Personal data processing policy
Policy for the processing of personal data in the Non-Profit Organization Foundation for the Development of the Center for the Development and Commercialization of New Technologies
Article 1. General provisions
- The policy for the processing of personal data in the Non-Profit Organization Fund for the Development of the Center for the Development and Commercialization of New Technologies (hereinafter referred to as the Policy, the Fund) was developed in accordance with the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter - FZ - 152).
- This Policy defines the procedure for processing personal data and measures to ensure the security of personal data in the Fund in order to protect the rights and freedoms of a person and citizen when processing his personal data, including protecting the rights to privacy, personal and family secrets. < / li>
- The Policy is the basis for the development of local regulations governing the processing of personal data in the Fund.
- The Policy applies to all structural divisions of the Fund.
- This Policy does not apply to information received by the Fund in the course of interaction with legal entities, in particular, information received from legal entities in any form about the addresses of the legal entity, contact numbers, e-mail addresses, surnames, names and patronymics of the sole executive bodies and (or) other persons acting on behalf of legal entities without a power of attorney, as well as any information that is publicly available in accordance with the legislation of the Russian Federation.
- The Policy uses the following basic concepts:
- automated processing of personal data - processing of personal data using computer technology;
- biometric personal data - physiological data (fingerprint data, the iris of the eyes and other data), as well as other physiological or biological characteristics of a person, including an image of a person (photograph and video recording), which make it possible to establish his identity and are used by the operator for identifying the subject;
- PD blocking - temporary termination of PD processing (except in cases where processing is necessary to clarify PD);
- DYL - legal entities, the only participant (founder) of which is the Fund;
- information system of personal data (ISPDN) - a set of personal data contained in databases, and ensuring their processing of information technologies and technical means;
- anonymization of personal data - actions as a result of which it is impossible to determine, without the use of additional information, whether a personal data belongs to a specific subject of personal data;
- PD processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of PD, as well as determining the purposes of PD processing, the composition of PD to be processed, actions (operations) performed with personal data;
- personal data (PD) - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
- provision of personal data - actions aimed at disclosing personal data to a certain person or a certain circle of persons;
- distribution of personal data - actions aimed at disclosing personal data to an indefinite circle of persons (transfer of personal data) or to familiarize with the personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
- ACS - access control and management system - a set of hardware and software monitoring and control devices aimed at restricting and registering the entry-exit of objects (people, vehicles) on the territory of the Foundation;
- cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or foreign legal entity;
- destruction of PD - actions as a result of which it is impossible to restore the content of PD in PDIS and (or) as a result of which the material carriers of PD are destroyed.
- GDPR - General Data Protection Regulation, General Regulation