Privacy Policy — thepoemstudio.com

The poem studio's policy on processing and protecting personal data of subjects

1. GENERAL PROVISIONS

1.1. The policy of "the poem studio" (hereinafter referred to as the organization) regarding the processing of personal data (hereinafter referred to as the Policy) defines the main purposes and legal grounds for the processing of personal data, the lists of subjects and personal data processed by the organization, the procedure, conditions, methods and principles of processing personal data, the rights of subjects of personal data, the obligations of the organization when processing personal data, as well as the requirements for the protection of personal data implemented by the organization.

1.2. The policy has been developed taking into account the requirements of legislative and other regulatory legal acts of the Republic of Belarus in the field of personal data.

1.3. The following terms and their definitions are used in this Policy:

Automated processing of personal data is the processing of personal data using computer technology.

Blocking personal data is the termination of access to personal data without deleting it.

Confidentiality of personal data is a mandatory requirement for the operator or other person who has gained access to personal data to prevent their dissemination without the consent of the subject of the personal data or the presence of other legal grounds.

Non-automated processing of personal data is the processing of personal data with the direct participation of a person.

Anonymization of personal data is an action that makes it impossible to determine the ownership of personal data by a specific personal data subject without the use of additional information.

Processing of personal data is any action (operation) or set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, modification, use, depersonalization, blocking, distribution, provision, and deletion of personal data.

Operator (of personal data) — Individual Entrepreneur Virko S.Yu., UNP 291375768.

Personal data is any information relating to an identifiable or identifiable individual.

Provision of personal data is an action aimed at familiarizing oneself with the personal data of certain persons or a group of persons.

Dissemination of personal data is an action aimed at making personal data available to an indefinite number of persons.

Personal data subject – an individual in relation to whom personal data is processed

Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state

Deletion of personal data is an action that makes it impossible to restore personal data in information resources (systems) containing personal data, and/or that results in the destruction of tangible media containing personal data.

An identifiable natural person is a natural person who can be directly or indirectly identified, in particular by reference to his surname, first name, patronymic, date of birth, identification number or one or more features specific to his physical, psychological, mental, economic, cultural or social identity.

The policy is determined in accordance with the following regulatory legal acts and documents of authorized government bodies:

— Constitution of the Republic of Belarus;

— Labor Code of the Republic of Belarus;

— Law of the Republic of Belarus of November 10, 2008 No. 455-Z "On Information, Informatization, and Information Protection"«

— Law of the Republic of Belarus dated 07.05.2021 No. 99-Z "On the Protection of Personal Data";

— Decree of the President of the Republic of Belarus dated October 28, 2021 No. 422 «On measures to improve the protection of personal data»;

The organization processes personal data:

— using automation tools;

— without the use of automation tools, but at the same time their search and (or) access to them is carried out according to certain criteria (lists, databases, card indexes, etc.).

2. PURPOSES OF PERSONAL DATA PROCESSING

2.1. The Organization processes personal data for the following purposes:

· maintaining a database of candidates for vacant positions, reviewing resumes, conducting questionnaires for candidates and verifying the accuracy of the information provided by the candidate for the selection of personnel for vacant positions and subsequent employment in the organization;

· preparation of powers of attorney and other documents for representing the interests of the organization in relations with third parties (including business trips);

· assistance in training and professional development, control over the quantity and quality of work performed, ensuring the safety of property;

· verification of the counterparty’s reliability, preparation and submission of commercial proposals (including for participation in tenders), approval and preparation for execution, execution, modification, termination and execution of transactions (including confidentiality agreements), verification of the powers of persons authorized to conclude transactions;

· ensuring compliance with legislation and non-regulatory legal acts;

· accrual of wages, calculation, withholding and transfer of income tax, insurance premiums and other payments, preparation of reports, assignment and payment of pensions, benefits;

· formation of reference materials for internal information support of the organization’s activities;

· posting information in information materials on the official website of the organization on the Internet;

· use of personal data for advertising and marketing purposes, including sending notifications, commercial offers, informational and advertising messages related to the activities of the organization to the subject of personal data;

· issue, renewal, use of an electronic digital signature;

· collecting information through feedback forms, surveys, interviews, tests, collecting statistical information, administering the organization’s website, registering and maintaining accounts on the organization’s website;

· implementing communications with personal data subjects, processing requests and inquiries received from personal data subjects;

· assessment of the quality of manufactured goods, completed works, and rendered services;

· implementation of social projects.

3. LEGAL BASIS FOR PERSONAL DATA PROCESSING

3.1. The processing of personal data is carried out with the consent of the personal data subject, and in cases stipulated by the Law of the Republic of Belarus dated 07.05.2021 No. 99-Z "On the Protection of Personal Data" and other legislative acts, and without such consent.

4. LIST OF SUBJECTS WHOSE PERSONAL DATA ARE PROCESSED

4.1. The organization processes personal data of the following categories of subjects:

candidates for vacant positions;
employees of the organization, former employees, their spouses and close relatives;
representatives of counterparties-legal entities;
counterparties who are individuals, including sole proprietors;
persons who submitted an appeal to the organization;
visitors to the organization's website;
members of the organization, their legal representatives;
representatives of potential counterparties of the organization.

5. LIST OF PERSONAL DATA PROCESSED IN THE ORGANIZATION

5.1. The list of personal data processed by the organization is determined in accordance with the legislation of the Republic of Belarus and local regulations of the organization, taking into account the purposes of processing personal data specified in Section 2 of this Policy.

5.2. The organization processes the following personal data of personal data subjects:

Last name, first name, patronymic (if any) (including previous last names, first names and/or patronymics if they have changed), date of birth, details of the identity document, identification number, details of the social security certificate;

UNP, photo, citizenship, place of work, position, income information, contact information (phone number, email address, address of residence and place of stay), education information (including special skills (e.g.: driving experience and driver's license, etc.), place of study, faculty, specialty, year and month of graduation, level of foreign language proficiency, information contained in the resume, information about work experience, biographical information (including place of birth), information about health status, information about family composition and immediate relatives and documents confirming this data, military service, bank details (checking account, BIC), electronic signature (if available), information contained in the application, IP address, cookies.

5.3. The organization does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, or intimate life.

6. PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL DATA

6.1. The processing of personal data in the organization is carried out with the consent of the personal data subject to the processing of his personal data, unless otherwise provided by the legislation of the Republic of Belarus in the field of personal data.

6.2. The Organization collects, systematizes, stores, modifies, uses, provides, distributes, depersonalizes, blocks, and deletes personal data.

6.3. The processing of personal data is carried out both with and without the use of automation tools.

6.4. The Organization shall not provide personal data to third parties or distribute it without the consent of the personal data subject, unless otherwise provided by law.

6.5. The Organization has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by law, on the basis of an agreement concluded with that person. The agreement must contain a list of actions (operations) with personal data that will be performed by the person processing the personal data, the purposes of the processing, the obligation of such person to maintain the confidentiality of the personal data and ensure the security of the personal data during its processing, as well as requirements for the protection of the personal data being processed.

6.6. For the purposes of internal information support, the organization may create internal reference materials, which, with the written consent of the personal data subject, unless otherwise provided by the legislation of the Republic of Belarus, may include his last name, first name, patronymic, place of work, position, subscriber number, e-mail address, photo and other personal data provided by the personal data subject.

6.7. Access to personal data is limited in accordance with legislative acts and local regulations of the organization.

6.8. Personal data may be processed:

employees of the organization holding positions included in the List of departments and officials authorized to process personal data in the organization;
an authorized person processing personal data on behalf of the organization.

6.9. Employees of the organization who have received access to personal data undertake obligations to ensure the confidentiality and security of the processed personal data, which are defined by the employment contract, job descriptions, and local regulations of the organization on the processing of personal data.

6.10. The processing of personal data by third parties may only be carried out on the basis of a relevant agreement with the organization, in compliance with the requirements of paragraph 6.5. of this Policy.

6.11. Access of representatives of state bodies to personal data is regulated by the current legislation of the Republic of Belarus.

6.12. Personal data of employees of the organization may be provided to third parties only with the written consent of the employee, except in cases stipulated by the current legislation of the Republic of Belarus.

6.13. Cross-border transfer of personal data is prohibited if the territory of a foreign state does not ensure an adequate level of protection of the rights of personal data subjects, except in cases where:

— the consent of the personal data subject is given, provided that the personal data subject is informed of the risks arising from the lack of an adequate level of protection;

— personal data were obtained on the basis of an agreement concluded (being concluded) with the subject of personal data, for the purpose of performing the actions established by this agreement;

— personal data may be obtained by any person by sending a request in the cases and manner provided for by law;

— such transfer is necessary to protect the life, health or other vital interests of the subject of personal data or other persons, if obtaining the consent of the subject of personal data is impossible;

— the processing of personal data is carried out within the framework of the implementation of international treaties of the Republic of Belarus;

— such transfer is carried out by the financial monitoring body for the purpose of taking measures to prevent the laundering of proceeds from crime, the financing of terrorist activities and the financing of the proliferation of weapons of mass destruction in accordance with the law;

— the relevant permission has been received from the authorized body for the protection of the rights of personal data subjects.

6.14. A person authorized by an organization to process personal data, before transferring personal data of personal data subjects to the territory of a foreign state, is obliged to ensure that the conditions stipulated in paragraph 6.13. of this Policy are met.

7. PERIODS OF PROCESSING, INCLUDING STORAGE, OF PERSONAL DATA

7.1. The processing periods, including storage periods, of personal data of the organization's employees and other subjects of personal data on paper and other tangible media, as well as in personal data information systems, are determined by the organization in accordance with the legislation of the Republic of Belarus.

7.2. If the processing periods for personal data are not established by law, their processing and storage shall be carried out no longer than required by the purposes of processing, including storage, of the personal data.

7.3. The organization ceases to process personal data if:

the purpose of processing, including storage, of personal data has been achieved or the need to achieve the purpose has passed;
the consent of the subject has expired or the subject has revoked consent to the processing of personal data and the organization has no other grounds for processing personal data provided for by the legislation of the Republic of Belarus;
unlawful processing of personal data was detected;
The organization's activities have been terminated.

8. PRINCIPLES OF PERSONAL INFORMATION PROCESSING

8.1. The processing of personal data in the organization is carried out taking into account the need to ensure the protection of the rights and freedoms of the organization's employees and other subjects of personal data, including the protection of the right to privacy, personal and family secrets, based on the following principles:

the processing of personal data is carried out on a lawful and fair basis;
the processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes;
Processing of personal data incompatible with the stated purposes of processing is not permitted. If it is necessary to change the originally stated purposes of processing personal data, the operator is obliged to obtain the consent of the personal data subject to the processing of their personal data (hereinafter, the consent of the personal data subject) in accordance with the changed purposes of processing personal data, in the absence of other grounds for such processing provided for by the Law "On the Protection of Personal Data" and other legislative acts.
Only personal data that meet the purposes of their processing are subject to processing;
The content and volume of personal data processed correspond to the stated purposes of processing. Excessive amounts of processed personal data in relation to the stated purposes of processing are not permitted;
The personal data processed must be reliable and, if necessary, subject to updating;
the storage of personal data must be carried out in a form that allows identification of the subject of personal data, no longer than required by the stated purposes of processing personal data;

9. COMPLIANCE WITH THE RIGHTS OF PERSONAL DATA SUBJECTS

9.1. The subject of personal data, whose personal data is processed in the organization, has the right to receive information regarding the processing of his personal data, including:

confirmation of the fact that his personal data is being processed by the organization;
legal grounds and purposes of processing personal data;
his personal data and the source from which he obtained it;
the period for which his consent is given;
the name or surname, first name, patronymic and address of the person processing personal data on behalf of the organization, if the processing is or will be entrusted to such person;
on the provision of your personal data to third parties once per calendar year free of charge
other information provided by law.

9.2. A personal data subject has the right to request that the organization amend their personal data if the personal data is incomplete, outdated, or inaccurate. For these purposes, the personal data subject submits an application accompanied by relevant documents and/or duly certified copies of documents confirming the need to amend the personal data.

9.3. In the event of receiving a corresponding application from the personal data subject, the organization is obliged, within the time period established by law:

provide the subject of personal data in an accessible form with the information specified in clause 9.1. of this Policy, or notify of the reasons for refusing to provide it;
make changes to the personal data of the subject and notify the subject of the personal data of this or notify him of the reasons for refusing to make such changes.;
Terminate the processing of personal data, including its deletion, if there are no grounds for processing the personal data stipulated by the legislation of the Republic of Belarus, and notify the personal data subject accordingly. The Organization has the right to refuse the personal data subject's requests to cease processing their personal data and/or delete them if there are grounds for processing the personal data stipulated by law, with notification of this to the personal data subject.

9.4. To respond to the personal data subject's application, the organization may request additional information confirming the personal data subject's participation in relations with the organization (contract number, date of conclusion, other information), or information otherwise confirming the fact that the personal data of the subject is being processed by the organization.

9.5. The personal data subject shall exercise his/her rights by submitting an application in writing or in the form of an electronic document; in cases stipulated by legislative acts, the personal presence of the personal data subject and presentation of an identity document is mandatory.

The application of the personal data subject must contain:

- his last name, first name, patronymic (if any), address of place of residence (place of stay);

— date of birth;

— identification number, or, if none is available, the number of the identity document, in cases where this information was indicated by the personal data subject when giving his or her consent to the organization or the processing of personal data is carried out without the consent of the personal data subject;

- a statement of the essence of the requirements

- personal signature or electronic digital signature.

10. RESPONSIBILITIES OF THE ORGANIZATION WHEN PROCESSING PERSONAL DATA

10.1. When processing personal data, the organization is obliged to:

10.1.1. Obtain consent from personal data subjects for the processing of their personal data, except in cases stipulated by the legislation of the Republic of Belarus;

10.1.2. explain to the subject of personal data his rights related to the processing of personal data;

10.1.3. ensure the protection of personal data during their processing;

10.1.4. provide the subject of personal data with information about his personal data, as well as about the provision of his personal data to third parties, except for cases stipulated by the legislation of the Republic of Belarus;

10.1.5. make changes to personal data that are incomplete, outdated or inaccurate, except in cases where a different procedure for making changes to personal data is established by legislative acts or if the purposes of processing personal data do not require subsequent changes to such data;

10.1.6. stop processing personal data, as well as delete or block them (ensure that the processing of personal data is stopped, as well as their deletion or blocking by an authorized person) in the absence of grounds for processing personal data provided for by legislative acts;

10.1.7. notify the authorized body for the protection of the rights of personal data subjects of violations of personal data protection systems immediately, but no later than three working days after the organization became aware of such violations, except for cases stipulated by the authorized body for the protection of the rights of personal data subjects;

10.1.8. to change, block or delete inaccurate or illegally obtained personal data of the personal data subject at the request of the authorized body for the protection of the rights of personal data subjects, unless another procedure for making changes to personal data, blocking or deleting them is established by legislative acts;

10.1.9. comply with other requirements of the authorized body for the protection of the rights of personal data subjects to eliminate violations of personal data legislation;

10.1.10. perform other duties provided for by legislative acts.

11. PROCESSING OF PERSONAL DATA USING THE COMPANY'S WEBSITE

11.1. The Organization may process personal data of visitors to the Organization's official website for the purpose of collecting information through feedback forms, collecting statistical information, and administering the website.

11.2. By providing personal data to an organization through the organization's official website on the Internet, the subject of personal data consents to the processing of his or her personal data under the terms and conditions stipulated by this Policy and agrees to the Terms of Use of the organization's website.

12. PROTECTION OF PERSONAL DATA

12.1. The Organization ensures the security of personal data in accordance with the procedure established by the current legislation of the Republic of Belarus in the field of personal data.

12.2. The security of personal data in an organization is ensured by the adoption of legal, organizational, and technical measures to ensure the protection of personal data from unauthorized or accidental access, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other illegal actions in relation to personal data.

13. INTERNAL CONTROL

13.1. In order to verify the compliance of personal data processing in the structural divisions of the organization with the legislation of the Republic of Belarus and local regulatory acts of the organization in the field of personal data, including the requirements for the protection of personal data, as well as the measures taken aimed at preventing and detecting violations of the legislation of the Republic of Belarus in the field of personal data, identifying possible channels of leakage and unauthorized access to personal data, eliminating the consequences of such violations, the organization may conduct internal control of the compliance of the processes of processing and protecting personal data with the requirements of regulatory legal acts of the Republic of Belarus in accordance with the annual plan for the implementation of internal control.

14. LIABILITY FOR VIOLATION OF RULES GOVERNING THE PROCESSING AND PROTECTION OF PERSONAL DATA OF PERSONAL DATA SUBJECTS

14.1. Persons guilty of violating the provisions of the legislation of the Republic of Belarus and local regulations of the organization in the field of personal data shall bear liability as provided for by the legislative acts of the Republic of Belarus.

14.2. Moral damages caused to a personal data subject as a result of the violation of their rights established by Law of the Republic of Belarus No. 99-Z of May 7, 2021, "On the Protection of Personal Data" are subject to compensation. Compensation for moral damages is provided regardless of compensation for property damages and losses incurred by the personal data subject.

15. FINAL PROVISIONS

15.1. This Policy is publicly available. Unrestricted access to this Policy is ensured by its publication on the organization's official website on the Internet.