Personal Data Processing Policy

1. General Provisions

1.1. This document establishes the fundamental aspects of the operations of LLC "LESNAYA ZAYMKA-M" (hereinafter – the Company) regarding the processing of personal data, including principles, purposes, procedures and conditions for such processing, rights of subjects, obligations of the Company, as well as measures for their protection (hereinafter – "Policy").

1.2. The Policy is put into effect by order of the general director and comes into application from the date of approval.

1.3. Amendments to the Policy may be made by decision of the general director of the Company or his deputy. The new version of the Policy takes effect after approval by the relevant order.

1.4. The Policy remains in force until it is canceled or replaced by an updated version.

2. Responsibility and Scope of Application

2.1. This document regulates the activities of all departments and employees of the Company.

3. Definition of Terms

Term Name Abbreviation Definition of the Term (Decoding of the Abbreviation)
Current Definitions:
Automated Processing of Personal Data Processing of personal data using computing devices
Biometric Personal Data Information reflecting physiological and biological characteristics of a person that allows identifying their identity and is used by the operator to confirm the identity of the personal data subject
Blocking of Personal Data Temporary suspension of processing of personal data (except in cases where processing is required for their correction)
Personal Data Information System ISPDn A complex of data in databases, technologies and means for their processing
Personal Data PDn Any information relating directly or indirectly to a specific or identifiable individual (Personal Data Subject)
Personal Data Subject An individual who is directly or indirectly identified or can be identified using personal data
Processing of Personal Data Any operation or set of operations with personal data performed using automated means or without them, including collection, recording, ordering, accumulation, storage, correction (updating, modification), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, removal, destruction
Special Category of Personal Data Personal data concerning racial or national affiliation, political views, religious or philosophical beliefs, health, intimate life, as well as information about criminal records
Destruction of Personal Data Actions that make it impossible to restore the content of personal data in the system or lead to the destruction of their carriers
Cross-Border Transfer of Personal Data Transfer of personal data to the territory of a foreign state to a government body, physical or legal entity of a foreign state

4. Principles of Personal Data Processing

4.1. The Company processes personal data based on the following principles:

4.1.1. processing is carried out on a legal and fair basis;

4.1.2. processing is limited to achieving predetermined and legitimate purposes, without the possibility of processing data not corresponding to the purposes of their collection;

4.1.3. merging of databases with personal data is prohibited if the purposes of their processing are incompatible;

4.1.4. only those personal data that correspond to the purposes of processing are processed;

4.1.5. the content and volume of processed data must correspond to the stated purposes, without redundancy;

4.1.6. accuracy, sufficiency and relevance of data in relation to the purposes of processing are ensured;

4.1.7. data storage is carried out in a form that allows identifying the subject no longer than required for the purposes, unless other periods are established by the law of the Russian Federation or an agreement with the subject;

4.1.8. data are destroyed or their destruction is ensured upon achievement of the purposes or in the absence of necessity, unless otherwise provided by the law of the Russian Federation.

5. List of Purposes for Personal Data Processing

5.1. In accordance with the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter – "Law on Personal Data"), the Company forms and places in the Policy a list of purposes for processing personal data (Appendix 1).

5.2. The list of purposes is regularly updated taking into account the evolution of business processes in the Company.

6. Procedure and Conditions for Personal Data Processing

6.1. The Company processes personal data only if there are legal grounds specified in the Law on Personal Data.

6.2. For each purpose, the Company establishes categories and list of processed data, categories of subjects, methods, terms of processing and storage, as well as the procedure for destruction of data.

7. Procedure for Destruction of Personal Data

7.1. Destruction of personal data processed for the purposes from the list (Appendix 1) occurs in cases:

7.1.1. achievement of the processing purpose;

7.1.2. loss of necessity for the purpose;

7.1.3. detection of illegal processing without the possibility of its legalization;

7.1.4. withdrawal of consent by the subject, unless otherwise provided by the Law;

7.1.5. requirement of the subject to terminate processing, unless otherwise established by the Law.

7.2. If destruction is impossible within the established periods, the Company blocks the data and destroys them within no more than 6 months, unless another period is provided by the law of the Russian Federation.

7.3. If destruction of data requires destruction of the carrier, both the data and the carrier are destroyed.

7.4. The fact of destruction is confirmed in accordance with the requirements of the law of the Russian Federation.

8. Obtaining, Transfer, Assignment of Personal Data Processing

8.1. To implement the purposes from the list, the Company may involve external partners, including:

8.1.1. banks for issuing and servicing cards for salary payments and other amounts to employees;

8.1.2. insurance companies for DMS services and accident insurance;

8.1.3. electronic document management operators for legally significant exchange;

8.1.4. communication providers;

8.1.5. companies for delivery of correspondence and auto transport;

8.1.6. persons entitled to data by the law of the Russian Federation in the necessary volume;

8.1.7. successors, investors or affiliates in case of reorganization, merger, acquisition, liquidation or sale of assets;

8.1.8. other counterparties to achieve the processing purposes.

8.2. The specific composition of partners is determined by the laws of the Russian Federation, agreements with subjects, consents and contracts with data operators.

8.3. Obtaining, transfer or assignment of processing is carried out only on legal grounds from the Law on Personal Data.

8.4. The Company may carry out cross-border transfer of data for statutory activities taking into account the restrictions of the Law.

8.5. The Company does not disclose data to third parties without the subject's consent, unless otherwise provided by federal law.

9. Procedure for Considering Appeals and Requests from Personal Data Subjects

9.1. The Company accepts and processes appeals and requests from subjects to protect their rights and interests, ensuring control over this process.

9.2. When considering appeals, the Company follows the requirements of the Law regarding their content.

9.3. Information is provided in the volume and terms established by the Law; the term may be extended with a reasoned notification.

9.4. In case of a lawful appeal, the Company:

9.4.1. provides information in the form of a request, unless otherwise specified;

9.4.2. takes measures depending on the nature of the appeal.

9.5. Provided data do not include information about other subjects, except in cases with legal grounds.

9.6. The Company may refuse to satisfy the request on grounds of the law of the Russian Federation with a reasoned refusal.

10. Rights of the Personal Data Subject

10.1. To receive information about the processing of data by the Company, except in cases of restrictions under the Law, including violation of third parties' rights.

10.2. To demand clarification, blocking or destruction of data if they are incomplete, outdated, inaccurate, illegally obtained or excessive, as well as to protect rights under the law.

10.3. To withdraw consent in full or in part or to demand termination of processing.

10.4. To contact the Company to exercise rights.

10.5. To appeal the Company's actions to the authorized body.

10.6. To protect rights in court, including compensation for damages and moral harm.

11. Obligations of the Company

11.1. To appoint a person responsible for organizing the processing of data.

11.2. To approve the Policy with categories of data, subjects, methods, terms and procedures to prevent violations.

11.3. To conduct internal control and audit of compliance with the Law and internal norms.

11.4. To assess potential harm to subjects from violations and measures to minimize it.

11.5. To familiarize persons admitted to data with laws, Policy and norms, including training.

11.6. To publish the Policy and information about protection on the network, including the Company's website.

11.7. To explain the consequences of refusal to provide data or consent if they are mandatory under the law.

11.8. To provide the subject with information under the Law before processing data obtained not from him.

11.9. To ensure processing of data of Russian Federation citizens using databases on the territory of the Russian Federation, including internet collection.

11.10. To take measures to protect data from unauthorized access and other threats.

11.11. To notify the authorized body about unlawful transfer of data within the established periods.

12. Requirements Implemented by the Company for the Protection of Personal Data

12.1. Identification of security threats during processing in ISPDn.

12.2. Application of measures to ensure security corresponding to protection levels under Government of the Russian Federation resolutions.

12.3. Use of certified protection means.

12.4. Assessment of effectiveness of measures before launching ISPDn.

12.5. Determination of storage locations for carriers, accounting, safety, prevention of unauthorized access and separate storage for different purposes.

12.6. Detection of unauthorized access and response measures, including computer attacks.

12.7. Restoration of modified or destroyed data.

12.8. Establishment of access rules and registration of actions in ISPDn.

12.9. Control of security measures and protection level of ISPDn.

12.10. Appointment of persons responsible for security in ISPDn (if applicable).

12.11. Organization of security regime for premises with data processing to prevent unauthorized access.

12.12. Approval of the list of persons admitted to data processing.

13. Rules for Processing Cookie Files

13.1. The Company's websites may use cookies of the following types:

13.1.1. technical, necessary for the correct operation and display of the site;

13.1.2. analytical for counting visits and statistics;

13.1.3. functional for convenience, remembering user preferences;

13.1.4. advertising for showing relevant advertising;

13.1.5. others not listed.

13.2. The storage period for cookies depends on the type but is limited to the time needed for the purpose.

13.3. The Company does not use cookies for:

13.3.1. identification of subjects using technical data;

13.3.2. matching cookies with other information.

13.4. Upon first visit to the site, the user is notified about cookies and can agree or refuse through browser settings.

Details of cookie use are described in the "Cookie Processing Policy".

14. Regulatory References

14.1. External Regulatory Documents

No. Document Number and Date Document Name
01 Federal Law of 27.07.2006 No. 152-FZ Federal Law "On Personal Data"

List of Purposes for Personal Data Processing

1. Recruitment for Vacant Positions

The purpose "Recruitment for Vacant Positions" covers:

  • Search, conducting interviews, testing candidates.
  • Checking candidates by the security service.
  • Keeping records of consideration of candidates.
  • Making decisions on hiring or refusal.
  • Other actions related to the purpose of data processing.

1.1. Categories and List of Personal Data:

  • surname, first name, patronymic
  • date of birth and (or) age
  • gender
  • information about the identity document
  • human face image data
  • information about place of residence and (or) stay
  • information about marital status, family composition and kinship relations
  • contact (communication) data
  • information about education and training
  • information about current educational activities
  • information about scientific and educational activities
  • information about profession and labor/professional qualifications
  • information about personal knowledge, skills and abilities
  • information about personal qualities, interests and preferences
  • information about professional and personal development
  • information about achievements, merits, incentives and awards
  • information about position, structural unit and current place of employment
  • information about previous labor (service) activity
  • information about (non)working capacity
  • information about social position (status)
  • information about criminal record
  • taxpayer identification number (INN)
  • individual personal account insurance number (SNILS)
  • information about attitude to military duty and military registration
  • information about conflict of interests
  • information about independent economic activity
  • information about participation in capital and (or) management of legal entities, as well as about other affiliation
  • information about the history of consideration of the candidate for a vacant position.

1.2. Categories of Personal Data Subjects:

  • applicants for vacant positions in the Company
  • close and other relatives of applicants

1.3. Methods of Personal Data Processing:

  • Mixed method (with automation and without it)

1.4. List of Actions with Personal Data:

Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, obtaining, search, use, transfer (provision, access), deletion, destruction

1.5. Terms of Personal Data Processing:

Up to 5 years after the decision on the candidate, unless otherwise provided by law or agreement

1.6. Legal Grounds for Personal Data Processing:

  • consent to processing of personal data

1.7. Procedure for Destruction:

The procedure for destruction is defined in section 7 of the Policy

2. Personnel Management

The purpose "Personnel Management" covers:

  • Personnel records management (conclusion of employment contracts; adaptation; keeping files; decisions on promotion, transfer, dismissal; registration of vacations, sick leaves).
  • Accounting (payment of salaries, bonuses).
  • Provision of non-monetary bonuses (DMS, gym subscription, sanatorium treatment).
  • Organization of training (internal and external).
  • Organization of business trips (booking hotels, tickets, transport).
  • Conducting corporate events, including sites and social networks.
  • Investigation of accidents.
  • Military registration.
  • Other actions related to the purpose.

2.1. Categories and List of Personal Data:

  • surname, first name, patronymic
  • date of birth and (or) age
  • gender
  • information about the identity document
  • information about place of residence and (or) stay
  • information about place of activity
  • contact (communication) data
  • information about education and training
  • information about current educational activities
  • information about scientific and educational activities
  • information about profession and labor/professional qualifications
  • information about personal knowledge, skills and abilities
  • information about professional and personal development
  • information about professional and personal preferences, expectations and inclinations
  • information about achievements, merits, incentives and awards
  • information about personal qualities, interests and preferences
  • information about position, structural unit and current place of employment
  • information about current labor (service) activity
  • information about previous labor (service) activity
  • personal service identifiers
  • information about productivity of labor (service) activity and satisfaction with such activity
  • human face image data
  • information about working time, insurance experience and benefits
  • information about accident in labor (service) activity
  • taxpayer identification number (INN)
  • information about compulsory medical, pension and social insurance (SNILS)
  • information about income, expenses and deductions related to labor (service) activity
  • financial and payment information
  • information about voluntary personal and property insurance
  • information about violations of applicable norms (including legal) and attraction to corresponding responsibility
  • information about internship, practice and mentorship
  • information about attitude to military duty and military registration
  • information about business trips, including business trips and other service trips
  • information about provision and use of vehicle
  • information about participation in events

Special categories of personal data:

  • information about health status regarding (non)working capacity (insurance)
  • information about health status regarding acute respiratory viral infections (ARVI, including COVID-19) and infectious diseases
  • information about health status regarding disability

2.2. Categories of Personal Data Subjects:

  • employees (current and dismissed) of the Company;
  • close and other relatives of employees of the Company;
  • recipients of payments related to employees of the Company;
  • interns, trainees of the Company.

2.3. Methods of Personal Data Processing:

  • Mixed method (with automation and without it).

2.4. List of Actions with Personal Data:

  • Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, obtaining, search, use, transfer (provision, access), blocking, deletion, destruction.

2.5. Terms of Personal Data Processing:

  • Up to 5 years after termination of legal relations of the parties, unless otherwise provided by legislation or agreement of the parties.

2.6. Legal Grounds for Personal Data Processing:

  • consent to processing of personal data;
  • processing is necessary for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the operator;
  • processing is necessary for the execution of a contract, the party to which or the beneficiary or guarantor under which is the subject of personal data, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor.

2.7. Procedure for Destruction:

The procedure for destruction of personal data is defined in section 7 of the Policy

3. Activity Support

3.1. Categories and List of Personal Data:

The purpose "Activity Support" includes:

  • Information and technological support (user support; system functioning; security).
  • Property management (transactions, auctions, sales).
  • Compliance measures (antimonopoly, ethical, audits).
  • Organizational support (documents, economy, work with visitors).
  • Supply (procurement, partnerships, information disclosure).
  • Legal work (contracts, rights protection, courts).
  • Activity security (fire, anti-terror, checks).
  • Digital transformation and data management.
  • Communication and meetings (sites, directories, events).
  • Other actions related to the purpose.
  • surname, first name, patronymic
  • date of birth and (or) age
  • information about position, structural unit and current place of employment
  • gender
  • contact (communication) data
  • information about place of residence and (or) stay
  • information about the identity document
  • human face image data
  • taxpayer identification number (INN)
  • individual personal account insurance number (SNILS)
  • information about education and training
  • information about scientific and educational activities
  • information about personal qualities
  • information about previous labor (service) activity
  • information about profession, labor/professional qualifications and professional qualities
  • personal service identifiers
  • information about participation in capital and (or) management of legal entities, as well as about other affiliation
  • information about property (financial) position
  • information about income related to independent economic and other legal activity
  • information about presence (absence) of enforcement proceedings
  • information about marital status, family composition and kinship relations
  • information about independent economic activity
  • information about civil law contracts
  • information about conflict of interests
  • information about information (communication) interaction
  • information about participation in legal proceedings
  • information about violations of applicable norms (including legal) and attraction to corresponding responsibility
  • information about status and powers to represent interests
  • information about controlled stay on real estate objects
  • information about vehicle
  • information about use and operation of software and hardware, information systems, computing and communication networks
  • identification, authentication and authorization data
  • information about user device
  • information about features of data entry on user device (without saving entered data)
  • information about user's web browser
  • information about connection to the Internet
  • information about visits and use of sites on the Internet
  • information about use and operation of telecommunication services
  • metadata about various objects (files) and their content
  • information about installation and use of mobile applications
  • information about participation in events
  • information about certification and (or) compliance with professional standard
  • information about participation in non-profit organizations
  • information about personal and property insurance

3.2. Categories of Personal Data Subjects:

  • employees (current and dismissed) of the Company
  • close and other relatives of employees of the Company
  • interested parties of employees of the Company
  • employees of the Company's counterparties - legal entities (clients, suppliers, partners)
  • counterparties of the Company - individuals (clients, suppliers, partners)
  • candidates for management bodies of the Company
  • members of management bodies of the Company
  • owners of the Company - individuals
  • persons related to key personnel of the Company's counterparties
  • affiliated individuals of the Company / individuals included in the group of persons of the Company
  • visitors to real estate objects of the Company
  • participants in court processes and enforcement proceedings involving the Company
  • representatives (attorneys) of the Company
  • personnel of authorized bodies and organizations
  • participants in Company events
  • users of Internet resources of the Company
  • independent appraiser

3.3. Methods of Personal Data Processing:

Mixed method (with automation and without it)

3.4. List of Actions with Personal Data:

Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, obtaining, search, use, transfer (provision, access), deletion, destruction

3.5. Terms of Personal Data Processing:

Up to 10 years after termination of legal relations of the parties, unless otherwise provided by legislation or agreement of the parties

3.6. Legal Grounds for Personal Data Processing:

  • consent to processing of personal data
  • processing is necessary for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the operator
  • processing is necessary for the execution of a contract, the party to which or the beneficiary or guarantor under which is the subject of personal data, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor
  • processing is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings, proceedings in arbitration courts

3.7. Procedure for Destruction:

The procedure for destruction of personal data is defined in section 7 of the Policy

4. Promotion of Goods, Works, Services on the Market by Direct Contacts

The purpose "Promotion of Goods, Works, Services on the Market by Direct Contacts" includes:

  • advertising through SMS, email, calls or other direct channels with potential counterparties

4.1. Categories and List of Personal Data:

  • surname, first name, patronymic
  • registration address, contact (communication) data

4.2. Categories of Personal Data Subjects:

  • counterparties of the Company
  • message recipients

4.3. Methods of Personal Data Processing:

Mixed method (with automation and without it)

4.4. List of Actions with Personal Data:

Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, search, use, transfer (provision, access), blocking, deletion, destruction

4.5. Terms of Personal Data Processing:

Up to 3 years after termination of legal relations of the parties, unless otherwise provided by legislation or agreement of the parties.

4.6. Legal Grounds for Personal Data Processing:

  • Consent to processing of personal data (Art. 15 of the Law on Personal Data)

4.7. Procedure for Destruction:

The procedure for destruction of personal data is defined in section 7 of the Policy

5. Implementation of Rights and Obligations under Concluded Contracts with Individuals or Legal Entities

The purpose "Implementation of Rights and Obligations under Concluded Contracts with Individuals or Legal Entities" includes:

  • Information and technological support;
  • Other actions related to the purpose of data processing.

5.1. Categories and List of Personal Data:

  • surname, first name, patronymic
  • information about place of residence and (or) stay
  • gender
  • contact (communication) data
  • taxpayer identification number (INN)
  • individual personal account insurance number (SNILS)
  • information about the identity document (passport data or data of another identity document (series and number, name of the issuing authority, date of issue and subdivision code)
  • data confirming the right to provide social support measures
  • information about premises in ownership
  • information about premises on lease terms

5.2. Categories of Personal Data Subjects:

  • employees of the Company's counterparties - legal entities (clients, suppliers, partners)
  • counterparties of the Company - individuals (clients, suppliers, partners)

5.3. Methods of Personal Data Processing:

Mixed method (with automation and without it)

5.4. List of Actions with Personal Data:

Collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, search, use, transfer (provision, access), blocking, deletion, destruction

5.5. Terms of Personal Data Processing:

Up to 3 years after termination of legal relations of the parties, unless otherwise provided by legislation or agreement of the parties.

5.6. Legal Grounds for Personal Data Processing:

  • consent to processing of personal data
  • processing is necessary for the implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the operator
  • processing is necessary for the execution of a contract, the party to which or the beneficiary or guarantor under which is the subject of personal data, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor

5.7. Procedure for Destruction:

The procedure for destruction of personal data is defined in section 7 of the Policy

Contact Us

If you have any remaining questions about the collection, processing, deletion, and any other use of visitors' personal data on the site lesnaya-zaimka-vl.ru, you can ask them here

Please fill out the field
Please fill out the field