elsabeauty.decorexpro.com/en/ privacy policy

  1. General Provisions

1.1. The provisions of this policy, drawn up with the aim of regulating the work with personal data (below - the Policy), define a set of measures for their receipt and subsequent processing. The principles of the Policy take into account the rules established by the Federal Law No. 152 “On Personal Data” and do not conflict with the existing legislation of the Russian Federation regulating the processes of working with personal data (below is the data). The policy applies to all, without exception, the data received by the site https://elsabeauty.decorexpro.com/en/ (below - the Site) from persons who act as the second party in civil law contracts, and from visitors to the Site (below - Users).

1.2. The site implements the necessary set of measures to protect the collected data from unauthorized access, disclosure, unauthorized use or loss, which meets the requirements of the Federal Law No. 152 “On Personal Data” indicated above.

1.3. The Site reserves the right to make adjustments to the Policy. After that, the date of the latest additions is reflected at the end of its heading. The updated edition becomes effective immediately after its publication on the Site, unless the opposite is indicated in the latest version of the document.

  1. Special terms and abbreviations

Personal data - consolidated information of various kinds about a data subject, even having an indirect relation to it.

Data processing - various data manipulations or their whole complex, carried out by means of automatic systems or manually. These include: the procedure for obtaining, copying and recording the information received, their consolidation and bringing into the system, the implementation of accumulation and safe storage, as well as the addition of changes, use, transmission by any means, depersonalization, blocking and complete removal of information.

Automated data processing - all the actions described above, with the information provided from their collection to deletion, carried out through automated systems.

The personal data information system (ISPD) is a database of consolidated and brought into the system information, work with which is ensured through information technologies and technical means.

Personal data made publicly available by the subject of personal data - data that can be accessed by any person by the data subject or by someone at his request.

Data blocking - stop working with data, excluding situations when some actions with them are required to clarify them.

Data destruction - actions involving the impossibility of restoring information in the ISPD, and / or as a result of which media storing databases are physically destroyed.

Site - an organization that works with data on its own or with the involvement of third parties. It also determines the goals for the implementation of which any actions with available data are carried out.

  1. Processing personal data

3.1. The procedure for obtaining data.

3.1.1. The transmission of documented information about the personality of the subject is carried out directly by him in response to a request from the Site. When the receipt of the necessary information becomes possible only through third parties, it is necessary to notify the subject or his written consent.

3.1.2. The site does not restrict the subject to access to the most complete information about the goals for the implementation of which personal information is collected, their nature and possible sources, as well as about subsequent data operations. Information on the duration of the agreement and the mechanism for its termination remains open. In a situation where the subject refuses to provide the requested information to the Site, the latter must notify him of the consequences of such actions.

3.1.3. The necessary information is collected through:

  • entering information into forms on the Site, as well as on social networks, such as facebook;
  • subscription to the push channel of the Site;
  • obtaining originals of a number of required documents (work book, medical report, characteristics from previous places of work, etc.).

3.2. Data processing.

3.2.1. Any type of work with data can be started only subject to any of the conditions described below:

  • the consent of the data subject to their processing;
  • in cases where processing is required to implement the functions, duties or powers assigned by the legislation of the Russian Federation
  • personal data is opened by their subject for unlimited access by third parties.

3.2.2. Identity information is subject to processing for:

  • legal registration of labor / civil relations;
  • identification of users of the Site to send them notifications / requests and information necessary for the execution of agreements and contracts, for processing received requests and applications;
  • depersonalization of the data necessary for the generation of statistics, which is transmitted to a third party for research and work, as well as the provision of services on behalf of the Site.

3.2.3. Definition of categories of subjects of personal data.

To conduct business without violating existing legislation, the Site processes the data:

  • those persons who are with him in labor or in civil law relations;
  • persons dismissed from their posts on the Site;
  • all candidates applying for work on the Site;
  • all users of the Site.

3.2.4. Personal data processed by the Site can be obtained:

  • in the process of employment;
  • when selecting candidates for work;
  • in the process of civil law relations;
  • from users of the Site.

3.2.5. The obtained data can be processed by any of the proposed methods:

  • through automatic systems;
  • manually.

3.3. Storage of personal data.

3.3.1.Information about the subject requested by the Site can be transmitted in the most convenient form for the latter - both in paper and in electronic form.

3.3.2. Information received or transferred to paper media is subject to mandatory storage in safes or cabinets equipped with a lock, or in specially designated premises for which access by unauthorized persons is restricted in any way possible.

3.3.3. Data processed by electronic systems for excellent purposes require storage in various archive folders.

3.3.4. It excludes the storage and even temporary placement of information about personal data in ISPD in unprotected passwords or other means of electronic directories (file sharing).

3.3.5. Data on subjects in a form that allows the identification of the latter can be stored as much as is necessary to achieve the goals of the processing. Upon the fact of their achievement or loss of their relevance, information must be destroyed by any of the available methods.

3.4. Destruction of personal data.

3.4.1. The destruction of papers or other media containing data is carried out by burning, crushing (grinding), chemical decomposition, turning into a shapeless mass or powder. Paper documents can be destroyed using an office shredder.

3.4.2. Electronic storage media are cleared by erasing or formatting.

3.4.3. Upon the fact of the irretrievable physical destruction of the databases of the collected data, it is necessary to draw up an appropriate act on this for documentary evidence of the actions taken.

3.5. Transfer of personal data.

3.5.1. The basis for the transfer of data about visitors to the Internet portal to other individuals and structures is compliance with any of the conditions indicated below:

  • subject's consent to such actions;
  • provisions of legislation prescribing such procedures.

3.5.2. The provisions of the documents in force regarding the protection of personal data provide for the legal transfer of certain information by the Internet portal to the following government agencies:

  • Pension Fund;
  • tax;
  • Social insurance fund;
  • territorial health insurance fund;
  • health insurance organizations.

In order to implement salary projects, some information is transferred in fulfillment of contractual obligations to bank branches. The current legislative framework also provides for the transfer of requested information to the structural units of the Ministry of Internal Affairs of Russia.

Information in the form that excludes the identification of personalities of visitors to the Internet portal is given to counterparties.

  1. Measures and tools to protect personal data

4.1. To implement the norms of the state legislative base, the Site has created a multi-level defense system, which consists of a number of specialized structures.

4.1.1. Legal Block. It is represented by a set of documents of various spheres of influence, which directly provide the creation, functioning and improvement of the protective system.

4.1.2. Organizational defense unit. It unites the management structure of the entire protective complex, the licensing system and a set of measures to ensure the safety of information when working with unauthorized persons (employees, partners, etc.).

4.1.3. The technical protection subsystem included technical, software, and hardware and software tools that protect personal data.

4.2. The main measures and data protection tools used by the Site:

4.2.1. Identification of the person responsible for the processes of organizing effective and safe work with information. Under his signature, he familiarizes employees with the existing policy and takes measures to monitor the implementation of its provisions.

4.2.2.Prevention of situations that pose an actual threat to the security of databases in the process of working with the latter. Determination of the range of measures and effective tools for the implementation of high-quality protection of information from these factors.

4.2.3. Adoption and continuous modernization of a security policy that extends its influence over the entire range of data operations and their storage.

4.2.4. Adoption of the principles of multi-level access to data archives and conducting end-to-end registration and strict accounting of any operations carried out in the system.

4.2.5. Restricting login to a system containing data archives with secret passwords. Combinations of characters are individual for responsible persons. The level of access is dictated by work responsibilities, a list of which is prescribed in the job descriptions.

4.2.6. Implementation of proven and effective information security tools that have received conformity assessment in an approved manner.

4.2.7. Implementation and active operation of software that intercepts virus attacks. Priority licensed versions and regular updating of their databases.

4.2.8. Providing external conditions that contribute to the safe storage of the collected information and prevent unauthorized entry into the system.

4.2.9. Detection and fixing of facts of penetration into the archive of persons not authorized to carry out such operations, and the implementation of a set of measures that exclude these situations in the future.

4.2.10. Recovery of information damaged or deleted due to unauthorized access to the system of unauthorized persons.

4.2.11. Carrying out activities for employees directly working with data archives to familiarize themselves with the provisions of the state regulatory framework dictating its rules. Study of local documents defining the principles of internal security of archives and the current Policy.

4.5.12. A comprehensive audit and regular monitoring of compliance with the rules applicable within the structure.

  1. Rights of subjects of personal data and obligations of the Site

5.1. Basic rights of subjects of personal data.

Any subject who has transmitted information about himself receives the right of unhindered access to them on the Site. Also, information is available to him:

  • confirmation of the processing of his data;
  • about the reasons, legal grounds and goals that the Site pursues, performing any kind of data manipulation;
  • about the methodology and tools through which the Site carries out actions with the collected information;
  • the full, documented name and location of the Site;
  • about persons (excluding those who work in the state of the Site) who will be able to process information from its archives, or to whom it will be provided as part of compliance with contractual obligations or under the current legal field;
  • the duration and deadlines before which data will be processed and stored in internal archives;
  • about the rules, opportunities and the procedure for exercising their rights by the data subject, in accordance with the norms of existing legislation;
  • upon authorized transfer of the collected information to other persons, on the name of the latter (or full name for individuals) and the address of their actual location;
  • on the procedure for accessing the Site and the procedure for sending requests to it;
  • on the procedure for appealing actions or inaction of the Site.

5.2. Site Responsibilities.

Without contradicting the existing legislation, the Site has the following obligations:

  • receiving the data he needs, for his part, he explains to the subject for what purposes information is being collected, and also reports on the tools and methods for subsequent work with them;
  • notify the subject of the receipt of his personal data in the case when they are transferred to the Site by other persons;
  • explain to individuals what consequences the refusal to provide the required information is burdened with;
  • publish or otherwise provide open access to the regulatory legal act governing the Site Policy, and to information on measures taken by the Site to ensure uninterrupted protection of archives;
  • to implement on their own or with the help of other persons the whole range of measures in the legal field, in terms of organization and technical support for the protection of the collected information from any unauthorized actions;
  • provide answers at the request of the subjects of the data received or persons authorized to take such actions, as well as bodies that protect their rights.