skip to Main Content

1. GENERAL PROVISIONS

1.1. This document sets forth a personal data processing procedure and lays down a system of key principles applicable to personal data processing at IXCELLERATE LLC (hereinafter referred to as the “Company”).

1.2. This Policy applies to all transactions involving at the Company with personal data using automation tools or without use thereof.

1.3. This Policy shall be notified to and be binding on all persons authorized to process personal data at the Company and the persons involved in managing personal data processing and security processes at the Company.

1.4. Full access hereto shall be provided through the publication hereof on the Company’s website or by any other means.

1.5. This Policy has been developed in accordance with Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

1.6. This Policy shall be updated upon:

– a change in the RF legislation on personal data (PD);

– identification of non-compliances affecting the PD processing and (or) security by a PD processing and (or) security compliance review;

– a decision of the Company’s management.

2. INTRODUCTION

2.1. Pursuant to subclause 2, article 3 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, the Company is a controller, i.e. a legal entity that in-house organizes and (or) performs the processing of personal data, as well as determining the purposes of personal data processing, the scope of the personal data to be processed and the actions (operations) involving personal data.

2.2. An important aspect of the Company’s business operations is ensuring the rights and freedoms of an individual and a national, the data subject, in the context of processing of his personal data.

2.3. The Company has developed and put in place bylaws and documents that set out personal data processing and security arrangements to ensure compliance with the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation.

3. PRINCIPLES AND ARRANGEMENTS FOR IN-HOUSE PERSONAL DATA PROCESSING

3.1. As a controller, the Company processes the data of the following subjects:

– job applicants (candidates), to the extent and for as long as it is necessary for the Company to review the candidate and make a decision on hiring the person involved, with the consent of the data subject;

– the Company’s staff, to the extent and for as long as it is necessary to achieve the RF statutory goals, to perform and carry out the functions, powers and duties assigned to the Company as an employer by the RF legislation, and specifically to execute, perform, amend and terminate the employment contract to which the PD subject is a party, including assistance in training and promotion and personal safety and security of employees, monitoring the quantity and quality of the work performed, safekeeping of property, assessment and payment of remuneration and other benefits, assessment and payment of taxes and insurance charges, and to provide the staff with additional entitlements, benefits and allowances, with the consent of the data subject;

– relatives of the Company’s employees, to the extent and for as long as it is necessary to achieve the RF statutory goals and to perform and carry out the functions, powers and duties assigned to the Company by the RF legislation;

– independent contractors, to the extent and for as long as it is necessary to execute, perform, amend and terminate the contract to which the PD subject is a party; to achieve the RF statutory purposes and to perform and carry out the duties assigned to the Company by the RF legislation;

– supplier representatives, to the extent and for as long as it is necessary to execute, perform, amend and terminate the contract to which the PD subject is a party or beneficiary, hold and bid in tendering exercises, conduct negotiations with a view to executing, performing, amending or terminating any contracts, whatever the outcome of such negotiations, and exercise a proper degree of prudence in choosing a counterparty (including a counterparty vetting process); to achieve the RF statutory purposes, to perform and carry out the functions, powers and duties assigned to the Company by the RF legislation;

– partner representatives, to the extent and for as long as it is necessary to execute, perform, amend and terminate the contract to which the PD subject is a party or beneficiary, conduct negotiations with a view to executing, performing, amending or terminating any contracts, whatever the outcome of such negotiations, to achieve the RF statutory purposes, to perform and carry out the duties assigned to the Company by the RF legislation, to provide informational support and services through the Internet;

– customer representatives, to the extent and for as long as it is necessary to execute, perform, amend and terminate the contract to which the PD subject is a party or beneficiary; to conduct negotiations with a view to executing, performing, amending or terminating any contracts, whatever the outcome of such negotiations, to achieve the RF statutory purposes, to perform and carry out the duties assigned to the Company by the RF legislation, to provide informational support and services through the Internet; to send out promotional and advertising mailshots and to issue a biometric card to access the Company’s premises;

– the users of the Company’s website, to the extent and for as long as it is necessary to provide informational support and services through the Internet with the consent of the data subject;

– visitors, to the extent and for as long as it is necessary to enable the PD subject to enter the Company’s premises with the consent of the data subject;

– representatives of the competent authorities, to the extent and for as long as it is necessary to achieve the RF statutory purposes, to perform and carry out the functions, powers and duties assigned to the Company by the RF legislation and to generate responses to enquiries from the competent authorities;

3.2. The time frame of personal data processing is determined with due regard to:

– the established purposes of personal data processing;

– the lives of the contracts with the data subjects and the consents of the data subjects to the processing of their personal data;

– the time limits set by the Federal Archival Agency of Russia Order of 20.12.2019, No. 236, “On approving a List of standard administrative archival documents generated in the course of the activities of central and local governments and organizations, with storage periods specified”, as well as other RF laws and regulations;

– the documentation storage periods prescribed by the Company’s bylaws;

– liquidation and reorganization of the Company.

3.3. When personal data are processed, it is made sure that they are accurate, sufficient and, where necessary, also relevant to the purposes of personal data processing.

3.4. The Company does not release personal data into the public domain.

3.5. The Company does not set up public domain sources of the PD of PD subjects.

3.6. The Company does not engage in the processing of special categories of personal data.

3.7. The Company does not perform the processing of criminal records.

3.8. The Company performs the processing of biometric data. In this context, the Company complies with all the requirements for the processing of biometric data that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

3.9. The Company performs cross-border transfer of personal data. In this context, the Company complies with all the requirements for the cross-border transfer of personal data that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

3.10. The Company performs the processing of personal data with a view of promoting the Company’s goods, works and services in the market by engaging in direct contacts with the data subject using communication technology. In so doing, the Company complies with all the requirements for personal data processing with a view of promoting goods, works and services that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

3.11. The Company does not engage in the processing of personal data for purposes of propaganda.

3.12. The Company does not make decisions that may have legal implications for the data subject or otherwise affect his rights and legitimate interests based solely on automated processing of personal data.

3.13. The Company outsources the processing of personal data. In this context, the Company complies with all the requirements for the outsourcing of personal data processing that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

3.14. The Company performs the processing of personal data with and without automation tools. In this context, the Company complies with all the requirements for automated and non-automated personal data processing that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation.

4. THE RIGHTS OF THE SUBJECTS OF PERSONAL DATA PROCESSED BY THE COMPANY

4.1. The data subject is entitled to receive information pertaining to the processing of his personal data. To obtain said information, the data subject can send a written enquiry to the following address: No. 33G Altufyevskoye shosse, 127410 Moscow, attention: HR Director, following the procedure laid down in art. 14 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

4.2. The data subject shall be entitled to demand that the Company update, block or destroy his personal data where the personal data are incomplete, outdated, inaccurate, illegally obtained or not required for the stated purpose of processing. To obtain compliance with said demands, the data subject can send a written enquiry to the following address: No. 33G Altufyevskoye shosse, 127410 Moscow, attention: HR Director, following the procedure laid down in art. 21 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

5. PERFORMANCE OF CONTROLLER’S DUTIES BY THE COMPANY

5.1. The Company obtains personal data from data subjects, from third parties (persons other than data subjects) and from public domain sources of personal data (including through the Internet). In this context, the Company performs the duties imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, during personal data collection.

5.2. The Company discontinues the processing of personal data in the following situations:

– upon achieving the purposes of processing thereof, or where the achievement thereof is no longer required;

– upon request from the data subject if the personal data being processed by the Company are incomplete, outdated, inaccurate, illegally obtained or are not required for the stated purpose of processing;

– in the event that irregularities are discovered in personal data processing if it is impossible to make the processing of personal data legal;

– in the event that the data subject withdraws consent to the processing of his personal data (where personal data are processed by the Company pursuant to the data subject’s consent);

– the reasons for the personal data processing no longer apply unless otherwise provided for by the federal law;

– in the event of liquidation of the Company;

– in the event of reorganization (as necessary).

5.3. To enable the performance of the duties imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, the Company has put in place the following measures:

– there has been appointed a personal data processing manager;

– there have been published bylaws on personal data processing and security, as well as bylaws establishing procedures to prevent and detect breaches of the RF legislation and to initiate remedial action:

§ Personal Data Processing Policy;

§ Personal Data Security Management Policy;

§ other bylaws on personal data processing and security.

– legal, organizational and technical measures have been implemented to ensure the security of personal data;

– internal monitoring is conducted for compliance of personal data processing with the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, with this Policy and with the Company’s bylaws;

– an assessment has been made of the harm that can be caused to data subjects in the event of non-compliance with the requirements of the federal legislation on personal data, a comparison has been made between said harm and the measures being adopted by the Company in furtherance of the duties stemming from the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation;

– the Company’s personal data operators have been briefed on the provisions of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, this Policy and the Company’s bylaws on personal data processing.

6. BUSINESS PROCESS DIAGRAM

Not applicable hereto.

7. FURTHER GUIDELINES ON INTERNAL PROCEDURES AND BUSINESS PROCESSES

Not applicable hereto.

8. TEMPLATES AND MODEL DOCUMENTS USED IN BUSINESS PROCESSES

Not applicable hereto.

Back To Top