PERSONAL DATA PROCESSING POLICY



  • General terms
This Personal data processing policy (hereinafter referred to as – “Policy”) is the fundamental internal document of TEAMIDEA GROUP LLC (hereinafter referred to as “TeamIdea” and/or “Company”), which regulates the processing of personal data. This Policy defines the basic principles, purposes, conditions and methods of personal data processing, the list of subjects and personal data processed in TeamIdea, TeamIdea functions in the processing of personal data, the rights of personal data subjects, as well as the requirements for personal data protection implemented in TeamIdea.

This Policy has been developed on the basis of the Constitution of the Russian Federation, the Labor Code of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and other regulatory legal acts of the Russian Federation in the field of personal data.

  • Terms and definitions.
For the purposes of this Policy, the following terms and definitions are used:“Personal data” means any information relating to a directly or indirectly identified or identifiable individual “Personal data operator” (hereinafter referred to as the “Operator”) means state authority, municipal authority, legal entity or individual person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data, subject to processing, actions (operations) performed with personal data.

“Personal data processing” means any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modifying), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data“Provision of personal data” means actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

“Dissemination of personal data” means actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

“User" means a person who has access to the site, services via the Internet and uses the site, services.

“Automated personal data processing” means processing of personal data using computer technology.

“Destruction of personal data” means actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and/or as a result of which the material carriers of personal data are destroyed.

“Personal data information system” means a set of personal data contained in databases and information technologies and technical means that ensure their processing.

“Cross-border transfer of personal data” means the transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual person or a foreign legal entity.

  • Principles and purposes of personal data processing.

The Company processes personal data of the Company’s employees and other personal data subjects who are not in an employment relationship with the Company.

The personal data processing in the Company is carried out taking into account the need to ensure the protection of the rights and freedoms of the Company’s employees and other subjects of personal data, including the protection of the right to privacy, personal and family secrets, based on the following principles:
The personal data processing is carried out in the Company on a legal and fair basis
The personal data processing is limited to the achievement of specific, predetermined and legitimate purposesIt is not allowed to process the personal data incompatible with the purposes of personal data collection.
It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other.
Only personal data that meet the purposes of their processing are subject to processing.
The content and scope of the processed personal data correspond to the stated purposes of processing. Redundancy of the processed personal data in relation to the stated purposes of their processing is not allowedWhen processing personal data, the accuracy of personal data, their sufficiency, and, if necessary, their relevance in relation to the purposes personal data processing, are ensured. The Company takes the necessary measures to delete or clarify incomplete or inaccurate personal dataStorage of personal data is carried out in a form that allows determining the subject of personal data, no longer than the purposes of personal data processing require if the period of storage of personal data is not under federal law, an agreement to which the subject of personal data is a party, beneficiary or guarantorThe processed personal data is destroyed or depersonalized upon achievement of the processing purposes or in case of loss of the need to achieve these purposes, unless otherwise under federal law.


Personal data is processed by the Company for the purposes of:
Ensuring compliance with the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation, local regulations of the CompanyPerforming the functions, powers and obligations assigned by the legislation of the Russian Federation to the Company, including the provision of personal data to state authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Compulsory Medical Insurance Fund, as well as other state authoritiesRegulation of labor relations with the Company’s employees (assistance in employment, training and promotion, ensuring personal safety, monitoring the quantity and quality of work performed, ensuring the safety of property).

Providing the Company’s employees with additional guarantees and compensations, including voluntary medical insurance, medical care and other types of social securityProtection of life, health or other vital interests of personal data subjectsPreparation, conclusion, execution and termination of contracts with counterpartiesExecution of judicial acts, acts of other authorities or officials subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedingsFor other legitimate purposes.

  • List of subjects whose personal data is processed by the Company
The Company processes personal data of the following categories of subjects:Candidates for vacant positions of the CompanyThe Company’s employees, relatives of the Company’s employees, within the limits determined by the legislation of the Russian Federation, if information about them is given by the employeeIndividuals with whom the Company enters into independent contractor agreementRepresentatives of legal entities – counterparties of the CompanyCounterparties of the Company – individual entrepreneursUsers of the services and the website owned by the Company: http://www.teamidea.ru/en/

Other subjects of personal data.

  • List of personal data processed by the Company
The list of personal data processed by the Company is determined in accordance with the legislation of the Russian Federation and local regulations of the Company, taking into account the purposes of processing personal data specified in Section 4 of this Policy, and includes data obtained during the implementation of labor and civil law relations, as well as in the selection of candidates for vacant positions of the CompanyProcessing of special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, intimate life is not carried out in the Company.

  • List of actions with personal data and methods of their processing.

The Company collects, records, systematizes, accumulates, stores, clarifies (updates, modifies), extracts, uses, transfers (distribution, provision, access), depersonalizes, blocks, deletes and destroys personal data. The processing of personal data in the Company is carried out in the following ways:Non-automated personal data processingAutomated personal data processing with or without transmission of the received information via information and telecommunication networksMixed personal data processing7Terms of personal data processingThe personal data processing in the Company is carried out with the consent of the personal data subject to the processing of his personal data, unless otherwise under the legislation of the Russian Federation in the field of personal dataThe Company does not disclose or distribute personal data to third parties without the consent of the personal data subject, unless otherwise under federal law.

  • Functions of the Company in the personal data processing
Company when processing personal data:Takes measures necessary and sufficient to ensure compliance with the requirements of the legislation of the Russian Federation and local regulations of the Company in the field of personal dataTakes legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal dataAppoints a person responsible for organizing the personal data processing in the CompanyIssues local regulations that determine the policy and issues of processing and protecting personal data in the CompanyFamiliarizes the Company’s employees directly engaged in the personal data processing with the provisions of the legislation of the Russian Federation and local regulations of the Company in the field of personal data, including the requirements for the protection of personal data, and training of these employees.

Publishes or otherwise provides unrestricted access to this PolicyInforms the personal data subjects or their representatives in accordance with the established procedure about the availability of personal data related to the relevant subjects, provides an opportunity to get acquainted with these personal data when applying and (or) receiving requests from the specified personal data subjects or their representatives, unless otherwise under the legislation of the Russian Federation FederationsTerminates processing and destroys personal data in cases under the legislation of the Russian Federation in the field of personal dataPerforms other actions under the legislation of the Russian Federation in the field of personal data.

  • Rights of personal data subjects
Personal data subjects have the right toReceive full information about their personal data processed by the CompanyDemand clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processingDemand the adoption of measures under law to protect their rightsGet access to their personal data with the right to receive a copy of any record containing their personal data, except as otherwise under federal lawWithdraw consent to the personal data processingAppeal against the actions or inaction of the Company to the authorized authority for the protection of the rights of personal data subjects or in courtConduct other rights under the legislation of the Russian Federation.

  • Company responsibilities
The Company is obliged:
To provide the personal data subject, upon his request, with information concerning his personal data processing, or legally provide a refusal within thirty days from the receipt date of the request of the personal data subject or his representative.
To explain to the personal data subject, the legal consequences of refusing to provide his personal data, if the provision of personal data is mandatory in accordance with federal law.
To take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
To publish on the Internet and provide unrestricted access using the Internet to the document defining its policy regarding the personal data processing, to information about the implemented requirements for the personal data protectionTo block illegally processed personal data related to the personal data subject.
To clarify the personal data of the subjects.
To terminate illegal personal data processing in case of detection of illegal personal data processing carried out by the Company.
To terminate the personal data processing and destroy personal data upon achievement of the purpose of personal data processing, unless otherwise under the agreement to which the personal data subject is a party, beneficiary or guarantor, if the purpose of personal data processing is achieved.
To terminate personal data processing and destroy personal data if the personal data subject withdraws consent to the personal data processing, if the Company does not have the right to process personal data without the consent of the personal data subject.
To perform other obligations under the legislation of the Russian Federation.

The Company’s employees are obliged:

To get acquainted with the Policy and internal documents regulating the personal data processing, and comply with the requirements of these documentsTo process personal data only within performing their work dutiesNot to disclose personal data, access to which was obtained within performing their work dutiesTo inform the employer about the facts of disclosure (destruction, distortion) of personal data.

  • Measures taken by the Company to ensure the fulfillment of the operator’s obligations in the personal data processingThe following measures are taken to ensure that the Company fulfills the operator’s obligations under the legislation of the Russian Federation in the field of personal data:
Appointment of a person responsible for organizing the personal data processing in the CompanyAdoption of local regulations and other documents in the field of processing and protection of personal dataConduction of training and methodological work with the Company’s employees responsible for organizing the personal data processingObtaining consents of personal data subjects to the processing of their personal data, except as otherwise under the legislation of the Russian FederationSeparation of personal data processed without the use of automation tools from other information, in particular by fixing them on separate material carriers of personal data, in special sectionsEnsuring separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal dataStorage of material carriers of personal data in compliance with the conditions that ensure the personal data safety and exclude unauthorized access to themImplementation of internal control over the compliance of the personal data processing with the Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it, the requirements for the personal data protection, this Policy, local regulations of the CompanyOther measures under the legislation of the Russian Federation in the field of personal date.

  • Timeframes for personal data processing
Timeframes of personal data processing (storage) are determined based on the purposes of personal data processing, in accordance with the contract validity period with the personal data subject, the requirements of federal laws, the basic rules for the operation of organizations archives, the statute of limitationsPersonal data whose processing (storage) period has expired must be destroyed, unless otherwise under federal law. Storage of personal data after the termination of their processing is allowed only after their depersonalization

  • Final provisions
This Policy may be revised in any of the following cases:When changing the legislation of the Russian Federation in the field of personal data processing and protectionIn cases of receipt of instructions from the competent state authorities to eliminate inconsistencies affecting the scope of the PolicyBy decision of the Company’s managementWhen changing the purposes of personal data processingWhen changing the organizational structure, the structure of information and/or telecommunication systems (or introducing new ones)When applying new technologies for processing and protecting personal data (including transmission, storage).

If there is a need to change the process of personal data processing related to the Company’s activities.

In case of non-compliance with the provisions of this Policy, the Company and its employees are liable in accordance with the current legislation of the Russian Federation.

This Policy and the relations between the personal data subjects and the Company arising in connection with the application of this Policy are the subject to the law of the Russian Federation
Let’s connect?
Fill in the form to schedule a 30-minutes business discovery call with our business consultants
[ Contact us ]
sales@ywis.consulting
Business Center 1, M Floor,
The Meydan Hotel,
Nad Al Sheba, Dubai, U.A.E
+971 56 125-9868