Personal Data Processing Policy1. General Provisions1.1. The Personal Data Processing Policy for clients and counterparties on the website of Resource Logistic LLC (hereinafter referred to as the “Policy”) has been developed in accordance with the Constitution, the Labor Code, Federal Law No. 152-FZ dated July 27, 2006, and other regulatory legal acts in force in the Russian Federation.
1.2. This Policy defines the procedure for the collection, recording, processing, accumulation, use, dissemination, and storage of personal data of personal data subjects, and guarantees the confidentiality of information about individuals: clients and/or representatives of client companies, counterparties and/or representatives of counterparty companies, users of the Resource Logistic LLC website who have provided their personal data to Resource Logistic LLC.
1.3. The purpose of this Policy is to protect the personal data of clients and counterparties of Resource Logistic LLC from unauthorized access and disclosure. Personal data is confidential and strictly protected information.
1.4. For the purposes of this Policy, personal data means any information directly or indirectly related to a personal data subject.
1.5. Personal data under this Policy includes:
• last name, first name, patronymic;
• gender;
• date of birth;
• place of birth;
• residential address;
• passport details;
• taxpayer identification number (TIN);
• driver’s license;
• bank account details;
• contact phone number;
• email address.
1.6. Documents containing personal data include:
• contracts for services or supply of goods with Resource Logistic LLC;
• civil law contracts for services with Resource Logistic LLC;
• transport requests;
• information from feedback forms on the official website or email newsletters of Resource Logistic LLC;
• powers of attorney and other documents containing the above data.
1.7. This Policy and any amendments thereto are approved by the General Director of Resource Logistic LLC, enacted by order, published on the official website, and made publicly available. All website users have access to the Policy.
1.8. This Policy comes into force from the moment it is published on the website.
2. Collection and Processing of Personal Data2.1. Personal data is obtained directly from clients, counterparties, or website users. The Company may obtain personal data from third parties only with the written consent of the personal data subject or in other cases предусмотренных by law.
2.2. The Company must inform the personal data subject about the purposes, intended sources, and methods of obtaining personal data, as well as the nature of the data to be obtained and the consequences of refusing to provide written consent.
2.3. The Company has no right to request personal data that is excessive for the purposes of processing.
2.4. The personal data subject provides accurate information about themselves.
2.5. Consent to the processing of personal data may be withdrawn at any time by submitting a written notice. In such a case, the Company may continue processing without consent if grounds exist under clauses 2–11 of Part 1 of Article 6, Part 2 of Article 10, and Part 2 of Article 11 of Federal Law No. 152-FZ.
3. Storage of Personal Data3.1. Resource Logistic LLC ensures protection of personal data against unlawful use or loss.
3.2. Personal data is stored electronically within a local computer network. Access is protected by a two-level password system: at the network level and at the database level. Passwords are assigned by the responsible person and provided individually.
3.3. Passwords are changed every 30 days.
3.4. Access to personal data is granted to authorized personnel only.
3.5. Copying or extracting personal data is permitted solely for official purposes with written authorization.
4. Use of Personal Data4.1. Personal data is used for interaction purposes: contract conclusion, business correspondence, subscription to newsletters, receipt of goods/services.
4.2. Data may be processed both automatically and manually. It is stored only as long as necessary.
4.3. After the expiration of storage periods, documents containing personal data are destroyed.
5. Transfer of Personal Data5.1. Transfer requires consent in written or electronic form. Electronic consent must be signed with a qualified digital signature.
5.2. Data may be transferred without consent if required by government authorities under the law.
5.3. The Company does not disclose personal data to third parties without consent.
5.4. Access is granted only to authorized persons and limited to necessary data.
6. Procedure for Destruction of Personal Data6.1. Unlawful processing must be stopped within 3 working days.
6.2. If compliance cannot be ensured, data must be destroyed within 10 working days.
6.3. The counterparty is notified of violations or destruction.
6.4. In case of unlawful or accidental data disclosure, the authorized authority must be notified:
- within 24 hours: incident details, causes, harm, corrective actions, contact person;
- within 72 hours: results of investigation and responsible parties.
6.5. Processing ceases once its purpose is achieved, followed by data destruction.
6.6. Data is destroyed after storage срок expires or other legal grounds arise.
6.7. An expert commission evaluates documents.
6.8. Destruction methods:
- paper: shredding or burning;
- electronic: deletion or physical destruction of media.
6.9. For non-automated processing: destruction act is sufficient.
6.10. For automated processing: destruction act plus system log extract is required.
7. Confidentiality Guarantees7.1. Personal data is classified as confidential and protected by law.
7.2. Subjects have the right to full information about their data.
7.3. The Company ensures unrestricted access to this Policy.
7.4. Violations entail disciplinary, administrative, civil, or criminal liability under applicable law.
