+7 (812) 920-12-75 Get In Touch

Privacy Policy

POLITICS
Limited Liability Company Law firm LEGAL RIGHT
regarding the processing of personal data

1. General Provisions
1.1. This Policy of the Limited Liability Company Law firm LEGAL RIGHT the processing of personal data (hereinafter referred to as the Policy) has been developed in pursuance of the requirements of paragraph 2 of part 1 of Art. 18.1 of the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
1.2. The Policy applies to all personal data processed by Limited Liability Company Law firm LEGAL RIGHT (hereinafter referred to as the Operator, LEGAL RIGHT).
1.3. The Policy applies to relations in the field of personal data processing that the Operator has both before and after the approval of this Policy.
1.4. In pursuance of the requirements h. 2 Article. 18.1 of the Law on Personal Data, this Policy is published in the public domain on the Internet information and telecommunications network on the Operator’s website.
1.5. The terms used in the text of the Policy are subject to application and interpretation in the meaning established by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.
1.6. Basic rights and obligations of the Operator.
1.6.1.The operator has the right:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by the Law on Personal Data, respect the confidentiality of personal data, take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Law on Personal Data;
3) in the event that the subject of personal data withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the subject of personal data if there are grounds specified in the Law on Personal Data.
1.6.2.The operator is obliged:
1) organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
2) respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3) report to the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Communications (Roskomnadzor)) at the request of this body the necessary information within 10 working days from the date of receipt of such a request. This period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the period for providing the requested information;
4) in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that led to the unlawful transfer (provision, distribution , access) personal data.
1.7. Basic rights of the subject of personal data. The subject of personal data has the right:
1) receive information regarding the processing of his personal data, except as otherwise provided by federal laws. The information is provided to the subject of personal data by the Operator in an accessible form, and it should not contain personal data related to other subjects of personal data, unless there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
2) require the operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
3) put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market.
2. Purposes of collecting personal data
2.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. It is not allowed to process personal data that is incompatible with the purposes of collecting personal data.
2.2. Only personal data that meet the purposes of their processing are subject to processing.
2.3.The processing of personal data by the Operator is carried out for the following purposes:
• Ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
• implementation of its activities in accordance with the charter of LEGAL RIGHT;
• conducting personnel records management;
• assistance to employees in employment, education and career advancement, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;
• attraction and selection of candidates for work with the Operator;
• organization of individual (personalized) registration of employees in the mandatory pension insurance system;
• completion and submission to the executive authorities and other authorized organizations of the required reporting forms;
• implementation of civil law relations;
• accounting;
• implementation of access control.
2.4. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.

3. Legal grounds for the processing of personal data
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in pursuance of which and in accordance with which the Operator processes personal data, including:
• The Constitution of the Russian Federation;
• Civil Code of the Russian Federation;
• Labor Code of the Russian Federation;
• Tax Code of the Russian Federation;
• Federal Law No. 14-FZ of 08.02.1998 “On Limited Liability Companies”;
• Federal Law No. 402-FZ of 06.12.2011 “On Accounting”;
• Federal Law No. 167-FZ of December 15, 2001 “On Mandatory Pension Insurance in the Russian Federation”;
• The General Data Protection Regulation, adopted by the European Parliament and the Council of the European Union on April 27, 2016, Regulation 2016/679;
• other regulatory legal acts regulating relations related to the activities of the Operator.
3.2. The legal basis for the processing of personal data is also:
• charter of LEGAL RIGHT;
• agreements concluded between the Operator and subjects of personal data;
• consent of personal data subjects to the processing of their personal data.

4. Scope and categories of personal data processed, categories of personal data subjects
4.1. The content and scope of the processed personal data must comply with the stated purposes of processing, provided for in sect. 2 of this Policy. The processed personal data should not be excessive in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment with the Operator:
• Full Name;
• floor;
• citizenship;
• Date and place of birth;
• Contact details;
• information about education, work experience, qualifications;
• other personal data provided by candidates in resumes and cover letters.
4.2.2.Employees and former employees of the Operator:
• Full Name;
• floor;
• citizenship;
• Date and place of birth;
• image (photo);
• passport data;
• address of registration at the place of residence;
• address of the actual residence;
• Contact details;
• individual taxpayer number;
• insurance number of an individual personal account (SNILS);
• information about education, qualifications, professional training and advanced training;
• marital status, presence of children, family ties;
• information about labor activity, including the presence of incentives, awards and (or) disciplinary sanctions;
• data on marriage registration;
• information about military registration;
• information about disability;
• information about alimony withholding;
• information about income from the previous place of work;
• other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of the Operator’s employees:
• Full Name;
• relation degree;
• year of birth;
• other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. Clients and counterparties of the Operator (individuals):
• Full Name;
• Date and place of birth;
• passport data;
• address of registration at the place of residence;
• Contact details;
• replaced position;
• individual taxpayer number;
• current account number;
• other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.
4.2.5.Representatives (employees) of the Operator’s clients and counterparties (legal entities):
• Full Name;
• passport data;
• Contact details;
• replaced position;
• other personal data provided by representatives (employees) of clients and contractors necessary for the conclusion and execution of contracts.
4.3. The processing by the Operator of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity) is carried out in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except as provided by the legislation of the Russian Federation.

5. Procedure and conditions for processing personal data
5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.
5.3. The operator carries out both automated and non-automated processing of personal data.
5.4. Employees of the Operator whose duties include the processing of personal data are allowed to process personal data.
5.5. The processing of personal data is carried out by:
• receiving personal data in oral and written form directly from the subjects of personal data;
• obtaining personal data from publicly available sources;
• entering personal data into journals, registers and information systems of the Operator;
• use of other methods of personal data processing.
5.6. It is not allowed to disclose to third parties and distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law. Consent to the processing of personal data authorized by the subject of personal data for distribution is issued separately from other consents of the subject of personal data to the processing of his personal data.
5.7.The transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
• determines threats to the security of personal data during their processing;
• adopts local regulations and other documents regulating relations in the field of processing and protection of personal data;
• appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
• creates the necessary conditions for working with personal data;
• organizes accounting of documents containing personal data;
• organizes work with information systems in which personal data is processed;
• stores personal data under conditions that ensure their safety and exclude unauthorized access to them;
• organizes training for the Operator’s employees who process personal data.
5.9.The operator stores personal data in a form that allows to determine the subject of personal data, no longer than required by the purposes of processing personal data, if the period of storage of personal data is not established by federal law, contract.
5.10. When collecting personal data, including through the Internet information and telecommunication network, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, for except in the cases specified in the Law on Personal Data.

6. Update, correction, deletion, destruction
personal data and termination of their processing,
responses to requests from subjects for access to personal data
6.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Art. 14 of the Law on Personal Data are provided by the Operator to the subject of personal data or his representative within 10 working days from the date of application or receipt of a request from the subject of personal data or his representative. This period may be extended, but not more than five working days. To do this, the Operator should send a reasoned notification to the subject of personal data indicating the reasons for extending the period for providing the requested information.
The information provided does not include personal data relating to other personal data subjects, unless there are legal grounds for disclosing such personal data.
The request must contain:
• number of the main identity document of the subject of personal data or his representative, information on the date of issue of the specified document and the authority that issued it;
• information confirming the participation of the subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing personal data by the Operator;
• signature of the personal data subject or his representative.The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
The operator provides the information specified in Part 7 of Art. 14 of the Law on Personal Data, to the subject of personal data or his representative in the form in which the relevant appeal or request is sent, unless otherwise specified in the appeal or request.
If in the appeal (request) of the personal data subject, in accordance with the requirements of the Law on Personal Data, all the necessary information is not reflected or the subject does not have the right to access the requested information, then a reasoned refusal is sent to him.
The right of the subject of personal data to access his personal data may be limited in accordance with Part 8 of Art. 14 of the Law on Personal Data, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.
6.2. In the event that inaccurate personal data is detected when the personal data subject or his representative contacts, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such request or receipt of the specified request for the period of verification, if the blocking of personal data data does not violate the rights and legitimate interests of the subject of personal data or third parties.If the fact of inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the subject of personal data or his representative or Roskomnadzor, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
6.3. If unlawful processing of personal data is detected when a personal data subject or his representative or Roskomnadzor contacts (requests) the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment such a request or receipt of a request.
6.4. If the Operator, Roskomnadzor or another interested person reveals the fact of illegal or accidental transfer (provision, distribution) of personal data (access to personal data), which resulted in a violation of the rights of personal data subjects, the Operator:
• within 24 hours – notifies Roskomnadzor of the incident, the alleged causes that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;

• within 72 hours – notifies Roskomnadzor of the results of the internal investigation of the detected incident and provides information about the persons whose actions caused it (if any).
6.5. Upon reaching the goals of processing personal data, as well as in the event that the subject of personal data withdraws consent to their processing, personal data shall be destroyed if:
• otherwise is not provided by the contract, the party to which, the beneficiary or the guarantor of which is the subject of personal data;
• The operator is not entitled to process without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws;
• otherwise is not provided by another agreement between the Operator and the subject of personal data.
6.6. When the subject of personal data applies to the Operator with a request to stop the processing of personal data within a period not exceeding 10 business days from the date the Operator receives the relevant request, the processing of personal data is terminated, except as otherwise provided by the Law on Personal Data. The specified period may be extended, but not more than five working days. To do this, the Operator must send a reasoned notification to the subject of personal data indicating the reasons for the extension of the period.

7. Final provisions
7.1. The Operator, as well as its officials and Employees, bear civil, administrative and other liability for non-compliance with the principles and conditions for processing personal data of individuals, as well as for the disclosure or illegal use of personal data in accordance with the legislation of the Russian Federation.
7.2. The Policy is publicly available and must be posted on the official Website of the Operator or otherwise provided with unlimited access to this document.
7.3. The Operator has the right to make changes to this Policy. The provisions of this Policy are subject to updating in the event of a change in the legislation of the Russian Federation on personal data. The new version of the Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy. The current version is permanently available on the page at: http://legalright-company.com/privacy-policy/