Petrovka 23/10 build.5
Everyday from 9 to 21
+7 (495) 132-36-60 ru
 
 

APPROVED by Director of LLC "Stomtsentr" Rudakov V.A Order No. 23 of February 8, 2016g

1. General Provisions

1.1. This document defines the policy of LLC "Stomtsentr" regarding the processing of personal data (hereinafter - PDD) of patients - representatives of legal entities and individuals that can be obtained from a subject or representative of a personal data subject who is a party to a civil law contract with the Company, or From a legal entity that entered into a civil legal relationship with LLC "Stomtsentr", from a personal data subject who is a visitor to LLC "Stomtsentr".

1.2. This Policy regarding the processing of personal data is developed in accordance with Part 2 of Art. 18.1 of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" and defines the procedure for processing personal data and measures to ensure Security of personal data in LLC "Stomtsentr" with the aim of protecting the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of privacy rights, personal and family secrets.

1.3. The Policy applies to all personal data of subjects processed Open Company "Стомцентр" with application of means of automation and without application of such means.

1.4. To regulate the procedures and processes for processing PDS, LLC "Stomtsentr" has the right to issue internal regulatory documents containing the requirements for protection and the procedure for processing PDN.

1.5. This Policy is put into effect by the order of the director of LLC "Stomtsentr".




2. Basic concepts and definitions

2.1. For the purposes of this Regulation, the following basic concepts are used:

Company - LLC "Stomtsentr"

The client - individuals (customers of medical services, patients) and legal entities (customers of medical services), with whom the Company is currently established, have already established civil law relations, or who express their intention to establish such relations by their actions.

  • Personal data - any information related to a directly or indirectly defined or determined individual (subject of personal data);
  • Processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, updating (updating, modification), extraction , Use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
  • Policy - this Policy regarding the processing of personal data in LLC «Stocenter».
  •  
  • Employees - full-time employees of the Company, with which LLC "Stomtsentr" concluded an employment contract, or freelance part-time employees on the basis of civil contracts.

2.2. The list of processed personal data subject to protection in LLC "Stomtsentr" is formed in accordance with the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data"

2.3. PDN clients of the Company are any information related to a natural person, directly or indirectly determined or determined by the client of LLC "Stomtsentr" (subject of the PDN).

2.4. Special categories PDN.

  • It is forbidden to process PDD about political, religious and philosophical beliefs, as well as about the intimate life of the client of the Company. These special categories of PDN are not used or processed in the Company's activities.
  • The Company has no right to process data on the previous conviction of the client, except in cases and in the manner determined in accordance with federal laws.
  • Data on the health of the client are processed by the Company for the purpose of carrying out medical activities in accordance with the license and the current legislation.
  • Information on the race and nationality of clients is not processed by the Company.
  • In the event that processing of special categories of the customer's PDD is required by the current legislation or for the performance of the Company's activities, such processing shall be performed with the written consent of the client, with the exception of cases stipulated by the legislation of the Russian Federation in the field of PDD.

2.5. Biometric PDN.

The Company does not process information that characterizes the physiological characteristics of clients and on the basis of which their identity can be established. Scanning of photos in documents that identify the identity of customers (for example, in passports) is not carried out in the Company.

2.6. Publicly available PDNs

For the purposes of information support of the activities of LLC "Stomtsentr", sources of PDD (including Cases, Address books) that are publicly available to the Company's employees can be created. Publicly available sources of PDD with the written consent of the client may include his surname, name, patronymic, year and place of birth, address, including e-mail address, client number, information about the profession and other PDDs reported by the PDD or listed in the PDD.

Information on the Company's client must be deleted at any time from publicly available PDD sources at the request of the client or by decision of the court or other authorized state bodies.




3. Conditions for processing personal data

3.1 Processing of personal data at LLC "Stomtsentr" is carried out on the basis of the following principles:

 

3.1.1. Legality and fairness of processing PDN.

3.1.2. Legality of the goals and ways of processing PDD and integrity.

3.1.3. Conformity of the objectives of the processing of MPD to the purposes, predetermined and claimed in the collection of the PDE, as well as the powers of the Company.

3.1.4. Correspondence of the content and volume of processed PDDs to the processing targets of PDN.

3.1.5. The reliability of PDN, their sufficiency for processing purposes, the inadmissibility of processing PDN, redundant in relation to the goals claimed when collecting PDN.

3.1.6. Inadmissibility of combining databases containing PDDs, processing of which is carried out for purposes incompatible with each other.

3.1.7. Storage of PDN should be carried out in a form that allows to determine the subject of PDN, no longer than the purpose of their processing requires.

3.1.8. Processed PDD are subject to destruction or depersonalization upon achievement of treatment objectives or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

3.2 The MPD entity is the owner of its PDDs and independently solves the issue of transferring its PDD to the Company.

3.3 The holder of the PDE is the Company to whom the PDD entity transfers its MPs into possession. The Company performs the function of owning these data and has the authority to dispose of them within the limits established by law.

3.4 Processing of PDD clients is carried out with their consent to the processing of their PDD, as well as in other cases provided for by Article 6 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data". Consent to the processing of PDD can be given by the client or his legal representative in any form that allows to confirm the fact of his receipt, unless otherwise provided by federal law. In case of obtaining consent for the processing of the PDD from the representative of the client, the authority of this representative is checked by the Company.

3.5 In the cases provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data", PDD processing is performed only with the consent of the personal data subject in writing.




4. Goals and Terms for Processing Personal Data

4.1. The Company processes the PDD in order to fulfill the functions assigned to the Company by the legislation of the Russian Federation in accordance with (including but not limited to) the Civil Code of the Russian Federation, the Tax Code of the Russian Federation, federal laws, in particular, "On Countering the Legalization (Laundering) of Incomes , "On the Fundamentals of Citizens' Health Protection in the Russian Federation", "On the Rights of Consumers", "On Personal Data", "On Accounting", " Answered in the performance of their statutory acts of the Russian Government, conducting marketing activities to establish and further strengthen relations through direct contact with customers, carrying out statistical processing of personal data for the evaluation of customer satisfaction level of services and for other purposes within the framework of existing legislation.

4.2. The company collects the PDD only in the amount necessary to achieve these goals. Other purposes of processing PDEs are allowed in the event that these actions do not contradict

  Current legislation, the activities of the Company and on the conduct of this processing received the consent of the client of the Company.

4.3. The storage of personal data is carried out in a form that allows the subject of personal data to be determined no longer than the purpose of personal data processing requires, unless the period of personal data storage is established by a federal law, a contract to which the subject of personal data is a party whose beneficiary or guarantor is the subject. The processed personal data is subject to destruction, or depersonalization upon achievement of processing purposes or in case of loss of the need to achieve these goals, unless otherwise provided by federal law.

4.4. Terms for the processing of personal data are determined in accordance with the period of validity of civil law relations between the subject of the PD and the Company; The period of limitation of actions; The terms specified in the consent of the personal data subject; By the terms established by the Order of the Ministry of Culture of the Russian Federation of 25.08.2010 No. 558 "On approval of the" List of standard administrative archival documents formed in the course of activity of state bodies, local governments and organizations, indicating the terms of storage "; The terms of storage of medical records established by the Order of the Ministry of Health of the USSR of October 4, 1980 No. 1030 "On the approval of forms of primary medical records of health care institutions", as well as other requirements of the RF legislation and regulatory documents of the Company.

4.5. The Company creates and stores documents containing information about subjects of personal data. The requirements for the use of these standard forms of documents in the Company are established by the Decree of the Government of the Russian Federation of September 15, 2008, No. 687 "On approval of the Regulations on the Specifics of Processing Personal Data Performed Without the Use of Automation Means".




5. Rights and Responsibilities

5.1. Obligations of the Company

The company, as an operator of personal data, is obliged:

  • To provide the subject of personal data upon his request with information concerning the processing of his personal data, or on legal grounds to provide a refusal;
  • At the request of the personal data subject, to refine the personal data being processed, to block or delete, if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of the processing;
  • To keep the Register of appeals of subjects of personal data, where inquiries of subjects of personal data should be recorded to receive information about personal data, as well as the facts of providing personal data on these requests;
  • Notify the subject of personal data on the processing of personal data in the event that personal data were not obtained from the subject of personal data;

In the event that the purpose of processing personal data is achieved, immediately terminate the processing of personal data and destroy the relevant personal data within a period not exceeding thirty days from the date of achieving the objective of processing personal data, unless otherwise provided by the legislation of the Russian Federation and notify the subject of personal data or his Legal representative, and in case the request or request was sent by the authorized body for the protection of the rights of subjects of personal data,

Also specified body;

  • In the event of the subject's withdrawal of personal data from consent to the processing of his personal data, stop processing personal data and destroy personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal unless otherwise provided by the agreement between the Company and the personal data subject or the requirements of the legislation of the Russian Federation Federation;
  • Notify the subject of personal data about the destruction of his personal data;
  • In case of receipt of the subject's request to stop processing personal data in order to promote goods, works, services on the market, immediately stop processing personal data;
  • To provide personal data to the state and other authorized bodies, if it is provided by the current legislation of the Russian Federation (tax, law enforcement agencies, etc.);
  • Process the personal data of the subject without his consent, in cases stipulated by the legislation of the Russian Federation.

5.2. Rights and obligations of the subject of personal data The subject of personal data has the right:

  • Require clarification of their personal data, blocking or destroying them in case personal data are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights;
  • Require a list of their personal data processed by the Company and the source of their receipt;
  • Receive information about the processing of their personal data, including the time of their storage;
  • Require the notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made in them;
  • Appeal to the authorized body for the protection of the rights of subjects of personal data, or in the judicial order, wrongful acts or omissions when processing its personal data;
  • To protect their rights and legitimate interests, including compensation for damages and (or) compensation for moral harm in court.



6. Measures to ensure the safety of personal data during processing

6.1. When processing personal data, the Company takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as other illegal actions with respect to personal data.

6.2. Ensuring the security of personal data is achieved, in particular:

 
  • Identification of threats to the security of personal data when processed in Information systems of personal data;
  • Use of organizational and technical measures to ensure the safety of personal data when processing them in personal data information systems required to meet the requirements for the protection of personal data, the fulfillment of which is ensured by the levels of protection of personal data established by the Government of the Russian Federation;
  • Evaluation of the effectiveness of measures taken to ensure the security of personal data prior to putting into operation the personal data information system;
  • Taking into account the computer carriers of personal data;
  • Detection of unauthorized access to personal data and taking measures to exclude such access in the future;
  • Restoration of personal data, modified or destroyed due to unauthorized access to them;
  • Establishment of rules for access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
  • Control of measures taken to ensure the security of personal data and the level of security of information systems for personal data.



7. Final Provisions

7.1. This Policy is publicly available and is subject to placement on the territory of the Company and publication on the Internet site of LLC "Stomtsentr" http://www.petrovka-23.com with indication of the version of the document and the date of introduction.

7.2. This Policy is subject to amendment, amendment in case of amending the existing legislative acts and the appearance of new legislative acts, and special regulatory documents on the processing and protection of personal data.

7.3. Control over the implementation of the requirements of this Policy is carried out by the Director of the Company.

7.4. Responsibility of officials of the Company who have access to personal data for non-compliance with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the laws of the Russian Federation and internal documents of the Company.