Personal data processing policy
Publication date: October 30, 2019
The current version is available at: https://ubitec.org/legal/terms1. GENERAL PROVISIONS
1.1. The personal data processing policy (hereinafter referred to as the Policy) is an internal regulatory document of LLC "UBI Technologies", which defines the general provisions of LLC "UBI Technologies" in the field of legality of processing and ensuring the security of personal data processed.
1.2. This Policy is a public document and it has been developed in accordance with the requirements of the Constitution of the Russian Federation, the Labor Code of the Russian Federation, the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data", the Federal Law of the Russian Federation of July 27, 2006 No. 149 -FZ "On information, information technology and information protection" and other regulatory documents in accordance with the current legislation in the field of personal data security.
1.3. This Policy applies to LLC "UBI Technologies" and is binding on all employees of LLC "UBI Technologies".2. TERMS AND DEFINITIONS
2.1. The words and phrases below used in this Policy have the following meanings:
2.1.1 "Subscriber" - an individual in respect of whom LLC "UBI Technologies" provides transport monitoring services or services for providing access to the software and platform of LLC "UBI Technologies". The Subscriber, unlike the User, may not have direct contractual relations with the Company.
2.1.2 "Blocking of personal data" - a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
2.1.3 "Protection of personal data" - a set of measures of a technical, organizational and organizational-technical nature, aimed at protecting information relating to a specific or determined on the basis of such information Subject of personal data.
2.1.4 "Personal data information system" - an information system, which is a collection of personal data contained in a database, as well as information technologies and technical means that allow processing such personal data using automation tools or without using such means.
2.1.5 "Information" - information (messages, data) regardless of the form of their presentation.
2.1.6 "Company" - LLC "UBI Technologies" (115280, Moscow, Leninskaya Sloboda street, 19, floor 4, room 21, office 14).
2.1.7 "Confidentiality of personal data" is a mandatory requirement for the Operator or another person who has gained access to personal data to prevent disclosure of personal data to third parties and their dissemination without the consent of the Subject of personal data or other legal grounds.
2.1.8 "Anonymization of personal data" - actions, as a result of which it becomes impossible without the use of additional information to determine the affiliation of personal data to a specific Subject of personal data.
2.1.9 "Processing of personal data" - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.1.10 "Operator" - LLC "UBI Technologies", independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions ( operations) performed with personal data.
2.1.11 "Responsible for the processing of personal data" - the General Director of the Company or an employee of the Company, appointed by the Order of the General Director, who ensures security, protection and compliance with the requirements of the current legislation when processing personal data.
2.1.12 "Personal data" (hereinafter also referred to as - "PD") - any information relating directly or indirectly to a specific or identifiable individual (Personal Data Subject).
2.1.13 "Platform" - a set of software and hardware, including the Operator's software, as well as a set of general and special software of third parties, ensuring the provision of services by the Company.
2.1.14 "User" - a legal entity or individual receiving the services of the Company.
2.1.15 "Provision of personal data" - actions aimed at disclosing personal data to a certain person or a certain circle of persons.
2.1.16 "Employees" (employees of the Company) - full-time or part-time employees of the Company, regardless of their position.
2.1.17 "Personal data dissemination" - actions aimed at disclosing personal data to an indefinite circle of persons.
2.1.18 "Company’s Website" - a website on the Internet, located at https://www.ubitec.ru/.
2.1.19 "Subject of personal data" - a specific or identifiable individual.
2.1.20 "Cross-border transfer of personal data" - the transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or a foreign legal entity.
2.1.21 "Destruction of personal data" - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which tangible carriers of personal data are destroyed.3. PRINCIPLES OF PROCESSING PERSONAL DATA
3.1. In the process of processing personal data, the Operator is guided by the following principles:
3.1.1. PD processing must be carried out on a legal and fair basis.
3.1.2. PD processing should be limited to the achievement of specific, predetermined and legitimate objectives.
3.1.3. PD processing that is incompatible with the purposes of PD collection is not allowed.
3.1.4. It is not allowed to merge databases containing personal data, the processing of which is carried out for purposes incompatible with each other.
3.1.5. It is allowed to process only those PD that meet the purposes of their processing.
3.1.6. The content and volume of processed PD must comply with the stated processing objectives.
3.1.7. Processing of personal data that is unnecessary in relation to the stated purposes of processing is not allowed.
3.1.8. When processing PD, the accuracy of PD, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data must be ensured. Incomplete or inaccurate data should be deleted or revised.
3.1.9. The storage of PD should be carried out in a form that allows the Subject of personal data to be identified, no longer than the purpose of processing the PD requires, if the storage period for PD is not established by federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantor.
3.2. Upon achievement of the processing goals or in case of loss of the need to achieve these goals, at the legal request of the Personal Data Subject or authorized bodies of the judicial and executive authorities, PD should be destroyed or anonymized, unless otherwise provided by law.4. CATEGORIES OF PERSONAL DATA SUBJECTS
4.1. Personal data subjects are divided into the following categories:
4.1.1. Subscribers, Users of the services provided by the Company, and their representatives. The processing of personal data of Subscribers and Users of services is carried out in accordance with article 6 of this Policy.
4.1.2. Employees and other individuals who provide services or perform work for the Company and have a contractual relationship with the Company.
4.1.3. Applicants (candidates) for vacant positions.
4.1.4. Employees of counterparties under contracts concluded with the Company.
4.1.5. Beneficial owners of the Company.
4.1.6. Individuals intending to use the services of the Company or third parties;
4.1.7. Individuals using the Company's Site. The processing of personal data of these persons is carried out in accordance with article 12 of this Policy.
4.2. In relation to the persons specified in clauses 4.1.2 - 4.1.4 of the Policy, the Operator and Personal Data Subjects are also guided by an employment contract, or another contract for the purpose of which personal data are provided and processed, as well as consent to the processing of personal data received from the Subject of personal data.5. PURPOSES OF PERSONAL DATA PROCESSING
5.1. Interaction within the framework of concluded agreements on the provision of services and the fulfillment of the obligations assumed by the Company (in relation to the personal data of Subscribers, Users).
5.2. Compliance with the requirements of the employment contract and the provision of access to the company's facilities (in relation to the personal data of the Company's employees)
5.3. Interaction within the framework of contracts with Russian and foreign counterparties (in relation to personal data of employees of counterparties, individuals who provide services or perform work for the Company under the contract).
5.4. Promotion of goods, works, services of the Company and third parties - partners of the Company (in relation to personal data of individuals intending to conclude an agreement with LLC "UBI Technologies" and / or with its partners).
5.5. Compliance with the requirements of legislative acts, regulatory documents (in relation to the personal data of Subscribers, Users, Employees).
5.6. Disclosure of information about the Company (in relation to the personal data of beneficial owners, Company employees, General Director).
5.7. Statistical or other research purposes (concerns anonymized data obtained by the Company on a legal basis).
5.8. Improving the functioning of the Company's Website (in relation to the data specified in clause 12.7 of the Policy).
5.9. Interaction with companies within the same group of companies (applies to personal data of employees of companies included in the group of legal entities affiliated with the Company).6. FEATURES OF PROCESSING PERSONAL DATA OF SUBSCRIBERS AND USERS
6.1. In relation to Subscribers and Users of the Company's services, personal data are processed for the following purposes:
6.1.1. As part of the provision of services by the Company - to conclude and execute an agreement on the provision of services. The personal data specified in the service agreement (last name, first name, patronymic, place and date of birth, details of the identity document, address of residence, contact phone number, e-mail address), data on the services provided.
6.1.2. Within the framework and for the purposes of the provision of services by the Company in relation to the Subscriber's or User's vehicle, with the consent of the Personal Data Subject, data on the license plate, model, make and VIN number of the vehicle is processed with reference to the Subject of personal data, geolocation and information about the condition of the vehicle received from equipment installed on the vehicle, if the service is provided directly by the Company.
6.2. The processing of personal data is carried out with the consent of the Subject of personal data. Cases where the consent of the Personal Data Subject to the processing of his personal data is not required are established in Art. 6 of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data".
6.3. The personal data of the Subscriber or the User may be transferred in accordance with the terms of the current contract to third parties involved in its execution, who, in connection with the fulfillment of obligations, need such data (equipment installers, courier services, etc.), as well as to other third parties, name which are brought to the attention of Subscribers and Users, including by informing them on the Company's Website, or which are directly indicated in the consent to the processing of personal data received from the Subject of personal data. The transfer of personal data to third parties is carried out on the basis of an appropriate agreement containing the requirements for the confidentiality of personal data and their protection in accordance with the legislation of the Russian Federation.
6.4. The Subscriber and the User have the right to revoke consent to the processing of personal data at any time by submitting a written application to the Company at the address indicated on the Company's website in the "Contacts" section 20 working days before the date of revocation of consent.
6.5. The personal data of the Subscribers and Users of the Company's services are processed during the term of the contract for the purposes of which the specified data were used, and within 3 (three) years after its termination, or if, before the expiration of the specified period, the personal data subject sent a withdrawal of consent to process their personal data - until the date of termination of the processing of personal data in connection with the withdrawal of consent to the processing of personal data.
6.6. The processing of personal data is carried out both with the use of automation tools and without their use and includes, inter alia, collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision , access), depersonalization, blocking, deletion, destruction of personal data.7. RIGHTS OF PERSONAL DATA SUBJECTS
7.1. The subject of personal data has the right to receive information regarding the processing of his personal data, including containing:
7.1.1. confirmation of the fact of processing personal data in the Company, legal grounds and purposes of processing personal data;
7.1.2. the methods of processing personal data used by the Company;
7.1.3. name and location of the Company, information about persons (except for Employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Company or on the basis of legislation;
7.1.4. the processed personal data relating to the relevant Personal Data Subject, the source of their receipt, unless another procedure for submitting such data is provided for by law;
7.1.5. terms of processing personal data, including the terms of their storage;
7.1.6. the procedure for the exercise by the Subject of personal data of the rights provided for by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data";
7.1.7. information about the data transmitted or intended cross-border data transfer;
7.1.8. the name or surname, first name, patronymic and address of the person who processes personal data on behalf of the Company, if the processing is entrusted or will be entrusted to such a person;
7.1.9. other information provided for by the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data" or other federal laws.
7.2. The subject of personal data has the right to demand from the Company clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights.
7.3. If the Personal Data Subject believes that the Company is processing his personal data in violation of the requirements of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data" or otherwise violates his rights and freedoms, the Personal Data Subject has the right to appeal against the actions or inaction of the Company in the body for the protection of the rights of subjects of personal data or in court.
7.4. The personal data subject has the right to exercise other rights defined by Chapter 3 of the Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data".8. CONFIDENTIALITY OF PERSONAL DATA
8.1. Information related to personal data that has become known to the Company is confidential information and is protected by law.
8.2. Employees of the Company and other persons who have gained access to the processed personal data have signed a commitment to non-disclosure of confidential information, and have been warned of possible disciplinary, administrative, civil and criminal liability in case of violation of the rules and requirements of the current legislation of the Russian Federation in the field of personal data processing.
8.3. The Operator's agreements with counterparties contain confidentiality conditions for transmitted and received personal data, including agreements with persons involved in the processing of personal data.9. MEASURES TO ENSURE THE SECURITY OF PROCESSED PERSONAL DATA
9.1. To ensure the security of the processed personal data, the Company takes the necessary legal, organizational, and technical protection measures.
9.2. Personal data security measures are based on the following principles:
9.2.1. centralization - databases containing personal data, as well as data protection tools must be centrally managed;
9.2.2. timeliness - measures to ensure the security of personal data applied within the Company must be timely;
9.2.3. purposefulness - measures to ensure the security of personal data used within the Company should have clear goals to achieve which they are aimed;
9.2.4. complexity - the information security system in the Company should include a set of measures aimed at ensuring the security of personal data that complement and support each other;
9.2.5. preventive measures - measures to ensure the security of personal data used by the Company must be of a precautionary nature;
9.2.6. reliability - measures to protect personal data must provide sufficient guarantees for the Company that the processed personal data is protected properly.
9.3. In order to exercise internal control over the compliance of PD processing with the established requirements, the Company has organized periodic checks of the conditions for PD processing.10. LOCATION OF DATABASES CONTAINING PERSONAL DATA OF CITIZENS OF THE RUSSIAN FEDERATION
10.1. Databases containing PD of citizens of the Russian Federation are located on the territory of the Russian Federation.11. CROSS-BORDER TRANSFER OF PERSONAL DATA
11.1. Cross-border transfer of personal data to the territory of foreign states can be carried out by the Operator only with the consent of the subject of personal data to the cross-border transfer of his personal data.
11.2. Before starting the cross-border transfer of personal data, the Operator is obliged to make sure that the foreign state to whose territory the transfer of personal data is carried out provides adequate protection of the rights of subjects of personal data.12. PROCESSING OF PERSONAL DATA USING THE INTERNET
12.1. The collection and other processing of personal data of individuals who are not Subscribers or Users, but who use the Company's Website (hereinafter referred to as the Website Users) can be carried out without their consent in cases where this occurs for the execution of a civil contract concluded between the Company and the Website User, or an agreement where the Site User is the beneficiary, as well as in other cases established by the legislation of the Russian Federation.
12.2. The Company's website can be used both for collecting personal data of the Website Users and for the subsequent processing of the collected personal data directly on the Company's website.
12.3. When collecting personal data of Site Users who are citizens of the Russian Federation, this data is recorded on servers located on the territory of the Russian Federation.
12.4. Processing of special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, financial condition, intimate life of the Site Users is not carried out.
12.5. The transfer of personal data by sending a completed web form on the Company's Website, as well as storing personal data, involves the use of the technical resources of the Company and partners to process and store personal data.
12.6. The Company has the right to transfer the personal data of the Site Users to third parties in cases provided by law.
When an individual views the Company's Site, the Company may record some information on the computer from which it is viewed. This information will be recorded as a cookie, and it will help the Company to make the Company's Site more useful for Site Users. Cookies allow you to create a website that best suits the interests and preferences of those who visit the site. Most Internet browsers allow you to erase cookies from your hard drive, block all cookies, or receive a warning before a cookie is written. A person visiting the Company's Website can also refuse to accept all cookies by disabling them in their browser. For more information about cookies and other tracking technologies, including instructions for blocking them, everyone can get acquainted at the address, for example: - http://help.yandex.ru/common/?id=1111120.
12.7. The Company may collect the following personal data while using the Company Site or Platform:
12.7.1. personal data provided by the Personal Data Subject during registration (creating an account) and / or signing the Consent on the processing of personal data;
12.7.2. Electronic data (HTTP headers, IP address, cookies, web beacons / pixel tags, browser ID data, hardware and software information);
12.7.3. date and time of access to the Sites and / or the Platform;
12.7.4. information about activity while using the Sites and / or the Platform;
12.7.5. information about geolocation;
12.7.6. information about the Subject of personal data that the Company receives from the partners of the Company in accordance with the terms of agreements concluded between the Subject of personal data and the relevant partner, and agreements concluded between the Company and the partner.13. FINAL PROVISIONS
13.1. This Policy, as well as all changes to it, are approved by the General Director of the Company and must be published on the Company's Website. The new version of the Policy comes into force from the moment it is posted on the Internet at http://www.ubitec.ru
unless otherwise provided by the new edition of the Policy.
13.2. Questions of the interpretation of this Policy should be addressed to the Person Responsible for the Processing of Personal Data in the Company and to the Legal Department of the Company.
13.3. The current version of the Policy is stored at the address of the location of the executive body of the Company.
© 2017-2020 LLC "UBI Technologies". All rights reserved