Personal dataprocessing policy
The provision of works and services by SIESDI JSC in the field of creation and implementation of software designed to automate design processes involves the processing and storage of personal data of clients in automated information systems of CSD JSC. In accordance with the current legislation (Federal Law No. 152-FZ of 27.06.2006 «On Personal Data»), CSD JSC has implemented a set of technical and organizational measures to ensure the security of processed and stored personal data of our customers.
CSD JSC is a high-tech company that uses advanced IT technologies in its work. Therefore, one of the priorities in the company’s work is compliance with the current legislation in the field of information security, as well as the requirements of Federal Law No. 152—FZ dated 27.06.2006 «On Personal Data», the main purpose of which is to ensure the protection of human and civil rights and freedoms when processing his personal data, including the protection of the right to privacy, personal and family secrets.
The purpose of personal data processing
The purpose of collecting, processing, storing, as well as other actions with personal data of clients is to fulfill the obligations of JSC «CSD» to the client under an agreement with him.
Principles of personaldata processing
When processing personal data of clients, CSD JSC adheres to the following principles:
- compliance with the legality of receiving, processing, storing, as well as other actions with personal data;
- processing of personal data solely for the purpose of fulfilling its obligations under the service agreement;
- collection of only those personal data that are minimally necessary to achieve the stated processing goals;
- implementation of measures to ensure the security of personal data during their processing and storage;
- compliance with the rights of the subject of personal data to access his personal data.
Composition of personaldata
The personal data of clients processed by the company may include:
- last name, first name, patronymic;
- phone number, fax number, e-mail address (at the request of the client);
- location address, etc.
Collection (receipt) of personal data
The company receives personal data of clients only personally from the client in the process of communication or by filling out an electronic form on the websites of JSC «CSD»
Processing of personal data
The processing of personal data of clients in the company takes place both in a non-automated and automated way. Only employees who have passed a certain admission procedure are allowed to process personal data in the company, which include:
- familiarization of the employee with the company’s local regulations (provisions, instructions, etc.), strictly regulating the process and procedure for working with personal data of clients;
- taking a subscription from an employee about confidentiality with respect to personal data of clients when working with them;
- obtaining by an employee and using in the work of individual attributes of access to the company’s information systems containing personal data of clients. At the same time, each employee is given the minimum rights necessary for the performance of work duties to access information systems.
Employees who have access to personal data of clients receive only those personal data that they need to perform specific work functions.
Storage of personaldata
Personal data of clients are stored in paper (contract) and electronic form. In electronic form, personal data of clients are stored in the information systems of personal data of JSC «CSD», as well as in archival copies of databases of these systems. The procedure for archiving and storage periods of archived copies of databases of the company’s personal data information systems are defined in the instructions on backup, which is mandatory for the administrators of the relevant systems. When storing personal data of clients, organizational and technical measures are observed to ensure their safety and exclude unauthorized access to them. These include:
- appointment of a department or employee responsible for a particular method of storing personal data;
- restriction of physical access to storage locations and media;
- accounting of all information systems and electronic media, as well as archival copies.
Transfer of personal datato third parties
The transfer of personal data to third parties by «CSD» JSC is not provided.
Measures to ensure the security of personal data during their processing
Ensuring the security of personal data in the company is achieved by the following measures:
- appointment of an employee responsible for the organization of personal data processing;
- conducting an internal audit of the company’s information systems containing personal data, conducting their classification;
- development of a private model of personal data security threats;
- the appointment of a responsible administrator for each information system;
- determination of the list of persons allowed to work with personal data;
- development and approval of the company’s local regulations governing the processing of personal data. Development of working instructions for operators and administrators of information systems;
- implementation of technical measures that reduce the likelihood of personal data security threats;
- conducting periodic security checks of the company’s information systems.
The subject of personal data has the right to receive information concerning the processing of his personal data, including information containing:
- confirmation of the fact of personal data processing;
- llegal basis and purposes of personal data processing;
- purposes and methods of personal data processing used;
- information about persons (with the exception of company employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract or on the basis of federal law;
- processed personal data related to the relevant subject of personal data, the source of their receipt;
- terms of processing of personal data, including the terms of their storage;
- the procedure for the exercise by the subject of personal data of their rights.
The client can get this information by contacting the office of JSC «CSD» with a written request. The response is sent to the address specified in the request within 30 days.