Решения для бизнеса
ТарифыО платформе
База знаний
Связаться
Меню

Personal Data Processing Policy of Dostavix Limited Liability Company

1. General Provisions

1.1. This Personal Data Processing Policy of Dostavix Limited Liability Company (the Policy) is prepared pursuant to Article 18.1(1)(2) of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (the Personal Data Law) and is aimed at protection of human and civil rights and freedoms when personal data are processed, including privacy and family secrecy rights.
1.2. The Policy applies to all personal data processed by Dostavix LLC (the Operator).
1.3. The Policy covers personal data processing relations that arose both before and after this Policy was approved.
1.4. In accordance with Article 18.1(2) of the Personal Data Law, this Policy is publicly available on the Operator's website on the Internet.
1.5. Key terms used in this Policy:
  • Personal data: any information relating directly or indirectly to an identified or identifiable individual.
  • Personal data operator: a state or municipal authority, legal entity, or individual that organizes and/or performs personal data processing and defines the purposes and scope of such processing.
  • Processing of personal data: any operation with personal data, including collection, recording, systematization, accumulation, storage, updating, retrieval, use, transfer, anonymization, blocking, deletion, and destruction.
  • Automated processing: processing of personal data using computer equipment.
  • Dissemination: actions aimed at disclosure of personal data to an indefinite circle of persons.
  • Provision: actions aimed at disclosure of personal data to a specific person or a specific circle of persons.
  • Blocking: temporary cessation of processing (except where processing is required for clarification of personal data).
  • Destruction: actions resulting in impossibility to recover personal data in personal data information systems and/or destruction of physical carriers.
  • Anonymization: actions making it impossible to identify a specific data subject without additional information.
  • Personal data information system: databases containing personal data and technologies and technical means ensuring their processing.
1.6. Rights and obligations of the Operator.
1.6.1. The Operator is entitled to:
  1. independently determine the composition and list of measures necessary and sufficient to ensure compliance with legal requirements;
  2. entrust processing to another person with data subject consent unless otherwise provided by federal law;
  3. continue processing without consent after consent withdrawal where legal grounds established by law are available.
1.6.2. The Operator is obligated to:
  1. organize personal data processing in compliance with legal requirements;
  2. respond to requests from data subjects and their legal representatives in due course;
  3. provide the authorized supervisory authority with required information within the statutory timeframe;
  4. ensure interaction with state information security systems where required by applicable law.
1.7. Rights of data subjects include the right to:
  1. receive information about processing of their personal data;
  2. request correction, blocking, or destruction of incomplete, outdated, inaccurate, or unlawfully obtained personal data;
  3. provide prior consent for direct marketing processing;
  4. appeal unlawful actions or omissions of the Operator to supervisory authorities or courts.

2. Purposes of Personal Data Processing

2.1. Personal data processing is limited to specific, predetermined, and lawful purposes. Processing incompatible with collection purposes is not allowed.
2.2. Only personal data that meet processing purposes are subject to processing.
2.3. The Operator processes personal data for the following purposes:
  • carrying out core business operations and contractual performance;
  • compliance with labor law in employment and related relations, including HR, payroll, reporting, and mandatory insurance registration;
  • ensuring access control and security regimes at facilities.

3. Legal Grounds for Processing

3.1. The legal grounds for processing include applicable legal acts, including but not limited to:
  1. the Constitution of the Russian Federation;
  2. the Civil Code of the Russian Federation;
  3. the Labor Code of the Russian Federation;
  4. the Tax Code of the Russian Federation;
  5. Federal Law No. 14-FZ "On Limited Liability Companies";
  6. Federal Law No. 402-FZ "On Accounting";
  7. other legal acts governing the Operator's activities.
3.2. Additional legal grounds include the Operator's charter, contracts, and data subject consents where required.

4. Scope and Categories of Processed Personal Data

4.1. Content and scope of processed personal data must correspond to the declared purposes of processing and must not be excessive.
4.2. The Operator may process personal data of job applicants, employees, former employees, counterparties, and other persons interacting with the Operator.
4.3. Depending on purpose, processed data may include:
  1. full name, gender, citizenship, date and place of birth;
  2. contact details and registration address;
  3. education, qualifications, work experience, and employment information;
  4. identification and tax/insurance details where legally required.

5. Procedure and Conditions of Processing

5.1. Processing is performed lawfully and fairly, by automated and non-automated means, with security measures required by law.
5.2. The Operator ensures confidentiality of personal data and prevents disclosure to third parties without legal grounds.
5.3. Personal data are retained no longer than necessary for the purposes of processing unless otherwise required by law.

6. Updating, Correction, and Deletion

6.1. The Operator updates, blocks, or deletes personal data upon confirmation that such data are inaccurate, incomplete, outdated, or unlawfully processed.
6.2. Data subjects may submit requests regarding processing of their personal data through the Operator's contact channels.

7. Final Provisions

7.1. Internal control over compliance with this Policy is performed by authorized persons designated by the Operator.
7.2. Persons responsible for violations of personal data legislation bear liability in accordance with applicable law.
7.3. This Policy may be updated by the Operator. The current version is published on the Operator's website.