Join Our Team

Privacy Policy

/ Content

1. General Provisions.

1.1. The personal data processing policy at HIGHSKY.IO LTD (hereinafter referred to as the Policy) defines the basic principles, goals, conditions, and methods of personal data processing, lists of subjects and personal data processed at HIGHSKY.IO LTD, the functions of HIGHSKY.IO LTD in personal data processing, the rights of personal data subjects, as well as the requirements for personal data protection implemented at HIGHSKY.IO LTD.

1.2. The Policy has been developed taking into account the requirements of the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation in the field of personal data, as well as the requirements of Regulation No. 2016/679 of the European Parliament and of the Council of the European Union on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the EU Regulation).

1.3. The provisions of the Policy serve as the basis for the development of local regulatory acts regulating the issues of personal data processing of employees of HIGHSKY.IO LTD and other personal data subjects.

1.4. The Policy serves as the basis for the development by subsidiaries and organizations of HIGHSKY.IO LTD of local regulatory acts defining the personal data processing policy of the specified organizations.

2. Legislative and Other Regulatory Legal Acts of the Russian Federation in Accordance with Which the Personal Data Processing Policy at HIGHSKY.IO LTD is Determined

2.1. The personal data processing policy at HIGHSKY.IO LTD is determined in accordance with the following regulatory legal acts:

  • Labor Code of the Russian Federation;
  • Federal Law No. 152-FZ of July 27, 2006 "On Personal Data";
  • Decree of the President of the Russian Federation No. 188 of March 6, 1997 "On Approval of the List of Confidential Information"; Resolution of the Government of the Russian Federation No. 687 of September 15, 2008 "On Approval of the Regulation on the Features of Personal Data Processing Carried Out Without Automation Tools";
  • Resolution of the Government of the Russian Federation No. 512 of July 6, 2008 "On Approval of the Requirements for Material Carriers of Biometric Personal Data and Technologies for Storing Such Data Outside Personal Data Information Systems";
  • Resolution of the Government of the Russian Federation No. 1119 of November 1, 2012 "On Approval of the Requirements for the Protection of Personal Data During Their Processing in Personal Data Information Systems";
  • Order of the FSTEC of Russia No. 21 of February 18, 2013 "On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Personal Data Information Systems";
  • Order of Roskomnadzor No. 996 of September 5, 2013 "On Approval of the Requirements and Methods for Depersonalizing Personal Data";
  • other regulatory legal acts of the Russian Federation and regulatory documents of authorized state bodies.

2.2. In order to implement the provisions of the Policy, corresponding local regulatory acts and other documents are developed at HIGHSKY.IO LTD, including:

  • regulation on personal data processing at HIGHSKY.IO LTD;
  • other local regulatory acts and documents regulating the issues of personal data processing at HIGHSKY.IO LTD.

3. Key terms and definitions used in the local regulations of HIGHSKY.IO LTD governing the processing of personal data.

Personal data — any information relating to an identified or identifiable natural person (subject of personal data).

Personal data permitted by the subject of personal data for dissemination — personal data to which access has been granted to an unlimited number of persons by the subject of personal data by giving consent to the processing of personal data permitted by the subject of personal data for dissemination in the manner provided for by the current legislation of the Russian Federation.

Information — data (messages, information) regardless of the form of their presentation.

Operator — a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.

Processing of personal data — any action (operation) or a set of actions (operations) performed using automation tools or without such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, destruction of personal data.

Automated processing of personal data — processing of personal data using computing technology.

Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.

Dissemination of personal data — actions aimed at disclosing personal data to an indefinite number of persons.

Cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign natural person, or a foreign legal entity.

Blocking of personal data — temporary cessation of processing of personal data (except in cases where processing is necessary for clarifying personal data).

Destruction of personal data — actions that result in the impossibility of restoring the content of personal data in the information system of personal data and/or as a result of which material carriers of personal data are destroyed.

Anonymization of personal data — actions that make it impossible to determine the belonging of personal data to a specific subject of personal data without using additional information.

Information system of personal data — a set of personal data contained in databases and ensuring their processing through information technologies and technical means.

4. Principles and purposes of processing personal data.

4.1. HIGHSKY.IO LTD processes personal data of employees of HIGHSKY.IO LTD and other subjects of personal data who are not in labor relations with HIGHSKY.IO LTD.

4.2. The processing of personal data in HIGHSKY.IO LTD is carried out with due regard to the need to ensure the protection of the rights and freedoms of employees of HIGHSKY.IO LTD and other subjects of personal data, including the protection of the right to privacy, personal and family secrets, based on the following principles:

  • the processing of personal data is carried out in HIGHSKY.IO LTD on a lawful and fair basis;
  • the processing of personal data is limited to achieving specific, predetermined, and lawful purposes;
  • the processing of personal data incompatible with the purposes of collecting personal data is not allowed;
  • the merging of databases containing personal data, the processing of which is carried out for incompatible purposes, is not allowed;
  • only personal data that meets the purposes of their processing is subject to processing;
  • the content and volume of processed personal data correspond to the stated purposes of processing. The redundancy of processed personal data in relation to the stated purposes of their processing is not allowed; when processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, their relevance to the purposes of processing personal data are ensured. HIGHSKY.IO LTD takes necessary measures or ensures their adoption for the removal or clarification of incomplete or inaccurate personal data;
  • the storage of personal data is carried out in a form that allows identifying the subject of personal data, no longer than is required by the purposes of processing personal data, if the storage period of personal data is not established by federal law, a contract, of which the subject of personal data is a party, a beneficiary, or a guarantor;
  • processed personal data is destroyed or anonymized upon achieving the purposes of processing or in case of loss of necessity to achieve these purposes, unless otherwise provided by federal law.

4.3. Personal data is processed in HIGHSKY.IO LTD for the purposes of:

  • ensuring compliance with the Constitution of the Russian Federation, legislative and other regulatory legal acts of the Russian Federation, local regulatory acts of HIGHSKY.IO LTD;
  • performing functions, powers, and duties imposed by the legislation of the Russian Federation on HIGHSKY.IO LTD, including providing personal data to state authorities, the Pension Fund of the Russian Federation, the Social Insurance Fund of the Russian Federation, the Federal Mandatory Medical Insurance Fund, as well as to other state bodies;
  • regulating labor relations with employees of HIGHSKY.IO LTD (assisting in employment, training and promotion, ensuring personal safety, controlling the quantity and quality of work performed, ensuring the safety of property);
  • protecting the life, health, or other vital interests of subjects of personal data;
  • preparing, concluding, executing, and terminating contracts with counterparties;
  • ensuring access control and internal regime in HIGHSKY.IO LTD;
  • forming reference materials for the internal information support of HIGHSKY.IO LTD's activities;
  • executing court decisions, acts of other bodies or officials subject to enforcement in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • exercising the rights and legitimate interests of HIGHSKY.IO LTD in the framework of the activities provided for by the Charter and other local regulatory acts of HIGHSKY.IO LTD, or third parties, or achieving socially significant goals;
  • for other lawful purposes.

5. List of subjects whose personal data is processed in HIGHSKY.IO LTD.

In HIGHSKY.IO LTD, personal data of the following categories of subjects are processed:

  • employees of HIGHSKY.IO LTD and its separate subdivisions;
  • other subjects of personal data (to ensure the implementation of the processing purposes specified in section 4 of the Policy).

6. List of personal data processed in HIGHSKY.IO LTD.

6.1. The list of personal data processed in HIGHSKY.IO LTD is determined in accordance with the legislation of the Russian Federation, the EU Regulation, and local regulatory acts of HIGHSKY.IO LTD, taking into account the purposes of personal data processing specified in section 4 of the Policy.

6.2. The processing of special categories of personal data concerning racial, national origin, political views, religious or philosophical beliefs, intimate life is not carried out in HIGHSKY.IO LTD.

6.3. The processing of biometric personal data in HIGHSKY.IO LTD is allowed only with the written consent of the personal data subject, except in cases provided by the legislation of the Russian Federation.

6.4. The processing of personal data permitted by the personal data subject for dissemination is carried out in HIGHSKY.IO LTD based on the consent of the personal data subject for dissemination, observing the prohibitions and conditions established by the personal data subject for the processing of personal data.

7. Functions of HIGHSKY.IO LTD in the processing of personal data:

  • takes necessary and sufficient measures to ensure compliance with the requirements of the legislation of the Russian Federation, the EU Regulation, and local regulatory acts of HIGHSKY.IO LTD in the field of personal data;
  • takes legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions regarding personal data;
  • appoints a person responsible for organizing the processing of personal data in HIGHSKY.IO LTD;
  • issues local regulatory acts defining the policy and issues of processing and protecting personal data in HIGHSKY.IO LTD;
  • ensures that employees of HIGHSKY.IO LTD who directly process personal data are familiarized with the provisions of the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data, including the requirements for the protection of personal data, and trains these employees;
  • publishes or otherwise ensures unrestricted access to this Policy;
  • informs personal data subjects or their representatives about the existence of personal data related to them, provides the opportunity to access this personal data upon request, unless otherwise provided by the legislation of the Russian Federation;
  • ceases processing and destroys personal data in cases provided for by the legislation of the Russian Federation in the field of personal data and the EU Regulation;
  • performs other actions provided for by the legislation of the Russian Federation in the field of personal data and the EU Regulation.

8. Conditions for processing personal data in HIGHSKY.IO LTD.

8.1. The processing of personal data in HIGHSKY.IO LTD is carried out with the consent of the personal data subject for the processing of their personal data, unless otherwise provided by the legislation of the Russian Federation in the field of personal data.

8.2. HIGHSKY.IO LTD does not disclose personal data to third parties and does not disseminate personal data without the consent of the personal data subject, unless otherwise provided by federal law.

8.3. HIGHSKY.IO LTD has the right to delegate the processing of personal data to another person with the consent of the personal data subject based on a contract concluded with that person. The contract must contain a list of actions (operations) with personal data that will be performed by the person processing the personal data, the purposes of processing, the obligation of that person to maintain the confidentiality of personal data and ensure the security of personal data during processing, as well as the requirements for the protection of processed personal data in accordance with Article 19 of the Federal Law "On Personal Data."

8.4. For the purposes of internal information support, HIGHSKY.IO LTD may create directories, address books, and other sources in which, with the written consent of the personal data subject, unless otherwise provided by the legislation of the Russian Federation, their personal data may be included.

8.5. Access to personal data processed in HIGHSKY.IO LTD is granted only to employees of HIGHSKY.IO LTD holding positions in which personal data processing is carried out.

9. List of actions with personal data and methods of processing.

9.1. HIGHSKY.IO LTD carries out the collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), anonymization, blocking, deletion, and destruction of personal data.

9.2. The processing of personal data in HIGHSKY.IO LTD is carried out by the following methods:

  • non-automated processing of personal data;
  • automated processing of personal data with the transfer of the obtained information via information and telecommunications networks or without it;
  • mixed processing of personal data.

10. Rights of personal data subjects.

Personal data subjects have the right to:

  • complete information about their personal data processed in HIGHSKY.IO LTD;
  • access their personal data, including the right to receive a copy of any record containing their personal data, except in cases provided by federal law;
  • clarify their personal data, block or destroy it in case the personal data is incomplete, outdated, inaccurate, illegally obtained, or not necessary for the stated purpose of processing;
  • withdraw consent for the processing of personal data;
  • take legal measures to protect their rights;
  • appeal actions or inactions of HIGHSKY.IO LTD that violate the requirements of the legislation of the Russian Federation in the field of personal data to the authorized body for the protection of the rights of personal data subjects or to the court;
  • exercise other rights provided by law.

11. Measures taken by HIGHSKY.IO LTD to ensure compliance with the operator's obligations when processing personal data.

11.1. The measures necessary and sufficient to ensure HIGHSKY.IO LTD's compliance with the operator's obligations provided by the legislation of the Russian Federation in the field of personal data include:

  • appointing a person responsible for organizing the processing of personal data in HIGHSKY.IO LTD;
  • adopting local regulatory acts and other documents in the field of processing and protecting personal data;
  • organizing training and conducting methodological work with employees of HIGHSKY.IO LTD who hold positions in which personal data processing is carried out;
  • obtaining consent from personal data subjects for the processing of their personal data, except in cases provided by the legislation of the Russian Federation;
  • separating personal data processed without the use of automation tools from other information, in particular by recording them on separate material carriers of personal data in special sections;
  • ensuring separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;
  • ensuring the security of personal data during transmission over open communication channels;
  • storing material carriers of personal data under conditions that ensure the safety of personal data and exclude unauthorized access to them;
  • conducting internal control of compliance with the Federal Law "On Personal Data" and the regulatory acts adopted in accordance with it, the requirements for the protection of personal data, this Policy, and local regulatory acts of HIGHSKY.IO LTD;
  • other measures provided by the legislation of the Russian Federation in the field of personal data and the EU Regulation.

12. Control over compliance with the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data, including requirements for the protection of personal data.

12.1. Control over compliance by the structural divisions of the administration of HIGHSKY.IO LTD with the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data, including requirements for the protection of personal data, is carried out to verify the compliance of personal data processing in HIGHSKY.IO LTD with the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data, including requirements for the protection of personal data, as well as measures taken to prevent and detect violations of the legislation of the Russian Federation in the field of personal data, identify possible channels of leakage and unauthorized access to personal data, and eliminate the consequences of such violations.

12.2. Internal control over compliance by HIGHSKY.IO LTD with the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data, including requirements for the protection of personal data, is carried out by the person responsible for organizing the processing of personal data in HIGHSKY.IO LTD.

12.3. Personal responsibility for compliance with the requirements of the legislation of the Russian Federation and local regulatory acts of HIGHSKY.IO LTD in the field of personal data in HIGHSKY.IO LTD, as well as for ensuring the confidentiality and security of personal data in the specified divisions of HIGHSKY.IO LTD, is assigned to its head.

Company Registration Number: 16070826

Registered Office Address: 2nd Floor College House, 17 King Edwards Road, Ruislip, London, United Kingdom, HA4 7AE
Privacy policy
© 2024 High sky

Join our team

close
Max file size 10MB.
Uploading...
fileuploaded.jpg
Upload failed. Max size for files is 10 MB.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.