Personal Data processing Policy (PDF)
PDF, 46 КБ
APPROVED by order of JSC «PF «SKB Kontur» dated July 10, 2020 num. 269
1. Purpose and scope
1.1. This document (hereinafter — Policy) defines the purposes and general principles of personal data processing, as well as the measures implemented to protect the rights of personal data subjects in the SKB Kontur group of companies (hereinafter — SKB Kontur, also the Group of Companies).
1.2. The Policy applies to the following legal entities (hereinafter — Companies) included in SKB Kontur:
- Joint Stock Company «PF «SKB Kontur»;
- Limited Liability Company «Sertum-Pro»;
- Limited Liability Company «CIB-Service»;
- Limited Liability Company «RSC Info Buhgalter»;
- Limited Liability Company «Kontur NTT»;
- Limited Liability Company «Kontur Factoring»;
- Limited Liability Company «Kontur Research»;
- Limited Liability Company «Argos SPB»;
- Limited Liability Company «Kontur Innovations»;
- Limited Liability Company «Kontur-Park»;
- Limited Liability Company «SBK»;
- Limited Liability Company «UralFinInvest»;
- Limited Liability Company «Business-Soft St. Petersburg»;
- Limited Liability Company «UK» Office-Service»;
- Autonomous non-profit organisation DPO «SKB Kontur Training Center»
1.3. The Policy applies to all SKB Kontur personnel (including employees under labor contracts and employees working on the basis of other contracts with the Companies) and all structural subdivisions of the Companies.
1.4. Requirements of the Policy are also considered and applied to other persons or organisations when there is a necessity for their participation in the SKB Kontur personal data processing, e.g. in cases of transferring personal data from SKB Kontur to contractors, partners and other counterparties on the basis of orders for personal data processing, agreements and contracts in accordance with the established procedure.
2. Compliance with Applicable Laws
2.1. The policy is developed primarily on the basis of the legislation of the Russian Federation in view of the registration of the majority of SKB Kontur companies in the Russian Federation. The Policy uses terms and definitions in accordance with their meanings as defined in Federal Law 152-FZ «On Personal Data» dated 27.07.2006 (hereinafter — 152-FZ). SKB Kontur processes the personal data considering requirements of 152-FZ itself, its by-laws and regulatory and methodological documents of the state bodies of the Russian Federation authorised in the field of information security and protection of the personal data subjects rights.
2.2. If possible, the Policy also considering the provisions of other legislation applicable to the SKB Kontur activities in the field of personal data processing, e.g. the European General Data Protection Regulation (hereinafter – GDPR), or local legislation of certain countries in the part that does not contradict 152-FZ.
2.3. In separate cases of personal data processing in order to resolve possible contradictions between the different laws of certain states, the procedure and principles of personal data processing in SKB Kontur can be regulated and detailed in addition to the Policy in special sections of the other SKB Kontur documents (e.g. contracts, agreements) relating to such separate cases and which performing for such cases the role of Data Processing Agreement (hereinafter – DPA) within GDPR terminology.
2.4. SKB Kontur Companies that process personal data of citizens of the Russian Federation are each individually registered in the register of the Authorised Body of the Russian Federation on Protection of Rights of Personal Data Subjects (hereinafter – Roskomnadzor) as personal data Operators. Any person can get information about the Operators by searching in the Personal data Operators registry publicly available in the Internet at https://pd.rkn.gov.ru/operators-registry/operators-list/. The registry contains information about the Operator provided by the legislation of the Russian Federation, including:
- full name and location of the personal data Operator;
- information about persons responsible for organisation of personal data processing;
- contact information for inquiries;
- information on the location of personal data information systems databases;
- information on personal data processing and security measures;
- other information on personal data Operators stipulated by 152-FZ.
3. Principles of personal data processing
3.1 The processing of personal data is carried out by SKB Kontur on legal and fair basis, the main legal grounds for processing are:
- The Constitution of the Russian Federation;
- Labor Code of the Russian Federation;
- Civil Code of the Russian Federation;
- Tax Code of the Russian Federation;
- Federal Law of 10.01.2002 Num. 1-FZ «On Electronic Digital Signature»;
- Federal Law of 06.04.2011 Num. 63-FZ «On Electronic Signature»;
- Federal Law of 07.07.2003 Num. 126-FZ «On Communications»;
- Federal Law of 27.07.2006 Num. 149-FZ «On Information, Information Technologies and Information Protection»;
- Federal Law of 04.05.2011 Num. 99-FZ «On licensing certain types of activities»;
- Federal Law of 06.12.2011 Num. 402-FZ «On Accounting»;
- Federal Law of 01.04.1996 Num. 27-FZ «On Individual (Personified) Accounting in the Compulsory Pension Insurance System»;
- Federal Law of 24.07.2009 Num. 212-FZ «On Insurance Contributions to the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Compulsory Medical Insurance Fund and Territorial Funds of Compulsory Medical Insurance»;
- Federal law of 22.10.2004. Num. 125-FZ «On archival affairs in the Russian Federation»;
- Federal Law of 19.12.2012 Num. 273-FZ «On Education in the Russian Federation»;
- Federal Law of 22.05.2003 Num. 54-FZ «On the Application of Cash Register Equipment in Settlements in Cash and/or via Electronic Means of Payment”;
- Federal Law of 12.01.1996 Num. 7-FZ «On non-profit organisations»;
- Law of the Russian Federation of 27.12.1991 Num. 2124-1 «On Mass Media»;
- Regulations of the Certification Authority of JSC «PF «SKB Kontur»;
- Regulations of the Certification Authority of LLC «Sertum-Pro»;
- Regulations of the Certification Authority of LLC «CIB-Service»;
- Regulations of the Certification Authority of LLC «RSC Info Buhgalter»;
- Regulations of the electronic factoring platform of LLC «Kontur Factoring»;
- Charters of the Companies;
- Contracts and Agreements of the Companies;
- Consents of personal data subjects.
3.2 The content and volume of personal data being processed are determined in accordance with the purposes of processing. SKB Kontur not process personal data that are excessive or incompatible with the following main purposes:
- 3.2.1. conclusion of labor relations with individuals, personnel recruitment;
- 3.2.2. signing, prolongation of contractual relations of the Companies;
- 3.2.3. identification of parties to contracts, agreements, deals of the Companies;
- 3.2.4. fulfillment of contractual obligations of the Companies, including provision of services, granting rights to use the software of SKB Kontur;
- 3.2.6. registration, identification and personalisation of users of websites, applications and other information resources of the Companies; provision of access to resources and functions available only for registered users; improvement of user experience, products and services of the SKB Kontur;
- 3.2.7. communication with individuals and organisations for sending them notifications, replies to inquiries, mailings and information letters as well as marketing information to promote SKB Kontur and partner organizations products and services;
- 3.2.8. carrying out activities of the Certification Authority in accordance with the Russian Federation legislation on electronic signature;
- 3.2.9. carrying out activities of the fiscal data operator in accordance with the legislation of the Russian Federation on fiscal data;
- 3.2.10. carrying out activities of electronic workflow operators in accordance with the legislation of the Russian Federation, regulatory documents of the Russian Federation state authorities;
- 3.2.11. carrying out activities to provide supplementary vocational education;
- 3.2.12. carrying out activities of mass media in accordance with the legislation of the Russian Federation;
- 3.2.13. participation of individuals in referral, bonus and loyalty programs of SKB Kontur and partner organisations;
- 3.2.14. protection of legal interests of the Companies, their partners and clients; countering illegal or unauthorized actions, fraudulent use by consumers or within provision of the products and services of the SKB Kontur to consumers; provision of information security;
- 3.2.15. organising of access control on the territory of buildings and offices of SKB Kontur, ensuring safety of property and security of employees and visitors of the Companies;
- 3.2.16. organising of conferences, seminars, webinars and other public events in the interests of the SKB Kontur, partner organisations and professional communities;
- 3.2.17. passing by individuals of internships, traineeships in the Companies, studying in partner educational institutions;
- 3.2.18. provision of social benefits and material assistance, compensations and bonuses to the employees of the Companies;
- 3.2.19. carrying out of researches on the fields of activity of the Companies, use of products and services of SKB Kontur for development of new products and services, quality assurance;
- 3.2.20. collection, processing of analytical and statistics data on the subject of activities of the SKB Kontur, use of information resources, products and services of the SKB Kontur;
- 3.2.21. compliance with current labor, accounting, pension and other legislation of the Russian Federation;
- 3.2.22. compliance with other legislation applicable to the activities of the SKB Kontur, including international or local legislation of the countries in respect of whose citizens the SKB Kontur or individual companies are operating.
3.3 The main categories of personal data subjects, whose data are processed in SKB Kontur, include:
- 3.3.1. visitors and users of the websites, applications and information resources of the SKB Kontur;
- 3.3.2. individuals who are or have been in labor and civil legal relations with the SKB Kontur companies, their close relatives, referrals, as well as persons who intend to enter into such relations, e.g. candidates for the vacant job positions;
- 3.3.3. individuals, who are or have been in labor and civil legal relations with contractors of SKB Kontur companies, as well as persons who have intentions to enter such relations;
- 3.3.4. persons taking an internship in SKB Kontur, traineeship on assignment of educational institutions;
- 3.3.5. individuals specified in various state registries, databases, in public and other sources, which are obtained by legal means and are used in the provision of services and in products of the SKB Kontur as data sources;
- 3.3.6. individuals who have contacted the SKB Kontur with their requests, messages, statements, complaints, suggestions using contact information or feedback collecting means;
- 3.3.7. individuals participating in interviews, surveys, analytical and marketing research on the fields of the Companies' activities;
- 3.3.8. participants in events conducted by the SKB Kontur or partner organisations;
- 3.3.9. visitors to the offices of the SKB Kontur;
- 3.3.10. shareholders and founders of the Companies.
3.4. According to the processing purposes, the following data may be processed for the above-mentioned categories of subjects:
- 3.4.1. personal information (surname, name, patronymic, including former; sex; year, month, date of birth; age; place of birth, nationality, citizenship);
- 3.4.2. contact information (postal address, phone numbers, e-mail addresses, nicknames, social networks and communication services IDs); registration and actual residence addresses;
- 3.4.3. information on identity documents; driver's license; information on subject's identification numbers in state registration systems (e.g. INN, SNILS, etc.); information on compulsory and voluntary health insurance plans;
- 3.4.4. professional activity (place of employment; job title; structural subdivision; staff number; work experience; membership in legal entities; competences);
- 3.4.5. skills and qualification (education; profession; assigned specialties; knowledge of foreign languages; completed training courses, internships and traineeships);
- 3.4.6. information on family (family status; family composition; legal representatives, close relatives);
- 3.4.7. social status; property status; information on vehicles;
- 3.4.8. information on contracts and agreements, their statuses; information on participation in partnership and bonus programs; referral promotional codes; information on products and services used;
- 3.4.9. recommendations and feedback; information on staff assessment;
- 3.4.10. financial state; payment details; incomes; information on tax and other payments to state funds; information on accruals and withholding of monetary funds, remuneration in other form; information on purchases made, orders for goods and services; information on payments;
- 3.4.11. information on presence in certain state registries, databases and lists;
- 3.4.12. information on military registration; information on migration registration;
- 3.4.13. photo and video image; speech data (voice recording);
- 3.4.14. electronic user data (user identifiers, network addresses, cookies, device identifiers, screen size and resolution, information on hardware and software, e.g. browsers, operating system, installed applications, geolocation, language settings, time zone, time and statistics on use of the applications and information resources of the SKB Kontur as well as user actions in the services and applications, sources of navigation to web pages, sent search and other queries, user-created content); electronic signature certificates;
- 3.4.15. hobbies and pastimes; personal interests; tastes and preferences; mailing list subscriptions;
- 3.4.16. health state; information about the disabilities, inability to work;
- 3.4.17. information on bonuses, awards, penalties and prosecution;
- 3.4.18. other information provided by the standard forms, established procedure and purposes of processing.
3.5 Processing of personal data in the SKB Kontur is carried out in a mixed way: with and without the use of automation.
3.6. Operations with personal data include: collection; recording; systematisation; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); depersonalisation; blocking; removal, destruction.
3.7 During the processing the accuracy of personal data, its sufficiency and relevance in relation to the purposes of personal data processing are ensured. At detection of the inaccurate or incomplete personal data it can be specified and updated. In cases where the updating of personal data is beyond the scope of responsibility of SKB Kontur, the processing may be suspended until the updates are made. Duties and responsibility for timely updating of personal data for certain processing cases may be established by agreements or local acts of the SKB Kontur.
3.8. Processing and storage of personal data is carried out not longer than the purpose of processing of personal data requires, if there are no legal grounds for further processing, for example, if the federal law or the agreement with the subject of personal data does not establish the appropriate storage period.
3.9. The personal data being processed shall be destroyed or depersonalised under the following conditions:
- 3.9.1. achievement of purposes of personal data processing or of maximum storage period – to be destroyed or depersonalised within 30 days;
- 3.9.2. loss of necessity in achieving the purposes of personal data processing – within 30 days;
- 3.9.3. provision by the subject of personal data or its legal representative of confirmation that personal data is illegally obtained or is not necessary for the stated purpose of processing – within 7 days;
- 3.9.4. impossibility to ensure lawfulness of personal data processing – within 10 days;
- 3.9.5. withdrawal of consent to processing of personal data by the subject of personal data, if the storage of personal data is no longer required for the purposes of personal data processing — within 30 days;
- 3.9.6. withdrawal of consent to the processing of personal data by the subject of personal data for contacts with potential consumers while promoting products and services – within 2 days;
- 3.9.7. the expiration of the limitation period for legal relations within which the processing of personal data is carried out or was carried out;
- 3.9.8. elimination (reorganisation) of an individual Company included into the SKB Kontur if the processing was carried out exclusively in the interests of this Company and there is no any legal successor of the Company in the SKB Kontur.
4. Processing as a subcontractor and engaging subcontractors
4.1. The SKB Kontur Companies, in addition to their activities as personal data Operators, may act as entities processing personal data on behalf of other personal data Operators under contracts and other agreements. Such cases include, for example, the following:
- 4.1.1. providing to the clients of SKB Kontur of the rights to use the software products;
- 4.1.2. providing to the clients of SKB Kontur of services related to the data processing;
- 4.1.3. implementation of joint processing with external organisations within partnership of SKB Kontur.
4.2. If necessary, the SKB Kontur Companies may involve third-party organisations in the processing of personal data as subcontractors on condition of compliance with the processing principles and existence of a relevant contract or agreement with such organisations. Such cases include, for example, the following:
- 4.2.1. providing of products and services of the SKB Kontur jointly by different Companies, as well as with third-party organisations, technological and other partners of the SKB Kontur;
- 4.2.2. organizing of a partner network of SKB Kontur for distribution of products and services on the market;
- 4.2.3. use of third-party services, computing resources, applications and infrastructure for information processing, communication with consumers of products and services.
4.3. Processing of personal data on the basis of contracts and other agreements of the SKB Kontur, and orders for personal data processing is carried out in accordance with the terms and conditions of these contracts, agreements of the SKB Kontur with the persons to whom processing is entrusted or who have entrusted processing on legal grounds. Such agreements may determine, in particular:
- 4.3.1. purposes, conditions, operations with personal data, period of personal data processing;
- 4.3.2. roles, functions and obligations of the parties, including measures to ensure confidentiality and information security;
- 4.3.3. rights and responsibilities of the parties regarding the processing of personal data.
4.4. In cases where the applicable law is the GDPR which assumes DPA agreements between the processing participants, the following documents can fulfil the role of the DPA after the inclusion of special sections with the conditions of the processing of personal data:
- 4.4.1. license agreements for the right to use the software;
- 4.4.2. contracts and agreements including data processing orders;
- 4.4.3. agreements on confidentiality, information security;
- 4.4.5. regulations, provisions, agreements on data processing, service level agreements.
5. Obtaining the consent of the subject for processing personal data
5.1. In cases of processing that not provided by the current legislation or the agreement with the subject explicitly, processing is carried out after the consent of the personal data subject. An obligatory case of obtaining the preliminary consent is, for example, communication with a potential consumer for marketing purposes, when promoting products and services of SKB Kontur at the market.
5.2. The consent can be expressed in the form of committing conclusive actions by the subject of personal data, for example:
- 5.2.1. accepting terms and conditions of the offer agreement, license agreement, terms of using the SKB Kontur information resources and services;
- 5.2.2. continuing interaction with user interfaces, working in applications, services, and information resources of the SKB Kontur after notifying of user about data processing;
- 5.2.3. providing the necessary permissions to mobile applications when requested at the moment of installation or use;
- 5.2.4. putting checkmarks, filling in the appropriate fields in forms and blanks;
- 5.2.5. repliing, continuing to email correspondence that refers to the processing;
- 5.2.6. entering the territory after familiarization with warning signs on processing;
- 5.2.7. other actions performed by the subject by which it is possible to deside about his/her will.
5.3. In some cases by the legislation of the Russian Federation, the consent is made in writing, including the information as required by 152-FZ, as well as in accordance with other applicable requirements, standard forms.
5.4. In cases of processing of the personal data received not from the subject directly, but from other persons on the basis of the contract or the order on processing, the duty of obtaining the consent of the subject can be assigned to the person from whom the personal data are received.
5.5. In case of refusal by the subject to provide in necessary and sufficient volume of his/her personal data, SKB Kontur will not be able to carry out necessary actions for achievement of relevant processing purposes. For example, in such case registration of the user in service can not be finished, service under the contract can not be provided, the CV of the applicant for job vacancy will not be considered, etc.
6. Processing of electronic user data, including cookies
6.1. For the purposes of processing personal data within purposes of the Policy, SKB Kontur may collect electronic user data on its websites automatically, without the need for user participation and without any actions to send the data.
6.2. The validity of the electronic data collected in this way in SKB Kontur is not verified and the information is processed «as is» as it came from the user device.
6.3. The visitors and users of the SKB Kontur websites may be shown notifications about the collection and processing of cookies with a link to the Policy and buttons to accept the processing conditions or close the notification.
6.4. Such notifications mean that when visiting and using websites, information resources and the web applications of SKB Kontur, some information (e.g. cookies) may be stored in the user's browser on the user's device, giving further identification of the user or device, session remembering or saving certain user preferences and preferences specific to these particular websites. Such information, once stored to user's browser and until expiration or deletion from device, will be sent each time when subsequent request is made to the website, on whose behalf it was stored, along with this request, for processing on the SKB Kontur side.
6.5. Processing of these cookies is required by the SKB Kontur for proper functioning of the websites, in particularly their functions related to the access of the registered users to the SKB Kontur products, services and resources; for personalisation of the users; for improvement of efficiency and user experience on the websites and for other purposes stipulated in the Policy.
6.6. In addition to the processing of cookies which set by the SKB Kontur websites, users and visitors may also receive cookies relating to third party sites, for example, when the SKB Kontur sites use third party components and software. The processing of such cookies is governed by the policies of the respective sites to which they relate and is subject to change without notice to users of the SKB Kontur sites. This may include using in the websites of following:
- 6.6.1. counters of visits, analytical and statistical services, such as Yandex.Metrics or Google Analytics to collect statistics of attendance of public pages of websites;
- 6.6.2. widgets of auxiliary services for collection of feedback, organizing of chats and other types of communication with users;
- 6.6.3. context advertising systems, banner and other marketing networks;
- 6.6.4. authorisation buttons on websites using accounts in social networks;
- 6.6.5. other third-party components used by the SKB Kontur on its websites.
6.7. Acceptance of the terms and conditions of cookies processing by the user or closure of a pop-up notification, in accordance with the Policy, is deemed to be consent to the processing of cookies on the SKB Kontur websites.
6.8. In case the user does not agree with the processing of cookies, he/she must accept the risk that the functions and features of the website may not be fully available and then follow one of the following options:
- 6.8.1. configure their browser themself, in accordance with its documentation or user guide, in way that it will not permanently allow the acceptance and sending of cookies for any website or for a particular SKB Kontur or third party website;
- 6.8.3. leave the website to avoid further processing of cookies.
6.9. The user can manage the stored data through the built-in web browser tools, including the deletion or viewing of information about the cookies set by the websites, including:
- 6.9.1. the addresses of the websites and the ways to the websites where the cookies will be sent;
- 6.9.2. names and values of settings stored in cookies;
- 6.9.3. expiration period of cookies.
7. Privacy and security of personal data
7.1. For personal data processed in the SKB Kontur, privacy is ensured in accordance with the applicable legislation, local acts of the Companies, conditions of the signed agreements and contracts of the SKB Kontur, except cases:
- 7.1.1. if personal data is publicly available;
- 7.1.2. if the information is subject to mandatory disclosure to third parties, including state bodies, in accordance with the legislation applicable to the SKB Kontur.
7.2. SKB Kontur takes necessary and sufficient legal, organisational and technical measures to ensure security of personal data for its protection against unauthorised (including accidental) access, destruction, modification, access blocking and other unauthorised actions. Such measures include, in particular, the following:
- 7.2.1. appointment of individuals or legal entities responsible for the organization of processing and security of personal data in specific Companies;
- 7.2.2. approvement of local document acts on personal data processing, information security, and also familiarisation of employees with them;
- 7.2.3. awareness, training of employees in the issues of personal data processing, information security;
- 7.2.4. ensuring physical security of premises and processing facilities, access control, security, video surveillance;
- 7.2.5. restriction and access control to personal data and processing means for employees and other persons, monitoring of actions with personal data;
- 7.2.6. identification of threats to the safety of personal data, threat modeling while personal data processing in information systems;
- 7.2.7. use of security controls (antivirus tools, firewalls, protection against unauthorized access, cryptographic protection of the information), including, in necessary cases, passed the procedure of assessment in accordance with the established procedure;
- 7.2.8. accounting and safe keeping of data carriers, preventing their theft, substitution, unauthorized copying and destruction;
- 7.2.9. backup of information for recovery possibility;
- 7.2.10. internal control and auditing over compliance with the established procedure, verification of effectiveness of controls, incident response capabilities and procedures;
- 7.2.11. checking the presence of personal data privacy and security clauses in the contracts and agreements where necessary;
- 7.2.12. other measures and controls in accordance with local document acts of the SKB Kontur.
8. Rights of personal data subjects
8.1. Personal data subject has the right to revoke the consent to the processing of personal data by sending a corresponding request to the Company or authorized representatives of the SKB Kontur in other countries, by mail or by contacting locally.
8.2. Personal data subject has the right to receive information related to the processing of his/her personal data, including those containing:
- 8.2.1. confirmation of the fact of personal data processing by the SKB Kontur companies;
- 8.2.2. legal grounds and purposes for processing personal data;
- 8.2.3. the purposes and ways of processing personal data applied in the SKB Kontur;
- 8.2.4. name and location of the SKB Kontur Company, information about persons (except for employees/workers) who have access to personal data or to whom personal data can be disclosed on the basis of agreement, agreement with the Company or on the basis of the federal law;
- 8.2.5. the processed personal data relating to the respective personal data subject, the source of their reception, unless another procedure for submitting such data is stipulated by the federal law;
- 8.2.6. durations of personal data processing, including durations and terms of their storage;
- 8.2.7. an order of realization of the rights provided by 152-FZ to the personal data subject;
- 8.2.8. the information on the carried out or on assumed cross-border transfer of the data;
- 8.2.9. name or surname, first name, patronymic name and address of the person or organisation who carries out personal data processing on behalf of SKB Kontur Companies if processing is or will be entrusted to such person;
- 8.2.10. other information provided by 152-FZ or other federal laws.
8.3. Personal data subject has the right to demand from SKB Kontur to clarify his/her personal data, block or destroy it if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the declared purpose of processing, as well as to take measures for protection of his/her rights provided by the applicable legislation.
8.4. If personal data subject believes that SKB Kontur is processing his/her personal data with violations of the requirements of the 152-FZ or is otherwise violating his/her rights and freedoms, personal data subject has the right to appeal against the actions or omissions of the Company which is part of SKB Kontur to Roskomnadzor, other authorized supervisory authority, or in court.
8.5. Personal data subject has the right to be protected for his/her rights and lawful interests, including compensation for damages and/or compensation for moral damages in court.
9. Roles and responsibilities
9.1. The rights, duties and responsibilities of the SKB Kontur are determined by the applicable laws, agreements of the Companies.
9.2. Responsibility of the employees of the Companies involved in personal data processing due to performance of functional duties, for proper processing and illegal use of personal data is established in accordance with the terms of the contract between the Company and an employee, the non-disclosure agreement, local acts of the Company.
9.3. Control over compliance with the requirements of the Policy in each of the SKB Kontur Company is generally carried out by the responsible for the organizing of personal data processing in the relevant Company, or by particular structural units and authorized persons in accordance with the local acts of specific Companies.
9.4. The responsibility of counterparts involved in the personal data processing on the basis of the order of the SKB Kontur, for the proper processing and illegal use of personal data is established in accordance with the terms and conditions of the contract, information's confidentiality agreement or other agreement concluded between the SKB Kontur Company and the contractor.
9.5. In separate cases by the applicable legislation, for example, GDPR or local legislation in the field of processing of personal data of the separate countries, SKB Kontur may appoint their representatives on the territories of the European Union or these countries. In such cases, the rights, duties and responsibilities will be shared in accordance with the contracts, agreements between such representatives and the SKB Kontur, and the contact information of the representatives will be included in the Policy.
9.6. Persons who are guilty of violation of rules regulating processing and ensuring information security of personal data bear financial, disciplinary, administrative, civil or criminal responsibility in the order established by the applicable legislation, local acts, agreements of SKB Kontur.
10. Policy publishing and actualization
10.1. The Policy is developed by the persons responsible for the organization of personal data processing in JSC «PF «SKB Kontur» and is put into force after approval in SKB Kontur.
10.2. The Policy is a publicly available document of SKB Kontur which provides an opportunity for any persons to familiarize themselves with its current version, including existing translations into foreign languages, by publishing it on the Internet at https://kontur.ru/about/policy.
10.3. Web forms, blanks, standard forms of SKB Kontur for collecting personal data necessarily contain user notifications about the processing of personal data in accordance with the Policy with reference to it.
10.4. The Policy is valid indefinitely after approval and until it is replaced by a new version. SKB Kontur may make changes to the Policy without notice to any person. The Policy shall be reviewed annually to keep it up to date and updated as necessary.
10.5. Proposals and comments for changes to the Policy may be sent by any persons to firstname.lastname@example.org.
11. Additional information about SKB Kontur Group of Companies and its representatives
11.1. Location and contact information of the organisations included in the SKB Kontur to which the Policy applies:
- Joint Stock Company «PF «SKB Kontur» (Russian Federation, 620017, Sverdlovskaya oblast', Yekaterinburg, Prospekt Kosmonavtov, 56);
- Limited Liability Company «Sertum-Pro» (Russian Federation, 620057, Sverdlovskaya oblast', Yekaterinburg, Ul'yanovskaya Ulitsa, 13А, 209Б);
- Limited Liability Company «CIB-Service» (Russian Federation, 656031, Altai Krai, Barnaul, Prospekt Stroiteley, 117);
- Limited Liability Company «RSC Info Buhgalter» (Russian Federation, 360012, Kabardino-Balkarskaya Respublika, Nalchik, Ulitsa Kalinina, 226, 60);
- Limited Liability Company «Kontur NTT» (Russian Federation, 620036, Sverdlovskaya oblast', Yekaterinburg, Maloprudnaya Ulitsa, 5);
- Limited Liability Company «Kontur Factoring» (Russian Federation, 620036, Sverdlovskaya oblast', Yekaterinburg, Maloprudnaya Ulitsa, 5);
- Limited Liability Company «Kontur Research» (Russian Federation, 620057, Sverdlovskaya oblast', Yekaterinburg, Ul'yanovskaya Ulitsa, 13А, 203);
- Limited Liability Company «Argos SPB» (Russian Federation, 196191, St Petersburg, Ploshchad' Konstitutsii, 7А, 109);
- Limited Liability Company «Kontur Innovations» (Russian Federation, 420500, Respublika Tatarstan, Innopolis, Universitetskaya Ulitsa, 7, 44);
- Limited Liability Company «Kontur-Park» (Russian Federation, 620036, Sverdlovskaya oblast', Yekaterinburg, Maloprudnaya Ulitsa, 5, 315);
- Limited Liability Company «SBK» (Russian Federation, 153002, Ivanovskaya oblast', Ivanovo, Prospekt Lenina, 21/1);
- Limited Liability Company «UralFinInvest» (Russian Federation, 620014, Sverdlovskaya oblast', Yekaterinburg, Ulitsa Kuybysheva, 55, 417);
- Limited Liability Company «Business-Soft St. Petersburg» (Russian Federation, 194044, St Petersburg, Gel'singforsskaya Ulitsa, 2а);
- Limited Liability Company «MC» Office-Service» (Russian Federation, 620036, Sverdlovskaya oblast', Yekaterinburg, Maloprudnaya Ulitsa, 5);
- Autonomous non-profit organisation DPO «SKB Kontur Training Center» (Russian Federation, 127018, Moscow, Ulitsa Sushchovskiy Val, 18).