EN
1. General Provisions.
1.1. This Personal Data Processing Policy (hereinafter – the PD Processing Policy) of LLC "SI Metria Logistic" (hereinafter – the Operator), INN 6678056570, located at: https://seametria.ru/politic/,
is developed in accordance with the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, the Decree of the Government of the Russian Federation No. 1119 of 01.11.2012 “On approval of requirements for the protection of personal data during their processing in personal data information systems”, as well as other federal laws and regulatory legal acts.
1.2. The Policy has been developed in accordance with the requirements of the Constitution of the Russian Federation, legislative and other regulatory acts of the Russian Federation in the field of personal data.
1.3. The PD Processing Policy is aimed at ensuring the protection of the rights and freedoms of personal data subjects during the processing of their personal data (hereinafter – PD).
1.4. The provisions of this Policy form the basis for creating local regulatory acts governing, within Seametria, the processing of personal data of employees and other personal data subjects.
2. Purposes of Processing Personal Data.
Personal data is processed by the Operator for the following purposes:
1) Fulfilment of functions, powers, and obligations imposed on the Operator by the legislation of the Russian Federation, including:
– compliance with labor and tax legislation;
– maintaining accounting and tax records, preparing and submitting accounting, tax, and statistical reports;
– compliance with legislation regarding the processing and protection of PD of individuals who are clients or contractors of Seametria (hereinafter – personal data subjects).
2) Exercising the rights and legitimate interests of Seametria within its statutory activities or the rights of third parties, as well as for achieving socially significant objectives.
3) For other lawful purposes.
3. Legal Basis for Processing Personal Data.
Personal data is processed based on the following laws and regulatory acts:
1) Constitution of the Russian Federation;
2) Labor Code of the Russian Federation;
3) Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”;
4) Federal Law No. 149-FZ “On Information, Information Technologies and Information Protection” of July 27, 2006;
5) Regulation on the specifics of personal data processing carried out without automation tools (approved by Government Decree No. 687 of September 15, 2008);
6) Government Decree No. 1119 of November 1, 2012 on requirements for the protection of personal data during their processing in information systems;
7) Order of FSTEC No. 55, FSB No. 86, Ministry of Communications No. 20 of February 13, 2008 “On Approval of the Procedure for Classifying Personal Data Information Systems”;
8) Order of FSTEC No. 21 of February 18, 2013 “On Approval of Organizational and Technical Measures to Ensure the Security of Personal Data in Personal Data Information Systems”;
9) Roskomnadzor Order No. 996 of September 5, 2013 “On Approval of Requirements and Methods for Depersonalizing Personal Data”;
10) Order of the Federal Tax Service No. ММВ-7-3/611 of November 17, 2010 “On Approval of the Form of Information on Income of Individuals, Recommendations for its Completion, and the Format of Submitting Such Information Electronically”.
11) Other regulatory legal acts and documents of authorized state bodies.
4. List of Actions with Personal Data.
When processing personal data, the Operator performs the following actions: collection, recording, systematization, accumulation, storage, clarification (updating or modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
5. Categories of Personal Data Processed.
5.1. The Operator processes PD of the following categories of personal data subjects:
– Operator’s employees;
– clients;
– contractors;
– individuals who contacted the Operator in accordance with the Federal Law “On the Procedure for Considering Appeals of Citizens of the Russian Federation”.
5.2. The scope of PD for each category listed in clause 5.1 is determined in accordance with the documents listed in Section 3, as well as internal documents issued for their implementation.
5.3. In cases provided by law, the personal data subject decides to provide their PD to the Operator and grants consent voluntarily and in their interest.
5.4. The Operator ensures that the content and volume of processed PD correspond to the stated purposes and takes measures to eliminate excessive information, if necessary.
5.5. Processing of special categories of personal data relating to race, nationality, political views, religion, philosophical beliefs, or private life is not carried out in Seametria.
6. Processing of Personal Data.
6.1. Personal data is processed in Seametria in the following ways:
• non-automated processing;
• automated processing with or without transmission over telecommunications networks;
• mixed processing.
7. Ensuring the Protection of Personal Data.
7.1. The Operator takes necessary and sufficient measures to fulfil obligations under Federal Law No. 152-FZ “On Personal Data”. These include:
– appointing a responsible person for organizing PD processing;
– issuing internal documents defining the Operator’s PD policy, local acts on PD processing, and procedures to prevent and detect violations;
– applying legal, organizational, and technical security measures;
– internal control or audit for compliance with PD legislation;
– assessing potential harm in case of violations and appropriate mitigation measures;
– familiarizing employees involved in PD processing with legal requirements and internal PD regulations.
7.2. The Operator protects PD against unauthorized or accidental access, destruction, modification, blocking, copying, distribution, or other unlawful actions.
8. Rights of the Personal Data Subject.
8.1. A personal data subject may request clarification, blocking, or destruction of their PD if it is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for stated purposes.
8.2. Information is provided to the subject or their representative upon request. The request must contain identity document details, proof of participation in relations with the Operator, or other evidence, and must be signed. An electronic request must include an electronic signature.
8.3. The Operator may deny a repeated request with justification.
8.4. The subject has the right to obtain information regarding:
– confirmation of PD processing;
– legal grounds and purposes;
– applied methods;
– name and location of the Operator, and persons having access to PD;
– processed PD and its source;
– processing and storage periods;
– rights under the PD Law;
– cross-border data transfer;
– name and address of a third-party PD processor (if applicable).
8.5. If a subject believes their rights are violated, they may file a complaint with the authority for the protection of personal data subjects or in court.
8.6. The subject has the right to compensation for losses or moral harm in court.