Privacy Policy
CONFIDENTIALITY POLICY REGARDING PERSONAL DATA PROCESSING OOO NOVARDIS CONSULTING

1.         INTRODUCTION

The Confidentiality Policy regarding personal data processing at Novardis Consulting LLC (the “Regulation”) determines collection, storage, transfer and other forms of personal data processing procedures at Novardis Consulting LLC (the “Company”) and details on personal data protection requirements to be implemented.

2.         BASIC CONCEPTS

The personal data operator (the “operator”) means a government or municipal authority, legal entity or individual arranging, independently or together with other entities, personal data processing and determining the processing goals, composition of personal data to be processed, actions (transactions) to be made with personal data;

Personal data processing means a single or a few action(s) (transactions) with personal data performed with or without the help of automation technologies. The personal data processing includes but not limited to the following: collection, recording, sorting out, accumulation, storage, detailing (updating, amending), retrieval, use, transfer (distribution, provision, access), impersonalizing, blocking, removal and destruction;

Automated personal data processing means personal data processing with the help of computer technologies;

Distribution of personal data means all actions aimed at disclosure of personal data to an indefinite group of individuals;

Provision of personal data means all actions aimed at disclosure of personal data to certain individual of a certain group of persons;

Destruction of personal data means all actions making impossible to recover personal data in a personal data information system and/or resulting in destruction of personal data physical media;

Personal data information system means a combination of personal data containing in databases and information technologies and technical facilities to support their processing;

Cross-border personal data transmission means transfer of personal data into the territory of a foreign state addressed to a government authority of the foreign state, a foreign individual or legal entity.

3.         PERSONAL DATA COMPOSITION

3.1       The personal data shall be any information related directly or indirectly to a certain or determinable individual (personal data subject).

3.2       The composition of personal data of Company’s employees, former employees, nominees for vacant positions and relatives of employees is recorded in the local documentation of the Company.

3.3       The following relates to the personal data of representatives / employees / customers of counterparties of the Company: surname, first name, middle name, position, place of employment, business phone, business email address, Skype, passport data and signature samples, marital status, children, car availability, consent to receipt of information, address and contact details.

3.4       The following relates to personal data of users of feed-back services on the official Company’s website: surname, first name, middle name; contact phone numbers; email address; the company represented by the user, the area and industry in which the company operates; position of the user; profile; data containing in the profile; date of birth; gender; serial number and number of passport; date of issuance and the government authority issuing the passport; details on the place of residence: country, region, city, postal index, street address.

3.5       All personal data processed by the company pursuant to the law shall be confidential information.

4.         PERSONAL DATA PROCESSING GOALS

4.1       Personal data are processed by the Company to make record of employment or other contractual relations, personnel accounting, bookkeeping, tax accounting and also for the purpose of arrangement and staging by the Company of marketing and/or advertising campaigns; compliance by the Company with obligations as part of civil law agreements made; promotion of Company’s and/or Company partners’ services on the market by establishing direct contacts with customers/counterparties of the Company using a range of communication facilities, including, but not limited to, by phone, email, Internet, etc.

4.2       In order for the Personal Data Operator to be able to properly perform its obligations (the Company) processes the following personal data:

  • Personal data of Company’s employees, former employees, nominees to vacant positions and relatives of employees;
  • Personal data of customers and counterparties of the Company (individuals);
  • Personal data of representatives / employees / customers of Company’s counterparties (legal entities).

4.3       Personal data to be processed will be destroyed or impersonalized after the processing goals are achieved or if there is no more need in achieving such goals.

5.         RIGHTS AND OBLIGATIONS OF THE OPERATOR

The Company as Personal Data Operator may:

  • Defend its interests in the court;
  • Provide personal data of subjects to third parties if permitted by the applicable law (tax or law enforcement authorities, etc.);
  • Refuse to provide personal data as provided by the law;
  • Use the personal data of subjects without his/her consent as provided by the law.

6.         RIGHTS AND OBLIGATIONS OF THE PERSONAL DATA SUBJECT

The personal data subject shall have the following rights:

  • Demand his/her personal data to be detailed, blocked or destroyed, if such personal data are incomplete, outdated, untrue, obtained unlawfully or not required for the stated processing goal, and take steps to protect his/her rights provided by the law;
  • Demand the list of his/her personal data processed by the Operator and the source of obtaining such data;
  • Receive information on terms of personal data processing, including the storage terms;
  • Demand notification of all persons to whom his/her untrue or incomplete personal data were delivered and on all exclusions, corrections and additions made thereto;
  • Appeal to a competent personal data protection authority or to the court with any unlawful act or failure to act in his/her personal data processing;
  • Protection of his/her rights and lawful interests, including indemnification of losses and/or compensation of moral harm in the court.

7.         PERSONAL DATA PROCESSING PROCEDURES

Personal data processing shall be performed by the company subject to the following: the Company shall stage events aimed at prevention of unauthorized access to personal data and/or their transfer to any person not authorized to access such information; protective tools are configured to timely identify any unauthorized access to personal data; technical computer-based data processing facilities are isolated to prevent them from being affected, leading to their malfunctioning.

8.         COMPANY’S REQUIREMENTS TO PERSONAL DATA PROTECTION

8.1       Any Company shall stage the following events: develop confidential information and personal data protection regulations; train Company’s employees on information protection rules and train individuals using information protection technologies applied in information systems, and rules to work therewith; perform control of compliance with the provisions on confidential information and personal data protection.

8.2       Information system of the Company is located on the territory of the Russian Federation. The Company performs no cross-border personal data transmission.

9.         CLOSING PROVISIONS

9.1       This Policy is subject to change in case any new law or special regulation on personal data processing and protection comes to light. The Company also reserves the right to change the Policy at any time to further improve the system protecting personal data delivered to it from unauthorized access.

9.2       This Policy is an internal document of the Company and shall be subject to posting on the official web-site of the Company.



This site is registered on wpml.org as a development site.