Privacy Policy

Policy of the Limited Liability Company "Volodarsky Flour Mill" regarding the processing of personal data
1. General provisions
1.1. This Policy of the Volodarsky Flour Mill Limited Liability Company regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) in order to ensure the protection of the rights of and the freedoms of man and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The Policy applies to all personal data processed by the Limited Liability Company Volodarsky Flour Mill (hereinafter referred to as the Operator, MK Volodarsky LLC).
1.3. The Policy applies to the relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.
1.4. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, the Policy is published freely on the Internet on the Operator's website.
1.5. Basic concepts used in the Policy:
- personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);
- personal data operator (operator) - a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
- user – any visitor to the site https://mkvolod.com
- personal data processing - any action (operation) or set of actions (operations) with personal data performed with or without automation tools. The processing of personal data includes, but is not limited to:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (update, change);
- extraction;
- use;
- transmission (distribution, provision, access);
- depersonalization;
- blocking;
- removal;
- destruction;
- automated processing of personal data - processing of personal data using computer technology;
- dissemination of personal data - actions aimed at disclosing personal data to an unspecified group of people;
- provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of people;
- blocking of personal data - temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data);
- destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
- depersonalization of personal data - actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information;
- personal data information system - a set of personal data contained in databases and information technologies and technical means that ensure their processing.
1.6. Basic rights and obligations of the Operator.
1.6.1. The Operator has the right to:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with this person. The person who processes personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Law on Personal Data, to respect the confidentiality of personal data, and to take necessary measures to ensure compliance with the obligations provided for by the Law on Personal Data.;
3) if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data.
1.6.2. The Operator is obliged to:
1) organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
2) respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Act;
3) notify the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor)) upon request of this body, the necessary information is provided within 10 working days from the date of receipt of such request. This period may be extended, but not for more than five working days. To do this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the deadline for providing the requested information.;
4) in accordance with the procedure established by the federal executive governmental body authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that have resulted in the unlawful transfer (provision, dissemination, access) of personal data.
1.7. Basic rights of the personal data subject. The personal data subject has the right to:
1) to receive information concerning the processing of his personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data related to other personal data subjects, except in cases where there are legitimate grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
2) require the operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.;
3) to put forward a condition of prior consent when processing personal data in order to promote goods, works and services on the market;
4) appeal to Roskomnadzor or in court against illegal actions or omissions of the Operator
1.8. Control over the fulfillment of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data by the Operator.
1.9. Responsibility for violation of the requirements of the legislation of the Russian Federation and regulations of the Limited Liability Company Volodarsky Flour Mill in the field of personal data processing and protection is determined in accordance with the legislation of the Russian Federation.
2. Purposes of personal data collection
2.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not allowed.
2.2. Only personal data that meets the purposes of their processing is subject to processing.
2.3. The processing of personal data by the Operator is carried out for the following purposes:
· ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
· carrying out its activities in accordance with the charter of the Limited Liability Company Volodarsky Flour Mill
· personnel records management;
· assistance to employees in finding employment, education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;
· recruitment and selection of candidates to work for the Operator;
· organization of individual (personalized) registration of employees in the compulsory pension insurance system;
· filling out and submitting required reporting forms to the executive authorities and other authorized organizations;
· implementation of civil law relations;
· maintaining accounting records.
· user identification to provide access to paid personalized resources.
· establishing feedback with the user, including sending notifications, requests related to the provision of services, processing requests and requests from the user, including by e-mail.
·determining the user's location to ensure security and fraud prevention.
· confirmation of the accuracy and completeness of the personal data provided by the user.
· create an account, as well as a user profile.
· User notifications about new products and services, special offers and various events.
· providing the user with effective customer and technical support in case of problems.
· implementation of advertising activities.
2.4. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
3. Legal grounds for personal data processing
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in compliance with which and in accordance with which the Operator processes personal data, including:
· The Constitution of the Russian Federation; The Civil Code of the Russian Federation; the Labor Code of the Russian Federation; the Tax Code of the Russian Federation; Federal Law No. 14-FZ dated 08.02.1998 "On Limited Liability Companies"; Federal Law No. 402-FZ dated 06.12.2011 "On Accounting"; Federal Law No. 167-FZ dated 15.12.2001 "On Compulsory Pension Insurance in the Russian Federation"; other regulatory legal acts regulating relations related to the Operator's activities.
3.2. The legal basis for the processing of personal data is also:
· The charter of the Limited Liability Company Volodarsky Flour Mill
· contracts concluded between the Operator and the subjects of personal data;
· consent of personal data subjects to the processing of their personal data.
4. Scope and categories of personal data processed, categories of personal data subjects
4.1. The content and scope of the personal data being processed must comply with the stated purposes of processing provided for in sec. 2 of this Policy. The personal data being processed should not be redundant in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment with the Operator:
· last name, first name, patronymic;
· gender;
· Citizenship;
· date and place of birth;
· Contact information;
· information about education, work experience, qualifications;
· other personal information provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator:
· last name, first name, patronymic;
· gender;
· Citizenship;
· date and place of birth;
· image (photo);
· passport data;
· address of registration at the place of residence;
· the address of the actual residence;
· Contact information;
· individual taxpayer number;
· insurance number of the individual personal account (SNILS);
· information about education, qualifications, professional training and professional development;
· marital status, children, family ties;
· information about employment, including the availability of incentives, awards and (or) disciplinary penalties;
· Marriage registration data;
· information about military registration;
· Disability information;
· information about withholding alimony;
· information about income from a previous job;
· other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of the Operator's employees:
· last name, first name, patronymic;
· degree of kinship;
· year of birth;
· other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. The Operator's clients and counterparties (individuals):
· last name, first name, patronymic;
· date, time and place of birth, prenatal data (data on the specifics of the mother's pregnancy and birth);
· gender;
· passport data;
· information about marital status;
· contact information (E-mail, Telegram ID, phone number)
· information about current activities (profession or education, current occupation, employment, hobbies)
· image (photo);
· Biometric personal data (audio recording of voice);
· notes and comments left in your personal account on the website. 
4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities):
· last name, first name, patronymic;
· passport data;
· Contact information;
· current position;
· other personal data provided by representatives (employees) of clients and counterparties necessary for the conclusion and execution of contracts.
4.3. The processing of biometric personal data by the Operator (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established) is carried out in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided for by the legislation of the Russian Federation.
5. Procedure and conditions of personal data processing
5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
5.3. The Operator performs both automated and non-automated processing of personal data.
5.4. The Operator's employees, whose job responsibilities include processing personal data, are allowed to process personal data.
5.5. Personal data is processed by:
· receiving personal data in oral and written form directly from personal data subjects;
· obtaining personal data from publicly available sources;
· entering personal data into the logs, registers and information systems of the Operator;
· using other methods of personal data processing.
5.6. Disclosure and dissemination of personal data to third parties is prohibited without the consent of the personal data subject, unless otherwise provided by federal law. Consent to the processing of personal data authorized by the personal data subject for dissemination is issued separately from other consents of the personal data subject to the processing of his personal data.
The requirements for the content of consent to the processing of personal data authorized by the personal data subject for distribution were approved by Roskomnadzor Order No. 18 dated 02/24/2021.
5.7. The transfer of personal data to the bodies of inquiry and investigation, to the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:
· identifies threats to the security of personal data during their processing;
· adopts local regulations and other documents regulating relations in the field of personal data processing and protection;
· appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
· creates the necessary conditions for working with personal data;
· organizes the accounting of documents containing personal data;
· organizes work with information systems in which personal data is processed;
· stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
· organizes training for the Operator's employees who process personal data.
5.9. The Operator stores personal data in a form that allows determining the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law or contract.
5.10. When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the Law on Personal Data.
6. Updating, correction, deletion, destruction of personal data and termination of their processing, responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the personal data subject or his representative within 10 working days from the date of request or receipt of a request from the personal data subject or his representative. This period may be extended, but not for more than five working days. To do this, the Operator should send a reasoned notification to the personal data subject indicating the reasons for extending the deadline for providing the requested information.
The request must contain:
· the number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority.;
· information confirming the personal data subject's participation in the relationship with the Operator (contract number, date of conclusion of the contract, conditional designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
· signature of the personal data subject or his representative.
The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
The operator provides the information specified in Part 7 of Article 14 of the Law on Personal Data to the personal data subject or his representative in the form in which the relevant request or request is sent, unless otherwise specified in the request or request.
If the request of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, a reasoned refusal is sent to him.
The right of a personal data subject to access his personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of a personal data subject to his personal data violates the rights and legitimate interests of third parties.
6.2. In case of detection of inaccurate personal data when contacting a personal data subject or his representative, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the subject personal data or third parties.
In case of confirmation of the inaccuracy of personal data, the Operator, based on information provided by the personal data subject or his representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
6.3. In case of detection of unlawful processing of personal data when contacting (requesting) a personal data subject or his representative or Roskomnadzor, the Operator shall block unlawfully processed personal data related to this personal data subject from the moment of such request or receipt of the request.
6.4. If the Operator, Roskomnadzor or any other interested person identifies the fact of unlawful or accidental transfer (provision, dissemination) of personal data (access to personal data), which has resulted in a violation of the rights of personal data subjects, the Operator:
· within 24 hours, notifies Roskomnadzor of the incident, the alleged causes that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, as well as provides information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident.;
· within 72 hours, notifies Roskomnadzor of the results of the internal investigation of the identified incident and provides information about the persons whose actions caused it (if any).
6.5. Upon achieving the goals of personal data processing, as well as in the event that the personal data subject withdraws consent to their processing, personal data must be destroyed if:
· unless otherwise provided by the contract to which the personal data subject is a party, beneficiary or guarantor.;
· the operator does not have the right to process personal data without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other federal laws.;
· unless otherwise provided by another agreement between the Operator and the subject of personal data.
6.6. When a personal data subject requests the Operator to terminate the processing of personal data within a period not exceeding 10 working days from the date of receipt by the Operator of the relevant request, the processing of personal data is terminated, except in cases provided for by the Law on Personal Data. The specified period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notification to the subject of personal data indicating the reasons for the extension of the period.
7. Other things.
7.1. The Policy is valid indefinitely.
7.2. The Operator may make changes to this Policy without the consent and notification of users and subjects of personal data.
7.3. The Operator is not responsible for the actions of third parties in relation to the user and the subjects of personal data, the implementation of which became possible due to a violation by the user or the subject of personal data of the provisions of this Policy, as well as due to the negligence of the user or the subject of personal data.