4

Privacy policy

1. General

1.1 Policy on processing of personal data (hereinafter Policy) is aimed at protection of rights and freedoms of natural persons, whose personal data is processed by MARINE CREWING AGENCY NORDVEGR LTD / SEVERNYI PUT (hereinafter referred to as “Operator”).

1.2 The Policy has been developed in accordance with clause 2 of Part 1 of Article 18.1 of the Federal Law “On the Protection of Personal Data”. 1.1 Article 18.1 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter “Personal Data Law”).

1.3 The Policy contains information subject to disclosure pursuant to clause 1 of Article 14 of the Federal Law “On Personal Data” and is a publicly available document.

2. Information about the operator

2.1 The operator has its registered office at Prospect Moskovsky 40, bldg. 501, 521, Kaliningrad Region, Kaliningrad.

2.2 The Quality System Manager Alina Alekseeva (phone number +7 (401) 270-2841) is responsible for organization of processing of personal data.

2.3 The database of information containing personal data on citizens of the Russian Federation is located at the following address: 40 Moskovsky Prospekt, Kaliningrad Region, office. 501,521.

3. Information on the processing of personal data

3.1. The Operator processes personal data on a lawful and fair basis for the performance of its functions, powers and duties imposed by law, and for the exercise of rights and legitimate interests of the Operator, the Operator’s employees and third parties.

3.2 The operator shall obtain personal data directly from the subjects of personal data.

3.3. The operator shall process personal data by automated and non-automated means, with or without the use of computer equipment.

3.4 Processing of personal data includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

3.5 Databases of information containing personal data on citizens of the Russian Federation are located in the Russian Federation.

3.6 In order to achieve the purposes of personal data processing and with the consent of the personal data subjects, the Operator may carry out cross-border transfer of personal data.

4 Processing of employees’ personal data

4.1 The Operator shall process the personal data of the Operator’s employees within the framework of legal relations, regulated by the Labor Code of the Russian Federation of December 30, 2001, #197-FZ (the “Labor Code of the Russian Federation”), including Chapter 14 of the Labor Code, concerning protection of personal data of employees.

4.2 The Operator shall process employees’ personal data for the purpose of fulfilling employment contracts, compliance with Russian legislation, as well as for the purpose of
– maintain personnel records
– keep accounting records;
– Exercise the functions, powers and duties imposed on the Operator by the laws of the Russian Federation, including provision of personal data to the state authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Compulsory Medical Insurance Fund, and other state authorities;
– comply with the standards and requirements regarding health and safety at work and personal safety of MARINE CREWING AGENCY NORDVEGR LTD / SEVERNYI PUT and safekeeping of property;
– control the quantity and quality of work performed;
– provide benefits and compensations stipulated by the legislation of the Russian Federation;
– to open personal bank accounts for employees of MARINE CREWING AGENCY NORDVEGR LTD / SEVERNYI PUT for transferring salaries.

4.3 The Operator shall not make decisions affecting the interests of employees on the basis of their personal data obtained electronically or solely as a result of automated processing.

4.4. The operator shall protect the employees’ personal data at its own expense in accordance with the procedure established by the Labour Code of the Russian Federation, the Federal Law “On Personal Data” and other federal laws.

4.5. The Operator shall make the employees and their representatives aware against signature of the documents establishing the procedure for processing of employees’ personal data, as well as of their rights and obligations in this area.

4.6. The Operator shall only allow access to employees’ personal data to authorised persons who are entitled to receive only such data as is necessary for the performance of their functions.

4.7 The Operator obtains all employees’ personal data from the employees themselves. If the employee’s data can only be obtained from a third party, the Operator shall notify the employee in advance and obtain their written consent. The Operator shall inform the employee of the purpose, source, manner of obtaining, as well as the nature of the data to be obtained and the consequences of the employee’s refusal to give written consent to obtain it.

4.8. The Operator shall process the employees’ personal data with their written consent, provided for the duration of the employment contract.

4.9. The Operator shall process the employees’ personal data for the duration of the employment contract. The Operator shall process the personal data of dismissed employees within the period of time stipulated in Paragraph 5 of the Labour Contract. 5 ч. Part 3 of Article 24 of Part One of the Tax Code of the Russian Federation of July 31, 1998 No. 146-FZ, part. Article 29, Part 1 of the Federal Law “On Accounting” dated December 6, 2011 No. 402-FZ and other statutory acts.

4.10. The operator may process special categories of employees’ personal data (health information relating to the question of their ability to perform their job functions) on the basis of Article 10(2)(3). 2.3 of Article 10 of the Federal Law “On Personal Data”.

4.11. The Operator shall not process the biometric personal data of employees.

4.12. The operator shall not obtain data on the membership of employees in public associations or their trade union activities, except in cases stipulated by the Labour Code of the Russian Federation or other federal laws.

4.13. The Operator shall process the following personal data of employees: – Surname, first name, patronymic;
– Type, series and number of the identification document;
– Date of issue of the identity document and information about the issuing authority;
– Year of birth;
– Month of birth;
– Date of birth;
– Place of birth;
– Address;
– Contact telephone number;
– Email address;
– Taxpayer Identification Number;
– Number of state pension insurance certificate;
– Marital status;
– Health;
– State of health;
– Nationality;
– Photo;
– Education;
– Profession;
– Income;
– MHI insurance contributions;
– MHI insurance premiums;
– Tax deductions;
– Benefit payments;
– Retirement;
– Temporary incapacity for work;
– Position;
– Job title; Number;
– Length of service.

4.14. The Operator shall not disclose the Employee’s personal data to any third party without his/her written consent, except in cases where this is necessary to prevent threats to the Employee’s life or health and in other cases stipulated by the Labour Code, the Federal Law “On Personal Data” or other federal laws.

4.15. The Operator shall not communicate the Employee’s personal data for commercial purposes without the Employee’s written consent.

4.16. The operator shall transfer employees’ personal data to their representatives in the manner prescribed by the Labour Code of the Russian Federation, the Federal Law On Personal Data and other federal laws, and shall limit this information to only those data which are necessary for the representatives to perform their functions.

4.17. The operator shall warn the persons receiving the employee’s personal data that such data may only be used for the purposes for which it is communicated, and shall require confirmation from such persons that this rule has been observed.

4.18. In the manner prescribed by law and in accordance with Article 7 of the Federal Law “On Personal Data”, in order to achieve the purposes of personal data processing and with the consent of employees, the Operator shall provide personal data on employees or assign its processing to the following persons:
– State authorities (FIU, FTS, FSS, etc.);
– Bank (as part of a payroll project);
– Passenger shipping companies and hotels (as part of travel arrangements);
– Foreign and Russian shipping, cruise and fleet management companies.

4.19. An employee may obtain free, free access to information about his or her personal data and the processing of that data. An employee may obtain a copy of any record containing his or her personal data, except as provided by federal law.

4.20. An employee may access medical records reflecting his or her health status with the assistance of a medical professional of his or her choice.

4.21. An employee may identify a representative to protect his/her personal data.

4.22. The Employee may request the deletion or correction of his/her incorrect or incomplete personal data, as well as data processed in violation of the requirements of the Labour Code, the Federal Law “On Personal Data” or another federal law. If the operator refuses to exclude or correct the employee’s personal data, the employee may declare in writing his or her disagreement and justify such disagreement. The Employee may supplement the personal data with a statement expressing his or her own point of view.

4.23. An employee may request to notify all the persons to whom his or her incorrect or incomplete personal data were previously communicated about all the deletions, corrections and additions made to the personal data.

4.24. The employee may appeal to the court against any unlawful acts or omissions of the Operator in processing and protecting his/her personal data.

5. Processing of applicants’ personal data

5.1 The Operator shall process the personal data of job applicants (hereinafter referred to as “applicants”).

5.2 The Operator shall process the personal data of job applicants with a view to:
– decide whether or not to apply for a job
– maintain the personnel reserve.

5.3 The operator shall process the personal data of job applicants with their written consent, provided for the period necessary for taking a decision on hiring or refusing to hire them. The exception to this shall be the cases when the applicant is represented by a recruitment agency with which he/she has entered into a corresponding contract, as well as when the applicant himself/herself posts his/her CV, which is accessible to the public, on the internet.

5.4 The operator shall process the personal data of job applicants within the period necessary for taking a decision on hiring or refusing to hire them. In case of refusal of employment, the Operator shall stop processing the applicant’s personal data within 30 days in accordance with Part 4 of Article 21 of the Federal Law “On Personal Data”. If the applicant has provided consent to be included in the personnel reserve, the Operator may continue processing personal data for the period specified in the consent.

5.5 The Operator shall not process special categories of applicants’ personal data and biometric personal data of applicants.

5.6 The Operator shall process the following personal data of applicants:
– Surname, first name, patronymic;
– Type, series and number of the identity document;
– Date of issue of the identity document and information on the issuing authority;
– Year of birth;
– Month of birth;
– Date of birth;
– Place of birth;
– Address;
– Contact telephone number;
– E-mail address;
– Marital status;
– Health Status;
– Vision information;
– Nationality;
– Photo;
– Education;
– Profession;
– Income;
– Temporary incapacity for work;
– Position;
– Job title; Number;
– Length of service;
– Information on residence abroad;
– Information on services rendered;
– Information on work diplomas and certificates;
– Bank account details.

6. Information about ensuring the security of personal data

6.1 The operator shall appoint a person responsible for organisation of personal data processing in order to fulfil the obligations stipulated by the Federal Law “On Personal Data” and regulatory acts adopted in accordance therewith.

6.2 The operator applies a set of legal, organizational and technical measures to ensure security of personal data in order to ensure confidentiality of personal data and its protection against unlawful acts
– provides unrestricted access to the Policy, a copy of which is posted at the location of the Operator and may also be posted on the Operator’s website https://nordvegr.ru/.
– Approves and enforces the Regulations on Personal Data Processing (hereinafter referred to as the Regulations) and other local acts in compliance with the Policy;
– familiarizes employees with provisions of personal data legislation, as well as with the Policy and Regulations;
– Executes access of employees to personal data processed in the Operator’s information system, as well as to their tangible media only for performance of their employment duties
– Establishes rules of access to personal data processed in the Operator’s information system, as well as ensures registration and recording of all actions with such data;
– Carries out assessment of damage which may be caused to personal data subjects in case of violation of the Federal Law “On personal data”;
– identifies security threats to personal data during its processing in the Operator’s information system
– applies organizational and technical measures and uses information protection means required to achieve the established level of personal data security
– Detects the facts of unauthorized access to personal data and takes response measures, including recovery of personal data modified or destroyed as a result of unauthorized access thereto
– Evaluates efficiency of measures taken to ensure security of personal data prior to commissioning of the Operator’s information system
– Exercises internal control over compliance of personal data processing with the Federal Law “On personal data”, regulations adopted in accordance therewith, personal data protection requirements, Policy, Regulations and other local acts, including control over measures taken for ensuring security of personal data and their security level during processing in the Operator’s information system.

7. Rights of subjects of personal data

7.1 A subject of personal data shall have the right:
– To obtain personal data relating to that data subject and information relating to its processing;
– To clarify, block or destroy his personal data in case they are incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing;
– To withdraw his or her consent to the processing of personal data;
– To defend his/her rights and legitimate interests, including compensation for losses and compensation for moral damage in a court of law; – To appeal against the actions or omissions of the Operator to the competent authority for the protection of the rights of personal data subjects or in court.

7.2 In order to exercise their rights and legitimate interests, personal data subjects have the right to apply to the Operator or submit a request in person or with the help of a representative. The request must contain the information specified in Part 3 of Article 14 of the Federal Law “On Personal Data”.