Information Security Policy

Introduction

This Information Security Policy (hereinafter the Policy) Alatyr LLC developed in accordance with the goals, objectives and principles of ensuring the security of personal data set forth in the Information Security Concept of the ISPD COMPANY. The policy was developed in accordance with the requirements of the Federal Law of July 27 2006 No. 152-ФЗ on Personal Data and the Government of the Russian Federation 11 No. 2007 of November 781 On Approving the Provision on the Security of Personal Data personal data systems ”,“ Provisions on methods and ways to protect information in personal data information systems ”, approved by the Director of FSTEC from 05.01.2010, No. 58. The Policy defines the requirements for the staff of an ISPDn, the degree of personnel responsibility, the structure and the required level of protection of an ISPD of the COMPANY.

1. General provisions

The purpose of this Policy is to ensure the security of the objects of protection of the COMPANY against all types of threats, external and internal, intentional and unintentional, minimizing damage from the possible realization of threats to the safety of personal data (UFDI). The security of personal data is achieved by excluding unauthorized, including accidental, access to personal data, which may result in the destruction, alteration, blocking, copying, distribution of personal data, as well as other unauthorized actions. Information and related resources should be available to authorized users. Timely detection and response to DU shall be carried out. The intentional or accidental, partial or total unauthorized modification or destruction of data should be prevented. This Information Security Policy was approved by the head of the COMPANY and put into effect by the order of the Director of the COMPANY.

2. Scope

The requirements of this Policy apply to all employees of the COMPANY (full-time, temporary, working under a student agreement, etc.), as well as to all other persons. This Policy applies to all information that COMPANY may receive about the user during his use of any services and services of the COMPANY website chbay.com (hereinafter - Services). The user's consent to the provision of personal information, given to them in accordance with this Policy in the framework of using one of the Services, applies to all Services of the Site.

3. Personnel Protection Requirements for PDN

All employees of the COMPANY, who are users of ISPDN, should clearly know and strictly follow the established rules and obligations for access to protected objects and compliance with the accepted security mode of PD. When a new employee takes office, the immediate supervisor of the unit to which he enters is obliged to organize his familiarization with the job description and the necessary documents regulating the requirements for personal data protection, as well as training in the implementation of procedures necessary for the authorized use of ISPD. The employee should be familiar with the information of this Policy, the adopted procedures for working with the SPDN and FDI elements. Employees of the COMPANY using technical means of authentication should ensure the safety of identifiers (electronic keys) and prevent unauthorized access to them, as well as the possibility of their loss or use by third parties. Users are personally responsible for the safety of identifiers. COMPANY employees must follow the established procedures for maintaining the PD security mode when selecting and using passwords (if no technical means of authentication is used). COMPANY employees must provide adequate protection for equipment left unattended, especially in cases where unauthorized persons have access to the premises. All users should be aware of the PD safety requirements and procedures for protecting equipment left unattended, as well as their responsibilities for ensuring such protection. Employees are prohibited from installing third-party software, connecting personal mobile devices and storage media, as well as recording protected information on them. Employees are prohibited from disclosing protected information that has become known to them when working with COMPANY’s information systems to third parties. When working with PDN in the ISPDN, the employees of the COMPANY are obliged to ensure that it is impossible for third parties to view the PDA from an automated workplace monitor or terminal. COMPANY employees must be informed about the threats of violating the security mode of personal data and the responsibility for its violation. They should be familiarized with the approved formal procedure for imposing disciplinary actions on employees who have violated accepted PD security policy and procedures. Employees are obliged to report without delay on all observed or suspicious cases of the ISPD work, which may entail threats to the safety of personal data, as well as about the events they have revealed that affect the safety of personal data, the management of the unit and the person responsible for the processing of personal data.

4. Objectives of collecting and processing personal information of users of the COMPANY site

COMPANY collects and stores only those personal data that are necessary to provide services to the site user. Personal information of the user can be used for the following purposes: Identification of the party in the framework of the use of the Site Services. Contact with the user, if necessary, including sending notifications, requests and information related to the provision of services, as well as processing requests and requests from the user. Improving the quality of services. Conducting statistical and other studies based on anonymized data. COMPANY does not verify the accuracy of personal information provided by users of the site, and does not exercise control over their capacity. However, COMPANY assumes that the user provides accurate and sufficient personal information on the issues proposed in the registration form, and keeps this information up to date.

5. Terms processing of personal information of the user and its transfer to third parties

COMPANY stores personal information of users in accordance with internal regulations. With respect to the user's personal information, confidentiality is maintained, except in cases where the user voluntarily provides information about himself for general access to all users of the Site. COMPANY has the right to transfer personal information of the user to third parties in the following cases: The user expressly consented to such actions. The transfer is necessary as part of the use of a particular Service by the user or to provide a service to the user. This ensures the confidentiality of personal information, and the user will be explicitly notified of such transfer. The transfer is provided for by Russian or other applicable law in the framework of the procedure established by law.

6. Changing the Site User Personal Information

The user may at any time change (update, supplement) or delete the personal information provided to them or its part by sending a corresponding application to the mailing address of the COMPANY.

7. Measures taken to protect users' personal information

COMPANY takes all necessary measures to protect any personal data provided by users. Only authorized employees of the COMPANY, authorized employees of third-party companies (ie service providers) or our business partners who have signed a confidentiality and personal data protection agreement have access to personal data. All COMPANY employees who have access to personal data must adhere to a policy of confidentiality and protection of personal data. In order to ensure the confidentiality of information and the protection of personal data, COMPANY maintains an appropriate IT environment and takes all measures necessary to prevent unauthorized access (hacking).

8. Change Information Security Policy. Applicable law

COMPANY has the right to make changes to this Information Security Policy. When making changes in the current edition, the date of the last update is indicated. The new version of the Policy comes into force from the moment of its placement, unless otherwise provided by the new version of the Policy. The current legislation of the Russian Federation is applicable to this Policy and the relationship between the user and the COMPANY arising in connection with the application of the Personal Data Processing Policy.

December 1 Updated 2018

Order any product in bulk
Seller?