LLC «Global Telecom» (hereinafter - the Company), within the framework of its main activity, processes personal data of various categories of subjects:
· candidates for employment in a vacant position;
· close relatives of candidates for employment in vacant positions and employees;
· executors, contractors and other persons who are parties to civil contracts (individuals, individual entrepreneurs);
· subscribers (individuals, individual entrepreneurs);
· persons authorized to conclude an agreement on the provision of communication services in the interests of a subscriber - a legal entity;
· persons using terminal equipment of subscriber - legal entity;
· authorized representatives of the subscriber - an individual;
· contact persons of counterparties;
· office visitors.
In accordance with the effective legislation of the Russian Federation, the Company is a personal data operator with relevant rights and obligations.
In order to maintain its business reputation and ensure compliance with the requirements of federal legislation, the Company considers the most important tasks to ensure the legitimacy of personal data processing in the Company's business processes and ensure the proper level of security of personal data processed in the Company.
When organizing and performing personal data processing, the Company is guided by the requirements of the Federal Law dated 27.07.2006 No. 152-FÇ "On Personal Data" and regulatory legal acts adopted in accordance with it (hereinafter - the legislation of the Russian Federation on personal data processing).
The processing of personal data in the Company is carried out on a legal and fair basis and is limited to the achievement of specific, predetermined and legitimate goals.
In accordance with the principles of personal data processing, the Company defines the goals of personal data processing:
review of the resume and selection of candidates for the vacant position for employment in the Company;
Obtaining additional information when reviewing resumes and selecting candidates for vacant positions in the Company;
· checking the integrity of a candidate for a vacant position prior to employment with the Company;
· conclusion, maintenance, modification, termination of employment contracts, which are the basis for the formation or termination of employment relations between the employee and the Company, as well as fulfillment of the Company's obligations stipulated by local regulations and labor contracts;
· the conclusion, modification, termination of contracts of a civil nature, which are the basis for the formation, change or termination of relations with the Company, as well as the fulfillment of the Company's obligations under civil contracts;
· the conclusion, maintenance, modification, termination of communication service agreements, which are the basis for the formation, change or termination of relations between the subscriber and the Company, as well as the fulfillment of the Company's obligations under the communication service agreements;
· performance of the Company's obligations under the effective laws of the Russian Federation;
· interaction with authorized persons in the framework of conclusion, maintenance, modification, termination of communication services agreements, which are the basis for the formation, change or termination of relations between the subscriber and the Company;
· pre-trial and judicial work;
· execution of requests of authorized state bodies and municipal bodies, including bodies of operational-search activity, as well as subjects of personal data;
· advertising and marketing activities, including third-party promotions and marketing activities;
· interaction with contact persons of counterparties in the process of conclusion, maintenance, modification, termination of contracts, which are the basis for the formation, change or termination of relations with the Company;
· organization of access and intra-facility regime on the territory of the Company's office (registration and registration of visitors).
Only personal data that meets the purposes of processing is subject to processing. Content and volume of personal data processed in the Company correspond to stated purposes of processing, redundancy of processed personal data is not allowed.
When processing personal data, the Company shall ensure the accuracy of personal data, its adequacy and, if necessary, relevance to the purposes of personal data processing. The Company shall take the necessary measures (ensuring their adoption) to delete or clarify incomplete or inaccurate personal data.
Personal data storage in the Company shall be carried out in a form that allows determining the subject of personal data, no longer than the purpose of personal data processing requires, if the term of personal data storage is not established by federal law or agreement to which the personal data subject is a party, beneficiary or guarantor. Personal data processed shall be destroyed or depersonalized upon achievement of the purposes of processing or in case of loss of the necessity to achieve these goals, unless otherwise provided by federal law.
The purposes of processing, composition and content of personal data, as well as the categories of personal data subjects whose data are processed in the Company, are contained in the notification of the Company on the processing of personal data sent to the authorized body for the protection of the rights of personal data subjects (Roskomnadzor), and are updated if they are changed.
The Company does not allow processing of categories of personal data related to race, nationality, political views, philosophical, religious beliefs, intimate life.
Processing of personal data concerning the health status of the Company's employees is permitted only in cases stipulated by labor legislation, including labor protection legislation, and legislation on social protection of persons with disabilities. The processing of such data is carried out without the use of automation tools. The Company shall not process personal data relating to the health of other categories of personal data subjects.
The Company processes biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) - photographs processed in an automated access control system in order to organize an appropriate pass and intra-object regime. Processing of these biometric personal data is carried out solely on the basis of the consent of the subjects received in writing.
The Company shall not make decisions based solely on automated processing of personal data that give rise to legal consequences in relation to the personal data subject or otherwise affect his rights and legitimate interests.
In the course of its activity, the Company may provide and/or entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law. At the same time, the obligation of the parties to maintain confidentiality and ensure the security of personal data during its processing is a prerequisite for providing and (or) ordering the processing of personal data to another person.
The Company undertakes and requires other persons who have gained access to personal data not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.
The Company shall not place personal data of the personal data subject in public sources without its prior consent.
In the course of its activity, the Company may cross-border transfer of personal data (transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign natural person or a foreign legal entity). At the same time, the issues of ensuring adequate protection of the rights of personal data subjects and ensuring the security of their personal data during cross-border transfer are the highest priority for the Company, the solution of which is implemented in accordance with the legislation of the Russian Federation on personal data processing.
The cross-border transfer of personal data to the territory of foreign states may be carried out for the purpose of fulfilling the contract to which the personal data subject is a party, as well as in other cases stipulated by law.
In order to ensure the security of personal data during its processing, the Company shall take the necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions against them.
LLC «Global Telecom» ensures that all measures implemented by the Company for organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on personal data processing.
In order to ensure adequate protection of personal data, the Company assesses the harm that may be caused to personal data subjects in case of violation of their personal data security, and also determines the current threats to personal data security during their processing in personal data information systems.
In accordance with the relevant threats identified, the Company shall apply the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including the use of information protection tools, detection of unauthorized access to personal data and taking measures, restoring personal data, restricting access to personal data, registering and recording actions with personal data, as well as monitoring and evaluating the effectiveness of the applied measures to ensure the security of personal data.
The Company's management understands the importance and necessity of ensuring the security of personal data and encourages continuous improvement of the system of protection of personal data processed within the framework of the Company's core activities.
The Company has appointed persons responsible for the organization of processing and ensuring the security of personal data.
Each new employee of the Company who directly processes personal data shall be aware of the requirements of the legislation of the Russian Federation on processing and ensuring the security of personal data, this Policy and other local acts of the Company on processing and ensuring the security of personal data and shall comply with them.