Phone.: +7 910 000 94 47
E-mail: kinali@kinaligroup.ru
E-mail: kinali@kinaligroup.ru
KINALI GROUP LLC
TIN 9719067667 Registration Number 1247700355110
1st Magistralnaya street, 18, building 1, Moscow, 123007
You can find us on |
We also accept orders for corporate clients - please contact us.
We look forward to serving you!
TIN 9719067667 Registration Number 1247700355110
1st Magistralnaya street, 18, building 1, Moscow, 123007
You can find us on |
We also accept orders for corporate clients - please contact us.
We look forward to serving you!
APPROVED
General Director
_________________ / A.O. Kinali
May __, 2025
PERSONAL DATA PROCESSING POLICY
of Limited Liability Company "KINALI GROUP"
May __, 2025 No. ___
Moscow
1. GENERAL PROVISIONS
1.1. This Policy of LLC "KINALI GROUP" regarding the processing of personal data (hereinafter referred to as the "Policy") is developed in compliance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of privacy, personal, and family secrets.
1.2. The Policy applies to all personal data processed by LLC "KINALI GROUP" (hereinafter referred to as the "Operator").
1.3. The Policy governs relations in the field of personal data processing arising for the Operator both before and after the approval of this Policy.
1.4. In compliance with Part 2, Article 18.1 of the Personal Data Law, this Policy is published freely on the Operator’s website on the Internet.
1.5. Terms and definitions used in the Policy correspond to their meanings as defined in the Personal Data Law.
1.6. Key Rights and Obligations of the Operator
1.6.1. The Operator has the right to:
2.1. Processing is limited to specific, predetermined, and legitimate purposes. Incompatible processing is prohibited.
2.2. Only personal data relevant to the processing purposes is processed.
2.3. Purposes include:
3.1. Legal basis includes:
4.1. Processed data must be adequate and non-excessive for stated purposes. Refusal to process non-biometric data due to lack of consent is prohibited where consent is not mandatory by law.
4.2. Categories of Data Subjects:
4.2.1. Job Candidates: Full name, gender, citizenship, birth details, contact info, education/work history.
4.2.2. Employees (current/former): Full name, gender, citizenship, photo, passport data, addresses, contacts, TIN, SNILS, education, family status, employment history, military records, alimony, income history.
4.2.3. Clients/Contractors (Individuals): Full name, birth details, passport data, address, contacts, position, TIN, bank account.
4.2.4. Representatives of Clients/Contractors (Legal Entities): Full name, passport data, contacts, position.
4.3. Biometric data is processed per Russian law.
4.4. Special categories (race, politics, religion, health, intimate life) are not processed, except where required by law.
5. PROCEDURE AND CONDITIONS FOR PROCESSING
5.1. Processing complies with Russian law.
5.2. Requires consent unless exempted by law.
5.3. Processing Methods: Non-automated, automated (with/without network transmission), mixed.
5.4. Only authorized employees process data.
5.5. Data Collection: Directly from subjects (orally/written); entry into logs/registries/systems.
5.6. Disclosure to third parties requires consent, except where federal law permits. Consent for "data dissemination" must be separate.
5.7. Data may be transferred to investigative bodies, tax authorities, Social Fund, etc., per law.
5.8. Security Measures: Threat assessment; internal regulations; appointment of responsible persons; secure storage conditions; staff training.
5.9. Storage Period: Only as long as necessary for purposes or as required by law/contract.
5.9.1. Paper records stored per archival legislation.
5.9.2. Digital records stored equally to paper records.
5.10. Termination of Processing: If unlawful processing is detected (within 3 days); purpose achieved; consent expired/withdrawn.
5.11. Processing stops upon purpose achievement/consent withdrawal unless exempted by law/contract.
5.12. Subjects may request termination within 10 days (extendable by 5 with notice).
5.13. Collection/processing of Russian citizens’ data must use databases located in Russia, unless exempted.
6. OTHER ACTIONS WITH PERSONAL DATA. ACCESS
6.1. Subjects may request processing details. Responses within 10 days (extendable by 5). Requests must include ID/relevant contract details/signature. Electronic requests accepted. Access may be restricted if it violates third-party rights.
6.2. Inaccurate data is blocked during verification upon subject/Roskomnadzor request. Corrected within 7 days if confirmed.
6.3. Unlawfully processed data is blocked upon subject/Roskomnadzor request.
6.4. Data Breach Response: Notify Roskomnadzor within 24 hours (details/corrective actions); provide investigation results within 72 hours.
6.5. Data Destruction:
6.5.1. Conditions/Timing: Purpose achieved/no longer needed (30 days); storage period expired (30 days); data unlawfully obtained/unnecessary (7 days); consent withdrawn (30 days).
6.5.2. Data is destroyed upon purpose achievement/consent withdrawal unless exempted by law/contract.
7. FINAL PROVISIONS
7.1. This Policy and amendments are approved by the General Director of LLC "KINALI GROUP".
7.2. All employees must read and sign for acknowledgment.
7.3. Control over compliance is assigned to the General Director.
General Director
_________________ / A.O. Kinali
May __, 2025
PERSONAL DATA PROCESSING POLICY
of Limited Liability Company "KINALI GROUP"
May __, 2025 No. ___
Moscow
1. GENERAL PROVISIONS
1.1. This Policy of LLC "KINALI GROUP" regarding the processing of personal data (hereinafter referred to as the "Policy") is developed in compliance with Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006, "On Personal Data" (hereinafter referred to as the "Personal Data Law") to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of privacy, personal, and family secrets.
1.2. The Policy applies to all personal data processed by LLC "KINALI GROUP" (hereinafter referred to as the "Operator").
1.3. The Policy governs relations in the field of personal data processing arising for the Operator both before and after the approval of this Policy.
1.4. In compliance with Part 2, Article 18.1 of the Personal Data Law, this Policy is published freely on the Operator’s website on the Internet.
1.5. Terms and definitions used in the Policy correspond to their meanings as defined in the Personal Data Law.
1.6. Key Rights and Obligations of the Operator
1.6.1. The Operator has the right to:
- Independently determine the composition and list of measures necessary and sufficient to fulfill obligations under the Personal Data Law and related regulations, unless otherwise provided by federal law;
- Entrust personal data processing to another party with the consent of the data subject, unless otherwise provided by federal law, under an agreement with such party. The processor must comply with the principles and rules of the Personal Data Law;
- Continue processing personal data without the subject’s consent if grounds specified in the Personal Data Law exist, even after withdrawal of consent.
- 1.6.2. The Operator is obliged to:
- Organize processing in accordance with the Personal Data Law;
- Respond to requests from data subjects and their legal representatives;
- Provide necessary information to Roskomnadzor (the authorized body) within 10 working days upon request (extendable by 5 days with justified notice);
- Ensure interaction with the state system for detecting, preventing, and eliminating consequences of computer attacks on Russian information resources.
- 1.7. Key Rights of the Data Subject
- 1.7.1. The data subject has the right to:
- Obtain information about the processing of their personal data (except where restricted by law);
- Demand the Operator to clarify, block, or destroy inaccurate, outdated, illegally obtained, or unnecessary data;
- Give prior consent to processing for marketing purposes;
- Appeal unlawful actions/inaction of the Operator to Roskomnadzor or in court.
- 1.8. Control over compliance with this Policy is assigned to the authorized person responsible for organizing personal data processing.
- 1.9. Liability for violations of Russian legislation and the Operator’s regulations in the field of personal data processing and protection is determined under Russian law.
2.1. Processing is limited to specific, predetermined, and legitimate purposes. Incompatible processing is prohibited.
2.2. Only personal data relevant to the processing purposes is processed.
2.3. Purposes include:
- Ensuring compliance with the Russian Constitution, federal laws, and regulations;
- Conducting business activities;
- Maintaining personnel records;
- Assisting employees in employment, education, and career advancement; ensuring personal safety; monitoring work quality; safeguarding property;
- Recruiting candidates;
- Registering employees in the mandatory pension insurance system;
- Submitting reports to executive authorities;
- Concluding and executing civil contracts;
- Maintaining accounting records.
- 2.4. Employee data processing is solely for ensuring legal compliance.
3.1. Legal basis includes:
- The Russian Constitution;
- Civil Code; Labor Code; Tax Code;
- Federal Laws: No. 152-FZ "On Personal Data", No. 149-FZ "On Information", No. 14-FZ "On LLCs", No. 402-FZ "On Accounting", No. 167-FZ "On Pension Insurance";
- Government Resolution No. 1119 (security requirements for information systems);
- Other applicable regulations;
- Contracts with data subjects;
- Consent of data subjects.
4.1. Processed data must be adequate and non-excessive for stated purposes. Refusal to process non-biometric data due to lack of consent is prohibited where consent is not mandatory by law.
4.2. Categories of Data Subjects:
4.2.1. Job Candidates: Full name, gender, citizenship, birth details, contact info, education/work history.
4.2.2. Employees (current/former): Full name, gender, citizenship, photo, passport data, addresses, contacts, TIN, SNILS, education, family status, employment history, military records, alimony, income history.
4.2.3. Clients/Contractors (Individuals): Full name, birth details, passport data, address, contacts, position, TIN, bank account.
4.2.4. Representatives of Clients/Contractors (Legal Entities): Full name, passport data, contacts, position.
4.3. Biometric data is processed per Russian law.
4.4. Special categories (race, politics, religion, health, intimate life) are not processed, except where required by law.
5. PROCEDURE AND CONDITIONS FOR PROCESSING
5.1. Processing complies with Russian law.
5.2. Requires consent unless exempted by law.
5.3. Processing Methods: Non-automated, automated (with/without network transmission), mixed.
5.4. Only authorized employees process data.
5.5. Data Collection: Directly from subjects (orally/written); entry into logs/registries/systems.
5.6. Disclosure to third parties requires consent, except where federal law permits. Consent for "data dissemination" must be separate.
5.7. Data may be transferred to investigative bodies, tax authorities, Social Fund, etc., per law.
5.8. Security Measures: Threat assessment; internal regulations; appointment of responsible persons; secure storage conditions; staff training.
5.9. Storage Period: Only as long as necessary for purposes or as required by law/contract.
5.9.1. Paper records stored per archival legislation.
5.9.2. Digital records stored equally to paper records.
5.10. Termination of Processing: If unlawful processing is detected (within 3 days); purpose achieved; consent expired/withdrawn.
5.11. Processing stops upon purpose achievement/consent withdrawal unless exempted by law/contract.
5.12. Subjects may request termination within 10 days (extendable by 5 with notice).
5.13. Collection/processing of Russian citizens’ data must use databases located in Russia, unless exempted.
6. OTHER ACTIONS WITH PERSONAL DATA. ACCESS
6.1. Subjects may request processing details. Responses within 10 days (extendable by 5). Requests must include ID/relevant contract details/signature. Electronic requests accepted. Access may be restricted if it violates third-party rights.
6.2. Inaccurate data is blocked during verification upon subject/Roskomnadzor request. Corrected within 7 days if confirmed.
6.3. Unlawfully processed data is blocked upon subject/Roskomnadzor request.
6.4. Data Breach Response: Notify Roskomnadzor within 24 hours (details/corrective actions); provide investigation results within 72 hours.
6.5. Data Destruction:
6.5.1. Conditions/Timing: Purpose achieved/no longer needed (30 days); storage period expired (30 days); data unlawfully obtained/unnecessary (7 days); consent withdrawn (30 days).
6.5.2. Data is destroyed upon purpose achievement/consent withdrawal unless exempted by law/contract.
7. FINAL PROVISIONS
7.1. This Policy and amendments are approved by the General Director of LLC "KINALI GROUP".
7.2. All employees must read and sign for acknowledgment.
7.3. Control over compliance is assigned to the General Director.
