Made on
Tilda
CHAPTER 1.
General Provisions
This Policy of MILISHER Limited Liability Company regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of paragraph 1 of clause 3 of Article 17 of the Law of 07.05.2021 N 99-Z "On the Protection of Personal Data" (hereinafter referred to as the Law) in order to ensure the protection of the rights and freedoms of an individual and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
The personal data processing policy defines the basic principles, purposes, conditions and methods of processing personal data, lists of subjects and processed personal data, the rights of personal data subjects, as well as the requirements for the protection of personal data implemented in MILISHER LLC.
The Policy applies to all personal data processed by MILISHER LLC (hereinafter referred to as the Operator).
The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of the Policy.
In compliance with the requirements of clause 4 of Article 17 of the Law on Personal Data, this Policy is published in the public domain on the Operator's website, on the Internet, an information and telecommunications network.
Key concepts used in the Policy:
personal data - any information related to an identified individual or an individual who can be identified;
personal data subject - an individual in respect of whom personal data is processed;
personal data operator (operator) - a government agency, a legal entity of the Republic of Belarus, another organization, an individual, including an individual entrepreneur, independently or jointly with other specified persons organizing and (or) carrying out the processing of personal data;
personal data processing - any action (operation) or set of actions (operations) with personal data, performed with the use of automation tools or without their use. Personal data processing includes, among other things:
collection;
systematization;
storage;
change;
use;
depersonalization;
blocking;
distribution;
provision;
deletion;
dissemination of personal data - actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data - actions aimed at familiarizing a specific person or group of persons with personal data;
blocking of personal data - termination of access to personal data without deleting it;
deletion of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the tangible media of personal data are destroyed;
depersonalization of personal data - actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;
personal data information system - a set of personal data contained in databases and the information technologies and technical means ensuring their processing;
CHAPTER 2.
Purposes and legal grounds for processing personal data
2.1. Personal data of personal data subjects are processed for the following purposes:
processing information (resume) of a job candidate (clause 7, Article 6; clause 2, part 2, Article 8 of the Law);
processing personal data in the course of work activity (clause 7, Article 6; clause 2, part 2, Article 8 of the Law);
ensuring access control;
conclusion, execution, modification and termination of a specific agreement (clause 5, Article 6 of the Law);
identification of a registered User
sending notifications, commercial offers, mailings of an informational, news and advertising nature related to products (works, services) to the subject of personal data;
implementation of administrative procedures (clause 1, Article 6; clause 6, part 2, Article 8 of the Law);
consideration of appeals;
maintenance of accounting and tax records (clause 10, Article 6 of the Law);
implementation of current systems of one-time and cumulative discounts and bonuses for services rendered, promotions and loyalty programs, etc.
2.2. Personal data is processed solely to achieve one or more of the specified legitimate purposes. If personal data has been collected and processed to achieve a specific purpose, in order to use this data for other purposes, it is necessary to notify the subject of personal data about this and, if necessary, obtain new consent for processing.
2.3. Only personal data that meet the purposes of their processing are subject to processing. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
2.4. Personal data may be processed for other purposes if this is necessary in connection with ensuring compliance with the law.
2.5. The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:
The Constitution of the Republic of Belarus;
The Civil Code of the Republic of Belarus;
The Labor Code of the Republic of Belarus;
The Tax Code of the Republic of Belarus;
Personal Data Law;
other regulatory legal acts governing relations related to the Operator's activities.
2.6. The legal basis for processing personal data shall also include:
the Operator's charter;
agreements concluded between the Operator and personal data subjects;
the consent of personal data subjects to the processing of their personal data.
CHAPTER 3.
Categories of personal data subjects and the list of personal data processed
3.1. The Organization processes personal data of the following categories of subjects:
relatives of employees;
job candidates;
employees and other representatives of the Organization;
employees and other representatives of counterparties - legal entities;
counterparties - individuals;
consumers;
users of the Operator's website
other subjects whose interaction with the Operator creates the need to process personal data.
3.2. The content and volume of the personal data processed must correspond to the stated purposes of processing provided for in Chapter 2 of the Policy. The personal data processed must not be excessive in relation to the stated purposes of their processing.
3.3. The Operator may process the listed personal data of the following categories of personal data subjects.
3.3.1. Candidates for employment with the Operator:
surname, first name, patronymic;
gender;
citizenship;
date and place of birth;
contact information;
information about education, work experience, qualifications;
other personal data provided by candidates in their resumes and cover letters.
3.3.2. Employees and former employees of the Operator:
last name, first name, patronymic;
gender;
citizenship;
date and place of birth;
image (photograph);
passport details;
address of registration at the place of residence;
address of actual residence;
contact details;
individual taxpayer identification number;
information on education, qualifications, professional training and advanced training;
marital status, presence of children, family ties;
information on work experience, including the presence of incentives, awards and (or) disciplinary sanctions;
information on marriage registration;
information on military registration;
information on disability;
information on alimony withholding;
information on income from the previous place of work;
other personal data provided by employees in accordance with the requirements of labor legislation.
3.3.3. Family members of the Operator's employees:
last name, first name, patronymic;
degree of kinship;
year of birth;
other personal data provided by employees in accordance with the requirements of labor legislation.
3.3.4. Clients and contractors of the Operator (individuals):
last name, first name, patronymic;
date and place of birth;
passport details;
registration address at the place of residence;
contact details;
individual taxpayer identification number;
current account number;
other personal data provided by clients and contractors (individuals) necessary for the conclusion and execution of contracts.
3.3.5. Representatives (employees) of the Operator's clients and contractors (legal entities):
last name, first name, patronymic;
passport details;
contact details;
position held;
other personal data provided by representatives (employees) of clients and contractors necessary for the conclusion and execution of contracts.
3.3.6. Users of the Operator's website:
data reflecting last names, first names and patronymics, telephone numbers; email, postal address, other information that is necessary from the user - an individual;
name of the organization, legal and postal addresses, bank details, UNP, full name of the director or the person authorized to sign, phone numbers from the user - a legal entity.
The site collects and processes anonymized data about visitors (including cookies) using Internet statistics services (Yandex Metrica, Google Analytics, etc.).
The operator processes personal data for the period of the user's use of the site's functionality.
3.3.6.1. The processing of personal data is terminated upon the occurrence of one or more of the following events:
a revocation of consent to the processing of his personal data in the manner prescribed by the Policy (except for cases stipulated by applicable law);
the purposes of their processing have been achieved;
the validity period of the subject's consent has expired;
illegal processing of personal data has been detected;
the Company's activities have been terminated.
3.3.6.2. The User agrees to the collection and analysis of certain types of technical information, including the following:
type of computer or mobile device;
type of platform (e.g. Apple iOS or Android);
version of the user's operating system;
type and language of the browser;
links and exit pages, as well as URLs;
date and time of work on the site;
number of clicks on application functions or a web page;
amount of time spent on an application function or a web page;
number of pages viewed and the order of these pages;
3.4. The Operator processes biometric personal data (e.g. photographs) in accordance with the legislation of the Republic of Belarus.
3.5. The operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except for cases stipulated by the legislation of the Republic of Belarus.
CHAPTER 4.
The procedure and conditions for processing personal data, the period of their storage
4.1. The personal data is processed by the Operator in accordance with the Law "On the Protection of Personal Data" and the requirements of the legislation of the Republic of Belarus.
4.2. The personal data is processed with the consent of the personal data subjects to the processing of their personal data, as well as without such consent in cases stipulated by the legislation of the Republic of Belarus.
4.3. The Operator carries out both automated and non-automated processing of personal data.
4.4. The Operator's employees, whose job responsibilities include the processing of personal data, are allowed to process personal data.
4.5. The personal data is processed by:
receiving personal data in oral and written form directly from the personal data subjects;
receiving personal data from publicly available sources;
entering personal data into the Operator's journals, registers and information systems;
using other methods of processing personal data.
4.6. Disclosure to third parties and distribution of personal data without the consent of the personal data subject is not allowed, unless otherwise provided by law. Consent to the processing of personal data permitted by the personal data subject for distribution is drawn up separately from other consents of the personal data subject to the processing of his/her personal data.
4.7. Transfer of personal data to inquiry and investigation bodies, tax authorities, the Social Security Fund and other executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Republic of Belarus.
4.8. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:
determines threats to the security of personal data during their processing;
adopts local regulations and other documents governing relations in the field of processing and protection of personal data;
appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
creates the necessary conditions for working with personal data;
organizes the accounting of documents containing personal data;
organizes work with information systems in which personal data are processed;
stores personal data under conditions that ensure their safety and exclude unauthorized access to them;
organizes training for the Operator's employees who process personal data.
4.9. The Operator stores personal data no longer than required for the purposes of processing personal data, unless the storage period for personal data is established by the legislation of the Republic of Belarus or an agreement.
CHAPTER 5.
Rights of personal data subjects
5.1. The Operator has the right to:
5.1.1. independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by law;
5.1.2. entrust the processing of personal data to another person, unless otherwise provided by law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules for processing personal data stipulated by the Law on Personal Data;
5.1.3. in the event of the personal data subject's withdrawal of consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Law on Personal Data.
5.2. The Operator is obliged to:
5.2.1 Within 15 days of receiving the personal data subject's application to revoke their consent by submitting an application to the Company in the form by which the consent was obtained, cease processing personal data, delete them and notify the personal data subject of this. If it is not technically possible to delete personal data, the Operator is obliged to take measures to prevent further processing of personal data, including blocking them, and notify the personal data subject of this within the same period.
5.2.2. Within 5 working days of receiving the personal data subject's application to receive information regarding the processing of their personal data, the Operator is obliged to provide them with information in an accessible form or notify them of the reasons for refusing to provide it.
5.2.3. Within 15 days of receiving the personal data subject's application to make changes to their personal data, the Operator is obliged to make the appropriate changes to their personal data and notify the personal data subject of this or notify them of the reasons for refusing to make such changes.
5.2.4. Obliged, within 15 days after receiving the personal data subject's application to receive information from the Operator about the provision of their personal data to third parties, to provide them with information about what personal data of this subject and to whom were provided during the year preceding the date of filing the application, or notify the personal data subject of the reasons for refusing to provide it.
5.2.5. Obliged, within 15 days after receiving the personal data subject's application to cease processing personal data, to cease processing personal data, as well as to delete them (ensure the termination of the processing of personal data, as well as their deletion by an authorized person) and notify the personal data subject about this.
5.2.6. Explain to the personal data subject their rights related to the processing of personal data.
5.2.7. Obtain consent from the personal data subject, except for cases stipulated by the Law on the Protection of Personal Data and other legislative acts.
5.2.8. Ensure the protection of personal data in the process of their processing.
5.2.9. Notify the authorized body for the protection of the rights of personal data subjects of violations of personal data protection systems immediately, but no later than 3 working days after the operator became aware of such violations, except for cases stipulated by the authorized body for the protection of the rights of personal data subjects.
5.3. The personal data subject has the right:
5.3.1. Has the right to revoke his consent at any time without explanation by submitting to the Company an application in the form by which consent was obtained
5.3.2. Have the right to receive information regarding the processing of their personal data, containing the name and location of the Company, confirmation of the fact of processing of personal data by the Company, their personal data and the source of their receipt, legal grounds and purposes of processing of personal data, the period for which their consent was given
5.3.3 Have the right to demand that the Company make changes to their personal data if the personal data is incomplete, outdated or inaccurate
5.3.4 Have the right to receive information from the Company on the provision of their personal data to third parties once a calendar year free of charge
5.3.5 Have the right to demand that the Company stop processing of their personal data free of charge, including their deletion, in the absence of grounds for processing of personal data
5.3.6. Have the right to appeal the actions (inaction) and decisions of the Company that violate their rights when processing personal data, to the authorized body for the protection of the rights of personal data subjects
5.4 Control over compliance with the requirements of the Policy is carried out by the person responsible for organizing the processing of personal data at the Operator.
5.5. Liability for violation of the requirements of the legislation of the Republic of Belarus and norms
CHAPTER 6.
Measures taken to protect personal data of subjects
6.1. The Operator takes the necessary and sufficient legal, organizational and technical measures to protect the personal data of subjects and users of the Operator's website from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.
6.2. The legal measures taken by the Operator include:
6.2.1. development and application of regulatory documents on the processing and protection of personal data in the Company;
6.2.2. inclusion in agreements concluded by the Operator with counterparties of requirements for maintaining confidentiality and ensuring the security of personal data of subjects during their processing;
6.2.3. publication on the official website of the Company of this Policy, ensuring access to it.
6.3. The organizational measures taken by the Operator include:
6.3.1. familiarization of the Company's employees with the requirements of the legislation of the Republic of Belarus and the LPA of the Company in the field of working with personal data;
6.3.2. issuing internal documents on personal data processing, as well as LPA, establishing procedures aimed at preventing and identifying violations when working with personal data, eliminating the consequences of such violations;
6.3.3. applying organizational and technical measures to ensure the security of personal data during their processing, necessary to meet the requirements for the protection of personal data (use of secure and certified data transmission channels, establishing the procedure for access to personal data);
6.3.4. implementing internal control over compliance by the Company's employees working with personal data of subjects with the requirements of the legislation of the Republic of Belarus and LPA, as well as monitoring the measures taken to ensure the security of personal data;
6.3.5. ensuring the registration and accounting of all actions performed with personal data processed using computer devices;
6.3.6. implementing the delimitation, restriction of employee access to documents, information resources, technical means and information carriers, information systems and work related to their use;
6.3.7. regular monitoring of personal data security, improvement of the system of their protection;
6.3.8. organization of training and conducting methodological work with employees of the structural divisions of the Company that process personal data;
6.3.9. obtaining consent from personal data subjects for the processing of their personal data, except for cases stipulated by the legislation of the Republic of Belarus, when such consent is not required;
6.3.10. separation of personal data processed without the use of automation tools from other information, in particular, by recording them on separate tangible personal data carriers;
6.3.11. ensuring separate storage of personal data and their tangible carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;
6.3.12. ensuring the security of personal data when transmitting them through open communication channels;
6.3.13. storing tangible personal data carriers in compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them;
6.3.14. appointment of a person responsible for organizing the processing of personal data in the Company;
6.3.15. notification in the established manner to personal data subjects or their representatives of information about the availability of personal data related to the relevant subjects, provision of an opportunity to familiarize themselves with this personal data upon request and (or) receipt of requests from the said personal data subjects or their representatives, unless otherwise established by the legislation of the Republic of Belarus;
6.3.16. termination of processing and destruction or blocking of personal data in cases stipulated by the legislation of the Republic of Belarus in the field of personal data;
6.3.17. performance of other actions stipulated by the legislation of the Republic of Belarus in the field of personal data.
CHAPTER 7.
Final Provisions
7.1. In compliance with the requirements of paragraph 4 of Article 17 of the Law on the Protection of Personal Data, this Policy is publicly available. Unlimited access to the Policy is provided by publishing it on the official website https://milisher.by, as well as on the information board of the Company.
7.2. Persons whose personal data are processed by the Company may receive clarification on the processing of their personal data by sending a corresponding written request to the e-mail address: milisherllc@gmail.com.