Background
office@akademia.art
Back
Policy on the protection and processing of personal data

1.  GENERAL PROVISIONS

1.1. This Policy on the processing of personal data (hereinafter referred to as the Policy) has been drawn up in accordance with clause 2 of Article 18.1 of Federal Law No. 152-FZ of 27 July 2006 ‘On Personal Data’ No. 152-FZ dated 27 July 2006, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing, and applies to all personal data (hereinafter referred to as Data) that the Organisation (hereinafter referred to as the Operator, Company) may obtain from a personal data subject who is a party to a civil law contract, from an Internet user (hereinafter referred to as the User) while using any of the websites, services, programmes, products or services of LLC ‘Akademia Art’, as well as from a personal data subject who has a relationship with the Operator governed by labour legislation (hereinafter referred to as the Employee).

1.2. The Operator ensures the protection of processed personal data from unauthorised access and disclosure, unlawful use or loss in accordance with the requirements of Federal Law No. 152-FZ of 27 July 2006 ‘On Personal Data’.

1.3. The Operator has the right to make changes to this Policy. When changes are made, the date of the last update shall be indicated in the title of the Policy. The new version of the Policy shall come into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.

2. TERMS AND ACCEPTED ABBREVIATIONS

2.1. Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data).

2.2. Personal data processing – any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalisation, blocking, deletion, destruction of personal data.

2.3. Automated processing of personal data – processing of personal data using computer technology.

2.4. Personal data information system (PDIS) – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

2.5. Personal data made publicly available by the subject of personal data – personal data to which an unlimited number of persons have been granted access by the subject of personal data or at their request.

2.6. Blocking of personal data – temporary cessation of the processing of personal data (except in cases where processing is necessary to clarify personal data).

2.7. Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and/or that destroy the physical media containing personal data.

2.8. Operator – an organisation that, independently or jointly with other persons, organises the processing of personal data, as well as determines the purposes of processing personal data to be processed, actions (operations) performed with personal data. The operator is LLC ‘Akademia Art’, located at: 107140, Moscow, Krasnoselsky Municipal District, Krasnoprudnaya Street, 12/1, building 1, room 1/6.

3. PROCESSING OF PERSONAL DATA

3.1. Obtaining personal data

3.1.1. All personal data should be obtained from the subject themselves. If the subject's personal data can only be obtained from a third party, the subject must be notified of this or their consent must be obtained.

3.1.2. The operator must inform the subject of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions to be taken with the personal data, the period during which the consent is valid and the procedure for its withdrawal, as well as the consequences of the subject's refusal to give written consent to its collection.

3.1.3. Documents containing personal data are created by:

– copying original documents (passport, education certificate, tax identification number certificate, pension certificate, etc.);

– entering information into registration forms;

– obtaining original copies of necessary documents (employment record book, medical report, character reference, etc.).

3.2. Processing of personal data

3.2.1. Personal data is processed:

– with the consent of the personal data subject to the processing of their personal data;

– in cases where the processing of personal data is necessary for the implementation and fulfilment of functions, powers and duties assigned by the legislation of the Russian Federation;

– in cases where personal data is processed, access to which is provided to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as personal data made publicly available by the subject of personal data).

3.2.2. Purposes of personal data processing:

– implementation of labour relations;

– implementation of civil law relations;

– to communicate with the user in connection with filling out the feedback form on the website, including sending notifications, requests and information regarding the use of the LLC ‘Akademia Art’ website, processing, coordinating orders for services/work, and executing agreements and contracts;
– depersonalisation of personal data to obtain depersonalised statistical data, which is transferred to a third party for conducting research, performing work or providing services on behalf of the Company.

3.2.3. Categories of personal data subjects.

The personal data of the following subjects of personal data is processed:

– individuals who are in an employment relationship with the Company;

– individuals who have resigned from the Company;

– individuals who are job candidates;

– individuals who are in a civil law relationship with the Company;

– individuals who are Users of the Company's Website.

3.2.4. Personal data processed by the Operator:

– data obtained in the course of employment relationships;

– data obtained for the selection of job candidates;

– data obtained in the course of civil law relationships;

– data obtained from Users of the Company's Website.

3.2.5. Personal data is processed:

– using automation tools;

– without using automation tools.

3.3. Storage of personal data

3.3.1. Personal data of subjects may be obtained, further processed and transferred for storage both on paper and in electronic form.

3.3.2. Personal data recorded on paper media shall be stored in lockable cabinets or in lockable rooms with restricted access.

3.3.3. Personal data of subjects processed using automation tools for different purposes shall be stored in different folders.

3.3.4. It is not permitted to store and place documents containing personal data in open electronic catalogues (file sharing services) in the ISPD.

3.3.5. Personal data shall be stored in a form that allows the data subject to be identified for no longer than is necessary for the purposes of processing, and shall be destroyed once the purposes of processing have been achieved or if there is no longer any need to achieve them.

3.4. Destruction of personal data

3.4.1. Documents (media) containing personal data shall be destroyed by burning, crushing (shredding), chemical decomposition, or conversion into a shapeless mass or powder. A shredder may be used to destroy paper documents.

3.4.2. Personal data on electronic media shall be destroyed by erasing or formatting the media.

3.4.3. The fact of destruction of personal data shall be confirmed by a document certifying the destruction of the media.

3.5. Transfer of personal data

3.5.1. The operator transfers personal data to third parties in the following cases:

– the subject has given their consent to such actions;

– transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.

3.5.2. List of persons to whom personal data is transferred.

– Pension Fund of the Russian Federation for accounting purposes (on legal grounds);

– tax authorities of the Russian Federation (on legal grounds);

– Social Insurance Fund of the Russian Federation (on legal grounds);

– Territorial compulsory medical insurance fund (on legal grounds);

– Insurance medical organisations for compulsory and voluntary medical insurance (on legal grounds);

– Banks for payroll accounting (on the basis of a contract);

– Russian Ministry of Internal Affairs bodies in cases established by law.

4. PERSONAL DATA PROTECTION

4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPS) consisting of legal, organisational and technical protection subsystems.

4.2. The legal protection subsystem is a set of legal, organisational, administrative and regulatory documents that ensure the creation, functioning and improvement of the PDPS.

4.3. The organisational protection subsystem includes the organisation of the PDPS management structure, the licensing system, and the protection of information when working with employees, partners and third parties.

4.4. The technical protection subsystem includes a set of technical, software, and hardware tools that ensure the protection of personal data.

4.5. The main measures used by the Operator to protect personal data are as follows:

4.5.1. Appointment of a person responsible for personal data processing, who organises personal data processing, training and instruction, and internal control over compliance with personal data protection requirements by the institution and its employees.

4.5.2. Identification of current threats to the security of personal data when processing it in the ISPD and development of measures and activities to protect personal data.

4.5.3. Development of a policy regarding the processing of personal data.

4.5.4. Establishment of rules for access to personal data processed in the ISPD, as well as ensuring the registration and recording of all actions performed with personal data in the ISPD.

4.5.5. Establishing individual passwords for employees to access the information system in accordance with their job responsibilities.

4.5.6. Using information security measures that have undergone a compliance assessment procedure in accordance with established procedures.

4.5.7. Certified antivirus software with regularly updated databases.

4.5.8. Compliance with conditions that ensure the security of personal data and prevent unauthorised access to it.

4.5.9. Detection of unauthorised access to personal data and taking measures.

4.5.10. Restoration of personal data modified or destroyed as a result of unauthorised access.

4.5.11. Training of the Operator's employees who directly process personal data on the provisions of Russian legislation on personal data, including requirements for the protection of personal data, documents defining the Operator's policy on the processing of personal data, and local acts on the processing of personal data.

4.5.12. Implementation of internal control and audit.

5. BASIC RIGHTS OF THE SUBJECT OF PERSONAL DATA

5.1. Basic rights of the subject of personal data The subject has the right to access their personal data and the following information:

– confirmation of the fact of personal data processing by the Operator;

– legal grounds and purposes of personal data processing;

– purposes and methods of personal data processing used by the Operator;

– name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the Operator or on the basis of federal law;

– the terms of processing of personal data, including the terms of its storage;

– the procedure for the exercise by the subject of personal data of the rights provided for by federal law;

– the terms of processing personal data, including the terms of its storage;

– the procedure for exercising the rights of the subject of personal data provided for by federal law;

– the name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is entrusted or will be entrusted to such a person;

– contacting the Operator and sending requests to them;

– appealing against the actions or inaction of the Operator.

5.2. Obligations of the Operator

The Operator is obliged to:

– provide information about the processing of personal data when collecting personal data;

– notify the subject if personal data has been obtained from a source other than the subject of the personal data;

– explain the consequences of such refusal to the subject when refusing to provide personal data;

– publish or otherwise ensure unrestricted access to the document defining its policy regarding the processing of personal data, to information about the requirements for the protection of personal data;

– take the necessary legal, organisational and technical measures or ensure that they are taken to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data;

– respond to requests and enquiries from data subjects, their representatives and the authorised body for the protection of the rights of data subjects.

For general enquiries: office@akademia.art

We process cookies to personalize services and to make the site more convenient to use.
You can prohibit the processing of cookies in your browser settings. Please, read the cookies policy.