This Code represents a set of business conduct rules that we follow in our business activities and internal communications within CROC (“Company”). Being a big-name company, we need to uphold our business reputation of a socially responsible entity in the eyes of customers, partners, supervisory bodies, and employees. We live by our values, and therefore we need to maintain and protect them.
This Personal Data Processing Policy (hereinafter — the “Policy”) has been developed pursuant to Article 18.1 of Federal Law 152-FZ “On Personal Data”, the requirements of the Constitution of the Russian Federation, the Council of Europe Convention on the Protection of Individuals with regard to Automated Personal Data Processing, international treaties to which the Russian Federation is a party, federal laws, and other regulations of the Russian Federation concerning personal data.
This Policy shall apply to relations involving the processing and security assurance of sensitive data that may be qualified as personal data pursuant to the legislation of the Russian Federation (hereinafter — “Personal Data, PD”).
This Policy determines ground rules, objectives, procedure, and terms of processing Personal Data of employees of ZAO (JSC) CROC incorporated (hereinafter — the “Company”) and other subjects whose Personal Data is processed by the Company. This Policy sets forth provisions concerning liability of the Company and its employees for violation of personal data processing legislation.
This Policy is a public document available on the Company’s official website. This Policy shall not apply to relations arising out of:
All the Company employees shall follow this Policy.
PD means Personal Data
PDI means Personal data information systems
UA means Unauthorized access
The Company shall process PD following the following principles:
The Company shall process personal data in order to carry out its activities pursuant to the legislation of the Russian Federation and the Company’s Articles of Association.
The Company shall process PD (using or without automation tools) of the following subjects:
The Company shall process PD of the following categories:
The Company has appointed a person responsible for PD processing arrangement.
The Company has appointed a person responsible for PD and PD information system security.
The Company has appointed persons responsible for PD processing arrangement within business units.
The Company employees take part in PD processing within the scope of their job duties.
The Company may process PD in the following cases:
The Company may only include PD subjects into publicly available PD sources as required by the federal legislation or upon receipt of PD subject’s written consent.
The Company shall carry out cross-border transmission of employees’ PD for the purpose of fulfillment of contractual obligations by counterparties only upon PD subject’s written consent.
The Company shall not, solely based on automated PD processing, make any decisions that may entail legal consequences for PD subject or otherwise affect its rights and legitimate interests.
Unless otherwise stipulated by the federal law, the Company may only assign PD processing to another person upon the consent of PD subject based on an agreement entered into with that person (hereinafter — “Processor’s assignment”). In this case the Company shall oblige the person assigned to process PD, to comply with PD processing principles and rules stipulated in the federal law. If the Company assigns PD processing to other person then the Company shall be liable before PD subject for actions of such person. The person assigned by the Company to process PD shall be liable before the Company.
The Company shall itself and shall oblige other persons having access to PD, not to disclose PD to third parties and not disseminate PD without PD subject’s consent, unless otherwise stipulated by the federal law.
The Company shall terminate PD processing in the following cases:
When processing PD, the Company takes all necessary legal, organizational and technical measures to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, submission, distribution, and other wrongful acts with respect to PD.
The Company takes the following measures to arrange processing and protection of PD that is processed without using automation tools, including:
information systems are implemented, including:
The Company is responsible for personal data processing and protection in compliance with legislation. All the Company employees involved in PD processing are responsible for compliance with this Policy and other internal regulations of the Company relating to PD processing and security.
Any employee who has been aware of this Policy violation or suspects such violation must report to a person responsible for organization of PD processing in compliance with procedures adopted in the Company.
Any violations of this Policy and other internal regulations of the Company relating to PD processing and security shall be investigated in compliance with procedures adopted in the Company.
The persons found guilty of violation of existing order and procedures of PD processing and security may be subject to disciplinary, financial, civil, administrative and criminal liability in compliance with the legislation of the Russian Federation.
By continuing to browse www.croc.ru, I give my consent to the processing of my personal data by JSC CROC incorporated, tax ID 7701004101, legal address: 26V build. 2 Bolshaya Pochtovaya St., Moscow, 105082, Russia (hereinafter – “Processor”).
I consent to the processing of the following personal data: last name, first name and patronymic, phone number, and e-mail address. Data is processed to improve the website and provide information about Processor’s products and services. The consent shall be valid until withdrawn. The Processor may collect, record, systematize, accumulate, store, clarify, retrieve, use, transmit, block, remove, delete the above personal data, either manually (hard copies) or automatically (information systems and electronic media).
I have been informed that cookies (files with data on previous visits) are used on www.croc.ru to personalize and improve user experience, as well as Yandex Metrics and/or Google Analytics, and/or Facebook Pixels. By using this website, I confirm that I have been provided with an opportunity to decline/block cookies in browser settings or anonymize my web browsing in order to prevent usage of my personal data.
This consent may be withdrawn anytime by sending the Processor a relevant statement compliant with Part 3, Article 14 of Federal Law No. 152 “On Personal Data”.