Privacy policy

1.1. This Policy of DALHIMPHARM JSC regarding the processing of personal data (hereinafter referred to as the Policy) defines the basic principles, objectives, procedure and conditions for the processing of personal data, the categories of subjects whose personal data is processed at DALHIMPHARM JSC (hereinafter referred to as the Enterprise), the rights of personal data subjects, as well as the requirements implemented by the Enterprise to protection of personal data.

1.2. The purpose of this Policy is to ensure the rights and freedoms of employees of the Company and other subjects of personal data when processing personal data.

Terms, definitions and abbreviations

The following terms, definitions and abbreviations are used in this Policy:

RF is the Russian Federation.

The company is JSC DALHIMPHARM.

An employer is a legal entity (Enterprise) that has entered into an employment relationship with an employee, represented by the General Director (a person authorized by him).

An employee is an individual who has entered into an employment relationship with an Employer.

The Personnel Department is a structural division of the Company.

Personal data (PD) – any information related directly or indirectly to a specific or identifiable natural person (personal data subject).

Personal Data Operator (operator) – JSC "DALHIMPHARM", registered at the address: 680001 Khabarovsk, Tashkent st., 22.

Personal data subject (PD subject) – the individual to whom the relevant personal data relates.

Automated personal data processing is the processing of personal data using computer technology.

Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

Personal data protection is a set of technical, organizational and organizational-technical measures aimed at ensuring the security of personal data.

The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

Information is information (messages, data) regardless of the form of their presentation.

Confidentiality of personal data is a requirement for operators or other persons to comply with the non–disclosure and non-disclosure of personal data without the consent of the personal data subject.

Depersonalization of personal data is an action that makes it impossible to determine the identity of personal data to a specific subject without using additional information.

Personal data processing is any action (operation) or combination thereof performed with or without automation tools.

Providing personal data is an action aimed at disclosing personal data to a certain person or a certain circle of people.

Dissemination of personal data is an action aimed at disclosing personal data to an unspecified group of people.

A personal data subject is an individual who has entered into a relationship with an Enterprise in which the Enterprise processes the personal data of such a person.

Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, to a foreign individual or legal entity.

Destruction of personal data is an action that makes it impossible to restore the content of personal data.

General provisions

3.1. The Policy applies to all personal data processed by the Company.

3.2. The Policy is a publicly available document and is freely available on the Internet on the official website of the Company. DALHIMPHARM.ru .

3.3. The provisions of the Policy are fundamental to other local regulations of the Company.

3.4. The legal basis for the processing of personal data is a set of regulatory legal acts:

The Constitution of the Russian Federation;
The Civil Code of the Russian Federation;
The Labor Code of the Russian Federation;
Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
Federal Law No. 61-FZ of April 12, 2010 "On the Circulation of Medicines";
the charter of the Company;
contracts concluded between the Company and the subjects of personal data;
consent of personal data subjects to the processing of their personal data;
other regulatory legal acts.

3.5. Principles of personal data processing

3.5.1. The processing of personal data must be carried out on a lawful and fair basis.

3.5.2. The processing of personal data should be limited to achieving specific, predetermined and legitimate goals.

3.5.3. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other.

3.5.4. Only personal data that meets the purposes of their processing is subject to processing.

3.5.5. The content and volume of personal data processed must correspond to the stated purposes of processing.

3.5.6. When processing personal data, accuracy, sufficiency and relevance must be ensured.

3.5.7. Processing is carried out both automated and without the use of automation tools.

3.5.8. Personal data should not be stored for longer than the purposes of processing require.

3.5.9. Personal data is subject to destruction or depersonalization upon achievement of the processing objectives.

Purposes of personal data processing

4.1. The Company processes personal data for the following purposes::

implementation of labor relations with employees;
personnel accounting;
ensuring compliance with laws and other regulatory legal acts;
conclusion and execution of contracts with subjects of personal data;
accounting, tax accounting and reporting;
implementation of compulsory medical and social insurance;
ensuring access control on the territory of the Enterprise;
record keeping;
the exercise of other rights and obligations of the Company in accordance with the legislation of the Russian Federation.
Categories of personal data subjects

5.1. The Company processes personal data of the following categories of subjects:

employees of the Company;
persons who have civil relations with the Company;
candidates for vacant positions;
former employees;
contractors and their representatives;
visitors to the territory of the Enterprise;
other persons who provided their personal data.
List of personal data

6.1. Depending on the purposes of the processing, the Company processes the following personal data:

last name, first name, patronymic;
date and place of birth;
passport data or data of another identity document;
address of registration and actual residence;
contact information (phone, e-mail);
information about marital status, children;
information about education, qualifications, and work experience;
information about military registration;
information about employment;
salary information;
information about bank details for settlements;
information required for taxation and social insurance;
other data provided by the subjects of personal data.
Procedure and conditions of processing

7.1. The processing of personal data at the Enterprise is carried out with the consent of the personal data subject, except in cases provided for by the legislation of the Russian Federation.

7.2. Personal data processing can be carried out both with the use of automation tools and without the use of such tools.

7.3. Personal data is processed in compliance with the principles and requirements of Federal Law No. 152-FZ.

Rights of personal data subjects

8.1. Subjects of personal data have the right to:

receive information regarding the processing of their personal data;
request clarification, blocking or destruction of personal data;
revoke consent to the processing of personal data;
to appeal the actions or omissions of the operator to the authorized body or to the court;
to exercise other rights stipulated by the legislation of the Russian Federation.
Personal data protection measures

9.1. The Company takes the necessary organizational and technical measures to protect personal data, including:

identification of personal data security threats;
development and implementation of local acts on processing and protection of personal data;
restriction of access to personal data;
the use of antivirus tools and firewalls;
data backup;
monitoring compliance with safety requirements.
Final provisions

10.1. This Policy is an internal document of the Company and is binding on all employees.

10.2. The Policy comes into force from the moment of approval by the General Director and is valid indefinitely until replaced by a new edition.

10.3. Changes to the Policy are made by order of the Director General.