Apply now
EN RU
Apply now

Privacy Policy of Personal Data of the Website Users Autonomous Non-profit Organization “Regional Recruitment Agency”

Privacy Policy of Personal Data of the Website Users Autonomous Non-profit Organization “Regional Recruitment Agency”

1. General clauses

1.1 This Policy of Privacy of Personal Data of Website Users (hereinafter — the Policy) is adopted by Autonomous non-profit organization “Regional Recruitment Agency” (hereinafter — the Operator), TIN 5260482877, OGRN 1225200011981, and applies to all information that the Operator may obtain about the User of the ANO “OKA” https://oka-agency.com/ website from any device and when communicating with the Operator in any form.
1.2 The Policy regulates the relations between the Operator and any natural person (website user and other person specified in Section 4) on the processing of such person’s personal data submitted by him/her to the Operator. The Policy also explains how the Operator processes and protects the personal data of the subjects.
1.3 The Policy applies to all personal data processing operations performed by the Operator, as well as to all information that the Operator and/or other authorized persons acting on behalf of the Operator may obtain about the subject of personal data.
1.4 The Policy applies to the relations in the field of personal data processing that have arisen at ANO “OKA” both before and after the approval of this Policy. The Policy is updated in cases of:
• changes in personal data legislation;
• identification of inconsistencies affecting the processing and (or) protection of personal data, based on the results of control over compliance with the requirements for processing and (or) protection of personal data;
• as decided by the Operator.
1.5 Pursuant to the requirements of part 2 of Article 18.1 of the Law on Personal Data, this Policy is published in free access in the information and telecommunication network Internet on the website of ANO “OKA”.
1.6 Basic terms used in the Policy:
personal data — any information relating to a directly or indirectly defined or identifiable natural person (subject of personal data);
personal data controller (operator) — a state authority, municipal authority, legal entity or natural person, independently or jointly with other persons organizing and (or) carrying out processing of personal data, as well as determining the purposes of personal data processing, composition of personal data subject to processing, actions (operations) performed with personal data;
processing of personal data — any action (operation) or set of actions (operations) with personal data, performed with or without the use of automation tools. Processing of personal data includes:
• collection;
• recording;
• systematization;
• accumulation;
• storage;
• clarification (update, change);
• extraction;
• usage;
• transfer (distribution, provision, access);
• depersonalization;
• blocking;
• deletion;
• annihilation;
automated processing of personal data — processing of personal data by using computer equipment;
dissemination of personal data — actions aimed at disclosure of personal data to an indefinite number of persons;
provision of personal data — actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
blocking of personal data — temporary termination of personal data processing (except for cases when processing is necessary to clarify personal data);
destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
depersonalization of personal data — actions, as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information;
personal data information system — a set of information technologies and technical means contained in databases of personal data and ensuring their processing;
cross-border transfer of personal data — transfer of personal data to the territory of a foreign country to a foreign authority, a foreign natural person or a foreign legal entity.
1.7. Basic rights and obligations of the Operator.
1.7.1 The Operator has the right to:
1) independently determine the composition and the list of measures necessary and sufficient to ensure the fulfillment of obligations foreseen by the Law on personal data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on personal data or other federal laws;
2) entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided for by federal law, on the basis of an agreement concluded with by this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing foreseen by the Personal Data Law;
3) in case the personal data subject revokes his/her consent to personal data processing, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
1.7.2 The Operator is obliged:
1) organize the processing of personal data in accordance with the requirements of the Personal Data Law;
2) respond to appeals and requests of personal data subjects and their legal representatives in accordance with the requirements of the Law on personal data;
3) report to the authorized organization for the protection of the rights of personal data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this organization the necessary information within 30 days from the date of receipt of such a request.
1.8 The basic rights of the personal data subject.
1.8.1 The subject of personal data has the right:
1) receive information regarding the processing of his/her personal data, except in cases provided for by federal laws. Information is provided to the subject of personal data by the Operator in an accessible form and shall not contain personal data relating to other subjects of personal data, except in cases where there are legal grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
2) to demand from the Operator to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect his rights;
3) appeal to Roskomnadzor or in court against unlawful acts or omissions of the Operator in processing his/her personal data;
4) revoke the previously submitted consent to the processing of personal data.
1.9. Control over the fulfillment of the requirements of this Policy is implemented by the authorized person responsible for the organization of personal data processing at the Operator.
1.10. Responsibility for violation of the requirements of the legislation of the Russian Federation and normative acts of ANO “OKA” in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.

2. Purposes of personal data collection

2.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Only personal data that meet the purposes of there is processed. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

2.2. The Operator process personal data for the following purposes:

  • ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
  • creating an environment for the development of the labor market in Nizhny Novgorod region, assisting employees in finding employment, providing migration and legal consulting services for all categories of foreign citizens wishing to move to Russia (Nizhny Novgorod region) and Russian employers (Nizhny Novgorod region) interested in foreign labor force for further employment;
  • realization of civil law relations;
  • providing access to the Site, its content, to the functionality of the service, for administration of the Site;
  • identification when registering on the Site and/or using the Site;
  • provision of services and facilities available on the Site;
  • processing incoming requests and applications from individuals in order to provide consultation on various issues related to the Operator’s activities;
  • establishing feedback, including notifications and inquiries;
  • confirmation of the completeness of the personal data provided;
  • collection of statistics by the Operator;
  • improving the quality of the Website and its services, their usability and the development of new services;
  • marketing (advertising) activities, sending offers, information and advertising mailings by the Operator and receiving them by the User to promote the Operator’s services on the market, including through direct contacts;
  • providing effective customer and technical support in case of problems related to the use of the Site.

2.3. Processing of personal data may be carried out solely on condition of ensuring compliance with laws and other regulatory legal acts.

3. Legal basis for personal data processing

3.1. The legal basis for personal data processing is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
• Constitution of the Russian Federation;
• Civil Code of the Russian Federation;
• Labor Code of the Russian Federation;
• Tax Code of the Russian Federation;
• Federal Law of 12.01.1996 No. 7-FZ “On Non-Profit Organizations”;
• Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter — the Personal Data Law);
• Federal Law No. 149-FZ dated 27.07.2006 “On Information, Information Technologies and Information Protection”
• other normative legal acts regulating relations related to the Operator’s activities.
3.2. The legal basis for the processing of personal data is also:
• the charter of ANO “OKA”;
• contracts concluded between the Operator and personal data subjects;
• consent of personal data subjects to the processing of their personal data.

4. Scope and categories of processed personal data, categories of personal data subjects

4.1. The content and scope of processed personal data shall correspond to the stated purposes of processing as provided for in this Policy. Processed personal data shall not be redundant in relation to the stated purposes of their processing.
4.2. The Operator may process the following personal data:
4.2.1. the data specified in the special forms located on the Website by filling in the relevant text fields and/or files attached to the forms, namely:

  • name;
  • last name;
  • citizenship or residence permit of another country;
  • date of birth;
  • place of birth;
  • Education;
  • Photo;
  • language skills, including language proficiency;
  • family composition, including the presence of relatives in Russia;
  • information on the presence/absence of a criminal record;
  • phone;
  • e-mail;
  • information about the User’s plans for the period of stay in Russia, including planned work, starting a business, education, place and period of residence;
  • other information about the User, corresponding to the purposes of personal data processing, left by the
  • User in special forms located on the Website, by filling in the appropriate text fields and/or files attached to the forms.

4.2.2. Data that are automatically transferred in the process of browsing and visiting the pages of the Site (cookies). The use of cookies is regulated by Section 9 of this Policy;
4.2.3. IP address and statistics about IP addresses.
4.2.4. Data about the User that will become known in the course of execution of contracts (in case of conclusion of a contract between me and the Operator), as well as other publicly available information about the User.
4.3. The Operator does not process biometric personal data (information that characterizes physiological and biological features of a person on the basis of which his/her identity can be established).

5. Procedure and conditions of personal data processing

5.1. Processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. When processing personal data, their accuracy, sufficiency, relevance in relation to the purposes of personal data processing shall be ensured.
5.3. The Operator processes personal data with or without the use of automation tools. At the same time, the Operator complies with the requirements for automated and non-automated processing of personal data foreseen by the law and regulatory legal acts adopted in accordance therewith.
5.4. Processing of personal data is carried out with the consent of personal data subjects to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation (for the administration of justice, execution of a judicial act, act of a state organization or official subject to execution in accordance with the legislation on enforcement proceedings, transfer of data to authorities of inquiry and investigation, other cases provided for by the legislation of the Russian Federation).
5.5. The consent of personal data subjects to the processing of their personal data is valid from the day of its signing until the day of revocation in written/electronic form.
5.6. The processing of personal data is carried out by:
• receiving personal data verbally and in writing directly from personal data subjects;
• obtaining personal data from publicly available sources;
• entering personal data into the Operator’s journals, registers and information systems;
• using other methods of personal data processing.
5.7. Disclosure to third parties and dissemination of personal data without the consent of the subject of personal data is not allowed, unless otherwise provided for by federal law.
5.8. The Operator, on the basis of a separate consent of the personal data subject, processes certain categories of personal data authorized by the subject for dissemination and providing access to an unlimited number of persons through their posting on the website, including in presentations, articles; in photo, audio and other works; in advertising on the Internet; in social networks — in official groups or accounts.
5.9. Processing of personal data is carried out during the period of validity of the personal data subject’s consent.

6. Protection of personal data

6.1. The Operator takes necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, dissemination and other unauthorized actions, including:
• determines the security threats to personal data during its processing;
• adopts local normative acts and other documents regulating relations in the field of personal data processing and protection;
• appoints persons responsible for ensuring personal data security in the structural subdivisions and information systems of the Operator;
• creates the necessary conditions for working with personal data;
• organizes accounting of documents containing personal data;
• organizes work with information systems where personal data are processed;
• stores personal data in conditions that ensure their safety and prevent unauthorized access to them;
• organizes training of the Operator’s employees processing personal data.
6.2. The Operator implements the following measures to ensure confidentiality and security of personal data processing:
• a security regime is organized for the premises where information systems are located, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have the right of access to these premises;
• approved the document defining the list of persons whose access to personal data processed in the information system is necessary for them to fulfill their contractual obligations to the Operator;
• the requirements established by the Resolution of the Government of the Russian Federation No. 687 dated 15.09.2008 “On Approval of the Regulation on the peculiarities of personal data processing carried out without the use of automation means” are implemented.
6.3. The Operator’s employees whose job description includes personal data processing are allowed to process personal data.
6.4. The Operator stores personal data in a form that allows to identify the subject of personal data for no longer than required by the purposes of personal data processing, unless the period of personal data storage is established by federal law, contract.

7. Updating, correction, deletion and destruction of personal data, responses to requests of subjects for access to personal data

7.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in part 7 of Article 14 of the Law on Personal Data is provided by the Operator to the personal data subject or his/her representative upon receipt of the personal data subject’s or his/her representative’s request sent to the Operator in writing.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
The information provided is not include personal data relating to other personal data subjects, unless there are legitimate grounds for disclosure of such personal data.
The request must contain:
• number of the personal data subject’s or his/her representative’s identity document, information on the date of issue of the said document and the issuing authority;
• information confirming the personal data subject’s participation in relations with the Operator (contract number, date of contract conclusion, and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
• signature of the personal data subject or his/her representative.
If the appeal (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on personal data or the subject does not have access rights to the requested information, a reasoned refusal is sent to him.
The right of the personal data subject to access his/her personal data may be restricted in accordance with part 8 of Article 14 of the Law on Personal Data, including if the access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.
7.2. If inaccurate personal data is revealed upon application of the personal data subject or his/her representative or upon their request or upon request of Roskomnadzor, the Operator blocks personal data related to this personal data subject from the moment of such application or receipt of the said request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information submitted by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and remove the blocking of personal data.
7.3. In case of detection of unlawful processing of personal data upon application (request) of a personal data subject or his/her representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data related to this personal data subject from the moment of such application or request.
7.4. The Operator stops processing personal data:
• after the deadlines have passed;
• when the purposes of their processing have been achieved or when it is no longer necessary to achieve these purposes;
• at the request of the personal data subject (in respect of personal data that are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing);
• in case the personal data subject revokes his/her consent to the processing of his/her personal data;
• in case of termination of the Operator’s activity.
7.5. Withdrawal of consent to the processing of his/her personal data is made on the basis of the provisions of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” by personal application or by sending a free-form written application by registered letter with acknowledgement of receipt to the Operator or to the following e-mail address: info@okakreml.ru.
7.6. Destruction of personal data is performed in the following cases:
• unlawful processing of personal data;
• personal data is redundant for the stated purpose;
• withdrawal of consent to the processing of personal data;
• achievement of the purpose of personal data processing or loss of the need to achieve this purpose;
• expiration of personal data retention periods established by regulatory legal acts of the Russian Federation;
• recognition of personal data unreliability or obtaining them illegally at the request of the authorized body for the protection of the rights of personal data subjects.
7.7. Methods of destruction:
• destruction of personal data from information systems is performed by built-in means of the information system and is performed by the Operator;
• destruction of paper carriers containing personal data is carried out by shredding the papers by means of a shredder.
Upon destruction of personal data, the Operator draws up an Act on destruction of personal data.

8. Rules on cross-border transfer of personal data

8.1. The Operator processes personal data using databases located on the territory of the Russian Federation.
8.2. Before commencing the transborder transfer of personal data, the Operator is obliged to ensure that the foreign state, on whose territory the transfer of personal data is to be carried out, provides reliable protection of the rights of personal data subjects and notify the state authority authorized in the personal data field of the intention to carry out transborder transfer of personal data on the territory of foreign states that meet these requirements.
8.3. Before commencing the transborder transfer of personal data to the territory of a foreign state, which does not provide reliable protection of the rights of personal data subjects, the Operator is obliged to obtain the permission of the state authority authorized in the field of personal data to carry out transborder transfer of personal data in the territory of such foreign states.

9. Cookie policy

9.1. A cookie is a small piece of data containing information about a visit to a website that is received and processed by the device used by the User to access the website. Cookies store and send back to the website information that helps the User when using the website.
9.2. The Operator uses the following cookies:

  • date and time of access;
  • the address of the visited page;
  • source of input;
  • referrer (address of the previous page);
  • behavioral information (including number and name of pages viewed);
  • other technical data (data on technical means (including mobile devices) and methods of technological interaction with the Site and its services (including the type of the User’s operating system, browser type, geographical location, data on the provider, etc.);
  • about the User’s activity when using the Site;
  • about information about errors given to the User;
  • about the downloaded files;
  • instruments;
  • as well as other data obtained by the means set forth in this consent.

9.3. The Operator may also use web beacons (pixel tags) to access cookies previously placed on the User’s device for the following purposes:

  • Determining the User’s actions on websites and in the process of using products and services by accessing and using cookies stored on the User’s device;
  • Collecting analytical information related to the performance of the sites, products and services, and the Operator’s offerings.

9.4. The information contained in cookies is used by the Operator only for the purposes specified above. The data is stored on the User’s device for a period that may depend on the respective type of cookies, but not exceeding the period necessary to achieve their purpose, after which they are automatically deleted from the User’s device.
9.5. The User may independently manage the cookie files by changing the browser settings. Changes to the user’s settings that result in the blocking or deletion of cookies may result in the inaccessibility of certain components of the Website.

10. Final provisions

10.1. The Policy may be unilaterally changed by the Operator by means of its approval by the General Director of ANO “OKA” and posting the new version on the Operator’s platform.

Autonomous Non-profit Organization “Regional Recruitment Agency” (ANO “OKA”)
TIN 5260482877
OGRN 1225200011981
E-mail: info@okakreml.ru