1.1. This Policy (the "Policy") regulates the processing of personal data of individuals, users of: www.doktornarabote.ru / doktornarabote.ru, Doctor’s Feed IOS/Android mobile app, Doctorgram (Platform), including representatives of Users (hereinafter referred to as "Personal Data Subjects").
Entity processing personal data: Doctor at Work LLC, 127 055, Moscow, Novoslobodskay street, bld.41, fl.4, room 1, PSRN 1 107 746 240 876 (hereinafter referred to as "Operator")
1.2. The Operator shall process personal data of Personal Data Subjects, namely all actions with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), impersonation, blocking, Removal, destruction of personal data, transfer (distribution) of personal data (hereinafter referred to as "Personal Data Processing").
1.3. Personal data processed under this Policy include: surname, first name and middle name (If available), day, month, year and place of birth, tax ID number, SNILS, gender, e-mail address, permanent registration address, region (Subject) of residence, postal address, telephone number, citizen image, identity document data (Series and passport number, by whom and when issued, etc.), Information on education (including information on the educational institution in which the citizen is studying/trained, date of beginning and completion of training, other information), including information on the document on education and qualifications (Number, date of issue, etc.), information on the degree, including the document on the assignment of the degree (Number, date of issue, etc.), certificate of specialist and/or certificate of accreditation of specialist issued to medical personnel (Number, date of issue, etc.), information on the state of the citizen in labour relations (Name of employer, place of work, including with indication of separate structural subdivision and its location, position, length of work in specialty, other information), Account details of credit institutions, information necessary for the calculation and payment of taxes and insurance premiums and other similar information received from the Personal Data Subject for the purpose of using the Platform, including in the form of copies of documents.
2.1. The purpose of personal data collection of the Personal Data Subject is its registration and authorization on the Platform for use of the Platform, Providing access to Platform resources, establishing feedback by the Operator with the Subject, Including sending notifications, requests regarding the use of the Platform, providing services, processing requests and requests from the Personal Data Subject to the Platform, Confirmation of validity and completeness of personal data provided by the Personal Data Subject, Creation of an account for the Personal Data Subject on the Platform, provision of effective client and technical support to the Personal Data Subject in case of problems related to the use of the Platform, promotion (Advertising) of goods, works, services on the market using the Platform, carrying out statistical or other research, including for further development and improvement of the Platform.
2.2. Personal data can be used for other purposes if it is mandatory in accordance with the provisions of the legislation of the Russian Federation.
2.3. Personal data processing is limited to achieving specific, predefined and legitimate goals. Personal data processing incompatible with the purpose of personal data collection is not allowed.
3.1. The legal basis for Personal Data Processing, according to this Policy, is consent to personal data processing (Appendix 1).
4.1. Personal data specified in item 1.3 of this Policy shall be processed to the extent necessary to achieve the objectives specified in section 2 of this Policy. The operator processes personal data of the general category.
4.2. The operator guarantees that the personal data being processed is not redundant with respect to the stated processing purposes.
4.3. Categories of personal data subjects are specified in Clause 1.1 of this Policy, and Personal Data Subjects are citizens who have registered on the Platform and have given Consent to Personal Data Processing.
5.1. Actions performed by the Operator with personal data: collection, recording, systematization, accumulation, storage, refinement (updating, modification), extraction, use, transfer (distribution, provision, access), impersonation, blocking, removal, destruction.
5.2. Personal Data shall be processed by the Operator using automated systems, except in cases when unauthorized processing of personal data is necessary in connection with compliance with the requirements of the legislation of the Russian Federation.
5.3. Personal data shall be processed immediately from the moment of their receipt, but not more than the terms established by the legislation of the Russian Federation.
5.4. The operator has the right to assign processing of personal data to another person with the consent of the personal data subject. The person processing personal data on behalf of the Operator shall comply with the principles and rules of personal data processing established by the legislation of the Russian Federation. The Operator 's instructions shall specify the list of actions (transactions) with personal data to be performed by the person processing personal data and the purpose of processing, shall establish the obligation of such person to maintain the confidentiality of personal data and to ensure the security of personal data during their processing, and shall specify the requirements for the protection of personal data being processed in accordance with the current legislation of the Russian Federation.
Confidentiality of personal data of the Personal Data Subject shall always be preserved, except in cases of voluntary provision by the Personal Data Subject of information about itself for general access to an unlimited range of persons. When using separate services, the Personal Data Subject agrees that a certain part of its personal information becomes publicly available. The Platform may transfer personal information of the Personal Data Subject to third parties in the following cases: the Personal Data Subject has consented to such actions; The transfer is required for use by the Personal Data Subject of a certain service or for execution of a certain agreement or agreement with the Personal Data Subject; The transfer is provided for by Russian or other applicable law in accordance with the procedure established by law. In the event of the sale of the Platform, all obligations to comply with the terms of this Policy with respect to the information received by it shall be transferred to the purchaser.
The Operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by the current legislation of the Russian Federation. Confidentiality of personal data of the Personal Data Subject is always preserved, except in cases of voluntary provision of information about itself by the Personal Data Subject for general access to an unlimited range of persons.
5.5. The operator guarantees compliance with the requirements of confidentiality of personal data established by article 7 of the Federal Law "On Personal Data" of 27 July 2006 No. 152-ФЗ, as well as the adoption of measures provided for in Part 2 of Article 18.1 and Part 1 of Article 19 of the Federal Law "On Personal Data" of 27 July 2006 No. 152-ФЗ.
5.6. The condition for termination of personal data processing by the Operator of personal data subjects is achievement of personal data processing objectives, withdrawal of Personal Data Subject 's consent to Personal Data Processing, as well as detection of illegal personal data processing. The Operator has the right to transfer personal data to the bodies of inquiry and investigation, other authorized bodies on the grounds stipulated by the current legislation of the Russian Federation. Confidentiality of personal data of the Personal Data Subject is always preserved, except in cases of voluntary provision of information about itself by the Personal Data Subject for general access to an unlimited range of persons.
5.7. Personal data shall be stored in a form that allows to determine the Personal Subject within the terms specified in the Consent to Personal Data Processing.
5.8. When storing personal data, the Operator uses databases located in the territory of the Russian Federation. Personal data of Personal Data Subjects are stored exclusively on electronic media.
5.9. The Operator shall take technical and organizational and legal measures to ensure protection of personal data of Personal Data Subjects from illegal or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions. To access the Personal Office of the User on the Platform, the Personal Data Subject uses an individual login and password. The Personal Data Subject shall be responsible for the security of this information as a User.
6. UPDATING, CORRECTION, Removal AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
6.1. The Personal Data Subject shall have the right to request the Operator to provide information concerning the processing of his personal data, the clarification of personal data, their blocking or destruction in case personal data are incomplete, obsolete, inaccurate, illegally received or are not necessary for the stated purpose of processing (hereinafter referred to as the "Request"). The request shall contain the number of the main document confirming the identity of the Personal Data Subject or his representative, information on the date of issuance of the specified document and the issuing body, the signature of the Personal Data Subject or his representative, the postal address and (or) the e-mail address for sending a reply. The request shall be sent to the Operator 's postal address specified in Clause 1.1 of this Policy by registered mail with an attachment record and delivery notice. The request may be sent in the form of an electronic image of the signed document and sent from through the personal account of the Personal Data Subject on the Platform.
6.2. The Operator shall fulfill the requirement specified in the Request not later than 7 business days from the date of its receipt.
6.3. In case of detection of illegal processing of personal data or inaccurate personal data at the Request of the Personal Data Subject or its representative, the Operator shall block such personal data relating to this Personal Data Subject from the moment of receipt of the specified Request for the inspection period. The total period of verification and fulfillment of the requirement may not exceed 5 business days from the date of receipt of the Request. Based on the results of the inspection, the Operator shall clarify personal data and remove the blocking; Stops the improper processing of personal data and destroys it.
The Personal Data Subject shall have the right to resubmit the Request for the provision of information concerning the processing of his personal data in accordance with Article 7 of the Federal Law "On Personal Data" of July 27, 2006 No. 152-ФЗ, not earlier than 30 days after the submission of the initial Request.
6.4. The Operator shall have the right to refuse the Personal Data Subject to execute the Request if the Personal Data Subject 's requirements are illegal, with indication of the reasons for such refusal (hereinafter referred to as the "Refusal").
In writing, signed by the authorized person of the Operator, the Refusal or Notice of Execution of the Request (hereinafter referred to as the "Notice") shall be sent to the postal address of the Personal Data Subject specified in the Request. The refusal (Notice) may be sent in the form of an electronic image of the signed document and sent to the personal account of the Personal Data Subject on the Platform or to the e-mail address specified by the Personal Data Subject on the personal account on the Platform, including in the form of a login. Refusal (Notification) shall be sent not later than 7 business days from the date of receipt of the Request.
6.5. When personal data are processed and stored, personal data shall be destroyed except in cases provided for by the legislation of the Russian Federation, including provisions applicable to operators of information dissemination on the Internet.
6.6. Prevention of Personal Data Subject harm is one of the directions of this Policy and represents a set of legal, organizational and technical measures. Legal measures consist of study and application of legislation on prevention of harm, development of local acts and their application in this area of the Operator 's activity. Organizational measures include careful selection, training and placement of personnel, increasing their motivation in matters of prevention of harm, in particular, the sole executive body of the Operator approved the list of persons whose access to processed personal data is necessary for the performance of their labor duties, as well as the establishment of a structural division responsible for ensuring the security of personal data in the information system. Technical measures combine the creation of conditions and the implementation of measures to prevent harm, including:
- Organization of a security regime for premises in which an information system is located, which prevents the possibility of uncontrolled entry into or stay in these premises of persons who do not have the right of access to these premises;
- Ensuring safety of Operator 's technologies, including material personal data carriers;
- Establishing and maintaining appropriate security regimes, using information security tools that have passed the procedure of assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, when the use of such tools is necessary to neutralize current threats;
- Prevention of the Operator 's confidential information, including information constituting trade secrets, to unauthorized persons;
- Ensuring Operator 's information security, uninterrupted operation of personal data processing equipment (Computer equipment, information and computing complexes and networks, means and systems for transmitting, receiving and processing personal data (Means and systems of sound recording, sound amplification, sound reproduction, talking and television devices, means of production, reproduction of documents and other technical means of processing speech, graphic, video and alphanumeric information) Software tools (operating systems, database management systems, etc.), information security tools used in information systems);
- Continuous control over ensuring the level of personal data security.
1) Hereby, a Citizen who has reached the age of 18 years (hereinafter referred to as "Personal Data Subject","User") freely, by his will and in his interest, gives "the Operator", Doctor at Work, 127 055, Moscow, Novoslobodskay street, bld.41, fl.4, room 1, PSRN 1 107 746 240 876, consent to the processing of his personal data in accordance with Article 9 of the Federal Law On Personal Data of July 27, 2006 No. 152-FЗ.
2) This consent is specific, informed and conscious.
3) The purpose of processing of personal data is registration and authorization on the www.doktornarabote.ru/doktornarabote.ru site and in the mobile application for IOS/Android Doctor’s Feed, Doctorgram (Hereinafter referred to as the "Platform") to use the Platform, to provide access to the resources of the Platform, Establishment by the Operator with the Subject of feedback personal data, including notification, Requests relating to the use of the Platform, provision of services, processing of requests and requests from the Personal Data Subject of the Platform, Confirmation of validity and completeness of personal data provided by the Personal Data Subject, Creation of an account for the Personal Data Subject on the Platform, provision of effective client and technical support to the Personal Data Subject in case of problems related to the use of the Platform for promotion (Advertising) of goods, works, services on the market using the Platform, for carrying out statistical or other research, including for refining and improving the Platform. Personal data can be used for other purposes if it is mandatory in accordance with the provisions of the legislation of the Russian Federation.
4) List of personal data to be processed by the Personal Data Subject: Last name, first name and middle name (if any), day, month, year and place of birth, tax ID number, SNILS, gender, e-mail address, permanent registration address, region (Subject) of residence, postal address, telephone number, citizen image, identity document data (Series and passport number, by whom and when issued, etc.), Information on education (including information on the educational institution in which the citizen is studying/trained, date of beginning and completion of training, other information) Including information on the document on education and qualifications (Number, date of issue, etc.), information on the degree, including the document on the assignment of the degree (Number, date of issue, etc.), certificate of specialist and/or certificate of accreditation of specialist issued to medical personnel (Number, date of issue, etc.), information on the state of the citizen in labour relations (Name of employer, place of work, including with indication of separate structural subdivision and its location, position, length of work in specialty, other information), Account details of credit institutions, information necessary for the calculation and payment of taxes and insurance premiums and other similar information received from the Personal Data Subject for the purpose of using the Platform, including in the form of copies of documents.
5) List of actions with personal data to which consent is given: all actions with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), impersonation, blocking, Removal, destruction of personal data.
6) This consent is given for a period of time until the withdrawal of the consent.
2. The Personal Data Subject agrees to process its personal data, including for the purpose of promotion (advertising) of goods, works, services on the market using the Platform. The Personal Data Subject agrees to receive as in the personal office of the Platform, Or in the form of mail, e-mail or mail, Notifications, including voice messages and calls to mobile phone numbers and other advertising devices and other information on medicines, Medical products, means and methods of treatment, other advertising and information related to the Platform, including directly from advertisers.
3. The Personal Data Subject shall also give the Operator, on the basis of Article 152.1 of the Civil Code of the Russian Federation (Part One), consent to the use of his image regardless of the form of his expression, including photography, drawing, computer graphics, video recordings, for the purposes specified in paragraph 3 of Section 1 of this Agreement.
