data
9.1. The Operator processes personal data in the following ways:
• non-automated processing of personal data;
• automated processing of personal data with or without the transfer of
received information via information and telecommunications networks;
• mixed processing of personal data.
9.2. The list of actions performed by the Operator with the personal data of
the personal data subjects includes: collection, recording, systematization,
accumulation, storage, clarification (updating, modification), extraction, use,
transfer (distribution, provision, access), depersonalization, blocking, deletion,
destruction of personal data.
9.3. Terms of processing personal data: until the purpose of processing
personal data is achieved, unless other terms are provided for in consents for
processing personal data, civil contracts or employment contracts with personal
data subjects or other documents executed by personal data subjects.
9.4. Storage periods for personal data: no longer than required by the
purposes of processing personal data and within the limits established by the
storage periods for documents established by the order of Rosarchive dated
20.12.2019 No. 236 “On approval of the List of standard management archival
documents generated in the course of activities of state bodies, local governments
and organizations, indicating their storage periods”, limitation periods or other
requirements of the law.
9.5. The Operator receives all personal data directly from the personal data
subject, from his/her representative or from the person who has instructed the
Operator to process the personal data, as well as from other third parties,
provided that the third party ensures the legality of the transfer of personal data
to the Operator and/or if the receipt of personal data by the Operator is provided
for by law.
9.6. Processing of PD is carried out with the consent of the subject of PD,
except for cases stipulated by law. Consent may be expressed in various forms
that allow confirmation of the fact of its receipt, including in implicative actions,
in writing in the form of a separate document, or as part of any document signed
by the subject. Consent may be given by a representative of the subject, upon
providing evidence of his authority.
9.7. Consent to the processing of PD may be revoked by the subject of PD.
In cases stipulated by law, the processing of PD may be continued after the
subject revokes consent to the processing.
9.8. When making decisions affecting the interests of the subject, the
Operator never relies on the results of processing the subject’s PD obtained
solely as a result of their automated processing or electronic receipt.
9.9. Personal data are not used for the purpose of causing property and/or
moral harm to citizens or hindering the exercise of the rights and freedoms of
citizens of the Russian Federation.
9.10. Access to personal data is granted to the Operator’s employees who
need personal data in connection with the performance of their official duties.
9.11. Transfer of the Operator's PD to third parties, including those located
outside the Russian Federation (cross-border transfer), is carried out only with
the consent (in cases established by law, written consent) of the PD Subject,
except for cases stipulated by law and only subject to the acceptance by such
person of a written obligation to ensure the confidentiality of the PD, an
obligation to use this data only for the purposes for which it was communicated
and only in permitted ways, as well as an obligation to take the necessary legal
(including issuing a Privacy Policy), organizational and technical measures or
ensure their adoption to protect the PD from unauthorized or accidental access
to them, destruction, modification, blocking, copying, provision, distribution of
PD, as well as from other illegal actions in relation to the PD. The requirement
to formalize the specified written obligation does not apply to cases of transfer
of PD to state and municipal authorities, the Pension Fund and other state extra-
budgetary funds, in the manner and in the cases stipulated by current legislation.
The specific name and location of the relevant third parties, the purposes of the
transfer, the volume of transferred PD, the list of actions for their processing, the
methods and other conditions of processing are determined in the consent of the
PD Subject to the processing of PD.
9.12. When issuing an order to a person processing personal data on behalf
of the Operator, the Operator is obliged to ensure compliance with the
requirements of Part 3 of Article 6 of Federal Law No. 152-FZ, in particular, to
determine in such an order:
• list of personal data;
• list of actions (operations) with personal data;
• purposes of processing personal data;
• the obligation to maintain the confidentiality of personal data and the
requirements provided for in Part 5 of Article 18 and Article 18.1 of Federal Law
No. 152-FZ;
• the obligation, at the request of the Operator, during the term of the order,
to provide documents and other information confirming the adoption of measures
and compliance with the requirements for the protection of personal data
established by law and the order;
• the obligation to ensure the security of personal data during their
processing;
• requirements for the protection of processed personal data in accordance
with Article 19 of Federal Law No. 152-FZ;
• requirement to notify the Operator of cases provided for in Part 3.1 of
Article 21 of Federal Law No. 152-FZ.
9.13. The operator has the right to transfer personal data to inquiry and
investigation bodies, tax authorities, statistical bodies, federal extra-budgetary
funds, and other authorized bodies on the grounds stipulated by the current
legislation of the Russian Federation.
9.14. The operator has the right to create publicly available sources of
personal data, which may include personal data of the personal data subject with
his written consent.
9.15. Consent to the processing of PD permitted by the PD subject for
distribution is drawn up separately from other consents of the PD subject for the
processing of his/her PD. The operator is obliged to provide the PD subject with
the opportunity to determine the list of PD for each PD category specified in the
consent to the processing of PD permitted by the PD subject for distribution.
9.16. In the consent to the processing of PD permitted by the PD subject for
distribution, the PD subject has the right to establish prohibitions on the transfer
(except for providing access) of these PD by the Operator to an unlimited number
of persons, as well as prohibitions on the processing or conditions for the
processing (except for obtaining access) of these PD by an unlimited number of
persons.
9.17. Processing of PDn permitted for distribution by the PD subject is
carried out by the Operator in compliance with the requirements of Article 10.1
of Federal Law No. 152-FZ.
9.18. When processed without the use of automation tools, personal data are
separated from other information, in particular by recording them on separate
material carriers of personal data (hereinafter referred to as material carriers), in
special sections or in the fields of forms (blanks).
9.19. When recording personal data on tangible media, it is not permitted to
record on one tangible media PD whose processing purposes are obviously
incompatible. For processing various categories of personal data, carried out
without the use of automation tools, a separate tangible media is used for each
category of personal data.
9.20. Persons processing personal data without the use of automation tools
must be informed of the fact that they are processing personal data, the
processing of which is carried out by the operator without the use of automation
tools, the categories of personal data being processed, as well as the features and
rules for carrying out such processing.
9.21. When using standard forms of documents filled out by the subject of
personal data personally, the nature of the information in which assumes or
allows the inclusion of personal data in them (hereinafter referred to as the
standard form), the following conditions are met:
9.21.1. The standard form or related documents (instructions for filling it
out, cards, registers and logs) must contain information about the
purpose of processing personal data carried out without the use of
automation tools, the name (title) and address of the operator, the last
name, first name, patronymic and address of the subject of personal
data, the source of obtaining personal data, the timeframes for
processing personal data, a list of actions with personal data that will
be performed during their processing, a general description of the
methods of processing personal data used by the operator.
9.21.2. The standard form must provide a field in which the subject of
personal data can mark his/her consent to the processing of personal
data carried out without the use of automation tools - if it is necessary
to obtain written consent to the processing of personal data.
9.21.3. The standard form must be drawn up in such a way that each of the
personal data subjects contained in the document has the opportunity
to familiarize themselves with their personal data contained in the
document without violating the rights and legitimate interests of other
personal data subjects.
9.21.4. The standard form must exclude the combination of fields intended
for entering personal data, the purposes of processing of which are
obviously incompatible.
9.22. PDn are subject to destruction upon achievement of the processing
objectives (loss of the need to achieve them), upon expiration of the storage
period, upon receipt of the revocation of the consent of the personal data subject
to their processing, or at the request of the person who instructed the processing
of PDn within a period not exceeding thirty days from the date of achievement
of the purpose of processing PDn, or receipt of the relevant request. Destruction
is carried out in the presence of a commission. Based on the results, a destruction
report is drawn up.
9.23. Personal data are subject to destruction in the event of detection of
illegal processing within a period not exceeding ten working days from the date
of detection of illegal processing of personal data.
9.24. Storage of PD is carried out in a form that allows for the identification
of the PD Subject, for the periods determined in accordance with paragraph 9.3
of this Privacy Policy, unless another storage period for PD is established by law,
an agreement to which the PD Subject is a party, beneficiary or guarantor. When
storing PD, the Operator uses databases located on the territory of the Russian
Federation, in accordance with Part 5 of Article 18 of Federal Law No. 152-FZ.
9.25. When storing personal data processed without the use of automation
tools, the following conditions are observed:
• separate storage of personal data (material carriers) is carried out, the
processing of which is carried out for various purposes;
• storage of tangible media is carried out under conditions that ensure the
safety of personal data and exclude unauthorized access to them.
10. Information on the implemented requirements for the protection
of personal data
10.1. When processing personal data, the Operator shall take the necessary
legal, organizational and technical measures or ensure their adoption to protect
personal data from unauthorized or accidental access to them, destruction,
modification, blocking, copying, provision, distribution of personal data, as well
as from other illegal actions in relation to personal data.
10.2. The protection of personal data is ensured by the Operator in
accordance with the procedure established by current legislation and local acts
of the Operator, by implementing a set of organizational and technical measures
to ensure their security.
10.3. All security measures during the collection, processing, storage and
transfer of the subject's PD apply to both paper and machine-readable
information carriers. The measures to ensure the security of PD during their
processing, applied by the Operator, are planned and implemented in order to
ensure compliance with the requirements of Federal Law No. 152-FZ.
10.4. In addition to the requirements of Federal Law No. 152-FZ, a set of
measures aimed at protecting information is carried out. The Operator is guided
by the requirements and recommendations of the current legislation of the
Russian Federation, as well as the best Russian and international practices.
10.5. The Operator shall independently determine the composition and list
of measures necessary and sufficient to ensure compliance with the requirements
of the legislation of the Russian Federation. The Operator, in particular, has taken
the following measures:
• the agreements concluded between the Operator and the counterparty
provide for the parties' obligation to comply with the personal data
confidentiality requirements established by Article 7 of Federal Law No.
152-FZ, as well as information on the adoption by the parties of the
measures provided for in Part 2 of Article 18.1, Part 1 of Article 19 of the
Federal Law "On Personal Data";
• the present Privacy Policy of the Operator regarding the processing of
personal data has been developed and approved and access to it has been
ensured for an unlimited number of persons;
• a person responsible for organizing the processing of personal data has
been appointed;
• officials responsible for the implementation of local regulatory documents
on issues of personal data processing by departments have been appointed;
• local acts on the processing of personal data have been developed and
implemented, defining for each purpose of processing personal data the
categories and list of personal data to be processed, the categories of
subjects whose personal data are processed, the methods and terms of
their processing and storage, the procedure for the destruction of personal
data upon achieving the purposes of their processing or upon the
occurrence of other legal grounds, as well as local acts establishing
procedures aimed at preventing and identifying violations of the
legislation of the Russian Federation, eliminating the consequences of
such violations;
• legal, organizational and technical measures are applied to ensure the
security of personal data;
• internal control is carried out over the compliance of personal data
processing with Federal Law No. 152-FZ and regulatory legal acts
adopted in accordance with it, requirements for the protection of personal
data, the Operator’s Privacy Policy regarding the processing of personal
data, and local acts of the Operator;
• an assessment is made of the harm that may be caused to personal data
subjects in the event of a violation of the requirements of the legislation
on the protection of personal data, the ratio of the said harm and the
measures taken by the Operator aimed at ensuring the fulfillment of the
obligations stipulated by the legislation on the protection of personal data;
• the Operator's employees directly involved in the processing of personal
data are familiar with the provisions of the legislation of the Russian
Federation on personal data, including the requirements for the protection
of personal data, documents defining the Operator's privacy policy
regarding the processing of personal data, and local regulations on issues
of processing personal data.
11. Updating, correcting, deleting and destroying personal data
11.1. The operator has the right to add, supplement, change, block or delete
personal data in accordance with the current legislation on the protection of
personal data.
11.2. At the request of the Personal Data Subject, the Operator is obliged
to:
11.2.1. provide information regarding the processing of his/her
personal data, in particular:
• confirmation of the fact of processing of personal data by the
Operator;
• legal grounds and purposes of processing personal data;
• the purposes and methods of processing personal data used by the
Operator;
• the name and location of the Operator, information about persons
(except for the operator’s employees) who have access to the
personal data or to whom the personal data may be disclosed on the
basis of an agreement with the operator or on the basis of the law;
• processed personal data related to the relevant subject of personal
data, the source of their receipt, unless another procedure for submitting
such data is provided by law;
• terms of processing personal data, including the terms of their
storage;
• the procedure for the exercise by the subject of personal data of the
rights provided by law;
• information on the completed or intended cross-border transfer of
data;
• the name or surname, first name, patronymic and address of the
person processing the personal data on behalf of the operator, if the
processing is or will be entrusted to such person;
• information on the methods of execution by the operator of the duties
established by Article 18.1 of this Federal Law No. 152-FZ;
• other information provided by law;
11.2.2. clarify incomplete, outdated or inaccurate personal data;
11.2.3. ensure the blocking or destruction of personal data if they were
obtained illegally, are not necessary for the stated purpose of
processing, or the consent of the personal data subject has been
revoked.
11.3. The request of the PD Subject or his/her representative shall be sent
to the Operator in paper form and shall contain the number of the main document
certifying the identity of the PD Subject or his/her representative, information on
the date of issue of the said document and the issuing authority, information
confirming the participation of the PD Subject in relations with the Operator
(contract number, date of conclusion of the contract, conventional verbal
designation and (or) other information), or information otherwise confirming the
fact of PD processing by the Operator, the signature of the PD Subject or his/her
representative. When sending a request, the PD Subject may use the forms
provided for in Appendix No. 2 to the Privacy Policy.
11.4. The request of the Personal Data Subject may be sent in the form of
an electronic document and signed with an electronic signature in accordance
with the legislation of the Russian Federation by e-mail. Users of the Operator's
digital platforms may send a request using the appropriate means and/or services
of the platform using their account data and subject to the identification
procedure.
11.5. Upon receipt of a request from PD Subjects and their representatives,
authorized bodies, the responsible employee of the Operator registers such
request in the relevant logs for recording requests and inquiries from PD subjects.
11.6. The Operator, within 10 days from the date of receipt of the request,
notifies the Personal Data Subject of its acceptance for consideration and the
timeframe for such consideration, unless otherwise provided by law.
Appendix No. 1
Categories and lists of processed PD, categories of PD subjects, methods, terms of their processing and storage, the procedure for
the destruction of PD upon achieving the purposes of their processing or upon the occurrence of other legal grounds for each
purpose of PD processing (by groups)
Purpose groups and purposes of
processing
Categories of subjects and
lists of personal
data
Categories
personal
data
Way
processing
Deadlines
processing and
storage
Procedure for destruction of
personal data
Compliance with the requirements of
labor legislation (fulfillment of the
duties of the Operator as an employer,
as provided for by labor legislation):
• calculation of wages; calculation of
insurance premiums;
• selection and employment of
personnel;
• providing information to the bank
for the transfer of wages and
payment of remuneration;
• conclusion, execution and
termination of an employment
contract;
• military registration of employees;
• arrangement of business trips;
• recording of information necessary
to support labor relations between
an employee and an employer in
accordance with the legislation of
the Russian Federation).
Categories of subjects and
the list of PD specified in
paragraph 6.2.5 of the
Policy to the extent
necessary to achieve the
specified purpose of
processing
General, special
Mixed processing
with and without
automation
Until the purpose of
processing is
achieved (including
termination of an
employment
contract), except in
cases provided for by
the consent of the
subject of personal
data and/or the
requirements of the
law
The procedure is
determined by an internal
local regulatory act and,
depending on the type of
personal data carrier, is
carried out by:
• for paper media–
physical destruction of the
carrier (shredding);
• in information systems-
irreversible deletion
(destruction) using special
software;
• removable electronic
media– physical
destruction of the carrier
and/or irreversible deletion
(destruction) using special
software
Compliance with financial and tax
legislation:
• maintaining current accounting
and tax records, forming,
paragraphs 6.2.1, 6.2.2,
6.2.4, 6.2.6 of the Policy
to the extent necessary to
General, special
Mixed processing
with and without
automation
Until the purpose of
processing is
achieved (including
termination of civil
The procedure is
determined by an internal
local regulatory act and,
depending on the type of
Purpose groups and purposes of
processing
Categories of subjects and
lists of personal
data
Categories
personal
data
Way
processing
Deadlines
processing and
storage
Procedure for destruction of
personal data
preparing and submitting
accounting, tax and statistical
reports, reports to government
funds;
• compliance with tax legislation
requirements
• calculation, withholding and
payment of taxes, provision of tax
deductions.
achieve the specified
purpose of processing
contracts, education
contracts), except for
cases provided for by
the consent of the
subject of personal
data and/or the
requirements of the
law
personal data carrier, is
carried out by:
• for paper media–
physical destruction of the
carrier (shredding);
• in information systems-
irreversible deletion
(destruction) using special
software;
• removable electronic
media– physical
destruction of the carrier
and/or irreversible deletion
(destruction) using special
software
Purpose groups and purposes of
processing
Categories of subjects and
lists of personal
data
Categories
personal
data
Way
processing
Deadlines
processing and
storage
Procedure for destruction of
personal data
Implementation of the statutory goals
of the organization, development of
corporate governance of corporate
relations:
• ensuring corporate security;
• in the registration of passes for
entry into the Operator’s territory
and the registration of the
transportation of goods by vehicle;
• execution of powers of attorney;
• development of corporate
information systems;
• formation of corporate culture.
Categories of subjects and
lists of PD specified in
paragraphs 6.2.1, 6.2.2,
6.2.3 of the Policy to the
extent necessary to
achieve the specified
purpose of processing
General,
special
Mixed processing
with and without
automation
Until the purpose of
processing is
achieved (including
termination of
education
agreements), except
in cases provided for
by the consent of the
subject of personal
data and (or) the
requirements of the
law
The procedure is
determined by an internal
local regulatory act and,
depending on the type of
personal data carrier, is
carried out by:
• for paper media–
physical destruction of the
carrier (shredding);
• in information systems-
irreversible deletion
(destruction) using special
software;
removable electronic
media– physical destruction
of the carrier and/or
irreversible deletion
(destruction) using special
software
Purpose groups and purposes of
processing
Categories of subjects and
lists of personal
data
Categories
personal
data
Way
processing
Deadlines
processing and
storage
Procedure for destruction of
personal data
Conclusion, execution, modification
and termination of civil law contracts
with counterparties (clients) and
partners of the Operator.
Categories of subjects
and lists of PD
specified in paragraphs
6.2.1, 6.2.2, 6.2.6 of
the Policy to the extent
necessary to achieve
the specified purpose
of processing
General,
Mixed processing
with and without
automation
Until the purpose of
processing is
achieved (including
termination of
education
agreements), except
in cases provided for
by the consent of the
subject of personal
data and (or) the
requirements of the
law
The procedure is
determined by an internal
local regulatory act and,
depending on the type of
personal data carrier, is
carried out by:
• for paper media–
physical destruction of the
carrier (shredding);
• in information systems-
irreversible deletion
(destruction) using special
software;
removable electronic
media– physical destruction
of the carrier and/or
irreversible deletion
(destruction) using special
software
Execution of an order for processing
personal data received from third
parties (other personal data
operators).
Defined in the assignment (contract)
Appendix No. 2
Sample (standard) forms of documents at the request of personal data
subjects or their representatives
Standard form of request for information on the availability of personal data of the subject to the operator
To the General Director of the Limited Liability Company "EVO"
432042, Ulyanovsk region, Ulyanovsk city, Efremova st., 29, office
312/3
_____________________________________________________
(last name, first name, patronymic, general director)
_____________________________________________________
(last name, first name, patronymic of the applicant or legal representative)
_______________________________________ series ________
(name of identity document)
No. ___________ issued by
_____________________________________________________
___________ on “___” ________ 20___
(identity document details)
registration (residence) address: ______________________
_____________________________________________________
Email address: _____________________________
telephone:
_____________________________________________
REQUEST for information on the operator's possession of the subject's
personal data
In the event that the limited liability company "EVO" processes my /or/
__________________________________________________________________
__________________
(Full name of the person represented, year of birth, passport details)
personal data, please provide me with information about your organization.
Otherwise, please notify me about the lack of processing of my /or/
_______________________________________________
(Full name of the represented person)
personal data.
Please send the response in writing /or/ electronically to the above address
within the time period specified by Federal Law No. 152-FZ of July 27, 2006 “On
Personal Data”.
Appendix: document confirming the authority of the representative.
“___” _________ 20___ _______________ ___________________________
(signature) (full name)
Standard form of request for access to personal data
To the General Director of the Limited Liability Company "EVO"
432042, Ulyanovsk region, Ulyanovsk city, Efremova st., 29, office
312/3
_____________________________________________________
(last name, first name, patronymic, general director)
_____________________________________________________
(last name, first name, patronymic of the applicant or legal representative)
_______________________________________ series ________
(name of identity document)
No. ___________ issued by
_____________________________________________________
___________ on “___” ________ 20___
(identity document details)
registration (residence) address: ______________________
_____________________________________________________
Email address: _____________________________
telephone:
_____________________________________________
REQUEST
on providing the opportunity to get acquainted with personal data
Please provide me with the information you process, which constitutes my
/or________________________________________________________________
__________________________________/
(Full name of the person represented, year of birth, passport details)
personal data and indicate:
• is my /or _____________________________/ being processed?
(Full name of the represented person)
personal data;
• the purposes, methods and terms of its processing;
• list of my /or ___________________________/ processed by you
(Full name of the represented person)
personal data and the source of their receipt;
• what persons have access or may have access to my/or _______
__________________/ personal data;
(Full name of the
represented person)
• the storage period of my and/or __________________/ personal data;
(Full name of the represented
person)
• was there a cross-border transfer of my /or ________________/
(Full name of the represented person)
personal data, if not, is such transfer expected;
• information about what the legal consequences are for me/or __________
__________________/ may entail the processing of personal data;
(Full name of the
represented person)
• information on the measures used to protect personal data;
• _______________________________________________________________.
other.
Please send the response in writing /or/ electronically to the above address
within the time period specified by Federal Law No. 152-FZ of July 27, 2006 “On
Personal Data”.
Appendix: document confirming the authority of the representative.
“___” _________ 20___ _______________ ___________________________
(signature) (full name)
Standard form of request for clarification of inaccurate or changed personal data
To the General Director of the Limited Liability Company "EVO"
432042, Ulyanovsk region, Ulyanovsk city, Efremova st., 29, office
312/3
_____________________________________________________
(last name, first name, patronymic, general director)
_____________________________________________________
(last name, first name, patronymic of the applicant or legal representative)
_______________________________________ series ________
(name of identity document)
No. ___________ issued by
_____________________________________________________
___________ on “___” ________ 20___
(identity document details)
registration (residence) address: ______________________
_____________________________________________________
Email address: _____________________________
telephone:
_____________________________________________
REQUEST
on clarification of inaccurate or changed personal data
Please clarify the data you are processing of mine /or
__________________________________________________________________
______________________/
(Full name of the person represented, year of birth, passport details)
personal data in accordance with the information: ______________________
__________________________________________________________________
___
(indicate updated personal data of the applicant or represented)
due to the fact that __________________________________________________.
(indicate the reason for clarifying personal data)
Please send the response in writing /or/ electronically to the above address
within the time period specified by Federal Law No. 152-FZ of July 27, 2006 “On
Personal Data”.
Appendix: document confirming the authority of the representative.
“___” _________ 20___ _______________ ___________________________
(signature) (full name)
Standard form of request for blocking personal data
To the General Director of the Limited Liability Company "EVO"
432042, Ulyanovsk region, Ulyanovsk city, Efremova st., 29, office
312/3
_____________________________________________________
(last name, first name, patronymic, general director)
_____________________________________________________
(last name, first name, patronymic of the applicant or legal representative)
_______________________________________ series ________
(name of identity document)
No. ___________ issued by
_____________________________________________________
___________ on “___” ________ 20___
(identity document details)
registration (residence) address: ______________________
_____________________________________________________
Email address: _____________________________
telephone:
_____________________________________________
REQUEST
about blocking personal data
Please block my
/or________________________________________________________________
_____________________/ processed by you
(Full name of the person represented, year of birth, passport details)
personal data: ________________________________________________
(indicate the personal data of the applicant or represented person to be blocked)
for a period of ___________________, due to the fact that
_______________________
(specify the blocking period) (specify the reason for blocking)
Please send the response in writing /or/ electronically to the above address
within the time period specified by Federal Law No. 152-FZ of July 27, 2006 “On
Personal Data”.
Appendix: document confirming the authority of the representative.
“___” _________ 20___ _______________ ___________________________
(signature) (full name)
Standard form of request for termination of processing and destruction of personal data
To the General Director of the Limited Liability Company "EVO"
432042, Ulyanovsk region, Ulyanovsk city, Efremova st., 29, office
312/3
_____________________________________________________
(last name, first name, patronymic, general director)
_____________________________________________________
(last name, first name, patronymic of the applicant or legal representative)
_______________________________________ series ________
(name of identity document)
No. ___________ issued by
_____________________________________________________
___________ on “___” ________ 20___
(identity document details)
registration (residence) address: ______________________
_____________________________________________________
Email address: _____________________________
telephone:
_____________________________________________
REQUEST
on termination of processing and destruction of personal data
Please stop processing and destroy my /or
________________________________________________________________/
data that you are processing.
(Full name of the person represented, year of birth, passport details)
personal data: ________________________________________________,
(indicate the personal data of the applicant or represented person to be destroyed)
due to the fact that ___________________________________________________.
(indicate the reason for termination of processing and destruction of personal data)
Please send the response in writing /or/ electronically to the above address
within the time period specified by Federal Law No. 152-FZ of July 27, 2006 “On
Personal Data”.
Appendix: document confirming the authority of the representative.
“___” _________ 20___ _______________ ___________________________
(signature) (full name
