PRIVACY & COOKIES
In order to maintain the business reputation and ensure compliance with the norms of federal legislation, Atlant clinical Ltd. (hereinafter referred to as the Company) considers the most important task to ensure the legitimacy of the processing and security of personal data in the Company’s business processes.
- Federal Law No. 149-FZ of July 27, 2006 ‘On Information, Informatization and Information Protection’
- Federal Law No. 152-FZ of July 27, 2006 ‘On Personal Data’
- ‘Requirements for the protection of personal data during their processing in personal data information systems’, approved by the Decree of the Government of the Russian Federation No. 1119 of November 1, 2012;
- ‘Requirements for the protection of information that does not constitute a state secret contained in State information systems’, approved by Order of the FSTEC of Russia No. 17 of February 11, 2013
- ‘The composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems’, approved by Order of the FSTEC of Russia No. 21 of February 18, 2013;
- This Policy`s purposes are:
- ensuring the confidentiality, integrity, and availability of protected information;
- prevention of leakage of protected information;
- monitoring security events and responding to security incidents;
- neutralisation current threats to information security;
- compliance with the requirements of the current legislation on information protection.
- This Policy is approved by the head of the Company and defines the measures, procedures and rules for the protection of information in the Company.
- the Company has introduced, operates and undergoes periodic review (control) of the personal data protection system.
- The processing of personal data in the Company is based on the following principles:
- legality of the purposes and methods of personal data processing and integrity
- compliance of the purposes of personal data processing with the purposes defined in advance and declared when collecting personal data, as well as the powers of the Company
- compliance of the volume and nature of the processed personal data, the methods of personal data processing with the purposes of personal data processing
- the reliability of personal data, their relevance and sufficiency for the purposes of processing, the inadmissibility of processing excessive personal data in relation to the purposes of collection
- legitimacy of organizational and technical measures to ensure the security of personal data
- continuous improvement of the level of knowledge of the Company’s employees in the field of ensuring the security of personal data during their processing
- improving the system of personal data protection
The Company has the right to change the provisions of this Policy at any time unilaterally. The current version of the Policy is available on the company’s official website
PURPOSES OF PROCESSING
In accordance with the principles of personal data processing, the Company defines the current purposes of personal data processing:
- review of resumes and selection of candidates for vacant positions for further employment in the Company;
- ensuring the requirements of accounting and personnel accounting;
- ensuring the personal safety of employees and the safety of the Company’s property;
- ensuring control of the quantity and quality of the work performed;
- performance of obligations provided by local regulations and contracts (including employment contracts) and control over the performance of services provided by the recruitment agency;
- assistance to employees in training and career development;
- assistance in obtaining social benefits and compensation;
- granting employees the authority to conclude transactions and perform other actions on behalf of the Company;
- fulfillment of obligations provided by federal legislation and other regulatory legal acts (including in the field of labor protection, industrial safety and environmental protection);
- providing employees with vehicles for official use;
- assistance in organizing trips to events (including foreign ones);
- conducting trainings and trainings;
- conducting internal audits and internal investigations;
- implementation of business contacts;
- accrual of remuneration under contracts;
- promotion of the Company’s services on the market;
- organization of clinical trials;
PROCESSING OF PERSONAL DATA GUIDELINIES
he Company processes only those personal data that are presented in the approved List of personal data processed by the Company, namely:
- Full name;
- date, month, year of birth;
- place of birth;
- passport data;
- address of registration and actual residence;
- military registration;
- phone number;
- email address;
- marital status;
- information about children;
- work experience;
- bank details.
- The processing of personal data in the Company is carried out in a mixed way.
- The Company performs the following actions when processing personal data:
– clarification (update, change);
– transfer (distribution, provision, access);
The distribution of personal data is carried out in accordance with the requirements of Article 10.1 of Federal Law No. 152-FZ of July 27, 2006 ‘On Personal Data’
- The Company processes the following categories of personal data subjects:
- candidates for vacant positions;
- Company employees;
- relatives of the Company’s employees (children, spouses);
- representatives of legal entities-counterparties and potential counterparties of the Company;
- individuals who provide services under a contract for the provision of paid services (including potential performers under contracts);
- individuals who have applied to the Company in accordance with the procedure established by the Federal Law ‘On the Procedure for Considering Appeals of Citizens of the Russian Federation’
- In the course of its activities, the Company may provide the personal data of the subjects to third parties, in the cases and in the manner provided for by the provisions of the legislation.
- The Company has carried out cross-border transfer of personal data in accordance with the requirements of Article 12 of Federal law No. 152-FZ of July 27, 2006 ‘On personal data’.
- The company ensures compliance of the content and volume of processed personal data with the stated purpose of processing and, if necessary, takes measures to eliminate redundancy in relation to the stated purposes of the processing.
- The Company is prohibited from making decisions regarding personal data subjects based solely on automated processing of their personal data.
- The Company does not process biometric personal data, as well as the personal data of the subjects about:
- criminal records;
- national identity;
- political views;
- religious beliefs;
- philosophical beliefs;
- state of health
- intimate life.
Other personal data not specified in this paragraph may be processed by the Company in accordance with the requirements of the current legislation of the Russian Federation.
The Company does not publish the subject’s personal data in publicly available sources without his prior written consent.
The processing of personal data is not performed on the server owned by the Company.
PERSONAL DATA SECURITY
In order to ensure the security of personal data during their processing, the Company implements the requirements of the following regulatory documents of the Russian Federation in the field of processing and ensuring the security of personal data:
- Federal Law No. 152-FZ of 27.07.2006 ‘On Personal Data’;
- Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 ‘On Approval of the Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems’;
- Decree of the Government of the Russian Federation of 15.09.2008 No. 687 ‘On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out without the Use of Automation Tools’;
- Basic model of threats to the security of personal data when they are processed in personal data information systems (approved by the Deputy Director of the FSTEC of Russia on 15.02.2008);
- Methodology for determining current threats to the security of personal data when they are processed in personal data information systems (approved by the Deputy Director of the FSTEC of Russia on 14.02.2008);
- Order of the FSTEC of Russia No. 21 dated 18.02.2013 ‘On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the security of personal Data during their processing in personal Data Information Systems’.
- The Company evaluates the harm that may be caused to the subjects of personal data and determines the threats to the security of personal data. In accordance with the identified current threats, the Company applies the necessary and sufficient organizational and technical measures, including the use of information security tools, the detection of unauthorized access, the recovery of personal data, the establishment of rules for access to personal data, as well as monitoring and evaluating the effectiveness of the measures applied.
- The Company has approved standard operating procedures governing the protection of personal data during automated and non-automated processing, including:
- unauthorized access to the material carriers of personal data is excluded;
- implemented measures to protect machine storage media, control input-output interfaces;
- measures have been implemented to prevent, detect and neutralize suspected threats on machine-based media.
- The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.
- The Company regularly carries out measures aimed at improving the level of personal data security (including those aimed at protecting personal data from unauthorized or accidental access, modification, copying, blocking, provision, distribution, destruction).
- The Company’s management is aware of the need and is interested in ensuring that the level of security of personal data processed as part of the Company’s core business is adequate both in terms of the requirements of the regulatory documents of the Russian Federation and reasonable in terms of assessing risks to business
THE RIGHTS OF A SUBJECT OF PERSONAL DATA
The subject of personal data (the legal representative of the subject of personal data) has the right, in accordance with the procedure established by the legislation of the Russian Federation, to demand from the Company:
- access to your personal data;
- obtaining information concerning the processing of his personal data;
- making reasonable changes to their personal data;
- revocation of previously issued consent to the processing of personal data
- If the subject of personal data believes that the Company in the process of processing personal data in any way violates his rights and freedoms, he has the right to appeal against the actions or omissions of the Company in court at the location of the Defendant.