1.2. This Regulation has been developed in accordance with the requirements of the Labor Code of the Russian Federation, Federal Law of July 27, 2006 No. 152-ФЗ “On Personal Data” and defines a system for processing and protecting personal data of an employee obtained in the course of business activities and necessary in connection with labor relations . Employee personal data - information necessary for the employer in connection with an employment relationship regarding a specific employee. Processing of personal data of an employee - receipt, storage, combination, transfer or any other use of personal data of an employee.
2. LIST OF DOCUMENTS AND INFORMATION CONTAINING WORKER'S PERSONAL DATA
- a passport or other identification document that contains information about his passport data, place of registration (place of residence), marital status;
- a work book that contains information about the work activity of the employee;
- An insurance certificate of state pension insurance, which contains information about the number and series of the insurance certificate;
- certificate of registration with the tax authority, which contains information about the taxpayer identification number;
- a document on education, qualifications or the availability of special knowledge containing information about education, profession;
- military registration documents that contain information about the military registration of persons liable for military service and persons subject to conscription.
2.2. The list of documents and information containing personal data includes:
- education;
- information on labor and general experience;
- information about the previous place of work;
- information about the composition of the family;
- passport data;
- information about military registration:stock category
- military rank;
- composition (profile);
- full code designation VUS;
- category of fitness for military service;
- name of the military commissariat at the place of residence;
- whether it is registered with the military;
- information about the salary of the employee;
- information about social benefits;
- specialty;
- position held;
- salary;
- the presence of a criminal record;
- address of place of residence and registration;
- home phone;
- content of the employment contract;
- the contents of the declaration submitted to the tax office;
- originals and copies of orders on personnel;
- personal files and work books of employees;
- grounds for orders on personnel;
- cases containing materials for advanced training and retraining of employees, their certification, official investigations;
- copies of reports sent to statistical authorities;
- copies of education certificates;
- the results of a medical examination for suitability for the implementation of labor duties;
- photographs and other information related to the personal data of the employee;
- recommendations, specifications, etc.
3. GENERAL REQUIREMENTS FOR PROCESSING PERSONAL DATA AND WARRANTY OF THEIR PROTECTION
3.1. The processing of personal data of an employee is carried out solely for the purpose of ensuring laws and other regulatory legal acts, assisting an employee in finding a job, training and promotion, ensuring the personal safety of an employee, preserving property, controlling the quantity and quality of work performed.
3.2. All personal data of the employee is transferred to him personally. If the personal data of the employee can only be obtained from a third party, then the employer must notify the employee in advance and written consent must be obtained from him. The employer must inform the employee about the goals, sources and methods of obtaining personal data, as well as the nature of the personal data to be received.
3.3. The employer does not have the right to receive and process the personal data of the employee about his political, religious and other beliefs and private life. In cases directly related to labor relations, in accordance with Article 24 of the Constitution of the Russian Federation, the employer has the right to receive and process data on the employee’s private life only with his written consent.
3.4. When making decisions affecting the interests of the employee, the employer does not have the right to be based on the personal data of the employee obtained solely as a result of their automated processing or electronic receipt.
3.5. Protection against unlawful use of the employee’s personal data is provided by the employer at his own expense in the manner prescribed by federal law.
3.6. The employee must be familiar with this Regulation for signature.
4.1. Personal data in paper form is stored in a safe. The key to the safe is kept by the employee responsible for personnel records. 4.2. Personal data on electronic media is stored in the 1C: Salary and Personnel program. Access to the program within their competence are accountants. Logging into the program is carried out only by entering the user's personal password. 4.3. Admission to the employee’s personal data is allowed only to those officials who need personal data in economic activity according to the List of specially authorized persons (Appendix 1).
4.4. From the employees responsible for the storage of personal data, as well as employees who own personal data by virtue of their duties, undertakes to not disclose confidential information about the personal data of employees.
4.5. External access to the personal data of employees is provided by the control and audit bodies, if there are documents on the basis of which they conduct an audit. Remotely personal data of employees can be submitted to the supervisory authorities only upon written request.
4.6. Automated processing and storage of personal data of employees is allowed only after the implementation of all basic measures to protect information.
4.7. The premises in which personal data of employees are stored must be protected from unauthorized access
5. RULES FOR TRANSFER OF PERSONAL DATA OF EMPLOYEES
5.1. When transferring personal data of an employee, the person responsible for storing personal data must comply with the following requirements:
- not to disclose the personal data of the employee without his written consent, unless it is necessary to prevent threats to the life and health of the employee, as well as in cases established by federal law;
- to warn the persons who received the employee’s personal data that these data can only be used for the purposes for which they were communicated, and to require confirmation from these persons that this rule has been observed;
- not to disclose personal data of the employee for commercial purposes;
- not to request information about the health status of the employee, except for information that relates to the issue of the possibility of the employee performing a labor function.
5.2. The employer has the right to transfer the personal data of the employee within the same organization in accordance with this Regulation, with which the employee is acquainted on receipt.
5.3. The employer has the right to transfer the personal data of the employee to the employee’s representative in the manner prescribed by the Labor Code of the Russian Federation, and limit this information only to the personal data of the employee that is necessary for the specified representative to perform his functions.
- full information about their personal data and the processing of this data;
- free, free access to these data, including the right to receive copies of any record containing the personal data of the employee;
- on the requirement to exclude or correct incorrect or incomplete personal data processed in violation of the Labor Code of the Russian Federation and this Regulation;
- on the requirement for the employer to notify all persons who previously reported incorrect or incomplete personal data of the employee about all the exceptions, corrections or additions made to them;
- to determine their representatives to protect their personal data;
- to appeal against unlawful actions or inaction of the employer to the court when processing and protecting the personal data of the employee.
7.1. For violation of the rules governing the receipt, processing and protection of personal data of an employee, the perpetrators are liable in accordance with federal laws:
- disciplinary;
- administrative;
- civil law;
- criminal.
7.2. An employee who has submitted false documents or knowingly false information about himself to the employer bears disciplinary liability.
8. FINAL PROVISIONS
8.1. This Regulation shall enter into force upon its approval.
8.2. The provision is mandatory for all employees of the organization.
It is approved by the order on GAUZ RB VHI "Ural" No. 81-A from 12/29/2012.
Developed by: leading personnel specialist A. Gubaydullina