Policy Privacy
1. General Provisions
1.1. The Personal Data Processing Policy of TELCORE LLC (hereinafter referred to as the Policy) has been developed in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and the Labor Code of the Russian Federation.
1.2. This Policy is a local regulatory act of TELCORE LLC.
1.3. The Policy defines the basic requirements for the procedure of processing, storing, transferring, or otherwise using personal data of subjects by TELCORE LLC.
1.4. This Policy defines the principles, procedure, and conditions for processing personal data of employees, job applicants, and counterparties of TELCORE LLC, as well as other individuals whose personal data is processed by TELCORE LLC, in order to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of rights to privacy, personal, and family secrets, and also establishes the liability of officials of TELCORE LLC who have access to personal data for failure to comply with the requirements of the norms regulating the processing and protection of personal data.
1.5. The requirements established by the Policy apply to incoming, outgoing, internal, organizational-administrative, and other documents of TELCORE LLC containing personal data, regardless of the type of media on which they are presented.
1.6. This Policy is mandatory for all employees of TELCORE LLC.
1.7. Since, in accordance with Part 2 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data," unrestricted access must be provided to this Policy, it does not publish detailed information on the measures taken to protect personal data at TELCORE LLC, nor other information, the use of which by an unlimited circle of persons could harm TELCORE LLC or the subjects of personal data.
2. Basic Concepts
2.1. The basic concepts used in the Policy:
* **Personal data** – any information relating directly or indirectly to a specific or determinable individual (subject of personal data);
* **Subject of personal data** – an individual who is directly or indirectly identified or identifiable through personal data;
* **Operator** – a state body, municipal body, legal entity, or individual, organizing and/or carrying out the processing of personal data independently or jointly with other persons, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data;
* **Processing of personal data** – any action (operation) or set of actions (operations) performed using automation means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
* **Automated processing of personal data** – processing of personal data by means of computer technology;
* **Distribution of personal data** – actions aimed at disclosing personal data to an indefinite circle of persons;
* **Provision of personal data** – actions aimed at disclosing personal data to a specific person or a specific circle of persons;
* **Blocking of personal data** – temporary cessation of processing of personal data (except where processing is necessary to clarify personal data);
* **Destruction of personal data** – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the physical media of personal data are destroyed;
* **Anonymization of personal data** – actions as a result of which it becomes impossible, without using additional information, to determine the ownership of personal data to a specific subject of personal data;
* **Personal data information system** – a set of personal data contained in databases and information technologies and technical means ensuring their processing;
* **Cross-border transfer of personal data** – transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual, or a foreign legal entity;
* **Threats to personal data security** – a set of conditions and factors that create a danger of unauthorized, including accidental, access to personal data, which may result in destruction, alteration, blocking, copying, provision, distribution of personal data, as well as other unlawful actions during their processing in the personal data information system;
* **Level of protection of personal data** – a comprehensive indicator characterizing the requirements, the fulfillment of which ensures the neutralization of certain threats to the security of personal data during their processing in personal data information systems.
3. Purposes of Collecting Personal Data
3.1. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.
3.2. Only personal data that meets the purposes of their processing is subject to processing.
3.3. The processing of personal data is carried out for the following purposes:
* Carrying out its activities in accordance with the Company's Charter, including concluding and executing contracts with counterparties;
* Fulfillment of labor legislation within the framework of labor and other directly related relations, including: assisting employees in employment, education, and career advancement, attracting and selecting candidates for employment at TELCORE LLC, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, maintaining military records, completing and submitting required reporting forms to authorized bodies, organizing registration in individual (personalized) accounting systems for employees in compulsory pension insurance and compulsory social insurance systems;
* Implementation of access control.
4. Legal Basis for Processing Personal Data
4.1. The processing of personal data is carried out by TELCORE LLC on a legal and fair basis. The legal grounds for processing are:
* The Constitution of the Russian Federation;
* The Labor Code of the Russian Federation;
* The Civil Code of the Russian Federation;
* The Tax Code of the Russian Federation;
* Federal Law No. 14-FZ of February 8, 1998 "On Limited Liability Companies";
* Federal Law No. 402-FZ of December 6, 2011 "On Accounting";
* Federal Law No. 167-FZ of December 15, 2001 "On Compulsory Pension Insurance in the Russian Federation";
* Federal Law No. 53-FZ of March 28, 1998 "On Military Duty and Military Service";
* Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
* Decree of the Government of the Russian Federation No. 687 of September 15, 2008 "On Approval of the Regulation on the Specifics of Processing Personal Data Carried Out Without the Use of Automation Means";
* Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of Requirements for the Protection of Personal Data during their Processing in Personal Data Information Systems";
* The Charter of TELCORE LLC;
* Contracts concluded between TELCORE LLC and a counterparty or subject of personal data;
* Other regulatory legal acts regulating relations related to the activities of TELCORE LLC.
5. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects
5.1. The content and scope of the processed personal data must correspond to the stated processing purposes specified in Section 3 of this Policy. The processed personal data must not be excessive in relation to the stated purposes of their processing.
5.2. TELCORE LLC may process personal data of the following categories of personal data subjects.
5.2.1. **Candidates for employment at TELCORE LLC** – for the purposes of fulfilling labor legislation within the framework of labor and other directly related relations, implementing access control:
* Surname, first name, patronymic;
* Gender;
* Citizenship;
* Date of birth;
* Place of birth;
* Contact details;
* Education details;
* Employment history (including work experience, current employment details with organization name and current account number);
* Income;
* Email address;
* Registration address;
* SNILS (Individual Insurance Account Number);
* Data contained in the birth certificate;
* Current account number;
* Profession;
* Marital status;
* Education details;
* Residential address;
* Phone number;
* INN (Individual Taxpayer Number);
* Identity document details;
* Document details for identification outside the Russian Federation;
* Bank card details;
* Position;
* Attitude to military duty, military registration details;
* Health status details;
* Criminal record details;
* Other personal data.
5.2.2. **Employees and former employees of TELCORE LLC** – for the purposes of fulfilling labor legislation within the framework of labor and other directly related relations, implementing access control:
* Surname, first name, patronymic;
* Gender;
* Citizenship;
* Date of birth;
* Place of birth;
* Contact details;
* Education details;
* Employment history (including work experience, current employment details with organization name and current account number);
* Income;
* Email address;
* Registration address;
* SNILS (Individual Insurance Account Number);
* Data contained in the birth certificate;
* Current account number;
* Profession;
* Marital status;
* Education details;
* Residential address;
* Phone number;
* INN (Individual Taxpayer Number);
* Identity document details;
* Document details for identification outside the Russian Federation;
* Bank card details;
* Position;
* Attitude to military duty, military registration details;
* Health status details;
* Criminal record details;
* Other personal data.
5.2.3. **Clients and counterparties of TELCORE LLC** – for the purposes of carrying out its activities in accordance with the Company's Charter, implementing access control:
* Surname, first name, patronymic;
* Date and place of birth;
* Passport details;
* Residential registration address;
* Contact details;
* Position held;
* INN (Individual Taxpayer Number);
* Current account number;
* Other personal data provided by clients and counterparties necessary for concluding and executing contracts.
6. Procedure and Conditions for Processing Personal Data
6.1. The processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), distribution, anonymization, blocking, deletion, and destruction of personal data.
6.2. TELCORE LLC processes personal data both with the use of automation means and without the use of automation means (mixed processing).
6.3. The processing of personal data by TELCORE LLC, including their storage, is carried out within the time limits established by current legislation, as well as by local regulatory acts.
6.4. The processing of personal data by TELCORE LLC is carried out with the consent of the personal data subject to the processing of their personal data, unless otherwise provided by the legislation of the Russian Federation.
6.5. TELCORE LLC does not disclose personal data to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided by the legislation of the Russian Federation.
6.6. TELCORE LLC has the right to entrust the processing of personal data to another person with the consent of the personal data subject on the basis of a contract concluded with that person. The contract must contain a list of actions (operations) with personal data to be performed by the person processing the personal data, the purposes of processing, the obligation of such person to maintain the confidentiality of personal data and ensure the security of personal data during their processing, as well as the requirements for the protection of processed personal data in accordance with Article 19 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
6.7. For the purpose of internal information support, TELCORE LLC may create internal reference materials, which, with the written consent of the personal data subject (unless otherwise provided by the legislation of the Russian Federation), may include their surname, first name, patronymic, place of work, position, date of birth, phone number, email address, and other personal data provided by the personal data subject.
6.8. Access to personal data processed by TELCORE LLC is granted only to employees of the operator who require it in connection with the performance of their official duties, holding positions included in the list of TELCORE LLC employees authorized to process personal data.
6.9. TELCORE LLC transfers personal data to third parties within the framework and in accordance with the legislation of the Russian Federation.
6.10. TELCORE LLC has the right to transfer personal data to inquiry and investigation bodies, and other authorized bodies on the grounds provided for by the current legislation of the Russian Federation.
6.11. Physical media of personal data are stored by TELCORE LLC under conditions ensuring the safety of personal data and preventing unauthorized access to them.
6.12. Upon achieving the purposes of processing personal data, and also in the event of withdrawal of consent to their processing by the personal data subject, personal data is subject to destruction, unless:
* otherwise provided by the contract;
* the operator is entitled to process without the consent of the personal data subject on the grounds provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" or other federal laws;
* otherwise provided by another agreement between the operator and the personal data subject.
6.13. The processing of personal data is carried out with confidentiality maintained.
6.14. TELCORE LLC takes the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, distribution, and other unauthorized actions, including:
* Identifying threats to the security of personal data during their processing;
* Adopting local regulatory acts and other documents regulating relations in the field of processing and protecting personal data;
* Appointing persons responsible for ensuring the security of personal data in structural divisions and information systems of the Operator;
* Creating necessary conditions for working with personal data;
* Organizing the registration of documents containing personal data;
* Storing personal data under conditions that ensure their safety and exclude unauthorized access to them;
* Organizing training for employees engaged in the processing of personal data.
7. Confidentiality of Personal Data
7.1. The Operator and third parties gaining access to personal data must ensure the confidentiality of such data.
7.2. Ensuring the confidentiality of personal data is not required:
* In the case of anonymization of personal data;
* In relation to publicly available personal data.
7.3. Measures taken to ensure confidentiality during the acquisition, processing, and storage of personal data of personal data subjects apply to all physical information media used to store personal data of personal data subjects at TELCORE LLC.
7.4. Personal liability is one of the main requirements for organizing the functioning of the personal information protection system and a mandatory condition for ensuring the effectiveness of this system. An employee of TELCORE LLC who receives a document or medium containing information that includes personal data of personal data subjects for work bears personal liability for the safety of the media and the confidentiality of the information.
7.5. Employees of TELCORE LLC who, in accordance with their employment duties, process personal data of personal data subjects bear personal liability for disclosure and unauthorized distribution (transfer) of personal data.
7.6. The rights, duties, and actions of employees whose employment duties include processing personal data of personal data subjects of TELCORE LLC are defined by this Personal Data Processing Policy and other organizational and administrative documents of TELCORE LLC.
7.7. Legal entities and individuals, who, in accordance with their authority, possess information about the personal data of citizens, and who receive and use it, are liable under the legislation of the Russian Federation for violating the protection regime, processing, and procedure for using this information.
7.8. Disclosure of personal data of a TELCORE LLC personal data subject (transfer to unauthorized persons, including personal data subjects of TELCORE LLC who do not have access to them), their public disclosure, loss of documents and other media containing personal data of the personal data subject, as well as other violations of the duties for their protection and processing established by this Personal Data Processing Policy, local regulatory acts (orders, directives) of TELCORE LLC, shall result in the imposition of disciplinary action on the employee with access to personal data, in the form of a reprimand, a severe reprimand, or dismissal.
7.9. Employees who have access to personal data of a personal data subject and who disclose them bear full financial liability if their actions cause damage to the employer (Article 243, paragraph 7, of the Labor Code of the Russian Federation).
7.10. In cases expressly provided for by the criminal legislation of the Russian Federation, employees found guilty of unlawful use and/or transfer, collection and/or storage of computer information containing personal data, as well as in other cases provided for by the Criminal Code of the Russian Federation, are subject to criminal liability.
8. Rights and Obligations of the Personal Data Operator
8.1. TELCORE LLC is obliged to take measures necessary and sufficient to ensure the fulfillment of duties stipulated by the legislation of the Russian Federation, including:
* Appointing a person responsible for organizing the processing of personal data and assigning to them the following duties: organizing work to ensure the security of personal data during their processing in personal data information systems; conducting investigations into cases of non-compliance with the conditions for storing personal data media, using information security means that may lead to a breach of confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data; suspending the provision of personal data to users of the information system upon detecting violations of the procedure for providing personal data;
* Issuing documents defining the policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations;
* Applying legal, organizational, and technical measures to ensure the security of personal data;
* Assessing the harm that may be caused to personal data subjects in the event of a violation of the law, and the relationship between said harm and the measures taken by the operator aimed at ensuring the fulfillment of duties stipulated by the legislation of the Russian Federation;
* Familiarizing employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, with documents defining the policy of TELCORE LLC regarding the processing of personal data, local acts on the processing of personal data, and/or training said employees.
8.2. The Operator is obliged to publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data. If the collection of personal data is carried out using an information and telecommunications network, the Operator is obliged to publish the said document in this network and ensure the possibility of accessing it using the means of the relevant information and telecommunications network.
8.3. When processing personal data, the Operator is obliged to take necessary legal, organizational, and technical measures or ensure their adoption to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to personal data.
9. Rights and Obligations of Personal Data Subjects
9.1. A personal data subject has the right to withdraw consent to the processing of personal data by sending a corresponding request to TELCORE LLC by mail or by contacting in person.
9.2. A personal data subject has the right to receive information concerning the processing of their personal data, including:
* Confirmation of the fact of processing of personal data by the operator;
* The legal grounds and purposes of processing personal data;
* The purposes and methods of processing personal data used by the operator;
* The processed personal data relating to the relevant personal data subject, the source of their acquisition, unless a different procedure for providing such data is provided for by federal law;
* The terms of processing personal data, including the periods of their storage.
9.3. A personal data subject has the right to demand from TELCORE LLC the clarification of their personal data, their blocking, or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
9.4. If a personal data subject believes that TELCORE LLC is processing their personal data in violation of the requirements of the Federal Law "On Personal Data" or otherwise violates their rights and freedoms, the personal data subject has the right to appeal the actions or inaction of the operator to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media – Roskomnadzor) or in court.
9.5. A personal data subject has the right to protect their rights and legitimate interests, including to compensation for losses and/or compensation for moral harm in court.
10. Provision, Storage, and Destruction of Personal Data
10.1. The following requirements are established when providing personal data of subjects:
* Not to communicate personal data of personal data subjects to a third party without the written consent of the personal data subject, except when necessary to prevent a threat to the life and health of the employee, as well as in cases established by federal law;
* To warn persons receiving personal data of personal data subjects that this data may be used only for the purposes for which it was communicated, and to require these persons to confirm that this rule is observed;
* Not to request information about the employee's health status, except for information that relates to the issue of the personal data subject's ability to perform their job function;
* To transfer personal data of the personal data subject to their legal, authorized representatives in the manner established by the Labor Code of the Russian Federation, and to limit this information to only those personal data necessary for the said representatives to perform their functions.
10.2. Only persons authorized to access the personal data of personal data subjects may provide and receive documents containing employees' personal data.
10.3. A personal data subject who receives a document containing personal data of other personal data subjects, including those on an electronic information medium, for review or execution, shall ensure its proper storage, excluding unauthorized access by unauthorized persons.
10.4. Personal data of personal data subjects may be provided both on paper and in electronic form (via a local computer network, electronic media).
10.5. Storage of personal data must be carried out in a form that allows the identification of the personal data subject, no longer than required by the purposes of their processing. Personal data is subject to destruction upon achieving the purposes of processing or in the event of loss of the necessity to achieve them.
10.6. For premises where personal data is processed (stored), a security regime is organized to ensure the safety of personal data media and technical means of processing personal data, as well as to exclude the possibility of entry and presence of unauthorized persons in these premises.
10.7. Personal data subjects of TELCORE LLC who have access to personal data are allowed into the premises where personal data is processed (stored).
10.8. Unauthorized persons may be present in the premises where personal data is processed (stored) only in the presence of TELCORE LLC employees who have access to personal data.
10.9. Internal control over compliance with the procedure for accessing premises where personal data is processed (stored) is carried out by the person responsible for organizing the processing of personal data.
10.10. Storage of personal data in a form that allows identification of the personal data subject is carried out no longer than required by the purposes of their processing.
10.11. Consents to the processing of personal data belong to the category of personal data and are accordingly stored in personal files.
10.12. Personal data shall be destroyed within a period not exceeding three working days from the date of achieving the purpose of processing the personal data or in the event of loss of necessity to achieve them, unless otherwise provided by federal laws and this Personal Data Processing Policy.
10.13. Destruction of personal data of a personal data subject is carried out in the following cases:
* Upon achieving the purposes of their processing or in the event of loss of necessity to achieve them;
* After the expiration of the storage periods for physical information media containing personal data of personal data subjects;
* In other cases provided for by the legislation of the Russian Federation.
10.14. If the processing of personal data is carried out without the use of automation means, the document confirming the destruction of personal data of personal data subjects is the Personal Data Destruction Act (hereinafter referred to as the Act). The Act is signed by members of the commission, who are appointed by the relevant local regulatory act of TELCORE LLC.
10.15. If the processing of personal data is carried out using automation means, the documents confirming the destruction of personal data of personal data subjects are the Personal Data Destruction Act and an extract from the event log of the personal data information system.
10.16. The Personal Data Destruction Act and the extract from the log shall be stored for 3 years from the date of destruction of the personal data.
1.1. The Personal Data Processing Policy of TELCORE LLC (hereinafter referred to as the Policy) has been developed in accordance with the requirements of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and the Labor Code of the Russian Federation.
1.2. This Policy is a local regulatory act of TELCORE LLC.
1.3. The Policy defines the basic requirements for the procedure of processing, storing, transferring, or otherwise using personal data of subjects by TELCORE LLC.
1.4. This Policy defines the principles, procedure, and conditions for processing personal data of employees, job applicants, and counterparties of TELCORE LLC, as well as other individuals whose personal data is processed by TELCORE LLC, in order to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of rights to privacy, personal, and family secrets, and also establishes the liability of officials of TELCORE LLC who have access to personal data for failure to comply with the requirements of the norms regulating the processing and protection of personal data.
1.5. The requirements established by the Policy apply to incoming, outgoing, internal, organizational-administrative, and other documents of TELCORE LLC containing personal data, regardless of the type of media on which they are presented.
1.6. This Policy is mandatory for all employees of TELCORE LLC.
1.7. Since, in accordance with Part 2 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data," unrestricted access must be provided to this Policy, it does not publish detailed information on the measures taken to protect personal data at TELCORE LLC, nor other information, the use of which by an unlimited circle of persons could harm TELCORE LLC or the subjects of personal data.
2. Basic Concepts
2.1. The basic concepts used in the Policy:
* **Personal data** – any information relating directly or indirectly to a specific or determinable individual (subject of personal data);
* **Subject of personal data** – an individual who is directly or indirectly identified or identifiable through personal data;
* **Operator** – a state body, municipal body, legal entity, or individual, organizing and/or carrying out the processing of personal data independently or jointly with other persons, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data;
* **Processing of personal data** – any action (operation) or set of actions (operations) performed using automation means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data;
* **Automated processing of personal data** – processing of personal data by means of computer technology;
* **Distribution of personal data** – actions aimed at disclosing personal data to an indefinite circle of persons;
* **Provision of personal data** – actions aimed at disclosing personal data to a specific person or a specific circle of persons;
* **Blocking of personal data** – temporary cessation of processing of personal data (except where processing is necessary to clarify personal data);
* **Destruction of personal data** – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the physical media of personal data are destroyed;
* **Anonymization of personal data** – actions as a result of which it becomes impossible, without using additional information, to determine the ownership of personal data to a specific subject of personal data;
* **Personal data information system** – a set of personal data contained in databases and information technologies and technical means ensuring their processing;
* **Cross-border transfer of personal data** – transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual, or a foreign legal entity;
* **Threats to personal data security** – a set of conditions and factors that create a danger of unauthorized, including accidental, access to personal data, which may result in destruction, alteration, blocking, copying, provision, distribution of personal data, as well as other unlawful actions during their processing in the personal data information system;
* **Level of protection of personal data** – a comprehensive indicator characterizing the requirements, the fulfillment of which ensures the neutralization of certain threats to the security of personal data during their processing in personal data information systems.
3. Purposes of Collecting Personal Data
3.1. The processing of personal data is limited to achieving specific, predetermined, and legitimate purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.
3.2. Only personal data that meets the purposes of their processing is subject to processing.
3.3. The processing of personal data is carried out for the following purposes:
* Carrying out its activities in accordance with the Company's Charter, including concluding and executing contracts with counterparties;
* Fulfillment of labor legislation within the framework of labor and other directly related relations, including: assisting employees in employment, education, and career advancement, attracting and selecting candidates for employment at TELCORE LLC, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, maintaining military records, completing and submitting required reporting forms to authorized bodies, organizing registration in individual (personalized) accounting systems for employees in compulsory pension insurance and compulsory social insurance systems;
* Implementation of access control.
4. Legal Basis for Processing Personal Data
4.1. The processing of personal data is carried out by TELCORE LLC on a legal and fair basis. The legal grounds for processing are:
* The Constitution of the Russian Federation;
* The Labor Code of the Russian Federation;
* The Civil Code of the Russian Federation;
* The Tax Code of the Russian Federation;
* Federal Law No. 14-FZ of February 8, 1998 "On Limited Liability Companies";
* Federal Law No. 402-FZ of December 6, 2011 "On Accounting";
* Federal Law No. 167-FZ of December 15, 2001 "On Compulsory Pension Insurance in the Russian Federation";
* Federal Law No. 53-FZ of March 28, 1998 "On Military Duty and Military Service";
* Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
* Decree of the Government of the Russian Federation No. 687 of September 15, 2008 "On Approval of the Regulation on the Specifics of Processing Personal Data Carried Out Without the Use of Automation Means";
* Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of Requirements for the Protection of Personal Data during their Processing in Personal Data Information Systems";
* The Charter of TELCORE LLC;
* Contracts concluded between TELCORE LLC and a counterparty or subject of personal data;
* Other regulatory legal acts regulating relations related to the activities of TELCORE LLC.
5. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects
5.1. The content and scope of the processed personal data must correspond to the stated processing purposes specified in Section 3 of this Policy. The processed personal data must not be excessive in relation to the stated purposes of their processing.
5.2. TELCORE LLC may process personal data of the following categories of personal data subjects.
5.2.1. **Candidates for employment at TELCORE LLC** – for the purposes of fulfilling labor legislation within the framework of labor and other directly related relations, implementing access control:
* Surname, first name, patronymic;
* Gender;
* Citizenship;
* Date of birth;
* Place of birth;
* Contact details;
* Education details;
* Employment history (including work experience, current employment details with organization name and current account number);
* Income;
* Email address;
* Registration address;
* SNILS (Individual Insurance Account Number);
* Data contained in the birth certificate;
* Current account number;
* Profession;
* Marital status;
* Education details;
* Residential address;
* Phone number;
* INN (Individual Taxpayer Number);
* Identity document details;
* Document details for identification outside the Russian Federation;
* Bank card details;
* Position;
* Attitude to military duty, military registration details;
* Health status details;
* Criminal record details;
* Other personal data.
5.2.2. **Employees and former employees of TELCORE LLC** – for the purposes of fulfilling labor legislation within the framework of labor and other directly related relations, implementing access control:
* Surname, first name, patronymic;
* Gender;
* Citizenship;
* Date of birth;
* Place of birth;
* Contact details;
* Education details;
* Employment history (including work experience, current employment details with organization name and current account number);
* Income;
* Email address;
* Registration address;
* SNILS (Individual Insurance Account Number);
* Data contained in the birth certificate;
* Current account number;
* Profession;
* Marital status;
* Education details;
* Residential address;
* Phone number;
* INN (Individual Taxpayer Number);
* Identity document details;
* Document details for identification outside the Russian Federation;
* Bank card details;
* Position;
* Attitude to military duty, military registration details;
* Health status details;
* Criminal record details;
* Other personal data.
5.2.3. **Clients and counterparties of TELCORE LLC** – for the purposes of carrying out its activities in accordance with the Company's Charter, implementing access control:
* Surname, first name, patronymic;
* Date and place of birth;
* Passport details;
* Residential registration address;
* Contact details;
* Position held;
* INN (Individual Taxpayer Number);
* Current account number;
* Other personal data provided by clients and counterparties necessary for concluding and executing contracts.
6. Procedure and Conditions for Processing Personal Data
6.1. The processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), distribution, anonymization, blocking, deletion, and destruction of personal data.
6.2. TELCORE LLC processes personal data both with the use of automation means and without the use of automation means (mixed processing).
6.3. The processing of personal data by TELCORE LLC, including their storage, is carried out within the time limits established by current legislation, as well as by local regulatory acts.
6.4. The processing of personal data by TELCORE LLC is carried out with the consent of the personal data subject to the processing of their personal data, unless otherwise provided by the legislation of the Russian Federation.
6.5. TELCORE LLC does not disclose personal data to third parties or distribute personal data without the consent of the personal data subject, unless otherwise provided by the legislation of the Russian Federation.
6.6. TELCORE LLC has the right to entrust the processing of personal data to another person with the consent of the personal data subject on the basis of a contract concluded with that person. The contract must contain a list of actions (operations) with personal data to be performed by the person processing the personal data, the purposes of processing, the obligation of such person to maintain the confidentiality of personal data and ensure the security of personal data during their processing, as well as the requirements for the protection of processed personal data in accordance with Article 19 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".
6.7. For the purpose of internal information support, TELCORE LLC may create internal reference materials, which, with the written consent of the personal data subject (unless otherwise provided by the legislation of the Russian Federation), may include their surname, first name, patronymic, place of work, position, date of birth, phone number, email address, and other personal data provided by the personal data subject.
6.8. Access to personal data processed by TELCORE LLC is granted only to employees of the operator who require it in connection with the performance of their official duties, holding positions included in the list of TELCORE LLC employees authorized to process personal data.
6.9. TELCORE LLC transfers personal data to third parties within the framework and in accordance with the legislation of the Russian Federation.
6.10. TELCORE LLC has the right to transfer personal data to inquiry and investigation bodies, and other authorized bodies on the grounds provided for by the current legislation of the Russian Federation.
6.11. Physical media of personal data are stored by TELCORE LLC under conditions ensuring the safety of personal data and preventing unauthorized access to them.
6.12. Upon achieving the purposes of processing personal data, and also in the event of withdrawal of consent to their processing by the personal data subject, personal data is subject to destruction, unless:
* otherwise provided by the contract;
* the operator is entitled to process without the consent of the personal data subject on the grounds provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" or other federal laws;
* otherwise provided by another agreement between the operator and the personal data subject.
6.13. The processing of personal data is carried out with confidentiality maintained.
6.14. TELCORE LLC takes the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, distribution, and other unauthorized actions, including:
* Identifying threats to the security of personal data during their processing;
* Adopting local regulatory acts and other documents regulating relations in the field of processing and protecting personal data;
* Appointing persons responsible for ensuring the security of personal data in structural divisions and information systems of the Operator;
* Creating necessary conditions for working with personal data;
* Organizing the registration of documents containing personal data;
* Storing personal data under conditions that ensure their safety and exclude unauthorized access to them;
* Organizing training for employees engaged in the processing of personal data.
7. Confidentiality of Personal Data
7.1. The Operator and third parties gaining access to personal data must ensure the confidentiality of such data.
7.2. Ensuring the confidentiality of personal data is not required:
* In the case of anonymization of personal data;
* In relation to publicly available personal data.
7.3. Measures taken to ensure confidentiality during the acquisition, processing, and storage of personal data of personal data subjects apply to all physical information media used to store personal data of personal data subjects at TELCORE LLC.
7.4. Personal liability is one of the main requirements for organizing the functioning of the personal information protection system and a mandatory condition for ensuring the effectiveness of this system. An employee of TELCORE LLC who receives a document or medium containing information that includes personal data of personal data subjects for work bears personal liability for the safety of the media and the confidentiality of the information.
7.5. Employees of TELCORE LLC who, in accordance with their employment duties, process personal data of personal data subjects bear personal liability for disclosure and unauthorized distribution (transfer) of personal data.
7.6. The rights, duties, and actions of employees whose employment duties include processing personal data of personal data subjects of TELCORE LLC are defined by this Personal Data Processing Policy and other organizational and administrative documents of TELCORE LLC.
7.7. Legal entities and individuals, who, in accordance with their authority, possess information about the personal data of citizens, and who receive and use it, are liable under the legislation of the Russian Federation for violating the protection regime, processing, and procedure for using this information.
7.8. Disclosure of personal data of a TELCORE LLC personal data subject (transfer to unauthorized persons, including personal data subjects of TELCORE LLC who do not have access to them), their public disclosure, loss of documents and other media containing personal data of the personal data subject, as well as other violations of the duties for their protection and processing established by this Personal Data Processing Policy, local regulatory acts (orders, directives) of TELCORE LLC, shall result in the imposition of disciplinary action on the employee with access to personal data, in the form of a reprimand, a severe reprimand, or dismissal.
7.9. Employees who have access to personal data of a personal data subject and who disclose them bear full financial liability if their actions cause damage to the employer (Article 243, paragraph 7, of the Labor Code of the Russian Federation).
7.10. In cases expressly provided for by the criminal legislation of the Russian Federation, employees found guilty of unlawful use and/or transfer, collection and/or storage of computer information containing personal data, as well as in other cases provided for by the Criminal Code of the Russian Federation, are subject to criminal liability.
8. Rights and Obligations of the Personal Data Operator
8.1. TELCORE LLC is obliged to take measures necessary and sufficient to ensure the fulfillment of duties stipulated by the legislation of the Russian Federation, including:
* Appointing a person responsible for organizing the processing of personal data and assigning to them the following duties: organizing work to ensure the security of personal data during their processing in personal data information systems; conducting investigations into cases of non-compliance with the conditions for storing personal data media, using information security means that may lead to a breach of confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data; suspending the provision of personal data to users of the information system upon detecting violations of the procedure for providing personal data;
* Issuing documents defining the policy regarding the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, and eliminating the consequences of such violations;
* Applying legal, organizational, and technical measures to ensure the security of personal data;
* Assessing the harm that may be caused to personal data subjects in the event of a violation of the law, and the relationship between said harm and the measures taken by the operator aimed at ensuring the fulfillment of duties stipulated by the legislation of the Russian Federation;
* Familiarizing employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, with documents defining the policy of TELCORE LLC regarding the processing of personal data, local acts on the processing of personal data, and/or training said employees.
8.2. The Operator is obliged to publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data. If the collection of personal data is carried out using an information and telecommunications network, the Operator is obliged to publish the said document in this network and ensure the possibility of accessing it using the means of the relevant information and telecommunications network.
8.3. When processing personal data, the Operator is obliged to take necessary legal, organizational, and technical measures or ensure their adoption to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution, as well as from other unlawful actions in relation to personal data.
9. Rights and Obligations of Personal Data Subjects
9.1. A personal data subject has the right to withdraw consent to the processing of personal data by sending a corresponding request to TELCORE LLC by mail or by contacting in person.
9.2. A personal data subject has the right to receive information concerning the processing of their personal data, including:
* Confirmation of the fact of processing of personal data by the operator;
* The legal grounds and purposes of processing personal data;
* The purposes and methods of processing personal data used by the operator;
* The processed personal data relating to the relevant personal data subject, the source of their acquisition, unless a different procedure for providing such data is provided for by federal law;
* The terms of processing personal data, including the periods of their storage.
9.3. A personal data subject has the right to demand from TELCORE LLC the clarification of their personal data, their blocking, or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
9.4. If a personal data subject believes that TELCORE LLC is processing their personal data in violation of the requirements of the Federal Law "On Personal Data" or otherwise violates their rights and freedoms, the personal data subject has the right to appeal the actions or inaction of the operator to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media – Roskomnadzor) or in court.
9.5. A personal data subject has the right to protect their rights and legitimate interests, including to compensation for losses and/or compensation for moral harm in court.
10. Provision, Storage, and Destruction of Personal Data
10.1. The following requirements are established when providing personal data of subjects:
* Not to communicate personal data of personal data subjects to a third party without the written consent of the personal data subject, except when necessary to prevent a threat to the life and health of the employee, as well as in cases established by federal law;
* To warn persons receiving personal data of personal data subjects that this data may be used only for the purposes for which it was communicated, and to require these persons to confirm that this rule is observed;
* Not to request information about the employee's health status, except for information that relates to the issue of the personal data subject's ability to perform their job function;
* To transfer personal data of the personal data subject to their legal, authorized representatives in the manner established by the Labor Code of the Russian Federation, and to limit this information to only those personal data necessary for the said representatives to perform their functions.
10.2. Only persons authorized to access the personal data of personal data subjects may provide and receive documents containing employees' personal data.
10.3. A personal data subject who receives a document containing personal data of other personal data subjects, including those on an electronic information medium, for review or execution, shall ensure its proper storage, excluding unauthorized access by unauthorized persons.
10.4. Personal data of personal data subjects may be provided both on paper and in electronic form (via a local computer network, electronic media).
10.5. Storage of personal data must be carried out in a form that allows the identification of the personal data subject, no longer than required by the purposes of their processing. Personal data is subject to destruction upon achieving the purposes of processing or in the event of loss of the necessity to achieve them.
10.6. For premises where personal data is processed (stored), a security regime is organized to ensure the safety of personal data media and technical means of processing personal data, as well as to exclude the possibility of entry and presence of unauthorized persons in these premises.
10.7. Personal data subjects of TELCORE LLC who have access to personal data are allowed into the premises where personal data is processed (stored).
10.8. Unauthorized persons may be present in the premises where personal data is processed (stored) only in the presence of TELCORE LLC employees who have access to personal data.
10.9. Internal control over compliance with the procedure for accessing premises where personal data is processed (stored) is carried out by the person responsible for organizing the processing of personal data.
10.10. Storage of personal data in a form that allows identification of the personal data subject is carried out no longer than required by the purposes of their processing.
10.11. Consents to the processing of personal data belong to the category of personal data and are accordingly stored in personal files.
10.12. Personal data shall be destroyed within a period not exceeding three working days from the date of achieving the purpose of processing the personal data or in the event of loss of necessity to achieve them, unless otherwise provided by federal laws and this Personal Data Processing Policy.
10.13. Destruction of personal data of a personal data subject is carried out in the following cases:
* Upon achieving the purposes of their processing or in the event of loss of necessity to achieve them;
* After the expiration of the storage periods for physical information media containing personal data of personal data subjects;
* In other cases provided for by the legislation of the Russian Federation.
10.14. If the processing of personal data is carried out without the use of automation means, the document confirming the destruction of personal data of personal data subjects is the Personal Data Destruction Act (hereinafter referred to as the Act). The Act is signed by members of the commission, who are appointed by the relevant local regulatory act of TELCORE LLC.
10.15. If the processing of personal data is carried out using automation means, the documents confirming the destruction of personal data of personal data subjects are the Personal Data Destruction Act and an extract from the event log of the personal data information system.
10.16. The Personal Data Destruction Act and the extract from the log shall be stored for 3 years from the date of destruction of the personal data.
