This Policy is based on legislation of the Russian Federation.
The following concepts are used in this Policy.
Personal data - any information related to an individual (personal data subject) defined directly or indirectly;
Operator - OOO EGIS-RUS organizing and (or) performing personal data processing independently or jointly with other parties, defining personal data processing purposes, personal data content subject to processing, actions (procedures) performed in relation to personal data;
Personal data processing - any action (procedure) or a combination of actions (procedures) performed with or without any means of automation in relation to personal data, including collection, recording, classification, accumulation, storage, clarification (update, revision), extraction, use, transfer (distribution, provision, access), anonymization, blocking, de-identification, and destruction of personal data;
Automated processing of personal data - personal data processing using computer equipment;
Distribution of personal data - actions taken to disclose personal data to a number of people;
Provision of personal data - actions taken to disclose personal data to a particular person or a particular group of persons;
Blocking of personal data - temporary cancellation of personal data processing (except for cases when processing is necessary to clarify personal data);
Destruction of personal data - actions that render personal data contents impossible to restore in the data system and (or) destroying material media bearing the personal data;
Anonymization of personal data - actions that make it impossible to identify which personal data subject the data belong to without additional information;
Personal data information system - a corpus of personal data contained in databases together with information technologies and technical means intended for data processing;
Cross-border transfer of personal data - transfer of personal data to foreign authorities, foreign individuals or legal entities.
Personal data of OOO EGIS-RUS employees:
for Operator to implement provisions of normative legal acts of the Russian Federation, international agreements made by the Russian Federation,
for Operator to implement its rights, responsibilities and duties with respect to activities performed by OOO EGIS-RUS,
used in connection to Operator’s personnel record keeping, payroll and other responsibilities the Operator has with respect to its employees,
for Operator to perform duties under agreements, including agreements with contractors - individuals, including individual entrepreneurs,
to establish security pass system at Operator’s premises,
to protect life, health, property and non-property rights and interests of personal data subjects, Operator, or other parties,
for other purposes directly connected to Operator’s activities compliant with legislation of the Russian Federation.
Personal data of fellow applicants:
- to pick candidates for vacant posts, acquire information about their experience and skills, keep a register, candidate pool,
Personal data of employees’ families:
- to sign, amend, cancel employees’ insurance contracts; calculate and process benefits/payments; confirm names, surnames and marital statuses of employees,
Personal data of contracting parties and third parties, providing services/ performing work under agreements:
- to sign, amend, cancel, and fulfil agreements,
Personal data of medical and pharmaceutical workers:
- to carry out statistical analysis;
- to invite personal data subjects (hereinafter - Subjects) to events aimed at professional development of medical workers and (or) providing information related to safety monitoring of medicinal products;
- to plan, organize, finance and (or) run such events, provide access to information about such events, including information about participants, and provide such information to competent state agencies under current legislation of the Russian Federation;
- to organize and (or) run clinical trials of medicinal products and (or) events related to pharmacovigilance and to interact with Subjects in organizing and (or) running such trials and (or) events;
- to provide Subjects with information about the pharmaceutical market, about operations of OOO EGIS-RUS, medicinal products and, in particular, to send newsletters, analytical and (or) advertising materials as well as other letters and offers to Subjects taking into account requirements and limitations set in legislation of the Russian Federation;
- to provide Subjects with access to Internet resources of operators and (or) their partners and possible use of such Internet resources, to post certain personal data required for a Subject to sign up on such Internet resources;
- to otherwise interact with Subjects by other means apart from those specified above, taking into account requirements and limitations set in legislation of the Russian Federation regarding medical and pharmaceutical business.
Biometric data, data on criminal records and health are not processed.
OOO EGIS-RUS takes the following actions with respect to personal data:
- collection, recording, classification, accumulation, storage, clarification (update, revision), extraction, use, transfer (distribution, provision, access), anonymization, blocking, de-identification, and destruction.
The following processing means are used by OOO EGIS-RUS: automated processing, non-automated processing, mixed processing.
Personal data processing requires consent of personal data subjects.
Personal data may be processed without consent of personal data subjects in cases where it is necessary to protect life, health, or other vital interests of a personal data subject and where consent cannot be obtained from the personal data subject; when it is necessary under the agreements signed by the personal data subject and necessary in order to sign an agreement initiated by the personal data subject and in other cases specified in current legislation of the Russian Federation.
Operator may also perform cross-border transfer of personal data to foreign countries if it complies with requirements set in Article 12 of the Federal Law No. 152-FZ of July 27, 2006 On Personal Data.
Cross-border transfer of personal data is carried out to countries that provide adequate security without further consent from personal data subjects. Consent must be obtained from personal data subjects if cross-border transfer of personal data is carried out to countries that cannot provide adequate personal data security.
Personal data shall be stored in the form whereby personal data subjects can be identified for no longer than required for the purpose and terms of personal data processing specified in consent to processing, unless storage terms are set in relevant legislation, agreement.
Personal data are subject to destruction in following cases:
- upon fulfillment of personal data processing purposes unless personal data must be stored or otherwise processed under a relevant normative act;
- upon consent withdrawal when it is found to conform the legislation of the Russian Federation;
- upon receipt of improvement notice from an authorized body protecting the rights of personal data subjects;
- upon expiry of personal data storage terms;
Personal data subject may request clarification, blocking, or destruction of their personal data, if the data is incorrect, obtained illegally or not necessary for the purpose specified. In this case subjects may submit corresponding requests to the registered office of OOO EGIS-RUS.
Personal data subjects may withdraw their consent via request filed to the registered office of OOO EGIS-RUS.
Personal data subjects may challenge acts and omissions of Operator in an authorized body providing protection for the rights of personal data subjects.
In order to examine, clarify, block, or destroy, withdraw personal data from public sources, or withdraw consent to process their personal data, personal data subjects shall submit their requests for their personal data contents to the following address: OOO EGIS-RUS, 121108, Moscow, Str. Ivana Franko, bld. 8, email: firstname.lastname@example.org
OOO EGIS-RUS transfers personal data to the following third parties:
- Tax Service of the Russian Federation;
- Pension Fund of the Russian Federation;
- non-state pension funds;
- Social Security Fund of the Russian Federation;
- banks and other lending institutions.
- parties that book hotel rooms, book or buy tickets, provide services that ensure compliance with labor, migration and other legislations, or provide any such services, including services providing benefits to personal data subjects, on behalf of Operator;
- insurance companies providing private health insurance and other types of insurance to personal data subjects;
- state and local licensing and/or supervisory authorities, bodies and organizations involved in provision of state or municipal services;
- courts, law enforcement bodies, prosecutor’s office, bodies exercising enforcement proceedings/
OOO EGIS-RUS may transfer personal data to bodies of inquiry and investigation and other authorized bodies on the grounds provided in legislation of the Russian Federation.
OOO EGIS-RUS will not distribute personal data without consent of personal data subjects unless otherwise required by law.
OOO EGIS-RUS may outsource personal data processing to other entities (third parties) and act as an entity processing personal data for other operators.
OOO EGIS-RUS delegates personal data processing to third parties upon consent of personal data subjects only, unless otherwise specified in current Russian legislation and provided that a party processing personal data on behalf of OOO EGIS-RUS operates in strict compliance with processing principles and personal data security measures specified in legislation of the Russian Federation. Parties processing personal data on behalf of OOO EGIS-RUS may not obtain consent to process the company’s personal data.
Should OOO EGIS-RUS delegate processing of personal data to third parties, OOO EGIS-RUS shall be responsible to personal data subjects for actions taken by the third parties. In doing so, parties processing personal data on behalf of OOO EGIS-RUS shall be responsible to OOO EGIS-RUS.
The terms of personal data processing start from the moment the data are received by Operator.
Operator shall store personal data in the form whereby personal data subjects can be identified for no longer than required for the purpose of personal data processing.
Personal data of Operator’s employees and - in cases established by legislation of the Russian Federation - their families shall be used during their employment in accordance with their labor agreement as well as during a period established by legislation for archive storage of personal files (75 years).
Personal data of citizens that have applied to Operator in due course shall be stored in records of Operator’s sub-units for terms specified in federal legislation or agreement, signed with, benefitting to or guaranteed by the personal data subjects, unless such terms are not specified, in which case such data shall be stored for a period specified in Operator’s file register but no longer than required for purposes of personal data processing.
This Policy of Operator is within the public domain and shall be made available through Operator’s publicly accessible web resource.
This Policy is subject to change and annexation should changes be made to legislation of the Russian Federation, Operator’s local normative acts on personal data processing and security as well as in any other cases, if necessary.
Execution of this Policy by Operator shall be supervised by a person authorized by Operator for organization of personal data processing.
Operator as well as its officials and employees shall be held liable for failure to comply with requirements regulating personal data processing and security in accordance with legislation of the Russian Federation and Operator’s local normative acts.
Operator will process personal data in strict compliance with legislation of the Russian Federation.
- process personal data of a subject without consent from the latter when it is found to conform the legislation of the Russian Federation;
- receive personal data from third parties, in particular - when appropriate - without prior consent from the personal data subject, in cases and in a manner consistent with legislation of the Russian Federation;
- delegate personal data processing or transfer personal data to third parties when it is found to conform the legislation of the Russian Federation;
- refuse to provide personal data or information related to personal data processing, refuse to clarify, block or destroy personal data or discontinue personal data processing to the personal data subject or other parties in cases specified in legislation of the Russian Federation;
- defend its rights and interests in court as well as by any other legal means;
- acquire and exercise other rights granted to it by legislation of the Russian Federation.
Personal data shall be clarified, including its update and review, for the purposes of ensuring accuracy, completeness and timeliness of personal data processed by Operator.
Personal data shall be clarified by Operator on its own initiative, upon request from a personal data subject or their representative, upon request from an authorized body protecting rights of personal data subjects when personal data are found incomplete, out of date, or inaccurate.
The purpose of personal data blocking is suspension of personal data processing in order to eliminate the circumstances that led to personal data blocking.
Personal data shall be blocked by Operator upon request from a personal data subject or their representative as well as upon request from an authorized body protecting rights of personal data subjects when personal data are found inaccurate or handled improperly.
Personal data shall be destroyed by Operator:
- upon fulfillment of personal data processing purposes;
- if personal data processing purposes are deemed unnecessary;
- if consent to process personal data is withdrawn by a personal data subject;
- upon request from a personal data subject or an authorized body protecting rights of personal data subjects in cases of detected improper handling of personal data by Operator, when corresponding violations are impossible to eliminate.
Should physical media on which personal data are stored be destroyed, an act regarding destruction of physical media containing personal data shall be compiled.