1.1. Personal data processing policy of «SENS IT» LLC developed in accordance with the requirements of paragraph 2 of part 1 of article 18.1 of the Federal Law of 27 July 2006. 152-FS «On personal data» and is intended to provide unlimited access to information regarding the processing of personal data, as well as to information about implementable requirements for the protection of personal data in «SENC IT» LLC.
1.2. This Policy describes the processing and protection of personal data of individuals in connection with the implementation of employment relations, conclusion of contracts and performance of contractual obligations of LLC «SENS IT», implementation of statutory activities of the organization.
1.3. Personal data is classified as confidential information and protected from unauthorized access, including accidental access.

2.1. Personal data – any information that relates directly or indirectly to a specific or identifiable individual (the subject of the personal data);
2.2. Operator – a state body, municipal authority, legal entity or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, composition of personal data, to be processed, actions (transactions) carried out with personal data;
2.3. Personal data processing – any action (operation) or set of actions (operations) carried out using automated means or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, updating (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
2.4. Automated processing of personal data – processing of personal data with the help of computer technology;
2.5. Dissemination of personal data – actions aimed at disclosure of personal data to an unknown number of persons;
2.6. Provision of personal data – actions aimed at disclosure of personal data to a specific person or group of persons;
2.7. Blocking of personal data – temporary cessation of processing of personal data (except in cases where processing is necessary for the clarification of personal data);
2.8. Destruction of personal data – actions, as a result of which it becomes impossible to recover the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
2.9. Anonymization of personal data – actions that make it impossible without the use of additional information to determine the belonging of personal data to a particular subject of personal data;
2.10. Personal data information system – the set of personal data contained in databases and supporting their processing of information technologies and technical means;
2.11. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, to a foreign individual or to a foreign legal entity.

3.1. Processing of personal data in LLC “SENS IT” is based on the following principles:

• Нthe validity of legal grounds for processing personal data;
• Limitation of personal data processing to the achievement of specific, predetermined and lawful purposes;
• Not combining databases containing personal data processed for incompatible purposes;
• Processing only those personal data that meet the purposes of their processing;
• Compliance of the content and volume (avoidance of redundancy) of processed personal data with the stated purposes of processing;
• Ensuring the accuracy of personal data, their sufficiency and, where necessary, relevance to the purposes for which they are processed;
• Storage of personal data is carried out in a form that allows the identification of the subject of personal data not longer than required for the purposes of processing personal data, if the retention period of personal data is not set by the legislation of the Russian Federation, the treaty to which the party, the beneficiary or guarantor for which the subject of personal data is.

3.2. Processing of personal data in LLC “SENS IT” can be carried out in the following cases:

• The subject’s consent to processing his or her personal data has been obtained;
• Processing of personal data is necessary for the implementation and performance of the functions, powers and responsibilities entrusted to the operator by the legislation of the Russian Federation;
• Processing of personal data is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings, judicial proceedings in arbitration courts;
• Processing of personal data is necessary for the execution of a court act in accordance with the law of the Russian Federation on enforcement proceedings;
• Processing of personal data is necessary for the performance of a contract, to which either the beneficiary or the guarantor is the subject of personal data, as well as for the conclusion of a contract at the initiative of the subject of personal data;
• Processing of personal data is necessary to protect the life, health or other vital interests of the subject of personal data, if it is not possible to obtain the consent of the subject of personal data;
• Processing of personal data is necessary for the exercise of rights and legitimate interests of the operator or third parties or to achieve purposes of public interest, provided that the rights and freedoms of the subject are not violated;
• Processing of personal data is carried out for statistical or other research purposes, provided that the personal data must be de-identified;
• Processing of personal data subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation.

3.1. Processing of personal data in LLC “SENS IT” is based on the following principles:

• Existence of legal grounds for processing personal data;
• Limitation of personal data processing to the achievement of specific, predetermined and lawful purposes;
• Not combining databases containing personal data processed for incompatible purposes;
• Processing only those personal data that meet the purposes of their processing;
• Compliance of the content and volume (avoidance of redundancy) of processed personal data with the stated purposes of processing;
• Ensuring the accuracy of personal data, their sufficiency and, where necessary, relevance to the purposes for which they are processed;
• Storage of personal data is carried out in a form that allows the identification of the subject of personal data not longer than required for the purposes of processing personal data, if the retention period of personal data is not set by the legislation of the Russian Federation, the treaty to which the party, the beneficiary or guarantor for which the subject of personal data is.

3.2. Processing of personal data in LLC “SENS IT” can be carried out in the following cases:

• The subject’s consent to processing his or her personal data has been obtained;
• The processing of personal data is necessary for carrying out and performing the functions, powers and responsibilities assigned to the operator by the legislation of the Russian Federation;
• The processing of personal data is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings and arbitration court proceedings;
• Processing of personal data is necessary for the execution of a court act in accordance with the law of the Russian Federation on enforcement proceedings;
• Processing of personal data is necessary for the execution of a contract to which either the beneficial owner or guarantor is party, and also for the conclusion of a contract at the initiative of the personal data subject;
• Processing of personal data is necessary to protect the life, health or other vital interests of the subject of the personal data if obtaining the consent of the subject of the personal data is not possible;
• Processing of personal data is necessary for the exercise of rights and legitimate interests of the operator or third parties or to achieve purposes of public interest, provided that the rights and freedoms of the subject are not violated;
• The processing of personal data is carried out for statistical or other research purposes, subject to mandatory de-identification of personal data;
• Personal data subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation is processed.

4.1. In order to ensure personnel accounting, including compliance with the labor legislation of the Russian Federation, assistance to workers in employment, education and promotion, ensuring personal safety of employees, control of quantity and quality of work performed and safeguarding property, payment of wages and other due to the employee in accordance with the legislation of the Russian Federation or a payment agreement, implementation of the tax and social contributions provided for by the legislation of the Russian Federation, personal data are processed in LLC “SENS IT”:

4.1.1. Workers, dismissed workers:

• Surname, first name, patronymic, sex;
• Date and place of birth;
• Citizenship information;
• Education information;
• Profession, qualification, position;
• Work information;
• Family status, family composition;
• Passport data;
• Address, phone number, email;
• Military information;
• Information about awards, rewards, honours;
• Social status information;
• Data of pension, health insurance, INH, SNCC;
• Income, contribution amounts;
• Leave information;
• Photography;
• Payroll account details;
• Health information.

Processing of information on the health status of employees is carried out in individual cases in accordance with the legislation of the Russian Federation on state social assistance, labour law, Pension legislation of the Russian Federation.The basis for processing personal data is the Labor Code of the Russian Federation; Federal Law of 01.04.1996 27-FZ “On individual (personalized) accounting in the systems of compulsory pension insurance and compulsory social insurance”; Federal Law of 28.03.1998 53-FZ “On military duty and military service”; Processing of information on the health status of employees is carried out in individual cases in accordance with the legislation of the Russian Federation on state social assistance, labour law, Pension legislation of the Russian Federation.The basis for processing personal data is the Labor Code of the Russian Federation; Federal Law of 01.04.1996 27-FZ “On individual (personalized) accounting in the systems of compulsory pension insurance and compulsory social insurance”; Federal Law of 28.03.1998 53-FZ “On military duty and military service”;

4.1.2. Close relatives of employees:

• Surname, first name, patronymic;
• Degree of kinship;
• Year of birth;
• Birth certificate data for children;

The basis for processing personal data is the Labor Code of the Russian Federation. The processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. The retention period of personal data is 50 years from the end of the employment relationship with the employee. The destruction of personal data shall be carried out within the time specified by law after the period of their storage or when there are other legal grounds.

4.2. For the purpose of selection of staff (applicants) for vacant positions operator, including implementation of selection to fill vacancies; management of personnel reserve; employment of successful selection to fill vacancies in JSC “SENS IT” personal data of candidates (applicants) for filling vacancies are processed:

• Surname, first name, patronymic, sex;
• Date and place of birth;
• Citizenship information;
• Education information;
• Profession, qualification, position;
• Work information;
• Family status, family composition;
• Passport data;
• Address, phone number;
• Military information;
• Social status information;
• Data of pension, health insurance, INH, SNCC;
• Photography

The basis for processing personal data is the Labor Code of the Russian Federation; Consent of the subject. The processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. The retention period of personal data of applicants included in the personnel reserve is 5 years (if included in the personnel reserve) from the moment of making the relevant decision.The destruction of personal data is carried out within the period established by law after the expiration of their storage period, upon withdrawal of consent of the subject or on the occurrence of other legal grounds.

4.3. In order to ensure compliance with the tax legislation of the Russian Federation, including carrying out calculations with personal data subjects; processing of primary accounting documents; showing due diligence in “SENS IT” The personal data of counterparties and their representatives are processed:

• Surname, first name, patronymic;
• Organization, position;
• Date, place of birth;
• Address;
• Passport data;
• INN, OGN (for IP);
• Contact details (phone, email).

The basis for processing of personal data is the Tax Code of the Russian Federation; Federal Law of 06.12.2011 402-FZ “On accounting”; Contract; Consent of the subject. Processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. The retention period of personal data is 5 years from the moment of processing the initial accounting document. The destruction of personal data shall be carried out within the time specified by law after the period of their storage or when there are other legal grounds.

4.4. In order to provide services in the recruitment market, provision of personnel reserve of LLC “SENS IT”, including conclusion, execution and termination of civil-law contracts; provision of paid and free services to subjects of personal data; improvement of quality of services provided; communication with the subjects of personal data for sending notifications, information and requests related to the activities of LLC “SENS IT”, as well as processing communications, statements, requests and other messages of subjects of personal data; provision of personal data subjects access to the use of the Internet site “SEN IT” and its functionality, in the Company “SEN IT” processed personal data:

4.4.1. Clients, customers and their representatives

• Surname, first name, patronymic;
• Organization, position;
• Contact details (phone, email);
• “Cookie” visitors to the site.

4.4.2. Соискателей:

• Surname, first name, patronymic, sex;
• Date and place of birth;
• Citizenship information;
• Education information;
• Profession, qualification, position;
• Family status, family composition;
• Passport data;
• Address, telephone number;
• Military information;
• Information about awards, rewards, honours;
• Social status information;
• Data of pension, health insurance, INH, SNCC;
• Employment information, work experience;
• Photography.

The basis for processing personal data is the Contract; Consent of the subject. The processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. In case of loss of necessity to achieve the stated purpose, personal data shall be destroyed. The destruction of personal data shall be carried out within the time limits established by law upon receipt of withdrawal of consent of the subject or on the occurrence of other legal grounds.

4.5. For the purpose of voluntary health insurance, personal data of employees are processed in LLC “SENS IT”:

• Surname, first name, patronymic;
• Date and place of birth;
• Passport data;
• СНИLS;
• INN;
• Data of DMC policy.

The basis for processing personal data is the subject’s consent. The processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. In case of loss of necessity to achieve the stated purpose, personal data shall be destroyed. The destruction of personal data shall be carried out within the time limits established by law upon receipt of withdrawal of consent of the subject or on the occurrence of other legal grounds.

4.6. In order to provide corporate SIM-card and mobile communication, personal data of employees are processed in the “SENC IT” company:

• Surname, first name, patronymic;
• Date and place of birth;
• Passport data;
• Place of work;
• Phone number.

The basis for processing personal data is the subject’s consent. The processing of personal data is carried out using automated means or without such means. The processing period of personal data is limited to the achievement of the stated purpose. In case of loss of necessity to achieve the stated purpose, personal data shall be destroyed. The destruction of personal data shall be carried out within the time limits established by law upon receipt of withdrawal of consent of the subject or on the occurrence of other legal grounds.

5.1. Personal data is collected directly from the subject of the personal data. If the provision of personal data and (or) obtaining consent by the operator for the processing of personal data is mandatory in accordance with the legislation of the Russian Federation, the subject of personal data is explained the legal consequences of refusing to provide such data and (or) consent to their processing.
5.2. Obtaining personal data from other persons is possible only if there are legal grounds. When personal data are obtained from other persons, except in cases where the personal data is obtained as part of a request for processing personal data or when the consent has been received by the sender, it is necessary to notify the subject.
5.3. Пre the collection of personal data, including through information and telecommunication network “Internet”, is provided for recording, systematization, accumulation, storage, updating (update, change), extraction of personal data of citizens of the Russian Federation using databases, located in the territory of the Russian Federation.

6.1. When processing personal data in “SENS IT” Ltd., the following actions are carried out: collection, recording, systematization, accumulation, storage, updating (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
6.2. Processing of personal data may be entrusted to a third party with the consent of the subject of personal data or on grounds provided by the legislation of the Russian Federation. A person processing personal data on behalf of the subject is not obliged to obtain consent for the processing of his or her personal data.
6.3. If the personal data is confirmed to be inaccurate, such personal data shall be updated within seven working days.

7.1. Storage of personal data is carried out in a form that allows the identification of the subject of personal data, no longer than required for the purposes of processing personal data, if the retention period of personal data is not set by the legislation of the Russian Federation or a treaty, whose party is the subject of personal data.
7.2. Personal data is stored with due regard to its confidentiality.
7.3. Personal data shall be transferred to archival storage in accordance with the legislation of the Russian Federation on archiving, shall be destroyed or de-identified when the purposes of processing are achieved or if it is no longer necessary to achieve these purposes, unless otherwise provided by the legislation of the Russian Federation or a treaty to which the subject of personal data is a party.

8.1. The transfer of personal data to a third party is carried out only with the consent of the subject of personal data or in cases expressly provided by the legislation of the Russian Federation.
8.2. The transfer of personal data to a state authority, local self-government body, security and law enforcement body, state institution and foundation, as well as other authorized body is allowed on grounds provided by the legislation of the Russian Federation.
8.3. Disclosure of personal data to a third party without the consent of the relevant subject is not permitted, except when it is necessary for the protection of life, health or other vital interests of the subject of the personal data.
8.4. Disclosure of personal data to a third party for commercial purposes without the consent of the respective subject is prohibited. Processing of personal data for the promotion of goods, works, services on the market, as well as for political propaganda is carried out only with the prior consent of the subject.
8.5. There is no cross-border transfer of personal data in foreign countries.

9.1. Processing of personal data authorized by the subject of personal data for dissemination is carried out taking into account compliance with the requirements provided by the legislation of the Russian Federation on personal data.
9.2. The subject consents to the processing of personal data permitted for dissemination, separately from other consents of the subject to the processing of his or her personal data.
9.3. If the subject itself discloses its personal data to an undefined circle of persons by means of a functional website or service of LLC “SENS IT” without giving appropriate consent, Further dissemination of personal data by other operators is possible only on the basis of consent of the respective subject to the processing of personal data authorized for dissemination.
9.4. In the consent to processing of personal data, which is authorized by the subject of personal data for dissemination, the subject of personal data has the right to make prohibitions on transmission (other than granting access) of these personal data by the operator to an unlimited number of persons, as well as prohibitions on processing or conditions of processing (other than obtaining access) of these personal data by an unlimited number of persons.

10.1. In the consent to processing of personal data, which is authorized by the subject of personal data for dissemination, the subject of personal data has the right to make prohibitions on transmission (other than granting access) of these personal data by the operator to an unlimited number of persons, as well as prohibitions on processing or conditions of processing (other than obtaining access) of these personal data by an unlimited number of persons.
10.2. If the subject withdraws consent to the processing of his or her personal data, the processing of such personal data must be terminated and if the storage of personal data is no longer required for the purposes of processing the personal data, such personal data shall be destroyed within thirty days from the date of receipt of the said withdrawal, unless otherwise provided for in the contract to which the beneficiary or guarantor is party, a different agreement between the operator and the subject of personal data or if the operator is not entitled to process personal data without the consent of the subject of personal data on the grounds provided by the legislation of the Russian Federation.
10.3. In case of detection of unlawful processing of personal data, the processing of such personal data shall be stopped within three working days. If the processing of personal data cannot be lawfully ensured, the personal data shall be destroyed within ten working days from the date of detection of unlawful processing.
10.4. If it is not possible to destroy personal data within the period specified in paragraphs 10.1-10.3, such personal data must be blocked and destroyed within a period of no more than six months, unless otherwise provided by the legislation of the Russian Federation.

11.1. The right of access to personal data processed in “SENC IT” Ltd has:

• Director General of “CEN IT”;
• Employees of “SENS IT” LLC for whom personal data processing is required in connection with the performance of their duties;
• Third parties processing personal data on behalf of “SENS IT” LLC, based on the contract (orders) concluded with this person.

11.2. Admission of employees of LLC “SENS IT” to personal data is carried out by a separate internal act.

12.1. Any entity whose personal data is processed in “SENS IT” LLC has the right to access its personal data, including the following information:

• Confirmation of personal data processing;
• Legal basis and purpose of personal data processing;
• Purposes and methods of processing personal data;
• The name and location of the operator, information on persons (except employees of the operator) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of legislation of the Russian Federation;
• The list of processed personal data relating to the data subject and the source from which they were obtained;
• Processing and storage times of personal data;
• Procedure for exercising the rights provided by the legislation of the Russian Federation;
• Information about the actual or intended cross-border data transfer;
• Name of the person processing personal data on behalf of the operator, if the processing is entrusted to a third party;
• Information on how the operator performs the duties set out in article 18.1 of Federal Law 152-F “About personal data”.

12.2. The “SENS IT” shall provide the information specified in paragraph 12.1, within ten working days from receipt of the request by the entity or its legal representative in the form in which the corresponding request was received (unless otherwise stated in the request). The response to a request should not contain personal data relating to other subjects of personal data, unless there are legal grounds for disclosure of such personal data. The deadline for responding to the request may be extended, but not more than five working days if the operator sends a reasoned notification to the subject indicating the reasons for extending the deadline for providing the requested information.

12.3. The request of the subject or his representative must contain:

• The number of the main document certifying the identity of the subject or his representative;
• Information about the date of issuance of the document and issuing authority;
• Information confirming the participation of the subject in relations with “SENIT IT” LLC (contract number, date of conclusion of the contract or other information), or information otherwise confirming the processing of personal data by “SENIT IT” LLC;
• The signature of the individual or his representative.

12.4. The subject has the right to reapply to CNT “IT” with a request for information specified in paragraph 12.1, no earlier than thirty days after the initial request or sending of the initial request.
12.5. The subject has the right to request that their personal data be updated, blocked or deleted if the personal data processed in “SEN IT” are incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of processing by “SEN IT”.
12.6. The subject has the right to withdraw their consent to the processing of personal data, if such has been given. The withdrawal of consent is sent by the subject to “SENS IT” and must contain the information specified in paragraph 12.3. In case of withdrawal by the subject of consent to processing personal data LLC “SENS IT” is entitled to continue processing personal data without the consent of the subject if there are grounds provided for by the legislation of the Russian Federation or a treaty, the party whose beneficiary or guarantor is the subject of personal data.

13.1. In order to fulfill the obligations of JSC “SENS IT” stipulated by the legislation of the Russian Federation on personal data, the following measures are taken:

• Appointment of the person responsible for organizing the processing of personal data;
• Issuance of documents defining the policy on personal data processing, local acts on personal data processing, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, Addressing the consequences of such violations;
• Application of legal, organizational and technical measures to ensure the security of personal data;
• Internal control of compliance with processing personal requirements of the legislation of the Russian Federation;
• Assessment of the harm that may be caused to the subjects of personal data in case of violation of legislation of the Russian Federation;
• Familiarization of employees of “SENS IT” LLC with the provisions of the legislation of the Russian Federation and local acts of “SENS IT” LLC.

13.1. In case of detection of the fact of improper or accidental transfer (provision, distribution, access) of personal data that caused violation of rights of subjects of personal data, LLC “SENS IT” notifies Roskomnadzor:

• within 24 hours from the discovery of the incident, the alleged causes that caused the violation of the rights of the subjects of personal data and the alleged harm caused to the rights of the subjects of personal data, the measures taken to remedy the consequences of the incident, Include details of the person responsible for communicating with you about the incident identified;
• Within 72 hours of becoming aware of the results of an internal investigation into the incident, as well as the persons whose actions caused the incident (if any).

14.1. When processing personal data, the necessary legal, organizational and technical measures are taken to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination, as well as from other unlawful acts in relation to personal data.
14.2. In order to ensure the security of personal data, the following activities are carried out by OOO “SENS IT”:

• Identifying personal data security threats in information systems;
• Application of organizational and technical measures to ensure the security of personal data when processed in information systems, which ensure compliance with the requirements for established levels of protection;
• Assessment of the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;
• Accounting for personal data carriers;
• Detection of unauthorized access to personal data and response to incidents;
• Recovery of personal data that has been modified or destroyed due to unauthorized access;
• Setting the rules of access to personal data processed in personal data information systems;
• Registration and recording of actions carried out with personal data in the information systems of personal data;
• Control of the measures taken to ensure personal data security in accordance with the established level of personal data protection.

15.1. For violation of the requirements established by the legislation of the Russian Federation, the Regulations on processing and protection of personal data and other local acts of LLC “SENS IT”, employees and other persons who have access to personal data are liable to disciplinary, administrative, civillegal and criminal liability in accordance with the Federal laws of the Russian Federation.

16.1. This policy shall be made available without restriction to all interested parties, including personal data subjects and authorities exercising control and oversight functions in the field of personal data.
16.2. This Policy enters into force from the moment of its approval and is valid indefinitely. Changes to the Policy are made by separate acts of LLC “SENS IT”. The current version of the Policy is posted on the official website of “SENS IT”.

Name: “SENS IT” Limited Company.

Abbreviated name: “SENS IT” LLC.

INN: 7736334541.

CAT: 772901001.

OGN: 1217700205623.

Legal address: 119607, Moscow, Sr. Ramenki municipality, b-r Ramensky, d. 1, p. 1

Postal address for appeals: 119607, Moscow, Fr. the municipal district of Ramenki, b-r Ramensky, d. 1, p. 1