Получить лучшее предложение
Оставьте свой номер и наш менеджер сделает самое лучшее предложение для Вашего бизнеса.
отправляя форму, вы даете согласие компании wmingredients на обработку ваших данных
CONFIDENTIALITY AND PERSONAL DATA PROCESSING POLICY
Moscow Region, the town of Kotelniki 01.02.2024
The policy of WM Ingredients Ltd (hereinafter “the Operator”, “the Company”) regarding personal data processing (hereinafter “the Policy”) was prepared in compliance with Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” in order to procure the protection of a person's rights and liberties while processing his/her personal data, including the right to privacy, personal and family secrecy.
The Policy is applicable to all subjects’ PD processed at WM Ingredients Ltd with application of automation means and without application of such means, including those obtained via the Operator’s Website https://wmingredients.com (hereinafter “the Website”).
1. GENERAL PROVISIONS
1.1. Main terms used in the Policy:
1.2. Personal Data (hereinafter “PD”) means any information referring directly or indirectly to a particular or identified individual (PD Subject);
1.3. Personal Data Operator (“the Operator”) means WM Ingredients Ltd (INN 5027086981, legal address 140053, Moscow Region, the town of Kotelniki, Dzerzhinskoe shosse, 5) that independently or together with other persons organizes and (or) conducts PD processing, and also determines the objectives of PD processing, the composition of PD to be processed, actions (operations) to be performed with personal data.
1.4. Personal Data Subject (PDS, subject) means a private individual that is directly or indirectly identified or can be identified with the help of PD.
1.5. Personal Data processing means any action (operation) or a combination of actions (operations) performed with personal data automatically or manually. PD processing includes, among other things:
- collection;
- recording;
- arrangement;
- accumulation;
- storage;
- rectification (update, change);
- extraction;
- use;
- transfer (distribution, provision, access);
- depersonalisation;
- blocking;
- deletion;
- destruction.
1.6. Automated Personal Data Processing means PD processing using computer equipment;
1.7. Distribution of Personal Data means actions for making PD available to an indefinite range of persons;
1.8. Provision of Personal Data means actions for making PD available to a definite person or a definite range of persons;
1.9. Blocking of Personal Data means temporary suspension of employees’ personal data processing (except for cases when processing is needed for personal data rectification);
1.10. Destruction of Personal Data means actions as a result of which it becomes impossible to restore the PD content in the PD information system and (or) as a result of which tangible PD carriers are destructed;
1.11. Depersonalisation of Personal Data means action as a result of which it becomes impossible to determine the identity of a specific PDS just on the basis of such data, without using additional information;
1.12. Cross-border transfer of Personal Data means a transfer of PD to the territory of a foreign state, to a foreign state government authority, a foreign private individual or a foreign legal entity.
1.13. The legislative grounds for Personal Data processing are the statutory acts in pursuance of which the Operator preforms PD processing, including:
- the Constitution of the Russian Federation;
- the Labour Code of the Russian Federation;
- the Civil Code of the Russian Federation;
- the Tax Code of the Russian Federation;
- Federal Law of the Russian Federation of 27 July 2006 No. 149-FZ “On Information, Information Technology and Protection of Information”;
- Federal Law of the Russian Federation of 27 July 2006 No. 152-FZ “On Personal Data”;
- Decree of the RF Government of 01 November 2012 No. 1119 “On approval of requirements for protection of personal data processed in personal data information systems”;
- Decree of the RF Government of 15 September 2008 No. 687 “On approval of the Regulation on the peculiarities of processing of personal data conducted without using any automation tools”;
- Order of the Federal Service for Technical and Export Control (FSTEC) of Russia of 18.02.2013 No. 21 “On approval of the composition and the content of organisational and technical measures for personal data security during their processing in personal data information systems”;
- Other legal grounds for PD processing are as follows:
- Labour and other contracts and agreements made between the Operator and the PD subject;
- contracts and agreements made between the Operator and other legal entities, in compliance with which PD processing is to be conducted;
- the Operator’s foundation documents;
- the consent of the PD subject in cases not expressly stipulated by the legislation of the Russian Federation;
1.14. The Operator does not control and bears no responsibility for any third-party websites that can be accessed using links on the website https://wmingredients.com .
1.15. The Policy provisions are also taken into account and presented in relation to other parties, if their participation is necessary for PD processing by the Operator, for example, in cases of transfer by the Operator, in compliance with the established procedure, to any contractors, partners or other counterparties on the grounds of PD processing orders, other contracts and agreements.
2. CATEGORIES OF PERSONAL DATA SUBJECTS AND OBJECTIVES OF PD PROCESSING
2. 2.1. In the process of its operation, the Operator may process PD of the following categories of PD subjects:
- the Operator employees (labour, civil-law relations), former employees, candidates (applicants) for employment, as well as employees’ relatives;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors of the Operator’s offices / premises;
- visitors / users of the website https://wmingredients.com .
2.2. The scope and content of processed PD are determined on the basis of the processing objectives:
Objectives of PD processing
PD subjects
PD list
2.2.1. Ensuring spatial mobility:
- Organization of access and security controls on the territory of the Company buildings and offices;
- Registration of parking places;
- Registration of cargo carriage by motor vehicles;
- Issue of powers of attorney;
- Ensuring visitor safety on its territory
- Candidates (applicants), the Operator employees, former employees, as well as employees’ relatives;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors of the Operator’s offices / premises;
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of motor vehicles;
- photo / video recording, records of phone calls (negotiations), personal hand-written signature (sample)
2.2.2. Staff recruitment and hiring:
- Review of CVs and selection of candidates (applicants) for a vacancy for further employment by the Company;
- Coordination of candidates in accordance with internal regulations of the Company;
- Maintaining the Company talent pool;
- Check of selected candidates prior to entering into the labour agreement;
- Obtaining other information on the candidate (applicants) for a Company vacancy;
- Keeping statistical record on the selection process
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- military service details;
- migration registration details;
- professional activities (name of the employer, position, business unit, record of service, authority);
- skills and qualification (education level; profession; assigned specialties; command of a foreign language; completed training courses, traineeships and internships);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- phot and video recordings;
- details of temporary disability and health status (regarding incapacity to work, permanent disability, pregnancy).
- Candidates (applicants), the Operator employees, former employees, as well as employees’ relatives
2.2.3. Meeting labour legislation requirements (performance of the duties of the Operator as an employer, as stipulated by the labour legislation):
- Entry into, amendment, performance, maintenance, termination of labour agreements;
- Payroll calculation;
- Calculation of insurance payments;
- Provision of information to the bank for transfer of the salary and payment of remuneration;
- Military registration of employees;
- Provision of trainings to employees, undergoing traineeships and internships;
- Documentation of business trips;
- Keeping record of information necessary for maintenance of labour relations between an employee and an employer in compliance with the legislation of the Russian Federation;
- Provision of social benefits, financial aid, compensations and allowances to the Operator employees;
- Receipt / payment of alimony;
- Ensuring compliance with the Company internal regulations;
- Keeping employees’ personal records in accordance with the Т-2 form;
- Sick list accounting and payments
Employees, former employees of the Operator, as well as employees’ relatives
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship;
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- military service details;
- migration registration details;
- professional activities (name of the employer, position, business unit, record of service, authority);
- skills and qualification (education level; profession; assigned specialties; command of a foreign language; completed training courses, traineeships and internships);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- photo / video recording, records of phone calls (negotiations), personal hand-written signature (sample);
- details of temporary disability and health status (regarding incapacity to work, permanent disability, pregnancy)
2.2.4. Meeting the requirements of the legislation in force of the Russian Federation, including, without limitation, financial and tax legislation:
- Current bookkeeping and tax accounting, preparation, provision and submission of accounting, tax and financial statements, reports to state funds;
- Meeting the tax legislation requirements for tax assessment, withholding and payment, provision of tax deductions, organization of document flow and archive storage;
- Meeting the requirements and guidelines of state authorities;
- Enforcement of court rulings.
- Employees, former employees of the Operator, as well as employees’ relatives;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.)
- professional activities (name of the employer, position, business unit, record of service, authority);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- details of purchases made, orders of goods and services; details of payments.
2.2.5. Establishment of business cooperation:
- Entry into, amendment, performance, maintenance, termination of agreements, contracts, transactions (civil-law contracts, contracts for supply, performance of works / provision of services, offer agreements, sell / purchase of products from online stores) with counterparties and partners of the Operator.
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- details of purchases made, orders of goods and services; details of payments;
- other details.
2.2.6. Use of the Website:
- Registration, identification and personalization of users of websites, applications and other information resources of the Company;
- Provision of access to resources and functions available to registered users;
- Enhancement of user experience, improvement of software products;
- Giving answers to questions;
- Preparation of statistics reports.
- Visitors / users of the website https://wmingredients.com
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user);
2.2.7. Carrying out statistical research:
- Collection and analysis of statistical data on visits of the Operator website and other information resources of the Operator, analytical and statistical data on the subject of the Operator activity.
- Visitors / users of the website https://wmingredients.com
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user);
- other details.
2.2.8. Interaction:
- Communication with private individuals and legal entities to send them answers to their requests, notices, advertising, newsletters and information messages, as well as marketing messages to promote goods, works and services of the Operator and partner entities, carrying out SMS surveys, providing customer support.
- Candidates (applicants)
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors / users of the website https://wmingredients.com
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user)
2.2.9. For other purposes related to the Company statutory activity and compliance with the RF legislation.
2.2.10. The above list may be reduced or expanded depending on the specific case, the scope of information that the PD subject provides to the Operator at their own initiative and the processing purposes.
2.3. The Operator shall not process special PD categories concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual life, except for information on health status related to the PD subject’s ability to perform their labour functions in compliance with the legislation on state social support, labour and pension legislation of the Russian Federation.
2.4. Biometric PD are processed in accordance with Article 11 of the Federal Law “On Personal Data”.
2.5. Cross-border transfer of personal data into the territories of foreign states which do not provide adequate protection of the data subjects’ rights (or in case of impossibility of assessment of the protection adequacy) may be carried out by the Operator only for the purpose of the performance of a contract to which the personal data subject is a party, or where the personal data subject has given his/her consent to the cross-border transfer of his/her personal data.
3. RIGHTS AND OBLIGATIONS
3. 3.1. A PD Subject shall have the right:
3.1.1. to receive information regarding processing of their PD, including information containing:
- confirmation of the processing of personal data by the Operator;
- the legal grounds for and purposes of the processing of the personal data;
- the purposes and methods used by the Operator for the processing of personal data;
- the name and location of the Operator and information on persons (other than employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of a federal law;
- processed personal data relating to the personal data subject in question and the source from which they were obtained, unless a different procedure for the presentation of such data is prescribed by a federal law;
- the period of the processing of the personal data, including the period for which they are kept;
- the procedure for the exercise by the personal data subject of the rights provided for in this Federal Law;
- information on any actual or planned cross-border transfer of personal data;
- name or surname, first name and patronymic and the address of the person carrying out the processing of personal data on the instruction of the operator, if the processing has been or is intended to be assigned to such a person;
- other information provided for in this Federal Law or other federal laws;
- to protect their rights and lawful interests through judicial procedures.
3.1.2. To demand from the Operator rectification of their PD, their blocking or destruction in the case if such PD are incomplete, obsolete, inaccurate, unlawfully obtained or are not necessary for the declared purpose of the processing, and also take statutory measures for protection of their rights.
3.1.3. to protect their rights and lawful interests, in particular for compensation of damages and (or) compensation of moral harm through judicial procedures.
3.2. The Operator shall have the right:
- To provide subjects’ PD to third parties, if this is stipulated by the legislation in force (tax, law enforcement bodies, etc.);
- To deny provision of PD in cases stipulated by the legislation;
- To use PD of a subject without their consent in cases stipulated by the legislation;
- To make changes to the Policy. The amended Policy shall enter into force at the time of its publication ;
- protect their rights and lawful interests through judicial procedures.
3.3. The Operator shall have:
- to provide to the personal data subject, upon his request, the information which is provided for in part 7 of Article 14 of the Federal Law “On Personal Data” within 10 business days;
- to keep PD confidential – not disclose PD to third parties and not disseminate PD without the PD subject’s consent, unless stipulated otherwise by the Federal Law;
- when collecting PD, in particular, using the internet information communication network, to ensure recording, arrangement, accumulation, storage, rectification (update, change), extraction of PD of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases stipulated by clauses 2, 3, 4, 8 Part 1 Article 6 of the Federal Law “On Personal Data”;
- to respond to requests of Roscomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) within 10 business days.
4. PROCEDURE AND CONDITIONS OF PD PROCESSING
1. 2. 3. 4. 4.1. PD shall be processed by the Operator in compliance with the legislation of the Russian Federation.
4.2. Actions with PD include: collection, recording, arrangement, accumulation, storage, rectification (update, change), extraction, use, transfer (provision, access), depersonalisation, blocking, deletion, destruction of PD.
4.3. Personal data processing by the operator shall be restricted by achieving specific pre-determined and legal purposes. It is not allowed to process personal data for the purpose incompatible with that one of personal data collection. The scope and content of the processed PD have to be in line with the declared purposes of the processing.
4.4. The Operator shall process PD for each of the purposes of their processing using the following methods:
- non-automated PD processing;
- automated PD processing with transfer of obtained information via information telecommunication networks, or without such transfer;
- mixed PD processing.
4.5. PD shall be processed with the consent of PD subjects for processing of their PD (in particular, in the form of the PD subject performing implicative actions), or without it in cases stipulated by the legislation of the Russian Federation.
4.6. A consent may be expressed, for example, in the following forms:
- By signing a consent for PD processing in compliance with the Operator’s form, in particular, using a basic electronic signature;
- In the process of communication with the Operator’s representatives over the phone or face-to-face;
- By way of making notes, ticking checkboxes, filling in relevant fields in forms, questionnaires, among other things, on the Operator Website;
- Transfer using the relevant link in an email;
- Maintaining electronic correspondence devoted to PD processing by the Operator;
- At the time of registration on the Operator Website or by pressing an interface on the Website in any other parts, in the presence of an indication that data shall be sent in accordance with the terms and conditions of the said Policy;
- By accepting the terms and conditions of the offer agreement, the license agreement, the rules of using the Operator’s information resources;
- By continuing to use applications, services, information resources, websites of the Operator, interaction with their user interfaces, after notifying the use of data processing;
- By granting the relevant permits to a mobile application at the time of its installation or use;
- By passage to the territory after familiarization with warning signs and notices;
- By participation in the Operator’s marketing activities, subscription for information, advertising and news materials (special promotions, competitions, special projects, advertising).
- other actions performed by the subject that can be indicative of their will.
4.7. Transfer (distribution, provision, access) of PD to third parties, including the Company counterparties, transportation organisers and other legal entities shall be conducted with the consent of the PD Subject, unless stipulated otherwise by federal laws.
4.8. Any transfer (distribution, provision, access)of PD allowed by the PD subject for distribution has to be terminated at any time upon the PD subject’s request.
4.9. Transfer of PD to preliminary inquiry and investigation bodies, to the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive bodies and organization shall be carried out in compliance with the requirements of the legislation of the Russian Federation.
4.10. Personal Data processing and storage shall not last longer than is required by the purposes of the Personal Data processing, as long as there are no legal grounds for further processing, for example, the relevant storage period set forth by the Federal Law or by an agreement with the Personal Data subject.
4.11. Processed PD are to be destroyed or depersonalized upon occurrence of the following events:
- Achievement of the purposes of Personal Data processing or no further need to achieve such purposes;
- Withdrawal of the Personal Data Subject’s consent for processing of their Personal Data (except for cases stipulated by the legislation in force of the Russian Federation);
- Receipt from the Personal Data Subject of a requirement for deletion of their Personal Data (except for cases stipulated by the legislation in force of the Russian Federation);
- termination of the Company activity.
4.12. PD should be stored in a form that makes it possible to identify the PD subject no longer than it is required by the purposes of the PD processing, unless the period of PD storage is established by the Federal Law or an agreement, of which the PD subject is a party, a beneficiary or a guarantor.
4.13. It is not allowed to merge databases containing PD processed for purposes that are incompatible;
4.14. When processed without any means of automation, such PD have to be separated from other information, in particular, by way of recording them on standalone tangible PD carriers (hereinafter “tangible carriers”), in special sections or in the margins of forms (templates). When recording PD on tangible carriers, it is not allowed to record on one tangible carrier any PD, the purposes of processing which are definitely incompatible. For processing of various PD categories carried out without any means of automation, a separate tangible carrier has to be used for each PD category.
4.15. The Operator is allowed to assign PD processing to another person on the grounds of an agreement made with such person, such as a state or municipal contract.
4.16. A person carrying out the processing of personal data on the instruction of an operator shall be obliged to comply with the principles and rules for the processing of personal data which are stipulated by the Federal Law “Ob Personal Data”.
4.17. When processing PD, the Operator shall take or ensure taking the relevant legal, organizational and technical measures to protect PD against illegal or occasional access thereto, destruction, change, blocking, copying, provision, distribution of PD, and also against any other unlawful actions regarding PD, in particular:
- identify threats to the security of personal data while they are being processed;
- adopt internal regulations and other documents regulating relationships in the area of PD processing and protection;
- appoint persons responsible for ensuring PD security in the Operator’s business units and information systems;
- provide for the necessary conditions for working with PD;
- provide for keeping record of documents containing PD;
- organise work with information systems where PD are processed;
- store PD under conditions ensuring their security and preventing unlawful access thereto;
- organise training of the Operator employees conducting PD processing.
4.18. When processing PD received not directly from the subject, but from other persons on the grounds of an agreement or an assignment for their processing, the obligation to obtain the subject’s consent may be imposed on the person who provided the PD.
4.19. In case of a refusal of a subject to provide their PD in the necessary and sufficient scope, the Operator will not be able to perform the relevant actions to achieve the purposes of the processing. For example, in such case the user registration in the software product may not be completed, the services under the agreement may not be provided, the work may not be performed, the goods may not be supplied, the applicant’s CV for the vacancy may not be considered, etc.
4.20. The Operator shall not verify the PD provided by the subject nor the subject’s legal capacity. In such case, the Operator shall proceed from the following assumptions:
- The PDS has provided information that is reliable in its entirety;
- The PDS has civil capacity and is entitled to grant the relevant consent. If for any reason the PDS has no such right, the consent for PD processing shall be granted by the PD subject’s legal representative.
4.21. In case of identification of any facts of provision of inaccurate information or lack of legal capacity by the PD subject who granted a consent for PD processing, the Operator shall take all relevant measures to rectify the violation detected. All risks of provision of inaccurate or insufficient information shall be borne by the PD subject.
5. PROCESSING OF ELECTRONIC USER DATA, INCLUDING cookies
5.1. The Operator, for the purpose of PD processing established by the Policy may collect electronic user data on its websites automatically, without any need for the user participation or performance of any actions for sending data.
5.2. The accuracy of electronic data collected by the Operator in this way shall not be checked, information shall be processed “as is”, as originally received from the client device.
5.3. Visitors and users of the Operator’s Website may be shown popup notices of collection and processing of cookies data, with a reference to the Policy and buttons of acceptance of the processing conditions or closing the popup notice.
5.4. The user acceptance of the cookies processing conditions or closing of the popup notice under the Policy is regarded as a consent for processing cookies on the Operator’s websites.
5.5. When visiting and using websites, information resources and web applications of the Operator, information may be stored in the browser on the user’s device (for example, cookies data) that makes it possible to subsequently identify the user or the device, remember the work session or save several settings and preferences of the user specific for these particular websites. Such information, after being saved in the browser and until the expiration of the established time of validity or deletion from the device will be sent at each subsequent request to the website, on behalf of which it was saved, together with such request for processing on the Operator side.
5.6. The Operator needs processing of cookies data for correct operation of websites, in particular, their functions for access to registered users of software products, services, works and resources of the Operator; personalization of users; enhancement of efficiency and convenience of working with websites, and also for other purposes stipulated by the Policy.
5.7. Besides processing of cookies data established by the Operator websites, there may be set for users and visitors some cookies related to third-party websites, for example, in cases when the Operator’s websites use third-party components and software. The processing of such cookies is regulated by policies of the relevant websites to which they refer and may be used without notification of users of the Operator’s websites.
5.8. A user may decline all cookie files (when changing browser settings, and also when changing the settings of Services, in case of technical ability). In case of a decline to use cookie files, the User agrees that certain parts (functions) of the Services may be unavailable to them.
6. UPDATE, CORRECTION, DELETION AND DESTRUCTION OF PD, RESPONSES TO SUBJECTS’ REQUESTS FOR ACCESS TO PERSONAL DATA
6.1. A PD subject has the right to receive information stated in Part 7 Article 14 of the Federal Law “On Personal Data”, except for cases stipulated by Part 8 Article 14 of the Federal Law “On Personal Data”.
6.2. A confirmation of the fact of PD processing by the Operator, the legal grounds and purposes of PD processing, as well as other information stated in Part 7 Article 14 of the Federal Law “On Personal Data” shall be granted by the Operator to the PD subject or their representative within 10 business days after the application or the receipt of the request of the PD subject or their representative. Such period may be extended, but not more than by five business days. For this, the Operator shall have to send the PD subject a motivated notice, indication the reasons for extension of the period for provision of the requested information.
6.3. The information provided shall not include PD related to other PD subjects, except for cases, when there are lawful grounds for disclosure of such PD.
6.3.1. A request shall contain:
- the number of the principal identification document of the personal data subject or of his legal representative, information as to the date of issue of that document and the body which issued it;
- information evidencing the personal data subject’s relationship with the Operator (number of contract, date of conclusion of contract, reference designation and (or) other information) or information which otherwise confirms the processing of the personal data by the Operator;
- the signature of the personal data subject or of his representative.
- A request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
6.3.2. The Operator shall provide the information stated in Part 7 Article 14 of the Federal Law “On Personal Data” to the PD subject or their representative in the form in which the relevant application or request is submitted, unless stipulated otherwise in the application or request.
6.3.3. Unless the application (request) of a PD subject contains all relevant information in accordance with the requirements with the Law on PD, or unless the subject has the right of access to the information requested, they shall be sent a motivated refusal.
6.3.4. The right of a PD subject for access to their personal data may be restricted in compliance with Part 8 Article 14 of the Federal Law “On Personal Data”, in particular, if access of the PD subject to their personal data violates any rights and lawful interests of third parties.
6.4. In case of identification of any inaccurate PD on the basis of an application of the personal data subject or of their legal representative, or on the basis of their request, or upon request of Roscomnadzor, the Operator shall block the PD related to such PD subject, since the time of such application or request for the duration of the check period, provided that blocking of PD does not violates any rights and lawful interests of the PD subject or third parties.
In case of confirmation of PD inaccuracy, the Operator, on the grounds of information provided by the PD subject or their representative or by Roscomnadzor, or on the grounds of any other relevant document, shall rectify the PD within 7 (seven) business days after provision of such information and shall release the PD blocking.
6.5. In case of identification of unlawful PD processing on the basis of an application (request) of the personal data subject or of their legal representative, or upon request of Roscomnadzor, the Operator shall block the unlawfully processed PD related to such PD subject, since the time of such application or request.
6.6. Upon identification by the Operator, Roscomnadzor or any other interested party any facts of unlawful or occasional transfer (provision, distribution) of PD (access to PD) entailing a violation of the PD subject rights, the Operator shall:
- within 24 hours – notify Roscomnadzor of the incident, hypothetic causes that resulted in a violation of PD subject rights, potential harm to PD subject rights and measures taken to eliminate the consequences of the incident. It also shall provide information on the person authorized by the Operator for interaction with Roscomnadzor on matters related to the incident;
- within 72 hours – notify Roscomnadzor of the results of internal investigation of the identified incident and provide information on the persons whose actions became the cause of the incident (if any).
6.7. Procedure of PD destruction by the Operator.
6.7.1. Conditions and timeline of PD destruction by the Operator:
- Achievement of the purpose of PD processing or no further need for achieving this purpose – within 30 days;
- Achievement of the maximum period of storage of documents containing PD - within 30 days;
- Provision by the PD subject (their representative) of any confirmation that PD were received unlawfully or are not necessary for the declared purpose of processing – within seven business days;
- Withdrawal by the PD subject of their consent for processing of their PD, as long as their storage for the purpose of their processing is no longer required – within 30 days.
6.7.2. Upon achievement of the purpose of PD processing, and also in case of Withdrawal by the PD subject of their consent for processing of their PD, the PF are to be destroyed, unless:
- stipulated otherwise by an agreement of which the PD subject is a party, a beneficiary or a guarantor;
- the Operator is entitled to conduct processing without the consent of the PD subject on the grounds stipulated by the Law on PD or other federal laws;
- stipulated otherwise by another agreement between the Operator and the PD subject.
7. OTHER CONDITIONS
7.1. The Policy is a publicly available document of the Company and allows any persons to familiarize themselves with its current version by way of posting it on the internet at: https://wmingredients.com.
7.2. The Operator is entitled to amend and supplement the present Policy without the consent or any special notification of any persons.
7.3. The new Policy shall enter into force since the time of its posting on the Website and shall be valid for an unlimited period, until replaced with a new version.
7.4. All relations regarding PD processing not covered by the present Policy shall be regulated by the provisions of the RF legislation.
7.5. All questions under the present Policy should be communicated by email or to the mailing address: 140053, Moscow Region, the town of Kotelniki, Dzerzhinskoe shosse, 5, info@wmingredients.com
The policy of WM Ingredients Ltd (hereinafter “the Operator”, “the Company”) regarding personal data processing (hereinafter “the Policy”) was prepared in compliance with Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” in order to procure the protection of a person's rights and liberties while processing his/her personal data, including the right to privacy, personal and family secrecy.
The Policy is applicable to all subjects’ PD processed at WM Ingredients Ltd with application of automation means and without application of such means, including those obtained via the Operator’s Website https://wmingredients.com (hereinafter “the Website”).
1. GENERAL PROVISIONS
1.1. Main terms used in the Policy:
1.2. Personal Data (hereinafter “PD”) means any information referring directly or indirectly to a particular or identified individual (PD Subject);
1.3. Personal Data Operator (“the Operator”) means WM Ingredients Ltd (INN 5027086981, legal address 140053, Moscow Region, the town of Kotelniki, Dzerzhinskoe shosse, 5) that independently or together with other persons organizes and (or) conducts PD processing, and also determines the objectives of PD processing, the composition of PD to be processed, actions (operations) to be performed with personal data.
1.4. Personal Data Subject (PDS, subject) means a private individual that is directly or indirectly identified or can be identified with the help of PD.
1.5. Personal Data processing means any action (operation) or a combination of actions (operations) performed with personal data automatically or manually. PD processing includes, among other things:
- collection;
- recording;
- arrangement;
- accumulation;
- storage;
- rectification (update, change);
- extraction;
- use;
- transfer (distribution, provision, access);
- depersonalisation;
- blocking;
- deletion;
- destruction.
1.6. Automated Personal Data Processing means PD processing using computer equipment;
1.7. Distribution of Personal Data means actions for making PD available to an indefinite range of persons;
1.8. Provision of Personal Data means actions for making PD available to a definite person or a definite range of persons;
1.9. Blocking of Personal Data means temporary suspension of employees’ personal data processing (except for cases when processing is needed for personal data rectification);
1.10. Destruction of Personal Data means actions as a result of which it becomes impossible to restore the PD content in the PD information system and (or) as a result of which tangible PD carriers are destructed;
1.11. Depersonalisation of Personal Data means action as a result of which it becomes impossible to determine the identity of a specific PDS just on the basis of such data, without using additional information;
1.12. Cross-border transfer of Personal Data means a transfer of PD to the territory of a foreign state, to a foreign state government authority, a foreign private individual or a foreign legal entity.
1.13. The legislative grounds for Personal Data processing are the statutory acts in pursuance of which the Operator preforms PD processing, including:
- the Constitution of the Russian Federation;
- the Labour Code of the Russian Federation;
- the Civil Code of the Russian Federation;
- the Tax Code of the Russian Federation;
- Federal Law of the Russian Federation of 27 July 2006 No. 149-FZ “On Information, Information Technology and Protection of Information”;
- Federal Law of the Russian Federation of 27 July 2006 No. 152-FZ “On Personal Data”;
- Decree of the RF Government of 01 November 2012 No. 1119 “On approval of requirements for protection of personal data processed in personal data information systems”;
- Decree of the RF Government of 15 September 2008 No. 687 “On approval of the Regulation on the peculiarities of processing of personal data conducted without using any automation tools”;
- Order of the Federal Service for Technical and Export Control (FSTEC) of Russia of 18.02.2013 No. 21 “On approval of the composition and the content of organisational and technical measures for personal data security during their processing in personal data information systems”;
- Other legal grounds for PD processing are as follows:
- Labour and other contracts and agreements made between the Operator and the PD subject;
- contracts and agreements made between the Operator and other legal entities, in compliance with which PD processing is to be conducted;
- the Operator’s foundation documents;
- the consent of the PD subject in cases not expressly stipulated by the legislation of the Russian Federation;
1.14. The Operator does not control and bears no responsibility for any third-party websites that can be accessed using links on the website https://wmingredients.com .
1.15. The Policy provisions are also taken into account and presented in relation to other parties, if their participation is necessary for PD processing by the Operator, for example, in cases of transfer by the Operator, in compliance with the established procedure, to any contractors, partners or other counterparties on the grounds of PD processing orders, other contracts and agreements.
2. CATEGORIES OF PERSONAL DATA SUBJECTS AND OBJECTIVES OF PD PROCESSING
2. 2.1. In the process of its operation, the Operator may process PD of the following categories of PD subjects:
- the Operator employees (labour, civil-law relations), former employees, candidates (applicants) for employment, as well as employees’ relatives;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors of the Operator’s offices / premises;
- visitors / users of the website https://wmingredients.com .
2.2. The scope and content of processed PD are determined on the basis of the processing objectives:
Objectives of PD processing
PD subjects
PD list
2.2.1. Ensuring spatial mobility:
- Organization of access and security controls on the territory of the Company buildings and offices;
- Registration of parking places;
- Registration of cargo carriage by motor vehicles;
- Issue of powers of attorney;
- Ensuring visitor safety on its territory
- Candidates (applicants), the Operator employees, former employees, as well as employees’ relatives;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors of the Operator’s offices / premises;
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of motor vehicles;
- photo / video recording, records of phone calls (negotiations), personal hand-written signature (sample)
2.2.2. Staff recruitment and hiring:
- Review of CVs and selection of candidates (applicants) for a vacancy for further employment by the Company;
- Coordination of candidates in accordance with internal regulations of the Company;
- Maintaining the Company talent pool;
- Check of selected candidates prior to entering into the labour agreement;
- Obtaining other information on the candidate (applicants) for a Company vacancy;
- Keeping statistical record on the selection process
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- military service details;
- migration registration details;
- professional activities (name of the employer, position, business unit, record of service, authority);
- skills and qualification (education level; profession; assigned specialties; command of a foreign language; completed training courses, traineeships and internships);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- phot and video recordings;
- details of temporary disability and health status (regarding incapacity to work, permanent disability, pregnancy).
- Candidates (applicants), the Operator employees, former employees, as well as employees’ relatives
2.2.3. Meeting labour legislation requirements (performance of the duties of the Operator as an employer, as stipulated by the labour legislation):
- Entry into, amendment, performance, maintenance, termination of labour agreements;
- Payroll calculation;
- Calculation of insurance payments;
- Provision of information to the bank for transfer of the salary and payment of remuneration;
- Military registration of employees;
- Provision of trainings to employees, undergoing traineeships and internships;
- Documentation of business trips;
- Keeping record of information necessary for maintenance of labour relations between an employee and an employer in compliance with the legislation of the Russian Federation;
- Provision of social benefits, financial aid, compensations and allowances to the Operator employees;
- Receipt / payment of alimony;
- Ensuring compliance with the Company internal regulations;
- Keeping employees’ personal records in accordance with the Т-2 form;
- Sick list accounting and payments
Employees, former employees of the Operator, as well as employees’ relatives
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship;
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- military service details;
- migration registration details;
- professional activities (name of the employer, position, business unit, record of service, authority);
- skills and qualification (education level; profession; assigned specialties; command of a foreign language; completed training courses, traineeships and internships);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- photo / video recording, records of phone calls (negotiations), personal hand-written signature (sample);
- details of temporary disability and health status (regarding incapacity to work, permanent disability, pregnancy)
2.2.4. Meeting the requirements of the legislation in force of the Russian Federation, including, without limitation, financial and tax legislation:
- Current bookkeeping and tax accounting, preparation, provision and submission of accounting, tax and financial statements, reports to state funds;
- Meeting the tax legislation requirements for tax assessment, withholding and payment, provision of tax deductions, organization of document flow and archive storage;
- Meeting the requirements and guidelines of state authorities;
- Enforcement of court rulings.
- Employees, former employees of the Operator, as well as employees’ relatives;
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents, the driving license;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.)
- professional activities (name of the employer, position, business unit, record of service, authority);
- family details (marital status, family composition, legal representatives, nearest relatives, degree of kindred, documents confirming the family composition / degree of kindred);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- details of purchases made, orders of goods and services; details of payments.
2.2.5. Establishment of business cooperation:
- Entry into, amendment, performance, maintenance, termination of agreements, contracts, transactions (civil-law contracts, contracts for supply, performance of works / provision of services, offer agreements, sell / purchase of products from online stores) with counterparties and partners of the Operator.
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- details of identification documents;
- details of the subject’s identification numbers in state registration systems (e.g. INN, SNILS, etc.);
- information provided to the bank for transfer of salary, payment of remuneration and other payments; on accruals and withholding of monetary funds; payment details; details of tax and other payments to state funds;
- details of purchases made, orders of goods and services; details of payments;
- other details.
2.2.6. Use of the Website:
- Registration, identification and personalization of users of websites, applications and other information resources of the Company;
- Provision of access to resources and functions available to registered users;
- Enhancement of user experience, improvement of software products;
- Giving answers to questions;
- Preparation of statistics reports.
- Visitors / users of the website https://wmingredients.com
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user);
2.2.7. Carrying out statistical research:
- Collection and analysis of statistical data on visits of the Operator website and other information resources of the Operator, analytical and statistical data on the subject of the Operator activity.
- Visitors / users of the website https://wmingredients.com
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user);
- other details.
2.2.8. Interaction:
- Communication with private individuals and legal entities to send them answers to their requests, notices, advertising, newsletters and information messages, as well as marketing messages to promote goods, works and services of the Operator and partner entities, carrying out SMS surveys, providing customer support.
- Candidates (applicants)
- the Operator customers and counterparties (private individuals, individual entrepreneurs) who have a contract and / or are planning to start contractual relations with the Operator;
- representatives / employees of the Operator customers and counterparties (legal entities) who have a contract and / or are planning to start contractual relations with the Operator;
- visitors / users of the website https://wmingredients.com
- Personal details (surname, first name, patronymic; gender; year, month and day of birth; age; place of birth, nationality, citizenship);
- contact details (mailing address, telephone numbers, email addresses; registration address and actual residence address;
- electronic user data (user IDs, IP addresses, cookies, identifiers of devices, screen size and resolution, details of the hardware and software, e.g. browsers, operational system, installed applications, geolocation, language settings, time zone, time and statistics of using applications and information resources of the Operator, user actions in services, sources of transition to web pages, submitted search requests and other requests, content created by the user)
2.2.9. For other purposes related to the Company statutory activity and compliance with the RF legislation.
2.2.10. The above list may be reduced or expanded depending on the specific case, the scope of information that the PD subject provides to the Operator at their own initiative and the processing purposes.
2.3. The Operator shall not process special PD categories concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual life, except for information on health status related to the PD subject’s ability to perform their labour functions in compliance with the legislation on state social support, labour and pension legislation of the Russian Federation.
2.4. Biometric PD are processed in accordance with Article 11 of the Federal Law “On Personal Data”.
2.5. Cross-border transfer of personal data into the territories of foreign states which do not provide adequate protection of the data subjects’ rights (or in case of impossibility of assessment of the protection adequacy) may be carried out by the Operator only for the purpose of the performance of a contract to which the personal data subject is a party, or where the personal data subject has given his/her consent to the cross-border transfer of his/her personal data.
3. RIGHTS AND OBLIGATIONS
3. 3.1. A PD Subject shall have the right:
3.1.1. to receive information regarding processing of their PD, including information containing:
- confirmation of the processing of personal data by the Operator;
- the legal grounds for and purposes of the processing of the personal data;
- the purposes and methods used by the Operator for the processing of personal data;
- the name and location of the Operator and information on persons (other than employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of a federal law;
- processed personal data relating to the personal data subject in question and the source from which they were obtained, unless a different procedure for the presentation of such data is prescribed by a federal law;
- the period of the processing of the personal data, including the period for which they are kept;
- the procedure for the exercise by the personal data subject of the rights provided for in this Federal Law;
- information on any actual or planned cross-border transfer of personal data;
- name or surname, first name and patronymic and the address of the person carrying out the processing of personal data on the instruction of the operator, if the processing has been or is intended to be assigned to such a person;
- other information provided for in this Federal Law or other federal laws;
- to protect their rights and lawful interests through judicial procedures.
3.1.2. To demand from the Operator rectification of their PD, their blocking or destruction in the case if such PD are incomplete, obsolete, inaccurate, unlawfully obtained or are not necessary for the declared purpose of the processing, and also take statutory measures for protection of their rights.
3.1.3. to protect their rights and lawful interests, in particular for compensation of damages and (or) compensation of moral harm through judicial procedures.
3.2. The Operator shall have the right:
- To provide subjects’ PD to third parties, if this is stipulated by the legislation in force (tax, law enforcement bodies, etc.);
- To deny provision of PD in cases stipulated by the legislation;
- To use PD of a subject without their consent in cases stipulated by the legislation;
- To make changes to the Policy. The amended Policy shall enter into force at the time of its publication ;
- protect their rights and lawful interests through judicial procedures.
3.3. The Operator shall have:
- to provide to the personal data subject, upon his request, the information which is provided for in part 7 of Article 14 of the Federal Law “On Personal Data” within 10 business days;
- to keep PD confidential – not disclose PD to third parties and not disseminate PD without the PD subject’s consent, unless stipulated otherwise by the Federal Law;
- when collecting PD, in particular, using the internet information communication network, to ensure recording, arrangement, accumulation, storage, rectification (update, change), extraction of PD of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases stipulated by clauses 2, 3, 4, 8 Part 1 Article 6 of the Federal Law “On Personal Data”;
- to respond to requests of Roscomnadzor (the Federal Service for Supervision of Communications, Information Technology and Mass Media) within 10 business days.
4. PROCEDURE AND CONDITIONS OF PD PROCESSING
1. 2. 3. 4. 4.1. PD shall be processed by the Operator in compliance with the legislation of the Russian Federation.
4.2. Actions with PD include: collection, recording, arrangement, accumulation, storage, rectification (update, change), extraction, use, transfer (provision, access), depersonalisation, blocking, deletion, destruction of PD.
4.3. Personal data processing by the operator shall be restricted by achieving specific pre-determined and legal purposes. It is not allowed to process personal data for the purpose incompatible with that one of personal data collection. The scope and content of the processed PD have to be in line with the declared purposes of the processing.
4.4. The Operator shall process PD for each of the purposes of their processing using the following methods:
- non-automated PD processing;
- automated PD processing with transfer of obtained information via information telecommunication networks, or without such transfer;
- mixed PD processing.
4.5. PD shall be processed with the consent of PD subjects for processing of their PD (in particular, in the form of the PD subject performing implicative actions), or without it in cases stipulated by the legislation of the Russian Federation.
4.6. A consent may be expressed, for example, in the following forms:
- By signing a consent for PD processing in compliance with the Operator’s form, in particular, using a basic electronic signature;
- In the process of communication with the Operator’s representatives over the phone or face-to-face;
- By way of making notes, ticking checkboxes, filling in relevant fields in forms, questionnaires, among other things, on the Operator Website;
- Transfer using the relevant link in an email;
- Maintaining electronic correspondence devoted to PD processing by the Operator;
- At the time of registration on the Operator Website or by pressing an interface on the Website in any other parts, in the presence of an indication that data shall be sent in accordance with the terms and conditions of the said Policy;
- By accepting the terms and conditions of the offer agreement, the license agreement, the rules of using the Operator’s information resources;
- By continuing to use applications, services, information resources, websites of the Operator, interaction with their user interfaces, after notifying the use of data processing;
- By granting the relevant permits to a mobile application at the time of its installation or use;
- By passage to the territory after familiarization with warning signs and notices;
- By participation in the Operator’s marketing activities, subscription for information, advertising and news materials (special promotions, competitions, special projects, advertising).
- other actions performed by the subject that can be indicative of their will.
4.7. Transfer (distribution, provision, access) of PD to third parties, including the Company counterparties, transportation organisers and other legal entities shall be conducted with the consent of the PD Subject, unless stipulated otherwise by federal laws.
4.8. Any transfer (distribution, provision, access)of PD allowed by the PD subject for distribution has to be terminated at any time upon the PD subject’s request.
4.9. Transfer of PD to preliminary inquiry and investigation bodies, to the Federal Tax Service, the Pension Fund, the Social Insurance Fund and other authorized executive bodies and organization shall be carried out in compliance with the requirements of the legislation of the Russian Federation.
4.10. Personal Data processing and storage shall not last longer than is required by the purposes of the Personal Data processing, as long as there are no legal grounds for further processing, for example, the relevant storage period set forth by the Federal Law or by an agreement with the Personal Data subject.
4.11. Processed PD are to be destroyed or depersonalized upon occurrence of the following events:
- Achievement of the purposes of Personal Data processing or no further need to achieve such purposes;
- Withdrawal of the Personal Data Subject’s consent for processing of their Personal Data (except for cases stipulated by the legislation in force of the Russian Federation);
- Receipt from the Personal Data Subject of a requirement for deletion of their Personal Data (except for cases stipulated by the legislation in force of the Russian Federation);
- termination of the Company activity.
4.12. PD should be stored in a form that makes it possible to identify the PD subject no longer than it is required by the purposes of the PD processing, unless the period of PD storage is established by the Federal Law or an agreement, of which the PD subject is a party, a beneficiary or a guarantor.
4.13. It is not allowed to merge databases containing PD processed for purposes that are incompatible;
4.14. When processed without any means of automation, such PD have to be separated from other information, in particular, by way of recording them on standalone tangible PD carriers (hereinafter “tangible carriers”), in special sections or in the margins of forms (templates). When recording PD on tangible carriers, it is not allowed to record on one tangible carrier any PD, the purposes of processing which are definitely incompatible. For processing of various PD categories carried out without any means of automation, a separate tangible carrier has to be used for each PD category.
4.15. The Operator is allowed to assign PD processing to another person on the grounds of an agreement made with such person, such as a state or municipal contract.
4.16. A person carrying out the processing of personal data on the instruction of an operator shall be obliged to comply with the principles and rules for the processing of personal data which are stipulated by the Federal Law “Ob Personal Data”.
4.17. When processing PD, the Operator shall take or ensure taking the relevant legal, organizational and technical measures to protect PD against illegal or occasional access thereto, destruction, change, blocking, copying, provision, distribution of PD, and also against any other unlawful actions regarding PD, in particular:
- identify threats to the security of personal data while they are being processed;
- adopt internal regulations and other documents regulating relationships in the area of PD processing and protection;
- appoint persons responsible for ensuring PD security in the Operator’s business units and information systems;
- provide for the necessary conditions for working with PD;
- provide for keeping record of documents containing PD;
- organise work with information systems where PD are processed;
- store PD under conditions ensuring their security and preventing unlawful access thereto;
- organise training of the Operator employees conducting PD processing.
4.18. When processing PD received not directly from the subject, but from other persons on the grounds of an agreement or an assignment for their processing, the obligation to obtain the subject’s consent may be imposed on the person who provided the PD.
4.19. In case of a refusal of a subject to provide their PD in the necessary and sufficient scope, the Operator will not be able to perform the relevant actions to achieve the purposes of the processing. For example, in such case the user registration in the software product may not be completed, the services under the agreement may not be provided, the work may not be performed, the goods may not be supplied, the applicant’s CV for the vacancy may not be considered, etc.
4.20. The Operator shall not verify the PD provided by the subject nor the subject’s legal capacity. In such case, the Operator shall proceed from the following assumptions:
- The PDS has provided information that is reliable in its entirety;
- The PDS has civil capacity and is entitled to grant the relevant consent. If for any reason the PDS has no such right, the consent for PD processing shall be granted by the PD subject’s legal representative.
4.21. In case of identification of any facts of provision of inaccurate information or lack of legal capacity by the PD subject who granted a consent for PD processing, the Operator shall take all relevant measures to rectify the violation detected. All risks of provision of inaccurate or insufficient information shall be borne by the PD subject.
5. PROCESSING OF ELECTRONIC USER DATA, INCLUDING cookies
5.1. The Operator, for the purpose of PD processing established by the Policy may collect electronic user data on its websites automatically, without any need for the user participation or performance of any actions for sending data.
5.2. The accuracy of electronic data collected by the Operator in this way shall not be checked, information shall be processed “as is”, as originally received from the client device.
5.3. Visitors and users of the Operator’s Website may be shown popup notices of collection and processing of cookies data, with a reference to the Policy and buttons of acceptance of the processing conditions or closing the popup notice.
5.4. The user acceptance of the cookies processing conditions or closing of the popup notice under the Policy is regarded as a consent for processing cookies on the Operator’s websites.
5.5. When visiting and using websites, information resources and web applications of the Operator, information may be stored in the browser on the user’s device (for example, cookies data) that makes it possible to subsequently identify the user or the device, remember the work session or save several settings and preferences of the user specific for these particular websites. Such information, after being saved in the browser and until the expiration of the established time of validity or deletion from the device will be sent at each subsequent request to the website, on behalf of which it was saved, together with such request for processing on the Operator side.
5.6. The Operator needs processing of cookies data for correct operation of websites, in particular, their functions for access to registered users of software products, services, works and resources of the Operator; personalization of users; enhancement of efficiency and convenience of working with websites, and also for other purposes stipulated by the Policy.
5.7. Besides processing of cookies data established by the Operator websites, there may be set for users and visitors some cookies related to third-party websites, for example, in cases when the Operator’s websites use third-party components and software. The processing of such cookies is regulated by policies of the relevant websites to which they refer and may be used without notification of users of the Operator’s websites.
5.8. A user may decline all cookie files (when changing browser settings, and also when changing the settings of Services, in case of technical ability). In case of a decline to use cookie files, the User agrees that certain parts (functions) of the Services may be unavailable to them.
6. UPDATE, CORRECTION, DELETION AND DESTRUCTION OF PD, RESPONSES TO SUBJECTS’ REQUESTS FOR ACCESS TO PERSONAL DATA
6.1. A PD subject has the right to receive information stated in Part 7 Article 14 of the Federal Law “On Personal Data”, except for cases stipulated by Part 8 Article 14 of the Federal Law “On Personal Data”.
6.2. A confirmation of the fact of PD processing by the Operator, the legal grounds and purposes of PD processing, as well as other information stated in Part 7 Article 14 of the Federal Law “On Personal Data” shall be granted by the Operator to the PD subject or their representative within 10 business days after the application or the receipt of the request of the PD subject or their representative. Such period may be extended, but not more than by five business days. For this, the Operator shall have to send the PD subject a motivated notice, indication the reasons for extension of the period for provision of the requested information.
6.3. The information provided shall not include PD related to other PD subjects, except for cases, when there are lawful grounds for disclosure of such PD.
6.3.1. A request shall contain:
- the number of the principal identification document of the personal data subject or of his legal representative, information as to the date of issue of that document and the body which issued it;
- information evidencing the personal data subject’s relationship with the Operator (number of contract, date of conclusion of contract, reference designation and (or) other information) or information which otherwise confirms the processing of the personal data by the Operator;
- the signature of the personal data subject or of his representative.
- A request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
6.3.2. The Operator shall provide the information stated in Part 7 Article 14 of the Federal Law “On Personal Data” to the PD subject or their representative in the form in which the relevant application or request is submitted, unless stipulated otherwise in the application or request.
6.3.3. Unless the application (request) of a PD subject contains all relevant information in accordance with the requirements with the Law on PD, or unless the subject has the right of access to the information requested, they shall be sent a motivated refusal.
6.3.4. The right of a PD subject for access to their personal data may be restricted in compliance with Part 8 Article 14 of the Federal Law “On Personal Data”, in particular, if access of the PD subject to their personal data violates any rights and lawful interests of third parties.
6.4. In case of identification of any inaccurate PD on the basis of an application of the personal data subject or of their legal representative, or on the basis of their request, or upon request of Roscomnadzor, the Operator shall block the PD related to such PD subject, since the time of such application or request for the duration of the check period, provided that blocking of PD does not violates any rights and lawful interests of the PD subject or third parties.
In case of confirmation of PD inaccuracy, the Operator, on the grounds of information provided by the PD subject or their representative or by Roscomnadzor, or on the grounds of any other relevant document, shall rectify the PD within 7 (seven) business days after provision of such information and shall release the PD blocking.
6.5. In case of identification of unlawful PD processing on the basis of an application (request) of the personal data subject or of their legal representative, or upon request of Roscomnadzor, the Operator shall block the unlawfully processed PD related to such PD subject, since the time of such application or request.
6.6. Upon identification by the Operator, Roscomnadzor or any other interested party any facts of unlawful or occasional transfer (provision, distribution) of PD (access to PD) entailing a violation of the PD subject rights, the Operator shall:
- within 24 hours – notify Roscomnadzor of the incident, hypothetic causes that resulted in a violation of PD subject rights, potential harm to PD subject rights and measures taken to eliminate the consequences of the incident. It also shall provide information on the person authorized by the Operator for interaction with Roscomnadzor on matters related to the incident;
- within 72 hours – notify Roscomnadzor of the results of internal investigation of the identified incident and provide information on the persons whose actions became the cause of the incident (if any).
6.7. Procedure of PD destruction by the Operator.
6.7.1. Conditions and timeline of PD destruction by the Operator:
- Achievement of the purpose of PD processing or no further need for achieving this purpose – within 30 days;
- Achievement of the maximum period of storage of documents containing PD - within 30 days;
- Provision by the PD subject (their representative) of any confirmation that PD were received unlawfully or are not necessary for the declared purpose of processing – within seven business days;
- Withdrawal by the PD subject of their consent for processing of their PD, as long as their storage for the purpose of their processing is no longer required – within 30 days.
6.7.2. Upon achievement of the purpose of PD processing, and also in case of Withdrawal by the PD subject of their consent for processing of their PD, the PF are to be destroyed, unless:
- stipulated otherwise by an agreement of which the PD subject is a party, a beneficiary or a guarantor;
- the Operator is entitled to conduct processing without the consent of the PD subject on the grounds stipulated by the Law on PD or other federal laws;
- stipulated otherwise by another agreement between the Operator and the PD subject.
7. OTHER CONDITIONS
7.1. The Policy is a publicly available document of the Company and allows any persons to familiarize themselves with its current version by way of posting it on the internet at: https://wmingredients.com.
7.2. The Operator is entitled to amend and supplement the present Policy without the consent or any special notification of any persons.
7.3. The new Policy shall enter into force since the time of its posting on the Website and shall be valid for an unlimited period, until replaced with a new version.
7.4. All relations regarding PD processing not covered by the present Policy shall be regulated by the provisions of the RF legislation.
7.5. All questions under the present Policy should be communicated by email or to the mailing address: 140053, Moscow Region, the town of Kotelniki, Dzerzhinskoe shosse, 5, info@wmingredients.com
Get the best offer
Send your details to get the best offer
By clicking on the button, you agree to the terms of personal data
CONTACTS
109004, Moscow, Zemlyanoy Val street, house 54, building 1