Data Processing Policy JSK MUMT
1. General Provisions
1.1. This Policy (hereinafter referred to as the Policy ) defines the general principles and procedure for processing personal data and measures to ensure their security in the Joint Stock Company “International Tobacco Marketing Services” (hereinafter referred to as the Company).
1.2. The purpose of the Policy is to ensure the protection of the rights and freedoms of a person and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets, strict and strict compliance with the requirements of the legislation of the Russian Federation and international treaties of the Russian Federation in the field of personal data.
1.3. The policy has been developed in accordance with the provisions of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", other legislative and regulatory legal acts (hereinafter referred to as legislation), determining the procedure for working with personal data and requirements for ensuring their security.
1.4. The following terms are used in the Policy:
- automated processing of personal data – processing of personal data using computer technology;
- personal data base – an ordered array of personal data, independent of the type of material carrier of information and the means of its processing used (archives, card files, electronic databases);
- biometric personal data – information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established and which is used by the operator to establish the identity of the subject of personal data;
- blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
- data center – a specialized organization providing services for the placement of server and network equipment, leasing of servers (including virtual ones), and also for connecting to the Internet;
- access to personal data – familiarization of certain persons (including employees) with the personal data of subjects processed by the Company, subject to maintaining the confidentiality of this information;
- personal data information system – a set of personal data contained in databases and the information technologies and technical means that ensure their processing;
- use of personal data – actions (operations) with personal data performed by the operator for the purpose of making decisions and/or performing other actions that generate legal consequences in relation to the subject of personal data or other persons, or otherwise affect the rights and freedoms of the subject of personal data or other persons;
- counterparty – a party to an agreement with the Company that is not an employee of the Company;
- confidentiality of personal data – the obligation of persons who have gained access to personal data not to disclose it to third parties and not to distribute personal data without the consent of the subject of the personal data, unless otherwise provided by law;
- Cloud computing infrastructure is a shared pool of configurable computing resources (data networks, servers, storage devices, applications, and services, either individually or collectively) that are widely and conveniently accessible over the network on demand and that can be quickly provisioned and released with minimal operational costs or service provider requests, and that have five key properties: on-demand self-service; universal network access; resource pooling; elasticity; consumption metering;
- processing of personal data – any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- publicly available personal data – personal data, access to which by an unlimited number of persons is granted by the subject of personal data either at his request or on the basis of his consent, as well as data that are subject to mandatory disclosure or publication in accordance with federal law;
- operator – a state body, municipal body, legal entity or individual that independently or jointly with other persons organizes and (or) carries out the processing of personal data, and also determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data; in the Policy, the operator means the Company, unless otherwise specifically indicated;
- personal data – any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);
- personal data permitted by the subject of personal data to be distributed – personal data, access to which by an unlimited number of persons is granted by the subject of personal data by giving consent to the processing of personal data permitted by the subject of personal data to be distributed in the manner prescribed by the Federal Law “On Personal Data”;
- provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
- dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
- Roskomnadzor is the Federal Service for Supervision of Communications, Information Technology and Mass Media, which is entrusted with the functions of the authorized body for the protection of the rights of personal data subjects, as well as the functions of federal state control (supervision) over the compliance of personal data processing with the requirements of the legislation of the Russian Federation in the field of personal data;
- special categories of personal data – information relating to race, nationality, political views, religious or philosophical beliefs, health status;
- subject of personal data – an individual to whom the personal data relates;
- cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign government body, a foreign individual or a foreign legal entity;
- destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;