1. GENERAL PROVISIONS This Personal Data Processing Policy (hereinafter “Policy”) was developed in line with the Federal Law No. 152-FZ "On Personal Data" (hereinafter “Law”) in order to set forth the terms and conditions pursuant to which TEAM FORCE Company Group (hereinafter “Operator”) shall process personal data as well as undertake measures aimed at protection of personal data. 1.1. The Operator shall process personal data upholding the rights and legitimate interests of citizens including the right to inviolability of private life, personal or family secrets. 1.2. The Policy shall apply to the personal data that identified or identifiable individuals provide to Operator when using the website owned and administered by the Operator https://smartstaffing.ru/.
2. DEFINITIONS 2.1. “Automatic processing” shall mean computer-assisted processing of personal data. 2.2. “Blocking” shall mean a temporary cessation of personal data processing (except where processing is necessary to specify personal data). 2.3. “Website” shall mean a publicly available set of data and information as well as computing programs and databases that make up a website administered by Operator under its name with web address https://smartstaffing.ru/. 2.4. “Information system” shall mean structured set of personal data stored in the databases as well as information technologies and technical means carrying out their processing. 2.5. “Depersonalization” shall mean actions that make it impossible to establish a connection between personal data and the User or a specific data subject without resorting to using additional information. 2.6. “Personal data processing” shall mean any operation taken with personal data, including without limitation collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction, using automated or non-automated means. 2.7. “Operator” shall mean an entity who, separately or jointly with other entities, arranges and/or carries out personal data processing, as well as determines the purposes of personal data processing, scope of personal data to be processed, and operations to be taken with personal data. 2.8. “Personal data” shall mean any information relating to an identified or identifiable User of the website https://smartstaffing.ru/. 2.9. “Publicly available personal data” shall mean personal data for processing of which the User gives consent to Operator and therefore agrees on such data becoming publicly available pursuant to the procedure prescribed by the Law. 2.10. “User” shall mean any individual who accesses the website https://smartstaffing.ru/. 2.11. “Disclosure” shall mean actions related to making the data available to a definite person or a definite range of persons. 2.12. “Distribution” shall mean actions related to making the personal data available to indefinite range of persons, including without limitations publishing such data in the media and posting it on the Internet. 2.13. “Transborder data flow” shall mean disclosure of personal data to a foreign authority, foreign natural or legal persons. 2.14 “Destruction” shall mean actions performed on personal data contained in the respective database that prevent such data from being restored and/or actions aimed at the physical destruction of the tangible medium of personal data.
3. OPERATOR’S RIGHTS AND OBLIGATIONS 3.1. The Operator shall have the right to: – obtain, on request, accurate information and/or documents containing personal data provided by Users; – after receiving the User’s consent for processing of personal data, pursue such processing without the further consent on the grounds indicated in the Law; – determine the procedure and conditions for ensuring the sufficient fulfillment of its obligations under the Law as well as under legal acts adopted pursuant to it, unless otherwise provided by the Law. 3.2. The Operator shall: – provide, upon request, information regarding the processing of the personal data to the User; – process personal data in accordance with the established rules and regulations under the existing laws; – respond to Users’ and/or their legal representatives’ requests and questions in accordance with the Law; – provide, upon request, information to Data Protection Authorities within 30 days after the receipt of such request; – publish or otherwise provide the Policy in accessible formats; – implement legal, institutional and technical measures for the protection of personal data to prevent unauthorized or inadvertent access to it as well as its destruction, adaptation or alteration, blocking, collection, disclosure or distribution and other unlawful practices in its respect; – terminate any processing of personal data and destroy it in accordance with the Law; – execute other obligations pursuant to the Law.
4. USER’S RIGHTS AND OBLIGATIONS 4.1. Users shall have the right to: – receive information regarding the processing of the personal data except cases stipulated by law. The Operator provides such information in accessible formats while not disclosing personal data of the third parties without legitimate grounds for it. The list of information with conditions for obtaining it is established by the Law. – request refining, blocking or destruction of their personal data given that such data is incomplete, outdated, scattered, obtained illegally or not required to implement the stated objective of data processing, as well as take measures as stipulated by law to protect their rights; – impose conditions on the provision of personal data for the promotion of products and services; – consent to the processing of their personal data; – appeal to Data Protection Authorities or appeal in court against the Operator’s wrongful acts or omission in the processing of their personal data; – execute other rights pursuant to law. 4.2. Users shall: – provide accurate information to the Operator; – notify the Operator on charge of the personal data. 4.3. Users which provided inaccurate personal data or disclosed personal data of third parties to the Operator are liable in accordance with law.
5. PERSONAL DATA TO BE PROCESSED 5.1. The surname, first name and patronymic. 5.2. Electronic mail addresses. 5.3. Phone numbers. 5.4. Additionally, collection and processing of anonymized user data, including cookie files, takes place at the website by the means of analytics tools such as Yandex.Metrica, Google Analytics and others. 5.5. The above-mentioned data is hereinafter collectively referred to as “personal data”. 5.6. The Operator shall not process personal data related to race, nationality, political opinion, religion, philosophical belief or sex life. 5.7. The processing of publicly available personal data of the categories referred to above shall be permitted in the instances where the prohibitions and restrictions mentioned in part 1 of Article 10 of the Law are obeyed. 5.8. Consent to the processing of personal data shall be drawn up by separate agreement pursuant to part 1 of Article 10 of the Law. The content requirements are set by the Data Protection Authorities. 5.8.1 Consent to the processing of publicly available personal data shall be provided by the User to the Operator directly. 5.8.2 The Operator shall provide the User with the conditions of publicly available personal data processing within 3 days after the receipt of the User’s consent. 5.8.3. Disclosure (distribution, publishing) of publicly available personal data shall be terminated upon the request from the User. Such request shall include the User’s surname, first name, patronymic (if any), contact information (phone number, electronic mail addresses or post address) as well as personal data in question. The personal data provided in such request shall by processed by the Operator only. 5.8.4 Consent to the processing of publicly available personal data shall cease to be valid upon the receipt of the User’s request referred to in paragraph 5.8.3 of this Policy by the Operator.
6. PRINCIPLES OF PERSONAL DATA PROCESSING 6.1. Personal data shall be processed on a legal and equitable basis. 6.2. Personal data processing shall be restricted by achieving specific pre-determined and legal purposes. It is not allowed to process personal data for the purpose incompatible with that one of personal data collection. 6.3. It is not allowed to combine the data bases containing personal data to be processed for incompatible purposes. 6.4. There shall be processed only personal data that comply with the purposes of their processing. 6.5. The scope and character of personal data to be processed shall comply with the intended purposes of such data processing. The personal data to be processed shall not be irrelevant to the declared purposes of their processing. 6.6. In the course of personal data processing it shall be necessary to ensure the personal data accuracy, their sufficiency and in case of need their adequacy for processing purposes. The Operator shall take the required measures or ensure their adoption to delete or specify incomplete or inaccurate data. 6.7. Personal data shall be stored in a form that allows verification of the identity of personal data subjects only to the extent necessary for processing purposes unless the personal data storage time is not established by federal laws, agreements concluded with personal data subjects as a beneficiary or guarantor party. Personal data shall be destroyed or depersonalized upon achieving the set goals as well as when such goals cease to be relevant unless otherwise stipulated by federal laws.
7. PURPOSES OF PERSONAL DATA PROCESSING 7.1. Personal data shall be processed for the purpose of: – information provision to Users via e-mail; – securing, performing and terminating contracts and agreements under civil law; – allow Users to access services, information and/or contents available on the website https://smartstaffing.ru/. 7.2. The Operator may provide Users with newsletters about new products, services, special offers and relevant events via e-mail. The User may unsubscribe from such newsletters by sending a “Unsubscribe from newsletters” request via e-mail to email@example.com. 7.3. Depersonalized data shall be processed with the web analytics tools only with the purposes of collecting information on how users interact with content and services available through the website https://smartstaffing.ru/ as well as improving user experience.
8. LEGISLATIVE GROUNDS FOR PERSONAL DATA PROCESSING
9. CONDITIONS OF PERSONAL DATA PROCESSING 9.1. Personal data processing shall be carried out with the consent of the User to the processing of their personal data.
9.2. Personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or exercising and fulfilling functions, powers and obligations imposed on the Operator by the Russian Federation law. 9.3. Personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings. 9.4. Personal data processing is required for performance of a contract under which the User is a party, or for conclusion of an agreement on the initiative of the User under which the User shall be a beneficiary or surety. 9.5. Personal data processing is required for implementation of the rights and legitimate interests of the Operator or third parties or for the attainment of socially significant objectives, provided that this not cause the rights and freedoms of the User to be violated. 9.6. Public access to the personal data being processed has been granted by or at the request of the User. 9.7. Personal data processing is required for publication or compulsory disclosure in accordance with federal laws.
10. PROCEDURES FOR COLLECTION, STORAGE AND DISTRIBUTION OF PERSONAL DATA The Pperator shall be obliged, when processing data, to take or arrange for the taking of such legal, organizational and technical measures as are necessary to protect personal data against unlawful actions in relation to personal data.
10.1. The Operator shall apply security measures to prevent unauthorized access to personal data. 10.2. Personal data shall not, under any circumstances, be disclosed to third parties unless otherwise stipulated by federal laws and/or unless the disclosure of such data is required for the performance of the User’s obligations under a contract and the consent for such disclosure has been given by the User to the Operator. 10.3. In order to rectify any inaccuracies, the User may provide updates to their earlier personal data submissions by sending them via e-mail to firstname.lastname@example.org with the subject “Personal data update”. 10.4. The time for personal data processing is defined in accordance with the stated processing purposes unless otherwise stipulated by laws or agreements. Consent to the processing of personal data may be withdrawn by the User at any time by sending such request via e-mail to email@example.com with the subject “Withdrawal of the data processing consent”. 10.5. All data collected by service providers, including without limitation payment systems, commercial communication and other providers, shall be stored and processed by the Operator in accordance with the Policy. The User shall read and accept the terms of the Policy before submitting their personal data. The Operator shall not be liable for actions of the third parties, including without limitation the service providers specified in this paragraph. 10.6. The User may provide conditions for the processing of their personal data (transfer, processing, disclosure, etc., with the exception of access) unless such processing is carried out for the purposes of national defence, state security and the maintenance of public order enforceable in accordance with the legislation of the Russian Federation. 10.7. The Operator shall ensure the confidentiality of personal data. 10.8. Personal data shall be stored in a form that allows verification of the identity of the Users only to the extent necessary for processing purposes unless the personal data storage time is not established by federal laws and/or agreements concluded with the Users. 10.9. Personal data processing shall be terminated upon achieving the set goals, expiration date of the User’s consent or its withdrawal as well as in the event that personal data is found to be unlawfully processed.
11. PERSONAL DATA PROCESSING 11.1. The Operator shall collect, record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose by transmission, dissemination or otherwise make available, restrict, erase or destruct personal data in accordance with the Policy. 11.2. The Operator shall process personal data using automated means with receiving and/or transferring such data via a telecommunication network of information in accordance with the Policy.
12. TRANSBORDER FLOW OF PERSONAL DATA 12.1. The Operator shall be obliged to satisfy itself that the foreign state into whose territory personal data is to be transferred provides adequate protection of the Users’ rights before commencing the transborder transfer of personal data. 12.2. The transborder transfer of personal data into the territories of foreign states which do not provide an adequate protection of the Users’ rights may be carried out in the event when the personal User has given his/her consent to the transborder transfer their personal data or for the purpose of the performance of a contract to which the User is a party.
13. CONFIDENTIALITY OF PERSONAL DATA The Operator shall be obliged to refrain from disclosing to third parties or disseminating those personal data without the User’s consent, unless otherwise stipulated by federal laws.
14. FINAL PROVISIONS 14.1. The User may get any clarifications or supplementary information by requesting such information via e-mail firstname.lastname@example.org. 14.2. This Policy is effective for an indefinite period of time. 14.3. The latest version of the Policy is available at https://smartstaffing.ru/.