Originals of the documents
“APPROVED”
Sole Proprietor
Utkina K. S.
“01” January 2021
This Personal Data Processing Policy is prepared pursuant to the Constitution of the Russian Federation; Federal Law No. 160-FZ of 19 December 2005 “On the Ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data”; Federal Law No. 152-FZ of 27 July 2006 “On Personal Data”; the Labour Code of the Russian Federation; Federal Law No. 149-FZ of 27 July 2006 “On Information, Information Technologies and the Protection of Information”; Resolution of the Government of the Russian Federation No. 1119 of 1 November 2012 (on approval of requirements for the protection of personal data during their processing in personal data information systems); Resolution of the Government of the Russian Federation No. 687 of 15 September 2008 “On approval of the Regulation on specific features of personal data processing carried out without the use of automation tools.”
The Policy is intended to ensure the rights of employees of Sole Proprietor Utkina K. S., as well as other persons, when their personal data are processed.
Automated processing of personal data — processing of personal data using computing facilities.
Biometric personal data — information describing a person’s physiological and biological characteristics which can be used to establish their identity.
Blocking of personal data — a temporary suspension of personal data processing (except where processing is required to clarify personal data).
Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.
Non-automated processing of personal data — processing carried out without the use of automation tools.
Depersonalisation of personal data — actions that make it impossible, without additional information, to determine whether personal data belong to a specific personal data subject.
Processing of personal data — any action (operation) or set of actions performed with or without the use of automation tools, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution), depersonalisation, blocking, deletion, destruction.
Personal data operator (operator) — an individual who organises and carries out the processing of personal data and also determines the purposes of processing, the composition of personal data to be processed, and the actions performed with personal data.
Personal data — any information relating directly or indirectly to an identified or identifiable individual (personal data subject).
Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons.
Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or foreign legal entity.
Destruction of personal data — actions resulting in the impossibility of restoring the content of personal data in a personal data information system and/or the destruction of tangible media containing personal data.
1.1. This Policy defines the purposes and principles of personal data processing by Sole Proprietor Utkina K. S. (hereinafter, the “Entrepreneur”), as well as the basic mechanisms for protecting personal data.
2.1. The Entrepreneur processes personal data for the following purposes:
organisation of HR, accounting and tax records, and records of payers of insurance contributions to comply with the laws of the Russian Federation;
training of the Entrepreneur’s employees; ensuring their personal safety; monitoring the quantity and quality of work performed by employees;
confirming information about employees of the Entrepreneur upon requests from state authorities;
sending news mailings about new products and services, special offers and various events conducted by the Entrepreneur;
creating and developing consumer and sales markets in the field of textile products.
2.2. Personal data processing is based on the following principles:
lawfulness of the purposes and methods of processing and good faith;
consistency of processing purposes with the purposes predetermined and declared at the time of collection;
correspondence of the scope and nature of processed personal data and the processing methods to the purposes of processing;
accuracy, relevance and sufficiency of personal data for the purposes of processing;
inadmissibility of processing data excessive for the purposes of collection;
legitimacy of organisational and technical measures ensuring personal data security;
continuous improvement of employees’ knowledge in the field of personal data security;
commitment to continuous improvement of the personal data protection system.
3.1. The legal grounds for processing personal data are:
the personal data subject’s consent to the processing of their personal data;
contracts concluded between the Entrepreneur and counterparties;
legislation of the Russian Federation.
4.1. The Entrepreneur processes personal data of the following categories of subjects:
employees of the Entrepreneur;
individuals who are in contractual or other civil-law relations with the Entrepreneur;
data of visitors to the website located at https://linen-life.ru/legal-notice, which are automatically transmitted in the course of use via the software installed on the User’s device, including IP address, cookie data, information about the User’s browser (or other program used to access the site), technical characteristics of the User’s hardware and software, date and time of access, the User’s location, addresses of requested pages and other similar information.
4.2. The Entrepreneur does not process personal data relating to race or nationality, philosophical beliefs, intimate life, state of health, political opinions or religious beliefs.
4.3. The Entrepreneur does not process biometric personal data.
5.1. The Entrepreneur may process the following personal data of a personal data subject:
surname, first name, patronymic;
place and date of birth;
registered address;
actual residential address;
passport details;
information on marital status and family composition;
education information;
taxpayer registration information (TIN);
information about employment history prior to hiring;
email address;
phone numbers.
5.2. Without the personal data subject’s consent, the Entrepreneur does not disclose or distribute personal data to third parties unless otherwise required by the laws of the Russian Federation.
5.2. The Entrepreneur processes personal data by automated means.
5.3. The Entrepreneur ceases processing personal data in the following cases:
achievement of the purposes of processing;
expiry of the consent term or withdrawal of consent by the personal data subject;
detection of unlawful processing of personal data;
termination of the Entrepreneur’s activity.
5.5. The Entrepreneur does not carry out cross-border transfer of personal data.
6.1. In accordance with identified current threats, the Entrepreneur applies necessary and sufficient organisational and technical measures, including the use of information security tools, detection of unauthorised access, restoration of personal data, establishment of rules for access to personal data, as well as monitoring and evaluation of the effectiveness of the measures used.
6.2. The Entrepreneur implements the following organisational measures:
designation of a person responsible for organising the processing and ensuring the security of personal data;
internal control over compliance of processing with personal data protection requirements;
assessment of potential harm to personal data subjects and identification of current threats to personal data security.
7.1. A personal data subject has the right to withdraw consent to the processing of personal data by sending a corresponding request to the Entrepreneur at linenlifell@gmail.com with the note “Withdrawal of consent to personal data processing,” or by applying in person.
7.2. A personal data subject has the right to obtain information regarding the processing of their personal data, including:
confirmation that the Entrepreneur processes personal data;
legal grounds and purposes of processing;
purposes and methods of processing used by the Entrepreneur;
the Entrepreneur’s name and location, and information about persons (except the Entrepreneur’s employees) who have access to personal data or to whom personal data may be disclosed under a contract with the Entrepreneur or by federal law;
the personal data being processed that relate to the respective subject, and the source of their receipt, unless a different procedure is provided by federal law;
time limits for personal data processing;
other information provided for by Federal Law “On Personal Data” or other federal laws.
7.3. A personal data subject has the right to demand that the Entrepreneur clarify, block or destroy their personal data if such data are incomplete, outdated, inaccurate, obtained unlawfully or are not necessary for the declared purpose of processing, as well as to take legal measures to protect their rights.
7.3.1. If inaccuracies in personal data are identified, the subject may update them independently by sending a notice to the Entrepreneur at linenlifell@gmail.com with the note “Personal data update.”
7.4. If a personal data subject believes that the Entrepreneur is processing their personal data in violation of Federal Law “On Personal Data” or otherwise infringes their rights and freedoms, the subject may lodge a complaint with the authorised body for the protection of personal data subjects’ rights (the Federal Service for Supervision of Communications, Information Technology and Mass Media — Roskomnadzor) or in court.
8.1. If you have questions related to the processing of your personal data by the Entrepreneur, you may send a request to linenlifell@gmail.com.