Zvonko
ServicesPartnersStoresFAQNewsContacts
Login

Policy on the processing of personal data at NDA LLC

1. Purpose

This Policy for the Processing of Personal Data (hereinafter referred to as the Policy) defines the basic principles, goals and conditions for the processing of personal data, lists of subjects and categories of personal data, functions of the Limited Liability Company "National Digital Aggregator" in the processing of personal data, as well as the requirements for the protection of personal data implemented in NDA LLC.

Processing of personal data, the extent and content of processed data are determined in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ dated July 27, 2006 " On Personal Data", other federal laws and regulations.

This Policy shall come into effect from the date of its approval

2. General Provisions
2.1 Scope

This Policy is publicly available and shall be posted in the office of NDA LLC at the following address: Moscow, Moscow, Proektiruemy proezd 4062, 6, building 16, office 3.15, Business Center PortPlaza and on the website of NDA LLC: https://zvonkodigital.com.

The requirements of this Policy are mandatory for all employees of NDA LLC.

NDA LLC has the right to amend this Policy unilaterally by publishing a new version of the Policy or amendments thereto on the website in the event of changes in statutory instruments of the Russian Federation, as well as at its own discretion.

2.2 Terms, definitions, and abbreviations

For the purposes of this Policy, the following terms and abbreviations are used:

Automated processing of personal data – processing of personal data using computer technology.

Blocking of personal data – temporary suspension of personal data processing (except in cases where processing is necessary to clarify personal data).

Recording of personal data – entering personal data into a computer and/or recording personal data on a tangible medium.

Extraction of personal data – actions aimed at constructing structured personal data from unstructured or weakly structured machine-readable documents.

Personal data information system (PDIS) – a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

Use of personal data – actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences in relation to the subject of personal data or other persons, or otherwise affect the rights and freedoms of the subject of personal data or other persons.

Tangible medium of personal data – paper, electronic, machine, and other media used to reproduce (including copying, downloading, saving, recording) and/or store information containing personal data, processed in an automated manner (using computer technology) and in a non-automated manner (without the use of computer technology).

Accumulation of personal data – actions aimed at forming an initial, unsystematized array of personal data.

Anonymization of personal data – actions that make it impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.

Processing of personal data – any action (operation) or set of actions (operations) performed with personal data with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.

Personal data operator (Operator) – a state body, municipal body, legal entity, or individual who, independently or jointly with other persons, organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the extent of personal data to be processed, and the actions (operations) performed with personal data. In the context of this Policy, NDA LLC is the personal data operator.

NDA LLC – National Digital Aggregator Limited Liability Company.

Personal data (PD) – any information relating directly or indirectly to a specific or identifiable natural person (PD subject).

Transfer (provision, access) of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.

Employee – an individual who has entered into an employment relationship with NDA LLC.

Distribution of personal data – actions aimed at disclosing personal data to an indefinite group of persons.

Collection of personal data – actions of the operator or third parties specially engaged by the operator for this purpose to obtain personal data directly from the subject of personal data or his representative.

Systematization of personal data - actions aimed at combining and arranging personal data in a specific sequence.

Subject of personal data (PD subject) – an individual who is directly or indirectly identified or identifiable by means of personal data.

Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state, to a foreign state body, a foreign individual, or a foreign legal entity.

Deletion of personal data – removal of personal data from information systems with the possibility of subsequent recovery.

Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system and/or that destroy the tangible medium containing personal data.

Clarification (update, change) – actions aimed at updating or changing personal data.

Storage of personal data - actions aimed at maintaining the immutability of the tangible medium of personal data.

Cookies – files installed on the computer, phone, tablet, or any other technical device of a user (visitor) of the NDA LLC website aimed to record the actions of such a user (visitor) while viewing the pages of the NDA LLC website. Cookies enable the server hosting the NDA LLC website to recognize the browser used by the user (visitor), for example, by providing registered users (visitors) access to areas and services without having to register each time they visit and by remembering their preferences for future visits. Cookies are also used to calculate audience and traffic parameters, track progress and number of visits. Cookies contain data in an anonymized form.

152-FZ – Federal Law No. 152-FZ of July 27, 2006, “On Personal Data.”

2.3 Regulatory framework

This Policy was developed taking into account the provisions of the following regulatory documents:

  • • Constitution of the Russian Federation dated December 12, 1993;
  • • Labor Code of the Russian Federation dated December 30, 2001 No. 197-FZ;
  • • Tax Code of the Russian Federation dated July 31, 1998, No. 146-FZ;
  • • Federal Law of the Russian Federation dated July 27, 2006, No. 152-FZ “On Personal Data”;
  • • Federal Law of the Russian Federation No. 149-FZ dated July 27, 2006 “On Information, Information Technologies and Information Protection”;
  • • Federal Law No. 326-FZ dated November 29, 2010 “On Compulsory Medical Insurance in the Russian Federation”;
  • • Federal Law No. 167-FZ dated December 15, 2001, “On Compulsory Pension Insurance in the Russian Federation”;
  • • Federal Law No. 27-FZ dated April 1, 1996, “On Individual (Personalized) Accounting in the Compulsory Pension Insurance System”;
  • • Federal Law No. 173-FZ dated December 17, 2001, “On Labor Pensions in the Russian Federation”;
  • • Federal Law No. 165-FZ dated July 16, 1999, “On the Fundamental Principles of Compulsory Social Insurance”;
  • • Federal Law No. 402-FZ dated December 6, 2011, “On Accounting”;
  • • Federal Law No. 181-FZ dated November 24, 1995, “On Social Protection of Disabled Persons in the Russian Federation”;
  • • Federal Law No. 255-FZ dated December 29, 2006 “On Compulsory Social Insurance in Case of Temporary Disability and in Connection with Maternity”;
  • • Federal Law No. 125-FZ dated July 24, 1998, “On Compulsory Social Insurance against Industrial Accidents and Occupational Diseases”;
  • • Federal Law No. 53-FZ dated March 28, 1998, “On Military Duty and Military Service”;
  • • Federal Law No. 115-FZ dated August 7, 2001, “Countering the Legalization (Money Laundering) of Criminal Income and the Funding of Terrorism”;
  • • Decree of the President of the Russian Federation No. 188 dated March 6, 1997, “On the Approval of the List of Confidential Information”;
  • • Resolution of the Government of the Russian Federation No. 1119 dated November 1, 2012, “On the Approval of Requirements for the Protection of Personal Data when Processing it in Personal Data Information Systems”;
  • • Resolution of the Government of the Russian Federation No. 687 dated September 15, 2008, “On Approval of the Regulation on the Specifics of Personal Data Processing Carried Out Without the Use of Automation Tools.”
3. Purposes of personal data processing

In accordance with the provisions of Federal Law No. 152-FZ of July 27, 2006, “On Personal Data,” NDA LLC independently determines the purposes of processing of personal data. The processing of personal data in NDA LLC is limited to achieving specific, predetermined and legitimate purposes. NDA LLC does not process PD in a manner incompatible with the specified purposes of PD collection.

The purposes of processing PD by NDA LLC are set out in Appendix 1 to this Policy, as well as in Appendix No. 2 “List of personal data processed by NDA LLC” to Order No. 02-25-PD dated May 27, 2025.

4. Legal grounds for processing of personal data

The legal grounds for processing of PD by NDA LLC, on the basis of which the processing of PD is permitted, taking into account certain conditions specified in Federal Law No. 152-FZ, are the following:

  • • consent of the PD subject to the processing of his personal data, duly executed in accordance with the requirements of the legislation for the relevant category of PD;
  • • provisions of regulatory legal acts, pursuant to which and in accordance with which NDA LLC processes Personal Data, including, but not limited to: Labor Code of the Russian Federation dated 30.12.2001 No. 197-FZ; Tax Code of the Russian Federation dated 31.07.1998 No. 146-FZ; Federal Law dated 29.11.2010 No. 326-FZ "On Compulsory Medical Insurance in the Russian Federation"; Federal Law dated 06.12.2011 No. 402-FZ "On Accounting"; Federal Law dated 15.12.2001 No. 167-FZ "On Compulsory Pension Insurance in the Russian Federation"; Federal Law dated 01.04.1996 No. 27-FZ "On Individual (Personalized) Accounting in the Compulsory Pension Insurance System"; Federal Law dated 17.12.2001 No. 173-FZ "On Labor Pensions in the Russian Federation"; Federal Law dated 24.11.1995 No. 181-FZ "On Social Protection of Disabled Persons in the Russian Federation"; Federal Law dated 24.07.1998 No. 125-FZ "On Compulsory Social Insurance against Industrial Accidents and Occupational Diseases"; Federal Law dated 29.12.2006 No. 255-FZ "On Compulsory Social Insurance in Case of Temporary Disability and in Connection with Maternity"; Federal Law dated 28.03.1998 No. 53-FZ "On Military Duty and Military Service"; Federal Law dated 07.08.2001 No. 115-FZ "On Countering the Legalization (Money Laundering) of Criminal Income and the Funding of Terrorism"; Federal Law dated 16.07.1999 No. 165-FZ " On the Fundamental Principles of Compulsory Social Insurance ";
  • • judicial acts, acts of another body or official, subject to execution by NDA LLC in accordance with the provisions of the legislation of the Russian Federation on enforcement proceedings;
  • • an agreement to which the PD subject is a party, beneficiary or guarantor, if the PD processing is necessary for the execution of the said agreement or the performance of obligations under the agreement;
  • • ensuring and/or implementing the protection of the life, health or other vital interests of the PD subject if obtaining the consent of the PD subject is impossible;
  • • the rights and legitimate interests of NDA LLC, third parties, other persons or the achievement of significant goals by NDA LLC, provided that this does not violate the rights and freedoms of the PD subject;
  • • processing of PD for statistical or other research purposes subject to mandatory anonymization of Personal Data.

The legal grounds for the corresponding purposes of processing PD by NDA LLC are provided in Appendix 1 to this Policy.

5. Extent and categories of personal data processed, categories of subjects of personal data

The content and extent of the PD processed must correspond to the purposes of PD processing stated by NDA LLC, as defined in accordance with Section 3 of this Policy.

In accordance with the provisions of 152-FZ, NDA LLC independently, in its internal regulatory documents, determines the relevant categories and list of PD processed for each specific purpose, as well as the categories of PD subjects.

The categories of PD subjects and the list of PD processed by NDA LLC in accordance with the stated purposes of PD processing are set out in Appendix 1 to this Policy.

6. Procedure and conditions for processing of personal data

Depending on the purposes of PD processing, such processing may include, in particular, performing all or some of the actions (operations) specified in Appendix 1 to this Policy, with or without the use of automation tools.

NDA LLC, when gaining access to PD, shall not to disclose (transfer) PD to third parties without the consent of the PD subject, except in cases provided for by the current legislation of the Russian Federation.

Special categories of PD are processed by NDA LLC in accordance with Article 10 of Federal Law No. 152-FZ and corresponding regulations.

Biometric PD are not processed by NDA LLC.

The PD processed must not be excessive in relation to the purposes of processing stated by NDA LLC.

NDA LLC has approved and adopted the necessary local regulations:

  • • documents defining the procedure for PD processing;
  • • orders approving the storage locations for tangible media containing personal data;
  • • orders establishing a list of persons who process personal data or have access to it;
  • • forms of consent of the subject to the processing of their personal data;
  • • documents establishing procedures aimed at preventing and detecting violations of Russian legislation and eliminating the consequences of such violations;
  • • documents establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
  • • documents regulating the procedure for implementing internal control over compliance with the requirements of the legislation of the Russian Federation in the field of personal data protection;
  • • documents aimed at assessing the harm that may be caused to personal data subjects in the event of a violation of federal legislation in the field of personal data protection;
  • • a standard non-disclosure agreement for personal data;
  • • a standard form of explanation to personal data subjects the legal consequences of refusing to provide their personal data;
  • • a list of personal data information systems;
  • • other local regulations governing the processing and protection of personal data.

When operating the PDIS, NDA LLC takes legal, organizational, and technical measures to ensure the security of personal data in order to comply with the requirements established by the Government of the Russian Federation for the protection of personal data when processing it in accordance with the established levels of personal data protection.

NDA LLC familiarizes its employees directly involved in the processing of personal data with the provisions of legislation of Russian Federation on personal data (including requirements for the protection of personal data) and local regulations on the processing of personal data and, if necessary, organizes training for these employees.

NDA LLC shall notify the executive body in charge of the protection of the rights of personal data subjects about the processing of personal data in accordance with the requirements established by 152-FZ in the event that the necessary conditions for such notification arise and the corresponding obligation arises for NDA LLC.

6.1 Transfer and assignment of Personal Data processing

In the course of its activities, NDA LLC may provide personal data of PD subjects to third parties in accordance with the requirements of 152-FZ. In this case, a mandatory condition for the provision of PD to a third party is the obligation of the parties to maintain confidentiality and ensure the security of PD during its processing.

If NDA LLC assigns the processing of PD to another person on the basis of a contract, NDA LLC shall be liable to the PD subject for the actions of that person.

Agreements executed by NDA LLC include conditions concerning the maintenance of confidentiality and security of the transferred PD, as well as other conditions provided for by the legislation of the Russian Federation in the field of PD processing.

In addition, NDA LLC shall transfer PD to the authorized government bodies of the Russian Federation in cases provided for by the current legislation of the Russian Federation.

6.2 Cross-border transfer of Personal Data

NDA LLC may carry out cross-border transfer of Personal data in accordance with Article 12 of Federal Law No. 152-FZ.

6.3 Ensuring the security of Personal Data

When processing PD, NDA LLC takes the necessary legal, organizational, and technical measures to ensure the security of PD from accidental or unauthorized access, destruction, modification, blocking, copying, provision, distribution of PD, as well as other unlawful actions in relation to PD provided for by 152-FZ and other regulations in the field of PD protection.

NDA LLC complies with the obligations of a PD operator established by Articles 18–19 of 152-FZ.

NDA LLC has defined and implements the following legal requirements in the field of personal data protection:

  • • requirements for maintaining the confidentiality of personal data;
  • • requirements for the protection of personal data from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution, and other unlawful actions in relation to personal data;
  • • requirements established by Article 18 of Federal Law No. 152-FZ;

In accordance with 152-FZ, NDA LLC determines the structure and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by legislation in the field of personal data, in particular:

  • • NDA LLC has appointed executive in charge of the processing and protection of personal data;
  • • threats to the security of personal data during its processing in personal data information systems have been identified;
  • • measures are taken to detect unauthorized access to personal data and to take appropriate response measures in accordance with the current legislation of the Russian Federation;
  • • measures have been determined to restore PDs in the event of their modification or destruction as a result of unauthorized access;
  • • records are kept of tangible media of personal data;
  • • the effectiveness of measures taken to ensure the security of personal data is assessed before the personal data information system is put into operation;
  • • a system for protecting information for personal data has been developed, taking into account the requirements of regulations of the Russian Federation in the field of PD protection and the results of modeling of threats and violators of the PDIS;
  • • information protection tools that have undergone the compliance assessment procedure are used to neutralize current security threats;
  • • NDA LLC has issued local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation in the field of personal data processing, and procedures aimed at eliminating the consequences of such violations;
  • • Employees authorized to process personal data are familiarized with the requirements established by the current legislation of the Russian Federation in the field of personal data, this Policy, as well as local regulations of NDA LLC and/or the training of these employees is carried out;
  • • an appropriate procedure for working with personal data using automation tools (including the use of certified software, restriction of access to computers, local networks, and information systems that process personal data, and establishment of a procedure for destroying personal data in information systems) has been established;
  • • an appropriate procedure for working with PD without the use of automation tools (including the organization of appropriate storage of documents containing PD, the establishment of a procedure for the destruction or anonymization of PD processed without the use of automation tools) has been organized;
  • • employee access to information containing PD of PD subjects is organized in accordance with their official duties;
  • • internal control and/or audit of the compliance of PD processing with 152-FZ and regulations, PD protection requirements, this Policy, and local acts of NDA LLC is carried out;
  • • an assessment is carried out of the harm that may be caused to personal data subjects at NDA LLC in the event of a violation of 152-FZ.
6.4 Storage of Personal Data

Personal data is stored by NDA LLC in a form that allows the subject of the personal data to be identified for no longer than is necessary for the purposes of processing the personal data, except in cases where the storage period for personal data is established by federal law or by a contract to which the subject of the personal data is a party, beneficiary, or guarantor.

When storing PD, NDA LLC uses databases located in the Russian Federation, in accordance with Part 5 of Article 18 of Federal Law No. 152-FZ.

The processing of personal data by NDA LLC carried out without the use of automation tools is conducted in such a way that for each category of personal data it is possible to determine the storage locations of personal data (tangible media) and establish a list of persons who process personal data or have access to it.

NDA LLC ensures the separate storage of PD (tangible media) used for various processing purposes carried out without the use of automation tools.

When storing tangible media, conditions are observed that ensure the safety of PD and prevent unauthorized access to it. The list of measures necessary to ensure such conditions, the procedure for their adoption, and the list of persons responsible for the implementation of these measures are established by NDA LLC.

7. Updating, correcting, deleting, and destroying personal data

If the inaccuracy of PD is confirmed, it shall be updated by NDA LLC.

The processing of PD shall be terminated by NDA LLC if the illegality of its processing is identified and confirmed.

PD shall be destroyed by NDA LLC in cases where the purposes of PD processing have been achieved, as well as in cases where the PD subject has duly withdrawn their consent to the processing of PD. At the same time, if NDA LLC receives a withdrawal of consent for the processing of PD from the PD subject, NDA LLC has the right to continue such processing if it is provided for by a contract to which the PD subject is a party, beneficiary, or guarantor, or if the processing of PD is required to comply with the requirements of the current legislation of the Russian Federation.

8. Responses to requests from PD subjects

NDA LLC receives and processes requests from PD subjects as well as monitors the receipt and processing of such requests in order to protect the rights and legitimate interests of PD subjects.

Requests are received at the email address policy@zvonkodigital.com or by post at the following address: Moscow, Proektiruemy Proezd 4062, 6, Building 16, Office 3.15, PortPlaza Business Center.

When considering requests or receiving inquiries from PD subjects, NDA LLC is guided by 152-FZ.

Upon receiving an requests or inquiries from a PD subject containing information provided for by 152-FZ, NDA LLC, having verified the legality of such request or inquiry, provides the PD subject and/or its representative authorized to represent the interests of the PD subject with the information specified in the request in the form in which the relevant request or inquiry was sent, unless otherwise specified in the request or inquiry, or takes other measures depending on the request or inquiry. At the same time, the information provided by NDA LLC may not contain PD of other PD subjects, except in cases where there are legal grounds for disclosing the PD of other PD subjects.

NDA LLC has the right to dismiss the request or inquiry by providing a reasoned refusal to the PD subject or its representative, if NDA LLC has legal grounds for doing so.

The process of handling requests from PD subjects or their representatives, as well as requests from authorized bodies, is carried out in accordance with the internal regulatory documents of NDA LLC.

9. Control and responsibility

Control over compliance with the requirements of this Policy is entrusted to the executive in charge of organizing the processing of personal data at NDA LLC.

The executive in charge of organizing the processing of personal data at NDA LLC has the right to request all information, including supporting documents, related to compliance with the requirements of this Policy.

Employees of NDA LLC are personally responsible for non-compliance or improper compliance with the requirements of this Policy. Disciplinary measures may be applied to them in accordance with labor legislation and local regulations of NDA LLC.

10. Storage and archiving

The original copy of this Policy shall be stored in the Legal Department of NDA LLC during its term of validity.

11. Mailing and updating

The Policy shall be reviewed periodically as necessary, but at least once every two years.

The decision to initiate the process of amending the Policy shall be made by the executive in charge of the organization of personal data processing at NDA LLC based on proposals from the departments of NDA LLC, the results of the application of the document at NDA LLC, an analysis of inconsistencies, as well as the recommendations of internal or external audits.

The current version of the approved Policy is available on the NDA LLC website at https://zvonkodigital.com

The executive in charge of organizing the processing of personal data at NDA LLC is responsible for initiating the publication and maintenance of the Policy on the website, as well as for communicating information about the location of the current version to all interested departments.

Appendix 1. Information on the composition of personal data processed and the conditions for its processing

Schedule 1

Purposes of personal data processing at NDA LLC

Purpose of PD processing
1Accounting of payments to employees (calculation of salaries, benefits, deductions, sick leave, vacations, provision of standard tax deductions, withholdings, payments, calculation of alimony, accounting for income in kind, etc.) in the course of accounting and tax reporting.
2Accounting of payments to employees, their family members, and legal representatives (benefits, deductions, material assistance, alimony accruals) in the course of accounting and tax reporting.
3Accounting of payments to other individuals for the purposes of accounting and tax reporting, other payments to individuals in cash and in kind, including charity, gifts, etc.
4Provision of additional services to employees of NDA LLC at the expense of NDA LLC, consisting of issuing a bank card.
5Assistance to employees of NDA LLC and their family members in obtaining voluntary health insurance.
6Provision of additional services to employees of NDA LLC at the expense of NDA LLC (business trips, payment for corporate telephone communications, or offers of favorable corporate rates from telephone operators, etc.)
7Ensuring compliance with pension legislation.
8Ensuring compliance with insurance legislation
9Concluding contracts and monitoring the fulfillment of contractual obligations.
10Preparing draft contracts.
11Verifying the degree of influence of the entity on the activities of NDA LLC and its counterparties.
12Maintaining military service registration of employees
13Preparing powers of attorney
14Providing access to facilities for employees and visitors.
15Concluding, supporting, amending, executing, and terminating employment contracts and fulfilling obligations and exercising the rights of the employer in relations with the employee.
16Assistance in training, career growth, education, and professional advancement.
17Organization of mail and document flow.
18Organization of business trips (ticket booking, hotel reservations, visa processing).
19Organization of information support (organization of employee accounts for the performance of their functional duties in the relevant information system, interaction between employees and birthday greetings, administration of the corporate network).
20Fulfillment by the employer of other obligations provided for by federal laws and local regulations (organization of the work process, recording of working hours, recording of persons who have undergone occupational health and safety training, etc.).
21Fulfillment by the employer of obligations stipulated by federal laws and local regulations (organization of special assessment of working conditions)
22Participation in corporate events of NDA LLC, as well as in events of third-party organizations (external events). Including: Organizing, holding, and/or participating in conferences, exhibitions, awards, competitions, forums, and other events (including by forming lists of participants necessary to ensure the required number of seats at the venues of the relevant conferences, exhibitions, awards, competitions, forums, and other events, as well as for tracking the number of available and occupied seats, organizing catering, preparing relevant invitations, passes to the venue of the relevant conferences, exhibitions, awards, competitions, forums, and other events, badges, participant certificates, handouts for participants, etc.); as well as to provide personal data subjects with the opportunity to register and participate directly in such conferences, exhibitions, awards, competitions, forums, and other events (including convening conferences)
23Ensuring the functioning of the website of NDA LLC and the personal account of the copyright holder, improving their performance.
24Recruitment of personnel (applicants) for vacant positions
25Compliance with the requirements of regulatory legal acts of state statistical accounting authorities

Schedule 2

List of personal data processed by NDA LLC

List of personal data1
• surname, first name, patronymic;
• position;
• identity document details;
• date of birth;
• year of birth;
• place of birth;
• registered address;
• residential address;
• telephone number;
• taxpayer identification number (TIN);
• individual insurance account number (SNILS);
• marital status;
• profession;
• education details;
• information about employment (including work experience, current employment details with the name and bank account number of the organization);
• bank account number;
• relationship to military service, information about military registration;
• other personal data (information about family composition, information about children, information about incentives, compulsory medical insurance policy, information about deductions, information about benefits (disability, Chernobyl accident liquidator, participant in military operations, and other personal income tax benefits), bank details, photo1, email address, information about participation in commercial activities, insurance program number, personnel number or other personal identifier, work schedule, information about actions performed on websites and in mobile applications, as well as information about the devices used (such as date and time of session, geolocation, IP addresses, cookies, data on transmitted data packets, etc.)).

1 The actual composition of categories of personal data processed depends on the purpose of processing and is determined by local regulations of NDA LLC.

2 Not used for the identification of the subject of personal data

Schedule 3

Categories of subjects whose personal data is processed by NDA LLC

Categories of personal data subjects1
• Candidates (applicants) for vacant (open) positions at NDA LLC;
• Employees (staff) and former employees (staff) of NDA LLC;
• Family members of employees (staff) and former employees (staff) of NDA LLC;
• Counterparties (including partners, event sponsors) of NDA LLC;
• Participants in events (awards, competitions, forums, conferences, exhibitions, etc.) organized and/or held by LLC NDA LLC and (or) with the direct participation of NDA LLC LLC, who are individuals and, for the purpose of registering and participating in the relevant events, provide NDA LLC LLC with their personal data by filling out (including using the NDA LLC LLC website) registration forms, appeals, applications, and other documents;
• Legal representatives;
• Representatives of counterparties;
• Beneficiaries under contracts;
• Other categories of personal data subjects (individuals who have civil law relations with NDA LLC, visitors to NDA LLC, visitors to the website).

1 The actual composition of entities whose personal data is processed depends on the purpose of processing and is determined by the local regulations of NDA LLC.

Schedule 4

Legal basis for the processing of personal data at NDA LLC

Legal basis for the processing of personal data
• Personal data is processed with the consent of the personal data subject to the processing of their personal data.
• Personal data is processed on behalf of the counterparty – the Personal Data Operator;
• Personal data processing is necessary to achieve the objectives set forth in an international treaty of the Russian Federation or by law, to exercise and fulfill the functions, powers, and duties assigned to the operator by the legislation of the Russian Federation;
• he processing of personal data is necessary for the performance of a contract to which the subject of personal data is a party or beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the subject of personal data or a contract under which the subject of personal data will be a beneficiary or guarantor.

Schedule 5

List of actions involving the processing of personal data

List of actions1
• collection;
• recording;
• systematization;
• storage;
• accumulation;
• clarification (updating, modification);
• use;
• transfer (provision, access);
• deletion;
• blocking;
• destruction.

1 The actual composition of actions performed on processed personal data depends on the purpose of processing and is determined by local regulations of NDA LLC.

Logo

Menu

Feedback

Services

Stores

FAQ

News

Contacts

Brandbook

info@zvonkodigital.com
Privacy PolicyPolicy on the processing of personal data
Privacy PolicyPolicy on the processing of personal data

Copyright 2025 All Rights Reserved