+7 (499) 380-81-21 Multichannel
+7 (910) 422-10-22 Technical support
Moscow and Moscow Oblast Call between 10:00 AM and 7:00 PM.

Положение об обработке и защите персональных данных

LIMITED LIABILITY COMPANY "PUSKONALADKA"«
INN: 7734438457/KPP: 772601001/OGRN: 1207700426120
Russian Federation, 117105, Moscow, Varshavskoe shosse, 33, building 13, floor 4, office 28B

APPROVED
General manager
A.S. Shmakov

___________________
(signature)
Приказ от «11» июня 2026 г. N 3П

г. Москва    «11» июня 2026 г.

1. General Provisions

1.1. Настоящее Положение разработано в соответствии с Конституцией Российской Федерации, Федеральным законом от 27.07.2006 г. № 149-ФЗ «Об информации, информационных технологиях и о защите информации», Федеральным законом от 27.07.2006 г. № 152-ФЗ «О персональных данных», «Положением об особенностях обработки персональных данных, «Об утверждении требований к защите персональных данных при их обработке в информационных системах персональных данных», утвержденных постановлением Правительства Российской Федерации от 01.11.2012г. N 1119, и иными нормативными актами в области защиты персональных данных, действующими на территории Российской Федерации.

1.2. Основные понятия, используемые в Положении:

— OPERATOR — a legal entity, regardless of its organizational and legal form, as well as an individual entrepreneur, carrying out business activities;

— client – an individual or legal entity, regardless of its organizational and legal form, who is a counterparty of the operator;

— OPERATOR services — actions of the OPERATOR in the performance of its economic activities;

— personal data — information stored in any format relating to a specific or determinable on the basis of such information individual (subject of personal data), which, by itself or in combination with other information available to the OPERATOR, allows the identification of the Client;

— processing of personal data — actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;

— dissemination of personal data – actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including the disclosure of personal data in the media, posting in information and telecommunications networks or providing access to personal data in any other way;

— use of personal data — actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;

— confidentiality of personal data — a mandatory requirement for the operator or other person who has gained access to personal data to prevent their dissemination without the consent of the subject of the personal data or the presence of another legal basis.

1.3. Настоящее Положение устанавливает порядок обработки персональных данных Клиентов, для которых ОПЕРАТОР осуществляет весь спектр услуг по проектированию, поставке, монтажу, пусконаладке и техническому обслуживанию (ремонту) мультимедийного, звукового, светового и сценического оборудования, а также по договорам купли-продажи и поставки соответствующего оборудования.

1.4. Настоящее Положение обязательно к исполнению всеми сотрудниками ОПЕРАТОР, описывает основные цели, принципы обработки и требования к безопасности персональных данных ОПЕРАТОРУ.

1.5. Настоящее Положение разработано с целью защиты прав и свобод человека и гражданина при обработке его персональных данных, в том числе защиты прав на неприкосновенность частной жизни, личную и семейную тайну.

1.6. Персональные данные обрабатываются в целях исполнения договора возмездного оказания услуг и (или) поставки, одной из сторон которого является Клиент. ОПЕРАТОР собирает данные только в объеме, необходимом для достижения указанной в пункте 1.5. настоящего Положения цели.

1.7. Обеспечение безопасности и конфиденциальности персональных данных является одним из приоритетных направлений в деятельности ОПЕРАТОР.

2. Principles and purposes of processing. Composition of personal data

2.1. The OPERATOR processes personal data based on the following principles:

– the processing of personal data of Clients is carried out solely to ensure compliance with federal laws and other regulatory legal acts, and compliance with the purposes previously determined and stated during the collection of personal data;

– the volume and content of personal data processed by subjects, as well as the methods of processing personal data, comply with the requirements of federal legislation, as well as other regulations and the purposes for which personal data is processed. The processing of personal data that is excessive in relation to the purposes stated when collecting the personal data is prohibited;

– the OPERATOR receives personal data only from the Client;

– When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data to the purposes of processing are ensured. The OPERATOR takes the necessary measures to destroy (delete) or clarify incomplete or inaccurate data.

2.2. The processing of personal data of personal data subjects is carried out by the OPERATOR for the purpose of fulfilling contractual and other civil-law relations in the course of the OPERATOR's business activities, and improving the efficiency and quality of service to Clients.

2.3. The OPERATOR processes the following categories of personal data:

Full name, date and place of birth, registration and/or actual residence addresses, taxpayer identification number, phone numbers, email addresses, order details, and other data, excluding special categories of personal data and biometric personal data.

3. Processing conditions

3.1. The OPERATOR's procedure for handling the personal data of Clients is governed by the current legislation of the Russian Federation and the OPERATOR's internal documents, and is carried out in compliance with strictly defined rules and conditions.

3.2. Обработка персональных данных в ОПЕРАТОРОМ осуществляется путем сбора, записи, систематизации, накопления, хранения, уточнения (обновления, изменения), извлечения, использования, передачи (распространения, предоставления, доступа), обезличивания, блокирования, удаления, уничтожения персональных данных исключительно для обеспечения соблюдения федерального законодательства и иных нормативных правовых актов, соответствия целям, заранее определенным и заявленным при сборе персональных данных, учета результатов выполнения договорных и иных гражданско-правовых обязательств с субъектом персональных данных. При этом используется смешанный (автоматизированный и неавтоматизированный) способ обработки персональных данных.

3.3. Обработка персональных данных осуществляется с согласия Клиента на обработку его персональных данных, за исключением случаев, предусмотренных п. 3.4. настоящего Положения.

3.4. В случае получения ОПЕРАТОРОМ персональных данных из общедоступных источников персональных данных (например, из общедоступных профилей и контактных данных, размещенных самим Клиентом в сети Интернет, либо из открытых реестров юридических лиц и индивидуальных предпринимателей — ЕГРЮЛ/ЕГРИП), согласие Клиента не требуется.

3.5. ОПЕРАТОР не осуществляет трансграничную передачу персональных данных Клиентов.

3.6. Сроки хранения документов, содержащих персональные данные субъектов, определяются в соответствии со сроком действия договора с субъектом персональных данных, Федеральным законом РФ «Об архивном деле в Российской Федерации» № 125-ФЗ от 22.10.2004 г., сроком исковой давности, а также иными требованиями законодательства РФ. По истечении сроков хранения таких документов они подлежат уничтожению.

3.7. С целью защиты персональных данных при их обработке в информационных системах персональных данных от неправомерного или случайного доступа к ним, уничтожения, изменения, блокирования, копирования, предоставления, распространения, а также от иных неправомерных действий с ними ОПЕРАТОРОМ применяются организационные и технические меры.

3.8. Руководитель ОПЕРАТОРА утверждает перечень сотрудников ОПЕРАТОРА, имеющих доступ к персональным данным Клиентов.

3.9. Персональные данные на бумажных носителях хранятся в служебных помещениях ОПЕРАТОРА в условиях, исключающих ознакомление лиц, не имеющих допуска к работе с персональными данными Клиента.

3.10. Персональные данные Клиентов хранятся в электронном виде в локальной компьютерной сети ОПЕРАТОРА, в электронных папках и файлах в персональных компьютерах сотрудников, допущенных к обработке персональных данных Клиентов и защищенных индивидуальным паролем. Разглашение пароля доступа к персональному компьютеру сотрудника ОПЕРАТОРА не допускается.

4. Key measures to ensure the security of personal data processing

4.1. When processing the personal data of Clients, the OPERATOR is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.

4.2. To effectively protect the personal data of Clients, it is necessary:

4.2.1. comply with the procedure for receiving, recording and storing personal data of Clients;

4.2.2. use technical means of security and alarm;

4.2.3. conclude a Non-Disclosure Agreement with all employees involved in the receipt, processing and protection of the Client’s personal data;

4.2.4. impose disciplinary action on employees found guilty of violating the rules governing the receipt, processing, and protection of the Client's personal data.

4.3. Access to personal data of Clients by OPERATOR employees who do not have properly authorized access is prohibited.

4.4. Documents containing personal data of Clients are stored in the OPERATOR'S premises, which ensure protection from unauthorized access.

4.5. Protection of access to electronic databases containing personal data of Clients is ensured by:

— the use of licensed software products that prevent unauthorized access by third parties to the personal data of Clients;

— a password system. Passwords are set by the system administrator and communicated individually to employees with access to Clients' personal data.

4.6. Copying and making extracts of the Client's personal data is permitted solely for official purposes with the written permission of the manager.

5. Procedure for providing information containing personal data

5.1. Upon application by the subject of personal data (the owner of this data or his legal representative) or upon receipt of a request, the OPERATOR shall, free of charge, within 30 days from the date of receipt of the request or request, provide personal data related to the subject of personal data in an accessible form that excludes the provision of personal data related to other subjects of personal data.

5.2. Third-party organizations have the right to access the personal data of personal data subjects only if they have been granted the necessary powers in accordance with the legislation of the Russian Federation, or on the basis of agreements with the OPERATOR concluded in connection with the requirements of the legislation of the Russian Federation.

The basis for the OPERATOR employee to provide information about the personal data of subjects is the resolution of the director of the organization on the relevant request or the fact of signing an agreement (contract) on information exchange.

The agreement (contract) on information exchange shall include a condition on non-disclosure of information constituting the personal data of subjects, as well as official information that became known during the performance of work, if the use of such information is envisaged for their performance.

5.3. When transferring personal data of subjects, the OPERATOR and its authorized officials comply with the following requirements:

– do not disclose personal data to a third party without the written consent of the subject, except in cases where this is necessary in order to prevent a threat to the life and health of the subject, as well as in cases established by federal legislation;

— не сообщают информацию третьим лицам о размере задолженности Клиента;

– warn persons receiving personal data that these data may be used only for the purposes for which they were communicated, and require these persons to confirm compliance with this condition, except in cases established by federal legislation;

– do not respond to questions related to the provision of personal information to any third parties without legal grounds (written request);

– maintain records of the transfer of personal data of subjects in response to requests received by the Company from subjects.

6. Duties of the OPERATOR

6.1. The OPERATOR is obliged to:

6.1.1. Process personal data of Clients solely for the purpose of providing legitimate services to Clients.

6.1.2. Obtain the Client's personal data directly from the Client. If the Client's personal data can only be obtained from a third party, the Client must be notified in advance and their written consent must be obtained. OPERATOR employees must inform Clients of the intended sources and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the Client's refusal to provide written consent.

6.1.3. Not to receive or process the Client's personal data regarding their race, nationality, political views, religious or philosophical beliefs, health status, or intimate life, except in cases provided by law.

6.1.4. Grant access to their personal data to the Client or their legal representative upon request or upon receipt of a request containing the number of the primary identity document of the Client or their legal representative, the date of issue of said document and the issuing authority, and the Client's or their legal representative's signature. The request may be sent electronically and signed with an electronic digital signature in accordance with Russian Federation law. Information regarding the availability of personal data must be provided to the Client in an accessible form and must not contain personal data related to other personal data subjects.

6.1.5. Limit the Client's right to access their personal data if the provision of personal data violates the constitutional rights and freedoms of others.

6.1.6. Ensure the storage and protection of the Client’s personal data from unauthorized use or loss.

6.1.7. В случае выявления недостоверных персональных данных или неправомерных действий с ними оператора при обращении или по запросу субъекта персональных данных или его законного представителя либо уполномоченного органа по защите прав субъектов персональных данных оператор обязан осуществить блокирование персональных данных, относящихся к соответствующему субъекту персональных данных, с момента такого обращения или получения такого запроса на период проверки.

6.1.8. In the event that the fact of inaccuracy of personal data is confirmed, the operator, on the basis of documents submitted by the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, is obliged to clarify the personal data and unblock it.

6.1.9. If illegal actions with personal data are detected, the operator is obligated to rectify the violations within no more than three business days from the date of such detection. If it is impossible to rectify the violations, the operator is obligated to destroy the personal data within no more than three business days from the date of detection of the illegal actions with personal data. The operator is obligated to notify the personal data subject or their legal representative of the rectification of the violations or the destruction of the personal data, and if the request or appeal was sent by an authorized body for the protection of the rights of personal data subjects, also that body.

6.1.10. If the purpose of processing personal data is achieved, the operator is obliged to immediately cease processing the personal data and destroy the relevant personal data within a period not exceeding three working days from the date of achieving the purpose of processing the personal data, unless otherwise provided by federal laws, and notify the subject of the personal data or his legal representative thereof, and if the request or appeal was sent by an authorized body for the protection of the rights of personal data subjects, also the said body.

7. Client's Rights

7.1. The Client has the right to:

— access to information about oneself, including information confirming the fact of personal data processing, as well as the purpose of such processing; methods of personal data processing used by the OPERATOR; information about persons who have access to personal data or who may be granted such access; a list of personal data processed and the source of their receipt, the terms of processing of personal data, including the terms of their storage; information about what legal consequences for the Client may entail the processing of his personal data;

— determination of the forms and methods of processing his personal data;

— limitation of methods and forms of processing personal data;

— prohibition of distribution of personal data without his consent;

- changing, clarifying, destroying information about oneself;

— appealing against unlawful actions or inactions in the processing of personal data and obtaining appropriate compensation in court;

— иные права, предусмотренные Законом.

8. Confidentiality of Clients' personal data

8.1. Information about the personal data of Clients is confidential.

8.2. The OPERATOR ensures the confidentiality of personal data and is obliged to prevent its dissemination by third parties without the consent of the Clients or the presence of other legal grounds.

8.3. Persons with access to Clients' personal data are required to maintain confidentiality and must be notified of the need to maintain confidentiality. Due to the confidentiality of personal information, appropriate security measures must be in place to protect the data from accidental or unauthorized destruction, accidental loss, and unauthorized access, modification, or dissemination.

8.4. All confidentiality measures regarding the collection, processing, and storage of Clients' personal data apply to all information media, both paper and automated.

8.5. The confidentiality regime of personal data is lifted in the event of their depersonalization or inclusion in publicly available sources of personal data, unless otherwise specified by law.

9. Liability for violation of requirements governing the receipt, processing and storage of personal data

9.1. The OPERATOR's officials processing personal data are liable in accordance with the current legislation of the Russian Federation for violation of the protection, processing, and use procedures for this information.

9.2. Persons found guilty of violating the rules governing the receipt, processing, and protection of personal data shall bear disciplinary, civil, administrative, or criminal liability in accordance with the current legislation of the Russian Federation.

10. Final Provisions

10.1. Настоящее Положение вступает в силу с момента ее утверждения руководителем ОПЕРАТОРА.

10.2. Настоящее Положение подлежит корректировке в случае изменения законодательства Российской Федерации, регулирующих органов в области защиты персональных данных, внутренних документов ОПЕРАТОРА в области защиты конфиденциальной информации. При внесении изменений в заголовке Положения указывается номер версии и дата последнего обновления редакции. Новая редакция Положения вступает в силу с момента ее утверждения руководителем ОПЕРАТОРА и размещения на сайте ОПЕРАТОРА.

10.3. В случае изменения законодательства Российской Федерации в области защиты персональных данных, нормы Положения, противоречащие законодательству, не применяются до приведения их в соответствие.