POLICY on
the processing of personal data at National Research Tomsk State University

на русском
APPROVED by Rector of Tomsk State University E.V. Galazhinskiy
November, 30, 2015

1. General provisions

1.1. The Policy on personal data processing (hereinafter referred to as the Policy) is aimed at protecting the rights and freedoms of individuals (personal data subjects) whose personal data is processed by NR TSU (hereinafter referred to as the Operator).

1.2. The Policy has been developed in accordance with clause 2, Part 1, Article 18.1 of Federal Law No. 152-FL "On Personal Data" of July 27, 2006 (hereinafter referred to as the Federal Law "On Personal Data").

1.3. The Policy contains information subject to disclosure in accordance with Part 1 of Article 14 of the Federal Law "On Personal Data" and is a publicly available document.

2. Information about the Operator

2.1. The Operator operates at 36 Lenin Ave., Tomsk, Tomsk region.

2.2. Vice-Rector for Development Programs Dmitry V. Sukhushin (phone +7 (3822) 52-9463) has been appointed responsible for the organization of personal data processing at Tomsk State University.

2.3. The database of information containing personal data of citizens of the Russian Federation is located at the address: Tomsk, Lenin Ave., 36, building No. 2, building No. 11 (server room).

3. Information about the processing of personal data

3.1. The Operator processes personal data on a legal and fair basis in order to perform the functions, powers and duties assigned by the legislation, to exercise the rights and legitimate interests of the Operator, the Operator's employees and third parties.

3.2. The Operator receives personal data directly from the personal data subjects.

3.3. The Operator processes personal data in automated and non-automated ways, using computer technology and without the use of such means.

3.4. Actions related to the processing of personal data include collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

3.5. Databases of information containing personal data of citizens of the Russian Federation are located on the territory of the Russian Federation.

4. Processing of personal data of employees

4.1. The Operator processes the personal data of the Operator's employees within the framework of legal relations regulated by the Labor Code of the Russian Federation No. 197-FL of December 30, 2001 (hereinafter referred to as the Labor Code of the Russian Federation), including Chapter 14 of the Labor Code of the Russian Federation concerning the protection of personal data of employees

4.2. The operator processes the personal data of employees for the purpose of ensuring the production activities of the organization established to achieve educational, scientific, social, cultural and managerial goals, compliance with the legislation of the Russian Federation, as well as for the purpose of:

— maintaining personnel records;

— maintaining accounting records;

— performing the functions, powers and duties assigned by the legislation of the Russian Federation to the Operator, including providing personal data to state authorities, to the Pension Fund of the Russian Federation, to the Social Insurance Fund of the Russian Federation, to the Federal Compulsory Medical Insurance Fund, as well as to other state bodies;

— compliance with the norms and requirements for labor protection and ensuring the personal safety of employees of NR TSU, the safety of property;

— control of the quantity and quality of the work performed;

— provision of benefits and compensations provided for by the legislation of the Russian Federation;

— opening of personal bank accounts of employees of NR TSU for the transfer of wages;

— transfer of insurance contributions to non-state pension funds;

— ensuring access to the Operator's territory;

— organization of training of employees and students of NR TSU;

— publications on the website, in internal directories, address books of the organization.



4.3. The Operator does not make decisions affecting the interests of employees based on their personal data obtained electronically or solely as a result of automated processing.

4.4. The Operator protects the personal data of employees at its own expense in accordance with the procedure established by the Labor Code of the Russian Federation, the Federal Law "On Personal Data" and other federal laws.

4.5. The Operator introduces employees and their representatives to the documents establishing the procedure for processing personal data of employees, as well as their rights and obligations in this area.

4.6. The Operator allows access to the personal data of employees only to authorized persons who have the right to receive only the data that is necessary for the performance of their functions.

4.7. The Operator receives all personal data of employees from them. If the employee's data can only be obtained from a third party, the Operator notifies the employee in advance and receives his written consent. The operator informs the employee about the purposes, sources, methods of obtaining, as well as the nature of the data to be obtained and the consequences of the employee's refusal to give written consent to receive them.

4.8. The Operator processes the personal data of employees with their written consent provided for the duration of the employment contract.

4.9. The Operator processes the personal data of employees during the term of the employment contract. The Operator processes the personal data of dismissed employees within the period established by clause 5, Part 3, Article 24 of Part One of the Tax Code of the Russian Federation No. 146-FL of July 31, 1998, Part 1, Article 29 of the Federal Law" On Accounting " of December 6, 2011 No. 402-FL and other regulatory legal acts.

4.10. The operator may process special categories of personal data of employees (information about the state of health related to the possibility of performing their work functions) on the basis of clause 2.3, Part 2, Article 10 of the Federal Law "On Personal 'Data".

4.11. The Operator does not receive data on the membership of employees in public associations or their trade union activities, except in cases provided for by the Labor Code of the Russian Federation or other federal laws.

4.12. The Operator processes the following personal data of employees:

— Last name, first name, patronymic;

— Type, series and number of the identity document;

— Date of issue of the identity document and the issuing authority;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Address;

— Contact phone number;

— Email address;

— Taxpayer identification number;

— Number of the insurance certificate of the state pension insurance;

— Marital status;

— Photo;

— Education;

— Job;

— Temporary disability;

— Position;

— Employee number;

— Work experience;

— Academic degree, title;

— Scientific and pedagogical experience;

— Information about military registration;

— Information about your stay abroad;

— Income;

— Insurance payments for compulsory pension insurance;

— Insurance payments for compulsory health insurance;

— Tax deductions;

— Preferential payments;

— Retirement;

— Additional insurance paments for the funded part of the pension;

— Social status;

— Information about social benefits.



4.13. The Operator does not disclose the employee's personal data to a third party without his written consent, except in cases where it is necessary to prevent threats to the life and health of the employee, as well as in other cases provided for by the Labor Code of the Russian Federation, Federal Law "On Personal Data" or other federal laws.

4.14. The Operator does not disclose the employee's personal data for commercial purposes without his written consent.

4.15. The operator transfers personal data of employees to their representatives in accordance with the procedure established by the Labor Code of the Russian Federation, the Federal Law "On Personal Data" and other federal laws, and restricts this information only to those data that are necessary for the representatives to perform their functions.

4.16. The Operator warns the persons receiving the employee's personal data that this data can only be used for the purposes for which it is reported, and requires these persons to confirm that this rule is observed.

4.17. In accordance with the procedure established by law and in accordance with Article 7 of the Federal Law "On Personal Data", in order to achieve the purposes of processing personal data and with the consent of employees, the Operator provides personal data of employees or assigns their processing to the following persons:

— Government bodies (Pension Fund of the Russian Federation, Federal Tax Service, Social Insurance Fund, etc.);

— Bank (salary);

— Passenger cargo transportation companies and hotels (as part of the organization of business trips).

4.18. The employee can get free access to information about his personal data and about the processing of this data. An employee may obtain a copy of any record containing their personal data, except in cases provided for by federal law.

4.19. The employee may designate a representative to protect his/her personal data.

4.20. The Employee may request to exclude or correct their incorrect or incomplete personal data, as well as data processed in violation of the requirements of the Labor Code of the Russian Federation, the Federal Law "On Personal Data" or other federal law. If the Operator refuses to exclude or correct the employee's personal data, the Operator may declare its disagreement in writing and justify such disagreement. The employee may supplement the personal data of an evaluative nature with a statement expressing his own point of view.

4.21. The Employee may request that all persons who have previously been informed of their incorrect or incomplete personal data be notified of any exceptions, corrections or additions made to them.

4.22. The Employee may appeal to the court against any illegal actions or omissions of the Operator in the processing and protection of his personal data.



5. Processing of personal data of individuals: "applicants"

5.1. The Operator processes the personal data of individuals "applicants" in the framework of legal relations with the Operator, regulated by Part two of the Civil Code of the Russian Federation of January 26, 1996 No. 14-FL.

5.2. The Operator processes the personal data of individuals "applicants" in order to: - to carry out the types of activities provided for in the constituent documents of the NR TSU.

5.3. The Operator processes the personal data of individuals "applicants" with their consent, provided either in writing or when performing specific actions. The operator processes the personal data of underage individuals "applicants" with the consent of their legal representatives.

5.4. The Operator processes the personal data of individuals "applicants" no longer than the purposes of processing personal data require, unless otherwise provided by the requirements of the legislation of the Russian Federation.

5.5. The Operator processes special categories of personal data of underage individuals "applicants" with the written consent of their legal representatives on the basis of Part 1 of Article 9, paragraph 1 of Part 2 of Article 10 of the Federal Law "On Personal Data".

5.6. The Operator processes the following personal data of individuals "applicants":

— Last name, first name, patronymic;

— Type, series and number of the identity document;

— Date of issue of the identity document and the issuing authority;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Address;

— Contact phone number;

— Email address;

— Photo;

— Education;

— Information about military registration;

— Social status;

— Information about social benefits.



6. Processing of personal data of individuals: "students"

6.1. The Operator processes the personal data of individuals "students" within the framework of legal relations with the Operator, regulated by Part Two of the Civil Code of the Russian Federation of January 26, 1996 No. 14-FL.

The Operator processes the personal data of individuals "students" for the purpose of:

— enter into and fulfill obligations under contracts;

— to carry out the types of activities provided in the constituent documents of the NR TSU

6.2. The Operator processes the personal data of individuals "students" with their consent, provided for the duration of the contracts concluded with them. In the cases provided for by the Federal Law "On Personal Data", the consent is provided in writing. In other cases, the consent is considered to be obtained at the conclusion of the contract or when performing certain actions. The operator processes the personal data of underage individuals "students" with the consent of their legal representatives, which, in cases provided for by the Federal Law "On Personal Data", is provided in writing, and in other cases, the consent is considered to have been obtained at the conclusion of the contract or when performing certain actions.

6.3. The Operator processes the personal data of individuals "students" during the validity period of the contracts concluded with them. The operator may process the personal data of individuals "students" after the expiration of the validity period of the contracts concluded with them within the period established by clause 5, Part 3, Article 24 of Part one of the Tax Code of the Russian Federation, Part 1, Article 29 of the Federal Law "On Accounting" and other regulatory legal acts.

6.4. The Operator processes special categories of personal data of underage individuals "students" with the written consent of their legal representatives on the basis of Part 1 of Article 9, paragraph 1 of Part 2 of Article 10 of the Federal Law "On Personal Data".

The Operator processes the following personal data of individuals "students":

— Last name, first name, patronymic;

— Type, series and number of the identity document;

— Date of issue of the identity document and the issuing authority;

— Year of birth;

— Month of birth;

— Date of birth;

— Place of birth;

— Address;

— Contact phone number;

— Email address;

— Photo;

— Education;

— Job;

— Information about military registration;

— Social status;

— Information about social benefits.

— Marital status;

— Academic degree, title;

— Taxpayer identification number;

— Number of the state pension insurance certificate.

6.5. In order to achieve the purposes of processing personal data and with the consent of individuals "students", the Operator provides personal data or assigns their processing to the following persons:

— Bank (scholarships).

7. Information about ensuring the security of personal data

7.1. The Operator appoints a person responsible for organizing the processing of personal data to perform the duties provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.

7.2. The Operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:

— provides unlimited access to the Policy, a copy of which is available at the Operator's location, and can also be posted on the Operator's website (if available);

— in compliance with the Policy, approves and puts into effect the document "Regulation on the Processing of Personal Data" (hereinafter — the Regulation) and other local acts;

— familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;

— allows employees to access personal data processed in the Operator's information system, as well as their material carriers, only for the performance of their work duties;

— sets the rules for access to personal data processed in the Operator's information system, as well as ensures the registration and accounting of all actions with them;

— assesses the damage that may be caused to the subjects of personal data in the event of a violation of the Federal Law "On Personal Data";

— identifies threats to the security of personal data when they are processed in the Operator's information system;

— applies organizational and technical measures and uses information security tools necessary to achieve the established level of personal data security;

— detects the facts of unauthorized access to personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them;

— assesses the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the Operator's information system;

— performs internal control over the compliance of personal data processing with the Federal Law "On Personal Data", regulatory legal acts adopted in accordance with it, requirements for the protection of personal data, Policies, Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security when processing in the Operator's information system.

8. Rights of personal data subjects

8.1. The subject of personal data has the right to:

— receive personal data related to this subject and information related to their processing;

— clarify, block or destroy their personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;

— revoke their consent to the processing of personal data;

— protect their rights and legitimate interests, including compensation for damages and compensation for non-pecuniary damage in court;

— appeal against the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.

In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain the information specified in Part 3 of Article 14 of the Federal Law "On Personal Data".
Made on
Tilda