Skip to main content
Version: 4.1

Personal Data Processing Policy

1. General Provisions

1.1. This Personal Data Processing Policy has been drawn up in accordance with the requirements of Federal Law No. №152-FL of July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and measures to ensure the security of personal data undertaken by LLC «VolgaBlob» (hereinafter referred to as the "Operator").

1.2. The Operator's most important goal and condition for carrying out its activities is to respect the rights and freedoms of individuals when processing their personal data, including the protection of the rights to privacy, personal and family secrets.

1.3. This Policy of the Operator regarding the processing of personal data (hereinafter referred to as the "Policy") applies to all information about personal data subjects that the Operator processes.

2. Key Concepts Used in the Policy

2.1. Non-automated processing of personal data – processing of personal data carried out with the direct participation of a human, involving actions such as the use, clarification, dissemination, or destruction of personal data in relation to each personal data subject.

2.2. Automated processing of personal data – processing of personal data using computer technology.

2.3. Blocking of personal data – temporary cessation of personal data processing (except in cases where processing is necessary to clarify personal data).

2.4. Website – a combination of graphical and informational materials, as well as computer programs and databases that make them available on the Internet at the network address https://www.smartmonitor.ru (including subdomains * .smartmonitor.ru).

2.5. Personal data information system – a set of personal data contained in databases and information technologies and technical means enabling their processing.

2.6. Depersonalization of personal data – actions resulting in the impossibility, without the use of additional information, to attribute personal data to a specific User or other personal data subject.

2.7. Processing of personal data – any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

2.8. Operator – LLC «VolgaBlob».

2.9. Personal data – any information relating directly or indirectly to a specific or identifiable individual (personal data subject).

2.10. Personal data permitted by the personal data subject for dissemination – personal data, access to which for an unlimited number of persons has been provided by the personal data subject by giving consent to the processing of personal data permitted for dissemination in accordance with the procedure established by the Personal Data Law (hereinafter referred to as "personal data permitted for dissemination").

2.11. User – any visitor to the Website https://www.smartmonitor.ru (including subdomains * .smartmonitor.ru) — a personal data subject.

2.12. Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

2.13. Dissemination of personal data – any actions aimed at disclosing personal data to an indefinite group of persons (transfer of personal data) or at making personal data available to an unlimited group of persons, including the publication of personal data in the media, placement in information and telecommunications networks, or providing access to personal data in any other way.

2.14. Destruction of personal data – any actions resulting in the irreversible destruction of personal data with the impossibility of further restoring the content of personal data in the personal data information system and/or the destruction of material carriers of personal data.

3. Key Rights and Obligations of the Operator

3.1. The Operator has the right to:

  • Receive from the personal data subject reliable information and/or documents containing personal data;
  • Amend this Policy unilaterally at any time, without notifying the User. All amendments come into force from the moment of their posting on the Website. The current version is always available to Users on the Website;
  • In the event that the personal data subject withdraws consent to the processing of personal data, the Operator is entitled to continue processing personal data without the subject's consent if grounds specified in the Personal Data Law exist;
  • Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and the regulatory legal acts adopted pursuant to it, unless otherwise provided by the Personal Data Law or other federal laws.

3.2. The Operator is obligated to:

  • Provide the personal data subject, upon their request, with information concerning the processing of their personal data;
  • Organize the processing of personal data in the manner established by the current legislation of the Russian Federation;
  • Respond to appeals and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
  • Provide the authorized body for the protection of the rights of personal data subjects, upon its request, with the necessary information within 10 days from the date of receipt of such a request (this period may be extended in the manner specified in the Personal Data Law);
  • Publish or otherwise ensure unrestricted access to this Policy regarding the processing of personal data;
  • Implement legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning personal data;
  • Cease the transfer (dissemination, provision, access) of personal data, ensure clarification, blocking, termination of processing, and destruction of personal data in the manner and cases provided for by the Personal Data Law;
  • Fulfill other obligations stipulated by the Personal Data Law.

4. Key Rights and Obligations of Personal Data Subjects

4.1. Personal data subjects have the right to:

  • Receive information concerning the processing of their personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form and must not contain personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
  • Demand that the Operator clarify, block, or destroy their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or is not necessary for the stated purpose of processing, as well as take legal measures to protect their rights;
  • Withdraw consent to the processing of personal data;
  • Appeal to the authorized body for the protection of the rights of personal data subjects or to a court of law against unlawful actions or inaction of the Operator in processing their personal data;
  • Exercise other rights provided for by the legislation of the Russian Federation.

4.2. Personal data subjects are obligated to:

  • Provide the Operator with accurate data about themselves;
  • Undertake to independently monitor changes to this Policy by periodically familiarizing themselves with the current version. The personal data subject is solely responsible for any consequences resulting from failure to familiarize themselves with the Policy;
  • Inform the Operator about the clarification (updating, modification) of their personal data.

4.3. Persons who have provided the Operator with inaccurate information about themselves, or information about another personal data subject without the latter's consent, bear responsibility in accordance with the legislation of the Russian Federation.

5. Conditions for Processing Personal Data

5.1. Processing of personal data is carried out with the consent of the personal data subject to the processing of their personal data.

5.2. Processing of personal data is necessary to achieve the goals stipulated by an international treaty of the Russian Federation or law, for the performance of functions, powers, and duties imposed on the operator by the legislation of the Russian Federation.

5.3. Processing of personal data is necessary for the performance of a contract to which the personal data subject is a party, beneficiary, or guarantor, as well as for concluding a contract on the initiative of the personal data subject or a contract under which the personal data subject will be a beneficiary or guarantor.

5.4. Processing of personal data is necessary for the exercise of the rights and legitimate interests of the Operator or third parties, or for achieving socially significant goals, provided that this does not violate the rights and freedoms of the personal data subject.

5.5. The Operator has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with such person. If the Operator entrusts the processing of personal data to another person, the Operator bears responsibility to the personal data subject for the actions of that person.

6. Principles of Personal Data Processing

6.1. Processing of personal data is carried out on a lawful and fair basis.

6.2. Processing of personal data is limited to achieving specific, predetermined, and lawful purposes. Processing of personal data that is incompatible with the purposes of personal data collection is not permitted.

6.3. Merging databases containing personal data processed for purposes that are incompatible with each other is not permitted.

6.4. Only personal data that meets the purposes of their processing is subject to processing.

6.5. The content and scope of the processed personal data correspond to the stated purposes of processing. Redundancy of processed personal data in relation to the stated purposes of their processing is not permitted.

6.6. When processing personal data, the accuracy, sufficiency, and, where necessary, relevance of the personal data in relation to the purposes of processing are ensured. The Operator takes necessary measures and/or ensures their implementation to delete or clarify incomplete or inaccurate data.

6.7. Storage of personal data is carried out in a form that allows identification of the personal data subject for no longer than required by the purposes of personal data processing, unless the storage period for personal data is established by federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data is destroyed or anonymized upon achieving the processing purposes or in the event that the necessity to achieve these purposes is lost, unless otherwise provided by federal law.

7. Purposes of Personal Data Processing

7.1. The purposes of personal data processing, categories and list of processed personal data, categories of subjects whose personal data is processed, methods, processing and storage periods are provided in the table below:

PurposeCategories of Personal Data SubjectsCategories and Lists of Processed Personal DataProcessing MethodProcessing PeriodStorage PeriodDestruction Procedure
Ensuring compliance with the labor legislation of the Russian FederationEmployees, former employeesOther:
  • Full Name
  • Gender
  • Date of birth (day, month, year of birth)
  • Place of birth
  • Identity document details
  • Registration address
  • Residential address
  • Marital status
  • Education details
  • Employment details (including work experience, current employment data specifying the organization's name and account number)
  • Military service status, military registration details
  • SNILS (Russian pension insurance number)
  • INN (Russian tax identification number)
  • Phone number
  • Email address
  • Income details
  • Job title/Position
  • Account number
  • Citizenship
  • Automated
  • Non-automated
Term of the employment contract50 years
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
  • Personal data on paper media is destroyed by shredding into small pieces using a shredder
Family membersOther:
  • Full Name
  • Year of birth
  • Automated
  • Non-automated
Term of the employee's employment contract50 years
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
  • Personal data on paper media is destroyed by shredding into small pieces using a shredder
Ensuring compliance with the tax legislation of the Russian FederationEmployees, former employeesOther:
  • Full Name
  • Date of birth (day, month, year of birth)
  • Identity document details
  • INN (Russian tax identification number)
  • Income details
  • Account number
  • Automated
  • Non-automated
Term of the employee's employment contract5 years
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
Ensuring compliance with the pension legislation of the Russian FederationEmployees, former employeesOther:
  • Full Name
  • Gender
  • Date of birth (day, month, year of birth)
  • Identity document details
  • Registration address
  • SNILS (Russian pension insurance number)
  • INN (Russian tax identification number)
  • Account number
  • Automated
  • Non-automated
Term of the employee's employment contract5 years
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
Ensuring compliance with the legislation of the Russian Federation on defenseEmployees, former employeesOther:
  • Full Name
  • Date of birth (day, month, year of birth)
  • Marital status
  • Residential address
  • Registration address
  • SNILS (Russian pension insurance number)
  • Identity document details
  • Job title/Position
  • Military service status
  • Military registration details
  • Education details
  • Automated
  • Non-automated
Term of the employee's employment contract5 years
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
Posting on the Operator's internal information and reference resourcesEmployeesOther:
  • Full Name
  • Job title/Position
  • Phone number
  • Email address
  • Date of birth (day, month, year of birth)
  • Photograph
AutomatedTerm of the employee's employment contractTerm of the employee's employment contract
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage
Organizing feedback with Website usersWebsite UsersOther:
  • Full Name
  • Phone number
  • Email address
  • Name of the company represented by the user
  • Job title/Position
  • Link to personal website and social media profile
AutomatedUntil the processing purpose is achievedUntil the processing purpose is achieved
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
Collecting statistics on user actions on the WebsiteWebsite UsersOther:
  • Cookies
AutomatedUntil the processing purpose is achievedUntil the processing purpose is achieved
  • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
  • Personal data on machine-readable media is destroyed by causing irreparable damage

Exercising the rights and legitimate interests of the Operator within the framework of its activities, namely concluding, executing, and terminating contracts with counterparties

Representatives of counterpartiesOther:
  • Full Name
  • Job title/Position
  • Place of work
  • Email address
  • Phone number
  • Automated
  • Non-automated
    		• Termination of contractual obligations5 years
    • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
    • Personal data on machine-readable media is destroyed by causing irreparable damage
    • Personal data on paper media is destroyed by shredding into small pieces using a shredder
    Representatives of partner organizationsOther:
    • Full Name
    • Job title/Position
    • Place of work
    • Email address
    • Phone number
    ClientsOther:
    • Full Name
    • Job title/Position
    • Place of work
    • Email address
    • Phone number
    EmployeesOther:
    • Full Name
    • Job title/Position
    • Place of work
    • Email address
    • Phone number

    Promoting goods, works, services on the market

    		EmployeesOther:
    • Full Name
    • Job title/Position
    • Email address
    • Photograph
    		AutomatedUntil the processing purpose is achieved / until a request to cease processing is received
  • Until the processing purpose is achieved / until a request to cease processing is received
  • 3 years for issued consents for the dissemination of personal data (after the consent period expires or it is withdrawn, unless otherwise provided by federal law)
    • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
    • Personal data on machine-readable media is destroyed by causing irreparable damage
    ClientsOther:
    • Full Name
    • Job title/Position
    • Place of work
    • Email address
    • Photograph
    Representatives of partner organizationsOther:
    • Full Name
    • Job title/Position
    • Place of work
    • Email address
    • Photograph
    Personnel selection (applicants) for vacant positionsApplicantsOther:
    • Full Name
    • Date of birth (day, month, year of birth)
    • Education details
    • Work experience
    • Previous place of work
    • Phone number
    • Email address
    • Photograph
    • Other personal data the applicant wished to provide
    		AutomatedPeriod of assessment procedures30 days (except for cases stipulated by legislation)
    • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
    • Personal data on machine-readable media is destroyed by causing irreparable damage
    Registration for the Operator's eventsWebsite visitorsOther:
    • Full Name
    • Phone number
    • Email address
    • Job title/Position
    • Name of the company represented by the website user
    		MixedUntil the processing purpose is achievedUntil the processing purpose is achieved
    • Personal data in electronic form is deleted using information security tools that have undergone the conformity assessment procedure as established
    • Personal data on machine-readable media is destroyed by causing irreparable damage

    8.1. The legal grounds for personal data processing by the Operator are:

    • The Labor Code of the Russian Federation;
    • The Tax Code of the Russian Federation;
    • Other regulatory legal acts governing relations related to the Operator's activities;
    • The Operator's charter documents and its other internal regulations;
    • Contracts concluded between the operator and the personal data subject;
    • Consents of personal data subjects for the processing of their personal data, for the processing of personal data permitted for dissemination.

    9. Procedure for Collecting, Storing, Transferring, and Other Types of Personal Data Processing

    9.1. The personal data subject independently decides to provide their personal data and gives consent freely, by their own will, and in their interest.

    9.2. The Operator processes the personal data of Website users only if they are filled in and/or sent by the Website user independently via special forms located on the Website https://www.smartmonitor.ru (including subdomains * .smartmonitor.ru), or sent to the Operator via email. By filling out the relevant forms and/or sending their personal data to the Operator, Website users express their agreement with this Policy.

    9.3. When processing personal data, the Operator ensures the confidentiality of personal data.

    9.4. The personal data of a personal data subject is not transferred by the Operator to third parties without written consent, except in cases related to the execution of current legislation.

    9.5. The Operator and other persons who have gained access to personal data are obliged not to disclose them to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

    9.6. In case inaccuracies in personal data are identified, the personal data subject may notify the Operator in the manner established by internal regulations. The Website user can update them independently by sending a notification to the Operator's email address info@volgablob.ru with the subject line «Updating personal data».

    9.7. The period for processing personal data is determined by the achievement of the purposes for which the personal data was collected, unless another period is provided for by contract or current legislation.

    9.8. The personal data subject has the right to withdraw their consent in the manner defined in the consent.

    9.9. A Website user has the right to withdraw their consent by preparing a corresponding written document, which may be sent by the user to the Operator's address by registered mail with a return receipt or delivered in person to a representative of the Operator against a receipt. Upon receipt of a written application to withdraw this consent to the processing of personal data, the Operator is obliged to cease their processing. A Website user may also withdraw their consent to the processing of personal data at any time by sending a notification to the Operator via email at the Operator's email address info@volgablob.ru with the subject line «Withdrawal of consent to the processing of personal data».

    9.10. The consent of a personal data subject for the processing of personal data permitted for dissemination is executed separately from other consents for the processing of their personal data. The conditions provided for, in particular, in Article 10.1 of the Personal Data Law, are observed.

    9.11. The Operator is obliged to publish information about the processing conditions, the presence of prohibitions and conditions for the processing by an unlimited number of persons of personal data permitted for dissemination, no later than 3 business days from the moment of receiving the specified consent of the User who is the personal data subject.

    9.12. The transfer (dissemination, provision, access) of personal data permitted by the personal data subject for dissemination must be ceased at any time upon the demand of the personal data subject. This demand must include the surname, first name, patronymic (if any), contact information (phone number, email address, or postal address) of the personal data subject, as well as a list of personal data whose processing is to be ceased. This demand can be provided to the Operator directly, by sending it by mail to the Operator's address, or via email to the Operator's email address info@volgablob.ru with the subject line «Demand to cease the transfer (dissemination, provision, access) of personal data».

    9.13. The Operator processes anonymized data about the Website user if this is allowed in their browser settings (saving «cookies» and using JavaScript technology is enabled).

    9.14. The Operator stores personal data in a form that allows identification of the personal data subject for no longer than required by the purposes of personal data processing, unless the storage period for personal data is established by federal law or a contract to which the personal data subject is a party, beneficiary, or guarantor.

    9.15. For the storage of personal data, the Operator uses databases located on the territory of the Russian Federation, in accordance with Part 5 of Article 18 of the Personal Data Law.

    9.16. Conditions for ceasing the processing of personal data may include the achievement of the purposes of personal data processing, the expiration of the personal data subject's consent period, the withdrawal of consent by the personal data subject, as well as the identification of unlawful processing of personal data.

    9.17. The Operator does not process special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, or intimate life.

    9.18. All information collected by third-party services, including payment systems, communication means, and other service providers, is stored and processed by these persons (operators) in accordance with their User Agreement and Privacy Policy. The personal data subject and/or Website user is obliged to familiarize themselves with these documents in a timely manner. The Operator is not responsible for the actions of third parties, including the service providers specified in this clause.

    10. List of Actions Performed by the Operator with Received Personal Data

    10.1. The Operator performs collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (dissemination, provision, access), blocking, deletion, and destruction of personal data.

    10.2. The Operator performs non-automated processing of personal data and automated processing of personal data with the receipt and/or transmission of the obtained information via information and telecommunication networks or without it.

    11. Ensuring the Security of Processed Personal Data by the Operator

    11.1. When processing personal data, the Operator takes necessary measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions concerning personal data.

    11.2. Implementing the requirements for the protection of personal data, the Operator takes the following measures:

    • Identifies security threats to personal data during their processing in the Operator's personal data information systems;

    • Takes organizational and technical measures (including through the use of information protection tools that have undergone the established conformity assessment procedure, in cases where the use of such tools is necessary to neutralize current security threats to personal data, as well as for the destruction of personal data) to ensure the security of personal data during their processing in personal data information systems, necessary to fulfill the requirements for the protection of personal data established by the legislation of the Russian Federation;

    • Assesses the effectiveness of the taken measures to ensure the security of personal data before putting personal data information systems into operation;

    • Organizes the inventory of material carriers of personal data, as well as the separate storage of personal data (material carriers) processed for different purposes (when processing without the use of automation tools);

    • Organizes measures to detect instances of unauthorized access to personal data and to take appropriate response measures in accordance with the current legislation of the Russian Federation;

    • Ensures the possibility of restoring personal data modified or destroyed due to unauthorized access to them;

    • Establishes rules for access to personal data processed in personal data information systems, and also ensures the logging and accounting of all actions performed with personal data in personal data information systems;

    • Organizes measures to monitor the taken measures to ensure the security of personal data and the security level of personal data information systems;

    • Appoints persons responsible for ensuring the security of personal data;

    • Develops internal regulations establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;

    • Processes personal data without the use of automation tools in such a way that, for each category of personal data, the storage locations of personal data (material carriers) and lists of persons processing personal data / having access to them are determined;

    • Stores personal data under conditions that ensure their safety and prevent unlawful access to them;

    • Organizes training for employees processing personal data.

    12. Conditions for Dissemination of Personal Data

    12.1. The dissemination of personal data of personal data subjects on the Website occurs with the consent of the respective personal data subjects for the purpose of promoting the Operator's goods and services on the market. Personal data is disseminated to the extent determined by the subjects in the corresponding consents. Personal data subjects provide consent for the processing of personal data permitted for dissemination freely, by their own will, and in their interest. The subjects have not established any prohibitions on the transfer (except for providing access) of this personal data, nor on the processing or conditions of processing (except for obtaining access) of this personal data.

    13. Final Provisions

    13.1. The User can obtain any clarifications on issues of interest regarding the processing of their personal data by contacting the Operator via email at info@volgablob.ru.

    13.2. Any changes to the Operator's personal data processing policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.

    14. Company Details

    • Legal Address: 123610, Moscow, Russia, Krasnopresnenskaya Nab., 12, premises 1130B
    • Postal Address: 400005, Volgograd, Russia, Marshal Chuykov St., 55
    • Phone: +7-8442-239-992
    • E-mail: info@volgablob.ru
    • Taxpayer ID (INN): 3442090398, Tax Registration Reason Code (KPP): 770301001, Primary State Registration Number (OGRN): 1073459003155, All-Russian Classifier of Enterprises and Organizations (OKPO): 80192261
    • Bank: «ROSTOVSKY» BRANCH OF «ALFA-BANK» JSC, ROSTOV-ON-DON
    • Bank Identification Code (BIK): 046015207, Correspondent Account (corr. account): 30101810500000000207 Settlement Account (account): 40702810026010001335