1.1. This Personal Data Processing Policy of the Autonomous Non-Commercial Organization for Innovative Educational Programs, Promotion of Personal Self-Realization, Social Support, Development of Physical Culture and Sports "B-612" (abbreviated as ANO "B-612") (hereinafter referred to as the "Policy") defines the main principles, purposes, conditions and methods of personal data processing by ANO "B-612", TIN 9702077233, OGRN 1257700354053, hereinafter referred to as the "Operator".

1.2. This Policy has been developed in accordance with the requirements of paragraph 2, part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter referred to as the "Personal Data Law"), taking into account the requirements of the Personal Data Law and other regulatory legal acts of the Russian Federation in the field of personal data, for the purpose of protecting the rights and freedoms of individuals and citizens in the processing of their personal data, including protection of the right to privacy, personal and family secrets.

1.3. This Policy applies to all operations performed by the Operator with personal data using or without the use of automated means. The Operator processes personal data of the data subject only if they are filled in and/or sent by the data subject independently through forms on the website https://amisurkin.com/en/ano (hereinafter referred to as the "Website"). By filling out the appropriate forms and/or sending their personal data to the Operator, the data subject expresses consent to this Policy.

1.4. The Policy applies to all personal data processed by the Operator.

1.5. The Operator is registered with Roskomnadzor as a personal data operator in accordance with Article 22 of the Personal Data Law.

1.6. The data subject independently decides to provide their personal data and gives consent freely, of their own free will and in their own interest.

1.7. This Policy is subject to updating at the initiative of the Operator, as well as in case of changes in the legislation of the Russian Federation on personal data.

1.8. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

1.9. In accordance with the requirements of part 2 of Article 18.1 of the Personal Data Law, this Policy is published in free access on the Internet on the Operator's website.

1.10. Control over compliance with the requirements of this Policy is carried out by an authorized person responsible for organizing personal data processing by the Operator.

1.11. Liability for violation of the requirements of the legislation of the Russian Federation and internal regulations of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.

2.1. For the purposes of this Policy, the following terms are used with the following meanings:

Personal data — any information relating directly or indirectly to an identified or identifiable natural person (data subject).

Personal data operator (operator) — a state body, municipal body, legal entity or natural person, independently or jointly with other persons organizing and/or processing personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data.

Personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automated means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Automated processing of personal data — processing of personal data using computer technology.

Distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons.

Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.

Blocking of personal data — temporary cessation of personal data processing (except for cases where processing is necessary to clarify personal data).

Destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in a personal data information system and/or as a result of which material carriers of personal data are destroyed.

Depersonalization of personal data — actions as a result of which it becomes impossible to determine the belonging of personal data to a specific data subject without using additional information.

Personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing.

Data subject, Subject — a natural person who can be directly or indirectly identified using personal data.

Consent to personal data processing, Consent — a written or digital document that confirms the voluntary decision of the Subject to transfer personal data to the Operator in the scope, under the conditions and for the purposes defined by this Policy and agreements concluded between the Subject and the Operator.

3.1. The Operator has the right to:

1. Independently determine the composition and list of measures necessary and sufficient to ensure compliance with obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws.
2. Entrust the processing of personal data to another person with the consent of the data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. A person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Personal Data Law, maintain the confidentiality of personal data, take necessary measures aimed at ensuring compliance with obligations provided for by the Personal Data Law.
3. In case of withdrawal by the data subject of consent to personal data processing, the Operator has the right to continue processing personal data without the consent of the data subject if there are grounds specified in the Personal Data Law.

3.2. The Operator is obliged to:

1. Organize personal data processing in accordance with the requirements of the Personal Data Law.
2. Respond to requests and inquiries from data subjects and their legal representatives in accordance with the requirements of the Personal Data Law.
3. Provide the authorized body for the protection of data subjects' rights (Roskomnadzor) with the necessary information upon request of this body within 10 working days from the date of receipt of such request. This period may be extended, but not more than by 5 working days. To do this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the deadline for providing the requested information.
4. In the manner determined by the federal executive authority authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that resulted in unlawful transfer (provision, distribution, access) of personal data.

4.1. The data subject has the right to:

1. Receive information concerning the processing of their personal data, except in cases provided for by federal laws. Information is provided to the data subject by the Operator in an accessible form, and it should not contain personal data relating to other data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law.
2. Require the Operator to clarify their personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights.
3. Give prior consent to the processing of personal data for the purpose of promoting goods, works and services on the market.
4. Appeal to Roskomnadzor or in court against unlawful actions or inaction of the Operator in processing their personal data.

5.1. Personal data processing by the Operator is carried out taking into account the need to ensure protection of rights and freedoms of data subjects, including protection of the right to privacy, personal and family secrets, based on the following principles:

1. personal data processing is carried out on a legal basis;
2. personal data processing is limited to achieving specific, predetermined and legitimate purposes;
3. processing of personal data incompatible with the purposes of personal data collection is not permitted;
4. the content and scope of processed personal data correspond to the stated processing purposes. Redundancy of processed personal data in relation to the stated purposes of their processing is not permitted;
5. when processing personal data, accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of personal data processing are ensured;
6. personal data storage is carried out in a form that allows identifying the data subject for no longer than required by the purposes of personal data processing, unless the storage period for personal data is established by federal law, an agreement to which the data subject is a party, beneficiary or guarantor;
7. processed personal data is destroyed or depersonalized upon achievement of processing purposes or in case of loss of necessity to achieve these purposes, unless otherwise provided by federal law.

5.2. Personal data processing by the Operator is carried out for the following purposes:

1. identification of the data subject for the purpose of concluding any agreements with the Operator and their subsequent execution;
2. conducting promotions, surveys, interviews, testing and research by the Operator on the Website;
3. establishing feedback with the data subject, including but not limited to: sending newsletters, notifications in the form of SMS, emails, oral and written requests, processing requests and applications from the subject;
4. confirming the accuracy and completeness of personal data provided by the subject;
5. invitations to thematic events;
6. compliance with labor legislation within the framework of labor relations, if any;
7. statistical and other research and/or analytical purposes, provided that the subject's personal data is depersonalized.

6.1. The Operator may process personal data of the following Subjects:

1. counterparties — natural persons and legal entities represented by their representatives and/or staff employees;
2. Website visitors;
3. job candidates;
4. Operator's employees in case of labor relations.

6.2. Personal data processed by the Operator includes:

1. surname, first name, patronymic (if any) of the data subject;
2. mobile phone number;
3. email address;
4. accounts in social networks and/or messengers identifying the website visitor;
5. history of requests and views on the Website and its services;
6. cookie files, user location information, information about user actions on the Website, information about user equipment, date and time of session.

For the purposes of compliance with labor legislation, personal data processed by the Operator includes:

For job candidates:

1. surname, first name, patronymic (if any);
2. gender;
3. citizenship;
4. date and place of birth;
5. contact details;
6. information about education, work experience, qualifications;
7. other personal data provided by candidates in resumes and cover letters.

For employees:

1. surname, first name, patronymic (if any);
2. gender;
3. citizenship;
4. date and place of birth;
5. photograph;
6. passport data;
7. registration address at place of residence;
8. actual residence address;
9. contact details;
10. TIN (Taxpayer Identification Number);
11. SNILS (Insurance Number of Individual Personal Account);
12. information about education, qualifications, professional training and advanced training;
13. marital status, presence of children;
14. information about employment, including awards, commendations and/or disciplinary actions;
15. marriage registration data;
16. information about military registration;
17. information about disability;
18. information about alimony withholding;
19. information about income from previous place of work;
20. other personal data provided by employees in accordance with labor legislation requirements.

6.3. The Operator ensures that the content and scope of processed personal data correspond to the stated processing purposes and, if necessary, takes measures to eliminate their redundancy in relation to the stated processing purposes.

6.4. The Operator does not process special categories of personal data concerning racial, ethnic origin, political views, religious or philosophical beliefs, health status or intimate life, except in cases provided for by the legislation of the Russian Federation.

7.1. Personal data processing by the Operator is carried out in the following ways:

1. non-automated processing of personal data;
2. automated processing of personal data with or without transmission of received information via information and telecommunication networks, including processing using automated database management systems and other software;
3. mixed processing of personal data.

7.2. List of actions performed by the Operator with personal data: collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction on the territory of the Russian Federation in accordance with the current legislation of the Russian Federation.

7.3. The data subject makes a decision to provide their personal data and gives Consent freely, of their own free will and in their own interest.

7.4. Processing of personal data without the consent of the data subject is permitted only in cases provided for by the current legislation of the Russian Federation.

7.5. Personal data processing is carried out for each purpose by:

1. receiving and entering personal data into journals, registers and information systems of the Operator;
2. using other methods of personal data processing that do not contradict the current legislation of the Russian Federation.

7.6. Processing of Biometric personal data by the Operator is not carried out.

7.7. Cross-border transfer of personal data by the Operator is not carried out.

7.8. Processing of special categories of personal data concerning racial, ethnic origin, political views, religious or philosophical beliefs, intimate life by the Operator is not carried out.

7.9. The condition for termination of personal data processing may be the achievement of personal data processing purposes, expiration of Consent or withdrawal of Consent by the data subject, as well as detection of unlawful processing of personal data.

7.10. The period of personal data processing is unlimited, and for the purposes of compliance with labor legislation requirements - in accordance with labor legislation requirements. The Subject may withdraw their Consent to personal data processing at any time by sending the Operator a notification via email to the Operator's email address specified in Section 11 of this Policy, marked "Withdrawal of consent to personal data processing".

7.11. The Operator stores personal data in a form that allows identifying the data subject for no longer than required by each purpose of personal data processing, unless the storage period for personal data is established by the current legislation of the Russian Federation or an agreement.

7.12. The storage period for personal data processed in personal data information systems corresponds to the storage period for personal data on paper.

7.13. The Operator undertakes to cease processing of the subject's personal data within 5 (five) working days from the date of receipt of notification according to clause 7.10 of this Policy.

7.14. In addition, the Operator ceases processing of personal data in the following cases:

1. the fact of their unlawful processing is revealed within 3 working days from the date of detection;
2. the purpose of their processing has been achieved;
3. the period of their processing has expired.

7.15. Upon achievement of personal data processing purposes, as well as in case of withdrawal by the data subject of consent to their processing, the Operator ceases processing of this data if:

1. otherwise is not provided by an agreement to which the data subject is a party, beneficiary or guarantor;
2. the Operator is not entitled to process personal data without the consent of the data subject on grounds provided for by the Personal Data Law or other federal laws;
3. otherwise is not provided by an agreement between the Operator and the data subject.

7.16. When the data subject applies to the Operator with a requirement to cease processing of personal data within a period not exceeding 10 working days from the date the Operator receives the corresponding requirement, processing of personal data shall cease, except in cases provided for by the Personal Data Law. This period may be extended, but not more than by 5 working days. To do this, the Operator must send the data subject a reasoned notification indicating the reasons for extending the period.

8.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in part 4 of Article 14 of the Personal Data Law, are provided by the Operator to the data subject or their representative within 10 working days from the moment of application or receipt of a request from the data subject or their representative. This period may be extended, but not more than by 5 working days. To do this, the Operator should send the data subject a reasoned notification indicating the reasons for extending the period for providing the requested information.

The provided information shall not include personal data relating to other data subjects, except in cases where there are legal grounds for disclosing such personal data.

The request must contain:

1. the number of the main document certifying the identity of the data subject or their representative, information about the date of issue of the specified document and the issuing authority;
2. information confirming the participation of the data subject in relations with the Operator (number, date of agreement, conditional verbal designation, other identifier), or information otherwise confirming the fact of personal data processing by the Operator;
3. signature of the data subject or their representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

The Operator provides information in the form in which the corresponding application or request was sent, unless otherwise specified in the application or request. For example, the application may contain a request to send a response through a postal service, courier service, to an email address, via messenger, etc.

If the above positions (information) are not reflected in the application (request) or the person who sent it does not have the corresponding access rights to the requested information, they are sent a reasoned refusal.

The right of the data subject to access their personal data may be limited in accordance with part 8 of Article 14 of the Personal Data Law, including if the data subject's access to their personal data violates the rights and legitimate interests of third parties.

8.2. In case of detection of inaccurate personal data upon application of the data subject or their representative or upon their request or upon request of Roskomnadzor, the Operator blocks personal data relating to this data subject from the moment of such application or receipt of the specified request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the data subject or third parties.

8.3. In case of confirmation of the fact of inaccuracy of personal data, the Operator, based on information provided by the data subject or their representative or Roskomnadzor, or other necessary documents, clarifies personal data within 7 working days from the day of submission of such information and removes the blocking of personal data.

8.4. In case of detection of unlawful processing of personal data upon application (request) of the data subject or their representative or Roskomnadzor, the Operator blocks unlawfully processed personal data relating to this data subject from the moment of such application or receipt of request.

8.5. When the Operator, Roskomnadzor or another interested party detects the fact of unlawful or accidental transfer (provision, distribution) of personal data (access to personal data), which resulted in violation of the rights of data subjects, the Operator:

1. within 24 hours - notifies Roskomnadzor about the incident, the alleged causes that led to the violation of the rights of the data subject, the alleged harm caused to the rights of data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
2. within 72 hours - notifies Roskomnadzor about the results of the internal investigation of the identified incident and provides information about persons whose actions caused it (if any).

8.6. Procedure for destruction of personal data by the Operator.

8.6.1. Conditions and terms for destruction of personal data by the Operator:

1. achievement of the purpose of personal data processing or loss of the need to achieve this purpose - within 30 days;
2. achievement of maximum storage periods for documents and information containing personal data - 30 days;
3. provision by the data subject (their representative) of confirmation that personal data was obtained illegally or is not necessary for the stated purpose of processing - within 7 working days;
4. withdrawal by the data subject of consent to processing of their personal data, if their storage for the purpose of their processing is no longer required - within 30 days.

8.6.2. Upon achievement of the purpose of personal data processing, as well as in case of withdrawal by the data subject of consent to their processing, personal data is subject to destruction if:

1. otherwise is not provided by an agreement to which the data subject is a party, beneficiary or guarantor;
2. the Operator is not entitled to process without the consent of the data subject on grounds provided for by the Personal Data Law or other federal laws;
3. otherwise is not provided by another agreement between the Operator and the data subject.

8.6.3. Destruction of personal data is carried out on the basis of an order of the Operator or on the basis of a decision of a commission created for this purpose.

8.6.4. Methods of personal data destruction are established in separate internal documents of the Operator.

9.1. All disputes and disagreements that may arise between the Operator and Subjects on issues that have not found their resolution in the text of the Policy must be resolved through negotiations.

9.2. The parties are obliged to comply with the claim procedure for dispute resolution. Before going to court with a claim on disputes arising from relations between the Subject and the Operator, a claim is presented (a written proposal for voluntary settlement of the dispute). The period for consideration of the claim is 30 (thirty) calendar days from the moment of receipt of the claim, unless a different pre-trial settlement procedure is established by the current legislation of the Russian Federation.

9.3. If disputed issues are not settled during negotiations, all disputes arising from the Policy are resolved in court according to the rules of jurisdiction and jurisdiction established by the current legislation of the Russian Federation. The current legislation of the Russian Federation applies to this Policy and the relationship between the Subject and the Operator.

10.1. The Operator has the right to make changes to this Policy. When making changes, the current version indicates the date of the last update. The new version of the Policy comes into force from the moment of its placement on the Website, unless otherwise provided by the new version of the Policy. The current version is constantly available on the Website.

10.2. All proposals, questions, requests, and other inquiries regarding this Policy and the use of their personal data may be submitted by Users to the email address info@ano-b612.ru

10.3. This Policy approves the form of Consent to the processing of personal data of Website users (Appendix No. 1 to this Policy), which is posted on the Website in public access at the link: https://amisurkin.com/en/ano

Autonomous Non-Commercial Organization for Innovative Educational Programs, Promotion of Personal Self-Realization, Social Support, Development of Physical Culture and Sports "B-612"

TIN 9702077233

OGRN 1257700354053

Legal address: 127051, Moscow, intracity territory of municipal district Meshchansky, Trubnaya str., 28, building 3

Postal address: 127051, Moscow, intracity territory of municipal district Meshchansky, Trubnaya str., 28, building 3

Contact: info@ano-b612.ru