Where to buy
RU
Products
About the company
Contacts
Blog
For partners
RU
Where to buy
Products
About the company
Contacts
Blog
For partners
Privacy and Personal Data Processing Policy
1. General Provisions

1.1. This Policy is developed to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of the right to privacy, personal and family secrets.

Basic concepts used in the Policy:

personal data — any information relating to a directly or indirectly identified or identifiable natural person (personal data subject);
personal data operator (operator) — a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
personal data processing — any action (operation) or set of actions (operations) with personal data, performed using automation tools or without using them.
Personal data processing includes, among other things:
  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • clarification (updating, modification);
  • extraction;
  • use;
  • transfer (distribution, provision, access);
  • depersonalization;
  • blocking;
  • deletion;
  • destruction;
automated processing of personal data — processing of personal data using computing equipment;
distribution of personal data — actions aimed at disclosing personal data to an indefinite circle of persons;
provision of personal data — actions aimed at disclosing personal data to a specific person or a specific circle of persons;
blocking of personal data — temporary cessation of personal data processing (except in cases where processing is necessary for the clarification of personal data);
destruction of personal data — actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed;
depersonalization of personal data — actions as a result of which it becomes impossible to determine the ownership of personal data by a specific personal data subject without using additional information;
personal data information system — a set of personal data contained in databases and information technologies and technical means that ensure their processing.

1.3. Main rights and obligations of the Operator.

1.3.1. The Operator has the right to:
  • independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
  • entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for the processing of personal data provided for by the Law on Personal Data, maintain the confidentiality of personal data, and take the necessary measures aimed at ensuring the fulfillment of the obligations provided for by the Law on Personal Data;
  • in case the personal data subject withdraws their consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data.
1.3.2. The Operator is obliged to:
  • organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
  • respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
  • report to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this body the necessary information within 10 working days from the date of receipt of such a request. This period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the period for providing the requested information;
  • in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detection, prevention, and elimination of consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that resulted in the unlawful transfer (provision, distribution, access) of personal data.
1.4. Basic rights of the personal data subject. The personal data subject has the right to:

  • receive information regarding the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except in cases where there are legal grounds for the disclosure of such personal data. The list of information and the procedure for obtaining it are established by the Law on Personal Data;
  • require the operator to clarify, block, or destroy their personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
  • give prior consent to the processing of personal data for the purpose of promoting goods, works, and services on the market;
  • appeal against unlawful actions or inaction of the Operator during the processing of their personal data to Roskomnadzor or in court.
2. Purposes of personal data processing

2.1. The processing of personal data is limited to the achievement of specific, predetermined, and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.
2.2. Only personal data that meets the purposes of their processing is subject to processing.
2.3. The processing of personal data by the Operator is carried out for the following purposes:
  • carrying out its activities in accordance with the charter of LLC "Bergauf Construction Technologies", including the conclusion and execution of contracts with counterparties;
  • execution of labor legislation within the framework of labor and other directly related relations, including: assisting employees in employment, education and career advancement, attracting and selecting candidates for work at the Operator, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, filling out and submitting required reporting forms to authorized bodies, organizing individual (personalized) registration of employees in the systems of compulsory pension insurance and compulsory social insurance;
  • advertising and marketing campaigns;
  • implementation of the access control regime.
2.4. Processing of personal data may be carried out exclusively for the purpose of ensuring compliance with laws and other regulatory legal acts.
3. Legal grounds for personal data processing

3.1. The legal basis for the processing of personal data is the set of regulatory legal acts, in the execution of which and in accordance with which the Operator processes personal data, including:
  • Constitution of the Russian Federation;
  • Civil Code of the Russian Federation;
  • Labor Code of the Russian Federation;
  • Tax Code of the Russian Federation;
  • Federal Law No. 14-FZ of 08.02.1998 "On Limited Liability Companies";
  • Federal Law No. 402-FZ of 06.12.2011 "On Accounting";
  • Federal Law No. 167-FZ of 15.12.2001 "On Compulsory Pension Insurance in the Russian Federation";
  • other regulatory legal acts governing relations related to the activities of the Operator.
3.2. The legal basis for the processing of personal data also includes:

  • the Charter of LLC "Bergauf Construction Technologies";
  • contracts concluded between the Operator and personal data subjects;
  • consent of personal data subjects to the processing of their personal data.
4. Scope and categories of processed personal data, categories of personal data subjects

4.1. The content and scope of processed personal data must correspond to the stated purposes of processing provided for in Section 2 of this Policy. The processed personal data must not be excessive in relation to the stated purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects.
4.2.1. Candidates for employment with the Operator — for the purposes of complying with labor legislation within the framework of labor and other directly related relations, and for implementing access control:
  • surname, first name, patronymic;
  • gender;
  • citizenship;
  • date and place of birth;
  • contact details;
  • information on education, work experience, qualifications;
  • other personal data provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator — for the purposes of complying with labor legislation within the framework of labor and other directly related relations, and for implementing access control:
  • surname, first name, patronymic;
  • gender;
  • citizenship;
  • date and place of birth;
  • image (photograph);
  • passport details;
  • registered address of residence;
  • actual residential address;
  • contact details;
  • individual taxpayer identification number;
  • insurance number of the individual personal account (SNILS);
  • information on education, qualifications, professional training, and advanced training;
  • marital status, presence of children, family ties;
  • information on employment history, including the presence of incentives, awards, and (or) disciplinary actions;
  • marriage registration data;
  • military registration information;
  • disability information;
  • information on alimony withholding;
  • information on income from the previous place of work;
  • other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.3. Family members of the Operator's employees — for the purposes of fulfilling labor legislation within the framework of labor and other directly related relations:
  • surname, first name, patronymic;
  • degree of kinship;
  • year of birth;
  • other personal data provided by employees in accordance with the requirements of labor legislation.
4.2.4. Clients and counterparties of the Operator (individuals) — for the purposes of carrying out its activities in accordance with the charter of Bergauf Construction Technologies LLC:
  • surname, first name, patronymic;
  • date and place of birth;
  • passport details;
  • registered address of residence;
  • contact details (including phone number, email address, messenger details);
  • position held;
  • individual taxpayer identification number;
  • bank account number;
  • other personal data provided by clients and counterparties (individuals) necessary for the conclusion and performance of contracts.
4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities) — for the purposes of carrying out its activities in accordance with the charter of Bergauf Construction Technologies LLC:
  • surname, first name, patronymic;
  • passport details;
  • contact details;
  • position held;
  • other personal data provided by representatives (employees) of clients and counterparties, necessary for the conclusion and execution of contracts.
4.3. The processing of biometric personal data by the Operator (information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish their identity) is carried out in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, health status, or intimate life, except in cases provided for by the legislation of the Russian Federation.
5. Procedure and conditions for the processing of personal data

5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.
5.2. The processing of personal data is carried out with the consent of the personal data subjects to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.
5.3. The Operator processes personal data for each purpose of its processing in the following ways:
  • non-automated processing of personal data;
  • automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
  • mixed processing of personal data.
5.4. Employees of the Operator whose job duties include the processing of personal data are permitted to process personal data.
5.5. The processing of personal data for each purpose of processing specified in clause 2.3 of the Policy is carried out by:
  • obtaining personal data in oral and written form directly from the personal data subjects;
  • entering personal data into logs, registers, and information systems of the Operator;
  • using other methods of processing personal data.
5.6. Disclosure to third parties and dissemination of personal data without the consent of the personal data subject is not permitted, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the personal data subject for dissemination shall be drawn up separately from other consents of the personal data subject to the processing of their personal data.
5.7. The transfer of personal data to inquiry and investigative bodies, the Federal Tax Service, the Social Fund of Russia, and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, dissemination, and other unauthorized actions, including:
  • determines threats to the security of personal data during their processing;
  • adopts local regulations and other documents governing relations in the field of personal data processing and protection;
  • appoints persons responsible for ensuring the security of personal data in the Operator's structural units and information systems;
  • creates the necessary conditions for working with personal data;
  • organizes the record-keeping of documents containing personal data;
  • organizes work with information systems in which personal data is processed;
  • stores personal data under conditions that ensure their security and prevent unauthorized access to them;
  • organizes training for the Operator's employees who process personal data.
5.9. The Operator stores personal data in a form that allows identifying the personal data subject for no longer than required by each purpose of personal data processing, unless the storage period for personal data is established by federal law or a contract.
5.10. The Operator shall cease the processing of personal data in the following cases:
  • the fact of their unlawful processing is revealed. The deadline is within three working days from the date of detection;
  • the purpose of their processing has been achieved;
  • the validity period has expired or the personal data subject has withdrawn their consent to the processing of said data, when, under the Personal Data Law, the processing of such data is permitted only with consent.
5.11. Upon achieving the purposes of personal data processing, as well as in the event that the personal data subject withdraws their consent to their processing, the Operator shall cease the processing of such data, unless:
  • otherwise provided by an agreement to which the personal data subject is a party, beneficiary, or guarantor;
  • the Operator is not entitled to process data without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
  • otherwise provided by another agreement between the Operator and the personal data subject.
5.12. When a personal data subject requests the Operator to cease the processing of personal data, the processing of personal data shall be terminated within a period not exceeding 10 working days from the date of receipt of the corresponding request by the Operator, except in cases provided for by the Law on Personal Data. The specified period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to the personal data subject indicating the reasons for the extension.
5.13. When collecting personal data, including via the information and telecommunications network Internet, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for cases specified in the Law on Personal Data.
6. Updating, correction, deletion, destruction of personal data, responses to requests from subjects for access to personal data

6.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the personal data subject or their representative within 10 working days from the moment of the request or receipt of the request from the personal data subject or their representative. This period may be extended, but by no more than five working days. To do this, the Operator must send a reasoned notification to the personal data subject indicating the reasons for extending the period for providing the requested information.
The provided information does not include personal data relating to other personal data subjects, except in cases where there are legal grounds for the disclosure of such personal data.
The request must contain:
  • the number of the main document identifying the personal data subject or their representative, information on the date of issue of the specified document and the issuing authority;
  • information confirming the participation of the personal data subject in relations with the Operator (contract number, date of contract conclusion, conditional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
  • the signature of the personal data subject or their representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
If the appeal (request) of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or if the subject does not have access rights to the requested information, a reasoned refusal is sent to them.
The right of the personal data subject to access their personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of the personal data subject to their personal data violates the rights and legitimate interests of third parties.
6.2. In case of detection of inaccurate personal data upon the appeal of the personal data subject or their representative, or at their request, or at the request of Roskomnadzor, the Operator shall block the personal data related to this personal data subject from the moment of such appeal or receipt of the specified request for the duration of the verification, unless blocking the personal data violates the rights and legitimate interests of the personal data subject or third parties.
In case of confirmation of the fact of inaccuracy of personal data, the Operator, based on information provided by the personal data subject or their representative or Roskomnadzor, or other necessary documents, shall update the personal data within seven working days from the date of submission of such information and unblock the personal data.
6.3. In case of detection of unlawful processing of personal data upon the request (inquiry) of the personal data subject or their representative or Roskomnadzor, the Operator shall block the unlawfully processed personal data related to this personal data subject from the moment of such request or receipt of the inquiry.
6.4. Procedure for the destruction of personal data by the Operator.
6.4.1. Conditions and timeframes for the destruction of personal data by the Operator:
  • achievement of the purpose of personal data processing or loss of the need to achieve this purpose — within 30 days;
  • achievement of the maximum storage periods for documents containing personal data — within 30 days;
  • provision by the personal data subject (their representative) of confirmation that the personal data was obtained unlawfully or is not necessary for the stated purpose of processing — within seven working days;
  • withdrawal by the personal data subject of consent to the processing of their personal data, if their retention for the purpose of their processing is no longer required — within 30 days.
6.4.2. Upon achievement of the purpose of personal data processing, as well as in case of withdrawal of consent to their processing by the personal data subject, the personal data shall be destroyed, unless:
  • otherwise provided by a contract to which the personal data subject is a party, beneficiary, or guarantor;
  • the operator is not entitled to carry out processing without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
  • otherwise provided for by another agreement between the Operator and the personal data subject.
If you wish to report a violation of this security policy, please send a message to this address: bergaufinfo@bergauf.ru