Where to buy
RU
Products
About the company
Contacts
Blog
Partners
RU
Where to buy
Products
About the company
Contacts
Blog
Partners
Privacy Policy and Personal Data Processing
1. General Provisions

1.1. This Policy has been developed for the purpose of ensuring the protection of the rights and freedoms of a person and a citizen when processing their personal data, including the protection of rights to privacy, personal and family secrets.

Key concepts used in this Policy:

personal data — any information relating to a directly or indirectly identified or identifiable natural person (data subject);
personal data operator (operator) — a state body, a municipal body, a legal entity or a natural person that, independently or jointly with other persons, organizes and (or) carries out the processing of personal data, and also determines the purposes of the processing of personal data, the composition of the personal data subject to processing, the actions (operations) performed with personal data;
processing of personal data — any action (operation) or a set of actions (operations) with personal data performed using automation tools or without using them.
Personal data processing includes, among other things:
  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • clarification (updating, modification);
  • retrieval;
  • use;
  • transfer (dissemination, provision, access);
  • anonymization;
  • blocking;
  • deletion;
  • destruction;
automated processing of personal data — processing of personal data using computer technology;
dissemination of personal data — actions aimed at disclosing personal data to an unlimited number of persons;
provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
blocking of personal data — a temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);
destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in an information system for personal data and (or) as a result of which material media containing personal data are destroyed;
anonymization of personal data — actions as a result of which it becomes impossible, without using additional information, to determine the affiliation of personal data with a specific personal data subject;
personal data information system — a set of personal data contained in databases, and information technologies and technical means that ensure their processing.

1.3. Main rights and duties of the Operator.

1.3.1. The Operator has the right to:
  • independently determine the composition and list of measures that are necessary and sufficient to ensure the performance of the duties provided for by the Personal Data Law and by regulatory legal acts adopted in accordance with it, unless otherwise provided for by the Personal Data Law or other federal laws;
  • to instruct another person to process personal data with the consent of the personal data subject, unless otherwise provided for by federal law, on the basis of a contract concluded with that person. The person who processes personal data on behalf of the Operator is obligated to comply with the principles and rules for processing personal data provided for by the Personal Data Law, to maintain the confidentiality of personal data, and to take the necessary measures aimed at ensuring the fulfillment of the duties provided for by the Personal Data Law;
  • if the personal data subject withdraws consent to the processing of personal data, the Operator may continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
1.3.2. The Operator is obligated to:
  • organize the processing of personal data in accordance with the requirements of the Personal Data Law;
  • respond to requests and inquiries from personal data subjects and their lawful representatives in accordance with the requirements of the Personal Data Law;
  • submit to the authorized body for the protection of the rights of personal data subjects (the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications (Roskomnadzor)) the information necessary, at the request of this body, within 10 working days from the date of receipt of such a request. This period may be extended, but by no more than five working days. For this, the Operator must send to Roskomnadzor a reasoned notice indicating the reasons for extending the time for providing the requested information;
  • in the manner determined by the federal executive authority authorized in the field of security, to ensure interaction with the state system for detecting, preventing and mitigating the consequences of computer attacks on the information resources of the Russian Federation, including by informing it of computer incidents that resulted in unlawful transfer (disclosure, dissemination, access) of personal data.
1.4. The main rights of the personal data subject. The personal data subject has the right to:

  • receive information concerning the processing of his or her personal data, except for the cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it must not include personal data relating to other personal data subjects, except when there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
  • demand that the Operator clarify his or her personal data, block them or destroy them in cases where personal data are incomplete, outdated, inaccurate, obtained unlawfully, or are not necessary for the stated purpose of processing, and also take the measures provided by law to protect their rights;
  • give preliminary consent to the processing of personal data for the purpose of promoting goods, works and services in the market;
  • to appeal to Roskomnadzor or in a court procedure against unlawful actions or inaction by the Operator in the processing of his personal data.
2. Purposes of personal data processing

2.1. Processing of personal data is limited to achieving specific, заранее defined and lawful purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
2.2. Only personal data that meet the purposes of their processing are subject to processing.
2.3. The Operator’s processing of personal data is carried out for the following purposes:
  • carrying out its activities in accordance with the charter of LLC “Bergauf Construction Technologies”, including entering into and performing contracts with counterparties;
  • performance of labour legislation within the framework of employment and other directly related legal relationships, including: assisting employees with employment, obtaining education and career advancement, recruiting and selecting job candidates for the Operator, ensuring the personal safety of employees, monitoring the quantity and quality of the work performed, ensuring the preservation of property, maintaining HR and accounting records, completing and transmitting to the authorized bodies the required reporting forms, organizing the maintenance of individual (personalized) records of employees in the systems of compulsory pension insurance and compulsory social insurance;
  • advertising and marketing promotions;
  • the implementation of an access-control regime.
2.4. The processing of personal data may be carried out exclusively for the purposes of ensuring compliance with laws and other regulatory legal acts.
3. Legal grounds for the processing of personal data

3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in pursuance of which and in accordance with which the Operator carries out the processing of personal data, including:
  • the Constitution of the Russian Federation;
  • the Civil Code of the Russian Federation;
  • the Labour Code of the Russian Federation;
  • the Tax Code of the Russian Federation;
  • Federal Law No. 14-FZ of 08.02.1998 “On Limited Liability Companies”;
  • Federal Law No. 402-FZ of 06.12.2011 “On Accounting”;
  • Federal Law No. 167-FZ of 15.12.2001 “On Compulsory Pension Insurance in the Russian Federation”;
  • other regulatory legal acts governing relationships related to the Operator’s activities.
3.2. The legal basis for the processing of personal data also includes:

  • the charter of LLC “Bergauf Construction Technologies”;
  • agreements concluded between the Operator and personal data subjects;
  • consent of personal data subjects to the processing of their personal data.
4. Scope and categories of personal data processed, categories of personal data subjects

4.1. The content and scope of the personal data processed must correspond to the stated purposes of processing set out in Section 2 of this Policy. The personal data processed must not be excessive in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment with the Operator — for the purposes of complying with labor legislation within the framework of employment and other directly related legal relationships, ensuring access control:
  • surname, first name, patronymic;
  • gender;
  • citizenship;
  • date and place of birth;
  • contact details;
  • information about education, work experience, and qualifications;
  • other personal data provided by candidates in their resumes and cover letters.
4.2.2. Employees and former employees of the Operator — for the purposes of complying with labor legislation within the framework of employment and other directly related legal relationships, ensuring access control:
  • surname, first name, patronymic;
  • gender;
  • citizenship;
  • date and place of birth;
  • image (photograph);
  • passport details;
  • residential registration address (at place of residence);
  • actual place of residence address;
  • contact details;
  • individual taxpayer identification number;
  • insurance number of the individual personal account (SNILS);
  • information about education, qualifications, professional training, and advanced training/continued education;
  • marital status, whether the person has children, family ties;
  • information about employment activity, including whether there are incentives, awards and/or disciplinary actions;
  • marriage registration data;
  • information about military registration;
  • information on disability;
  • information on the withholding of child support (alimony);
  • information on income from a previous place of employment;
  • other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of the Operator’s employees— for the purposes of complying with labor legislation in the context of employment and other directly related relationships:
  • surname, first name, patronymic;
  • degree of relationship;
  • year of birth;
  • other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. Clients and counterparties of the Operator (individuals)— for the purposes of carrying out their activities in accordance with the charter of Bergauf Construction Technologies LLC:
  • surname, first name, patronymic;
  • date and place of birth;
  • passport details;
  • residential registration address (at place of residence);
  • contact details (including phone number, email address, messenger details);
  • position being filled;
  • individual taxpayer identification number;
  • bank account number;
  • other personal data provided by customers and counterparties (individuals) that are necessary for the conclusion and performance of contracts.
4.2.5. Representatives (employees) of the Operator’s customers and counterparties (legal entities) — for the purposes of carrying out their activities in accordance with the charter of Bergauf Construction Technologies LLC:
  • surname, first name, patronymic;
  • passport details;
  • contact details;
  • position being filled;
  • other personal data provided by representatives (employees) of the clients and counterparties, required to enter into and perform contracts.
4.3. The Operator’s processing of biometric personal data (information characterizing a person’s physiological and biological characteristics, on the basis of which their identity can be established) is carried out in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, intimate life, except in cases provided for by the laws of the Russian Federation.
5. Procedure and conditions for processing personal data

5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of the personal data subjects to the processing of their personal data, and also without such consent in cases provided for by the legislation of the Russian Federation.
5.3. The Operator processes personal data for each purpose of their processing using the following methods:
  • non-automated processing of personal data;
  • automated processing of personal data with or without transmission of the obtained information over information and telecommunications networks;
  • mixed processing of personal data.
5.4. Employees of the Operator whose job duties include the processing of personal data are allowed to process personal data.
5.5. Processing personal data for each purpose of processing specified in paragraph 2.3 of the Policy is carried out by:
  • obtaining personal data in oral and written form directly from the data subjects;
  • entering personal data into the Operator’s journals, registers, and information systems;
  • using other methods of processing personal data.
5.6. Disclosure of personal data to third parties and dissemination of personal data without the consent of the personal data subject is not permitted, unless otherwise provided for by federal law. Consent to the processing of personal data that the personal data subject permits for dissemination is issued separately from the personal data subject’s other consents to the processing of his or her personal data.
5.7. The transfer of personal data to bodies of inquiry and investigation, to the Federal Tax Service, the Social Fund of Russia, and other authorized federal executive bodies and organizations shall be carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, dissemination, and other unauthorized actions, including:
  • identifies security threats to personal data during their processing;
  • adopts local regulatory acts and other documents governing relations in the field of processing and protection of personal data;
  • appoints persons responsible for ensuring the security of personal data in the Operator’s structural units and information systems;
  • creates the necessary conditions for working with personal data;
  • organizes record-keeping of documents containing personal data;
  • organizes work with information systems in which personal data are processed;
  • stores personal data under conditions that ensure their preservation and exclude unlawful access to them;
  • organizes training for the Operator’s employees who perform personal data processing.
5.9. The Operator stores personal data in a form that allows identifying the personal data subject no longer than is required for each purpose of personal data processing, unless the retention period of personal data is established by federal law or a contract.
5.10. The Operator terminates the processing of personal data in the following cases:
  • the fact of their unlawful processing is identified. Term — within three business days from the date the fact is identified;
  • the purpose of processing them is achieved;
  • the period of validity has expired or the data subject’s consent to the processing of the specified data has been withdrawn, when, under the Personal Data Law, the processing of this data is permitted only with consent.
5.11. Upon achieving the purposes of processing personal data, and also in the event that the data subject withdraws consent to the processing of such personal data, the Operator shall cease processing this data if:
  • unless otherwise provided for in the agreement of which the data subject is a party, beneficiary, or guarantor;
  • the Controller shall not be entitled to carry out processing without the consent of the data subject on the grounds provided for by the Personal Data Act or other federal laws;
  • unless otherwise provided for in another agreement between the Controller and the data subject.
5.12. When the data subject contacts the Controller with a request to stop processing personal data within a period not exceeding 10 business days from the date the Controller receives the relevant request, the processing of personal data shall be discontinued, except in cases provided for by the Personal Data Act. The specified period may be extended, but by no more than five business days. For this purpose, the Controller must send the data subject a reasoned notice indicating the reasons for extending the period.
5.13. When collecting personal data, including through the information and telecommunications network Internet, the Controller ensures recording, systematization, accumulation, storage, updating (changing, revising), retrieval of personal data of citizens of the Russian Federation using databases located in the territory of the Russian Federation, except in cases specified in the Personal Data Act.
6. Updating, correction, deletion, destruction of personal data; responses to requests by data subjects for access to personal data

6.1. Confirmation that the Controller is processing personal data, the legal grounds and purposes of processing personal data, as well as other information specified in Part 7 of Article 14 of the Personal Data Act, shall be provided by the Controller to the data subject or its representative within 10 business days from the date of application or from the date the Controller receives a request from the data subject or its representative. This period may be extended, but by no more than five business days. For this purpose, the Controller shall send the data subject a reasoned notice indicating the reasons for extending the period for providing the requested information.
The personal data relating to other personal data subjects are not included in the information provided, except where there are lawful grounds to disclose such personal data.
The request must include:
  • the number of the primary document certifying the identity of the personal data subject or their representative, information about the date of issue of the specified document and the issuing authority;
  • information confirming the personal data subject’s participation in relations with the Operator (contract number, contract conclusion date, a conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
  • signature of the data subject or their representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If, in the application (request) of the personal data subject, all necessary information is not reflected in accordance with the requirements of the Personal Data Act or the subject does not have the rights to access the requested information, then a reasoned refusal is sent to them.
The personal data subject’s right to access their personal data may be limited in accordance with Part 8 of Article 14 of the Personal Data Act, including if the subject’s access to their personal data violates the rights and legitimate interests of third parties.
6.2. In the event that inaccurate personal data are identified upon an application by the personal data subject or their representative, or at their request, or at the request of Roskomnadzor, the Operator blocks the personal data relating to this personal data subject from the moment of such application or receipt of the specified request for the duration of the verification, provided that blocking of the personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
If the inaccuracy of personal data is confirmed, the Operator, based on the information provided by the personal data subject or their representative or by Roskomnadzor, or other necessary documents, clarifies the personal data within seven business days from the date such information is submitted and removes the blocking of the personal data.
6.3. In the event that unlawful processing of personal data is identified upon an application (request) by the personal data subject or their representative or by Roskomnadzor, the Operator blocks the personal data processed unlawfully that relates to this personal data subject from the moment of such application or receipt of the request.
6.4. Procedure for the destruction of personal data by the Operator.
6.4.1. Conditions and timelines for the destruction of personal data by the Operator:
  • achievement of the purpose of processing the personal data, or the loss of the need to achieve that purpose — within 30 days;
  • upon achievement of the maximum retention periods of documents containing personal data—within 30 days;
  • receipt by the data subject (or their representative) of confirmation that the personal data were obtained unlawfully or are not necessary for the stated purpose of processing—within seven working days;
  • withdrawal by the data subject of consent to the processing of their personal data, if retention of such data for the purpose of processing is no longer required—within 30 days.
6.4.2. Upon achievement of the purpose of processing personal data, as well as in the event that the data subject withdraws consent to their processing, the personal data shall be subject to destruction if:
  • otherwise is not provided for by the contract of which the data subject is a party, a beneficiary, or a guarantor;
  • the operator is not entitled to carry out processing without the consent of the subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws;
  • otherwise is not provided for by another agreement between the Operator and the subject of personal data.
If you want to report a violation of this security policy, send a message to this address: bergaufinfo@bergauf.ru