Privacy Policy

OPERATOR'S POLICY REGARDING PERSONAL DATA PROCESSING, ACCORDING TO THE PROCEDURE ESTABLISHED IN THE FEDERAL LAW NO 152-FZ OF JULY 27,2006 «ON PERSONAL DATA»

1. General Provisions

1.1. Autonomous Non-profit Organization "Information and Publishing Center "Statistics of Russia", being a personal data operator, processes personal data of personal data subjects.

1.2. The operator’s policy regarding the processing of personal data (hereinafter referred to as the “Policy”) applies to all information that the operator may receive from a personal data subject.

2. Basic terms

2.1. For the purposes of the Policy, the following basic terms are used:

personal data - any information referring directly or indirectly to a particular or identified private entity (data subject);

personal data operator – the state body, municipal body, legal entity or private entity that, independently or in conjunction with other entities, organizes and (or) processes personal data and defines purposes of personal data processing, personal data contents to be processed, and procedures (operations) to be applied to personal data;

personal data processing - any procedure (operation) or combination of procedures (operations) related to personal data, carried out with the use of automation technologies or without them. Personal data processing includes:

collecting;
recording;
classifying;
accumulating;
storing;
clarifying (updating, changing);
extracting;
using;
transmitting (spreading, providing, accessing);
depersonalizing;
blocking;
deleting;
erasing.

automated personal data processing - processing of personal data with the use of computer engineering means;

personal data spreading - procedures purposed for personal data disclosing to an indefinite range of individuals;

personal data provision - procedures purposed for disclosing personal data to a certain individual or certain group of individuals;

personal data blocking - temporal interruption of personal data processing (apart from the cases when processing is required for personal data clarification);

personal data erasing - procedures, by which it will be impossible to restore personal data contents, stored in the personal data information system and (or) by which personal data tangible media will be erased;

personal data depersonalization - procedures by which it is impossible to determine the true belonging of personal data to a certain personal data subject without the use of additional information;

personal data information system - a combination of personal data stored in databases and information technologies and technical means that ensure their processing;

cross-border transfer of personal data - handover of personal data to a territory of a foreign state to a foreign legal authority, foreign individual, or foreign legal entity.

3. Personal data processing purposes

3.1. Processing personal data of personal data subjects is carried out solely to ensure compliance with laws and other regulations. Processing personal data that is incompatible with the purposes of collecting personal data is not permitted. The purposes of personal data processing may stem from the operator’s activities, purposes of the operator’s actual activities, as well as activities that are provided for by the operator’s constituent documents, and specific business processes of the operator in specific personal data information systems (by structural divisions (directions) of the operator and their procedures concerning certain categories of personal data subjects).

4. Legal grounds for personal data processing

4.1. The legal basis of personal data processing is a set of legal acts and other documents, in pursuance of which and by which the operator processes personal data, which, in particular, includes:

Constitution of the Russian Federation;

Labor Code of the Russian Federation;

Civil Code of the Russian Federation;

Federal Law No 152-FZ of July 27, 2006 «On personal data»;

Federal Law No. 149-FZ of July 27, 2006 «On information, information technologies and information protection»;

Law of the Russian Federation No 2124-1 of December 27, 1991 “On the mass media”;

Federal Law No 294-FZ of December 26, 2008 “On the protection of the rights of legal entities and individual entrepreneurs in the exercise of state control (supervision) and municipal control”;

Decree of the President of the Russian Federation No 188 of March 6, 1997 “On approval of the list of confidential information”;

Decree of the Government of the Russian Federation No 512 of July 6, 2008 “On the establishment of the requirements to tangible media of biometric personal data and storage technologies applicable to such data beyond personal data information systems”;

Decree of the Government of the Russian Federation No 687 as of September, 15th, 2008 “On the establishment of the Regulation on special aspects of personal data processing without the use of automation tools”;

Decree of the Government of the Russian Federation No 1119 of November 1, 2012 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;

Order of Roskomnadzor No 996 of September 5, 2013 “On approval of requirements and methods for anonymization of personal data”;

Order of the FSTEC of Russia No 21 of February 18, 2013 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”;

operator's statutory documents;

agreements concluded between the operator and personal data subjects;

consent of personal data subjects to the processing of personal data;

other grounds when consent to the processing of personal data is not required by law.

5. Volume and content of personal data processed, categories of personal data subjects

5.1. Content and volume of personal data processed must correspond to the stated purposes of processing. Redundancy of the processed personal data in relation to the stated purposes of their processing is not allowed.

5.2. Categories of personal data subjects may include:

employees and former employees of the operator, candidates for vacant positions, as well as relatives of employees and former employees of the operator;

clients and counterparties of the operator (individuals);

representatives or employees of the operator’s clients and counterparties (legal entities);

other persons.

5.3. The operator may process the following personal data of personal data subjects:

last name, first name, and patronymic of the subject of personal data (including new last name, first name, patronymic if they change);

information about citizenship (including previous citizenships, and other citizenships)

year, day, month and place of birth;

gender;

photograph;

type, series, number of the document confirming the identity of a citizen, date of issuance, name of the authority that issued it;

address and date of registration at the place of residence (place of stay), address of actual place of residence;

contact telephone number or information about other methods of communication, including email address;

occupation

information about education (when and which educational, academic and other organizations he graduated from, numbers of educational documents, direction of training or speciality according to the educational document, qualifications);

academic degree, academic title;

series, number, date of issuance of the document on advanced training, retraining;

work position;

marital status and family composition;

information about relatives (wife (husband), including former ones, father, mother, adoptive parents, adopted children, full blood and half-blood (having a common father or mother) brothers and sisters, children), including a degree of relationship, last name, first name, patronymic, day, month, year and place of birth, citizenship, place of work, position, residential address, as well as where and when he arrived;

total working experience;

work experience in the relevant field;

social status;

information about proficiency in foreign languages, level of proficiency;

other personal data necessary to achieve the goals provided for in clause 3.1 of the Policy.

6. How personal data is collected, stored, transferred and other types of personal data processing

6.1 Operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.

6.2 Personal data of a personal data subject shall under no circumstances be transferred to third parties, except in compliance with the current Russian legislation.

6.3 If any inaccuracies are detected or changes are made to personal data, the personal data subject can update them by sending a notification to the operator via email.

6.4. When purposes of personal data processing are achieved, as well as in the event that a personal data subject withdraws the consent for personal data processing, personal data is subject to destruction:

— unless it is otherwise provided by the agreement where the personal data subject is a party, beneficiary or guarantor;

—if the operator has no right to process personal data without the consent from the personal data subject on the grounds stipulated by the Federal Law No 152-FZ of July 27, 2006 “On Personal Data” or other federal laws;

— unless otherwise provided by the agreement between the operator and the personal data subject.

7. Final provisions

7.1. The personal data subject can receive any clarification on issues of interest regarding the processing of his personal data by contacting the operator via email.

7.2. All relations relating to personal data processing that are not reflected in the Policy are regulated by the current legislation of the Russian Federation.

7.3. The Operator has the right to make changes to the Policy. When making changes to the current version, the date of the last update must be indicated. In case of significant changes, the personal data subject may be sent information to the e-mail address which he/she has provided.