Contact Us
Leave your contact details and a brief description of your request
POLICY ON THE PROCESSING OF PERSONAL DATA
LLC «INNOVATION AND GROWTH»
1.General Provisions
1.1. This Policy (hereinafter — the «Policy») defines the procedure and fundamental principles for the processing of personal data in LLC «Innovation and Growth» (hereinafter — the «Company»).
1.2. The Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 «On Personal Data,» the Labor Code of the Russian Federation, and other regulatory legal acts.
1.3. Key terms user in the Policy:
personal data — any information relating directly or indirectly to an identified or identifiable natural person (personal data subject);
operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or performs personal data processing, and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data;
automated processing of personal data — processing of personal data using computing equipment;
distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
blocking of personal data — temporary suspension of personal data processing (except when processing is necessary for personal data clarification);
destruction of personal data — actions resulting in the impossibility of restoring the content of personal data within the personal data information system and/or resulting in the destruction of tangible media containing personal data;
depersonalization of personal data — actions resulting in the impossibility, without the use of additional information, to determine the personal data’s belonging to a specific personal data subject;
personal data information system — a set of personal data contained in databases, and information technologies and technical tools that ensure their processing;
cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign individual, or a foreign legal entity;
personal data permitted for distribution by the personal data subject — personal data to which access is granted by the personal data subject to an unlimited number of persons through consent given in accordance with the procedure established by this Federal Law;
personal data information system — a set of personal data contained in databases and the information technologies and technical tools used for their processing (repeated in source text);
managed organization — a legal entity for which the Company, based on a management agreement, performs the functions of the sole executive body and exercises part or all of the authority for the operational management of its economic activities.
1.4. The Company acts as a Personal Data Operator with respect to personal data processed on behalf of managed organizations in order to fulfill management agreements concluded with such organizations, as well as within the framework of its own business operations.
2. Principles and Purposes of Personal Data Processing
2.1. The Company processes personal data based on the principles of legality, purpose limitation, accuracy, and data minimization.
2.2. The Company processes personal data for the following purposes:
2.1.1. Personal data processing where the Company acts as an Operator:
1) Exercise of labor rights and obligations, ensuring compliance with labor legislation and other legal acts containing labor law norms, including for the following purposes:
3) Ensuring access control and internal security regime at the Company’s facilities.
4) Processing of data received through the Company’s official website.
5) Fulfillment of the requirements of the legislation of the Russian Federation in the field of personal data and other regulatory legal acts.
2.2.2. Personal data processing performed by the Company on behalf of another operator — within the framework of management agreements concluded with managed organizations — is carried out for the following purposes:
1) HR administration and payroll processing (execution of employment relations; maintaining personal files and employment records; calculation, accrual, and payment of salaries, bonuses, vacation pay, and other payments; calculation and transfer of taxes and insurance contributions to extra-budgetary funds; preparation and submission of mandatory tax, contribution, and HR reporting; arrangement of leave, business trips, and other types of absence from the workplace);
2) Ensuring the economic operations of managed organizations, including:
organization and maintenance of IT infrastructure (user accounts, email);
ensuring access control and internal security regimes at the facilities of managed organizations;
provision of legal support and representation in government bodies and other organizations;
3) Execution of other functions assigned under the management agreement, requiring the processing of personal data for their proper fulfillment.
2.2.3. In all cases specified in clause 2.2.2 of this Policy, the managed organizations act as independent Personal Data Operators and are responsible for the lawful transfer of personal data to the Company for processing. The Company undertakes to maintain the confidentiality of the processed data and not to use it for any purposes other than those explicitly provided for in the management agreement and related arrangements.
3.Categories of Processed Personal Data
3.1. Subjects — employees of the operator, former employees, candidates for vacant positions.
For this category of subjects, the operator processes the following personal data:
surname, first name, patronymic; gender; citizenship; date and place of birth; home address; residential or temporary registration details; phone numbers (home, mobile, work); email address; job position; employment information; taxpayer identification number; data from the individual (personalized) accounting system, including electronic documents; compulsory medical insurance policy data; passport or other identity document details; passport details for travel outside the Russian Federation; employment record book data and supplements; military registration information; education information; additional professional education data; foreign language proficiency; awards, incentives, distinctions; disciplinary actions; information contained in internal investigation materials; marital status; bank account number; and other data.
3.2. Subjects — clients and counterparties of the operator (individuals).
For this category of subjects, the operator processes the following personal data obtained by the operator:
surname, first name, patronymic; gender; citizenship; date and place of birth; home address; residential or temporary registration details; phone numbers (home, mobile, work); email address; taxpayer identification number; passport or other identity document details; bank account number; and other data.
3.3. Subjects — employees, former employees, candidates for vacant positions, clients, and counterparties of managed organizations.
Personal data processing is carried out strictly to the extent and for the purposes specified in the agreement with the managed organization.
3.4. Data collected through the official website:
3.4.1. Data provided by users through feedback forms (name, email, phone).
3.4.2. Data collected automatically: IP address, cookie data, browser parameters and settings, information about user actions on the website.
3.5. Processing of special categories of personal data related to health is permitted:
3.5.1. if the personal data subject has given written consent to the processing of their personal data;
3.5.2. in accordance with the legislation on state social assistance, as well as labor, tax, and pension legislation of the Russian Federation.
4. Legal Grounds for Personal Data Processing
4.1. The legal grounds for personal data processing include:
5. Procedure and Conditions for Personal Data Processing
5.1. The Operator processes personal data with or without the use of automation tools. Personal data processing includes the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction.
5.2. When processing personal data, the Operator takes—or ensures the adoption of—necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions in relation to personal data.
5.3. The personal data security measures implemented in the Company include, among others, the following:
5.5. The Company has appointed a person responsible for organizing the processing of personal data. Access to personal data is granted only to authorized employees of the Company who need such access to perform their official duties.
5.6. The internal documents, mandatory for all employees of the Company, as well as the relevant agreements with partners, counterparties, and other third parties, where applicable, define:
5.8. Processing of personal data carried out on behalf of managed organizations must be terminated in the following cases: termination of the management agreement with the respective managed organization; receipt of a written request from the managed organization to cease personal data processing; expiration of the personal data processing agreement; identification of unlawful authorization for the processing of personal data.
5.9. The Operator has the right to assign the processing of personal data to another party under a contract concluded with such party, including a state or municipal contract.
A party processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing established by the Personal Data Law, ensure the confidentiality of personal data, and take necessary measures to fulfill the obligations set forth in the Personal Data Law.
Additionally, the Operator has the right to transfer personal data to investigative and prosecutorial authorities and other authorized bodies on the grounds provided for by the legislation of the Russian Federation.
5.10. The Operator and any other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject, unless otherwise provided for by federal law.
Consent for the processing of personal data permitted by the personal data subject for dissemination must be provided separately from any other consents given by the personal data subject for the processing of their personal data. The Operator must provide the personal data subject with the ability to specify the list of personal data for each category of personal data indicated in the consent for the processing of personal data permitted for dissemination.
The transfer (dissemination, provision, access) of personal data permitted for dissemination must be terminated at any time upon the request of the personal data subject.
5.11. The Operator may transfer data to third parties only in the following cases:
6. Termination of Processing and Destruction of Personal Data
6.1. Grounds for terminating the processing of personal data may include:
Personal data contained on paper media is destroyed by shredding or by transferring it to a specialized organization, with an appropriate destruction certificate being prepared.
Personal data in electronic form is destroyed in a manner that prevents its recovery.
7. Processing of Personal Data on the Official Website
7.1. The Company’s website collects and processes anonymized user data (cookies, IP address) for the purpose of analyzing website traffic and improving website performance.
7.2. By submitting their data through feedback forms, the user voluntarily and knowingly gives consent to its processing for the purpose of responding to their request.
7.3. The Company is not responsible for the actions of third parties (social networks, websites linked from our website) that may collect user data.
8. Final Provisions
8.1. This Policy is publicly available and must be published on the Company’s official website.
8.2. The Company reserves the right to amend this Policy. The new version of the Policy enters into force upon its publication on the website.
1.1. This Policy (hereinafter — the «Policy») defines the procedure and fundamental principles for the processing of personal data in LLC «Innovation and Growth» (hereinafter — the «Company»).
1.2. The Policy has been developed in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 «On Personal Data,» the Labor Code of the Russian Federation, and other regulatory legal acts.
1.3. Key terms user in the Policy:
personal data — any information relating directly or indirectly to an identified or identifiable natural person (personal data subject);
operator — a state authority, municipal authority, legal entity, or individual that independently or jointly with others organizes and/or performs personal data processing, and determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
personal data processing — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data;
automated processing of personal data — processing of personal data using computing equipment;
distribution of personal data — actions aimed at disclosing personal data to an indefinite number of persons;
provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
blocking of personal data — temporary suspension of personal data processing (except when processing is necessary for personal data clarification);
destruction of personal data — actions resulting in the impossibility of restoring the content of personal data within the personal data information system and/or resulting in the destruction of tangible media containing personal data;
depersonalization of personal data — actions resulting in the impossibility, without the use of additional information, to determine the personal data’s belonging to a specific personal data subject;
personal data information system — a set of personal data contained in databases, and information technologies and technical tools that ensure their processing;
cross-border transfer of personal data — transfer of personal data to the territory of a foreign state, to a foreign state authority, a foreign individual, or a foreign legal entity;
personal data permitted for distribution by the personal data subject — personal data to which access is granted by the personal data subject to an unlimited number of persons through consent given in accordance with the procedure established by this Federal Law;
personal data information system — a set of personal data contained in databases and the information technologies and technical tools used for their processing (repeated in source text);
managed organization — a legal entity for which the Company, based on a management agreement, performs the functions of the sole executive body and exercises part or all of the authority for the operational management of its economic activities.
1.4. The Company acts as a Personal Data Operator with respect to personal data processed on behalf of managed organizations in order to fulfill management agreements concluded with such organizations, as well as within the framework of its own business operations.
2. Principles and Purposes of Personal Data Processing
2.1. The Company processes personal data based on the principles of legality, purpose limitation, accuracy, and data minimization.
2.2. The Company processes personal data for the following purposes:
2.1.1. Personal data processing where the Company acts as an Operator:
1) Exercise of labor rights and obligations, ensuring compliance with labor legislation and other legal acts containing labor law norms, including for the following purposes:
- employment of individuals and HR administration;
- calculation and payment of salaries and other remuneration;
- implementation of pension, social, and tax legislation;
- training and professional development;
- ensuring personal safety and monitoring the quantity and quality of work performed;
- organization of access control to the Company’s facilities;
3) Ensuring access control and internal security regime at the Company’s facilities.
4) Processing of data received through the Company’s official website.
5) Fulfillment of the requirements of the legislation of the Russian Federation in the field of personal data and other regulatory legal acts.
2.2.2. Personal data processing performed by the Company on behalf of another operator — within the framework of management agreements concluded with managed organizations — is carried out for the following purposes:
1) HR administration and payroll processing (execution of employment relations; maintaining personal files and employment records; calculation, accrual, and payment of salaries, bonuses, vacation pay, and other payments; calculation and transfer of taxes and insurance contributions to extra-budgetary funds; preparation and submission of mandatory tax, contribution, and HR reporting; arrangement of leave, business trips, and other types of absence from the workplace);
2) Ensuring the economic operations of managed organizations, including:
organization and maintenance of IT infrastructure (user accounts, email);
ensuring access control and internal security regimes at the facilities of managed organizations;
provision of legal support and representation in government bodies and other organizations;
3) Execution of other functions assigned under the management agreement, requiring the processing of personal data for their proper fulfillment.
2.2.3. In all cases specified in clause 2.2.2 of this Policy, the managed organizations act as independent Personal Data Operators and are responsible for the lawful transfer of personal data to the Company for processing. The Company undertakes to maintain the confidentiality of the processed data and not to use it for any purposes other than those explicitly provided for in the management agreement and related arrangements.
3.Categories of Processed Personal Data
3.1. Subjects — employees of the operator, former employees, candidates for vacant positions.
For this category of subjects, the operator processes the following personal data:
surname, first name, patronymic; gender; citizenship; date and place of birth; home address; residential or temporary registration details; phone numbers (home, mobile, work); email address; job position; employment information; taxpayer identification number; data from the individual (personalized) accounting system, including electronic documents; compulsory medical insurance policy data; passport or other identity document details; passport details for travel outside the Russian Federation; employment record book data and supplements; military registration information; education information; additional professional education data; foreign language proficiency; awards, incentives, distinctions; disciplinary actions; information contained in internal investigation materials; marital status; bank account number; and other data.
3.2. Subjects — clients and counterparties of the operator (individuals).
For this category of subjects, the operator processes the following personal data obtained by the operator:
surname, first name, patronymic; gender; citizenship; date and place of birth; home address; residential or temporary registration details; phone numbers (home, mobile, work); email address; taxpayer identification number; passport or other identity document details; bank account number; and other data.
3.3. Subjects — employees, former employees, candidates for vacant positions, clients, and counterparties of managed organizations.
Personal data processing is carried out strictly to the extent and for the purposes specified in the agreement with the managed organization.
3.4. Data collected through the official website:
3.4.1. Data provided by users through feedback forms (name, email, phone).
3.4.2. Data collected automatically: IP address, cookie data, browser parameters and settings, information about user actions on the website.
3.5. Processing of special categories of personal data related to health is permitted:
3.5.1. if the personal data subject has given written consent to the processing of their personal data;
3.5.2. in accordance with the legislation on state social assistance, as well as labor, tax, and pension legislation of the Russian Federation.
4. Legal Grounds for Personal Data Processing
4.1. The legal grounds for personal data processing include:
- the body of legal acts pursuant to and in accordance with which the operator processes personal data: the Constitution of the Russian Federation and federal legislation;
- the charter documents of the Company and the managed organizations;
- a contract to which the subject is a party (management agreement, employment contract, contract with a counterparty);
- consent to the processing of personal data (in cases not explicitly provided for by the legislation of the Russian Federation, but falling within the operator’s authority);
- the exercise of the rights and legitimate interests of the Company.
5. Procedure and Conditions for Personal Data Processing
5.1. The Operator processes personal data with or without the use of automation tools. Personal data processing includes the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction.
5.2. When processing personal data, the Operator takes—or ensures the adoption of—necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions in relation to personal data.
5.3. The personal data security measures implemented in the Company include, among others, the following:
- maintaining records of categories and lists of personal data processed by the Company, categories of subjects whose personal data is processed, retention periods, and procedures for the destruction of such personal data;
- maintaining records of physical data storage media and the Company’s information systems in which personal data is processed;
- determining the required level of protection for personal data processed in the Company’s information systems;
- identifying personal data security threats arising during processing within information systems;
- determining and implementing technical and organizational measures ensuring personal data protection prior to introducing new personal data processing procedures and new personal data information systems;
- performing and documenting an assessment of potential harm that may be caused to personal data subjects in the event of violation of the Federal Law “On Personal Data,” and correlating such potential harm with the measures adopted by the Company;
- establishing rules for access to personal data processed in information systems and ensuring the logging and monitoring of actions performed with personal data in such information systems;
- applying information protection tools that have undergone mandatory conformity assessment procedures;
- detecting incidents of unauthorized access to personal data and other security incidents, and taking measures to eliminate and mitigate their consequences;
- restoring personal data modified or destroyed as a result of unauthorized access;
- maintaining records of the positions of Company employees whose access to personal data—whether processed with or without automation tools—is required for the performance of official duties;
- ensuring that employees directly involved in personal data processing are acquainted, against signature, with the legislation of the Russian Federation on personal data, including requirements for personal data protection, this Policy, and other internal regulations of the Company on personal data processing and protection, as well as providing training to such employees;
- monitoring and evaluating the effectiveness of personal data protection measures prior to commissioning a personal data information system;
- performing regular internal control/audit to verify that personal data processing and protection comply with the applicable legislation of the Russian Federation in the field of personal data processing and security.
5.5. The Company has appointed a person responsible for organizing the processing of personal data. Access to personal data is granted only to authorized employees of the Company who need such access to perform their official duties.
5.6. The internal documents, mandatory for all employees of the Company, as well as the relevant agreements with partners, counterparties, and other third parties, where applicable, define:
- procedures for granting access to information;
- procedures for making changes to personal data to ensure their accuracy, reliability, and relevance, including with respect to the purposes of processing;
- procedures for the destruction or blocking of personal data when such actions are required;
- procedures for processing requests submitted by personal data subjects (or their legal representatives) in cases provided for by the Personal Data Law, including the procedures for preparing information regarding the presence of personal data related to a specific subject, information necessary to provide the subject (or their legal representatives) access to their personal data, and procedures for processing requests for clarification, blocking, or destruction of personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purposes of processing;
- procedures for processing requests from the authorized body responsible for the protection of personal data subjects’ rights;
- procedures for obtaining the personal data subject’s consent for the processing of personal data;
- procedures for transferring personal data to third parties;
- procedures for handling physical media containing personal data;
- procedures necessary to notify the authorized body for the protection of personal data subjects’ rights within the time frames established by the Personal Data Law.
5.8. Processing of personal data carried out on behalf of managed organizations must be terminated in the following cases: termination of the management agreement with the respective managed organization; receipt of a written request from the managed organization to cease personal data processing; expiration of the personal data processing agreement; identification of unlawful authorization for the processing of personal data.
5.9. The Operator has the right to assign the processing of personal data to another party under a contract concluded with such party, including a state or municipal contract.
A party processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing established by the Personal Data Law, ensure the confidentiality of personal data, and take necessary measures to fulfill the obligations set forth in the Personal Data Law.
Additionally, the Operator has the right to transfer personal data to investigative and prosecutorial authorities and other authorized bodies on the grounds provided for by the legislation of the Russian Federation.
5.10. The Operator and any other persons who have gained access to personal data are obliged not to disclose or disseminate personal data to third parties without the consent of the personal data subject, unless otherwise provided for by federal law.
Consent for the processing of personal data permitted by the personal data subject for dissemination must be provided separately from any other consents given by the personal data subject for the processing of their personal data. The Operator must provide the personal data subject with the ability to specify the list of personal data for each category of personal data indicated in the consent for the processing of personal data permitted for dissemination.
The transfer (dissemination, provision, access) of personal data permitted for dissemination must be terminated at any time upon the request of the personal data subject.
5.11. The Operator may transfer data to third parties only in the following cases:
- to state authorities (Pension Fund, Federal Tax Service, Social Insurance Fund, Ministry of Internal Affairs) in accordance with the procedure established by law;
- to banks for the purpose of financial settlements;
- to other counterparties only if a personal data processing agreement has been concluded with them on behalf of the Company.
6. Termination of Processing and Destruction of Personal Data
6.1. Grounds for terminating the processing of personal data may include:
- achievement of the purposes of personal data processing;
- expiration or withdrawal of the personal data subject’s consent to the processing of their personal data;
- identification of unlawful personal data processing;
- liquidation of the Company.
- termination of the management agreement with the respective managed organization;
- receipt of a written request from the managed organization to cease the processing of personal data;
- expiration of the personal data processing agreement;
- identification of unlawful authorization for personal data processing.
Personal data contained on paper media is destroyed by shredding or by transferring it to a specialized organization, with an appropriate destruction certificate being prepared.
Personal data in electronic form is destroyed in a manner that prevents its recovery.
7. Processing of Personal Data on the Official Website
7.1. The Company’s website collects and processes anonymized user data (cookies, IP address) for the purpose of analyzing website traffic and improving website performance.
7.2. By submitting their data through feedback forms, the user voluntarily and knowingly gives consent to its processing for the purpose of responding to their request.
7.3. The Company is not responsible for the actions of third parties (social networks, websites linked from our website) that may collect user data.
8. Final Provisions
8.1. This Policy is publicly available and must be published on the Company’s official website.
8.2. The Company reserves the right to amend this Policy. The new version of the Policy enters into force upon its publication on the website.
Consent to the Processing of Personal Data
In accordance with Federal Law of the Russian Federation No. 152-FZ «On Personal Data» dated July 27, 2006, I hereby give my consent to the processing of my personal data by LLC «Innovation and Growth» (hereinafter — the «Company»), registered address: Moscow, municipal district Khoroshyovsky, 1-ya Magistralnaya Street, 25A, premises 4/1.
This consent is given for the processing of my personal data for the following purposes:
I agree to receive information from the Company for the above purposes by mail, telephone, email, via instant messaging systems (messengers) and social media, or via SMS messages.
The list of data I provide includes: name, phone number, email.
This consent is given for both automated and non-automated processing of my personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction in documentary and electronic form.
The term of this Consent is 5 years.
The processing of my personal data shall cease upon expiration of this period or upon the Company’s receipt of my written withdrawal of this Consent. The Company shall cease processing and destroy my personal data within no more than 30 days from the date of receipt of such withdrawal.
The Company is entitled, after receiving the withdrawal of this Consent or after its expiration, to continue processing my personal data to the extent that such processing does not require consent under applicable law or will not require it in the future pursuant to applicable legislation.
This consent is given for the processing of my personal data for the following purposes:
- obtaining information requested by me regarding the Company’s products, services, or solutions;
- receiving the necessary information and enabling the actions required for my participation in offline and/or online events organized by the Company, for which I have registered;
- receiving marketing and/or promotional messages, materials, and/or newsletters from the Company, for which I have given my consent (confirmation of consent by checking the corresponding box in one of the forms on this website).
I agree to receive information from the Company for the above purposes by mail, telephone, email, via instant messaging systems (messengers) and social media, or via SMS messages.
The list of data I provide includes: name, phone number, email.
This consent is given for both automated and non-automated processing of my personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), anonymization, blocking, deletion, and destruction in documentary and electronic form.
The term of this Consent is 5 years.
The processing of my personal data shall cease upon expiration of this period or upon the Company’s receipt of my written withdrawal of this Consent. The Company shall cease processing and destroy my personal data within no more than 30 days from the date of receipt of such withdrawal.
The Company is entitled, after receiving the withdrawal of this Consent or after its expiration, to continue processing my personal data to the extent that such processing does not require consent under applicable law or will not require it in the future pursuant to applicable legislation.
Innovation and Growth
Navigation
©2025 Innovation and Growth LLC. All rights reserved
TIN 9714080209
Website by
Elizaveta Skvortsova
Elizaveta Skvortsova