FASTMED24 personal data protection and processing policy

1.1. This policy regarding the processing of personal data (Policy) prepared in accordance with the Federal law "On personal data" № 152-FZ of 27 July 2006, as well as other normative legal acts of the Russian Federation in the field of protection and processing of personal data and applies to all personal data (hereinafter – data), which the Organization (hereinafter – the Operator, the company) may obtain from the data subject, who has a civil contract, from the Internet user (hereinafter – User) during use of any of the sites, services, programs of Fastmed24.
1.2. The operator ensures the protection of processed personal data against unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal law of 27 July 2006 № 152-FZ "On personal data".
1.3. The operator has the right to make changes in this Policy. When changes are made, the Policy header indicates the date when the revision was updated. The new version of the Policy takes effect from the moment of posting it on the site, unless otherwise provided by the new version of the Policy.
1.4. This Policy does not apply, and the Operator does not control and is not responsible for third person websites to which the User can click on the links available on the Site. On such sites, other personal data may be collected or requested from the User, as well as other actions may be performed.
1.5. This Policy is a publicly available document that declares the conceptual basis of the Operator's activity in the processing of personal data.
1.6. Information about the Operator: limited liability company "MGK-Diagnostics", TIN 7719888620, OGRN 1147746984660, address of the place of activity: 107023, Semenovsky pereulok, 11, phone: 7 (499) 322-36-36
1.7. the User's Use of the Organization's website means acceptance of this Policy for the protection and processing of the User's personal data.
1.8. In case of disagreement with the terms of the Policy, the User must stop using the Organization's website.

2. Terms and accepted abbreviations

Personal data is any information related directly or indirectly to a specific or identifiable individual (personal data subject).
Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Personal data information system (PDIS) – a set of personal data contained in databases and information technologies and technical means that ensure their processing.
Personal data made publicly available by the subject of personal data – personal data that an unlimited number of persons have access to, or at the request, the subject of personal data.
Blocking of personal data – temporary termination of processing of personal data (except for cases when processing is necessary to clarify personal data)
"IP address" is a unique network address of a node in a computer network built over the IP Protocol.
Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.
Operator is an organization that independently or jointly with other persons organizes the processing of personal data, as well as determines the purposes of processing personal data to be processed, actions (operations) performed with personal data.

3. Processing of personal data

3.1. Receiving personal data.
3.1.1. Personal data authorized for processing under this privacy Policy is provided by the User by filling in the registration form on the Operator's Website.
3.1.2. the Operator must inform the subject of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid, and the procedure for revoking it, as well as the consequences of the subject's refusal to give written consent to receive them.
3.1.3. Documents containing personal data are created by:

3.2. The processing of personal data.
3.2.1. Principles and conditions of personal data processing:
3.2.2. personal data Processing must be carried out on a legal and fair basis.
3.2.3. the Processing of personal data must be limited to the achievement of specific, pre-defined and legitimate goals.
3.2.4. it is not allowed to combine databases containing personal data that are processed for purposes that are incompatible with each other.
3.2.5. The treatment will be only personal data meeting the purposes of processing.
3.2.6. The content and scope of the personal data processed must correspond to the declared purpose of processing.
3.2.7. when processing personal data, the accuracy of personal data, its sufficiency, and, where necessary, its relevance to the purposes of personal data processing must be ensured.
3.3. personal data is processed by:

3.3.1. Purposes of personal data processing:

3.3.2. the Operator does not verify the accuracy of personal data provided by Users, and does not monitor their legal capacity. However, the Operator assumes that the User provides reliable and sufficient personal data on the issues requested on the Site, and maintains this data up to date. The consequences of providing false data are defined in the User agreement. Users are responsible for providing false data in accordance with the legislation of the Russian Federation.
3.3.3. Categories of personal data subjects. Personal data of the following personal data subjects are processed:

3.3.4. Personal data processed by the Operator:

3.3.5. The processing of personal data is:

3.3.4. the Operator does not make a cross-border transfer of personal data (to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity).
3.4. Storage of personal data.
3.4.1. Subjects ' personal data can be obtained, to be further processed and transmitted to storage on paper and electronically.
3.4.2. Personal data recorded on paper is stored in locked cabinets or in locked rooms with restricted access rights.
3.4.3. Personal data of the subjects treated with the use of automation for different purposes, stored in different folders.
3.4.4. Storage of personal data in the form that allows to identify the data subject, not longer than required by the purpose of their processing, and they are liable to destruction on reaching the purposes of processing or in case of loss of necessity in them achievement.
3.5. Destruction of personal data.
3.5.1. Personal data on electronic media is destroyed by erasing or formatting the media.
3.5.2. Fact of destruction of personal data is documented by the act of destruction of media.
3.6. Transfer of personal data.
3.6.1. The operator transmits personal data to third parties in the following cases:

3.6.2. List of persons to whom personal data is transferred.

4. Personal Data Protection

4.1. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPS) consisting of subsystems of legal, organizational and technical protection.
4.2. the legal protection Subsystem is a set of legal, organizational, administrative and regulatory documents that ensure the creation, operation and improvement of the PDPS.
4.3. Subsystem organizational security includes the organization management structure of PDPS, licensing system, protection of information while working with employees, partners and third parties.
4.4. The technical protection Subsystem includes a set of technical, software, software and hardware tools that ensure the protection of personal data.
4.5. The main measures of personal data protection used by the Operator are:
4.5.1. Appointment of a person responsible for the processing of personal data, who organizes the processing of personal data, training and instruction, internal control over the compliance of the institution and its employees with the requirements for the protection of personal data.
4.5.2. Identification of current threats to the security of personal data during their processing in the PDPS and development of measures and measures to protect personal data.
4.5.3. Policy development in relation to the processing of personal data.
4.5.4. Establishing rules for access to personal data processed in the PDPS, as well as ensuring registration and accounting of all actions performed with personal data in the PDPS.
4.5.5. Setting individual passwords for employees ' access to the information system in accordance with their work responsibilities.
4.5.6. Certified antivirus software with regularly updated databases.
4.5.7. Compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them.
4.5.8. Detection of unauthorized access to personal data and taking measures.
4.5.9. Reinstatement of personal data modified or destroyed due to unauthorized access to them.
4.5.10. Training of the Operator's employees directly involved in the processing of personal data on the provisions of the legislation of the Russian Federation on personal data, including requirements for personal data protection, documents defining the Operator's policy on personal data processing, and local acts on personal data processing.
4.5.11. Implementation of internal control and audit.

5. Basic rights of the personal data subject and obligations of the Operator

5.1. Basic rights of the personal data subject.
The subject has the right to access his / her personal data and the following information:

5.2. Obligations Of The Operator.
The operator must:

6. Contact information

6.1. E-mail for requests related to the processing of personal data:
6.2. Technical support site: