Teamo.ru is a number one trustworthy website for serious relationship in Russia

Privacy policy


1. Terms and Definitions

 

1.1. Personal Data - any information related to a particular or definable on the basis of such information individual (personal data subject), including his/her last name, first name, middle name, year, month, date and place of birth, address, e-mail address, phone number, marital, social, property status, education, profession, income, or other information.
1.2. Processing of Personal Data - actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, or blocking.
1.3. Confidentiality of Personal Data - mandatory requirement, to be complied with by the designated person in charge who has access to personal data, to prevent their distribution without the consent of the subject or other legal reason.
1.4. Distribution of Personal Data - actions intended to transfer personal data to a certain circle of persons (transfer of personal data) or to acquaint an unlimited number of persons with personal data, including publication of personal data in the mass media, placement in the information and telecommunications networks or provision of access to personal data in any other way.
1.5. Use of Personal Data - actions (operations) with personal data committed for the purpose of making decisions or committing other actions that produce legal consequences with respect to the subjects of personal data or otherwise affecting their rights and freedoms or the rights and freedoms of others.
1.6. Blocking of Personal Data - temporary suspension of collection, systematization, accumulation, use, or distribution of personal data, including their transfer.
1.7. Destruction of Personal Data - actions as a result of which it is impossible to restore the contents of personal data in the information system of personal data, or as a result of which the tangible media with personal data are destroyed.
1.8. Depersonalization of Personal Data - actions that make it impossible without using additional information to determine the ownership of personal data by a specific subject.
1.9. Publicly Accessible Personal Data - personal data the access of an unlimited circle of persons to which is provided with the consent of the subject, or to which the requirement of confidentiality do not apply in accordance with federal laws.
1.10. Information - details (messages, data) regardless of the form of their submission.
1.11. Client (personal data subject) - an individual, a consumer of the TEAMO LLC services, hereinafter referred to as the "Organization".
1.12. Operator - a public authority, a municipal body, a legal entity or an individual independently or jointly with other persons organizing and (or) processing personal data, as well as defining the purposes of the personal data processing, the composition of the personal data subject to processing, the actions (operations) performed with personal data. Within the framework of these Regulations, the Operator shall be TEAMO Limited Liability Company.

 

2. General

 

2.1. These Regulations on the Processing of Personal Data (hereinafter referred to as the "Regulations") are developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the Federal Law "On Information, Information Technologies and Information Protection", the Federal Law 152-FZ "On Personal Data", other federal laws.
2.2. The purpose of the development of these Regulations is to define the procedure for the processing and protecting the personal data of all Clients of the Organization whose data are subject to processing, on the basis of the authority of the Operator; to ensure protection of human and civil rights and freedoms in the processing of his/her personal data, including protection of the privacy rights, personal and family secrets, as well as to establish responsibility of the officials who have access to personal data for non-compliance with the rules governing the processing and protection of personal data.
2.3. Procedure for putting the Regulations into effect and amending.
2.3.1. These Regulations shall take effect upon approval of the same by the General Director of the Organization and continue permanently until replaced by the new Regulations.
2.3.2. Amendments to these Regulations shall be made on the basis of the Orders of the General Director of the Organization.

 

3. Composition of Personal Data

 

3.1. Personal data of the Clients shall include, in particular, the following:
3.1.1. Last name, first name, middle name.
3.1.2. Year of birth.
3.1.3. Month of birth.
3.1.4. Date of birth.
3.1.5. Place of birth.
3.1.7. Marital status.
3.1.8. Education.
3.1.9. Occupation.
3.1.10. Income.
3.1.11. TIN, Pension Certificate number.
3.1.12. Place of employment.
3.1.13. Position held.
3.1.14. E-mail address.
3.1.15. Phone number (home, cell phone).
3.2. The following documents and information may be created (generated, collected) and stored in the Organization, including in electronic form, containing data about the Clients:
3.2.1. Personal details form.
3.2.2. Application for registration for an individual.
3.2.3. Agreement (public offer).
3.2.4. Confirmation of accession to the agreement.
3.2.5. Copies of the identity and other documents provided by the Client and containing personal data.
3.2.6. Data on payments for the orders (goods/services) containing payment and other details of the Client.
3.2.7. Records of telephone conversations and electronic correspondence.
3.2.8. Forms (including electronic) of the orders for services (goods).

 

4. Purpose of the Personal Data Processing

 

4.1. The purpose of the personal data processing is the implementation of a set of actions aimed at achieving the objective, including the following:
4.1.1. Rendering advisory and information services.
4.1.1.2. Other transactions not prohibited by law, as well as a set of actions with personal data necessary for the execution of the above transactions.
4.1.1.3. Improving the existing and creating additional services for the Client. For this purpose, personal data may be transferred to third parties who perform the work or provide the services related to such improvement or creation of services.
4.1.1.4. In order to fulfill the requirements of the laws of the Russian Federation.
4.2. The condition for termination of the personal data processing shall be the liquidation of the Organization, as well as the relevant request of the Client.

 

5. Collection, Processing and Protection of Personal Data

 

5.1. Procedure for obtaining (collecting) personal data:
5.1.1. All personal data of the Client shall be obtained from the same personally with its written consent, except in the cases specified in Clauses 5.1.4 and 5.1.6 of these Regulations and in other cases provided for by the laws of the Russian Federation.
5.1.2. The Client's consent to the use of its personal data shall be stored in the Organization in paper and/or electronic form.
5.1.3. Consent of the subject to the processing of personal data shall be valid for the entire duration of the Agreement and for 5 years from the date of termination of the contractual relations of the Client with the Organization. Upon the expiration of this period, the consent shall be deemed extended for every five years thereafter in the absence of information on its cancellation.
5.1.4. If the Client's personal data can only be obtained from a third party, the Client shall be notified of this in advance, and the written consent shall be obtained from the same. The third party providing personal data of the Client shall have the consent of the subject to transfer its personal data to the Organization. The Organization shall obtain confirmation from the third party transferring personal data of the Client that its personal data are transferred with its consent. In its interaction with third parties, the Organization shall conclude with the same the confidentiality agreement for the information concerning personal data of the Clients.
5.1.5. The Organization shall inform the Client about the purposes, prospective sources, and methods of obtaining personal data, as well as about the nature of the personal data to be obtained and the consequences of the Client's refusal to give the written consent for obtaining its personal data.
5.1.6. Personal data of the Clients shall be processed without their consent in the following cases:
5.1.6.1. Personal data are publicly available.
5.1.6.2. On request of the competent public authorities in the cases provided for by the federal law.
5.1.6.3. Personal data are processed on the basis of the federal law establishing the purpose of the same, the conditions for obtaining personal data and the range of the subjects whose personal data are subject to processing, as well as defining the powers of the operator.
5.1.6.4. Personal data are processed for the purpose of concluding and executing the agreement one of the parties to which is the subject of personal data - the Client.
5.1.6.5. Personal data are processed for statistical purposes subject to obligatory depersonalization of personal data.
5.1.6.6. In other cases provided for by law.
5.1.7. The Organization may obtain and process personal data of the Client about its race, nationality, political views, religious or philosophical beliefs, health status, and intimate life.
5.2. Procedure for personal data processing:
5.2.1. The subject of personal data shall provide the Organization with reliable information about itself.
5.2.2. Only the employees of the Organization authorized to work with the Client's personal data, and upon signing the Non-Disclosure Agreement for the Client's personal data, shall be admitted to the processing of the Client’s personal data.
5.2.3. The following persons may have access to personal data of the Client in the Organization:
General Director of the Organization.
Employees responsible for operations.
Security officers.
Employees of the internal control service.
Employees of the legal service.
IT employees.
Employees of the documentation support service.
Client as the subject of personal data.
5.2.3.1. The name list of the employees of the Organization having access to personal data of the Clients shall be determined by the Order of the General Director of the Organization.
5.2.4. The Client's personal data may be processed solely for the purposes established by the Regulations and for compliance with the laws and other legal regulations of the Russian Federation.
5.2.5. In determining the scope and content of the personal data to be processed, the Organization shall follow the Constitution of the Russian Federation, the law on personal data, and other federal laws.
5.3.1. Protection of the Client's personal data shall be understood as a set of measures (organizational, administrative, technical, legal) aimed at preventing unauthorized or accidental access to the same, destruction, modification, blocking, copying, distribution of personal data of the subjects, and other unlawful actions.
5.3.2. Personal data of the Client shall be protected at the expense of the Organization in the manner established by the federal law of the Russian Federation.
5.3.3. In protection of personal data of the Clients, the Organization shall take all necessary organizational, administrative, legal and technical measures, including the following:
Encryption (cryptographic) tools.
Antivirus protection.
Analysis of security.
Detection and prevention of intrusions.
Access control.
Registration and accounting.
Ensuring integrity.
Developing procedural local regulations governing the protection of personal data.
5.3.4. Overall organization of the protection of personal data of the Clients shall be managed by the General Director of the Organization.
5.3.5. Personal data of the Client shall be accessible to the employees of the Organization who need personal data in connection with the performance of their official duties.
5.3.6. All employees associated with the receipt, processing and protection of personal data of the Clients shall sign the Non-Disclosure Agreement for the personal data of the Clients.
5.3.7. The procedure for obtaining access to personal data of the Client shall include the following:
Familiarizing the employee against signature with these Regulations. In the presence of other regulations (orders, directions, instructions, etc.) governing the processing and protection of personal data of the Client, these regulations shall also be read against signature.
Obtaining from the employee (with the exception of the General Director) the written commitment to observe the confidentiality of personal data of the Clients and to comply with the rules for processing the same in accordance with the internal local regulations of the Organization governing the security of confidential information.
5.3.8. The employee of the Organization having access to personal data of the Clients due to its official duties shall:
Ensure storage of the information containing personal data of the Client excluding access of third parties to the same.
In the absence of the employee, its workplace shall have no documents containing personal data of the Clients.
When leaving for vacation, during a business trip and in other cases of prolonged absence of the employee from its workplace, the employee shall transfer the documents and other media containing personal data of the Clients to the officer designated by the local regulation of the Company (order, direction) to perform the official duties of the leaving employee.
In the event that such officer is not designated, the documents and other carriers containing personal data of the Clients shall be transferred to another employee who has access to personal data of the Clients as ordered by the General Director of the Organization.
Upon dismissal of the employee having access to personal data of the Clients, the documents and other media containing personal data of the Clients shall be transferred to another employee who has access to personal data of the Clients as ordered by the General Director.
In order to perform the assignment, and on the basis of the memo with a positive resolution of the General Director, access to personal data of the Client may be granted to another employee. Personal data of the Client shall not be accessed by other employees of the Organization having no duly documented access.
5.3.9. The personnel manager shall ensure the following:
Familiarizing the employees against signature with these Regulations.
Obtaining from the employees the written commitment to observe the confidentiality of personal data of the Client and to comply with the rules for processing the same.
Overall control of compliance by the employees with the measures to protect personal data of the Client.
5.3.10. Protection of the Clients' personal data stored in the electronic databases of the Organization from unauthorized access, distortion and destruction of information, as well as from other unlawful actions, shall be ensured by the System Administrator.
5.4. Protection of personal data:
5.4.1. Personal data of the Clients in paper form shall be stored in safe boxes.
5.4.2. Personal data of the Clients in electronic form shall be stored in the local computer network of the Organization, in electronic folders and files in the personal computers of the General Director and of the employees admitted to processing personal data of the Clients.
5.4.3. The documents containing personal data of the Clients shall be stored in the lockable cabinets (safe boxes) that provide protection from unauthorized access. At the end of the business day, all documents containing personal data of the Clients shall be placed in the cabinets (safe boxes) that provide protection from unauthorized access.
5.4.4. Protection of access to the electronic databases containing personal data of the Clients shall be provided by the following:
Using licensed anti-virus and anti-hacker programs that prevent unauthorized entry into the local network of the Organization.
Differentiating the access rights using the accounts.
Applying the two-stage password system: at the local computer network level and at the database level. Passwords shall be set by the System Administrator of the Organization and communicated individually to the employees who have access to personal data of the Clients.
5.4.5.1. Unauthorized entry into the PCs containing personal data of the Clients shall be blocked by the password that is set by the System Administrator and is not subject to disclosure.
5.4.5.2. All electronic folders and files containing personal data of the Clients shall be protected with the password that is set by the employee of the Organization responsible for the PC and communicated to the System Administrator.
5.4.5.3. Passwords shall be changed by the System Administrator at least once every 3 months.
5.4.6. Copies and extracts from personal data of the Client may be made only for official purposes with the written permission of the General Director of the Organization.
5.4.7. Responses to the written inquiries from other organizations and institutions concerning personal data of the Clients shall be given only with the written consent of the Client itself, unless otherwise provided by law. Responses shall be made in writing, on the Organization's letterhead, and to the extent that allows not to disclose excessive personal data of the Client.

 

6. Blocking, Depersonalization, Destruction of Personal Data

 

6.1. Procedure for blocking and unblocking personal data:
6.1.1. Personal data of the Clients shall be blocked under the written application of the Client.
6.1.2. Blocking of personal data implies the following:
6.1.2.1. Prohibition to edit personal data.
6.1.2.2. Prohibition to distribute personal data by any means (e-mail, cellular communication, tangible media).
6.1.2.3. Prohibition to use personal data in bulk mailings (SMS, e-mail, mail).
6.1.2.4. Withdrawal of the paper documents relating to the Client and containing its personal data from the internal document flow of the Organization, and prohibition to use the same.
6.1.3. Blocking of the Client's personal data may be temporarily withdrawn if this is required to comply with the laws of the Russian Federation.
6.1.4. Personal data of the Client shall be unblocked with its written consent (if there is a need to obtain such consent) or under the Client's application.
6.1.5. The Client's repeated consent to the processing of its personal data (if there is a need to obtain such consent) shall entail unblocking of its personal data.
6.2. Procedure for depersonalization and destruction of personal data:
6.2.1. Personal data of the Client shall be depersonalized under the written application of the Client, provided that all contractual relations are completed and not less than 5 years have elapsed from the date of termination of the last contract.
6.2.2. In the case of depersonalization, personal data in the information systems shall be replaced by a set of symbols making it impossible to attribute such personal data to a specific Client.
6.2.3. Hard copies of the documents shall be destroyed in the case of depersonalization of personal data.
6.2.5. The Organization shall ensure confidentiality with respect to personal data when it is necessary to conduct testing of the information systems on the developer's premises and depersonalize personal data in the information systems transferred to the developer.
6.2.6. Destruction of the Client's personal data implies termination of any access to the Client's personal data.
6.2.7. Upon destruction of the Client's personal data, the employees of the Organization shall not have access to the personal data of the subject in the information systems.
6.2.8. In the destruction of personal data, hard copies of the documents shall be destroyed, personal data in the information systems shall be depersonalized. Personal data shall not be restored.
6.2.9. Destruction of personal data shall be irreversible.
6.2.10. The period after which destruction of the Client's personal data becomes possible shall be determined by the end of the period specified in Clause 7.3 of these Regulations.

 

7. Transfer and Storage of Personal Data

 

7.1. Transfer of personal data:
7.1.1. Transfer of the personal data of a subject shall be understood as distribution of the information through communication channels and on tangible media.
7.1.2. When transferring personal data, the employees of the Organization shall comply with the following requirements:
7.1.2.1. Disclose no personal data of the Client to a third party without the written consent of the Client, except for the cases established by the federal law of the Russian Federation or these Regulations.
7.1.2.3. Warn the persons obtaining personal data of the Client that these data may be used only for the purposes for which they are communicated, and require from these persons to confirm compliance with this rule;
7.1.2.4. Allow access to personal data of the Clients only to the specially authorized persons, and such persons must have the right to receive only the personal data of the Clients that are necessary to perform specific functions.
7.1.2.5. Transfer personal data of the Client within the Organization in accordance with these Regulations, regulatory and technological documentation and job descriptions.
7.1.2.6. Provide the Client with access to its personal data when applied for or upon receipt of the Client's request. The Organization shall inform the Client about the availability of personal data about the same and provide the opportunity to become familiarized with the same within ten business days from the date of application.
7.1.2.7. Transfer personal data of the Client to the representatives of the Client following the procedure established by the laws and regulatory and technological documentation, and limit this information only to the personal data of the subject that are necessary for these representatives to perform their functions.
7.1.2.8. Ensure keeping the register of the issued personal data of the Clients, which records the information about the person to whom the Clients' personal data were transferred, the date of the personal data transfer or the date of the notice of refusal to provide personal data, and also notes which particular information was transferred (following the form of Annex No. 1).
7.2. Storage and use of personal data:
7.2.1. Storage of personal data shall be understood as the existence of records in the information systems and on tangible media.
7.2.2. Personal data of the Customers shall be processed and stored in information systems and as hard copies in the Organization. Personal data of the Clients shall also be stored electronically: in the local computer network of the Organization, in electronic folders and files in the PCs of the General Director and of the employees authorized to process personal data of the Clients.
7.2.3. Personal data of the Client may be stored no longer than required by the processing purposes, unless otherwise stipulated by the federal laws of the Russian Federation.
7.3. Period for storage of personal data:
7.3.1. The period for storage of the civil contracts containing personal data of the Clients and of the documents accompanying their conclusion and execution shall be 5 years from the date of termination of the contracts.
7.3.2. During the storage period, personal data shall not be depersonalized or destroyed.
7.3.3. Upon the expiry of the storage period, personal data may be depersonalized in the information systems and destroyed as hard copies following the procedure established by the Regulations and by the applicable laws of the Russian Federation.

 

8. Rights of the Personal Data Operator

 

The Organization may:
8.1. Defend its interests in the court.
8.2. Provide personal data of the Clients to third parties, if it is stipulated by the applicable laws (tax, law enforcement agencies, etc.).
8.3. Refuse to provide personal data in the cases stipulated by law.
8.4. Use the Client's personal data without its consent in the cases stipulated by the laws of the Russian Federation.

 

9. Rights of the Client

 

The Client may:
9.1. Request updating its personal data, its blocking or destruction in the event that personal data are incomplete, outdated, unreliable, unlawfully obtained or are not necessary for the stated purpose of processing, and also take legal measures to protect its rights.
9.2. Request the list of the processed personal data available in the Organization and the source of such data.
9.3. Receive information on the period for personal data processing, including their storage period.
9.4. Request notifying all parties who previously received its incorrect or incomplete personal data about all exceptions, corrections or additions concerning such data.
9.5. Appeal to the authorized body for the protection of the rights of subjects of personal data or judicially wrongful acts or omissions in the processing of its personal data.

 

10. Liability for Violation of the Rules Governing Processing and Protection of Personal Data

 

10.1. Employees of the Organization who are guilty of violating the rules governing the receipt, processing and protection of personal shall bear disciplinary, administrative, civil or criminal liability in accordance with the federal laws and internal local regulations of the Organization.

 

 

APPROVED by the Order of the General Director of TEAMO LLC dated August 29, 2016