POLICY RKS-NR LLC
regarding the processing of personal data
1.1. This document defines the policy of RKS-NR Limited Liability Company (hereinafter referred to as the Organization, the Operator) in the field of processing personal data (hereinafter referred to as the Policy) and has been developed in pursuance of subparagraph 2. part 1 of Article 18.1. of the Federal Law of the Russian Federation dated July 27, 2006 "On Personal Data" No. 152-FZ (hereinafter referred to as the Federal Law "On Personal Data").
1.2. The Organization's Policy is aimed at ensuring the protection of the rights of subjects when processing their personal data in the Organization.
1.3. The procedure for processing personal data of subjects is established in the regulation on the protection and procedure for processing personal data of subjects in RKS-NR LLC and the rules for using the rks-nr.com website.
2.1. Full name: RKS-NR Limited Liability Company
2.2. Abbreviated name: RKS-NR LLC
2.3. Address: 125167, Moscow, Leningradsky Prospekt, 47, building 3, tel.: +7 (495) 147-22-33, official website: https://rks-nr.com
3.1. The organization processes personal data of the following personal data subjects:
- Individuals in accordance with the purpose of personal data processing specified in paragraph 4.1.;
3.2. The organization processes the following categories of personal data:
-
Full name;
-
Date and place of birth;
-
Passport details;
-
SNILS, INN;
-
Registration and residential address;
-
Contact details (phone, e-mail);
-
Data contained in contracts, applications and other documentation.
Special categories of personal data and biometric personal data are not processed.
4.1. Processing of personal data is carried out on the basis of:
-
Consent of the subject of personal data, which the subject provides by putting a consent mark in the data collection form;
-
Processing is necessary to fulfill the obligations stipulated by federal laws, as well as to exercise the powers imposed on the operator by regulatory acts;
-
Processing is necessary to fulfill the obligations imposed on the operator for the performance of the Agreement to which the subject is a party;
-
Processing is necessary to implement the rights and legitimate interests of the operator or third parties, provided that this does not violate the rights and freedoms of the subject of personal data.
5.1. The Organization processes personal data based on the following principles:
-
personal data must be processed on a lawful and fair basis;
-
personal data must be processed limited to achieving specific, predetermined and lawful purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted;
-
combining databases containing personal data that are processed for purposes that are incompatible with each other is not permitted;
-
only personal data that meet the purposes of their processing shall be processed;
-
the content and volume of personal data being processed shall correspond to the stated purposes of processing. The personal data being processed shall not be excessive in relation to the stated purposes of their processing;
-
when processing personal data, the accuracy of the personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of personal data processing shall be ensured. The organization shall take the necessary measures (or ensure their adoption) to delete or clarify incomplete or inaccurate data;
-
personal data shall be stored in a form that makes it possible to identify the subject of the personal data, for no longer than required for the purposes of personal data processing, unless the storage period for personal data is established by federal law or an agreement to which the subject of the personal data is a party. The personal data being processed shall be subject to destruction or depersonalization upon achievement of the purposes of processing or in the event of loss of need to achieve these purposes, unless otherwise provided by federal law.
6.1. The Organization as an operator processes personal data for the following purposes:
-
implementation of the subject and purposes of the activity, provision of services in accordance with the types of activity of the Organization;
-
execution and execution of contractual, pre-contractual relations;
-
compliance with the requirements of the legislation of the Russian Federation regulating the activities of legal entities;
-
protection of the legal rights and interests of the Organization;
-
ensuring the implementation of the provisions established by local acts of the Organization;
-
compliance with the requirements of the legislation and resolution of issues assigned to the Organization as an employer;
-
promotion of services, works on the market.
7.1. The subject of personal data has the rights established by Art. 14, 20, 21 of Federal Law 152.
To implement the rights, the subject can send a request:
-
Postal address: 125167, Moscow, Leningradsky Prospekt, 47, building 3;
-
Email: mail@rks-nr.ru.
The request must contain:
-
Full name and contact information of the subject;
-
Information confirming participation in legal relations with the Operator;
-
Signature (for written requests).
The request will be considered within 30 calendar days from the date of its receipt.
8.1. The subject of personal data has the right to revoke consent to processing at any time by sending a writ-ten or electronic request to the addresses specified in Section 7.1. In case of revocation of consent, processing is terminated and personal data are destroyed within a period not exceeding 30 calendar days, except for cases stipulated by Russian legislation.
9.1. Cross-border transfer of personal data to countries that do not ensure adequate protection of the rights of personal data subjects is not carried out.
In case of a change in the conditions and necessity of such transfer, the Operator will ensure compliance with the requirements of Art. 12 of Federal Law-152.
10.1. Personal data are stored no longer than required by the purposes of their processing or federal law, after which they are destroyed or depersonalized.
Destruction of data is formalized by a corresponding act.
11.1 In order to enhance the functionality of the website and provide personalized features for users, the Operator may use cookies. Cookies are small data fragments that are stored on a user's device when they visit the site.
11.2. The cookies used can be categorized as follows:
-
Technically Necessary: These ensure proper functioning of the website and its essential features without which service usage would not be possible.
-
Functional: These remember user preferences such as interface language settings.
-
Analytical: These help collect statistics about visits and website usage.
-
Marketing: These are utilized for displaying personalized advertising content.
11.3. Users have the option at any time to change their browser settings to block or delete cookies. However, restricting technically necessary cookies might lead to malfunctions in certain website functionalities.
11.4. If cookies allow direct or indirect identification of a user, these data will be processed as personal data according to this Policy.
12.1. When processing personal data, the Organization takes appropriate legal, organizational, and technical measures (both software-based and hardware-based) to protect them from unauthorized access, destruction, alteration, blocking, copying, disclosure, dissemination, and other unlawful actions.
12.2. To achieve compliance with relevant regulations, the following steps are implemented:
- Defining the list of personal data being processed within the organization.
- Identifying individuals responsible for handling personal data.
- Providing access to personal data only to authorized personnel.
- Appointing designated officers responsible for organizing personal data processing, ensuring data security conditions, preventing unauthorized access, and securing personal data safety in information systems.
- Adopting internal policies regarding personal data processing, including those aimed at preventing violations of Russian law, identifying breaches, and addressing consequences.
- Conducting risk assessments related to potential harm caused to subjects of personal data if there is non-compliance with applicable laws, comparing said risks against implemented protective measures.
- Performing internal audits to verify adherence to federal legislation concerning personal data protection, established regulatory acts, data protection requirements, and local policies.
- Determining locations where physical storage media containing personal data are processed or stored.
- Educating employees directly involved in personal data processing through training sessions or familiarizing them with relevant legislative provisions, documents outlining the organization's policy on personal data processing, and specific procedures for handling personal data.
- Utilizing software solutions compliant with personal data protection standards.
- Assessing types of threats pertinent to information systems holding personal data.
- Promptly detecting threats to personal data security and implementing corresponding preventive measures.
- Employing certified methods for evaluating the adequacy of data protection tools.
- Implementing backup copies of information resources.
- Approving lists of information systems storing personal data.
- Maintaining records of machine-readable carriers containing personal data.
- Detecting incidents of unauthorized access promptly and taking corrective action accordingly.
- Other measures consistent with Russian Federation’s legal framework.
Current version dated by 13.08.2025