- General conditions
1.1. This Personal Data Processing Policy (hereinafter – Policy) is compiled according to the paragraph 2 article 18.1 of the Federal Law No. 152-FZ «On Personal Data», dated July 27, 2006, and other normative legal acts of the Russian Federation in the field of personal data protection and processing, and applies to all personal data (hereinafter – data), which the Federal State Budgetary Institution «Russian Centre of Civil and Patriotic Education of Children and Youth» (hereinafter – Administration) can get from the subject of personal data, the user of the Internet (hereinafter – User, Service User) while using the website www.futureteam.world, its services, programs and products.
1.2. The Administration provides protection of the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law No. 152-FZ «On Personal Data», dated July 27, 2006.
1.3. The Administration declares that ensuring the legality and fairness of processing the data of the Users of the Service, confidentiality of data and safety of the processing processes are among the most important tasks related to providing access to the Service.
1.4. The Administration has the right to amend this Policy. When changes are made, the Policy title contains the date of the last update. The new version of the Policy shall come into force from the moment of its publication on the website, unless otherwise provided by the new edition of the Policy.
1.5. The provisions of this Policy applicable to the Administration are binding on all employees of the Administration.
- Terms and Abbreviations
2.1. Personal data is any information related to a directly or indirectly defined or determined individual (subject of personal data).
2.2. Data confidentiality is a requirement that the Administration or its authorized persons who have access to data agree not to allow the data dissemination without the consent of its subject or other legal basis.
2.3. Personal data processing is any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including obtaining, organizing, accumulating, holding, adjusting (updating, modifying), extraction, using, transfer (distribution, provision, access), impersonating, blocking or destroying of personal data.
2.4. Automatic processing of personal data – personal data processing by means of computer equipment.
2.5. Personal Data Information System (PDIS) is a set of personal information contained in databases and providing them with information technology and technical means.
2.6. Service User is an individual who is a party to the User agreement with the Administration regarding the provision of services for access to the Service through the website futureteam.world.
2.7. Personal data made publicly available by the subject of personal data – personal data, access of an unlimited circle of persons to which is provided by the subject of personal data upon his request.
2.8. Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary for clarification of personal data).
2.9. Destruction of personal data is an action resulting in the impossibility to restore the contents of personal data in Personal Data Information System as a result of which material information carriers of personal data are destroyed.
2.10. Administration is an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purposes of processing personal data and actions (operations) performed with personal data. The Administration is the Federal State Budgetary Institution «Russian Centre of Civil and Patriotic Education of Children and Youth», located at: Podsosensky Lane 5-1, Moscow.
2.12 Service is an Internet resource, which is a collection of information and software for computers contained in the hardware and software system that provides the availability of such information on the Internet at http://futureteam.world.
- Composition of data processed by the Administration
3.1. The user data processed by the Administration includes the following information about the Users of the Service: surname, name, patronymic, place of residence, e-mail address, date of birth, photo, sphere of professional activity and other information that the Service Users voluntarily and in a certain amount report about themselves or make available for processing when using the Service, if its processing is not prohibited by the legislation of the Russian Federation.
3.2. The Administration collects and stores only those data that are necessary for providing access to the Service and rendering services in accordance with the User Agreement.
- The purpose of user data processing
4.1. The Administration conducts the User’s data processing only for the purposes of:
4.1.1. provision of services for giving access to the Service and the possibility of its use by the users of the Service, including when identifying the User of the Service, providing information services, improving the Service and developing new services;
4.1.2. compliance with the legislation of the Russian Federation.
- The procedure for user data processing
5.1. User data is processed in the following cases:
5.1.1. processing of user data is carried out with the consent of the User of the Service to process his data;
5.1.2. processing of user data, access of an unlimited number of persons to which is provided by the User of the Service is carried out upon his request;
5.1.3. in other cases, stipulated by the legislation of the Russian Federation.
5.3. When using the Service, the User agrees to act in good faith, as it is required to do under the legislation of the Russian Federation. The Service User is obliged to provide only reliable information about himself. Users of the Service are responsible for the accuracy, relevance and compliance with the legislation of the Russian Federation of the information provided and the risk of violating the rights of third parties by his actions.
5.4. The Service User agrees that the Administration can send informational notifications to the email address of the User of the Service specified during registration. In this case, the User of the Service can independently configure the list of information that he wants to receive from the Administration after the registration by editing the corresponding section of the Service.
5.5. The Service User has the right to withdraw consent to the processing of his data by independently deleting his / her account (account) and stopping the use of the Service.
5.6. If the User of the Service withdraws consent to the processing of his data, the Administration stops processing the specified data and destroys them within a period not exceeding 180 (one hundred and eighty) days from the date of getting the relevant withdrawal by the Administration, on the terms and conditions stipulated by the legislation of the Russian Federation and the User Agreement.
5.7. The processing of personal data is carried out using automation tools.
5.8. Storage of personal data:
5.8.1. personal data of subjects can be obtained, processed further and stored electronically.
5.8.2. personal data of subjects processed using automation tools for different purposes are stored in different folders.
5.8.3. storage and placement of documents containing personal data in open electronic catalogs (file-sharing sites) or PDIS are not allowed.
5.8.4. storage of personal data in a form that allows to determine the subject of personal data is carried out no longer than required by the purpose of processing, and they are subject to destruction upon achievement of processing objectives or in case of loss of the need to achieve them.
5.9. Destruction of personal data:
5.9.1. personal data on electronic information carriers are destroyed by deleting or formatting the media.
5.9.2. fact of destruction of personal data is documented by the act of destruction.
5.10. transfer of personal data.
5.10.1. The Administration transfers personal data to third parties in the following cases:
– the subject expressed his consent to such actions;
– transfer is stipulated by Russian or other applicable legislation within the framework of the procedure prescribed by law.
5.10.2 Personal data are transmitted to law enforcement agencies of the Russian Federation in cases stipulated by the legislation, as well as to the judiciary upon request.
- Rights of the Service Users and the responsibilities of the Administration
6.1. The Service Users have the right to:
6.1.1. free and unrestricted access to their data in the manner and within the limits provided by the legislation of the Russian Federation;
6.1.2. information on their data and their processing provided in the amount and manner prescribed by the legislation of the Russian Federation;
6.1.3. require exclusion and / or correction of inaccurate and incomplete data, as well as data processed in violation of the provisions of the legislation of the Russian Federation, provided that the User of the Service or his authorized representative will provide information, confirming that the data related to the relevant entity and processed by the Administration are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of the processing;
6.1.4. appeal against any illegal actions and / or inaction of persons authorized to process data and responsible for the data protection;
6.1.5. The user has the right to get from the Administration the following information:
– confirmation of the fact of the personal data processing by the Administration;
– purposes and methods of the personal data processing used by the Administration;
– legal grounds and objectives for the personal data processing;
– name and location of the Administration, information about persons (with the exception of employees of the Administration) who have access to personal data or who can disclose personal data on the basis of a federal law;
– deadlines for processing personal data, including the timing of their storage;
– procedure for the subject of personal data to exercise the rights provided by the Federal Law;
– name or surname, patronymic and address of the person carrying out the processing of personal data on behalf of the Administration, if the processing is entrusted or will be entrusted to such person;
6.1.6. to exercise other rights provided by the legislation of the Russian Federation with respect to their data.
6.2. Obligations of the Administration.
The administration is obliged:
- to provide information about the personal data processing when collecting personal data;
– in cases where personal data were not obtained from the subject of personal data, to notify the subject;
– in case of refusal to provide personal data to the subject, the consequences of such refusal are explained;
– publish or otherwise provide unlimited access to the document that defines its policy regarding the personal data processing, information on the current requirements for the personal data protection;
– take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data;
– to respond to requests and appeals of subjects of personal data, their representatives and the authorized body for the protection of the rights of subjects of personal data.
- Protection of personal data and ensuring their safety
7.1. The Administration undertakes the necessary legal, organizational and technical measures to ensure the security of the Users of the Service from accidental or unauthorized access, destruction, modification, blocking of access and other illegal actions with the data of the Users of the Service.
7.2. In order to coordinate actions to ensure the security of data of the Service Users, the Administration:
7.2.1. adopts local normative acts aimed at planning, organizing and implementing legal, organizational and technical measures to ensure the security of the Service Users, and also fully complies with these measures;
7.2.2. appoints a person responsible for data security.
7.2. In accordance with the requirements of regulatory documents, the Administration created a System for the protection of personal data (SPPD), consisting of subsystems of legal, organizational and technical protection.
7.3. The legal protection subsystem is a set of legal, organizational, administrative and regulatory documents, ensuring the creation, functioning and development of SPPD.
7.4. The organizational protection subsystem includes the organization of the management structure of SPPD, the permitting system, the protection of information when working with employees, partners and third parties.
7.5. The technical security subsystem includes a set of technical, software and hardware, in order to ensure the protection of personal data.
7.6. The main measures for the protection of personal data used by the Administration are:
7.6.1. appointment of a person responsible for processing of the personal data, which organizes processing of the personal data, training and instruction, internal control over compliance by the institution and its employees with the requirements for protection of the personal data.
7.6.2. definition of actual threats to the security of personal data when processing them in Personal Data Information System (PDIS) and the development of measures and activities to protect personal data.
7.6.3. policy development in relation to the personal data processing.
7.6.4. setting rules for access to personal data processed in Personal Data Information System (PDIS), as well as ensuring the registration and recording of all actions performed with personal data in PDIS.
7.6.5. establishment of individual passwords for employees’ access to the information system in accordance with their professional responsibilities.
7.6.6. using the information protection means passed the conformity assessment procedure as appropriate.
7.6.7. certified antivirus software with regularly updated databases.
7.6.8. compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them.
7.6.9. detection of facts of unauthorized access to personal data and taking measures.
7.6.10. restoration of personal data, modified or destroyed due to unauthorized access to them.
7.6.11. teaching the employees of the Administration, directly carrying out the personal data processing, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, the documents that determine the policy of the Administration regarding the processing of personal data, the local acts on the personal data processing.
7.6.12. internal control and audit.
- Final provisions