1 AREA OF USE
This Regulation is a local normative act of the Training and Training Center “Flagman” and determines the procedure for processing personal data of employees, potential listeners and listeners.
The purpose of this Regulation is to protect the personal data of employees, potential listeners and listeners from unauthorized access, misuse or loss.
2. REGULATORY REFERENCES
2.1. In this statement, references are made to the following documents:
– International Code of STCW 78 as amended (hereinafter – the STCW Convention);
– Federal Law No. 273-FZ of December 29, 2012 (as amended on July 23, 2013) “On Education in the Russian Federation” (as amended);
– The procedure for organizing and carrying out educational activities for basic vocational training programs, approved by order of the Ministry of Education and Science of the Russian Federation of 18.04.2013 No. 292 (in the current edition);
– The procedure for organizing and carrying out educational activities for additional professional programs, approved by order of the Ministry of Education and Science of the Russian Federation of 07/01/2013. No. 499 (as amended);
– Regulations on certification of crew members of sea-going vessels approved by the Order of the Ministry of Transport of Russia dated March 15, 2012 No. 62 as amended by the Order of the Ministry of Transport of Russia dated May 13, 2015 No. 167;
– Letter of the Ministry of Education and Science of Russia, the Department of State Policy in the Field of Training of Workers and Additional Professional Education, dated 09.10.2013. No. 06-735 “On additional professional education”;
– Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (last edition);
– Federal Law of July 27, 2006 No. 149-FZ “On Information, Information Technologies and Information Protection”;
– Federal Law of December 19, 2005 No. 160-FZ “On Ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automated Processing of Personal Data” (last edition);
– Order of the Ministry of Telecom and Mass Communications of the Russian Federation of November 14, 2011 No. 312 (as revised on November 24, 2014) “On approval of the Administrative Regulations for the execution by the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications of the state function of exercising state control (supervision) over the data to the requirements of the legislation of the Russian Federation in the field of personal data “;
– Decree of the President of the Russian Federation of March 17, 2008 No. 351 “On measures to ensure the information security of the Russian Federation when using information and telecommunication networks of international information exchange”;
– Decree of the President of the Russian Federation of March 6, 1997 No. 188 “On approval of the List of confidential information”;
– Decree of the Government of the Russian Federation of November 17, 2007 No. 781 “On approval of the Regulation on ensuring the security of personal data during their processing in personal data information systems”;
– “Code of the Russian Federation on Administrative Offenses” dated 30.12.2001 N 195-FZ (as amended on 01.07.2017);
– Charter of ChU DPO UTTS “FLAGMAN”;
– P-UTTS “F” -03 “Regulations on the site”;
– SSK-UTTs “F” -01 System of quality standards “Management of documented information”;
– I-UTTs “F” -01 Instruction for office work.
3. TERMS, DEFINITIONS, DESIGNATIONS AND ABBREVIATIONS
3.1. Terms and Definitions
This document uses terms and definitions:
personal data – any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
operator – a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
automated processing of personal data – processing of personal data using computer technology;
dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
blocking of personal data – a temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data);
destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
depersonalization of personal data – actions, as a result of which it becomes impossible to determine the ownership of personal data to a specific subject of personal data without using additional information;
information system of personal data – a set of personal data contained in databases and information technologies and technical means that ensure their processing.
3.2. Abbreviations and abbreviations
– MK STCW – International Code of STCW 78 as amended;
– CHU – a private institution;
– DPO – additional professional education;
– CHU DPO – a private institution of additional professional education;
– Training Center – Training and Training Center;
4. GENERAL PROVISIONS
4.1. Personal data is classified as confidential information. The confidentiality regime of personal data is removed in cases of depersonalization or after 75 years of storage period for employees of the Training and Training Center “Flagman”, and after 6 years of storage period for potential listeners and listeners, unless otherwise specified by law.
4.2. This Regulation is approved and put into effect by the order of the director and is binding on all employees who have access to the personal data of employees, potential listeners and listeners.
4.3. Changes to the Regulations are made in the manner prescribed by SSK-UTTs “F” -01.
5. CONCEPT AND COMPOSITION OF PERSONAL DATA
5.1. Personal data of an employee – information required by the employer in connection with labor relations and relating to a specific employee. Information about employees is understood as information about the facts, events and circumstances of the employee’s life, which makes it possible to identify his personality.
5.2. The personal data of a listener, a potential listener is information about the facts, events and circumstances of his life, which allows him to be identified, which are necessary for the provision of educational services by the UTC and concerning the listener, a potential listener.
5.3. Personal data includes:
– information contained in a passport or other identity document;
– information about education;
– document on the place of residence;
– information about progress;
– other information necessary for the high-quality provision of educational services.
5.4. The documents received from the employee, listener, potential listener are confidential and cannot be used by the staff of the Training Center for personal purposes. When determining the volume and content of personal data of an employee, listener, potential listener, the UTC is guided by the Constitution of the Russian Federation, federal law and this regulation.
6. PROCESSING OF PERSONAL DATA
6.1. The processing of personal data of an employee, potential listener and listener means receiving, storing, combining, transferring, depersonalizing or any other use of personal data.
6.2. The processing of personal data is carried out by the employees of the UTC solely to achieve the goals determined by written agreements between the employee, potential listener and listener – the UTC.
6.3. The purpose of processing personal data is to ensure compliance with laws and other regulatory legal acts, assist employees in employment, ensure personal safety, control the quantity and quality of work performed and ensure the safety of property, potential listeners and listeners – to receive additional professional education.
6.4. Personal data cannot be used for the purpose of causing property and moral harm to citizens, complicating the exercise of the rights and freedoms of citizens of the Russian Federation. Restricting the rights of citizens of the Russian Federation based on the use of information about their social origin, racial, national, linguistic, religious and party affiliation is prohibited and punishable in accordance with the law.
6.5. When determining the volume and content of the processed personal data of an employee, potential listener and listener, the TTC should be guided by the Constitution of the Russian Federation, the Labor Code and other federal laws.
6.6. The receipt of personal data can be carried out both by submitting them by the employee himself, and by obtaining them from other sources.
6.7. The personal data of a potential listener, listener, can be obtained through e-mail, the UTC website and provided to them by themselves.
6.8. The transfer of personal data of an employee, potential listener and listener is possible only with his written consent and in cases directly provided for by law, except for cases when it is necessary to prevent threats to life and health or in cases established by federal law.
6.9. All confidentiality measures in the collection, processing and storage of personal data apply to both paper and electronic (automated) media.
6.10. It is not allowed to answer questions related to the transfer of personal information by phone or fax.
6.11. The storage of personal data must take place in a manner that excludes their loss or their unlawful use.
6.12. When making decisions affecting the interests of an employee, listener, potential listener, UTC has no right to rely on personal data obtained solely as a result of their automated processing or electronic receipt.
7. ACCESS TO PERSONAL DATA
7.1. The right to access the personal data of an employee, listener, potential listener inside the training center is:
– director of the training center;
– the circle of persons determined by the order of the director of the training center.
7.2. The right to access the personal data of an employee, listener, potential listener outside the training center is vested in state and non-state functional structures:
– tax inspectorates
– law enforcement agencies;
– statistical bodies;
– insurance agencies;
– military registration and enlistment offices;
– social insurance bodies;
– pension funds;
– subdivisions of municipal authorities.
7.3. Supervisory authorities have access to information only in the area of their competence.
7.4. Organizations to which an employee can transfer funds (insurance companies, non-state pension funds, charitable organizations, credit institutions) can access the employee’s personal data only with his written permission.
7.5. Information about a working employee or already dismissed, a listener and a potential listener, can be provided to another organization only with a written request on the form of the Training and Training Center, with a copy of a notarized statement of the person requested.
7.6. Personal data of an employee, listener and potential listener can be provided to relatives or members of his family only with the written permission of the person himself, the information about which is requested.
7.7. In the event of a divorce, the former spouse (spouse) has the right to apply to the organization with a written request about the amount of the employee’s salary without his consent (Criminal Code of the Russian Federation).
8. PROTECTION OF PERSONAL DATA
8.1. Personal data protection is a strictly regulated and dynamic technological process that prevents violation of the availability, integrity, reliability and confidentiality of personal data and, ultimately, ensures a sufficiently reliable security of information in the process of UTC activities.
8.2. The protection of personal data of an employee, listener, potential listener from their unlawful use or loss is ensured by the UTC at its expense in the manner prescribed by federal laws.
8.3. To ensure the internal protection of personal data of employees, listeners, potential listeners, a number of measures are taken:
– limitation and regulation of the composition of employees whose functional duties require confidential knowledge;
– strict selective and reasonable distribution of documents and information between employees;
– rational placement of workers’ workplaces, which would exclude the uncontrolled use of protected information;
– the employee’s knowledge of the requirements of regulatory and methodological documents for the protection of information and the preservation of secrecy;
– the presence of the necessary conditions in the room for working with confidential documents and databases;
– determination and regulation of the composition of employees who have the right to access (enter) the premises in which the computer equipment is located;
– organization of the procedure for anonymization of personal data;
– timely detection of violations of the requirements of the authorization system of access by employees of the unit;
– educational and explanatory work with the staff of the training center to prevent the loss of valuable information when working with confidential documents;
– it is not allowed to issue personal files of employees to the workplaces of managers. Personal files can be issued to workplaces only to the director, employees determined by the order of the director of the training center, and in exceptional cases, with the written permission of the director, to the head of the structural unit.
8.4. All persons associated with the receipt, processing and protection of personal data are required to sign a non-disclosure commitment.
8.5. Whenever possible, personal data is anonymized.
9. RIGHTS AND OBLIGATIONS OF THE EMPLOYEE, LISTENER, POTENTIAL LISTENER
9.1. In order to protect personal data stored in the UTC, an employee, listener, potential listener has the right to:
– demand the exclusion or correction of incorrect or incomplete personal data;
– to free free access to your personal data, including the right to receive copies of any record containing personal data;
– supplement personal data of an evaluative nature with a statement expressing his own point of view.
9.2. An employee, listener, potential listener is obliged to:
– transfer to the employer or his representative a set of reliable, documented personal data, the composition of which is established by the Labor Code of the Russian Federation, federal laws;
– promptly inform UTC about changes in their personal data;
– determine their representatives to protect their personal data;
– to preserve and protect their personal and family secrets.
10. RESPONSIBILITY FOR DISCLOSURE OF CONFIDENTIAL INFORMATION RELATED TO PERSONAL DATA
10.1. Persons who have access to the personal data of employees, listeners and potential listeners are liable in accordance with the legislation of the Russian Federation for violation of the protection regime, processing and procedure for using this information.
10.2. A manager who allows an employee to access a confidential document is personally responsible for this permission.
10.3. Each WTC employee who receives a confidential document for work is solely responsible for the safety of the medium and the confidentiality of information.
10.4. Persons guilty of violating the rules governing the receipt, processing and protection of personal data of an employee, listener, potential listener bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.
10.5. For non-fulfillment or improper fulfillment by an employee through his fault of the duties assigned to him to comply with the established procedure for working with confidential information, the employer has the right to apply disciplinary sanctions provided for by the Labor Code.
10.6. In accordance with the Civil Code, persons who have obtained information constituting an official secret by illegal methods are obliged to compensate for the losses caused, and the same obligation is imposed on employees.