«HOOK-MEDIA», Ltd. General director
03 December 2017
1.1. This Policy for the Processing of Personal Data (hereinafter – the Policies Processing the PDN) HOOK-MEDIA, Ltd. (hereinafter referred to as the Operator), located at: 125284, Russia, Moscow, Begovaya Street, 3 c1, office. 109, was developed in accordance with the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 27, 152-FZ “On Personal Data”, Resolution of the Government of the Russian Federation of 01.11.2012 № 1119 “On the approval of the requirements for the protection of personal data when processing them in personal information systems”, other federal laws and regulations but-legal acts.
1.2. The policy is developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other normative legal acts of the Russian Federation in the field of personal data.
1.3. The policy of processing PDN is designed to protect the rights and freedoms of the subject of personal data when processing his personal data (hereinafter – PDN).
1.4. The provisions of the Policy form the basis for the development of local regulations governing the processing of personal data of employees of HOOK-MEDIA, Ltd. and other subjects of personal data at HOOK-MEDIA, Ltd.
Personal data is processed by the Operator for the following purposes:
- implementation and implementation of the functions, powers and duties imposed by the legislation of the Russian Federation on the Operator, in particular:
- compliance with labor law and taxation requirements;
- maintenance of current accounting and tax accounting, formation, production and timely submission of accounting, tax and statistical reporting;
- compliance with the requirements of legislation to determine the procedure for processing and protecting PDD of citizens who are customers or counterparties of HOOK-MEDIA, Ltd. (hereinafter referred to as subjects of personal data).
- realization of the rights and legitimate interests of HOOK-MEDIA, Ltd. within the framework of carrying out activities specified in the Charter and other local regulatory acts of HOOK-MEDIA, Ltd. or third parties or achieving socially significant goals;
- for other lawful purposes.
Processing PDN is carried out on the basis of the following federal laws and regulations:
- Constitution of the Russian Federation;
- Of the Labor Code of the Russian Federation;
- Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”;
- Federal Law “On Information, Information Technologies and Information Protection” of 27.07.2006 N 149-FZ.
- Provisions on the features of processing personal data, carried out without the use of automation. Approved by Resolution of the Government of the Russian Federation of September 15, 2008 No. 687.
- Resolutions of November 1, 2012 N 1119 on approving the requirements for the protection of personal data when processing them in personal information systems.
- Order of FSTEC of Russia No. 55, Federal Security Service of Russia No. 86, Ministry of Information and Communications of Russia No. 20 dated February 13, 2008 “On Approval of the Procedure for the Classification of Information Systems for Personal Data”;
- Order FSTEC of Russia of February 18, 2013 No. 21 “On the approval of the composition and content of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems”;
- Order of Roskomnadzor from September 5, 2013 No. 996 “On approval of requirements and methods for the depersonalization of personal data”;
- Order of the Federal Tax Service of November 17, 2010 № MMV-7-3 / 611 “On the approval of the form of information on the incomes of individuals and recommendations for its completion, the format of information on personal income in electronic form, directories.”
- Other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities.
When processing the PDN, the Operator will perform the following actions with PDD: collection, recording, systematization, accumulation, storage, updating (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
5.1 The following PDD subjects are subject to processing by the Operator:
- employees of the Operator;
- clients of the Operator;
- counterparties of the Operator;
- individuals who apply to the Operator in the manner prescribed by the Federal Law “On the Procedure for Considering Appeals from Citizens of the Russian Federation”.
5.2 The composition of the PDD of each of the categories of subjects listed in clause 5.1 of this Regulation is determined in accordance with the normative documents listed in Section 3 of this Regulation, as well as regulatory documents of the Institution issued to ensure their execution.
5.3 In cases provided for by the current legislation, the personal data subject decides to provide his PDD to the Operator and agrees to their processing freely, of his own will and in his interest.
5.4 The operator ensures the compliance of the content and volume of processed PDDs with the stated processing objectives and, if necessary, takes measures to eliminate their redundancy in relation to the stated processing objectives.
5.5 Processing of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, intimate life, is not carried out in HOOK-MEDIA, Ltd.
6.1 Processing of personal data in HOOK-MEDIA, Ltd. is carried out in the following ways:
- manual processing of personal data;
- automated processing of personal data with the transfer of information received through information and telecommunications networks or without it;
- mixed processing of personal data.
The operator takes measures that are necessary and sufficient to ensure the fulfillment of the duties provided for by Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and regulatory legal acts adopted in accordance with it. The operator independently determines the composition and the list of measures necessary and sufficient to ensure the fulfillment of duties stipulated by the Federal Law No. 152 “On Personal Data” of July 27, 2006, Government Resolution No. 687 of September 15, 2008 “On Approval of the Regulation on the Specifics of Processing Personal Data , carried out without the use of automation tools, “Government Decree No. 1119 of November 1, 2012” On the approval of the requirements for the protection of personal data when processing them in information “Order FSTEC of February 18, 2013 No. 21” On the approval of the composition and content of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems, “and other regulatory legal acts, unless otherwise provided federal laws. Such measures include:
- appointment by the Operator responsible for organizing the processing of personal data;
- the issuance by the Operator of documents defining the operator’s policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
- application of legal, organizational and technical measures to ensure the safety of personal data;
- implementation of internal control and (or) audit of the compliance of personal data processing with the Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the operator’s policy regarding the processing of personal data, the local acts of the Operator;
- determination of the assessment of harm that may be caused to the subjects of personal data in the event of a violation of the Federal Law “On Personal Data”, the ratio of this harm and measures taken by the operator aimed at ensuring the fulfillment of the obligations provided for by the Federal Law “On Personal Data”;
- familiarization of employees of the Operator directly processing personal data, with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the operator’s policy regarding the processing of personal data, local acts on the processing of personal data, and (or ) training of these employees.
7.2. The operator, while processing personal data, takes the necessary legal, organizational and technical measures or ensures their acceptance to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions in regarding personal data.
8.1 The PDD subject has the right to demand from the Operator the specification of his personal data, their blocking or destruction in the event that the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights.
8.2 The information is provided to the subject of personal data or his representative by the operator at the request or upon receipt of the request of the subject of personal data or his representative. The request must contain the number of the main document certifying the identity of the personal data subject or its representative, information on the date of issue of the specified document and the issuing body, information confirming the participation of the personal data subject in relations with the Operator (contract number, contract date, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator, the signature of the subject of personal data or his representative. The request can be sent in the form of an electronic document and signed by an electronic signature in accordance with the laws of the Russian Federation.
8.3 The operator has the right to deny the subject of personal data in the execution of a repeated request. Such refusal should be motivated. The duty to provide evidence of the reasonableness of refusal to perform a second request lies with the Operator.
8.4 The subject of personal data has the right to receive information regarding the processing of his personal data, including:
- confirmation of the fact of personal data processing by the Operator;
- legal grounds and objectives for the processing of personal data;
- goals and methods of processing personal data used by the Operator;
- name and location of the Operator, information about the persons (with the exception of the operator’s employees) who have access to personal data or who can disclose personal data on the basis of a contract with the operator or on the basis of a federal law;
- processed personal data relating to the relevant personal data subject, the source of their receipt, if another procedure for the submission of such data is not provided for by federal law;
- terms of processing of personal data, including the time of their storage;
- the procedure for the subject of personal data to exercise the rights provided for by the Federal Law “On Personal Data”;
- information on the carried out or expected transboundary data transfer;
- name or surname, name, patronymic and address of the person carrying out the processing of personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such person.
8.5 If the subject of personal data believes that the operator is processing his personal data in violation of the requirements of the Federal Law “On Personal Data” or otherwise violates his rights and freedoms, the subject of personal data has the right to appeal against the actions or omissions of the operator to the body authorized to protect the rights of subjects personal data, or in court.
8.6 The subject of personal data has the right to protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in the courts.