skip to Main Content

1. GENERAL PROVISIONS

1.1. This document sets forth a personal data processing procedure and lays down a system of key principles applicable to personal data processing at IXCELLERATE LLC (hereinafter referred to as the “Company”).
1.2. This Policy applies to all transactions involving at the Company with personal data using automation tools or without use thereof.
1.3. This Policy shall be notified to and be binding on all persons authorized to process personal data at the Company and the persons involved in managing personal data processing and security processes at the Company.
1.4. Full access hereto shall be provided through the publication hereof on the Company’s website or by any other means.
1.5. This Policy has been developed in accordance with Council of Europe Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data and the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
1.6. This Policy shall be updated upon:

  • a change in the RF legislation on personal data (PD);
  • identification of non-compliances affecting the PD processing and (or) security by a PD processing and (or) security compliance review;
  • a decision of the Company’s management.

2. INTRODUCTION

2.1. Pursuant to subclause 2, article 3 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, the Company is a controller, i.e. a legal entity that in-house organizes and (or) performs the processing of personal data, as well as determining the purposes of personal data processing, the scope of the personal data to be processed and the actions (operations) involving personal data.
2.2. An important aspect of the Company’s business operations is ensuring the rights and freedoms of an individual and a national, the data subject, in the context of processing of his personal data.
2.3. The Company has developed and put in place bylaws and documents that set out personal data processing and security arrangements to ensure compliance with the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation.

3. PRINCIPLES AND ARRANGEMENTS FOR IN-HOUSE PERSONAL DATA PROCESSING

3.1. The Company processes the personal data legally and fairly.
3.2. The time frame of personal data processing is determined with due regard to:

  • the established purposes of personal data processing;
  • the lives of the contracts with the data subjects and the consents of the data subjects to the processing of their personal data;
  • the time limits set by the Federal Archival Agency of Russia Order of 20.12.2019, No. 236, “On approving a List of standard administrative archival documents generated in the course of the activities of central and local governments and organizations, with storage periods specified”, as well as other RF laws and regulations;
  • the documentation storage periods prescribed by the Company’s bylaws;
  • liquidation and reorganization of the Company.

3.3. When personal data are processed, it is made sure that they are accurate, sufficient and, where necessary, also relevant to the purposes of personal data processing.
3.4. The Company discloses employee personal data through the Company’s website to the public at large pursuant to the consents of PD subjects to the dissemination of their personal data. In doing so, the Company complies with the requirements for the processing of disclosable personal data that are imposed in art. 10.1 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
3.5. The Company does not set up public domain sources of the PD of PD subjects.
3.6. The Company performs the processing of special categories of employee personal data (medical records) pursuant to legislation, by virtue whereof the written consent of the PD subject is not required.
3.7. The Company does not perform the processing of criminal records.
3.8. The Company does not perform the processing of biometric data.
3.9. The Company performs cross-border transfer of personal data. In this context, the Company complies with the requirements for the cross-border transfer of personal data that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
3.10. The Company performs the processing of personal data with a view of promoting the Company’s goods, works and services in the market by engaging in direct contacts with the data subject using communication technology. In so doing, the Company complies with the requirements for personal data processing with a view of promoting goods, works and services that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
3.11. The Company does not engage in the processing of personal data for purposes of propaganda.
3.12. The Company does not make decisions that may have legal implications for the data subject or otherwise affect his rights and legitimate interests based solely on automated processing of personal data.
3.13. The Company outsources the processing of personal data. In this context, the Company complies with the requirements for the outsourcing of personal data processing that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
3.14. The Company performs the processing of personal data with and without automation tools. In this context, the Company complies with the requirements for automated and non-automated personal data processing that are imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation.

4. THE RIGHTS OF THE SUBJECTS OF PERSONAL DATA PROCESSED BY THE COMPANY

4.1. The data subject is entitled to receive information pertaining to the processing of his personal data. To obtain said information, the data subject can send a written enquiry to the following address: No. 33G Altufyevskoye shosse, 127410 Moscow, attention: HR Director, following the procedure laid down in art. 14 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.
4.2. The data subject shall be entitled to demand that the Company update, block or destroy his personal data where the personal data are incomplete, outdated, inaccurate, illegally obtained or not required for the stated purpose of processing. To obtain compliance with said demands, the data subject can send a written enquiry to the following address: No. 33G Altufyevskoye shosse, 127410 Moscow, attention: HR Director, following the procedure laid down in art. 21 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”.

5. PERFORMANCE OF CONTROLLER’S DUTIES BY THE COMPANY

5.1. The Company obtains personal data from data subjects, from third parties (persons other than data subjects) and from public domain sources of personal data (including through the Internet). In this context, the Company performs the duties imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, during personal data collection.
5.2. The Company discontinues the processing of personal data in the following situations:

  • upon achieving the purposes of processing thereof, or where the achievement thereof is no longer required;
  • upon request from the data subject if the personal data being processed by the Company are incomplete, outdated, inaccurate, illegally obtained or are not required for the stated purpose of processing;
  • in the event that irregularities are discovered in personal data processing if it is impossible to make the processing of personal data legal;
  • in the event that the data subject withdraws consent to the processing of his personal data (where personal data are processed by the Company pursuant to the data subject’s consent);
  • the reasons for the personal data processing no longer apply unless otherwise provided for by the federal law;
  • in the event of liquidation of the Company;
  • in the event of reorganization (as necessary).

5.3. To enable the performance of the duties imposed by the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, the Company has put in place the following measures:

  • there has been appointed a personal data processing manager;
  • there have been published bylaws on personal data processing and security, as well as bylaws establishing procedures to prevent and detect breaches of the RF legislation and to initiate remedial action:
    • Personal Data Processing Policy;
    • Personal Data Security Management Policy;
    • other bylaws on personal data processing and security.
  • legal, organizational and technical measures have been implemented to ensure the security of personal data;
  • internal monitoring is conducted for compliance of personal data processing with the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, with this Policy and with the Company’s bylaws;
  • an assessment has been made of the harm that can be caused to data subjects in the event of non-compliance with the requirements of the federal legislation on personal data, a comparison has been made between said harm and the measures being adopted by the Company in furtherance of the duties stemming from the requirements of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation;
  • the Company’s personal data operators have been briefed on the provisions of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and its subordinate legislation, this Policy and the Company’s bylaws on personal data processing.

5.4. The Company implements the following requirements for personal data security:

  • it has identified threats to the security of the personal data processed in personal data systems;
  • it has put in place such organizational and technical measures as may be necessary to ensure the security of personal data while processed in personal data systems and to meet the personal data protection requirements compliance with which ensures the personal data security levels set by the Government of the Russian Federation;
  • it uses information security tools certified for compliance with the requirements of the RF information security legislation where the use of such tools is needed for the neutralization of current threats, it has made an assessment of the effectiveness of the personal data security measures put in place prior to the commissioning of the personal data system;
  • it keeps records of machine-readable personal data storage media;
  • it identifies personal data breaches and takes remedial action;
  • it recovers personal data if modified or destroyed as a result of unauthorized access thereto;
  • it has established rules for access to personal data processed in a personal data system, as well as ensuring the recording and management of all operations involving personal data in the personal data system;
  • it follows up on the measures being taken to ensure the security of personal data and the security level of personal data systems;
  • it has complied with the requirements laid down by the RF Government Decree of 15 September 2008, No. 687, “On enacting the Regulation on specific procedures for non-automated processing of personal data”;
  • the Company is willing and ready to set up an interface with the national system for identifying, preventing and remedying the consequences of computer attacks on the information resources of the Russian Federation, including reporting computer incidents resulting in wrongful access to and submission, dissemination and transfer of personal data.

6. LIST, PURPOSES AND TIME FRAMES OF PERSONAL DATA PROCESSING

6.1. The Company performs the processing of the following details that constitute PD of various categories of PD subjects:

  • PD of job applicants to the Company (candidates):
    ▪ Name
    ▪ Date of birth
    ▪ Residence address
    ▪ Educational background (name of school, number of diploma, degree type and field of study)
    ▪ Professional experience (place of employment, job title, employment period)
    ▪ Contact information (email address, contact telephone number)
  • PD of the Company’s staff:
    ▪ Name
    ▪ Sex
    ▪ Date of birth
    ▪ Place of birth
    ▪ Citizenship
    ▪ Details of passport or other ID (serial number and details such as the date of issue and issuer)
    ▪ Reference details of certificates of education, qualifications or specialist knowledge (name of school, year of graduation, qualifications and field of study)
    ▪ Details of employment record book (profession and speciality, employment details: place of employment, job title, awards if any)
    ▪ Number of certificate of compulsory pension insurance (SNILS [personal pension account number])
    ▪ INN [Taxpayer Identification Number]
    ▪ Marital status
    ▪ Domicile address
    ▪ Residence address
    ▪ Contact information (contact telephone number, email address)
    ▪ Employee ID
    ▪ Details of transfers
    ▪ Details of certification
    ▪ Details of refresher and advanced training
    ▪ Details of occupational retraining
    ▪ Details of awards and honorary titles
    ▪ Details of leaves and social benefits
    ▪ Details in the employment contract and in the supplementary agreements thereto (job title, business unit, rate of remuneration (salary and extra pay), work schedule and conditions, other particulars, information about employment contract termination)
    ▪ Military service records (military rank, field of military specialization, military service fitness category, entry of registration/deregistration with military authorities)
    ▪ Other details in the personnel file (details of applications and written submissions, details of commendation decisions and disciplinary action decisions, reference details of orders and other documents)
    ▪ Details of birth certificates of children
    ▪ Details of international passport (serial number, details such as the date of issue and issuer)
    ▪ Information about medical insurance/life insurance
    ▪ Details of medical records (as part of medical findings/sick notes)
    ▪ Bank details
    ▪ Details of power of attorney
    ▪ Employment address
    ▪ Signature
  • PD of the Company’s dismissed employees:
    ▪ Name
    ▪ Sex
    ▪ Date of birth
    ▪ Place of birth
    ▪ Citizenship
    ▪ Details of passport or other ID (serial number and details such as the date of issue and issuer)
    ▪ Reference details of certificates of education, qualifications or specialist knowledge (name of school, year of graduation, qualifications and field of study)
    ▪ Details of employment record book (profession and speciality, employment details: place of employment, job title, awards if any)
    ▪ Number of certificate of compulsory pension insurance (SNILS)
    ▪ INN
    ▪ Marital status
    ▪ Domicile address
    ▪ Residence address
    ▪ Contact information (contact telephone number, email address)
    ▪ Details of transfers
    ▪ Details of certification
    ▪ Details of refresher and advanced training
    ▪ Details of occupational retraining
    ▪ Details of awards and honorary titles
    ▪ Details of leaves and social benefits
    ▪ Details in the employment contract and in the supplementary agreements thereto (job title, business unit, rate of remuneration (salary and extra pay), work schedule and conditions, other particulars, information about employment contract termination)
    ▪ Military service records (military rank, field of military specialization, military service fitness category, entry of registration/deregistration with military authorities)
    ▪ Other details in the personnel file (details of applications and written submissions, details of commendation decisions and disciplinary action decisions, reference details of orders and other documents)
    ▪ Details of birth certificates of children
    ▪ Details of international passport (serial number, details such as the date of issue and issuer)
    ▪ Information about medical insurance/life insurance
    ▪ Details of medical records (as part of medical findings/sick notes)
    ▪ Details of power of attorney
    ▪ Employment address
    ▪ Signature
  • PD of relatives of the Company’s employees:
    ▪ Name
    ▪ Date of birth
    ▪ Place of birth
    ▪ Citizenship
    ▪ Record details of birth certificate of children (series, number and date of issue)
  • PD of independent contractors:
    ▪ Name
    ▪ Passport details (serial number, details such as the date of issue and issuer)
    ▪ Contact information (contact telephone number, email address)
    ▪ Domicile address
    ▪ Residence address
    ▪ Educational background (name of school, number of diploma, degree type and field of study)
    ▪ INN
    ▪ SNILS
    ▪ Bank details
    ▪ Signature
  • PD of representatives of suppliers/affiliates:
    ▪ Name
    ▪ Passport details (serial number, details such as the date of issue and issuer)
    ▪ Contact information (contact telephone number, email address)
    ▪ Details of power of attorney (number and date of issue)
    ▪ Corporate name
    ▪ Job title
    ▪ Employment address
    ▪ Bank details
    ▪ Signature
  • PD of customer representatives:
    ▪ Name
    ▪ Passport details (serial number, details such as the date of issue and issuer)
    ▪ Contact information (email address, contact telephone number)
    ▪ Place of employment
    ▪ Corporate name
    ▪ Job title
    ▪ Details of power of attorney (number and date of issue)
    ▪ Plate number and mark of personal car
    ▪ Login name and password for the Company’s information systems
    ▪ Signature
  • PD of website visitors:
    ▪ Name
    ▪ IP address
    ▪ Contents of cookie files
    ▪ Location data
    ▪ URLs of requested pages, searches
    ▪ Description of device, specifications of hardware and software
  • PD of office visitors:
    ▪ Name
    ▪ Passport details (serial number)
    ▪ Contact information (email address, contact telephone number)
    ▪ Plate number and mark of motor vehicle (if available)
  • PD of representatives of competent authorities:
    ▪ Name
    ▪ Name of competent authority
    ▪ Job title
    ▪ Contact information (email address, contact telephone number)

6.2. The Company performs the processing of said PD for the purposes, within the time limits and on the legal grounds specified in the table below:

It. No. Category of data subjects Purpose of personal data processing Time frame of personal data processing / Terms of personal data processing termination Statutory authority for personal data processing
1. Job applicants to the Company (candidates) The Company’s review of a candidate and making a decision to reject or hire him Until a decision to reject or hire is made Publication by an applicant of his résumé/CV on the web to make it available to and accessible by the public at large
Contract with a recruitment agency
Implied consent of PD subject to the processing of PD
2. The Company’s employees

Achievement of the purposes provided for in the RF legislation, the exercise and performance of the functions, powers and duties assigned to the Company by the RF legislation.

Execution, performance, variation and termination of an employment contract to which the PD subject is a party, including facilitation in training and promotion, provision of human security to the staff, monitoring the quantity and quality of the work performed, safekeeping of property, assessment and payment of remuneration and other benefits, assessment and payment of taxes and insurance charges, provision of additional entitlements, benefits and allowances to employees

1 year, 3, 4, 5 or 50/75 years in accordance with the time limits set by Order 236 or Rules of the Federal Archival Agency of Russia (for PD on paper)

In accordance with the time limit specified in the PD subject’s consent

In accordance with the time limits set in the contract (for PD in contracts)

Liquidation of the Company

Federal Law No. 197-FZ, the RF Labour Code of 30.12.2001, Articles No. 65-69, 213 and 266

Employment contract

Federal Law of 15.12.2001, No. 167-FZ, “On compulsory pension insurance in the RF”, Article No. 13, clause 2

RF Tax Code, Article No. 23, clause 1, Article No. 80, clause 3

RF Government Decree No. 719, “On approving the Regulation on Registration for Military Service”, of 27.11.2006, section III

Written consent of PD subject

Decree of the RF Ministry for Labour and Social Development of 24 October 2002, No. 73.

3. The Company’s dismissed employees

Achievement of the purposes provided for in the RF legislation, the exercise and performance of the functions, powers and duties assigned to the Company by the RF legislation.

Implementation of the procedure for archiving HR and accounting records.

1 year from the employee’s termination; then the documents on paper shall be archived as statutorily required in the RF

RF Tax Code

Federal Law of 06.12.2011, No. 402-FZ, “On business accounting”, etc.

Federal Archival Agency Order No. 236

Federal Archival Agency Rules of 06.02.2002

4. Relatives of the Company’s employees Achievement of the purposes provided for in the RF law, the exercise and performance of the functions, powers and duties assigned to the Company by the RF legislation

5 years after termination of employment;

50/75 years (for PD in the employee’s personnel file)

In accordance with the time limit specified in the PD processing consent Liquidation of the Company

RF Labour Code

Employment contract with the employee whose relative is a PD subject

Federal Law of 06.12.2011, No. 402-FZ, “On business accounting”, etc.

5. Independent contractors Execution, performance, variation and termination of an employment contract to which the PD subject is a party; Achievement of the purposes provided for in the RF law, the exercise and performance of the duties assigned to the Company by the RF legislation Until the end of 5 years from the termination of the independent contractor contract with the individual

RF Civil Code

RF Tax Code

Federal Law of 06.12.2011, No. 402-FZ, “On business accounting”

Independent contractor contract

6. Representatives of suppliers/ affiliates Execution, performance, variation and termination of the contract to which the PD subject is a party or under which the PD subject is a beneficiary; holding and participation in commercial tender processes, conduct of business, financial and legal negotiations with a view to executing, performing, amending or terminating any contracts not prohibited by the laws in effect, whatever the outcome of such negotiations, and exercise of proper prudence in choosing a counterparty; achievement of the purposes provided for in the RF law, the exercise and performance of the functions, powers and duties assigned to the Company by the RF legislation

5 years after termination of contractual arrangements

In accordance with the time limits set in the contract

Liquidation of the Company

RF Civil Code

Ministry of Internal Affairs of Russia Order of 21 September 2017, No. 735, “On approving the Administrative Procedure of the Ministry of Internal Affairs of the Russian Federation to provide a public service to produce and issue invitations to foreign nationals and stateless persons to enter the Russian Federation”

Contract with counterparty

Federal Law of 15.12.2001, No. 167-FZ, “On compulsory pension insurance in the RF”, Article No. 13, clause 2

RF Tax Code, Article No. 23, clause 1, Article No. 80, clause 3

Decree of the RF Ministry of Labour and Social Development of 24 October 2002, No. 73

7. Customer representatives

Execution, performance, variation and termination of an employment contract to which the PD subject is a party;

Achievement of the purposes provided for in the RF law, the exercise and performance of the duties assigned to the Company by the RF legislation;

Provision of informational support and services through the Internet

Provision of promotional and advertising mailshots

Issue of a card to access the Company’s premises

Until the end of 5 years from the termination of the contract with the customer or until the withdrawal of the PD processing consent

RF Civil Code

Customer contract

Ministry of Internal Affairs of Russia Order of 21 September 2017, No. 735, “On approving the Administrative Procedure of the Ministry of Internal Affairs of the Russian Federation to provide a public service to produce and issue invitations to foreign nationals and stateless persons to enter the Russian Federation”

Consent of PD subject to the processing of PD

User agreement on the Company’s website

8. Visitors to the Company’s website Provision of informational support and services through the Internet Liquidation of the Company User agreement on the Company’s website
9. Visitors to the Company’s office Arrangements for the PD subject to access the premises of the Company’s office Until the achievement of the purpose or the withdrawal of the PD processing consent Consent of the PD subject to the processing of PD in writing
10. Representatives of the competent authorities Achievement of the purposes provided for in the RF law, the exercise and performance of the functions, powers and duties assigned to the Company by the RF legislation Liquidation of the Company

Tax Code of the Russian Federation

Federal Law “On Investigation and Apprehension Activities”

Federal Law “On the Police”

+7-495-8000-911
Back To Top