Reasons LLC (hereinafter referred to as the “Operator,” “Company”) developed this Privacy Policy (hereinafter referred to as the “Policy”) to describe our approaches to the processing of personal data that we collect and process in the course of your use of our website https://reasons-law.ru/ (hereinafter referred to as the “Website”). This policy defines what personal data the company may receive through the website and how it uses the data of visitors.
Reasons LLC is the operator of personal data and is guided by the requirements of laws and other regulatory legal acts of the Russian Federation in the field of information and personal data protection (in particular, Federal Law #152-FZ of July 27, 2006 “On Personal Data,” Decree of the Government of the Russian Federation of November 1, 2012 #1119 “On Approval of requirements for the protection of personal data during their processing in personal data information systems,” etc.).
Terms used
Personal data operator – a legal entity that organizes and (or) performs the processing of personal data and determines the purposes of processing personal data, the composition of personal data to be processed, and actions (operations) performed with personal data independently or jointly with other entities.
User – an individual who views the content of the website or uses the website.
Personal data – any information related directly or indirectly to a specific or identifiable individual (the subject of personal data).
Personal data processing – any action (operation) or a set of actions (operations) performed in relation to personal data with or without the use of automation tools, including the collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Non-automated processing of personal data — any actions with personal data, provided that the use, clarification, dissemination and destruction of personal data are carried out with the direct participation of a person.
Automated processing of personal data — processing of personal data using computer technology.
Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
Blocking of personal data – temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).
Personal data information system is a set of personal data in databases and information technologies and technical means that ensure their processing.
Categories of personal data processed by the operator
The company may process the following types of data:
personal data and other information contained in the messages you send to us;
technical data that is automatically transmitted by the device with which you use our websites, including the technical characteristics of the device, the IP address, information stored in cookies that were sent to your device, information about the browser, the date and time of access to the site, the addresses of the requested pages and other similar information;
personal data that we need to receive and process to provide services.
Purposes of personal data processing
The operator processes personal data exclusively for the purposes for which you provided it, namely:
- provision of services to the company’s clients within the framework of contracts concluded with them;
- execution of employment contracts;
- making decisions on the possibility of filling vacant positions with applicants;
- informing website users about the operator’s activities;
- consideration of applications, proposals, complaints, claims, and other documents received from applicants, preparation of responses to them;
- performing actions by the operator at the request of personal data subjects and their representatives;
- ensuring the possibility of passage to the operator’s premises of persons who do not have permanent passes, monitoring their departure from the protected premises;
- execution of civil law contracts;
- improvements and improvements to the website and services;
- control of the quantity and quality of the work performed;
- providing a resume.
Rights and obligations of the operator and personal data subjects
The operator has the right to:
- defend its interests in the judicial and other authorized bodies;
- submit personal data of subjects to third parties, if this is provided for by the current legislation;
- refuse to submit personal data in cases provided for by law;
- use the personal data of the subject without his consent in cases provided for by law;
- exercise other rights provided for by the current legislation.
The operator is obliged to:
- give each subject of personal data an opportunity to get acquainted with the documents and materials containing his/her personal data, unless otherwise provided by law;
- make the necessary changes, destroy or block personal data if the subject provides incomplete, outdated, unreliable, or illegally obtained personal data, as well as notify the subject of personal data about the actions;
- comply with other requirements of the legislation of the Russian Federation.
The subject of personal data has the right to:
- request clarification of his/her personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable or illegally obtained, or is not necessary for the stated purpose of processing, as well as take legal measures to protect his/her rights;
- require the provision of a list of his/her personal data processed by the operator and the source of their receipt;
- receive information about the terms of processing of his/her personal data, including the terms of their storage;
- require notification of all persons who have previously been informed of incorrect or incomplete personal data of the subject, about all exceptions, corrections, or additions made in them;
- appeal to the authorized body to protect the rights of personal data subjects or in court against illegal actions or omissions in the processing of their personal data.
Personal data processing procedure
The company processes personal data both with and without the use of automation tools. The processing of personal data is carried out by the following actions: collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, destruction. Data is stored on the territory of the Russian Federation, so the company fulfills the requirement to localize personal data.
When processing personal data, it may be transferred to third parties, including cross-border transfer. When collecting personal data, including via Internet, the operator ensures the recording, systematization, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.
The processing of personal data is limited to the achievement of specific, predetermined, and legitimate goals. The processing of personal data that is incompatible to collect personal data is not allowed.
The operator terminates the processing of personal data when the purpose of processing is achieved or in the following cases:
- Revocation of consent to the processing of personal data;
- Termination of a civil contract;
- Termination of the employment contract;
- Termination of the operator’s activity.
Terms of personal data processing:
We process your personal data for no longer than is necessary to achieve the purposes of their processing specified in the policy.
After achieving the purposes of personal data processing, the company will destroy the personal data within 30 days. We will also stop processing your personal data (and ensure that it is destroyed by third parties involved in the processing) if you withdraw your consent to data processing (in cases where consent is the only legal basis for processing your personal data).
In some cases, the operator may continue processing your data after revoking your consent, when this is required to fulfill our obligations arising under applicable law, or when the processing is necessary to exercise the rights and legitimate interests of Reasons LLC and/or third parties.
If you wish to withdraw your consent to the processing of personal data, please inform us by e-mail info@reasons-law.ru.
Ensuring the security of personal data
The operator takes the necessary organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, destruction, modification, blocking of access, and other unauthorized actions.
The operator takes the following measures to ensure the security of personal data:
- a person responsible for organizing the processing of personal data has been appointed;
- the documents defining the operator’s policy regarding the processing of personal data and establishing procedures aimed at preventing and detecting violations of the law have been approved;
- elimination of the consequences of breaches of the legislation of the Russian Federation is carried out in accordance with the current legislation of the Russian Federation, following the regulations on the processing and protection of personal data, as well as under the instructions to the administrator of personal data security;
- the effectiveness of the measures taken to ensure the security of personal data was evaluated;
- the rules for access to personal data are approved in the relevant regulations and are technically implemented with the help of information security tools;
- employees who are allowed to process personal data are instructed on information security, sign an agreement on non-disclosure of personal data, get acquainted with the documents on the protection of personal data under the signature.
Final provisions
This policy is subject to change, addition in the event of new legislative acts and special regulations on the processing and protection of personal data, and the operator’s decision.
Control over the implementation of the requirements of this policy is carried out by the person responsible for organizing the processing of personal data.