PRIVACY POLICY
Last update: from July 01, 2024
1. GENERAL PROVISIONS
1.1. This policy regarding the processing of personal data (hereinafter referred to as the "Policy") has been developed in compliance with the requirements of paragraph 2 of Part 1 of Article 18.1 of Federal Law No. 152–FZ dated 07/27/2006 "On Personal Data" (hereinafter referred to as the "Law on Personal Data") in order to ensure the protection of human and civil rights and freedoms when processing of his personal data, including protection of the rights to privacy, personal and family secrets.
1.2. This Policy applies to the following categories of personal data subjects that are processed by the Operator:
The Operator's employees.
Applicants for vacant Operator positions.
The Operator's counterparties (individuals).
Representatives (employees) of the Operator's contractors (legal entities and individual entrepreneurs).
The Operator's clients.
Users Of The Operator's Website.
1.3. Basic concepts used in the Policy:
Personal data – any information related directly or indirectly to a specific or identifiable individual (subject of personal data);
Personal data operator (Operator) – VENGO GROUP LIMITED, Date of registration 06.02.2023; registration number 3229485
7/F, MW Tower, 111 Bonham Strand, Sheung Wan, Hong Kong, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
Personal data processing is any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among others: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction;
Automated processing of personal data – processing of personal data using computer technology;
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
Blocking of personal data – temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data);
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed;
Depersonalization of personal data – actions as a result of which it becomes impossible to determine the identity of personal data to a specific personal data subject without using additional information;
Personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing;
Cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
A website is a set of programs for electronic computers and other information contained in an information system, access to which is provided via the Internet information and telecommunications network and located at: www.vengo-trading.ru , as well as in the telegram bot @VengoTradingBot
1.4. Basic rights and obligations of the Operator.
1.4.1. The Operator has the right to:
independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Law on Personal Data;
if the personal data subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.
1.4.2. The Operator is obliged to:
organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
respond to requests and requests from personal data subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
to inform the authorized body for the protection of the rights of personal data subjects (hereinafter – "Roskomnadzor") at the request of this body of the necessary information within 10 working days from the date of receipt of such a request.
1.5. Basic rights of Personal data Subjects. The subject of personal data has the right to:
to receive information concerning the processing of his personal data, except in cases provided for by federal laws. The information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain personal data related to other Personal data Subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights;
to appeal to Roskomnadzor or in court against illegal actions or omissions of the Operator in the processing of his personal data.
The subject of personal data may exercise the rights to receive information concerning the processing of his personal data, as well as the rights to clarify his personal data, block or destroy them, by contacting the Operator with a corresponding request by e-mail support@vengo-trading.ru . In both cases, the request must be executed in compliance with the requirements of Article 7.1. of this Policy.
1.6. Control over the fulfillment of the requirements of this Policy is carried out by an authorized person responsible for organizing the processing of personal data from the Operator.
1.7. Liability for violation of the requirements of the legislation of the Russian Federation and local acts of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
2.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation and on the basis of the following principles:
legality and fair basis;
restrictions on the processing of personal data to achieve specific, predetermined and legitimate goals;
preventing the processing of personal data incompatible with the purposes of personal data collection;
preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
processing only those personal data that meet the purposes of their processing;
compliance of the content and volume of the processed personal data with the stated purposes of processing;
preventing the processing of excessive personal data in relation to the stated purposes of their processing;
ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
destruction or depersonalization of personal data upon achievement of the purposes of their processing or in case of loss of the need to achieve these goals, if it is impossible for the Operator to eliminate violations of personal data, unless otherwise provided by federal law.
3. LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, in compliance with which and in accordance with which the Operator processes personal data, including:
The Constitution of the Russian Federation;
The Labor Code of the Russian Federation;
The Civil Code of the Russian Federation;
The Tax Code of the Russian Federation;
Federal Law No. 402-FZ dated December 6, 2011 "On Accounting";
other regulatory legal acts regulating relations related to the Operator's activities.
3.2. The legal basis for the processing of personal data is also:
contracts concluded with the Subject of personal data;
consent of the Personal data Subject to the processing of personal data.
4. PURPOSES AND CONDITIONS OF PERSONAL DATA PROCESSING
4.1. The processing of personal data is limited to achieving specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed. Only personal data that meets the purposes of their processing is subject to processing.
4.2. The content and volume of the processed personal data must comply with the stated processing purposes provided for in this section. The processed personal data should not be redundant in relation to the stated purposes of their processing.
4.3. In accordance with this Policy, the Operator may process personal data belonging to the following categories of Personal Data Subjects:
The Operator's employees.
Applicants for vacant Operator positions.
To the Operator's contractors (individuals).
Representatives (employees) of the Operator's counterparties (legal entities and individual entrepreneurs).
To the Operator's clients.
Users Of The Operator's Website.
4.3.1. Operator's employees
4.3.1.1. The Operator processes the personal data of employees for the following purpose(s)::
Assistance to employees in finding employment, obtaining education and promotion.
Ensuring the personal safety of employees.
Control of the quantity and quality of the work performed.
4.3.1.2. Upon conclusion of an employment contract, employees give written consent to the Operator to process their personal data. The content of the employee's consent must be specific and informed, that is, contain information that allows you to unambiguously draw a conclusion about the goals, methods of processing, indicating the actions performed with personal data, the volume of personal data being processed.
4.3.1.3. When concluding an employment contract, employees provide the Operator with the following documents containing his personal data:
passport or other identification document;
employment record and (or) information about employment, except in cases where an employment contract is concluded for the first time;
a document confirming registration in the system of individual (personalized) accounting, including in the form of an electronic document;
military registration documents - for military service and persons subject to conscription;
a document on education and (or) qualifications or the availability of special knowledge - when applying for a job that requires special knowledge or special training;
other documents in accordance with the requirements of the legislation.
4.3.1.4. In the case of the initial conclusion of an employment contract with employees, the employment record book, the insurance certificate of the state pension insurance is issued by the Operator.
4.3.1.5. If other documents are required for the employment of an employee in accordance with the legislation, the Operator applies to the person applying for a job with a request to provide such documents containing personal data.
4.3.1.6. For the purposes provided above, the Operator processes the following categories of personal data of employees:
Last name, first name, patronymic.
The address of the place of residence.
Passport details.
Contact phone number.
Email address.
INN.
SNILS
Login and other data in the Telegram messenger
4.3.1.7. The Operator does not process biometric personal data of employees (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).
4.3.1.8. The Operator does not process special categories of personal data of employees.
4.3.1.9. The list of actions performed by the Operator with personal data of employees: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), blocking, deletion, destruction.
4.3.1.10. The Operator performs mixed processing of personal data of employees without transmission over the internal network, with transmission over the Internet.
4.3.1.11. The Operator has the right to process the personal data of dismissed employees in cases and within the time limits provided for by the legislation of the Russian Federation. Such cases include, among other things, the processing of personal data within the framework of accounting and tax accounting, including to ensure the safety of documents necessary for calculating, withholding and transferring taxes.
4.3.1.12. The Operator is obliged to keep accounting documents for the periods established in accordance with the rules of the organization of state archival affairs, but at the same time the minimum storage period cannot be less than 5 (five) years.
4.3.1.13. After the expiration of the terms determined by the legislation of the Russian Federation, personal files of employees and other documents are transferred to archival storage for a period of 50 years. The processing of this information does not require compliance with the conditions related to obtaining consent to the processing of personal data. The consent of employees to the processing of their personal data in the cases provided for in paragraphs 4.3.1.11 – 4.3.1.12 of this Policy is not required.
4.3.1.14. Disclosure and dissemination of personal data to third parties without the employee's consent is not allowed, unless otherwise provided by federal law.
4.3.1.15. When transferring employee's personal data, the Operator must comply with the following requirements:
it is prohibited to disclose an employee's personal data to a third party without the written consent of the employee, except in cases where this is necessary in order to prevent threats to the life and health of the employee, as well as in cases established by federal law;
the employee who transmits the personal data of the Operator's employee is obliged to warn the persons receiving the employee's personal data that these data can only be used for the purposes for which they are reported, and to require these persons to confirm compliance with this rule. The persons receiving the personal data of the Operator's employee are obliged to comply with their confidentiality regime. This provision does not apply to the exchange of personal data of employees in accordance with the procedure established by federal laws;
an employee who transfers personal data of an Operator's employee has the right to transfer employee's personal data to employee representatives in accordance with the procedure established by the Labor Code of the Russian Federation, and limit this information only to those employee's personal data that are necessary for these representatives to perform their functions.
the transfer of personal data of employees to the Social Insurance Fund of the Russian Federation, the Pension Fund of the Russian Federation in accordance with the procedure established by federal laws, in particular the Federal Law "On Compulsory Pension Insurance in the Russian Federation", the Federal Law "On the Basics of Compulsory Social Insurance", the Federal Law "On Compulsory Medical Insurance in the Russian Federation" is carried out without consent employees.
4.3.1.16. The Operator does not carry out cross-border transfer of personal data of employees.
4.3.1.17. Employees are required to familiarize themselves with the local regulatory legal acts of the Operator, which establish the procedure for processing personal data, as well as their rights and obligations in this area.
4.3.2. Applicants for vacant Operator positions
4.3.2.1. The Operator processes the personal data of applicants for vacant positions for the following purpose(s)::
Consideration of an applicant for a vacant position and making a decision on admission or refusal to apply for a job.
Formation of a personnel reserve.
4.3.2.2. Obtaining consent from applicants for vacant positions is carried out in case of an invitation to an interview.
4.3.2.3. Applicants for vacant positions send their personal data to the Operator directly to the e-mail address or through specialized Internet resources (job aggregators).
4.3.2.4. The placement of resumes by applicants for vacant positions on electronic Internet resources (job aggregators) is carried out in accordance with the rules of these resources. By sending a resume to the Operator's e-mail, applicants for vacant positions thereby give their consent in a definitive form to the processing of their personal data.
4.3.2.5. For the purposes provided above, the Operator processes the following categories of personal data of applicants for vacant positions:
Last name, first name, patronymic.
Contact phone number.
The email address.
4.3.2.6. The Operator does not process biometric personal data of applicants for vacant positions (information that characterizes the physiological and biological characteristics of a person, on the basis of which his identity can be established).
4.3.2.7. The Operator does not process special categories of personal data of applicants for vacant positions.
4.3.2.8. The list of actions performed by the Operator with the personal data of applicants for vacant positions: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, blocking, deletion, destruction.
4.3.2.9. The Operator performs mixed processing of personal data of applicants for vacant positions without transmission over the internal network, with transmission over the Internet.