Policy regarding the processing of personal data of users of the site of ITK SYSTEM

Terms and Definitions

The following terms are used in the Policy:
– Automated processing of personal data - processing of personal data by means of computing equipment.
– Blocking - temporary cessation of personal data processing (except for cases when processing is necessary to clarify personal data).
– Personal data security - the state of personal data protection characterized by the ability of users of personal data information systems, personal data operator, technical means and information technologies to ensure confidentiality, integrity and availability of personal data during their processing in personal data information systems.
– Law - the Federal Law of the Russian Federation dated 27.07.2006 No. 152-FZ “On Personal Data”.
– Impersonalization - actions, as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information.
– Processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation means or without the use of such means with personal data, as well as by mixed processing, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
– The Company - ITK SYSTEM LLC, Legal Address: Russia, Moscow, 119435, Bol’shoy Savvinskiy Pereulok, 3k2, 4, Taxpayer Identification Number (INN): 7704397210.
– Operator - a person, independently or together with other persons, organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data. For the purposes of this Policy, the Company, processing personal data, is an operator, unless otherwise expressly stated in the Policy.
– Confidentiality of personal data - a requirement mandatory for the Company or any other person who has access to personal data not to disclose to third parties and not to disseminate personal data without the consent of the subject of personal data or other legal basis provided for by federal law.
– Personal data - information relating to a directly or indirectly defined
or identifiable natural person (subject of personal data).
– User - a natural person using the Website services (Internet user).
– Website - the Company's information resource in the Internet, access to which is provided by the domain name www.itk-system.ru.
– Provision - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
– Dissemination - actions aimed at disclosure of personal data to a certain person or a certain circle of persons.


General provisions
1. This Policy on personal data processing establishes the procedure and conditions of personal data processing, measures aimed at personal data protection, as well as contains information on the rights of persons to whom the relevant personal data relate in the Company.
2. The Company shall process personal data in accordance with the requirements of the Constitution of the Russian Federation, Federal Law No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” and other regulatory legal acts of the Russian Federation governing legal relations in the field of personal data processing.
3. The Policy applies to all actions related to the processing of personal data by the Company on the Website.
4. Processing of personal data of the subject of personal data is carried out with the consent of the subject of personal data to the processing of his/her personal data, as well as without consent in cases stipulated by the legislation of the Russian Federation.
5. The purpose of personal data processing is to provide the function of feedback through the appropriate form on the Website and processing of applications and appeals of Users received through it.


Legal basis of personal data processing
1. Processing of personal data is carried out by the Company on the following legal grounds:
– processing of personal data is carried out with the consent of the subject of personal data to the processing of his/her personal data, which the subject provides by an active action, marking a checkbox in the interface opposite to the phrase: “I agree with the Personal Data Processing Policy”;
– processing of personal data is necessary for the Company's employees to provide feedback on requests submitted by Users;
– processing of personal data is necessary for realization of the rights and legitimate interests of the Company or third parties (operators), provided that the rights and freedoms of the personal data subject are not violated.
Categories of personal data subjects, categories of processed personal data 1 The Company processes personal data of the following subjects of personal data: individuals - Website Users.
2. The Company processes the following categories of personal data of personal data subjects:
– User's name;
– User's phone number.


Procedure and conditions of personal data processing
1. The Company shall process and ensure security of personal data in order to perform functions, powers and duties assigned to the Company by the legislation of the Russian Federation, including, but not limited to, in accordance with the Constitution of the Russian Federation, federal laws, in particular, Federal Law No. 152-FZ of July
27, 2006 “On Personal Data”, by-laws, other federal laws of the Russian Federation determining the cases and specifics of processing of such personal data.
2. The Company shall process personal data using automated means, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (provision, access, distribution), depersonalization, blocking, deletion, destruction of personal data within the timeframe necessary to achieve the goals of personal data processing.
3. The Company has the right to entrust the processing of personal data to third parties - processors - on the basis of contracts concluded with such parties and with the consent of the subject of personal data. If the Company entrusts the processing of personal data to another person, the Company shall be liable to the subject of personal data for the actions of such person. The person who processes personal data on behalf of the Company shall be liable to the Company for the security of personal data and fulfillment of the requirements of the Law. A person processing personal data on behalf of the Operator is not obliged to obtain the consent of the subject of personal data for the processing of his/her personal data.
4. Persons processing personal data on the basis of a contract concluded with the Company (Operator's order), under the terms of the contracts concluded with them, undertake to comply with the principles, rules of processing and protection of personal data provided for by applicable law.
5. The procedure for destruction of personal data on media containing personal data, including external/removable electronic media, and in personal data information systems shall be determined by the Company in its internal documents and local regulations.
6. The Company does not check (has no possibility to check) the relevance and reliability of the information provided by the subjects of personal data received via the Website. The Company assumes that the subjects of personal data provide true and sufficient personal data and keep them up to date. When collecting personal data, the Company shall also proceed from the following:
– all personal data belong only to the User who filled in the Feedback Form (it is forbidden to enter personal data of another person!); – The User has reached the age of 18 and is legally capable.
7. The Company takes the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data in accordance with the requirements of the legislation of the Russian Federation and internal documents. Ensuring the security of personal data and fulfillment of the Company's obligations under the Law is achieved, among other things:
– determination of threats to the security of personal data during their processing in personal data information systems;
– application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal data protection established by the Government of the Russian Federation;
– assessment of the effectiveness of the measures taken to ensure personal data security before the personal data information system is put into operation;
– appointment of a person responsible for the organization of personal data processing;
– familiarization of the Company's employees directly involved in personal data processing with the provisions of the Russian Federation legislation on personal data, including requirements to personal data protection, documents defining the Company's policy on personal data processing, local acts on personal data processing, and (or) training of such employees;
– assessment of the damage in accordance with the requirements established by the authorized body for the protection of the rights of personal data subjects, which may be caused to personal data subjects in case of violation of the Law, the correlation between the said damage and the measures taken by the Company to ensure the fulfillment of obligations stipulated by the Law;
– detecting facts of unauthorized access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents therein;
– control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems.
8. The Company stops processing personal data and destroys it in cases of:
– liquidation of the Company;
– reorganization of the Company resulting in termination of its activity;
– termination of the legal grounds for personal data processing and/or achievement of the objectives of personal data processing;
– withdrawal of the personal data subject's consent to the processing of personal data.
9. When collecting personal data, the Company shall ensure the processing of personal data of Users using databases located in the territory of the Russian Federation.


Final provisions
1. This Policy shall come into force from the moment of its approval by the General Director of the Company and shall remain in force indefinitely until it is replaced by a new Policy.
2 The Company shall have the right to unilaterally change the terms and conditions of the Policy.
3. Since the text of the Policy is freely available on the Website, the subject of personal data shall independently follow the changes made to the Policy. 4. The Site may use services for keeping statistics of visits necessary to determine the level of interest of visitors. Such services collect and analyze only impersonal information (not personal data).
5.This Policy applies to personal data received both before and after the enactment of this Policy.
6.Internal control over fulfillment of the Policy requirements shall be exercised by the person responsible for organization of personal data processing in the Company.