Approved by order by General Director of LLC Trey Legal
1. General provisions
List of terms and definitions:
Administrative and economic activities are internal processes aimed at ensuring the ongoing provision of LLC Trey Legal’s activities with goods and material values (procurement of stationery, office equipment, consumables, household goods, communications services, etc.); to organize paperwork (maintaining archives, libraries, databases); to organize the operation of buildings, premises, territories (maintenance, cleaning, decoration and repair of premises); to organization of the workflow; to organization of financial and accounting services.
LLC Trey Legal LLC (hereinafter — Trey Legal) is a law firm that processes personal data and that determines the aims of the processing of personal data, the contents of personal data to be processed, and actions committed with personal data.
Close relatives — are relatives in a straight ascending and downward line (parents and children, grandparents and grandchildren), full-born and incomplete (having common father or mother) brothers and sisters.
A candidate is an individual applying for a vacant position at Trey Legal, whose personal data were accepted by Trey Legal.
A client is a Russian or international legal entity, an individual entrepreneur, as well as an individual having a private practice, who has concluded or intends to enter into a service contract with Trey Legal.
Processing personal data is any action (operation) or a set of actions (operations) committed by using or without the use of means of automatization with personal data, including the collection, recording, systemization, accumulation, storage, refinement (update, modification), extraction, use, transmission (dissimilation, providing access), depersonalization, blocking, deletion and destruction of personal data.
Within the framework of the Federal Law as of 27.07.2006 No. 152-Fz "On Personal Data" the following definitions are established:
Blocking personal data is a temporary halt to the processing of personal data (except if processing is necessary to clarify personal data).
The depersonalization of personal data is an action that makes it impossible to determine the identity of personal data to a particular subject without the use of additional information.
Providing personal data are actions aimed at disclosing personal data to a particular person or a certain number of persons.
Destruction of personal data are actions that make it impossible to recover the content of personal data in the information system of personal data and/or as a result of which the material media of personal data are destroyed.
The client’s representative is an individual whose personal data has been transferred to Trey Legal, who is a member of the Client’s management authorities; who owns or is a shareholder or member of the Client; acting on behalf of the Client on the basis of a proxy or specified in the card with samples of signatures and print of the client’s seal.
An employee is an individual who has entered into an employment contract with Trey Legal.
The dissemination of personal data is an action aimed at disclosing personal data to an unspecified number of persons.
The subject of personal data is an individual who is directly or indirectly defined by personal data.
1.1. The policy of processing personal data at Trey Legal (hereinafter — Policy) is developed in accordance with the Constitution of the Russian Federation, the Convention on the Protection of Individuals in relation to the automated processing of personal data (ETS No. 108, concluded in Strasbourg on 28.01.1981), the Labor Code of the Russian Federation of 30.12.2001 No. 197-Fz, with the changes and additions, the Federal Law of 27.07.2006 No. 152-Fz "On Personal Data" with changes and additions, Regulation 2016/679 of the European Parliament and the Council of the European Union "On the protection of individuals in the processing of personal data and on the free circulation of such data, as well as the abolition of Directive 95/ 46/EU (General Data Protection Regulations) " (adopted in Brussels on 27.04.2016), as well as in accordance with other federal laws and by-laws of the Russian Federation, defining the cases and features of the processing of personal data and ensuring the security and confidentiality of such information (hereinafter — Personal Data Legislation).
1.2. The Policy has been developed to comply with the requirements of the legislation in the field of processing and protection of personal data and is aimed at ensuring the protection of the rights and freedoms of the person and the citizen in the processing of his personal data at Trey Legal.
1.3. The Policy establishes:
1.3.1. personal data processing goals;
1.3.2. classification of personal data and subjects of personal data;
1.3.3. general principles for processing personal data;
1.3.4. key participants in the personal data processing management system;
1.3.5. basic approaches to personal data management.
1.4. Policy regulations are the basis for the organization of personal data processing at Trey Legal, including the development of internal regulatory documents of the 2nd and 3rd tier (regulations, methods, technology schemes, etc.) regulating the processing of personal data at Trey Legal.
1.5. The Policy regulations are binding on all Trey Legal’s employees having access to personal data.
1.6. The policy is an internal document of Trey Legal, it is publicly available and accessible on the official website of Trey Legal.
1.7. The Employees of Trey Legal are introduced to the Policy by mailing the policy via electronic document turnover system used at Trey Legal or by providing a paper carrier to the Employee.
2. Personal data processing goals
2.1. Trey Legal processes personal data for the purpose of:
2.1.1. concluding with the subject of personal data of any contracts and their further implementation;
2.1.2. conducting by Trey Legal actions, surveys, research;
2.1.3 providing the Subject of personal data with information about the services provided by Trey Legal, on the development of new products and services by Trey Legal; informing the Customer about the offers on products and services of Trey Legal;
2.1.4. personnel and employee accounting organization at Trey Legal;
2.1.5. attracting and selecting candidates for job at Trey Legal;
2.1.6. implementation of Trey Legal’s administrative and economic activities;
2.1.7. regulation of labor and relationships directly related with them.
3. Classification of Personal Data and Personal Data Subjects
3.1. Personal data includes any information relating to directly or indirectly defined or identified individual (Personal Data Subject) processed by Trey Legal to achieve predetermined goals.
3.2. Trey Legal does not process special categories of personal data relating to race and nationality, political views, religious and philosophical beliefs, intimate life, criminal records of individuals, unless otherwise established by the legislation of the Russian Federation.
3.3. Trey Legal has the right to process biometric personal data in order to identify customers and employees of Trey Legal while providing services and identification of employees and visitors entering the territory of Trey Legal.
3.4. Trey Legal processes the personal data of the following categories of Personal Data Subjects:
3.4.1. individuals who are Candidates;
3.4.2. individuals who are Employees and their close relatives;
3.4.3. individuals carrying out service work and having entered into a civil contract with Trey Legal;
3.4.4. individuals belonging to Trey Legal’s administration;
3.4.5. individuals representing the client’s interests (Customer Representatives);
3.4.6. individuals who have purchased or intend to purchase the services of Trey Legal;
3.4.7. non-customer individuals who have entered into or intend to enter into a contractual relationship with Trey Legal in connection with the implementation by the Trey Legal of administrative and economic activities;
3.4.8. individuals whose personal data were made public by them and their processing does not violate their rights and complies with the requirements set by the personal data legislation;
3.4.9. other individuals who have consented to the processing by Trey Legal of their personal data or individuals whose personal data must be processed by Trey Legal to achieve the objectives set forth by the international treaty of the Russian Federation.
4. General Principles for Personal Data Processing
4.1. Trey Legal processes personal data on the basis of general principles: