Policy on processing of personal data in Seismotech, Ltd. Company

1. General provisions
  • 1.1. This Policy on personal data processing (hereinafter "Policy") is prepared in accordance with the Section 2 Part 1 Article 18.1, of the Federal Law of the Russian Federation Personal Data Protection Act No. 152-FZ dated July 27, 2006 (hereinafter Law) and defines the position of Seismotech, Ltd. Company (hereinafter Company) regarding processing and protection of personal data (hereinafter Data).
  • 1.2. This Policy applies to all the information the Company may obtain about the physical person (hereinafter User) while he uses the Company's website, yandexterra.com, services, programs, products or the Company services (hereinafter Services, Company Services).
  • 1.3. The use the Companys Services means the User's unreserved consent to this Policy and the terms and conditions of the processing of his personal data stated in it; in case he disagrees with these conditions, the User should refrain from using the Services.
  • 1.4. This Policy applies to Data obtained both before and after the entry into force of this Policy.
  • 1.5. Understanding the importance and value of the Data, as well as taking care of respecting the constitutional rights of citizens of the Russian Federation and citizens of the other countries, the Company provides the reliable Data protection.
2. Definitions
  • 2.1. Personal Data is any information directly or indirectly related to the User; i.e., in particular, such information includes the following: name; date and place of birth; address; information on family, social, and property/financial status; information on education, professional occupation, position and place of employment; income; phone number; contact email address; information on candidates for vacancies submitted by such candidates when filling in the questionnaire, including information contained in the candidates curriculum vitae/application/resume; and other information.
  • 2.2. Data processing shall mean any action (operation) or a combination of actions (operations) with Data carried out with or without the use of automation technologies and or with no use of such means. The mentioned actions (operations) include the following: Data collection, recording, systematisation, processing, storage, alteration (update, modification), retrieval, use, depersonalisation, blocking, deletion or destruction.
  • 2.3. Data security means protection of Data against any unauthorised and/or illegal access, destruction, modification, blocking, copying, provision, distribution, and also against any other illegal actions with regard to the Data.
3. Objectives and principles of data processing
  • 3.1. The Company carries out the User Data processing for the following purposes:
    • 3.1.1. In the case the User (contracting party/future contracting party) is a natural person or representative of corporate entity that are the Companys contracting parties, the purposes are as follows:
      • Identification of the party within the framework of delivery of Services, agreements and contracts with the Company, negotiating for the conclusion and execution of contracts in the various business areas of the Company;
      • Communication with the User, including sending of notifications, requests and information relating to the use of the Services, execution of contracts and delivery of agreements, and also processing of requests from the User for the purpose of agreements conclusion and execution.
    • 3.1.2. In the case the User is candidate for job openings, the purposes are as follows:
      • Making decision on conclusion of employment agreement with applicants for vacancies.
  • 3.2. In processing the data, the Company is committed to the following principles:
    • Data processing is carried out on a legal and equitable basis;
    • The Data shall not be disclosed to third parties and shall not be distributed without the consent of the Data subject, except for the cases of the Data disclosure on the request of the authorized governmental bodies or legal procedures;
    • Determination of specific legitimate objectives prior to the Data processing (including collection);
    • Only those Data that are necessary and sufficient for the stated purpose of processing shall be collected;
    • No consolidation of databases containing Data to be processed for purposes incompatible with one another is permitted;
    • Data processing is limited to achieving specific, predetermined and legitimate objectives;
    • Upon achieving the processing objectives or when there is no further need in achieving these objectives, the data processed shall be destroyed or depersonalized unless otherwise provided for by federal law;
    • The Company does not carry out cross-border transfers of the Data;
    • Data processing within the Company shall be carried out with no use of automation. The data processing operations shall include the following: Data collection, recording, systematisation, processing, storage, alteration (update, modification), retrieval, use, transfer (provision, access), depersonalisation, blocking, deletion, and destruction.
4. Measures for proper management of data processing and provision of personal data security
  • 4.1. During the Data processing, the Company shall take the necessary legal, organizational, and technical measures to protect the Data against any unauthorised and/or illegal access, destruction, modification, blocking, copying, provision, distribution, and also against any other illegal actions with regard to the Data.
  • 4.2. In accordance with the law, such measures include, among others, the following:
    • Appointment of the person responsible for the Data processing and the person responsible for the Data security;
    • Development and approval of the local acts on the Data processing and protection;
    • Application of organizational and technical measures to ensure the Data safety during processing, which are necessary to meet the Data protection requirements, implementation of which provides the Data security levels established by the Government of the Russian Federation;
    • Evaluation of the effectiveness of the Data security measures taken before the personal data system is operational;
    • Control of the measures taken to ensure the Data security and the level of personal data security;
    • Compliance with the conditions precluding unauthorized access to the Data tangible media/material objects and ensuring Data integrity/safety;
    • Familiarizing the employees directly involved in the Data processing with the provisions of the Russian Federation legislation on Data, including Data protection requirements, local Data processing and protection acts, and training of the Company employees.
5. Rights of the users - data subjects
  • 5.1. The User is a subject of personal data having the right to receive information on his personal data processing in the Company.
  • 5.2. The User that is a subject of personal data entitled to require the Company to update these personal data, block them or destroy them if they are incomplete, out-dated, inaccurate, illegally obtained or cannot be deemed necessary for the stated purpose of processing, and to take legal measures to protect their rights.
  • 5.3. In order to realize and protect its rights and legitimate interests, the User - personal Data subject - is entitled to contact the Company. The Company considers any appeals and complaints from the personal Data subjects, thoroughly investigates violations and takes all necessary measures to eliminate them immediately, punish perpetrators, and settle disputes and conflict situations in the pre-trial order.
6. Final provisions
  • 6.1. This Policy is a local regulatory document of the Company. This Policy is publicly available. Accessibility of this Policy is provided by publication on the Companys website: yandexterra.com.
  • 6.2. The Company has the right to make changes to this Policy. When changes are made, the recent revision contains the date of the last update. The new revision of the Policy comes into force from the moment it is published, unless otherwise provided for in the new revision of the Policy. The current revision is permanently available on the webpage: yandexterra.com/personal-data-processing-policy/
  • 6.3. In the case the provisions of this policy fail to be performed, the Company and its employees shall be liable in accordance with the current legislation of the Russian Federation.
  • 6.4. Monitoring of compliance with the requirements of this Policy shall be exercised by persons responsible for the organization of the Company's data processing and for the safety of personal data.
  • 6.5. The User is entitled to send any suggestions or questions about this Policy to e-mail mail@yandexterra.ru, or to the address: Office B-307, bld. 42/1, Bolshoy Blvd., Technopark Office Center, Skolkovo Innovation Center, Moscow, Russia, 121205 for Seismotech Ltd.

Last updated: June 19, 2017