1.1 This Public Policy on Processing of Personal Data of the Association of Volunteer Centers (hereinafter – the Policy) is developed in accordance with the requirements of the Federal Law “On Personal Data”.
1.2 This Policy applies to all processes of personal data processing, both with and without the use of means of automation, to all structural units and employees involved in such processes, as well as to information systems used in the processes of personal data processing.
Principles and rules of personal data processing
2.1 JamesArk processes personal data in a lawful and fair manner and is limited to achieving specific, predetermined and legitimate purposes. Only personal data that meets the purposes for which it is processed shall be processed. The content and scope of the personal data processed by JamesArk are consistent with the stated processing purposes, and no redundancy in the processed data is permitted.
2.2 When processing personal data, JamesArk ensures that the personal data is accurate, sufficient and, where necessary, up-to-date in relation to the purposes for which the personal data are processed. JamesArk takes appropriate steps to delete or clarify incomplete or inaccurate personal data.
2.3 JamesArk shall store personal data in a form that identifies the subject of the personal data for no longer than is required by the purposes of personal data processing, unless the retention period for the personal data is established by federal law, a regulatory legal act, an agreement to which the subject of personal data is a party, a beneficiary or a guarantor. Processed personal data shall be destroyed or depersonalized upon attainment of the processing objectives, unless otherwise provided by the federal law.
2.4 JamesArk processes personal data both by automated means in personal data information systems and without the use of automated means (on paper).
2.5 JamesArk does not make decisions regarding the subject of personal data based solely on automated processing.
2.6 With the written consent of the subject of personal data, JamesArk publishes their contact data (full name, job title, work telephone number, e-mail, etc.) in publicly available sources for the purpose of communication in the course of its activities.
2.7 No cross-border transfer of personal data to JamesArk.
Categories of Personal Data Processed at JamesArk
3.1 JamesArk does not process special categories of personal data relating to the race, ethnicity, political views, religious or philosophical beliefs, and intimate lives of subjects of personal data.
3.2 JamesArk may process employee health information for purposes of compliance with labor, state social assistance and pension law.
3.3 James Ark does not process biometric personal data (special biometric photographs). If necessary, such processing is carried out only with the written consent of the subject of personal data.
3.4 The list of categories of personal data subjects whose data is processed at JamesArk, the composition of such data, the purposes and legal basis for processing are defined in the “List of Personal Data Processed at JamesArk”
Authorization for processing of personal data
4.1 JamesArk has the right to assign processing of personal data to others with the consent of the personal data subject in accordance with the Article of the Federal Law “On Personal Data.”
Implemented personal data security measures
5.1 JamesArk has implemented the following personal data security measures:
a) a person responsible for the security of personal data has been appointed;
b) a system of personal data protection of personal data information systems has been created;
c) organized the security regime of the premises where personal data processing is carried out, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have the right to access these premises;
d) the procedure of granting access to personal data processing and granting access to personal data information systems has been defined;
e) the registration of the personal data storage media has been organized;
f) the protection of material (paper) carriers of personal data has been ensured;
g) the damage which might be caused to the subject of personal data in case of violation of the Federal Law “on personal data” has been assessed;
h) detection of the facts of unauthorized access to personal data and taking measures on such facts;
i) provides recovery of personal data, modified or destroyed as a result of unauthorized access to them;
j) conducts periodic checks of compliance with the order of processing and security of personal data.