1.1. This document (hereinafter referred to as the "Policy") establishes the objectives and general principles of personal data processing, as well as the measures implemented to protect personal data in LLC "Double A" (hereinafter referred to as the "Operator," the "Company"). The Policy is a publicly available document of the Operator and provides the opportunity for any individuals to familiarize themselves with it.
1.2. The Policy remains in effect indefinitely from the moment of its approval until any changes are made to it.
1.3. The terms and concepts used in the Policy are applied in accordance with their definitions as specified in Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Federal Law on Personal Data").
1.4. The Policy applies to all actions of the Operator related to the processing of personal data.
1.5. The Operator does not control other websites that may be accessed from the Operator's website.
2.1. The Operator processes personal data using a combination of automated and non-automated methods.
2.2. Actions with personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transmission (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.
2.3. The processing of personal data by the Operator is carried out on a lawful and fair basis, and the legal grounds for processing are as follows:
• The Constitution of the Russian Federation;
• The Labor Code of the Russian Federation;
• The Civil Code of the Russian Federation;
• The Tax Code of the Russian Federation;
• Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data";
• Federal Law No. 1-FZ dated January 10, 2002, "On Electronic Digital Signatures";
• Federal Law No. 63-FZ dated April 6, 2011, "On Electronic Signatures";
• Federal Law No. 27-FZ dated April 1, 1996, "On Individual (Personalized) Accounting in the Mandatory Pension Insurance System";
• Federal Law No. 212-FZ dated July 24, 2009, "On Insurance Contributions to the Russian Pension Fund, Social Insurance Fund of the Russian Federation, Federal Fund of Mandatory Medical Insurance, and Territorial Funds of Mandatory Medical Insurance";
• The Charter of LLC "Double A";
• As well as other regulations applicable to the activities of the Operator.
2.4. The content and scope of the processed personal data are determined based on the purposes of processing.
2.5. The main purposes of processing personal data are as follows:
• Managing employment relationships with individuals;
• Fulfilling civil and legal obligations of the Operator (including informing about the services of the Operator);
• Complying with the current labor, accounting, pension, and other legislation of the Russian Federation.
2.6. The main categories of data subjects whose data is processed by the Operator include:
• Individuals who are in employment and civil relationships with the Operator;
• Individuals who are in employment and civil relationships with the Operator's counterparties
• Individuals to whom the Operator provides services within the scope of its statutory activities, candidates for vacant positions.
2.7. For the mentioned categories of data subjects, the following personal data may be processed: last name, first name, middle name; date of birth; place of birth, address; marital status; social status; financial status; education; profession; income; Taxpayer Identification Number (INN), Individual Insurance Account Number (SNILS), contact information (phone, email), and other information provided by standard forms and established processing procedures.
2.8. During processing, the accuracy, sufficiency, and relevance of personal data to the purposes of processing are ensured. If inaccurate or incomplete personal data is discovered, it is updated and corrected.
2.9. Personal data that is not publicly available is treated as confidential.
2.10. The processing and storage of personal data are carried out for no longer than necessary to achieve the purposes of processing, unless there are legal grounds for further processing. Processed personal data is subject to destruction or anonymization under the following conditions:
• Achievement of the purposes of personal data processing or expiration of maximum storage periods;
• Loss of necessity in achieving the purposes of personal data processing;
• Provision by the data subject or their legal representative of confirmation that the personal data has been unlawfully obtained or is not necessary for the stated purposes of processing;
• Inability to ensure the lawfulness of personal data processing;
• Withdrawal of consent by the data subject for the processing of personal data, if the retention of personal data is no longer required for the purposes of processing;
• Withdrawal of consent by the data subject for the use of personal data for contacting potential consumers during the promotion of goods and services.
2.11. The processing of personal data based on contracts, agreements, instructions to the Operator, and instructions given by the Operator for the processing of personal data is carried out in accordance with the terms of these contracts, Operator's agreements, as well as agreements with entities entrusted with processing or who have entrusted the processing on legal grounds. Such agreements may determine, in particular: the purposes, conditions, and duration of personal data processing; obligations of the parties, including measures to ensure confidentiality; rights, duties, and responsibilities of the parties regarding the processing of personal data.
2.12. In cases not explicitly provided for by current legislation or a contract, processing is carried out after obtaining the consent of the data subject. Consent may be expressed through actions, acceptance of the terms of a contract-offer, marking the corresponding checkboxes, filling out fields in forms or templates, or it may be documented in writing in accordance with the law.
3.1. The Operator takes the necessary legal, organizational, and technical measures to ensure the security of personal data, protecting it from unauthorized (including accidental) access, destruction, alteration, blocking of access, and other unauthorized actions.
4.1. The data subject has the right to withdraw consent for the processing of personal data by sending a corresponding request to the Operator by mail or in person.
4.2. The data subject has the right to obtain information regarding the processing of their personal data, including confirmation of the fact that the Operator is processing their personal data; the legal grounds and purposes of the personal data processing; the purposes and methods of personal data processing employed by the Operator; the name and location of the Operator, as well as information about individuals (excluding employees of the Operator) who have access to the personal data or to whom the personal data may be disclosed based on a contract with the Operator or on the basis of federal law; the processed personal data related to the respective data subject, the source of their receipt, unless a different procedure for providing such data is established by federal law; the duration of personal data processing, including the storage period; the procedure for the data subject to exercise their rights provided by Federal Law No. 152-FZ of July 27, 2006, "On Personal Data"; information about the completed or planned cross-border transfer of data; the name, surname, first name, patronymic, and address of the person processing personal data on behalf of the Operator if such processing is entrusted or will be entrusted to that person; and other information provided by the Federal Law "On Personal Data" or other federal laws.
4.3. The data subject has the right to request the Operator to clarify their personal data, block or delete them if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated processing purposes. The data subject also has the right to take legal measures to protect their rights as provided by law.
4.4. If a data subject believes that the Operator is processing their personal data in violation of the requirements of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," or otherwise violating their rights and freedoms, the data subject has the right to appeal the actions or inaction of the Operator to the authorized body for the protection of the rights of data subjects (Federal Service for Supervision of Communications, Information Technology, and Mass Media - Roskomnadzor) or in court.
4.5. The data subject has the right to protect their rights and legitimate interests, including seeking compensation for damages and/or moral harm through legal proceedings.
5.1. The rights and obligations of the Operator are determined by the applicable legislation and agreements of the Operator.
5.2. Compliance with the requirements of this Policy is monitored by the person responsible for organizing the processing of personal data.
5.3. The liability of individuals involved in the processing of personal data on behalf of the Operator for the unauthorized use of personal data is established in accordance with the terms of the civil law contract or Agreement on Confidentiality of Information concluded between the Operator and the counterparty.
5.4. Persons responsible for violating the norms regulating the processing and protection of personal data bear material, disciplinary, administrative, civil, or criminal liability in accordance with the procedures established by federal laws, local regulations, and agreements of the Operator.
5.5. Other rights and obligations of the Operator are determined by the legislation of the Russian Federation in the field of personal data.