Personal Data Management Policy

 

Hereby OOO [limited liability company] “Laboratoriya Umnogo Vozhdeniya” (hereinafter - the Organization) confirms that in implementation of its own projects it is guided by the rules while working with personal data of physical persons that become available to the Organization in connection with implementation of such projects as described in the document.

In implementing its projects the Organization complies with provisions of the Federal Law of the RF dated July 27, 2006, No 152-ФЗ [FZ] “On Personal Data” (hereinafter - the Law).

Under the term “personal data” the Organization understands any information that is directly or indirectly related to a specific or identifiable physical person (personal data owner) including his/her last name, name, patronymic, date of birth, address, marital status, social and property status, education, citizenship, income level, passwords and logins used to access services run by the Organization as well as any other information with respect to such physical person of which the Organization became aware in connection with the implementation of its own projects.

The Organization hereby guarantees that in the event of processing personal data which implies any action (transaction) or series of actions (transactions) performed in respect of personal data using or not using automation technology, including collection, recording, systematization, accumulation, storage, improvement (updates, changes), extraction, use, transfer (distribution, submission, access), depersonalization, blocking, deletion, destruction of personal data, it complies with the rules set forth in the Law.

In the event of personal data processing the Organization is guided by the following principles:

- processing on legal and fair grounds.

- limitation by achieving specific pre-determined and legal purposes. Personal data processing that is not in line with personal data collection purposes is not allowed.

- inadmissibility of combining databases that contain personal data that are processed for incompatible purposes.

- only personal data that comply with purposes of processing are subject to such processing.

- contents and scope of personal data being processed shall comply with the declared processing purposes. Personal data being processed shall not be redundant in respect to their declared processing purposes.

- during the processing of personal data its accuracy, sufficiency and, when necessary, its actuality with regard to personal data processing purposes shall be ensured. The Organization shall use all reasonable efforts or ensure that such efforts are used with regard to deletion or improvement of incomplete or inaccurate data.

- personal data shall be stored in such a form that allows to identify the owner of personal data and during a period that is not more than a period required by purposes of personal data processing, unless personal data storage period is prescribed by the federal law or agreement, party to, beneficiary to or guarantor of which is the owner of personal data.  Personal data being processed are subject to destruction or depersonalization upon achievement of processing purposes or in case of no further need in achieving these purposes, unless otherwise provided by the federal law.

 

In processing personal data the Organization complies with user rights as provided for in the legislation, including:

- Personal data owner has the right to obtain information as provided for in the legislation, except in cases provided for in the relevant provisions.

- Personal data owner has the right to demand from the Organization to improve their personal data, block or destroy them if such personal data is incomplete, outdated, inaccurate, illegally obtained or unnecessary for the declared purpose of processing, as well as use all legal efforts to protect their rights.

- Information shall be provided to the owner of personal data by the Organization in an intelligible form and shall not contain personal data with regard to other owners of personal data, unless disclosure of such personal data is required by the law.

- The Organization shall provide information to owner of personal data or their representative upon contact or upon receipt of request from owner of personal data or their representative. Such request shall contain the number of primary document confirming the identity of owner of personal data or their representative, information about date of issue of the said document and issuing authority, information confirming participation of owner of personal data in relations with the Organization (agreement number, date, conventional verbal mark and/or other information) or information that otherwise confirm the fact of personal data processing by the Organization, signature of owner of personal data or their representative.   The request can be forwarded in the form of an electronic document and signed with electronic signature in accordance with the legislation of the Russian Federation.

- If information as well as personal data being processed were provided for information purposes to the owner of personal data upon their request, the owner of personal data has the right to contact the Organization again or send them subsequent request to obtain information and familiarize themselves with such personal data not earlier than thirty days after initial contact or request, unless a shorter period is prescribed by the federal law, adopted statutory instrument or agreement in connection therewith, party to, beneficiary to or guarantor of which is the owner of personal data.

- The Organization has the right to deny owner of personal data in fulfilling the subsequent request that is not in compliance with terms set forth in the relevant provisions of the law. Such denial must be justified. The Organization is responsible for production of evidence of subsequent request denial justification.

- Personal data owner has the right to obtain information with regard to the processing of their personal data.

The Organization further guarantees that it does not disclose personal data in any other manner other than as expressly provided for in the legislation or the present document. A person that used the services provided by the Organization within the projects it implements hereby confirms that they grant to the Organization all the necessary rights to perform processing of their personal data in any form that may be necessary to provide such services.

For the purposes of implementation of personal data processing the Organization reserves the right to outsource such processing to the third party. At the same time, the Organization guarantees that in processing personal data such third party will comply with the provisions of the Law and legislature of the Russian Federation.

To ensure the security of personal data the Organization shall make the following arrangements:

1) appoints a designated person responsible for compliance of personal data processing (hereinafter - the designated person);

2) monitors for security threats of personal data during their processing in personal data information systems;

3) uses organizational and technical efforts to ensure personal data security during processing in personal data information systems necessary to comply with personal data protection requirements enforced by personal data protection levels set by the Government of the Russian Federation;

4) assesses the efficiency of measures taken to ensure the security of personal data before putting personal data information system into service;

5) detects, if any, facts of unauthorized access to personal data and use all reasonable efforts to eliminate the consequences of such unauthorized access and avoidance of such facts in the future;

6) controls all efforts taken to ensure the security of personal data and protection level of personal data information systems.

In the event of cross-border transfer of personal data the Organization shall comply with the Law and other requirements to such transfer as stipulated by the current legislation of the Russian Federation.

In case of any problem encountered in the process of using services provided by the Organization within the projects it implements, users can contact customer support by writing to the following email: info@smartdriving.io.