Media Panacea LLC PRIVACY POLICY
1. GENERAL
1.1. This document (hereinafter referred to as the Policy) defines the policy regarding the processing of personal data of Media Panacea LLC (hereinafter referred to as the Operator or the Company).
1.2. This Policy has been developed in pursuance of the requirements of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data”.
1.3. Concepts used in this Policy:
• Personal data – any information relating directly or indirectly to an identified or identifiable individual.
• Operator — Media Panacea LLC, independently and jointly with other persons processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
• Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
• Automated processing of personal data – processing of personal data using computer technology.
• Blocking of personal data – temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
• Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.
• Depersonalization of personal data – actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
• Personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing.
• Site – a set of graphic and informational materials, as well as computer programs and databases that ensure their availability on the Internet at the https://mediapanacea.ru.
• User – any visitor to the website https://mediapanacea.ru.
• Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
• Confidentiality of personal data – is a mandatory requirement for the Companies to prevent their intentional dissemination without the consent of the subject of personal data or other legal grounds.
• Cookies – are a small piece of data sent by a web server and stored on the user’s computer, which the web client or web browser sends to the web server in a request every time they try to open a page of the corresponding site.
1.4. This Policy applies to all operations performed by the Operator with personal data using automation tools or without their use.
2. RIGHTS AND OBLIGATIONS OF THE OPERATOR AND THE SUBJECT OF PERSONAL DATA
2.1. The Operator has the right:
• receive reliable information and/or documents containing personal data from the subject of personal data;
• require the subject of personal data to timely clarify the provided personal data.
2.2. The Operator is obliged:
• process personal data in the manner prescribed by the current legislation of the Russian Federation;
• consider appeals of the subject of personal data (his legal representative) on the processing of personal data and give reasoned answers;
• provide the subject of personal data (his legal representative) with the possibility of free access to his personal data;
• take measures to clarify, destruct the personal data of the subject of personal data in connection with his (his legal representative) appeal with legal and reasonable requirements;
• organize the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.
2.3. Subjects of personal data have the right to:
• full information about their personal data processed by the Operator;
• to have access to their personal data, including the right to receive a copy of any record containing their personal data, except the cases required by federal law;
• to clarify their personal data, their blocking or destruction in cases where personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
• to recall consent to the processing of personal data;
• to take legal action to protect their rights;
• to exercise other rights stipulated by the legislation of the Russian Federation.
2.4. Subjects of personal data are obliged to:
• provide the Operator with only reliable information about his/her personal data;
• provide documents containing personal data to the extent necessary for the purpose of processing;
• notify the Operator about the clarification (update, change) of their personal data.
3. PURPOSE OF COLLECTING PERSONAL DATA
3.1. Personal data is processed by the Operator for the following purposes:
• for the conclusion, execution, termination of civil law contracts;
• informing Users of the site about the news, services, events of the Company;
• granting access to the User to the services, information and/or materials contained on the Site;
• feedback from the subjects of personal data, including the processing of their requests and requests, informing about the operation of the Site;
• assistance to job seekers in finding employment in the Company;
• compliance with labor laws;
• conducting personnel and accounting records;
• compliance with tax laws;
• formation of statistical reporting;
• carrying out business activities of the Company;
• implementation of other functions, powers and obligations assigned to the Operator by the legislation of the Russian Federation.
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
4.1. The legal grounds for the processing of personal data by the Operator include:
• The Constitution of the Russian Federation;
• Labor Code of the Russian Federation;
• Civil Code of the Russian Federation;
• Federal Law of July 27, 2006 N 149-FZ “On Information, Information Technologies and Information Protection”;
• Law of the Russian Federation of December 27, 1991 N 2124-1 “On Mass Media”;
• Federal Law No. 294-FZ of December 26, 2008 “On the Protection of the Rights of Legal Entities and Individual Entrepreneurs in the Exercise of State Control (Supervision) and Municipal Control”;
• Decree of the President of the Russian Federation of March 6, 1997 N 188 “On approval of the list of information of a confidential nature”;
• Decree of the Government of the Russian Federation of July 6, 2008 N 512 “On Approval of Requirements for Material Carriers of Biometric Personal Data and Technologies for Storage of Such Data Outside Personal Data Information Systems”;
• Decree of the Government of the Russian Federation of September 15, 2008 N 687 “On Approval of the Regulations on the Specifics of Personal Data Processing without the Use of Automation Tools”;
• Decree of the Government of the Russian Federation of November 1, 2012 N 1119 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;
• Order of Roskomnadzor dated September 5, 2013 N 996 “On approval of requirements and methods for depersonalization of personal data”;
• Order of the FSTEC of Russia dated February 18, 2013 N 21 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”;
• Company Charter;
• agreements concluded between the Operator and subjects of personal data;
• consent of personal data subjects to the processing of personal data;
• other grounds when consent to the processing of personal data is not required by law.
5. CATEGORIES OF PERSONAL DATA SUBJECTS, VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA
5.1. Categories of subjects whose personal data is processed by the Operator:
• employees of the Company, relatives of employees;
• former employees;
• applicants;
• clients and counterparties of the Company (individuals);
• representatives/employees of the Company’s clients and counterparties (legal entities);
• Site visitors.
5.2. The operator processes the following personal data of employees:
• Full Name;
• Date of Birth;
• location;
• TIN;
• SNILS;
• details of an identity document;
• place of residence (address of permanent registration and registration at the place of stay);
• phone number;
• e-mail address;
• attitude to military duty;
• information about education, specialty;
• previous place(s) of employment;
• family status;
• bank account details;
• other information with which the employee considers it necessary to familiarize the Company
5.3. The operator processes the following personal data of employees’ relatives:
• Full Name;
• Date of Birth;
• relation degree;
• information about the identity document;
• phone number.
5.4. The operator processes the following personal data of former employees:
• Full Name;
• Date of Birth;
• location;
• TIN;
• SNILS;
• details of an identity document;
• place of residence (address of permanent registration and registration at the place of stay);
• phone number;
• e-mail address;
• attitude to military duty;
• information about education, specialty;
• previous place(s) of employment;
• family status;
• other information provided by the former employee to the Company.
5.5. The operator processes the following personal data of applicants:
• Full Name;
• Date of Birth;
• place of residence (region/city);
• phone number;
• e-mail address;
• information about education, specialty;
• previous place(s) of employment;
• other information with which the employee considers it necessary to familiarize the Company
5.6. The operator processes the following personal data of customers and counterparties (individuals):
• Full Name;
• details of an identity document;
• TIN;
• OGRNIP;
• SNILS;
• location;
• phone number;
• e-mail address;
• bank account details.
5.7. The Operator processes the following personal data of representatives/employees of the Company’s clients and contractors:
• Full Name;
• details of an identity document;
• phone number;
• e-mail address;
• position and name of the company.
5.8. The operator processes the following personal data of visitors to the Site:
• last name, first name;
• e-mail address;
• company name;
• country;
• other data that the User deems necessary to provide to the Operator;
• history of requests and views on the Site and its services;
• IP address;
• information from cookies;
• information about the browser (or other program that accesses the site);
• access time;
• visited page addresses;
• referrer (previous page address), etc.
5.9. The operator ensures that the content and scope of the processed personal data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.
5.10. The Operator processes biometric personal data subject to the written consent of the relevant subjects of personal data, as well as in other cases provided for by the legislation of the Russian Federation.
5.11. Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life is not carried out by the Operator.
5.12. There is no cross-border transfer of personal data by the Operator.
5.13. The operator, prior to the commencement of activities for the cross-border transfer of personal data, is obliged to notify the authorized body for the protection of the rights of subjects of personal data of his intention to carry out a cross-border transfer of personal data (such a notification is sent separately from the notification of the intention to process personal data).
Before submitting the above notification, the operator is obliged to obtain relevant information from the authorities of a foreign state, foreign individuals, foreign legal entities to whom the cross-border transfer of personal data is planned.
6. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA
6.1. The processing of personal data by the Operator is carried out in the following ways:
• manual processing of personal data;
• automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
• mixed processing of personal data.
6.2. The list of actions performed by the Operator with personal data: collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction, as well as the implementation of any other actions in accordance with the current the legislation of the Russian Federation.
6.3. The processing of personal data is carried out by the Operator on the basis of the obtained consent of the subject of personal data (hereinafter referred to as the Consent), except for the cases established by the legislation of the Russian Federation when the processing of personal data can be carried out without such Consent.
6.4. Consent is given in any form that allows you to confirm the fact of its receipt. In cases stipulated by the legislation of the Russian Federation, Consent is made in writing.
By granting Consent, the subject of personal data acts freely, by his own will and in his own interest.
When sending requests and (or) appeals through the Site, the User undertakes to accept the Consent.
6.5. The procedure for obtaining and processing personal data of employees, their relatives, former employees, applicants is reflected in the local regulations of the Company.
6.6. The procedure for collecting and processing personal data of clients and counterparties (individuals), as well as representatives/employees of clients and counterparties (legal entities) is reflected in the local regulations of the Company and contracts concluded with these persons.
6.7. Persons who have provided the Operator with false information about themselves or information about another subject of personal data without the consent of the latter, are liable in accordance with the legislation of the Russian Federation.
6.8. The Operator does not verify the accuracy of the personal data provided by the Users of the Site
6.9. The Operator does not control and is not responsible for the websites of third parties to which the User can follow the links available on this website.
6.10. The site https://mediapanacea.ru uses, in particular:
Google Analytics, Google policy can be found here
Yandex.Metrica, the Yandex policy can be found here
6.11. The condition for terminating the processing of personal data may be the achievement of the purposes of processing personal data, the expiration of the Consent or the withdrawal of Consent by the subject of personal data, as well as the identification of unlawful processing of personal data.
6.12. Consent may be withdrawn by a written notice sent to the Operator at the email address: hello@mediapanacea.ru.
The recall of consent must contain:
– name and address of the Operator;
– full name of the subject of personal data, his passport data and place of residence;
– the requirement to stop the processing of personal data;
– a list of data for which consent is recalled;
– date and signature of the personal data subject.
The response is sent in the form of a scanned copy of the document signed by the subject.
6.13. When processing personal data, the operator takes or ensures that the necessary legal, organizational and technical measures are taken to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
6.14. The storage of personal data is carried out:
– in a form that allows to identify the subject of personal data,
– in a form that excludes the joint storage of personal data for incompatible processing purposes,
– for a period not longer than required by the purposes of processing personal data, except when the period for storing personal data is established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor.
6.15. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
6.16. Period of storage of personal data:
– employees, their family members, former employees – within the terms established by the labor, archival and tax legislation of the Russian Federation;
– applicants – before the expiration of 30 days from the date of the decision on the employment of the candidate or within the period specified by the Consent;
– clients, counterparties (individuals), representatives/employees of clients and counterparties (legal entities) – within the time limits specified by agreements with these persons, but not less than the time limits established by the tax legislation of the Russian Federation;
– site visitors – until the expiration of 5 years from the end of their activity on the Site.
6.17. When storing personal data, the Operator uses databases located on the territory of the Russian Federation.
6.18. The operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
7. UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF PERSONAL DATA SUBJECTS FOR ACCESS TO PERSONAL DATA
7.1. When processing personal data, the Operator ensures their accuracy, sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data.
7.2. The fact of inaccuracy of personal data or the illegality of their processing can be established either by the subject of personal data or by the competent state bodies of the Russian Federation.
7.3. At the written request of the subject of personal data or his representative, the Operator is obliged, within 10 (Ten) days, to provide information on the processing of personal data of the specified subject carried out by him.
The request must contain: the name and address of the Operator, the data of the main document proving the identity of the subject of personal data and his representative, information on the date of issue of the specified document and the authority that issued it, information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion agreement, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator, the signature of the personal data subject or his representative.
The request may be sent in the form of a scanned image of a signed document to the Operator’s e-mail address: hello@mediapanacea.ru.
7.4. If the request of the subject of personal data does not contain all the necessary information or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
7.5. In the manner provided for in clause 7.3, the subject of personal data has the right to demand from the Operator the clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights. The request must also contain a request and specific personal data (their categories), which are subject to correction, destruction.
7.6. Within 10 (Ten) business days, the Operator responds to requests from personal data subjects and inspection bodies.
7.7. The User can receive any clarifications on issues of interest regarding the processing of his personal data, the content of this Policy by contacting the Operator via e-mail hello@mediapanacea.ru.
7.8. When the purposes of processing personal data are achieved, as well as if the subject of personal data recalls Consent, personal data is subject to destruction if:
• The operator is not entitled to process without the Consent of the subject of personal data;
• otherwise, is not provided by the contract, the party to which, the beneficiary or the guarantor of which is the subject of personal data;
• otherwise, is not provided by another agreement between the Operator and the subject of personal data.
8. FINAL REGULATIONS
8.1. All relations relating to the processing of personal data that are not reflected in this Policy are regulated in accordance with the regulations of the legislation of the Russian Federation.
8.2. The Operator has the right to make changes to this Policy. When making changes in the current version, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy.
8.3. The current version of the Policy in the public domain is located on the Internet at: https://mediapanacea.ru/privacy-policy/