Privacy Policy

1.1.           In order to comply with the requirements of the current legislation of the Russian Federation in full, EGIS-RUS LLC (hereinafter referred to as the Operator) considers its most important tasks to comply with the principles of legality, fairness and confidentiality in personal data processing, as well as to ensure its processing safety.

1.2.           This policy of arranging personal data processing and security at EGIS-RUS LLC (hereinafter referred to as the Policy) is characterized by the following features:

-               it is developed in order to implement the requirements of the current legislation of the Russian Federation in the area of personal data processing and protection;

-               discloses the methods and principles of personal data processing by the Operator, the rights and obligations of the Operator when processing personal data, the rights of personal data subjects, and also includes a list of measures used by the Operator in order to ensure personal data security during its processing;

-               is a publicly available document declaring the conceptual foundations of the Operator activities in personal data processing and protection.

1.3.           Before starting personal data processing, the Operator has notified the authorized body for the protection of the rights of personal data subjects of its intention to process personal data. The Operator in good faith and within the appropriate time period updates the information specified in the notification.

 

 

 

 

 

 

Personal data is any information relating to a directly or indirectly identified or identifiable natural person (personal data subject).

Personal data operator (operator) is a state body, municipal body, legal entity or individual, independently or jointly with other persons arranging and (or) performing personal data processing, as well as determining the personal data processing purposes, the content of personal data to be processed, actions (operations) performed with personal data.

Personal data processing is any action (operation) or a set of actions (operations) with personal data performed with or without automation tools use. Personal data processing includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

Automated personal data processing is processing of personal data using computer technology.

Personal data distribution is actions aimed at disclosing personal data to an indefinite circle of persons.

Providing personal data is actions aimed at disclosing personal data to a certain person or a certain circle of persons.

Blocking personal data is a temporary suspension of personal data processing (unless the processing is necessary to clarify personal data).

Personal data destruction is actions, as a result of which it becomes impossible to restore the personal data content in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

Personal data depersonalization is actions, as a result of which it becomes impossible to determine personal data ownership by a specific personal data subject without the use of additional information.

Personal data information system is a set of personal data contained in databases and information technologies and technical means ensuring its processing.

Cross-border transfer of personal data is personal data transfer to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.

Special categories of personal data are special categories of personal data relating to race, nationality, political opinions, religious or philosophical beliefs, trade union membership, health status and intimate life.

Biometric personal data is information characterizing physiological and biological peculiarities of a person, based on which it is possible to establish its identity.

Personal data permitted for distribution by a personal data subject is personal data, access to which is granted to an unlimited number of persons by the personal data subject by giving consent to personal data processing permitted for distribution by the personal data subject in the manner prescribed by this Federal Law.

Person responsible for arranging personal data processing is an individual or legal entity appointed by EGIS-RUS LLC responsible for arranging personal data processing.

Personal data processing should be limited to the achievement of specific, predetermined and legitimate purposes. The personal data subject, giving consent to its personal data processing, shall be informed about the purposes of its processing. The processing purposes shall be included in the consent form of the personal data subject. It is not allowed to process personal data that is incompatible with the personal data collecting purposes.

3.1.           The Operator is entitled to:

-               receive reliable information and/or documents containing personal data from a personal data subject;

-               require a personal data subject to timely clarify the provided personal data.

3.2.           The Operator is obliged to:

-               process personal data in the manner prescribed by the current legislation of the Russian Federation;

-               consider the appeals of a personal data subject (his/her legal representative) on personal data processing and give reasoned answers;

-               provide a personal data subject (his/her legal representative) with the opportunity of free access to his/her personal data;

-               take measures to clarify, destroy the personal data of a personal data subject due to his/her (his/her legal representative) appeal with legal and reasonable demands;

-               arrange the protection of personal data in accordance with the requirements of the legislation of the Russian Federation.

4.1.           A personal data subject is entitled to receive information about his/her personal data processing by the Operator.

4.2.           A personal data subject is entitled to demand from the Operator the clarification of this personal data, its blocking or destruction in case it is incomplete, outdated, inaccurate, illegally obtained or cannot be considered necessary for the indicated processing purpose, as well as to take measures provided by law to protect his/her rights.

4.3.           The right of a personal data subject to access his/her personal data may be limited in accordance with federal laws, including in case the access of a personal data subject to his/her personal data violates the rights and legitimate interests of third parties.

4.4.           To exercise and protect his/her rights and legitimate interests, a personal data subject is entitled to contact the Operator. The Operator considers any appeals and complaints from personal data subjects, carefully investigates the facts of violations and takes all necessary measures to eliminate them immediately, hold the liable persons accountable and resolve disputes and conflict situations in pre-trial order.

4.5.           A personal data subject is entitled to appeal against the actions or inaction of the Operator by contacting the authorized body for the protection of the rights of personal data subjects.

4.6.           A personal data subject is entitled to withdraw consent to personal data processing.

4.7.           A personal data subject is entitled to protect his/her rights and legitimate interests, including compensation for losses and/or compensation for moral damage in court.

4.8.           A personal data subject is obliged to provide the Operator with only reliable data about himself/herself, as well as provide documents containing personal data to the extent necessary for the processing purpose.

4.9.           A personal data subject is obliged to inform the Operator about the clarification (update, change) of his/her personal data.

4.10.      A person who has provided the Operator with false information about himself/herself or information about another personal data subject without the consent of the latter is liable in accordance with the legislation of the Russian Federation.

5.1.           Personal data processing in EGIS-RUS LLC is limited to the achievement of specific, predetermined and legitimate purposes.

5.2.           Personal data is processed by EGIS-RUS LLC for the following purposes:

1)            attraction and consideration of candidates for filling vacant positions, including through verification and requests for additional information, to assess business qualities in order to decide on the refusal to conclude/on the conclusion of an employment contract, or inclusion in the candidates pool for the purpose of possible employment in the future;

2)            conclusion of any contracts with personal data subjects, and further performance of obligations under the concluded contracts;

3)            informing personal data subjects in the framework of professional activities, including informing about events held and (or) arranged by EGIS-RUS LLC;

4)            conducting surveys, interviews, lectures, and other events by EGIS-RUS LLC with the participation of personal data subjects;

5)            publication of scientific results of professional activities of personal data subjects;

6)            maintenance of databases containing personal data of individuals interacting with the Operator, including on scientific activities, for business contacts and information distribution, including advertising-like;

7)            provision of scientific, medical and other information to personal data subjects, including information about the products and services of EGIS-RUS LLC, and information distribution, including advertising-like;

8)            collection of information about consumers of products of EGIS-RUS LLC, including products under Egis trademark, and consumer opinions about products of EGIS-RUS LLC, in particular about its quality;

9)            compliance with the requirements of the legislation of the Russian Federation on pharmacovigilance, including monitoring the safety of medicines (pharmacovigilance) and improving the goods quality;

10)        compliance with the codes requirements of international associations of pharmaceutical companies (EFPIA, AIPM);

11)        compliance with and implementation of the mandatory requirements of the legislation of the Russian Federation in the area of compulsory medical, pension insurance, labor, civil and tax legislation, including legislation in the area of consumer protection, labor protection, etc.;

12)        conducting personnel management and arranging records of employees (workers) of EGIS-RUS LLC;

13)        regulation of labor and other relations directly related thereto, including assistance to employees (workers) in employment, training and promotion, as well as setting wages, calculating wages and paying it, and ensuring the personal safety of employees;

14)        ensuring the legitimate interests of EGIS-RUS LLC, including maintaining internal order, protecting property and possessions;

15)        use of benefits, compensations and bonuses provided for by the legislation of the Russian Federation and local regulations of EGIS-RUS LLC;

16)        registration of voluntary medical insurance and life and health insurance against accidents;

17)        assistance in obtaining visas, invitations and travel tickets, as well as hotel reservations;

18)        providing employees with mobile communications;

19)        issuance of official vehicles and assistance in transport services rendering;

20)        preventative measures and prevention of infectious diseases spread;

21)        arrangement of incentive programs for personal data subjects;

22)        implementation of representation, including powers of attorney execution;

23)        performing business activities, including sending and receiving correspondence and other postal items, as well as providing access to the Operator IT resources and providing support in their use;

24)        arrangement of access control to the Operator territory;

25)        placement of personal data of personal data subjects on public resources, including the websites of EGIS-RUS LLC and affiliated companies, including those belonging to the same group with EGIS-RUS LLC, as well as official pages on social networks, for information support in cases provided for by the law and local regulations of EGIS-RUS LLC, as well as to promote Egis brand and companies belonging to the same group with EGIS-RUS LLC, and improve loyalty to Egis brand;

26)        implementation of mandatory information disclosure for the Operator and ensuring compliance with the requirements of the law when making management decisions;

27)        providing employees with an electronic signature;

28)        communication in emergency cases;

29)        formation and maintenance of a database containing personal data of individuals – representatives of legal entities and individual entrepreneurs, for business contacts;

30)        analysis of user actions on the website and the functioning of the website, as well as registration on the Operator websites;

31)        feedback with personal data subjects, including reception and processing of their requests and appeals, as well as congratulations on the holidays;

32)        communication or obtaining/providing information necessary for activities implementation;

33)        obtaining (registration) and storage of personal data and its carriers in accordance with the legislation of the Russian Federation and local regulations of EGIS-RUS LLC for of activities provided for by the Company Charter;

34)        implementation of other functions, powers and duties assigned to EGIS-RUS LLC by the legislation of the Russian Federation and local regulations of EGIS-RUS LLC.

5.3.           EGIS-RUS LLC does not process personal data that is incompatible with the personal data collecting purposes.

5.4.           It is not allowed to combine databases containing personal data, the processing of which is performed for purposes that are incompatible with each other.

6.1.           The Policy has been developed in accordance with the current legislation of the Russian Federation in the area of personal data processing and protecting.

6.2.           The legal grounds for personal data processing, in accordance with which EGIS-RUS LLC processes personal data, in addition to the legislation of the Russian Federation in the area of personal data processing and protection, also include:

-               the Operator statutory documents;

-               agreements concluded between EGIS-RUS LLC and personal data subjects;

-               consent of personal data subjects to personal data processing;

-               other grounds when consent to the processing of personal data is not required by the virtue of law.

6.3.           In pursuance of the Policy, the Operator head has approved the “Regulations on arranging personal data processing and ensuring security at EGIS-RUS LLC”, as well as other local regulations of the Operator in the area of personal data processing and protecting.

7.1.           The Operator in its activities ensures compliance with the principles of personal data processing specified in Art. 5 of the Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data”.

7.2.           The Operator processes the following categories of personal data subjects:

-               Applicants;

-               Employees;

-               Dismissed employees;

-               Relatives of employees;

-               Recommenders;

-               Health professionals;

-               Applicants of adverse events;

-               Consumers of products and their legal representatives;

-               Individuals – representatives of legal entities, individual entrepreneurs.

7.3.           The contents of the processed personal data for each category is given below:

1)        Applicants:

-               last name, first name, patronymic;

-               date of birth (day, month, year);

-               place of birth;

-               citizenship;

-               gender;

-               type and data of the identity document (series, number, when and by which authority issued, subdivision code);

-               address of actual residence;

-               address of registration at the place of residence/stay;

-               information about the registration availability at the place of residence/stay;

-               telephone numbers and e-mail addresses, or information about other means of communication;

-               information about education, including postgraduate professional education (education level, education form, educational institution name, year of graduation from the educational institution, name and details of the education document, qualification and specialty according to the education document);

-               information about the academic degree and title, the date of awarding the academic title/degree;

-               information on advanced training and certification (number and date of issue of the training completion certificate);

-               information about knowledge of foreign languages, degree of knowledge, preferred language of communication;

-               information about skills and professional experience, including information about experience with a computer (level of program proficiency, speed of information typing);

-               professional area;

-               specialization;

-               information about labor activity and its results, including a list of duties, information about employers (month and year of work beginning, month and year of work withdrawal, position held, name of organization), promotion, disciplinary sanctions, transfers to a new position/place of work, reasons for dismissal, and length of service;

-               work permit;

-               desired position;

-               desired salary and salary level at the current (previous) place of work;

-               desired type of employment and work schedule;

-               willingness to travel and move;

-               information about important criteria when choosing a place of work;

-               information about recommenders (last name, first name, patronymic, place of work, contact phone number);

-               marital status, parental status (indicating the number and age);

-               information about a driver license (series, number), category and length of experience;

-               information about a car availability;

-               information about restrictions on labor activity for health reasons;

-               information about the interviews results and the decision made;

-               information about preferences, interests and hobbies;

-               photographic image;

-               video image;

-               signature;

-               additional information provided for by the requirements of federal laws determining the cases and features of personal data processing.

2)        Employees and dismissed employees:

-               last name, first name, patronymic;

-               date of birth (day, month, year);

-               place of birth;

-               citizenship;

-               gender;

-               type, series, number of the identity document, name of the issuing authority, date of issue;

-               address of actual residence;

-               address of registration at the place of residence/stay;

-               information about the registration availability at the place of residence/stay;

-               telephone numbers and e-mail addresses, or information about other means of communication;

-               information about education, including postgraduate professional education (education level, education form, educational institution name, year of graduation from the educational institution, name and details of the education document, qualification and specialty according to the education document);

-               information about the academic degree and title, the date of awarding the academic title/degree;

-               information about special professional knowledge and skills;

-               information on advanced training and certification (number and date of issue of the training completion certificate);

-               information about knowledge of foreign languages, degree of knowledge, preferred language of communication;

-               information about skills and professional experience, including information about experience with a computer (level of program proficiency, speed of information typing);

-               professional area;

-               specialization;

-               information about labor activity and its results, including a list of duties, information about employers (month and year of work beginning, month and year of work withdrawal, position held, name of organization), promotion, disciplinary sanctions, transfers to a new position/place of work, reasons for dismissal, and length of service;

-               place of work and position held;

-               employee number/identification number/number of the pass to the work territory;

-               information on working time recording (time of entry and exit, other records of absence from the workplace, the number of hours worked and the number of hours according to the contract or department standards, vacation status);

-               information on annual paid leaves, study leaves and leaves without pay;

-               work permit;

-               desired position;

-               desired salary;

-               desired type of employment and work schedule;

-               willingness to travel and move;

-               information about recommenders (last name, first name, patronymic, place of work, contact phone number);

-               marital status, parental status (indicating the number and age);

-               information about a close relative (wife/husband, parents, adult children) (indicating the degree of relationship (proximity), last name, first name, patronymic, date of birth, place of work and position, home address and telephone number for communication);

-               information of a financial nature: salary, rate, other accruals and payments, on bank accounts for calculating wages and other payments, information on payable and paid taxes and insurance contributions to off-budget funds;

-               bank details;

-               number of insurance certificate of state pension insurance (SNILS);

-               taxpayer identification number (TIN);

-               information about military registration and details of military registration documents;

-               information about a driver license (series, number), category and length of experience;

-               information about a car availability, including a service car (make, number);

-               information on social benefits provided in accordance with the legislation and regulations of the Russian Federation;

-               information about promotions and awards;

-               information about disqualification and deprivation of the right to hold a certain position, to perform a labor function;

-               information about a criminal record (in cases provided for by the legislation);

-               information from internal investigations materials;

-               information about restrictions on labor activity for health reasons, including information about disability (group, certificate number and series, validity period) and information about chronic diseases;

-               information about the medical report results based on the medical examination results on the suitability (unfitness) of an employee to perform labor duties;

-               information about the results of testing for the presence/absence of a new coronavirus infection (COVID-19), including the results of measuring body temperature, symptoms of malaise and feeling unwell;

-               information about vaccination against COVID-19, including a photo of a certificate or other document containing confirmation of vaccination;

-               other information contained in the employment contract, the contract on individual, collective, liability, student contracts, contracts for services rendering;

-               information about preferences, interests and hobbies;

-               information about business and other personal qualities of an evaluative nature;

-               information about business contacts;

-               passport data for traveling abroad, including information about the border crossing dates;

-               photographic image;

-               video image;

-               voice recording;

-               signature;

-               additional information provided for by the requirements of federal laws determining the cases and features of personal data processing.

3)        Relatives of employees:

-               last name, first name, patronymic;

-               date of birth (day, month, year);

-               type and data of the identity document (series, number, when and by which authority issued, subdivision code);

-               address of actual residence;

-               telephone numbers;

-               degree of relationship;

-               place of work and position held;

-               information from the marriage certificate;

-               information from the birth certificate.

4)        Recommenders;

-               last name, first name, patronymic;

-               place of work;

-               telephone numbers;

5)        Health professionals;

-               last name, first name, patronymic;

-               date of birth (day, month, year);

-               information on residency;

-               gender;

-               type, series, number of the identity document, name of the issuing authority, date of issue;

-               address of actual residence;

-               address of registration at the place of residence/stay;

-               telephone numbers and e-mail addresses, or information about other means of communication;

-               information about education, including postgraduate professional education (education level, education form, educational institution name, year of graduation from the educational institution, name and details of the education document, qualification and specialty according to the education document);

-               information about the academic degree and title, the date of awarding the academic title/degree;

-               information about special professional knowledge and skills;

-               information on advanced training and certification (number and date of issue of the training completion certificate);

-               information about knowledge of foreign languages, degree of knowledge, preferred language of communication;

-               specialty, additional specialty, classification, identifier;

-               information about scientific activities, including information about publications and speeches (subject of the report, type and name of the event, place and date of the event);

-               information about membership in public organizations and associations, as well as information about membership in the editorial boards of a printed or electronic publication;

-               information about labor activity, its results (year of work beginning, year of work withdrawal, position held, organization name) and length of service;

-               information about the medical work experience;

-               place of work and position held;

-               license number;

-               marital status;

-               information of a financial nature: agreement type, author agreement type, accruals and payments, information on payable and paid taxes, attribution of expenses to UTII activities, method of reflection in accounting, deduction code;

-               bank details for payment for services/works under independent contractor agreement (including personal account number);

-               information from the report on information disclosure on values transfer;

-               number of insurance certificate of state pension insurance (SNILS);

-               taxpayer identification number (TIN);

-               other information contained in service rendering agreements;

-               passport data for traveling abroad, including information about the border crossing dates;

-               photographic image;

-               video image;

-               signature;

-               form of address;

-               information about participation in clinical trials (trial code, field of the trial, phase of the trial, role/position, start and end date);

-               attitude to medicines (prescription and non-prescription), biologically active additives, cosmetic products and other goods of the Operator;

-               medical practice data;

-               other information obtained in the course of interaction with the doctor, through online events;

-               voice recording;

-               depersonalized user data provided by Internet analytics services (including: location information; OS type and version; browser type and version; provider; pages visited; number of page visits; OS and browser language);

-               additional information provided for by the requirements of federal laws determining the cases and features of personal data processing.

6)        Applicants of adverse events:

-               last name, first name, patronymic;

-               initials of the patient;

-               age;

-               gender;

-               contact information (phone number, e-mail address);

-               sender category;

-               information about pregnancy;

-               information about adverse events;

-               trade name of the drug/product, batch number, expiration date;

-               dose, route of administration;

-               start/end date of use or treatment duration;

-               information about taking other drugs during treatment;

-               information about the state of health and diseases, as well as data based on which certain conclusions about health can be drawn;

-               detailed description of the reaction.

7)        Consumers of products and their legal representatives:

-               last name, first name, patronymic;

-               address of actual residence, or address for taking a sample of low-quality products;

-               telephone numbers and e-mail addresses, or information about other means of communication;

-               quality claims;

-               information about health, in case of harm due to defects in the goods;

-               depersonalized user data provided by Internet analytics services (including: location information; OS type and version; browser type and version; provider; pages visited; number of page visits; OS and browser language);

-               additional information provided for by the requirements of federal laws determining the cases and features of personal data processing.

8)        Individuals – representatives of legal entities, individual entrepreneurs:

-               last name, first name, patronymic;

-               date of birth (day, month, year);

-               gender;

-               type and data of the identity document (series, number, when and by which authority issued, subdivision code);

-               telephone numbers and e-mail addresses, or information about other means of communication;

-               place of work and position held;

-               company name and address;

-               taxpayer identification number (TIN);

-               information about the car, including official (brand, number);

-               signature;

-               additional information provided for by the requirements of federal laws determining the cases and features of personal data processing.

7.4.           The Operator ensures that the content and scope of the processed personal data correspond to the indicated processing purposes and, if necessary, takes measures to eliminate its redundancy in relation to the indicated processing purposes.

7.5.           The Operator processes special personal data categories provided that the written consent of the relevant personal data subjects is obtained, as well as in other cases provided for by the legislation of the Russian Federation.

.

8.1.           The Operator processes personal data provided that the personal data subject consent is obtained, except the cases established by the legislation of the Russian Federation when personal data processing can be made without such consent.

8.2.           The personal data subject decides to provide his/her personal data and gives consent freely, of his/her own free will and in his/her own interest.

8.3.           Consent is given in any form that allows confirming the fact of its receipt. In cases stipulated by the legislation of the Russian Federation, the consent is made in writing.

8.4.           Consent may be withdrawn by a written notice sent to the Operator by post or by sending a message to the e-mail address unsubscribe@egis.ru.

8.5.           Personal data processing by the Operator is made in the following ways:

-               non-automated personal data processing;

-               automated personal data processing with or without transferring the received information via information and telecommunication networks;

-               mixed personal data processing.

8.6.           The Operator does not make decisions giving rise to legal consequences in relation to personal data subjects or otherwise affecting their rights and legitimate interests, based solely on the automated processing of their personal data.

8.7.           Personal data processing by the Operator includes personal data collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), cross-border transfer, blocking, deletion, destruction.

8.8.           The Operator is entitled to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds provided for by the current legislation of the Russian Federation.

8.9.           In cases where it is necessary to interact with third parties in order to achieve personal data processing purposes, the Operator is entitled to transfer personal data to authorized third parties in order to achieve processing purposes.

8.10.      The Operator performs personal data cross-border transfer (to the territory of a foreign state to a foreign individual or foreign legal entity) to persons affiliated with the Operator – companies belonging to Servier Group of Companies in the European Union territory.

8.11.      The Operator creates public sources of personal data of the Operator employees (directories, address books). Personal data reported by the subject are included in such sources only with the written consent of the personal data subject or based on the requirements of the current legislation of the Russian Federation.

8.12.      The Operator processes personal data of personal data subjects permitted for distribution based on a separately obtained consent of the personal data subject to arrange such personal data processing. The Operator provides the personal data subject with the opportunity to determine the list of personal data for each category of personal data specified in the consent to personal data processing permitted by the personal data subject for distribution.

8.13.      The Operator has established the following conditions to terminate personal data processing:

-               achievement of personal data processing purposes and maximum storage periods;

-               loss of the need to achieve personal data processing purposes;

-               provision by the personal data subject or his/her legal representative of information confirming that personal data are illegally obtained or are not necessary for the indicated processing purpose;

-               impossibility to ensure the legality of personal data processing;

-               withdrawal by the personal data subject of consent to personal data processing, if personal data storage is no longer required for the personal data processing purposes, the obligation of which is established by the legislation or by-laws;

-               expiration of the limitation periods for legal relations within the framework of which personal data processing is made or was made.

8.14.      Personal data is stored in a form that allows determining the personal data subject for a period not longer than required by the processing personal data purposes, except when the period for personal data storing is established by the federal law, an agreement whereto the personal data subject is the party, beneficiary or guarantor.

When storing personal data, the Operator uses databases located on the territory of the Russian Federation.

9.1.           When processing personal data, the Operator takes all necessary legal, organizational and technical measures to protect it from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions in relation thereto. Ensuring the security of personal data is achieved, in particular, in the following ways:

-               appointment of a person responsible for arranging personal data processing;

-               implementation of internal control and/or audit of compliance of personal data processing with the Federal Law No. 152-FZ dated July 27, 2006 “On Personal Data” and regulations adopted in accordance therewith, requirements for personal data protection, local regulations of the Operator;

-               familiarization of the Operator employees directly involved in personal data processing with the provisions of the legislation of the Russian Federation on personal data, including the requirements for personal data protection, local regulations regarding personal data processing and (or) training of these employees;

-               determination of threats to personal data security during its processing in the personal data information systems;

-               application of organizational and technical measures to ensure personal data security during its processing in the personal data information systems necessary to perform the requirements for personal data protection;

-               evaluation of the effectiveness of the measures taken to ensure personal data security prior to the commissioning of the personal data information system;

-               keeping records of personal data machine carriers;

-               revealing facts of unauthorized access to personal data and taking appropriate measures;

-               recovery of personal data modified or destroyed due to unauthorized access thereto;

-               establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and keeping records of all actions performed with personal data in the personal data information system;

-               control over the measures taken to ensure personal data security and the security level of the personal data information systems.

9.2.           The obligations of the Operator employees, who process and protect personal data, as well as their responsibility, are determined in the “Regulations on arranging personal data processing and ensuring security” of the Operator.

10.1.           The rights, obligations and legal liability of the person responsible for arranging personal data processing are established by the Federal Law dated July 27, 2006 No. 152-FZ “On Personal Data” and the “Regulations on arranging personal data processing and security ensuring”.

10.2.           The appointment of the person responsible for arranging personal data processing and the release from these duties is made by order of the Operator Director General. When appointing a person responsible for arranging personal data processing, the powers, competencies and personal qualities of the official are taken into account, aimed at allowing him/her to properly and fully exercise his/her rights and perform the obligations stipulated by the “Regulations on arranging personal data processing and security ensuring”.

10.3.           The person responsible for arranging personal data processing:

-               arranges the implementation of internal control over compliance by the Operator and its employees with the legislation of the Russian Federation on personal data, including requirements for personal data protection;

-               brings to the attention of the Operator employees the provisions of the legislation of the Russian Federation on personal data, local regulations on personal data processing, requirements for personal data protection or ensures communication;

-               exercises control over the acceptance and processing of appeals and requests of personal data subjects or their representatives.

10.4.           Contact details of the person responsible for arranging personal data processing: EGIS-RUS LLC, tel. + +7 (495) 363-39-66 e-mail: personaldata@egis.ru, Russian Federation, 121552, Moscow, 19 Yartsevskaya Str., block B, floor 13.

11.1.           In case of confirmation of the fact of personal data inaccuracy or its processing illegality, personal data shall be updated by the Operator, or its processing shall be terminated accordingly.

11.2.           The fact of personal data inaccuracy or its processing illegality can be established either by the personal data subject or by the competent state bodies of the Russian Federation.

11.3.           At the written request of the personal data subject or his/her representative, the Operator is obliged to provide information on personal data processing of the specified subject made by it.

11.4.           The request shall contain:

1)                 the number of the main identity document of the personal data subject and his/her representative,

2)                 information about the specified document issue date and the issuing authority,

3)                 information confirming the personal data subject participation in relations with the Operator (contract number, contract conclusion date, conditional verbal designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator,

4)                 the signature of the personal data subject or his/her representative.

11.5.           The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

11.6.           In case the request of the personal data subject does not contain all the necessary information or the subject does is not entitled to access the requested information, a reasoned refusal is sent to him/her.

11.7.           In the manner provided for in cl. 11.3, the personal data subject is intended to demand from the Operator the clarification of his/her personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the indicated processing purpose, as well as take legal measures to protect his/her rights.

11.8.           Upon reaching the personal data processing purposes, as well as in case the personal data subject withdraws consent, personal data is subject to destruction if:

-               otherwise is not provided by the contract, whereto the personal data subject is the party, beneficiary or guarantor;

-               the Operator is not entitled to process without the consent of the personal data subject on the grounds provided for by the Federal Law “On Personal Data” or other federal laws

-               otherwise is not provided by another agreement between the Operator and the personal data subject.

13.1.           The Policy current version on paper is stored at the address: Russian Federation, 121552, Moscow, 9 Yartsevskaya Str., block B, floor 13.

13.2.           The electronic version of the Policy current version is publicly available on the Operator website on the Internet at: https://ru.egis.health/politika-po-obrabotke-personalnykh-dannykh 

12.1.           Persons guilty of violating the rules governing personal data processing and protection are liable under the legislation of the Russian Federation, local regulations of the Operator and agreements governing the legal relationship of the Operator with third parties.

14.1.           The Policy is approved and put into effect by the Operator Director General.

14.2.           The Operator is entitled to make changes to the Policy. When changes are made, the heading of the Policy indicates the approval date of the Policy current version.

14.3.           The issue of revising the Policy is resolved on a regular basis – within a year from the date of the Policy previous revision. The Policy is re-approved in case changes are made to the Policy as a result of the revision.

14.4.           The Policy may be reviewed and re-approved earlier than the deadline indicated above, as changes are made:

-               to regulations in the area of personal data;

-               to local regulatory and individual acts of the Operator, regulating the arranging of personal data processing and ensuring security.

14.5.           All relations concerning personal data processing that are not reflected in this Policy are regulated in accordance with the provisions of the legislation of the Russian Federation.

WarningYour browser is out of date. Please, use an updated version! Chrome || Firefox