1. Consent to the processing of personal data for site visitors
Continuing to use the site, you express your consent to PJSC AKB Primorye (address: 690091, Vladivostok, 47 Svetlanskaya St.) for the automated processing of your personal data (cookies, information about user actions on the site, information about user equipment, date and time, place of session), including using metric programs.
Processing is the collection, recording, systematization, accumulation, storage, refinement, extraction, use, transfer, depersonalization, blocking, deletion, destruction of the processed data, and is carried out in order to improve the functioning of the site, determine user preferences, statistical studies and advertising campaigns.
This consent is valid from the moment of its provision and during the entire period of use of the site.
If you refuse to process personal data with metric programs, you need to stop using the site or disable cookies in your browser settings.
2. Personal Data Processing Policy
The most important condition for the implementation of the objectives of the activities of PJSC AKB Primorye (hereinafter referred to as the Bank) is to ensure the necessary and sufficient level of information security of assets, which include personal data and banking technological processes in which they are processed.
The Policy regarding the processing of personal data (hereinafter referred to as the Policy) is the fundamental document governing the processing of personal data at the Bank.
The provisions of this Policy serve as the basis for the development of local acts governing the processing of personal data.
For the purposes of this Policy, the following concepts are used:
- personal data (hereinafter — PD) — any information relating directly or indirectly to a defined or determined individual (subject of personal data);
- operator — the Bank, independently or jointly with other persons organizing and (or) carrying out PD processing, as well as determining the purposes of processing PD, the composition of PD to be processed, actions (operations) performed with PD;
- processing of personal data — any action (operation) or set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data;
- automated processing of personal data — PD processing using computer technology;
- provision of personal data — actions aimed at disclosing PD to a certain person or a certain circle of persons;
- blocking of personal data — temporary termination of PD processing (except if processing is necessary to clarify personal data);
- destruction of personal data — actions, as a result of which it becomes impossible to restore the contents of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed;
- depersonalization of personal data — actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a specific subject of personal data;
- personal data information system (hereinafter — ISPDn) — a set of personal data contained in databases and providing information processing of information technologies and technical means;
- confidentiality of personal data — the Bank that gained access to the data must not disclose it to third parties or distribute it without the consent of the data subject, unless otherwise provided by federal law;
- cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or to a foreign legal entity.
Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ «On Personal Data».
Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 «On approval of the requirements for the protection of personal data during their processing in personal data information systems».
Personal Data Subjects
Employees — candidates (applicants) for filling vacant posts and their close relatives, spouses; Bank employees (including those laid off) and their close relatives and spouses.
Clients — individuals (borrowers, depositors, account holders, beneficiaries, etc.) who are or were in contractual and other civil law relations with the Bank or in pre-contractual relations with the Bank and their representatives, guarantors, close relatives, spouses; beneficial owners, employees, managers and chief accountants of subcontractors, suppliers and other legal entities having a contractual relationship with the Bank or in pre-contractual relations, visitors to the Bank.
Approval and Review
This Policy shall enter into force on the day of approval by the Management Board of the Bank and shall remain in force until the entry into force of the new Policy regarding the processing of personal data.
The Bank shall review the provisions of this Policy and update it as necessary, but at least once every three years, as well as:
- when changing the provisions of the legislation of the Russian Federation in the field of PD (until the moment of making changes, this Policy is valid in part that does not contradict the current legislation of the Russian Federation);
- in case of detection of discrepancies affecting the processing and (or) protection of personal data;
- based on the results of monitoring compliance with the requirements for processing and (or) protection of personal data;
- when changing the bank’s business processes affecting PD processing.
Unlimited access to the Policy is ensured by publishing it on the Bank’s official website on the Internet.
Purpose and principles of processing personal data
PD processing at the Bank is carried out solely to ensure compliance with laws and other regulatory legal acts of the Russian Federation; banking operations and other activities provided for by the Charter and licenses of the Bank; conclusion and execution of civil contracts.
Storage of personal data is carried out in a form that allows to determine the subject of personal data, no longer than what is required by the processing of personal data, if the storage period of personal data is not established by the validity period of the order of the Ministry of Culture of the Russian Federation of August 25, 2010 No. 558 «On approval of the List of typical management archival documents generated in the process of activity of state bodies, local self-government bodies and organizations, indicating storage periods », resolution of the Federal Commission for the Securities Market of July 16, 2003 No. 03 — 33 / p" On Approval uu Regulations on the procedure and terms of storage of documents of joint stock companies «, or other requirements of the Russian legislation or the contract, a party which, beneficiary or guarantor for that is the subject of PD. Processed PD are subject to destruction or depersonalization upon achievement of processing goals or in case of loss of need to achieve these goals.
A condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the expiration of the consent period or the withdrawal of the consent of the subject of personal data to the processing of its personal data, as well as the identification of illegal processing of personal data.
PD processing at the Bank is based on the principles of:
- the legitimacy of the purposes and methods of processing PD and good faith;
- compliance of the volume and nature of the processed PD, the methods of processing PD, the goals previously defined and declared during the collection of PD, as well as the powers of the operator;
- reliability PD, their sufficiency for processing purposes;
- Inadmissibility of processing PD, excessive in relation to the goals declared during the collection of PD;
- the inadmissibility of combining databases of information systems of personal data created for incompatible purposes.
The goals of processing employee PD are: selection of candidates for vacant positions, assistance in finding work and finding employment, HR management, accounting and military records, ensuring personal safety and quality of work, compliance with tax laws in connection with the calculation and payment of personal income tax , as well as the unified social tax, pension legislation, regulatory documents of the Central Bank of the Russian Federation when determining compliance with qualification requirements to them and requirements in relation to business reputation, other regulatory legal acts.
The goals of processing personal data of clients are: banking operations and other activities stipulated by the Bank’s Charter, the current legislation of the Russian Federation, regulatory documents of the Central Bank of Russia, as well as the conclusion, execution and termination of contracts with individuals and legal entities, the fulfillment of obligations under contracts in accordance with the law Russian Federation.
Legal basis for the processing of personal data
The basis for processing personal data of personal data subjects in the Bank are:
- «The Constitution of the Russian Federation» (adopted by popular vote 12/12/1993);
- «Tax Code of the Russian Federation»;
- «Civil Code of the Russian Federation»;
- «The Labor Code of the Russian Federation» dated December 30, 2001 No. 197-FZ;
- Federal Law dated 02.12.1990 No. 395–1 «On Banks and Banking Activities»;
- Federal Law dated 10.07.2002 No. 86-ФЗ «On the Central Bank of the Russian Federation (Bank of Russia)»;
- Federal Law of 07.08.2001 No. 115-ФЗ «On Counteracting the Legalization (Laundering) of Criminally Obtained Incomes and the Financing of Terrorism»;
- Federal Law of 30.12.2004 No. 218-FZ «On Credit Histories»;
- Federal Law of 10.12.2003 No. 173-ФЗ «On Currency Regulation and Currency Control»;
- Federal Law of December 23, 2003 No. 177-ФЗ «On Insurance of Deposits of Individuals with Banks of the Russian Federation»;
- Federal Law of 04.22.1996 No. 39-FZ «On the Securities Market»;
- Federal Law of July 27, 2010 No. 224-ФЗ «On Countering the Illegal Use of Insider Information and Market Manipulation and on Amending Certain Legislative Acts of the Russian Federation»;
- Federal Law of 01.04.1996 No. 27-ФЗ «On Individual (Personified) Accounting in the Compulsory Pension Insurance System»;
- Federal Law of December 15, 2001 No. 167-ФЗ «On Compulsory Pension Insurance in the Russian Federation»;
- Federal Law of November 29, 2010 No. 326-ФЗ «On Compulsory Health Insurance in the Russian Federation»;
- Decree of the Government of the Russian Federation of November 27, 2006 No. 719 «On approval of the Regulation on military registration»;
- Federal Law dated 02.05.2006 No. 59-ФЗ «On the Procedure for Considering Appeals of Citizens of the Russian Federation»;
- The Law of the Russian Federation of 04.19.1991 No. 1032-1 «On Employment in the Russian Federation»;
- Federal Law of July 27, 2006 No. 149-FZ «On Information, Information Technologies and the Protection of Information»;
- Federal Law dated 06.04.2011 No. 63-FZ «On Electronic Signatures»;
- Order of the Ministry of Communications of Russia dated June 25, 2018 No. 321 «On approval of the processing procedure, including collection and storage, of biometric personal data parameters for identification, the procedure for placing and updating biometric personal data in a single biometric system, as well as requirements for information technologies and technical means intended for the processing of biometric personal data for the purpose of identification »;
- General license of the Central Bank of Russia No. 3001 dated 12/12/2015;
- Charter of PJSC AKB Primorye;
- Agreements concluded between the Bank and the subject of personal data;
- Consent to the processing of personal data (in cases not directly provided for by the legislation of the Russian Federation, but corresponding to the powers of the Bank).
Volume and categories of processed personal data
The Bank processes the following PD:
surname, first name, middle name, year of birth, month of birth, date of birth, place of birth, address, marital status, social status, property status, education, profession, income. Gender, passport details (general civil, official, diplomatic, foreign) or data of another identification document (series, number, date of issue, name of issuing authority) and citizenship. Address of residence (according to passport and actual) and date of registration at the place of residence or at the place of stay. Phone number (mobile and home), if registered with the subject of personal data or at the address of his place of residence (according to passport). Information about education, qualifications and the availability of special knowledge or special training (series, number, date of issue of the diploma, certificate, certificate). A document on the termination of an educational institution, including the name and location of an educational institution, the date of commencement and completion of studies, faculty or department, qualifications and specialties upon graduation, academic degree, academic status, knowledge of foreign languages and other information. Information about previous work. Information about the duration of the total seniority, seniority. Information on advanced training and retraining (series, number, date of issue of a document on advanced training or retraining, the name and location of the educational institution, the date of commencement and completion of studies, qualifications and specialties at the end of the educational institution, and other information). Information about wages (account numbers for settlements with employees, data of salary agreements with customers, including their card account numbers, data on salaries, allowances, taxes and other information). Information on the military registration of persons liable for military service and persons subject to conscription (series, number, date of issue, name of authority issuing the military ID, military specialty, military rank, data on acceptance / deregistration (a) and others intelligence). Information on the marital status (state of marriage, data of the marriage certificate, last name, first name, middle name of the spouse (s), degree of kinship, last name, first name, middle name and birth dates of other family members, dependents and other information). Information on property (property status): vehicles (state numbers and other data from certificates of registration of vehicles and from passports of vehicles); real estate (type, type, method of receipt, general characteristics, cost, full addresses of the placement of real estate and other information); bank deposits (data of agreements with customers, including their account numbers, card accounts, type, placement period, amount, deposit conditions and other information); loans (loans), bank accounts (including card accounts), cash and securities, including in trust and in custody (data of contracts with customers, including account numbers, card accounts, bank card numbers, code information by credit card, credit history codes, addresses of acquired real estate, amount and currency of the loan or loan, purpose of the loan, loan conditions, information about the pledge, information about the purchased property, data on securities, balances and amounts of movement with Etam, type of bank card limits and other information). Information about the number and series of the state pension insurance certificate. Information about taxpayer identification number. Information from the insurance policies of compulsory (voluntary) medical insurance (including data of the corresponding medical insurance cards). Information indicated in the originals and copies of orders on the personnel of the Bank and materials thereto. Information on temporary disability of the Bank’s employees. Information about the state of health and its compliance with the work performed. Personnel number of the Bank employee. The fact of the presence / absence of a criminal record (processed only on paper). Information about social benefits and social status (series, number, date of issue, name of the authority that issued the document, which is the basis for the provision of benefits and status). The image of the face obtained with the help of photo and video devices, the voice obtained with the help of sound recording devices.
The Bank processes biometric PD with the following objectives:
- organization of access control;
- registration and identification of the subject of PD in the «Unified system of identification and authentication in the infrastructure, providing information and technological interaction of information systems used to provide state and municipal services in electronic form» (hereinafter — ESIA) .1
The Bank does not process special categories of PD related to race, nationality, political views, religious or philosophical beliefs, or intimate life.
5. The procedure and conditions for the processing of personal data
5/1PD processing is carried out with the written consent of the PD subject to the processing of its PD, unless otherwise provided by the legislation of the Russian Federation.
The PD subject makes a decision on the provision of its PD and agrees to their processing freely, of his own free will and in his own interests. Consent to the processing of personal data can be given by the subject of personal data or his representative in any form that allows confirming the fact of its receipt, unless otherwise provided by federal law. In case of obtaining consent to the processing of personal data from the representative of the personal data subject, the authority of this representative to give consent on behalf of the personal data subject is checked by the Bank.
Consent to the processing of personal data may be revoked by the subject of personal data. In case of withdrawal by the subject of personal data of consent to the processing of personal data, the Bank is entitled to continue processing of personal data without the consent of the subject of personal data if there are grounds stipulated by the legislation of the Russian Federation.
PD received by the Bank are stored in paper and electronic form. In electronic form, personal data are stored in the ISPD of the Bank.
Employees with access to personal data receive only personal data that they need to perform specific labor functions.
The Bank at its own expense provides the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.
The Bank undertakes not to disclose to third parties or distribute PD without the consent of the entity, with the exception of cases provided for by the legislation of the Russian Federation or upon receipt of a request from authorized state bodies.
Cross-border transfer of personal data in the territory of foreign states that do not provide adequate protection of the rights of private individuals is carried out only in cases where there is a written consent of the private subject to personal cross-border transfer of personal data, the execution of an agreement to which the private party is private, and also in other cases provided for by law.
Automated PD processing is carried out in ISPD. PDN protection in ISPDn is carried out in accordance with applicable law. All ISPD databases are located in the Russian Federation.
6. Rights of subjects of personal data and processing requests of a subject of personal data
Rights of the subject of personal data to access his personal data
The subject of personal data has the right to receive information regarding the processing of personal data of the relevant subject of personal data, including containing:
- confirmation of the fact of PD processing;
- legal grounds and goals of processing PD;
- goals and applied methods for processing PD;
- the name and location of the Bank, information about persons (with the exception of operator’s employees) who have access to personal data or to whom personal data can be disclosed on the basis of an agreement with the Bank or on the basis of Federal Law No. 152-FZ of July 27, 2006 «On Personal Data» «;
- processed personal data related to the relevant subject of personal data, the source of their receipt, unless otherwise provided for by the Federal Law of July 27, 2006 No. 152-FZ «On Personal Data»;
- terms of processing PD, including the periods of their storage;
- the procedure for the implementation by the PD subject of the rights stipulated by the Federal Law of July 27, 2006 No. 152-ФЗ «On Personal Data»;
- information on completed or proposed cross-border data transfer;
- name or surname, first name, patronymic and address of the person carrying out PD processing on behalf of the operator, if the processing is entrusted or will be entrusted to such a person;
- other information provided for by the Federal Law of July 27, 2006 No. 152-FZ «On Personal Data» or other federal laws.
A PD subject has the right to clarify, block or destroy his PD if PD is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided for by the legislation of the Russian Federation in the field of PD to protect his rights.
The Bank has the right to refuse to provide the above information to the Subject in cases provided for by the Federal Law of July 27, 2006 No. 152-ФЗ «On Personal Data» or other Federal laws.
The rights of personal data subjects in the processing of their personal data in order to promote services on the market
PD processing in order to promote services on the market through direct contacts with a potential consumer using communication means is allowed only with the prior consent of the PD subject. The specified PD processing is deemed to be carried out without the prior consent of the PD subject, unless the operator proves that such consent was obtained.
The Bank is obliged to immediately stop at the request of the PD subject the processing of its PD specified in clause 6.2.1.
Rights of subjects of personal data when making decisions on the basis of exclusively automated processing of their personal data
It is forbidden to make decisions on the basis of exclusively automated PD processing that give rise to legal consequences for the PD subject or otherwise affect his rights and legitimate interests, with the exception of cases provided for in clause 6.3.2.
A decision that gives rise to legal consequences in relation to a PD subject or otherwise affects his rights and legitimate interests can be made on the basis of exclusively automated processing of his PD only with the written consent of the PD subject or in cases provided for by federal laws that also establish measures for ensuring the observance of the rights and legitimate interests of the subject of PD
The Bank is obliged to explain to the PD subject the procedure for making a decision on the basis of exclusively automated processing of its PD and the possible legal consequences of such a decision, provide an opportunity to file an objection to such a decision, and also to clarify the procedure for the PD subject to protect its rights and legitimate interests.
The Bank is obliged to consider the objection specified in clause 6.3.3 of this article within thirty days from the date of its receipt and notify the PD subject of the results of the consideration of such an objection.
The right to appeal against the actions or omissions of the operator
If the PD subject considers that the Bank is processing its PD in violation of the requirements of this Federal Law or otherwise violates its rights and freedoms, the PD subject has the right to appeal the Bank’s actions or inaction to the authorized body for protecting the rights of PD subjects — the Federal Service for Supervision of Communications , information technology and mass communications (Roskomnadzor) or in court.
The PD subject has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court.
7. Processing requests of the subject of personal data
To ensure compliance with the rights established by law of PD subjects, the Bank has developed internal regulatory documents that determine the procedure for handling requests and requests of PD subjects.
The request is issued in any form, but must contain the number of the main document proving the identity of the PD subject or his representative, information on the date of issue of the specified document and the issuing authority, information confirming the participation of the PD subject in relations with the Bank (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information that otherwise confirms the fact that the Bank processed personal data, the signature of the personal data subject or his representative. The request is transmitted to the addresses of the Bank. The request may be sent in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation.
Personal data security
The Bank takes the necessary legal, organizational and technical measures to ensure the security of personal data from accidental or unauthorized access, destruction, alteration, blocking of access and other unauthorized actions.
PD security measures include, but are not limited to:
- the appointment of those responsible for organizing the processing and protection of PD;
- development of a Policy regarding the processing of personal data, the Regulation on the processing of personal data, and other regulatory documents on the processing of personal data, as well as regulatory documents establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation, eliminating the consequences of such violations;
- identification of security risks for PD during their processing in PD information systems;
- detection of unauthorized access to personal data and taking measures;
- restoration of personal data, modified or destroyed due to unauthorized access to them;
- control over the measures taken to ensure the security of personal data and the level of security of the ISPD;
- the application of organizational and technical measures to ensure the safety of PD during their processing in ISPD necessary to fulfill the requirements for the protection of PD, the fulfillment of which ensures the levels of PD security established by the Government of the Russian Federation;
- assessment of the harm that may be caused to PD subjects in case of violation of this Federal Law, the ratio of the specified harm and the measures taken by the operator aimed at ensuring the fulfillment of the obligations stipulated by this Federal Law;
- familiarization of the Bank’s employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the Bank’s policy regarding the processing of personal data, local acts on the processing of personal data, and (or) training of these employees ;
- implementation of password protection when accessing resources processed in ISPDn;
- the use of firewalling;
- organization of protection of PD resources from the effects of malicious code;
- ensuring access control.
Responsibility for implementing the provisions of the Policy
Bank employees who process PDs, as well as those responsible for organizing and ensuring the safety of PDs in the Bank, bear disciplinary and administrative responsibility in accordance with the current legislation of the Russian Federation for violation of the provisions of this Policy, regulatory documents of the Bank, other requirements stipulated by the legislation of the Russian Federation in the field of PD