Social Responsibility

Dear site visitor,
This site is not a public offer and is for informational purposes only. By submitting applications from the site, you authorize the Processing of Personal Data in accordance with the Federal Law of the Russian Federation dd. July 27, 2006 N 152-FZ. You can download profile documents for review by following the links below. Despite the fact that the information on the site has been prepared with the utmost care, Russalt and its employees cannot guarantee the accuracy and completeness of the information included on the site. Russalt and employees are not responsible for losses from the use of information contained on the site. Thank you for your trust.

Regulations on the processing and protection of personal data of Russalt

1. General Provisions.
1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy)
drawn up in accordance with the Federal Law dd. July 27, 2006 No. 152-FZ “On Personal Data”, as well as other regulatory legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter referred to as the Data), which the Organization (hereinafter referred to as the Operator, the Company) can receive from the subject of personal data, which is a party to a civil law contract, as well as from the subject of personal data, which is with the Operator in relations regulated by labor legislation (hereinafter referred to as the Employee). This Policy is the fundamental internal regulatory document of the Company that defines the key areas of its activities in the field of processing and protecting personal data.
1.2. The operator ensures the protection of processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law dd. July 27, 2006 No. 152-FZ “On Personal Data”.
This Policy applies to personal data of citizens whose personal data is processed by the Company.
According to the provisions of the current legislation under the collection of personal data refers to the purposeful process of obtaining personal data by the Operator directly from the Subject of personal data or through third parties specially involved for this. In this connection, only those personal data that were received by the Operator as a result of the purposeful activities carried out by him to organize the collection of such data, and not as a result of accidental (unsolicited) access to personal data, are subject to localization.
Accidental, unintentional receipt, storage and other operations with personal data of citizens do not entail the obligation to localize the processing of personal data in the Company, and therefore, the Company should not take any action in relation to personal data that accidentally got to it. In particular, localization is not required in the case of:
(i) unsolicited collection of personal data, for example, arbitrary (random) incoming correspondence and e-mails, (ii) receipt of personal data received by the Company from other legal entities, if such data is contact information of employees or representatives of such legal entities, transferred in the course of their legal activities.
1.3. This Policy is mandatory for all employees of the Company working under an employment contract concluded with the Company, who directly process or have access to the personal data of the Subjects, as well as persons who process or have access to the personal data of the Subjects on the basis of agreements concluded with the Company , or on other legal grounds, in the manner and on the terms provided for in this Policy (hereinafter referred to as Employees).
1.4. The purpose of developing the Policy is to determine the procedure for processing personal data of Personal Data Subjects; ensuring the protection of the rights and freedoms of the Subjects of personal data when processing their personal data; establishing a regime for the confidentiality of personal data, as well as establishing the responsibility of officials who have access to personal data for failure to comply with the requirements of the rules governing the processing and protection of personal data.
1.5. This Policy comes into force from the moment of its approval by the order of the General
Director of the Company and is valid indefinitely until canceled or replaced by a new Policy. The Operator has the right to make changes to this Policy. All changes to the Policy are made by order of the General Director. The new version of the Policy is mandatory posted on the Company’s website (https://russalt.ru).
2. Terms and accepted abbreviations.
Operator – an organization that independently or jointly with other persons organizes the processing of personal data, as well as determines the purposes of processing personal data to be processed, actions (operations) performed with personal data. The operator is Russalt Limited Liability Company (Russalt, TIN 5611055980, OGRN 1085658025650), located at: 460009, Orenburg Region, Orenburg, Zwillinga Str., 61/1.
Information – information (messages, data) regardless of the form of their presentation.
Personal Data (PD) – any information relating to an individual identified or determined on the basis of such information (Personal Data Subject), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social , property status, education, profession, income, other information, necessary information;
Publicly available personal data – personal data, access to which is granted to an unlimited number of persons with the consent of the Personal Data Subject or to which, in accordance with federal laws, the confidentiality requirement does not apply.
Use of personal data – actions (operations) with personal data,
committed by an official of the Company in order to make decisions or perform other actions that give rise to legal consequences in relation to the Subjects of personal data or otherwise affect their rights and freedoms or the rights and freedoms of other persons.
Organizational measures for the protection of personal data are organizational measures that regulate the functioning of the personal data processing system, the use of its resources, the activities of personnel, as well as the procedure for users to interact with the system in such a way as to most hinder or exclude the possibility of implementing security threats.
Confidentiality of personal data is mandatory for the Employee,
who has gained access to personal data, the requirement not to allow their distribution without the consent of the Subject of personal data or other legal grounds.
Processing of personal data – any action (operation) or set of actions
(operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization , blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Personal data information system (PDIS) – a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Personal data made public by the subject of personal data is PD, access to which is provided to an unlimited number of persons by the subject of personal data or at his request.
Blocking of personal data is a temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data).
Depersonalization of personal data – actions as a result of which it is impossible to determine the ownership of personal data by a particular Subject.
Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;

3. Processing of personal data.
3.1. Composition of personal data. The personal data of the Subjects may include
the following personal data:
3.1.1. Full Name;
3.1.2. Date of Birth;
3.1.3. Place of Birth;
3.1.4. Passport data:
• type of document;
• series and document number;
• body that issued the document (name, subdivision code);
• date of issue of the document.
3.1.5. Address of registration of the place of residence;
3.1.6. Address of actual place of residence;
3.1.7. SNILS, TIN;
3.1.8. Floor;
3.1.9. Contact phone number;
3.1.10. E-mail address;
3.1.11. Information about close relatives:
• Full Name;
• Date of Birth;
• Place of Birth;
• Address of residence;
• Place of work and position;
• Contact details.
3.1.12. Information about labor activity;
3.1.13. Information about education;
3.1.14. Information about the level of income;
3.1.15. Information about marital status.
3.2. The subject of personal data or his representative may transfer the personal data of the Subject, other than those given in paragraphs. 3.1.1 – 3.1.15. provided that their content and scope correspond to the stated purposes of processing.
3.3. Getting PD.
3.3.1. All PD should be obtained from the subject himself. If the subject’s PD can only be obtained from
third party, then the subject must be notified of this or consent must be obtained from him.
In cases not expressly provided for by applicable law or contract, processing is carried out after obtaining the consent of the subject of personal data. Consent can be expressed in the form of performing actions, accepting the terms of the offer agreement, putting down the appropriate marks, filling in the fields in the forms, forms, or in writing in accordance with the law. A mandatory case of obtaining prior consent is, for example, contact with a potential consumer when promoting the Operator’s goods and services on the market.
3.3.2. The operator must inform the subject about the purposes, alleged sources and methods
receipt of PD, the nature of the PD to be received, the list of actions with PD, the period during which the consent is valid and the procedure for its withdrawal, as well as the consequences of the subject’s refusal to give written consent to receive them.
3.3.3. Documents containing PD are created by:
– copies of original documents (passport, education certificate, TIN certificate, pension certificate, etc.);
– entering information into accounting forms;
– obtaining the originals of the necessary documents (employment record, medical report,
characteristic, etc.).
3.4. PD processing.
3.4.1. The processing of personal data is carried out:
– with the consent of the subject of personal data to the processing of his personal data;
– in cases where the processing of personal data is necessary for the implementation and fulfillment of the functions, powers and duties assigned by the legislation of the Russian Federation;
– in cases where the processing of personal data is carried out, access to which is granted to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as personal data made public by the subject of persona
3.4.2. Purposes of personal data processing:
– implementation of labor relations;
– implementation of civil law relations.
3.4.3. Categories of personal data subjects.
PDs of the following PD subjects are processed:
– individuals who are in labor relations with the Company;
– individuals who resigned from the Company;
– individuals who are candidates for employment;
– individuals who are in civil law relations with the Company.
3.4.4. PD processed by the Operator:
– data obtained during the implementation of labor relations;
– data obtained for the selection of candidates for work;
3.4.5. The processing of personal data is carried out:
– using automation tools;
– without the use of automation tools.
3.5. When processing, the accuracy of PD, their sufficiency and relevance in relation to the purposes of PD processing are ensured. If inaccurate or incomplete personal data is found, they are clarified and updated. For PD that is not publicly available, confidentiality is ensured.
3.6. The processing and storage of personal data is carried out no longer than required by the purposes of processing personal data, if there are no legal grounds for further processing, for example, if the federal law or the agreement with the subject of personal data does not establish an appropriate storage period. The processed personal data is subject to destruction or depersonalization upon the occurrence of the following conditions:
achievement of the purposes of processing personal data or maximum storage periods – within
30 days;
loss of the need to achieve the purposes of processing personal data – within 30 days;
provision by the subject of personal data or his legal representative of confirmation that personal data is illegally obtained or not necessary for the stated purpose of processing – within 7 days;
the impossibility of ensuring the legality of the processing of personal data – within 10 days;
withdrawal by the subject of personal data of consent to the processing of personal data, if
storage of personal data is no longer required for the purposes of processing personal data – within 30 days;
withdrawal by the subject of personal data of consent to the use of personal data for
contacts with potential consumers when promoting goods and services – within 2 days;
expiration of the limitation periods for legal relations within the framework of which the processing of personal data is carried out or was carried out;
liquidation (reorganization) of the Operator.
3.5. PD storage.
3.5.1. Subjects’ PD can be received, further processed and transmitted to
storage both on paper and in electronic form.
3.5.2. PD recorded on paper are stored in lockable cabinets or in
locked rooms with limited access rights.
3.5.3. PD of subjects processed using automation tools for various purposes,
are stored in different folders.
3.5.4. It is not allowed to store and place documents containing PD in open electronic catalogs (file hosting) in ISPD.
3.5.5. Storage of PD in a form that allows to identify the subject of PD is carried out no longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
3.6. Destruction of PD.
3.6.1. Destruction of documents (carriers) containing PD is carried out by burning,
crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder.
A shredder may be used to destroy paper documents.
3.6.2. PDs on electronic media are destroyed by erasing or formatting the media.
3.7. PD transmission.
3.7.1. The operator transfers PD to third parties in the following cases:
– the subject has expressed his consent to such actions;
– the transfer is provided for by Russian or other applicable law within the framework of
procedure established by law.
3.7.2. List of persons to whom PD is transferred.
Third parties to whom PD is transferred:
– The Pension Fund of the Russian Federation for accounting (legally);
– tax authorities of the Russian Federation (legally);
– The Social Insurance Fund of the Russian Federation (legally);
– Territorial fund of obligatory medical insurance (legally);
– insurance medical organizations for compulsory and voluntary medical
insurance (legally);
– banks for payroll (on the basis of an agreement);
– bodies of the Ministry of Internal Affairs of Russia in cases established by law;
– customs authorities in cases established by law;
– counterparties of the Company (on the basis of concluded agreements).
4. Protection of personal data.
4.1. In accordance with the requirements of regulatory documents, the Operator created a protection system
personal data (SPPD), consisting of subsystems of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a complex of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the CPAP.
4.3. The organizational protection subsystem includes the organization of the management structure
SZPD, permit system, information protection when working with employees, partners and third parties.
4.4. The technical protection subsystem includes a set of technical, software,
software and hardware that ensure the protection of PD.
4.5. The Operator takes the necessary legal, organizational and technical measures to ensure the security of personal data to protect it from unauthorized (including accidental) access, destruction, modification, blocking access and other unauthorized actions. These measures include, in particular:
appointment of employees responsible for organizing the processing and ensuring the security of personal data;
checking the availability in contracts and including, if necessary, clauses on ensuring the confidentiality of personal data in contracts;
development of a policy regarding the processing of personal data;
publication of local acts on the processing of personal data, familiarization with them
employees, user training;
ensuring the physical security of premises and processing facilities, access control, security;
restriction and differentiation of access of employees and other persons to personal data and means of processing, monitoring of actions with personal data;
establishing rules for access to PD processed in ISPD, as well as ensuring registration and accounting of all actions performed with PD in ISPD;
setting individual passwords for employee access to the information system in
accordance with their production duties;
identification of threats to the security of personal data during their processing, the formation of
based on threat models;
the use of security tools (anti-virus tools, firewalls, means of protection against unauthorized access, means of cryptographic information protection), including those that have passed the conformity assessment procedure in the prescribed manner;
accounting and storage of information carriers, excluding their theft, substitution, unauthorized copying and destruction;
backing up information for recovery;
implementation of internal control over compliance with the established procedure, verification of the effectiveness of the measures taken, response to incidents.
5. Basic rights of the subject of PD and obligations of the Operator.
5.1. The subject of personal data has the right to withdraw consent to the processing of personal
data by sending a corresponding request to the Operator by mail or by contacting in person.
5.2. The subject of personal data has the right to receive information regarding the processing of his personal data, including information containing:
confirmation of the fact of processing personal data by the Operator;
legal grounds and purposes of personal data processing;
the purposes and methods used by the Operator for processing personal data;
name and location of the Operator, information about persons (except
employees/employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the provision of such data is provided by federal law;
terms of processing personal data, including the terms of their storage;
the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law “On Personal Data”;
information about the performed or proposed cross-border data transfer;
the name or surname, name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;
other information provided for by the Federal Law “On Personal Data” or other federal laws.
5.3. The subject of personal data has the right to require the Operator to clarify his personal
data, their blocking or destruction in the event that personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.
5.4. Obligations of the Operator.
The operator is obliged:
– when collecting PD, provide information on the processing of PD;
– in cases where the PD was received not from the subject of the PD, notify the subject;
– in case of refusal to provide PD, the consequences of such refusal are explained to the subject;
– publish or otherwise provide unrestricted access to a document that defines its policy regarding the processing of PD, to information about the implemented requirements for the protection of PD;
– take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other ill
– respond to requests and appeals of PD subjects, their representatives and the authorized body for the protection of the rights of PD subjects.
Other rights and obligations of the Operator are determined by the current legislation.
6. Responsibility for violation of the rules governing the processing and security of personal data
6.1. Persons guilty of violating the norms governing the receipt, processing and protection of the personal data of the Subject are subject to material, administrative, criminal and civil liability on the basis of a court decision, as well as to disciplinary liability.