THE POLITICS IN THE FIELD OF PERSONAL DATA SECURITY OF ООО «MIRTEK-engineering»

1. General provisions

1.1. The following provision is formulated with the aim of supporting of personal data protection of the site population, supporting of protection of rights and freedoms of the human at processing of his personal data including the privacy right, the personal and family skeleton and the unification of practice of personal data processing according to the actual laws of the Republic of Belarus.

1.2. At collecting and using of these data the organization falls within the scope of a row of instruments of legislation which regulate the way of implementation of such activity and security measures which have to be adopted for protection of these data.

1.3. ООО «MIRTEK-engineering» (hereinafter - the company) is obligated to observe the laws and rules which deals with the personal data security that are actual in the Republic of Belarus.

1.4. The following politics in the field of personal data security is developed by the company and is actual towards all information which the company can get about the site population of mirtekgroup.by (including subdomains) from any device and in the communication with the company in any form.

1.5. Using the site and giving its personal data the site population agrees to personal data processing according to the politics of the company in the field of personal data security.

1.6. ООО «MIRTEK-engineering» performs personal data processing with the aim of the compliance of obligations of the data processor towards users referring to using of the site and its services.

2. Terms and definitions

2.2. The following terms are used in this document:

The site administration (hereinafter – the company) is the authorised personnel which acts in the name of the company and performs personal data processing and specifies the content of personal data which falls within the scope of processing, actions (operations) which are made with personal data;

The site population (hereinafter – the site population)  is any population which is on the site or was on the site and also placed an order on the site;

The personal data  are main and additional personal data of a private person which fall within the scope of the registration in the register of the population according to legislation pieces of the Republic of Belarus and also other data which let identify such person;

Personal data processing is any operation or a complex of operations which are performed with personal data or a set of personal data with the use of automatic means and without them including collecting, recording, sorting, structuring, storage, processing or changing, searching and selection, expertise, using, revelation through transmission, propagation or other mean of access granting, grouping or combining, limitation of processing, cancellation or destruction of personal data;

The data processor is any private or legal person, any authority (a local authority), its structural subdivisions which perform or personal data processing or exchange;

Provision of personal data  are actions which are oriented to propagation of personal data for a certain person or a scope of persons.

3. Propagation area

3.1. The politics is obligatory for all own and free employees of OOO “MIRTEK-engineering” and all structural subdivisions of the organisation including branch offices. Requirements of the politics are used referring to other persons, if their taking part is needed in the process of personal data processing by the organisation in the appropriate manner or on the basis of agreements and contracts.

3.2. Requirements of the politics are used in any personal data not depending on the format of media where they are stored.

3.3. The politics is a public document of OOO “MIRTEK-engineering” and stipulates for the possibility of insight into it of any persons.

3.4. The politics is developed on the basis of and according to the following requirements:

  • The basic law of the republic of Belarus dated  1994 with changes and supplements which were adopted on the 24.11.1996, 17. 10. 2004;

  • The law of the republic of Belarus “About information, computerisation and information security” dated the 10th of 2008 №455-3 (with changes and supplements);

  • The law of the Republic of Belarus «About the register of the population » dated the 21.07.2008 №418-З;

The ministerial order of the republic of Belarus “About the approval of the provision of the previous identification of an internet resource, net publication” dated the 23.11.2018 №850.

4. Principles of personal data processing

4.1. The organisation is obligated to follow the following principles at personal data processing. Personal data have to

  • be processed on legal grounds, fairly and transparently referring to the data subject (“principle of legality, fairness and transparency”);

  • be correspondent with requirements which are relevant and limited to that what is needed referring to the aims what they are proceeded (“the data minimizing principle”) ;

  • be proceeded in such way which provides proper security of personal data including the protection against unsanctioned or not legal processing and also against an accidental loss, removal, or damage with the use of appropriate technical and organizational measures (“the principle of integrity and confidence”).

4.2. ООО «MIRTEK-engineering» is obligated to follow the above mentioned principles not only at personal data processing at the time, but also at implementing of new methods and processing systems.

5. Aims of personal data collecting and processing of the site population

5.1. The company performs personal data processing of the site population including the family name, the name, the patronymic name, the date and place of birth, the contact telephone number, details of the document of the identification, the registration address, the e-mail-address, the address of delivery and so forth.

5.2. The company performs personal data processing through accumulation, systematization, storage, validation (updates, changes), use, propagation (including transmission), depersonalization, blocking, destruction.

5.3. The company processes personal data of the site population only with the aim, why they were given, including the identification of the site population, the registration in the self-service provision (the personal area), the execution of a communications services contract, the execution of a sale and purchase contract, providing the information about the company and services rendered for the site population, the insight of the site population into legal documents of the company and also the realization of seals and responsibilities which belong to the company according to the laws of the Republic of Belarus, the coupling back including filing of notifications and inquiries which belong to services rendered, request and inquiry handling from the site population which belong to services rendered, the location definition of the site population, fraud prevention, access granting to sites or services of partners of the company for the site population with the aim of product getting, updates and services, with other aims according to the accepted offerer or with the consent of the site population.

5.4. After meeting the processing goal and also the beginning of other reasons which are stipulated by the laws of the Republic of Belarus in the field of personal data processing and security, personal data of the site population will be destroyed.

5.5. The company will always get an obvious consent from the subject for collecting and processing of its personal data except cases when the consent is not required according to the legislative norms.

5.6. While requiring the consent, OOO “MIRTEK-engineering” reports about identification data of the organisation, the character and aims of processing, the list of processed categories of personal data subjects and explains rights of private persons referring to their personal data including the right to withdraw the consent.

This information is provided in an understandable, easily accessible form with the use of an understandable and simple language.

5.7. The organisation processes personal data only in the case if the subject gave its consent for the above-mentioned personal data.

5.8. The processor processes and stores the following personal data with the consent of the user:

  • name, patronymic name, and family name of the user,

  • date of birth of the user;

  • post address of the user;

  • telephone number of the user;

  • e-mail-address of the user;

Personal data can also include additionally available data provided by users according to an inquiry of the processor with the aim of performance of obligations of the processor towards the users.

6. Rights of the site population (personal data subject)

6.1. The data subject possesses the main following rights:

6.1.1. Right to information. Private persons have a right to information about the collection and using of their personal data.

6.2.2. Data access right. Private persons have a right to have access to their personal data.

6.3.3.Right to rectification. Private persons have a right or require correction of their personal data if they are not correct or an addition if they are not full.

6.3.4. Right to erasure. Private persons have a right or require an erasure of their personal data.

6.3.5. Appealing of activities or inactivities of the processor.

6.3.6. Withdrawal of the consent  for personal data processing.

7. Processing time of personal data of the site population

7.1. The site population gives its consent to process its personal data permanently.

The site population has a right to withdraw its consent for personal data processing through direction of a written application to the e-mail-address info@mirtekgroup.by.

8. Using technology “COOKIES”

8.1. At browsing the website of the company an automatic collection (from Cookies) of the following statistic data occurs about the site population including:

  • type of the action taken on the site (a click, a mouseover and so on);

  • date and time of the action taken;

  • URL of the site;

  • Referer;

  • IP (without a possibility to work with IP-addresses in the statistics);

  • User-Agent;

  • ClientID (identifier of the browser according to the Cookie file);

  • Screen resolution;

  • Class of the HTML-element which a click happens in;

  • Data about communications services which are linked and dislinked by the user in self-service systems including identifier of services, services names, the linking/ delinking/ price, the rental fee for the services;

  • Data about the quantity of reviewings of goods cards in different goods lists, clicks according to the chosen goods cards, additions to the basket, removals from the basket in conjunction with data about the price of such goods;

  • Data about the content, price, progress status of goods which were placed by users in web-projects:

  • Data about facts of completing forms on websites including errors at their completing.

8.2. Using the website, the visitor gives his consent that the company may use statistical data and Cookies-files for their following processing by systems Google Analytics, Yandex.Metrica, Google Firebase, Appmetrica and may transmit them for studies, execution of works or rendering of services on behalf of the company.

8.3. The visitor of the website can manage Cookies-files on his own through changing of the browser settings. Changes of the user settings, when files will be blocked, can lead to inaccessibility of separate components of the site.

9. Storage of personal data

9.1. Personal data of subjects may be received, go through the following processing, and be transmitted to storage both on hard copies and in electronic form.

9.2. Personal data stored in hard copies are stored in latched boards or in latched rooms with a restricted access right.

9.3. Personal data of subjects which are processed with the use of automatic means with different aims are stored in different folders.

9.4. Storage and positioning of documents which contain personal data are unacceptable in open electronic catalogues (file hosting services) in information systems of personal data.

9.5. Storage of personal data in the form which lets specify the personal data subject is performed not longer than aims of processing require it, and the fall within erasure after end of processing purposes or in the case of a loss of the need in their end.

9.6. Erasure of personal data

9.6.1. Erasure of documents (storage devices) which contain personal data is performed through burning, fragmentation (pulverization), chemical decomposition, turning into formless mass or powder. To erase paper documents, using of a shredder is acceptable.

9.6.2. Personal data are erased on electronic storage devices through erasing or formatting of the storage device.

9.6.3. The fact of erasing of personal data is confirmed documentarily by a formal note about erasing of storage devices.

9.7. The processor transmits personal data to the third part in the following cases:

  • the subject expressed its consent for such actions;

  • the transmission is stipulated by the laws of the Republic of Belarus.

10. Personal data security

10.1. According to the requirements of legal documents the data processor has created a personal data security system which consists of subsystems for legal, organizational, and technical security.

10.2. The subsystem for legal security is a complex of legal, organizational-management and statutory documents which provide creating, functioning, and perfecting of the personal data security system.

10.3. The subsystem of organizational security includes the organization of the management structure of the personal data security system, of the approval system, the information security at working with employees, partners and the third part.

10.4. The subsystem for technical security includes a complex of technical, software, hard-ware and software means which provide personal data security.

10.5. Main measures of the personal data security which are used by the data processor are:

10.5.1. Designation of the person which is responsible for personal data processing and performs the organization of personal data processing, training, and coaching, internal control of the compliance of requirements for personal data security by the organization and its employees.

10.5.2. Specifying of actual security threats of personal data at their processing in the information system of personal data and development of activities concerning personal data security.

10.5.3. Developing of politics concerning personal data processing.

10.5.4. Regulation of access rules to personal data which are processed in the information system of personal data and also providing of the registration of all actions which are taken with personal data in the information system of personal data.

10.5.5. The acquisition of individual access passwords of employees to the information system according to their production responsibilities.

10.5.6. Using of information security tools passed the conformity assessment procedure in the appropriate manner.

10.5.7. The Certified anti-virus software with regularly updated bases.

10.5.8. The observance of the terms which provide the integrity of personal data and excludes a not permitted access to them.

10.5.9. Detection of facts of a not permitted access to personal data.

10.5.10. Regeneration of personal data which were modified or erased as a result of a not permitted access to them.

10.5.11. Coaching of employees of the processor which performs personal data processing immediately in statements of the laws of the Republic of Belarus about personal data including requirements for personal data security, in documents which specify the politics of the data processor towards personal data processing, in local legal documents about questions of personal data processing.

10.5.12. Performing of the internal control and the audit.

11. Final clauses

11.1. ООО “MIRTEK-engineering” reserves the right to change and to complete the following politics.

11.2. The user of the site confirms that he is acquainted with all items of the following politics and gives his consent with their terms.