Contacts
RU
EN

Privacy Policy regarding the processing of personal data
of LLC "Raymed Trading Group"

(hereinafter – the Policy)

1. General Provisions

1.1. This Privacy Policy regarding the processing of personal data of LLC "Raymed Trading Group" (hereinafter – the Policy) has been developed in compliance with the requirements of paragraph 2 of part 1 of Article 18.1 of Federal Law No. 152-FZ of 27 July 2006 “On Personal Data” (hereinafter – the Law on Personal Data). It defines the purposes, content and procedure for processing personal data, measures aimed at protecting personal data, as well as procedures aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of personal data.

1.2. The following basic terms are used in this Policy:

  • Personal data – any information relating directly or indirectly to a specific or identifiable individual (data subject);
  • Operator – a state body, municipal body, legal entity or individual that independently or jointly with other persons organises and/or carries out the processing of personal data, and also determines the purposes of processing personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data;
  • Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation means with personal data, including collection, recording, systematisation, accumulation, storage, clarification (update, modification), extraction, use, transfer (distribution, provision, access), anonymisation, blocking, deletion, destruction of personal data;
  • Automated processing of personal data – processing of personal data by means of computer technology;
  • Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
  • Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
  • Blocking of personal data – temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data);
  • Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed;
  • Anonymisation of personal data – actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific data subject;
  • Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing;
  • Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, foreign individual or foreign legal entity.

1.3. The Policy applies to all personal data processed by LLC "Raymed Trading Group" (hereinafter – the Operator or LLC "Raymed Trading Group" LLC).

1.4. The Policy extends to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

1.5. Main rights and obligations of the Operator.

1.5.1. The Operator has the right to:

  • independently determine the composition and list of measures necessary and sufficient to ensure the fulfilment of the duties provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
  • entrust the processing of personal data to another person with the consent of the data subject, unless otherwise provided by federal law, on the basis of a contract concluded with that person. The person processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing provided for by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfilment of the duties provided for by the Law on Personal Data;
  • in the event of revocation by the data subject of consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the data subject if there are grounds specified in the Law on Personal Data.

1.5.2. The Operator is obliged to:

  • organise the processing of personal data in accordance with the requirements of the Law on Personal Data;
  • respond to enquiries and requests from data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
  • notify the authorised body for the protection of the rights of data subjects (the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) upon its request of the necessary information within 10 working days from the date of receipt of such request. This period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the deadline for providing the requested information;
  • in the manner determined by the federal executive authority authorised in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it of computer incidents that have resulted in unlawful transfer (provision, dissemination, access) of personal data.

1.6. Basic rights of the data subject. The data subject has the right to:

  • receive information concerning the processing of his/her personal data, except for cases provided for by federal laws. The information is provided to the data subject by the Operator in an accessible form, and must not contain personal data relating to other data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
  • require the Operator to clarify his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or are not necessary for the stated purpose of processing, as well as take measures provided for by law to protect his/her rights;
  • give prior consent to the processing of personal data for the purpose of promoting goods, works and services on the market;
  • appeal to Roskomnadzor or in court against unlawful actions or inaction of the Operator when processing his/her personal data;
  • exercise other rights provided for by the legislation of the Russian Federation.

1.7. Control over the implementation of the requirements of this Policy is carried out by the authorised person responsible for organising the processing of personal data at the Operator.

1.8. This Policy is adopted by the Operator in order to comply with the requirements of Russian legislation on the processing of personal data and to ensure the protection of human and civil rights and freedoms in the processing of his/her personal data, including the protection of the rights to privacy, personal and family secrets.

2. Principles of Personal Data Processing

2.1. The processing of personal data is carried out in compliance with the principles and rules provided for by the Law on Personal Data, namely:

2.1.1. Processing of personal data on a lawful and fair basis.

2.1.2. Restriction of the processing of personal data to the achievement of predetermined and lawful purposes, and the inadmissibility of processing personal data incompatible with the purposes of collecting personal data.

2.1.3. Inadmissibility of combining databases containing personal data whose processing is carried out for purposes incompatible with each other.

2.1.4. Processing only those personal data that correspond to the purposes of their processing.

2.1.5. Ensuring that the content and volume of processed personal data correspond to the stated purposes of processing, and the inadmissibility of processing personal data that is excessive in relation to the stated purposes of their processing.

2.1.6. Ensuring the accuracy of personal data, their sufficiency and, where necessary, relevance in relation to the purposes of their processing.

2.1.7. Storage of personal data in a form that makes it possible to identify the data subject for no longer than is required by the purposes of their processing, unless a different storage period for personal data is established by the legislation of the Russian Federation, a contract to which the data subject is a party, beneficiary or guarantor.

2.1.8. Destruction or ensuring the destruction of personal data upon achievement of the purposes of their processing or in the event of loss of the need to achieve these purposes, unless otherwise provided by the legislation of the Russian Federation.

3. Purposes, Content and Methods of Personal Data Processing

3.1. The processing of personal data is limited to the achievement of specific, predetermined and lawful purposes. Processing of personal data incompatible with the purposes of collecting personal data is not allowed.

3.2. Only personal data that correspond to the purposes of their processing are subject to processing.

3.3. The Operator processes personal data for the following purposes:

  • recruitment (applicants) for vacant positions of the Operator;
  • personnel management of the Operator;
  • payment of wages and implementation of other remuneration processes for the Operator's personnel;
  • support and motivation of the Operator's personnel (corporate benefits);
  • organisation of business trips, travel, transport support and administrative support for the Operator's personnel;
  • ensuring the security of activities and the safety of the Operator's property;
  • information technology support for the Operator's activities;
  • ensuring document flow processes, the activities of personnel and management bodies of the Operator;
  • support of the Operator's core activities in accordance with its Charter;
  • development of partnerships, promotion of products and increasing the efficiency of interaction with counterparties and persons potentially interested in cooperation with the Operator.

3.4. The Operator may process personal data of the following categories of data subjects:

  • employees (current and former) of the Operator;
  • family members and other relatives or other contact persons of the Operator's employees;
  • applicants for vacant positions at the Operator;
  • family members and other relatives, as well as associated persons of applicants for vacant positions at the Operator;
  • individuals who have concluded a civil law contract with the Operator;
  • individuals – representatives/employees of the Operator's counterparties;
  • recipients of payments related to the Operator's employees;
  • individuals (employees/representatives of legal entities) who send requests to the Operator;
  • participants of events (conferences, seminars, webinars, other public events in the interests of the Operator, partner organisations, professional communities);
  • users/visitors of the Operator's Internet resources;
  • individuals who have given consent to the processing of personal data for the purpose of promoting the Operator's goods and those of its partners;
  • visitors to offices and other real estate properties of the Operator;
  • personnel of authorised bodies and organisations;
  • individuals whose personal data processing is entrusted to the Operator;
  • data subjects who have given consent to the cross-border transfer of personal data;
  • other individuals who have given consent to the processing of their personal data by the Operator.

3.5. The processing of personal data at LLC "Raymed Trading Group" LLC includes: collection, recording, systematisation, accumulation, storage, clarification (update, modification), extraction, use, acquisition, comparison (matching), combination (linking), transfer (provision, access), anonymisation, blocking, deletion, destruction.

3.6. The Operator may disseminate personal data with the consent of the data subject or other legal basis. The Operator may also carry out cross-border transfer of personal data in cases where this is necessary for the implementation of the Operator's statutory activities, subject to the conditions and restrictions established by the Law on Personal Data.

3.7. The Operator processes personal data for each processing purpose using the following methods:

  • non-automated processing of personal data;
  • automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
  • mixed processing of personal data.

3.8. The list of categories of processed personal data, categories of subjects whose personal data are processed, methods, processing and storage periods, and the procedure for the destruction of personal data for each processing purpose is contained in Appendix No. 1 to this Policy.

4. Legal Grounds for Processing Personal Data

4.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in execution of and in accordance with which the Operator processes personal data, including:

  • The Constitution of the Russian Federation;
  • The Civil Code of the Russian Federation;
  • The Labour Code of the Russian Federation;
  • The Tax Code of the Russian Federation;
  • Federal Law No. 14-FZ of 08.02.1998 “On Limited Liability Companies”;
  • Federal Law No. 152-FZ of 27.07.2006 “On Personal Data”;
  • Resolution of the Government of the Russian Federation No. 1119 of 01.11.2012 “On approval of requirements for the protection of personal data during their processing in personal data information systems”;
  • Order of the FSTEC of Russia No. 21 of 18.02.2013 “On approval of the Composition and content of organisational and technical measures to ensure the security of personal data during their processing in personal data information systems”;
  • Federal Law No. 402-FZ of 06.12.2011 “On Accounting”;
  • Federal Law No. 167-FZ of 15.12.2001 “On Compulsory Pension Insurance in the Russian Federation”;
  • other regulatory legal acts governing relations related to the Operator's activities.

4.2. The legal basis for the processing of personal data also includes:

  • The Charter of LLC "Raymed Trading Group" LLC;
  • Regulations and other local acts on the processing of personal data adopted at LLC "Raymed Trading Group" LLC;
  • Contracts concluded between the Operator and data subjects;
  • Consents of data subjects to the processing of their personal data.

5. Procedure and Conditions for Processing Personal Data

5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

5.2. The processing of personal data is carried out with the consent of the data subjects to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.

5.3. Employees of the Operator whose official duties include the processing of personal data are allowed to process personal data.

5.4. The processing of personal data for each purpose specified in clause 3.3 of the Policy is carried out by:

  • receiving personal data in oral and written form directly from the data subjects;
  • entering personal data into journals, registers and information systems of the Operator;
  • using other methods of processing personal data.

5.5. Disclosure to third parties and dissemination of personal data without the consent of the data subject is not permitted, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the data subject for dissemination is drawn up separately from other consents of the data subject to the processing of his/her personal data. The requirements for the content of consent to the processing of personal data permitted by the data subject for dissemination are approved by Order of Roskomnadzor No. 18 of 24.02.2021.

5.6. The transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Social Fund of Russia and other authorised executive authorities and organisations is carried out in accordance with the requirements of the legislation of the Russian Federation.

5.7. The Operator stores personal data in a form that allows identification of the data subject for no longer than is required by each purpose of processing personal data, unless the storage period for personal data is established by federal law or a contract.

5.7.1. Personal data on paper media is stored at LLC "Raymed Trading Group" LLC for the periods of storage of documents for which these periods are provided for by the legislation on archival affairs in the Russian Federation (Federal Law No. 125-FZ of 22.10.2004 “On Archival Affairs in the Russian Federation”, List of standard managerial archival documents generated in the course of activities of state bodies, local self-government bodies and organisations, indicating their storage periods (approved by Order of the Federal Archival Agency No. 236 of 20.12.2019)).

5.7.2. The storage period for personal data processed in personal data information systems corresponds to the storage period for personal data on paper media.

5.8. The Operator terminates the processing of personal data in the following cases:

  • the fact of their unlawful processing is revealed – within three working days from the date of detection;
  • the purpose of their processing is achieved;
  • the consent of the data subject to the processing of these data has expired or been revoked, when, according to the Law on Personal Data, the processing of these data is allowed only with consent.

5.9. Upon achievement of the purposes of processing personal data, as well as in the event of revocation by the data subject of consent to their processing, the Operator stops processing these data if:

  • otherwise is not provided for by the contract to which the data subject is a party, beneficiary or guarantor;
  • the Operator is not entitled to process without the consent of the data subject on the grounds provided for by the Law on Personal Data or other federal laws;
  • otherwise is not provided for by another agreement between the Operator and the data subject.

5.10. When a data subject contacts the Operator with a request to stop processing personal data, within a period not exceeding 10 working days from the date of receipt by the Operator of the corresponding request, the processing of personal data is terminated, except in cases provided for by the Law on Personal Data. This period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to the data subject indicating the reasons for extending the period.

5.11. When collecting personal data, including via the information and telecommunication network Internet, the Operator ensures the recording, systematisation, accumulation, storage, clarification (update, modification), and extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.

6. Updating, Correction, Deletion, Destruction of Personal Data, Responses to Data Subject Access Requests

6.1. Confirmation of the fact of processing personal data by the Operator, the legal grounds and purposes of processing personal data, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the data subject or his/her representative within 10 working days from the date of the request or receipt of the request from the data subject or his/her representative. This period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to the data subject indicating the reasons for extending the deadline for providing the requested information.

The information provided shall not include personal data relating to other data subjects, except in cases where there are legal grounds for disclosing such personal data.

The request must contain:

  • the number of the main identity document of the data subject or his/her representative, information on the date of issue of the said document and the authority that issued it;
  • information confirming the participation of the data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of processing of personal data by the Operator;
  • the signature of the data subject or his/her representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

The Operator provides the information specified in Part 7 of Article 14 of the Law on Personal Data to the data subject or his/her representative in the form in which the corresponding request or enquiry was submitted, unless otherwise specified in the request or enquiry.

If the request (enquiry) of the data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or if the data subject does not have the right to access the requested information, a reasoned refusal is sent to him/her.

The right of the data subject to access his/her personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if access to the data subject's personal data violates the rights and legitimate interests of third parties.

6.2. In the event of detection of inaccurate personal data upon request of the data subject or his/her representative, or upon their request or upon request of Roskomnadzor, the Operator blocks the personal data relating to that data subject from the moment of such request or receipt of the said request for the period of verification, if blocking of personal data does not violate the rights and legitimate interests of the data subject or third parties.

If the inaccuracy of personal data is confirmed, the Operator, on the basis of information provided by the data subject or his/her representative or by Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.

6.3. In the event of detection of unlawful processing of personal data upon a request (enquiry) from the data subject or his/her representative or from Roskomnadzor, the Operator blocks the unlawfully processed personal data relating to that data subject from the moment of such request or receipt of the request.

6.4. When the Operator, Roskomnadzor or another interested person detects a fact of unlawful or accidental transfer (provision, dissemination) of personal data (access to personal data) that has resulted in a violation of the rights of data subjects, the Operator:

  • within 24 hours – notifies Roskomnadzor of the incident, the alleged reasons that led to the violation of the rights of data subjects, the alleged harm caused to the rights of data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information on the person authorised by the Operator to interact with Roskomnadzor on matters related to the incident;
  • within 72 hours – notifies Roskomnadzor of the results of the internal investigation of the identified incident and provides information on the persons whose actions caused it (if any).

6.5. Procedure for the destruction of personal data by the Operator.

6.5.1. Conditions and terms for the destruction of personal data by the Operator:

  • achievement of the purpose of processing personal data or loss of the need to achieve this purpose – within 30 days;
  • achievement of the maximum storage periods for documents containing personal data – within 30 days;
  • submission by the data subject (his/her representative) of confirmation that the personal data were obtained unlawfully or are not necessary for the stated purpose of processing – within seven working days;
  • revocation by the data subject of consent to the processing of his/her personal data, if their storage for the purpose of their processing is no longer required – within 30 days.

6.5.2. Upon achievement of the purposes of processing personal data, as well as in the event of revocation by the data subject of consent to their processing, personal data are subject to destruction if:

  • otherwise is not provided for by the contract to which the data subject is a party, beneficiary or guarantor;
  • the Operator is not entitled to process without the consent of the data subject on the grounds provided for by the Law on Personal Data or other federal laws;
  • otherwise is not provided for by another agreement between the Operator and the data subject.

6.5.3. The destruction of personal data is carried out by a commission established by order of the General Director of LLC "Raymed Trading Group" LLC.

6.5.4. The destruction of personal data is carried out within the time limits established by law using the standard software tools of the information system; paper media are destroyed by shredding.

7. Protection of Personal Data

7.1. The Operator takes the necessary legal, organisational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, dissemination and other unauthorised actions, including:

7.1.1. Identification of threats to the security of personal data during their processing in personal data information systems.

7.1.2. Application of organisational and technical measures to ensure the security of personal data during their processing in personal data information systems, necessary to comply with the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation.

7.1.3. Use of information security means that have passed the conformity assessment procedure in the established manner.

7.1.4. Use for the destruction of personal data of information security means that have passed the conformity assessment procedure in the established manner, which include a function for destroying information.

7.1.5. Assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.

7.1.6. Accounting of machine-readable personal data media.

7.1.7. Detection of facts of unauthorised access to personal data and taking measures, including measures to detect, prevent and eliminate the consequences of computer attacks on personal data information systems and to respond to computer incidents in them.

7.1.8. Restoration of personal data modified or destroyed as a result of unauthorised access to them.

7.1.9. Establishment of rules for access to personal data processed in the personal data information system, as well as ensuring registration and recording of all actions performed with personal data in the personal data information system.

7.1.10. Monitoring of the measures taken to ensure the security of personal data and the level of protection of personal data information systems.

7.1.11. Appointment of a person responsible for the processing of personal data, who organises the processing of personal data and internal control over the Operator's compliance with the requirements for the protection of personal data.

7.1.12. Approval of local regulations and other documents regulating relations in the field of processing and protection of personal data.

7.1.13. Establishment of individual passwords for employee access to the information system in accordance with their production duties.

7.1.14. Organisation of a security regime for premises where the information system is located, preventing the possibility of uncontrolled entry or presence in these premises of persons who do not have the right of access to these premises.

7.1.15. Ensuring the safety of personal data media.

7.1.16. Approval of a document defining the list of persons whose access to personal data processed in the information system is necessary for the performance of their official (labour) duties.

7.1.17. Use of information security means that have passed the conformity assessment procedure with the requirements of the legislation of the Russian Federation in the field of information security, in cases where the use of such means is necessary to neutralise current threats.

7.1.18. Application of other legal, organisational and technical measures to ensure the security of personal data in accordance with the Operator's internal local documents.

8. Additional Conditions

8.1. This Policy is an internal document of LLC "Raymed Trading Group" LLC, is publicly available and is subject to posting on the official website of LLC "Raymed Trading Group" LLC in compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data.

8.2. The Operator has the right to make changes to this Policy without prior notice. When changes are made, the current version indicates the date of the last update. The new version of the Policy comes into force from the moment of its publication, unless otherwise provided for by the new version of the Policy. The current version is posted at: https://raymed.ru/policy.

8.3. Control over the implementation of the requirements of this Policy is carried out by the person responsible for organising the processing of personal data at LLC "Raymed Trading Group" LLC.

8.4. The liability of officials of LLC "Raymed Trading Group" LLC who have access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data is determined in accordance with the legislation of the Russian Federation and local documents of LLC "Raymed Trading Group" LLC.

9. Details and Contact Information

Organisation name: LLC "Raymed Trading Group"

Abbreviated name: LLC "Raymed Trading Group" LLC

Legal and postal address: 141001, Moscow Region, Mytishchi urban district, Mytishchi, 1st Vokzalnaya str., 8

Email: info@raymed.ru

INN (Taxpayer ID): 5029204750    KPP (Registration reason code): 502901001    OGRN (Primary state registration number): 1155029011169

Appendix No. 1 to this Policy: List of categories of processed personal data, categories of subjects whose personal data are processed, methods, processing and storage periods, and the procedure for the destruction of personal data for each purpose of personal data processing.

Appendix No. 1 to the Privacy Policy of LLC "Raymed Trading Group" LLC
List of categories of processed personal data, categories of subjects whose personal data are processed, methods, processing and storage periods, and the procedure for the destruction of personal data for each purpose of personal data processing

Section No. 1. Purpose of processing: recruitment (applicants) for vacant positions of the Operator

namely:

  • search for applicants for vacant positions;
  • verification of the reliability of applicants, including management of legal, reputational and compliance (conflict of interest prevention and resolution) risks associated with applicants, as well as verification of the completeness and accuracy of the information provided by applicants;
  • maintenance of a personnel reserve;
  • assessment of applicants' compliance with applicable requirements, including testing knowledge and abilities;
  • making decisions on hiring or refusing to fill a vacant position (employment);
  • preparation for conclusion of an employment contract and pre-contractual interaction with candidates;
  • informing the applicant about suitable vacancies.

1.1. Category of data subject: applicants for vacant positions; family members and other relatives of applicants for vacant positions at the Operator.

1.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, marital status, social status, property status, income, gender, email address, residential address, registration address, phone number, SNILS (individual insurance account number), TIN (taxpayer identification number), citizenship, identity document data, driving licence data, identity document data valid outside the Russian Federation, bank card details, current account number, personal account number, profession, position, information on work activity (including work experience, data on current employment with the name and current account of the organisation), attitude to military duty, information on military registration, education information, facial image (not used for identification);
  • Other personal data: account in messengers and/or social networks; references from previous jobs; information on expected salary; information on skills (foreign language proficiency, driving skills, additional skills related to work activity); information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.);
  • Special categories of personal data: information on health status regarding (in)capacity to work; information on health status regarding disability; information on health status regarding fitness for military service;
  • Biometric personal data: not processed.

1.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), anonymisation, acquisition, transfer (provision, access), deletion, destruction. Processing format: both with and without the use of automation.

1.4. Processing and storage periods: up to 5 years after the termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject.

1.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 2. Purpose of processing: personnel management of the Operator

namely:

  • processing of hiring / dismissal; conducting interviews (surveys) upon hiring / dismissal, induction and adaptation to work and social environment;
  • making managerial and HR decisions, ensuring career development and promotion;
  • maintaining personnel and military records;
  • organising remote (distance) work arrangements;
  • planning work and managing labour productivity, monitoring and controlling the quantity and quality of work performed, as well as rational use of working time, checking and evaluating performance of duties;
  • consideration and resolution of labour disputes, conflicts and other disagreements in the context of labour relations;
  • maintaining effective information (communication) interaction with the Operator's personnel;
  • planning, organising and conducting various working (official) events;
  • organising and/or conducting various types of training (including instruction), advanced training, professional (re)training, testing knowledge and abilities, as well as ensuring, monitoring, training (including instruction), internship and testing of knowledge in the field of labour protection, safety, fire safety, civil defence and emergency (accident) protection;
  • conducting special assessment of working conditions (SAWC) and occupational risk assessment (ORA);
  • organising medical examinations to determine the ability of personnel to perform their labour functions, as well as for diagnostics and prevention of occupational diseases;
  • investigation, registration (consideration), recording, notification of micro-injuries (micro-traumas), accidents and occupational diseases;
  • prevention and counteraction to the spread of infections among personnel, provision of necessary support to personnel in overcoming infectious diseases and their consequences;
  • ensuring compliance with labour, including: filling in and submitting required reporting forms to authorised bodies, organising registration (personified) of employees in compulsory pension insurance and compulsory social insurance systems.

2.1. Categories of data subjects: employees (current and former) of the Operator; family members, other relatives and other contact persons of employees.

2.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, marital status, social status, property status, income, gender, email address, residential address, registration address, phone number, SNILS, TIN, citizenship, identity document data, driving licence data, identity document data valid outside the Russian Federation, bank card details, current account number, personal account number, profession, position, information on work activity (including work experience, data on current employment with the name and current account of the organisation), attitude to military duty, information on military registration, education information, facial image (not used for identification);
  • Other personal data: account data in messengers and/or social networks; information on skills (foreign language proficiency, driving skills, additional skills related to work activity); information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); information on professional development; information on professional preferences and expectations; information on professional and/or scientific interests; information on achievements, merits, awards and honours; information on use and operation of software and hardware, information systems, computing and communication networks; information on use and operation of telecommunication services; information on results of special assessment of working conditions; anthropometric data; information on provision of personal protective equipment; information on accidents within the framework of work (service) activities; information on violations of applicable norms (including legal) and bringing to appropriate liability; image data, including face (not used for identification); information on compulsory medical, pension and social insurance; information on voluntary personal and property insurance;
  • Special categories of personal data: information on health status regarding (in)capacity to work; information on health status regarding disability; information on health status regarding blood donation; information on health status regarding pregnancy; information on health status regarding fitness for military service;
  • Biometric personal data: not processed.

2.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

2.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

2.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 3. Purpose of processing: payment of wages and implementation of other remuneration processes for the Operator's personnel

namely:

  • calculation and payment of wages, bonuses, premiums, allowances, reimbursements for expenses, compensations, financial assistance and other payments, as well as provision of tax deductions;
  • calculation and execution of deductions from wages and other income in cases prescribed by law;
  • maintaining accounting and tax records in respect of the Operator's personnel;
  • ensuring compliance with tax legislation of the Russian Federation, including: filling in and submitting required reporting forms to authorised bodies;
  • ensuring compliance with pension legislation of the Russian Federation, including: filling in and submitting required reporting forms to authorised bodies;
  • organising the provision of bank cards for personal and/or official use.

3.1. Categories of data subjects: employees (current and former) of the Operator; family members and other relatives of the Operator's employees; recipients of payments related to the Operator's employees.

3.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, gender, email address, residential address, registration address, SNILS, TIN, citizenship, identity document data, driving licence data, identity document data valid outside the Russian Federation, bank card details, current account number, personal account number, profession, position, information on work activity (including work experience, data on current employment with the name and current account of the organisation);
  • Other personal data: information on place of activity (city or work address); information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); information on income, expenses and deductions related to work (service) activities; information on compulsory medical, pension and social insurance; information on pension provision; financial and payment details; information on enforcement proceedings; information on working hours, insurance period and benefits; information on marital status, family composition, details of marriage certificate, birth certificate;
  • Special categories of personal data: information on health status regarding disability;
  • Biometric personal data: not processed.

3.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

3.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

3.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 4. Purpose of processing: support and motivation of the Operator's personnel (corporate benefits)

namely:

  • participation in voluntary insurance programmes, including medical insurance;
  • achieving and maintaining an optimal level of motivation and involvement in work (service) activities, including organising participation in various loyalty programmes and other incentive (encouragement) measures;
  • organising the provision of gifts;
  • organising voluntary participation in internal events not related to work (service) activities, as well as in public events.

4.1. Categories of data subjects: employees (current and former) of the Operator.

4.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, marital status, social status, property status, income, gender, email address, residential address, registration address, phone number, SNILS, TIN, citizenship, identity document data, driving licence data, identity document data valid outside the Russian Federation, bank card details, current account number, personal account number, profession, position, information on work activity (including work experience, data on current employment with the name and current account of the organisation), attitude to military duty, information on military registration, education information, facial image (not used for identification);
  • Other personal data: information on place of activity (city or work address); information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); marriage certificate / divorce certificate data, death certificate data; information on insurance; details (series and number, date of issue) of insurance policy and name of insurance organisation; insurance programme number; information on individual insurance compensation; anthropometric data; image data including face (not used for identification);
  • Special categories of personal data: information on health status;
  • Biometric personal data: not processed.

4.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

4.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

4.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 5. Purpose of processing: organisation of business trips, travel, transport support and administrative support for the Operator's personnel

namely:

  • organisation (including arrangement) of business meetings and travel, including business trips and other official journeys;
  • provision for use and/or official operation of vehicles, proper accounting and reimbursement of costs for such operation, as well as providing effective technical assistance during official operation of vehicles;
  • assistance in obtaining entry documents to the Russian Federation and/or foreign states;
  • ensuring local transport mobility (individual car transportation);
  • monitoring and control of official operation and safety of vehicles, as well as protecting the employer's property interests during official operation of vehicles and when resolving insurance/non-insurance incidents with them.

5.1. Categories of data subjects: employees (current and former) of the Operator.

5.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, marital status, social status, property status, income, gender, email address, residential address, registration address, phone number, SNILS, TIN, citizenship, identity document data, driving licence data, identity document data valid outside the Russian Federation, bank card details, current account number, personal account number, profession, position, information on work activity (including work experience, data on current employment with the name and current account of the organisation), attitude to military duty, information on military registration, education information, facial image (not used for identification);
  • Other personal data: information on place of activity (city or work address); information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); information on business trips, including business trips and other official journeys; information on visits to various states and stay on their territory; information on driving vehicles; information on the vehicle; information on provision and use of the vehicle; information on status and authority to represent interests; information on an offence (misdemeanour) committed using the vehicle; information on a traffic or other incident involving the vehicle; geolocation and navigation data;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

5.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

5.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

5.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 6. Purpose of processing: ensuring the security of activities and the safety of the Operator's property

namely:

  • ensuring the safety of property and protection of individuals from unlawful acts (encroachments);
  • ensuring intra-site and access control regimes at the used real estate properties.

6.1. Categories of data subjects: employees (current and former) of the Operator; individuals who have concluded a civil law contract with the Operator; individuals – representatives/employees of the Operator's counterparties; visitors to the Operator's real estate properties.

6.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, identity document data, driving licence data, identity document data valid outside the Russian Federation;
  • Other personal data: information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); information on controlled presence at real estate properties; video/audio recording of image (not used for identification); information on place of residence and/or stay; information on service pass; information on the vehicle;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

6.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

6.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

6.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 7. Purpose of processing: information technology support for the Operator's activities

namely:

  • information technology support, facilitation and improvement of the efficiency of work (service) communications of personnel and preservation of software and hardware, systems, networks and services, as well as providing effective technical support to personnel during such official operation;
  • ensuring information security, as well as ensuring proper circulation and protection of information constituting legally protected secrets and intellectual property;
  • provision for use and/or official operation, technical support of software and hardware (including personal computers, office equipment, communication means, information security means), information systems, computing and (tele)communication networks and services.

7.1. Categories of data subjects: employees (current and former) of the Operator.

7.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic;
  • Other personal data: information on use and operation of software and hardware, information systems, computing and communication networks; information on use of the Internet; information on connection to the Internet; information on visits and use of Internet resources; information on user device; information on use and operation of telecommunication services; identification, authentication and authorisation data; metadata on various objects (files) and their contents; information on the user's web browser; information passing through the Operator's email server and/or through other information systems of the Operator (and information systems of third parties that the Operator uses under a contract with such third parties), including employee correspondence and its content (any correspondence involving the employee, regardless of its form on electronic and paper media, which is or may be in the possession of the Operator: on the Operator's property/equipment; on the Operator's resources provided to the employee for the performance of his/her labour function; on resources interacting with the Operator's resources; on resources of the Operator's counterparties; on resources that are controlled and/or administered by the Operator; on resources used for the Operator's activities); information on features of data entry on the user device (without saving the user-entered data); information on access to legally protected secrets;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

7.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

7.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

7.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 8. Purpose of processing: ensuring document flow processes, the activities of personnel and management bodies of the Operator

namely:

  • delegation of authority to represent the Operator's interests, including execution of powers of attorney, electronic signatures;
  • organisation and maintenance of office work, ensuring document flow (in written and electronic form), conducting legally significant correspondence (in written and electronic form);
  • participation in pre-trial and judicial dispute resolution, execution of judicial acts, assistance in the administration of justice;
  • ensuring the effectiveness and sustainability (continuity) of activities, organisation and management of activities and assets (property), strategic and budget planning, project management, maintenance of necessary reporting, management of transactions for reorganisation, merger, acquisition, liquidation or disposal of assets;
  • ensuring the activities of management bodies;
  • carrying out proper accounting, storage and destruction of certain categories of material information carriers.

8.1. Categories of data subjects: employees (current and former) of the Operator; founders; individuals who have concluded a civil law contract with the Operator;

8.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, residential address, registration address, SNILS, TIN, citizenship, identity document data, identity document data valid outside the Russian Federation, profession, position;
  • Other personal data: information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); handwritten signature (specimen); electronic signature;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

8.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

8.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

8.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 9. Purpose of processing: support of the Operator's core activities in accordance with its Charter

namely:

  • actual implementation of the main types of activities in accordance with its own constituent document;
  • contractual work, including conclusion, execution, amendment and termination of contracts and agreements with counterparties;
  • making financial settlements with persons who are not personnel, maintaining relevant accounting and tax records;
  • organisation, implementation and management of the effectiveness of procurement procedures for products (goods, works, services) from counterparties;
  • taking due diligence measures in relation to potential and existing counterparties, including management of financial, commercial, legal, regulatory, operational, contractual, reputational risks associated with counterparties, as well as verification of the completeness and accuracy of information provided by potential and existing counterparties;
  • obtaining permits for the right to carry out certain types of own activities and/or obtaining confirmation of compliance of sold products with applicable requirements.

9.1. Categories of data subjects: individuals who have concluded a civil law contract with the Operator; individuals – representatives/employees of the Operator's counterparties; personnel of authorised bodies and organisations.

9.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic, year of birth, month of birth, date of birth, place of birth, residential address, registration address, SNILS, TIN, citizenship, identity document data, identity document data valid outside the Russian Federation, profession, position, email address; phone number; bank card details, current account number, personal account number, information on place of activity (city or work address);
  • Other personal data: information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); handwritten signature (specimen); electronic signature; information on position, department and current place of employment; information on status and authority to represent interests; bank details;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

9.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, transfer (provision, access), anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

9.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

9.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Section No. 10. Purpose of processing: development of partnerships, promotion of products and increasing the efficiency of interaction with counterparties and persons potentially interested in cooperation with the Operator

namely:

  • search, identification and analysis of persons potentially interested in cooperation, establishment and maintenance of business communication with interested persons, participation in procurement procedures of potential and existing counterparties;
  • offering and promoting own products and brand on the market through marketing communications, including by sending personalised offers and advertising messages, as well as by displaying personalised and/or non-personalised advertising;
  • planning, organising and conducting marketing, promotional, statistical and analytical events (including surveys and research);
  • analysis of satisfaction of counterparties and other interested parties with the products sold;
  • information (communication) interaction with all interested parties, including information support (service), sending information messages, processing, reviewing incoming requests and information materials of any nature, providing effective support when interested parties have various problems or situations, as well as managing the quality and effectiveness of such interaction;
  • providing tools for effective communication and organisation of business meetings (maintaining websites, communities in social networks; organising forums, conferences, round tables, etc.).

10.1. Categories of data subjects: representatives/employees of the Operator's counterparties; individuals (employees/representatives of legal entities) who send requests to the Operator; users/visitors of the Operator's Internet resources; participants of events (conferences, seminars, webinars, other public events in the interests of the Operator, partner organisations, professional communities); individuals who have given consent to the processing of personal data for the purpose of promoting the Operator's goods, works, services and those of its partners.

10.2. Categories and list of personal data:

  • Personal data: surname, first name, patronymic; contact email address; phone number; IP address, cookies;
  • Other personal data: information on authorisation documents of foreign citizens and stateless persons (including visa details, residence permits, temporary residence permits, patents, work permits, migration cards, etc.); information on identity document; information on citizenship or nationality; place of birth; gender; date of birth and/or age; information on position, department and current place of employment; information on current work (service) activity; information on education and training; information on current educational activity; information on scientific and educational activities; information on profession, labour/professional qualification and professional qualities; information on potential and prospects of cooperation; information on participation in events; information on expressed personal opinion and survey results;
  • Special categories of personal data: not processed;
  • Biometric personal data: not processed.

10.3. Methods of personal data processing: collection, recording, systematisation, accumulation, use, storage, clarification (update, modification), extraction, comparison (matching, linking), acquisition, anonymisation, deletion, destruction. Processing format: both with and without the use of automation.

10.4. Processing and storage periods: up to 5 years after termination of the legal relationship between the parties, unless otherwise provided by applicable law, the consent of the Data Subject or the contract (agreement) between the Operator and the Data Subject.

10.5. Procedure for destruction of personal data: upon achievement of the processing purpose and/or upon the occurrence of other legal grounds: destruction of data is carried out in accordance with the procedure established by Order of Roskomnadzor No. 179 of 28.10.2022; the method of destruction depends on the processing method: shredding / deletion of information from databases / other methods.

Additionally: the processing of the above personal data is carried out with the consent of the Data Subjects. The Operator also has the right, in cases established by law, to process the Data Subjects on other legal grounds, in particular:

  • implementation and performance of functions, powers and duties assigned by the legislation of the Russian Federation to the operator (clause 2, part 1, article 6 of the Law on Personal Data);
  • processing of personal data is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings, proceedings in arbitration courts (clause 3, part 1, article 6 of the Law on Personal Data);
  • processing of personal data is necessary for the performance of a contract to which the data subject is a party, beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the data subject or a contract under which the data subject will be the beneficiary or guarantor (clause 5, part 1, article 6 of the Law on Personal Data);
  • processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for achieving socially significant goals (clause 7, part 1, article 6 of the Law on Personal Data);
  • on other legal grounds provided for by the Law on Personal Data or the legislation of the Russian Federation.

Current version of the Policy is available at: https://raymed.org /en/privacy-policy/

Mon-Fri. 9:00 – 18:00
© 2026, Raymed Trading Group LLC
<
Personal Data Processing Policy