Home » Other

Personal data processing policy - draw it up correctly (new recommendations from Roskomnadzor)

This Personal Data Processing Policy (hereinafter referred to as the “ Policy ”) applies to information that the Federal State Unitary Enterprise “Information Telegraph Agency of Russia (ITAR-TASS)” (hereinafter referred to as “ TASS ”) can receive about the user when the latter uses TASS websites on the Internet, including the following: , tass.com, itar-tass.com, tassphoto.com, dv.land, etokavkaz.ru, chrdk.ru, www.sms-tass.ru, allrussia.online, futurerussia. gov.ru (hereinafter referred to as the “Site” or “ Sites ”).

Terms and abbreviations

User (subject of personal data) – any legally capable person who intends to further fully or partially use the functionality of the Site(s).

TASS (personal data processing operator) - Federal State Unitary Enterprise "Information Telegraph Agency of Russia (ITAR-TASS)", registration address - 125993, Moscow, Tverskoy Boulevard, 10-12, OGRN: 1037700049606, INN: 7703082786, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data.

Use of the Site(s) means the user’s full and unconditional consent to this Policy and the conditions for the processing of his personal data specified therein. In case of disagreement with these terms and conditions, the user must refrain from using this Site(s).

1. Terms and definitions

Read also:  Order on approval of the Regulations on remuneration - sample

Automated processing of personal data - processing of personal data using computer technology;

Blocking of personal data - temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);

Information system of personal data - a set of personal data contained in databases, and information technologies and technical means that ensure their processing;

Depersonalization of personal data - actions as a result of which it is impossible to determine without the use of additional information the ownership of personal data to a specific subject of personal data;

Processing of personal data - any action (operation) or set of actions (operations) performed using automation tools or without the use of such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

Operator - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

Personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data);

Providing personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;

Dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or to familiarize with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;

Cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;

Destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material media of personal data are destroyed.

2. General provisions

This document defines the policy of Channel One JSC. World Wide Web (hereinafter referred to as the Operator) in relation to the processing of personal data and discloses information about the measures taken to ensure the security of personal data by the Operator in order to protect the rights and freedoms of humans and citizens when processing their personal data, including the protection of rights to privacy, personal and family secrets.

This document “Policy, JSC Channel One. World Wide Web" regarding the processing of personal data" (hereinafter referred to as the Policy) was developed in accordance with the Constitution of the Russian Federation, Federal Law No. 160-FZ "On the ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data", Labor Code of the Russian Federation No. 197-FZ, Federal Law No. 152-FZ “On Personal Data” (hereinafter referred to as FZ-152), other federal laws and regulations of the Russian Federation defining cases and features of processing personal data and ensuring the security and confidentiality of such information.

The provisions of this Policy are mandatory for all employees of the Operator who process personal data, including those working in branches and separate divisions of the Operator.

Read also:  Letter to the tax office about lack of activity: sample for the tax office and pension and social insurance funds

The provisions of this Policy are the basis for organizing work on the processing of personal data by the Operator, including the development of internal regulations governing the processing and protection of personal data by the Operator.

If certain provisions of this Policy conflict with the current legislation on personal data, the provisions of the current legislation shall apply.

Requests from Personal Data Subjects regarding the processing of their personal data by the Operator are accepted at the following addresses: 127427, Moscow, st. Academician Korolev, 19.

Also, Personal Data Subjects can send their request, signed with an enhanced qualified electronic signature, to the email address

This Policy is a document to which unrestricted access is provided. To ensure unlimited access, the Policy, in particular, is published on the Company’s official websites on the Internet at the following addresses: www.1tv.com, www.domkino.tv, www. domkino-premium.tv, www. kanal-o.ru, www.bober.ru, www.telecafe.ru, www.vremya.tv, www.poehali.tv, www.superbober.ru, www. muz1.tv, www.katyusha.tv, network.1tv.com and edu.1tv.ru.

3. Principles and conditions for processing personal data

3.1. Principles for processing personal data

The processing of personal data by the Operator is carried out on the basis of the following principles:

  • legality and fairness;
  • limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
  • preventing the processing of personal data incompatible with the purposes of collecting personal data;
  • preventing the merging of databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;
  • processing only those personal data that meet the purposes of their processing;
  • compliance of the content and volume of processed personal data with the stated purposes of processing;
  • preventing the processing of personal data that is excessive in relation to the stated purposes of their processing;
  • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of processing personal data;
  • destruction or depersonalization of personal data upon achieving the goals of their processing or in the event of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law.

3.2. Conditions for processing personal data

The operator processes personal data if at least one of the following conditions exists:

  • processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data;
  • processing of personal data is necessary to achieve the goals provided for by an international treaty of the Russian Federation or law, to implement and fulfill the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the operator;
  • the processing of personal data is necessary for the administration of justice, the execution of a judicial act, an act of another body or official, subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • processing of personal data is necessary for the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor, as well as for concluding an agreement on the initiative of the subject of personal data or an agreement under which the subject of personal data will be a beneficiary or guarantor;
  • the processing of personal data is necessary to exercise the rights and legitimate interests of the operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the subject of personal data are not violated;
  • processing of personal data is carried out, access to which is provided by an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as publicly available personal data);
  • processing of personal data subject to publication or mandatory disclosure in accordance with federal law is carried out.

3.3. Confidentiality of personal data

The operator and other persons who have access to personal data are obliged not to disclose to third parties or distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.

3.4. Public sources of personal data

For the purpose of information support, the Operator may create publicly available sources of personal data of personal data subjects, including directories and address books. Public sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, date and place of birth, position, contact telephone numbers, email address and other personal data reported by the subject of personal data.

Information about the subject of personal data must be excluded at any time from publicly available sources of personal data at the request of the subject of personal data, the authorized body for the protection of the rights of personal data subjects, or by court decision.

Read also:  Reasons for the lack of apartment tax: why it doesn’t come

3.5. Special categories of personal data

Processing by the Operator of special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life is permitted in cases where:

  • the subject of personal data has given consent in writing to the processing of his personal data;
  • personal data is made publicly available by the subject of personal data;
  • the processing of personal data is carried out in accordance with the legislation on state social assistance, labor legislation, the legislation of the Russian Federation on state pensions, and labor pensions;
  • the processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data or the life, health or other vital interests of other persons and obtaining the consent of the subject of personal data is impossible;
  • the processing of personal data is carried out for medical and preventive purposes, in order to establish a medical diagnosis, provide medical and medical and social services, provided that the processing of personal data is carried out by a person professionally engaged in medical activities and obliged in accordance with the legislation of the Russian Federation to maintain medical confidentiality;
  • the processing of personal data is necessary to establish or exercise the rights of the subject of personal data or third parties, as well as in connection with the administration of justice;
  • The processing of personal data is carried out in accordance with the legislation on compulsory types of insurance and insurance legislation.

Processing of special categories of personal data carried out in cases provided for in paragraph 4 of Art. 10 FZ-152 must be immediately terminated if the reasons due to which their processing was carried out are eliminated, unless otherwise provided by federal laws.

The processing of personal data on criminal records may be carried out by the Operator only in cases and in the manner determined in accordance with federal laws.

3.6. Biometric personal data

Information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established - biometric personal data - can be processed by the Operator only with the consent of the subject of personal data in writing.

3.7. Entrusting the processing of personal data to another person

The operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data provided for by Federal Law No. 152 and this Policy.

3.8. Processing of personal data of citizens of the Russian Federation

The operator ensures the collection, recording, systematization, accumulation, storage, clarification (updating, changing), retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in clauses 2,3,4,8 Part 1 Art. 6 FZ-152.

3.9. Cross-border transfer of personal data

The operator is obliged to make sure that the foreign state to whose territory it is intended to transfer personal data provides adequate protection of the rights of the subjects of personal data before such transfer begins. Cross-border transfer of personal data to the territory of foreign states that do not provide adequate protection of the rights of personal data subjects may be carried out in the following cases:

  • availability of written consent of the subject of personal data to the cross-border transfer of his personal data;
  • execution of a contract to which the subject of personal data is a party.

4. Rights and obligations

As part of the processing of personal data, the following rights are defined for the Operator and Personal Data Subjects:

The subject of personal data has the right:

  • receive information regarding the processing of his personal data in the manner, form and time frame established by the Law on Personal Data;
  • demand clarification of your personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable, illegally obtained, is not necessary for the stated purpose of processing or is used for purposes not previously stated when the Personal Data Subject provided consent to the processing of personal data data;
  • take measures provided by law to protect your rights;
  • withdraw your consent to the processing of personal data;
  • as well as other rights provided for by the Law on Personal Data.

The operator has the right:

  • process personal data of the Personal Data Subject in accordance with the stated purpose;
  • require the Personal Data Subject to provide reliable personal data necessary for the execution of the contract, identification of the Personal Data Subject, as well as in other cases provided for by the Law on Personal Data;
  • limit the Personal Data Subject’s access to his personal data if the Personal Data Subject’s access to his personal data violates the rights and legitimate interests of third parties, as well as in other cases provided for by the legislation of the Russian Federation;
  • process publicly available personal data of individuals;
  • carry out the processing of personal data subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation;
  • entrust the processing of personal data to another person with the consent of the Personal Data Subject;
  • as well as other rights provided for by the Law on Personal Data.

5. Ensuring the fulfillment of the operator’s obligations and measures to protect personal data

The security of personal data processed by the Operator is ensured by the implementation of legal, organizational and technical measures necessary to ensure the requirements of federal legislation in the field of personal data protection.

To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:

  • appointment of a person responsible for organizing the processing of personal data;
  • appointment of a person responsible for ensuring the security of personal data;
  • limiting the number of persons allowed to process personal data;
  • familiarization of subjects with the requirements of federal legislation and regulatory documents of the Operator for the processing and protection of personal data;
  • organization of accounting, storage and circulation of media containing information with personal data;
  • identification of threats to the security of personal data during their processing, generation of threat models based on them;
  • development of a personal data protection system based on a threat model;
  • checking the readiness and effectiveness of using information security tools;
  • restriction of user access to information resources and software and hardware for information processing;
  • registration and recording of actions of users of personal data information systems;
  • use of anti-virus tools and recovery tools for the personal data protection system;
  • application, where necessary, of firewalling, intrusion detection, security analysis and cryptographic information protection tools;
  • organization of access control to the Operator’s territory, security of premises with technical means for processing personal data.

6. Final provisions

Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data.

Employees of the Operator who are guilty of violating the rules governing the processing and protection of personal data bear material, disciplinary, administrative, civil or criminal liability in the manner prescribed by federal laws.

Personal data of users who receive and process the Sites

1.1. For the purposes of this Policy, the information that TASS can obtain about a user while the latter is using the Sites means:

1.1.1. Personal information that the user provides about himself independently when leaving an application, registering (creating an account), contacting through the feedback form or in connection with another process of using the Sites.

1.1.2. Data provided to TASS for the purpose of providing services and/or providing other values ​​for visitors to the Sites, in accordance with the activities of these Sites:

Read also:  Is it necessary to issue an invoice under the simplified tax system in 2019-2020?
  • surname;
  • Name;
  • surname;
  • phone number;
  • Email;
  • location;
  • photograph (image of a citizen);
  • series, identification document number/date and place of issue;
  • age/date of birth;
  • place of work (name of organization) and position held;
  • registration/sending address of correspondence;
  • link to personal website or social networks.

1.1.3. Data that is automatically transmitted to the Sites during its use using software installed on the user’s device, including, but not limited to:

  • technical characteristics of the device;
  • IP address;
  • information stored in cookies;
  • User-Agent;
  • date and time of access to the Site;
  • addresses of the requested pages of the Sites.

1.2. This Policy applies only to the Sites; TASS does not control and is not responsible for third party sites that the user can access through links available on the Sites. On such sites, other personal data may be collected or requested from the user, and other actions may be performed.

1.3. Websites generally do not verify the accuracy of personal information provided by users and do not monitor their legal capacity. However, the Sites assume that the user provides reliable and sufficient personal information on the issues proposed in the forms of this resource and keeps this information up to date.

Do not take universal consent from the employee for the processing of personal data

When hiring an employee, do not waste your time and do not ask for a universal consent to the processing of personal data, which will be valid until dismissal.

Written consent must be “specific, informed and conscious”, paragraph 1 of Art. 9 of Law No. 152-FZ. The universal consent that you take “for all occasions” does not meet these requirements, which means that you can assume that you have not received the employee’s consent. If you processed personal information without the written consent of an employee when it was required, the official will be fined from 10 to 20 thousand rubles, and the company - from 15 to 75 thousand, part 2 of Art. 13.11. Code of Administrative Offences.

The company has the right to process personal data only with the written consent of the employee, Part 4 of Art. 9 of Law No. 152-FZ. You can do without this document in cases specified by law. In other situations, seek separate written consent from the employee.

If you obtain personal data from third parties without the employee’s written consent, you will also break the law. As a general rule, an employee’s personal data can only be obtained from the employee himself. If you want to take information about an employee, for example, from an educational institution or former place of work, obtain written consent.

How to inform the bank of the employee’s salary, read below

Purposes of collecting and processing users’ personal data

2.1. TASS collects and processes only those personal data that are necessary to provide services and/or provide other values ​​to visitors to the Sites.

2.2. TASS may use the user’s personal data for the following purposes:

2.2.1. Identification of the party within the framework of agreements and contracts with TASS.

2.2.2. Providing the user with personalized services, offers and other values.

2.2.3. Communication with the user, including sending notifications, requests and information regarding the use of the Sites, provision of services, as well as processing requests and applications from the user.

2.2.4. Improving the quality of the Sites, ease of use, developing new services.

2.2.5. Targeting of advertising materials.

2.2.6. Conducting statistical and other studies based on the data provided.

2.2.7. Transfer of data to third parties for the purpose of carrying out the activities of the Sites.

2.2.8. Conclusion, execution and termination of civil contracts with individuals, legal entities, individual entrepreneurs and other persons, in cases provided for by current legislation and/or the TASS Charter.

Do not disclose the employee’s personal information to third parties without his written consent.

If an employee verbally asks you to provide information to a third party that contains his personal information, do not do it. You do not have the right to transfer personal data of an employee or former employee to third parties without their written consent. A verbal request in this situation is not enough. Inspectors will regard such a violation as data processing without the written consent of the employee and will be fined from 15 to 75 thousand rubles, part 2 of Art. 13.11. Code of Administrative Offences.

An employee or former employee may list the company as references, guarantors, and others who can provide information. However, even if the employee asks you about it personally, do not provide information about him until he brings a written statement. Before you share employee information with third parties, make sure that they have the right to receive this information and that the employee requests in writing that you share it.

Conditions for processing the user’s personal data and its transfer to third parties

3.1. Websites process users’ personal data in accordance with internal regulations applicable to specific services.

3.2. Confidentiality is maintained with respect to the user's personal data, except in cases where the user voluntarily provides information about himself for public access to an unlimited number of persons.

3.3. The site has the right to transfer the user’s personal information to third parties in the following cases:

3.3.1. The user expressed his informed consent to such actions by consent, expressed in the provision of such data.

3.3.2. The transfer is necessary as part of the user's use of a particular Site.

3.3.3. The transfer is provided for by Russian or other applicable legislation within the framework of the established procedure.

3.3.4. In order to ensure the protection of the rights and legitimate interests of TASS or third parties in cases where the user violates the terms of use of the Site.

3.4. When processing personal data of users, TASS is guided by the Federal Law of July 27, 2006 N 152-FZ “On Personal Data” and other regulatory legal acts of the Russian Federation.

Composition of the employee’s personal data

Part 2 art. 86 of the Labor Code of the Russian Federation prescribes the establishment of the quantitative and qualitative composition of an employee’s personal data based on the Constitution of Russia and the laws corresponding to it.

Working with personal information of employees involves using two types of documentation:

  • represented by a citizen during employment in accordance with Art. 65 Labor Code of the Russian Federation. This includes personal photographs, information about birth, citizenship of the country, information about marital status, registration address, education received and assigned specialty. Accordingly, this is a passport of a Russian citizen, a SNILS certificate, a document of a person liable for military service (military ID), etc.;
  • compiled by the administration of the enterprise without the participation of the citizen. We are talking about documentation in the field of time recording and wages. This includes various kinds of orders issued by management, employee cards, time sheets and pay slips.

User rights

4.1. The user has the right at any time to change (update, supplement) the personal data provided to him or part of it, if he confirms that it is incomplete, inaccurate or irrelevant, as well as the confidentiality parameters of their processing, and also has the right to demand their blocking or destruction if personal the data is incomplete, out of date, inaccurate or not necessary for the stated purpose of processing.

4.2. The user may at any time withdraw his consent to the processing of personal data.

4.3. The user has the right to request whether the processing of his personal data is taking place, to clarify the source of receipt of his personal data, to find out about the legal grounds, purposes, terms and methods of processing his personal data.

4.5. Questions specified in this section and other proposals and questions related to the processing of the user’s personal data by the Sites should be addressed by sending a written request to TASS at the address: 125993, Moscow, st. Tverskoy Boulevard, house 10-12.

4.4. The request must contain the number of the main document identifying the User or his representative, information about the date of issue of the specified document and the issuing authority, information confirming the User’s participation in relations with TASS (agreement number, date of conclusion of the agreement, symbolic verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by TASS, the signature of the user or his representative.

Rules and principles for working with information

Law No. 152-FZ formulates the basic principles on which to base when working with personal statements of citizens:

  1. This must be done on the basis of fairness and legality. Specifically, this means every time someone collects or processes the materials in question. He must have a legal basis for such action, as well as the consent of the person to whom this information relates.
  2. There is a limitation that relates to the purposes of processing. That is, details about a person can only be collected for specific, predetermined purposes. When processing occurs, it is prohibited to use this data for other activities.
  3. Each method of working with personal materials implies that they must be of a strictly defined type and their volume must correspond to the stated goals and not be excessive. This means that a person cannot be asked to provide more information about him than is necessary for a particular case.
  4. An important principle is the requirement that the information meet certain criteria. They must be accurate and complete and cannot be out of date, obtained illegally, or not fit for purpose. If information is received that does not meet the specified characteristics, the operator is obliged to destroy it.
  5. There are strict time limits for such work. Records may be collected, stored and processed only until the stated purpose has been fulfilled. After this, one of two actions can be done: it can be made anonymous or it must be destroyed.

Every organization, in one form or another, works with personal data of employees. However, it should occur only within the framework defined by Russian legislation.

In order for employees to understand the procedure for such work, a local regulatory act is usually adopted, which describes in detail the procedures for such work and the requirements that apply to it.

Typically, such a document is called “Regulations on the processing of personal data at the enterprise.” Typically, such a document includes the following sections:

  1. An explanation for what purpose such a document was drawn up and adopted.
  2. List of regulations on which its action is based.
  3. The exact formulations of legal concepts that are used below.
  4. Specific rules for processing such materials. First, the purposes of use are listed (usually they are limited to various personnel issues).
  5. The procedure for obtaining information from the subject himself, his legal representative, and third parties. In this case, the employee's consent must be obtained.
  6. The requirement to limit the types and depth of data collection to specific situations. A list of such situations is provided.
  7. Prohibition on receiving excessive details about employees (usually in this case we are talking about nationality, religious affiliation, etc.).
  8. It is also noted that decisions that will have legal consequences for the subject will not be made based on fully automated procedures.
  9. Ensuring non-disclosure of available information.
  10. It is indicated that obtaining personal data can only be done if the citizen’s written consent is obtained.
  11. A sample of such a permit document.
  12. Regulations for all procedures at the enterprise that are related to the processing of personal information.

This document establishes the procedure for work in this area at a specific enterprise.

Change of Policy. Applicable Law.

6.1. TASS reserves the right to make changes to this Policy. When changes are made to the current edition, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted, unless otherwise provided by the new version of the Policy. The current edition is always located on the page at: .

Read also:  As-built documentation, “KS-ki” and mutual settlements are now together

6.2. This Policy and the relationship between the user and TASS arising in connection with the application of this Policy are subject to the law of the Russian Federation.

Rating
( 2 ratings, average 4.5 out of 5 )
Did you like the article? Share with friends:
You may also be interested
Responsible for organizing the processing of personal data
How to act legally: sample processing of personal data obtained on the site
purpose of processing personal data law
What are the optimal periods for storing and processing personal data? How long does the subject's consent last?
Order on the appointment of those responsible for the processing of personal data
Step-by-step instructions for appointing someone responsible for organizing the processing of personal data
7 steps to creating a personal data protection system
An example of filling out an electronic form for notification of the intention to process personal data
Regulations on personal data of employees - sample 2020
Refusal of the employee to consent to the transfer of personal data
Refusal to provide personal data sample form
data
How to formalize an obligation of non-disclosure of personal data
Legal use of personal data in an online store
Legal guarantees for the protection of employee personal data in the labor legislation of the Russian Federation
Business guide