1. General provisions
1.1. This Confidentiality Policy of TransCord OOO is developed in order to comply with requirements of Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006, the Russian Government’s Regulation No. 1119a “On Approval of Requirements to Personal Data Protection during Processing thereof in Personal Data Information Systems” dated November 1, 2012, as well as other laws and regulations of the Russian Federation in the field of personal data.
1.2. This Confidentiality Policy shall determine purposes and the procedure to collect the Personal Data of the Users at TransCord OOO (hereinafter – the “Company”), requirements to the processing and protection of the Personal Data, to arrangement of control of access to locations and facilities used to store the Personal Data, methods and time limits for the Personal Data processing, as well as obligations of the Users and the Company’s Management.
1.3. Requirements of this Confidentiality Policy shall be applied to all Users and employees of the Company’s Management who, by virtue of their offices, have access to the premises and the facilities used for collection, processing and storage of the Users’ Personal Data.
1.4. Use of the site and/or the Mobile Application by the User shall mean the User’s consent to this Confidentiality Policy and the terms and conditions of processing such User’s Personal Data.
1.5. If the User does not agree with the terms and conditions of the Confidentiality Policy, they shall stop using the site and/or the Mobile Application.
1.6. This Confidentiality Policy shall be applied to the site and the Mobile Application only. The Company does not control and shall not be liable for third party sites which can be accessed to the User via links available on the Company’s site.
2. Terms and definitions
2.1. The following terms and definitions are used in this Confidentiality Policy:
Company’s Site Administrators (hereinafter – the “Site Administrators”) – employees authorized to manage the site and acting on behalf of TransCord OOO; they arrange and/or carry out the Personal Data processing and determine the purposes of the Personal Data processing, the contents of Personal Data to be processed, and actions (operations) performed with respect to the Personal Data;
Automated Personal Data Processing – the Personal Data processing by means of any computer equipment;
Personal Data (or PD) – any information directly or indirectly relating to a natural person identified or being identified (Personal Data owner);
Personal Data Processing – any action (operation) or series of actions (operations) performed regarding the Personal Data, with or without any automation means, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, utilization, transmission (distribution, provision, access), depersonalization, blocking, deletion, or destruction of the Personal Data;
Personal Data Confidentiality – the requirement which is mandatory to be complied with by the Operator or any other person who gained access to the Personal Data, to prevent their distribution without the consent of the Personal Data owner or without other legal grounds;
Site – www.transcord.ru, www.транскорд.рф;
Site User (hereinafter – the “User”) – a person having access to the Site via Internet and using the Company’s Site;
Premises for PD Processing and Permanent Storage (or Premises) – the Company’s specially protected premises used for the PD processing and storage;
PD Storage Media – any IT equipment, including information systems for the PD automated processing and storage (PDIS), as well as any other PD storage media in electronic and paper form;
ACRS – access control and recording electronic system;
PD Protection – series of legal, organizational and technical measures applied by the Site Administrators in accordance with requirements hereof to ensure PD security;
Cookies – a small piece of the data sent by a web server and stored in the User’s computer, which is transmitted by a web client or a web browser to a web server in a HTTP request every time when an attempt to open the relevant site’s page takes place;
IP address – unique network address of a node in a computer network built under the IP protocol.
3. The Scope of the Confidentiality Policy
3.1. The Confidentiality Policy establishes the User’s and the Site Administrators’ obligations, including those related to non-disclosure and confidentiality of the Personal Data provided by the User at the request of the Site Administrators when being registered on the site, using the Mobile Application, filing requests and using the Company’s services and/or exercising the User’s obligations owed to the Company.
3.2. The User shall:
3.2.1. Provide its Personal Data to use the Site and/or the Mobile Application;
3.2.2. Update or complete the provided Personal Data in case of any change in such information.
3.3. The Site Administrators shall:
3.3.1. Use the obtained information only for purposes specified herein;
3.3.2. Ensure secret storage of the Personal Data, disclose the Personal Data subject to a prior written consent of the User only, and avoid selling, exchanging, publishing or any other disclosing the Personal Data provided by the User.
3.3.3. Take precautions for maintenance of the User’s Personal Data confidentiality under the procedure established herein and commonly used for protection of such information in the current business practice; and
3.3.4. Block the Personal Data related to the relevant User, upon a request from the User or their legal representative or a body authorized to protect the rights of Personal Data owners for the inspection period in the event of revealing any untrue Personal Data or illegal acts.
3.4. The User’s Personal Data which may be processed under this Confidentiality Policy shall be provided by the User through filling in the registration form on the Site or in the Mobile Application, and may include the following information:
3.2.1 full name;
3.2.2 contact telephone number;
3.2.3 e-mail address;
3.2.4 full passport data (for drivers);
3.2.5 driving license data (for drivers);
3.2.6 medical history data (for drivers);
3.2.7 employer and position;
3.2.8 registration data of the vehicle used for cargo services;
3.2.9 actual location data based on GPS/GLONASS modules integrated in mobile devices (phones/tablets);
3.2.10 vehicle actual location data based on GPS/GLONASS modules integrated in devices used for Vehicles monitoring;
3.2.11 data on estimated location in future period;
3.2.12 addresses of cargo shipping and delivery (Consignor’s and Consignee’s addresses);
3.2.13 residence and/or registration address.
3.5. The User agrees that the Site Administrators may transfer Personal Data to third parties, in particular, consignors and consignees, courier services, postal organizations, telecommunication providers only for the purposes of discharging the User’s and/or the Company’s obligations.
3.6. User’s Personal Data may be transferred to authorized public authorities of the Russian Federation only for the reasons and in the manner established by laws of the Russian Federation.
3.7. In the event of Personal Data loss or disclosure, the Site Administrators shall inform the User thereof.
3.8. The Site Administrators shall take necessary organizational and technical measures to protect the User’s personal information from any unauthorized or accidental access, destruction, change, blocking, copying, distribution and other illegal acts of third parties.
3.9. The Site Administrators shall, jointly with the User, take all measures to prevent financial losses or other adverse consequences resulting from loss or disclosure of the User’s Personal Data.
3.10. The Site Administrators shall inform the User that disabling the Cookies can result in inability to access the Site’s parts requiring the authorization.
3.11. The Site Administrators will collect statistics about IP addresses of its visitors only to detect and to resolve technical issues.
3.12. Any other personal information not specified above (history of orders (service requests), browsers and operating systems applied etc.) shall be subject to the safe keeping and non-disclosure except where otherwise expressly stipulated hereby.
3.13. The User’s Personal Data shall be processed without time limitation and in any legal manner, including the processing in Personal Data Information Systems, with or without automation means.
4. Purposes of the collection, processing and use of the Users’ Personal Data
4.1. The Site Administrators may process the User’s Personal Data for the following purposes:
4.1.1 Proper discharge of the User’s and/or the Company’s contractual obligations when providing any transport and forwarding services;
4.1.2 Identification of the User registered on the Site for entering into an order and/or an agreement with the Company;
4.1.3 Provision of the User with an access to the Site’s personalized resources (Client’s Personal Account and Carrier’s Personal Account);
4.1.4 Arrangement of efficient feedback from the User, including sending any notifications or requests related to use of the Site, provision of services, or processing the User’s requests and applications;
4.1.5 Provision of an authorized access to the Mobile Application for end service providers;
4.1.6 Drawing up any documents necessary for provision of services;
4.1.7 Disclosure of the User’s Personal Data to third persons to let them render their services;
4.1.8 Recording the parameters of the vehicle and the end service provider for selecting the service orders which meet such parameters;
4.1.9 The User’s location detection to ensure security and prevent any fraud and other illegal activities;
4.1.10 Quality control over the services provided;
4.1.11 Provision of the User with any efficient informational and technical support if any issues occur related to the use of the Site and/or the Mobile Application;
4.1.12 Preparation of the Company’s internal reports subject to using the Personal Data without disclosure thereof to third parties;
4.1.13 Preparation of reports with Personal Data depersonalization subject to possible disclosure of such reports to third parties;
4.1.14 Providing the User, with his/her consent, with updates of products, special offers, price information, newsletters and other information on behalf of the Site Administrators or the Company’s partners;
4.1.15 Carrying out any promotional activities, with the User’s consent;
4.1.16 Personal Data disclosure to authorized public authorities at their request.
5. Protection of Users’ Personal Data
5.1. The Site Administrators’ main tasks on protection of Users’ Personal Data shall include:
5.1.1 prevention of any unauthorized access to the Company’s premises and facilities used to store and process the PD;
5.1.2 prevention of any PD unauthorized disclosure to persons who, by virtue of their duties, may not have access to such information;
5.1.3 timely detection of any unauthorized access to places and facilities used for PD storage;
5.1.4 prevention of impact on any PD automated processing equipment if resulting in malfunction thereof.
5.2. In order to solve issues related to the PD protection, the Site Administrators shall take:
5.2.1 a set of measures to restrict a PD access of persons who, by virtue of their positions or duties, may not and do not have such access to the PD;
5.2.2 a set of measures to store any PD documents and other storage media, including creation of facilities for storage thereof (warehouse premises, means for documents safekeeping, means for security and safety of the keeping, means for copying and restoring any damaged documents, etc.);
5.2.3 a set of measures to create and comply with regulatory conditions of keeping any PD documents and other storage media (temperature and humidity, light, sanitary and hygienic, as well as security storage conditions).
6. Requirements imposed by the Site Administrators to the technical infrastructure of the Premises used for the PD processing and storage
6.1. The list of premises used for the PD processing and storage (hereinafter – the “Premises”) shall be established by order of the Company’s Head.
6.2. Entrance to the Premises shall be equipped with the ACRS.
6.3. Entrance doors to the Premises, as well as cabinet (shield) doors containing any IT equipment designated to maintain the Personal Data Information System shall have efficient mechanical locks, and the keys thereto shall be stored at the security posts permanently during non-business hours, provided that, on business days, the keys shall be given to the Company’s employees against acknowledgement in the key book.
6.4. Upon completion of works, the Premises shall be sealed by the Head of the Business Unit or other responsible employee.
7. Requirements imposed by the Site Administrators to the storage of PD documents and other storage media
To storage any PD documents and other storage media (hereinafter – the “PD Storage Media”), the following requirements are set:
7.1. PD storage media shall be kept under conditions which ensure protection thereof from damage, harmful environmental impact and which prevent their loss and access of unauthorized persons;
7.2. PD storage media shall be placed in the Premises in a manner ensuring their integrated storage in accordance with records and prompt search; the sequence of documentation placement in the Premises is set by the layout (scheme) developed by the Head of the Company’s structural unit, who is responsible for the Premises;
7.3. Security mode for PD storage media shall be ensured by selection of the location for the Premises, technical means for protection thereof, organization of the security system, alarm systems, compliance with access control arrangements and the arrangement of access to the Premises and the PD storage media;
7.4. All types of works on PD storage media shall be performed under technically required levels of lighting;
7.5. Water and antiseptic solutions used when cleaning and sanitizing the Premises shall not be spilt on PD storage media.
8. Equipment in locations to store the PD processed without automation
8.1. Locations to store the PD processed without automation shall be equipped with fixed metal cabinets, safes, racks etc. which prevent access of unauthorized persons to the PD.
8.2. Cabinets (racks, safes) shall be mounted perpendicularly to walls having the window openings, or, as for premises without windows, subject to considering the specific features of the Premises and the equipment.
8.3. It is not allowed to place PD storage facilities close to external walls of the building or to heat sources.
8.4. Paper documents containing the PD shall be placed in racks, using any primary protective storage equipment (boxes, folders, special cases, packages etc.) according to types, formats and other external features of such documents.
8.5. It is not allowed to place documents containing the PD onto the floor, window sills, or in unsorted piles.
9. Storage of the PD processed by automation means
9.1. The indicative list of software and hardware tools protecting the PD processed by automation means shall be approved by the Company’s Head on the basis of proposals from the IT Department’s Head.
9.2. The Site Administrators shall be responsible for management of Users’ personal accounts, maintenance of equipment normal operation, data backup, as well as installation and configuration of hardware and software, for the purposes of PD protection and safety.
10. PD protection arrangement
10.1. List of persons responsible for protection and storage of the PD processed with or without automation means shall be approved by order of the Company’s Head.
10.2. All persons authorized to work with the PD and related to the use or the technical support of Personal Data Information System shall be made aware of requirements hereof against acknowledgment and shall sign a document setting the obligation to keep confidentiality.
10.3. The Company’s employees who, by virtue of their duties, work with the PD shall get access to the PD for the term while they perform their respective duties.
10.4. Employees of the Company shall promptly inform the heads of structural units about the PD storage media loss or shortage, reasons and conditions of the PD potential leak, as well as efforts of third parties to get the PD processed by the Company.
10.5. Access of third parties which/who are not the Company’s employees, without the PD owner’s consent, shall be forbidden, save for access of officials from any executive authorities when implementing the control and supervision measures for compliance with laws, and exercising the respective public authorities’ functions and powers.
10.6. Information provision at the request or on the demand from any controlling authority shall be carried out provided that the Company’s Head is aware thereof.
10.7. If a third-party organization, with the consent of the User, needs access to the User’s PD for provision of services, such third-party organization shall ensure PD confidentiality and shall use for nothing but discharging its liabilities owed to the User or the Company.
11. Responsibility of Users and the Company’s employees for non-compliance with requirements of this Policy
Users, the Site Administrators and the Company’s employees, if they violate requirements hereof and inflict damage to other Users, the Company or its employees, shall assume responsibility under the laws of the Russian Federation.
12. Final provisions
12.1. Before filing a lawsuit with the court on the disputes arising from relations between the User and the Site Administrators, the filing of a claim (written proposal to settle the case voluntarily) shall be deemed mandatory.
12.2. Recipient of such claim shall, within 30 calendar days from receipt, notify the claimant of the claim consideration results in writing.
12.3. When Parties are unable to negotiate, the dispute may be referred to the court consideration as prescribed by the laws of the Russian Federation.
12.4. This Confidentiality Policy and relations between the User and the Site Administrators shall be regulated by effective laws of the Russian Federation.
12.5. The Site Administrators may amend this Confidentiality Policy without the User’s consent.
12.6. The amended Confidentiality Policy will become effective upon publication thereof on the Company’s Site unless otherwise stipulated by such amended version of the Confidentiality Policy.
12.7. This Confidentiality Policy is posted on the Company’s page: www.transcord.ru, www.транскорд.рф
Your reliable partner