Menu
+7 495 431 38 70 Select apartment Select apartment Apartments
Request a callback Book a taxi

Policy
regarding
personal data processing

1.1 This Personal Data Processing Policy (hereinafter the "Policy") has been developed and applies to the Limited Liability Company Specialised Developer TECTA-Akademicheskaya (OGRN 1207700228669, INN 7727447242) (hereinafter the "Operator") in accordance with Sub-clause 2(2) of Part II of this Agreement. 2 ч. 1.1 Article 18.1 of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data" (hereinafter the "Federal Law "On Personal Data").

1.2 This Policy defines the basic principles, objectives and methods of processing personal data accepted for processing, procedure and conditions for processing of personal data of individuals who have submitted their personal data for processing to the operator (hereinafter - personal data subjects), with or without the use of automation, establishes procedures to prevent violations of Russian Federation legislation, eliminating the consequences of such violations related to the processing of personal data.

1.3 The Policy has been developed to ensure protection of personal data subjects' rights and freedoms during processing of their personal data, as well as to establish liability of the Operator's officials, having access to personal data of personal data subjects, for non-compliance with requirements and regulations governing the processing of personal data.

1.4 The operator, guided by Article 22 of the Federal Law of 27.07.2006 N 152-FZ (as amended on 22.02.2017) "On Personal Data", shall process personal data without notifying the competent authority for the protection of personal data subjects' rights.

1.5 Personal data of a personal data subject is any information relating to a directly or indirectly defined or identifiable individual.

1.6. The operator shall process the following personal data:

  • Name, patronymic, surname of the subjects of personal data;
  • contact telephone number;
  • e-mail address.

If personal data not specified in this clause is received, such data is subject to immediate destruction by the person who inadvertently received it.

1.7. The Operator shall process the personal data of the Personal Data Subjects in order to provide the Subjects with the complete information at the disposal of the Operator regarding the facilities owned (under construction) by the Operator, information about which is located on the Operator's website, for other purposes in case the relevant actions of the Operator do not contradict the current legislation, activities of the Operator, and for the above processing the consent of the Personal Data Subject was obtained.

1.8. The Operator shall process the Subject's personal data by means of any action (operation) or set of actions (operations), performed with or without the use of automation means, including the following

  • collection,
  • recording,
  • systematization
  • accumulation,
  • storage,
  • clarification (updating, modification),
  • retrieval,
  • use,
  • transfer (distribution, provision, access),
  • anonymization,
  • blocking,
  • deletion,
  • destruction.

2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1 When processing personal data, the Operator shall be guided by the following principles:

Legality and fairness;

  • Timeliness and accuracy in obtaining the consent of the personal data subject to the processing of personal data
  • processing only personal data that meet the purposes of its processing
  • Compliance of the content and volume of processed personal data with the stated processing purposes. Processed personal data shall not be excessive in relation to the stated processing purposes;
  • Inadmissibility of combining databases containing personal data, processing of which is carried out for incompatible purposes;
  • Ensuring accuracy of personal data, its sufficiency and, where necessary, relevance in relation to the purposes of personal data processing. The operator shall take necessary measures or ensure that they are taken to remove or clarify incomplete or inaccurate data;
  • Retention of personal data in a form enabling identification of the personal data subject for no longer than the purpose of personal data processing requires.

2.2 Processing of personal data by the Operator shall be carried out in compliance with the principles and rules stipulated by

  • Federal Law of 27.07.2006 No. 152-FZ "On Personal Data";
  • This Policy;
  • Article 12 of the 1948 Universal Declaration of Human Rights; and
  • Article 17 of the International Covenant on Civil and Political Rights, 1966;
  • Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms of 1950;
  • Provisions of the Convention on Human Rights and Fundamental Freedoms of the Commonwealth of Independent States (Minsk, 1995), ratified by the Russian Federation on 11 August 1998;
  • Provisions of the Okinawa Charter on Global Information Society, adopted on 22.07.2000.

2.3 Processing of personal data by the Operator is carried out in accordance with:

  • RF Government Decree of 01.11.2012. № 1119 "On approval of the requirements for the protection of personal data during their processing in personal data information systems";
  • Order of FSTEC of Russia No. 21 dated 18.02.2013 "On approval of the composition and content of organizational and technical measures to ensure security of personal data during their processing in personal data information systems";
  • Method for determining current security threats to personal data during their processing within personal data information systems, approved by the Deputy Director of the Russian Federal Service for Technical and Export Control on February 14, 2008.
  • Recommendations for ensuring security of personal data during their processing within personal data information systems, approved by the Deputy Director of the Federal Service for Technical and Export Control of the Russian Federation on February 15, 2008;
  • Methodical Recommendations for ensuring the security of personal data by cryptographic means during their processing in the information systems of personal data by means of automation, approved by the leadership of the Center 8 FSB RF February 21, 2008 N 149/5-144;
  • Other normative and non-normative legal acts regulating personal data processing.

3. RECEIPT OF PERSONAL DATA
3.1 Personal data of subjects of personal data shall be obtained by the Operator:

  • by means of the Subject filling in the fields for submitting the "Order a call" application on the website, which is addressed in the global Internet using the domain name www.eniteo.ru, by other means that do not contradict the legislation of the Russian Federation and the requirements of international legislation on the protection of personal data.

3.2 The operator shall receive and begin processing the subject's personal data upon receipt of their consent. Consent to personal data processing may be given by the subject of personal data in any form which allows to confirm the fact of consent receipt, unless otherwise provided by federal law: in writing, orally or in any other form provided by applicable law, including by the subject of personal data performing conclusive actions.

3.3 Consent to processing of personal data shall be deemed to have been given by the personal data subject by performing the following contingent actions in the aggregate by the personal data subject

  • The person confirms the correctness and accuracy of the data specified by him/her and expresses his/her wish to submit an Application by activating the "Order a call" field on the website, which is addressed in the global Internet with the domain name www.eniteo.ru.
  • By activating the "Order a call" box, the subject gives freely, willingly and in their own interest, written consent to the Operator to process the personal data provided.
  • The consent is considered as received from the moment of such activation, provided it is confirmed by the subject of personal data in the prescribed manner, and is valid until the subject of personal data sends the operator a withdrawal of consent to the processing of personal data.
  • If the personal data subject does not consent to the processing of his or her personal data, such processing will not take place.

3.4 A personal data subject may withdraw their consent to personal data processing at any time, provided that such procedure does not violate the requirements of Russian law. If a personal data subject revokes their consent to personal data processing, the operator may continue processing personal data without the consent of the personal data subject only on the grounds specified in the Federal Law "On Personal Data".

3.5 Procedure for withdrawal of consent to personal data processing:

  • In order to withdraw consent to the processing of personal data, the Subject shall submit the relevant application in writing to the location of the Operator.

3.6. In case of revocation of personal data subject's consent to processing of his/her personal data, the Operator shall cease processing of personal data and, if preservation of personal data is no longer required for the purposes of its processing, destroy personal data within a period not exceeding 30 (Thirty) business days from the date of receipt of the said revocation, unless otherwise provided by the contract, party of which, beneficiary or guarantor under which the personal data subject is, other agreement between the Operator and the personal data subject

4. RULES AND PROCEDURE FOR PROCESSING OF PERSONAL DATA
4.1. The operator shall, prior to processing the personal data, appoint a data controller in charge of organising the processing of the personal data.

4.1.1 The data controller receives instructions directly from and is accountable to the Operator's executive body (General Director).

4.1.2 Responsible for arrangement of personal data processing shall be entitled to execute and sign a notification to the authorized body for protection of personal data subjects' rights about the Operator's intention to process personal data.

4.2 Processing of personal data shall be carried out by the Operator's employees authorised to do so by job descriptions and other internal documents of the Operator.

The Operator's employees directly engaged in the processing of personal data must be familiarised, prior to commencing work, with

  • with the provisions of the legislation of the Russian Federation on personal data, including the requirements to the personal data protection procedure;
  • The documents defining the Operator's policy in relation to the processing of personal data, including this Policy, annexes and amendments thereto;
  • Local acts on personal data processing.

Operator's employees shall only be entitled to receive personal data which is necessary for them to perform their specific job duties. The Operator's employees, who process personal data, shall be informed about the fact of such processing, the specifics and rules of such processing established by regulations and internal documents of the Operator.

4.3 When processing personal data the Operator shall apply legal, organizational and technical measures to ensure security of personal data in accordance with the Article 19 of the Federal Law "On Personal Data", the Regulation on ensuring security of personal data at their processing within personal data information systems approved by the Decree of the Government of the Russian Federation of 17.11.2007 #781, the Methodology for determining the current security threats to personal data at their processing within personal data information systems, approved by the Regulation of the Government of the Russian Federation of 17.11.2007 # 781.

4.4 The Operator ensures the confidentiality of personal data in accordance with the Confidentiality Agreement adopted by the Operator.

4.5 Control of compliance by the Operator's employees with the requirements of the laws of the Russian Federation and international laws, as well as provisions of the Operator's local regulations is organised by the Operator in accordance with this Policy on Personal Data Processing.

4.6. Audit of the Operator's compliance with the requirements of legislation and provisions of the Operator's local regulations is organised by the Operator in accordance with this Policy on Personal Data Processing.

4.7 The assessment of the harm that may be caused to the Personal Data Subjects in the event that the Operator breaches the requirements of the Personal Data Processing Law shall be determined in accordance with Art. 15, 151, 152, 1101 of the Civil Code of the Russian Federation.

4.8. The Operator shall publish or otherwise provide unrestricted access to this Policy, other documents defining the Operator's policy regarding the processing of personal data, information about the implemented requirements for the protection of personal data by posting on the Operator's electronic website: www.eniteo.ru.

4.9 Access to personal data of Subjects shall be granted to employees of the Operator who need personal data in connection with performance of their employment duties. The list of employees who have access to personal data shall be established by an Order of the Operator's Director General.

5. RULES OF CONSIDERATION OF REQUESTS OF SUBJECTS OF PERSONAL DATA OR THEIR REPRESENTATIVES
5.1 The subject of personal data has the right to receive the information specified in Part 7 of Article 14 of the Federal Law "On Personal Data", except in cases provided by Part 8 of Article 14 of the Federal Law "On Personal Data".

The subject of personal data has the right to demand that the operator clarify, block or destroy his or her personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated processing purpose, and to take statutory measures to protect his or her rights.

5.2 Information shall be provided to the personal data subject by the Operator in an accessible form and shall not contain personal data relating to other personal data subjects, unless there are legitimate grounds for disclosing such personal data.

5.3 Information shall be provided to the personal data subject or his or her representative by the operator when the personal data subject or his or her representative applies for or receives a request.

The request must contain the number of the personal data subject's or his/her representative's primary identification document, the date of issue of the said document and the authority issuing it, information confirming the personal data subject's participation in relations with the operator or information otherwise confirming the fact of personal data processing by the operator, the signature of the personal data subject or his/her representative. The request must be made in writing at the Operator's registered office.

5.4 If information, as well as processed personal data, was provided to the personal data subject for familiarization at his/her request, the personal data subject shall be entitled to apply again to the operator or to send him/her a repeated request in order to obtain information and familiarization with such personal data not earlier than 30 (thirty) working days after the initial application or sending the initial request, unless a shorter period is established by federal law, adopted in accordance with it normative rights

5.5 The subject of personal data shall be entitled to apply again to the Operator or send it a repeated request for information, as well as for familiarization with processed personal data, before the expiration of the period specified in paragraph 5.4 of this Policy, in the case, if such information and (or) processed personal data were not provided to him for familiarization in full after consideration of the initial application. The repeated request, along with the information specified in paragraph 5.3. of this Policy, must contain a justification for sending a repeated request.

5.6. The Operator shall be entitled to refuse the subject of personal data to fulfill a repeated request that does not comply with the conditions stipulated in paragraphs 5.4. of this Policy. 5.4. - 5.5. of this Policy, in the manner prescribed by the Personal Data Law. Such a refusal must be reasoned. The obligation to provide evidence of the reasonableness of the refusal to comply with the repeated request lies with the Operator.

5.7. The right of the subject of personal data to access their personal data may be restricted in accordance with Russian law.

5.8 When the personal data subject contacts the Operator or receives a request from the personal data subject or his/her representative, as well as from an authorised body for the protection of the rights of personal data subjects, the Operator shall:

  • Notify, in the manner prescribed by Article 14 of the Federal Law "On Personal Data", subject of personal data or his representative, information on availability of personal data, related to respective personal data subject, as well as provide opportunity for familiarization with such personal data upon request of personal data subject or his representative, or within 30 (thirty) business days from the date of receipt of request of personal data subject or his representative.
  • In case of refusal to provide information about availability of personal data on respective subject of personal data or personal data to the subject of personal data or his representative during their appeal or upon receipt of the request of the subject of personal data or his representative, the Operator shall provide written motivated reply, containing reference to clause 8 of Article 14 of Federal Law "On Personal Data" or other federal law, which is the basis for such refusal, within a period not exceeding 30 (thirty)
  • Provide the personal data subject or his representative with an opportunity to become acquainted with the personal data relating to this personal data subject free of charge. Within a period not exceeding seven (7) working days from the date the personal data subject or his/her representative provides information confirming that the personal data is incomplete, inaccurate or irrelevant, the Operator shall make the necessary changes to it. Within a period not exceeding seven (7) working days from the date of submission by the personal data subject or his representative of information confirming that such personal data is illegally obtained or is not necessary for the stated purpose of processing, the operator is obliged to destroy such personal data.
  • Notify the competent authority for the protection of the rights of personal data subjects at the request of that authority the necessary information within 30 (thirty) working days from the date of receipt of such request.

6. PROCEDURE FOR THE OPERATOR TO ENSURE THE RIGHTS OF THE PERSONAL DATA SUBJECT
6.1 Personal data subjects or their representatives shall have the rights provided by the Federal Law "On Personal Data" and other laws and regulations governing the processing of personal data.

6.2 The operator shall ensure the rights of the subjects of personal data in the manner prescribed by the Federal Law "On Personal Data".

6.3 A representative's authority to represent the interests of each personal data subject shall be confirmed by a power of attorney drawn up in the manner prescribed by law. A copy of the representative's power of attorney shall be retained by the Operator for at least three (3) years, and in the case of personal data storage for more than three years, for at least the storage period of personal data.

6.4 The information specified in Part 7 of Article 22 of the Federal Law "On Personal Data" shall be provided to the subject of personal data by the Operator's structural subdivision involved in the processing of personal data in an accessible form without personal data relating to other subjects of personal data, except in cases where there are legitimate grounds for disclosing such personal data in electronic form.

6.5 The information specified in paragraph 7 of Article 22 of the Federal Law "On Personal Data" is provided to the personal data subject or his/her representative in person, or when the operator receives a corresponding request of the personal data subject or his/her representative. The request must contain the number of the personal data subject's or his/her representative's primary identification document, information on the date of issue of such document and the authority issuing it, information confirming the personal data subject's participation in relations with the operator (contract number, contract execution date, conventional word mark and (or) other information), or information otherwise confirming the fact of personal data processing by the operator, the signature of the personal data subject or his/her representative.

6.6 The subject's right to access their personal data may be restricted in accordance with federal laws, including pursuant to Part 8 of Article 22 of the Federal Law "On Personal Data".

6.7. The operator must, at the request of the subject of personal data, immediately cease the processing of his personal data pursuant to Part 1, Article 15 of the Federal Law "On Personal Data".

6.8 A decision, entailing legal consequences in respect of the personal data subject or otherwise affecting his/her rights and legitimate interests, may only be taken on the basis of exclusively automated processing of his/her personal data if the personal data subject consents in writing or in cases provided for by federal laws, which also establish measures to secure the rights and legitimate interests of the personal data subject

7. RETENTION OF PERSONAL DATA
7.1 Personal data shall be stored in accordance with the written consent of the subject of personal data and for the period specified in accordance with the requirements of applicable laws of the Russian Federation.

If there are no deadlines for storage of certain types of personal data in the relevant laws and regulations, these personal data will be stored for the period specified in the written consent of the subject of personal data.

7.2 Processed personal data shall be destroyed or depersonalized upon attainment of the processing objectives or when it is no longer necessary to attain those objectives, unless otherwise provided by federal law.

7.3 The Operator's employee, who has access to personal data in connection with performance of work duties, shall ensure storage of information containing personal data of subjects of personal data, excluding access to it by third parties.

In case of leaving for holiday, business trip or other cases of prolonged absence of an employee from workplace, he/she shall transfer media containing personal data to a person who will be responsible for performance of his/her employment duties by the local act of the Operator. In case no such person is appointed, carriers, containing personal data on subjects of personal data, shall be transferred to another employee having access to personal data on subjects of personal data as directed by the head of relevant structural subdivision of the Operator.

Upon dismissal of an employee having access to personal data, carriers containing personal data on subjects of personal data shall be transferred to another employee having access to personal data on subjects of personal data as instructed by the head of structural subdivision and with notification of a person responsible for processing of personal data.

8. MEASURES AIMED AT ENSURING SECURITY OF PERSONAL DATA DURING ITS PROCESSING
8.1 The main purpose of ensuring security of personal data during their processing by the Operator is to prevent unauthorized access to them by third parties, prevention of intentional software and hardware and other influences with the purpose of theft of personal data, destruction (destruction) or distortion of personal data in the course of processing.

The operator shall take necessary and sufficient measures to protect the processed personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other unlawful actions with them by third parties.

8.2 Ensuring the security of personal data shall be achieved, in particular

  • determination of threats to security of personal data during their processing in personal data information systems
  • Application of organizational and technical measures for ensuring security of personal data during their processing within personal data information systems, necessary for fulfillment of the requirements to protection of personal data, implementation of which shall ensure security levels of personal data, established by the Government of the Russian Federation
  • Application of the duly approved procedure of conformity assessment of the information protection means
  • Evaluation of efficiency of measures to ensure personal data security prior to the commissioning of the information system of personal data
  • registration of the personal data storage devices
  • Detection of unauthorized access to personal data and taking measures
  • Restoration of personal data modified or destroyed as a result of unauthorized access to such data
  • Establishment of rules of access to personal data processed in personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in personal data information system
  • control over measures ensuring security of personal data and security level of information systems of personal data.

8.3 Access of Operator's employees to processed personal data shall be carried out in accordance with their official duties and requirements of local regulations of the Operator. Employees authorized to process personal data shall be familiarized against signature with the Operator's local regulations establishing the procedure for personal data processing, including documents establishing the rights and obligations of specific employees.

8.4 Access to personal data information systems and the processing of personal data shall be recorded, including by means of information security. The Operator shall retain information about the processing of personal data for three years.

8.5 Personal data protection measures shall be implemented by the Operator in the following areas:

  1. prevention of leakage of information containing personal data through technical communication channels and by other means;
  2. Prevention of unauthorized access to information containing personal data, special effects on such information (data carriers) in order to obtain, destroy, distort, and block access to it
  3. protection against malicious software;
  4. provision of secure interconnectivity;
  5. provision of secure access to international information exchange networks;
  6. Analysis of security of personal data information systems;
  7. Ensuring protection of information using encryption (cryptographic) means during transmission of personal data via communication channels
  8. Detection of intrusions and computer attacks
  9. control over implementation of the personal data protection system.

8.6 Measures to ensure security of personal data include:

  1. implementation of the permit system for access of employees to information resources of information systems and works, documents related to their use
  2. differentiation of access of users of personal data information systems and employees serving personal data information systems to information resources, software for processing (transfer) and protection of information
  3. Registration of actions of users and personal data information systems servicing employees, control of unauthorized access and actions of users and servicing employees, as well as third parties
  4. Use of information protection means which have passed the conformity assessment procedure in accordance with the established procedure;
  5. Prevention of introduction into information systems of malicious programs and software bookmarks, analysis of information received via information and telecommunication networks (public communication networks), including for the presence of computer viruses;
  6. The recording and storage of removable data media and their handling to prevent theft, substitution or destruction;
  7. implementation of requirements for the secure interconnection of information systems;
  8. periodic analysis of the security of installed firewalls based on the simulation of external attacks against information systems;
  9. proactive auditing of the security of information systems for real-time detection of unauthorized network activity;
  10. Analysis of the security of information systems using specialised software (security scanners).

8.7 In order to maintain personal data protection at the appropriate level the Operator shall implement internal control over efficiency of personal data protection system and compliance of the procedure and conditions of personal data processing and protection with the established requirements.

Internal control shall include:

  1. monitoring of condition of technical and software tools, included into the personal data protection system
  2. control over compliance with requirements to ensuring personal data security (requirements of regulatory legal acts and local regulations in the field of processing and protection of personal data, requirements of contracts).

8.8. In order to perform internal control, the Operator shall perform periodic inspections of personal data processing conditions. These audits shall be conducted by the commission, formed by Director General of the Operator.

The results of the inspection and measures required to eliminate identified violations shall be reported to the Operator's Chief Executive Officer.

9. CONTROL, RESPONSIBILITY FOR BREACH OR FAILURE TO COMPLY WITH THE POLICY
9.1 Control over the execution of this Policy shall be vested in the General Director of the Operator.

9.2. Persons violating or failing to comply with the requirements of the Policy shall be brought to disciplinary, administrative (Articles 5.39, 13.11, 13.14 of the Code of Administrative Violations of RF) or criminal responsibility (Articles 137, 272 of the Criminal Code of RF).

9.3. Heads of structural subdivisions of the Operator shall be personally responsible for performance of duties by their subordinates. 10.

10. MISCELLANEOUS PROVISIONS
10.1. This Policy shall come into effect as of the date of its approval by the sole executive body of the Operator.

10.2 All the Operator's employees admitted to work with personal data must be familiarized with this Policy before they work with personal data.

11. OPERATOR
OOO Specialized Developer TECTA-Academicheskaya
117 624, Moscow, 53 Izyumskaya St., building 2, room 4, floor 1
REGISTRY NUMBER 1207700228669
INN 7727447242
KPP 772701001

 

+7 495 431 38 70
Sales office: 45 Dmitry Ulyanov street,
Moscow
9am - 9pm every day
Open map

ANY INFORMATION PROVIDED ON THIS WEBSITE IS FOR INFORMATION PURPOSES ONLY AND UNDER NO CIRCUMSTANCES CONSTITUTES A PUBLIC OFFER AS DEFINED BY ARTICLE 437 OF THE CIVIL CODE OF THE RUSSIAN FEDERATION. FINISHED OBJECTS MAY DIFFER FROM THE 3D-VISUALISATIONS. ALL THE MATERIALS PRESENTED ARE INDICATIVE AND SUBJECT TO ANY CHANGES.

© Tekta Group
Site designed by Vide Infra Luxury real estate website design