Personal data processing policy of LLC "GTC" (as amended on July 18, 2025)

  1. General provisions

1.1. This Personal Data Processing Policy (hereinafter referred to as the “Policy”) has been developed in accordance with the provisions of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” (hereinafter referred to as the “Personal Data Law”), as well as other regulatory acts of the Russian Federation governing relations in the field of personal data processing and protection.

1.2. The Policy defines the position and intentions of «GTC» LLC (OGRN 1237700342439, INN 9701249306, legal address: 129090, Moscow, internal territory of the Krasnoselsky municipal district, pl. Bolshaya Sukharevskaya, 9, office 1/3; hereinafter referred to as the “Operator”) with respect to the processing of personal data, the rights and obligations of personal data subjects, the purposes, grounds and conditions of processing, as well as measures to protect personal data.

1.3. The Operator processes personal data exclusively within the framework of its business activities aimed at providing services for organizing cargo transportation in the interests of legal entities, as well as within the framework of labor, civil law, accounting and tax obligations.

1.4. This Policy is an internal organizational and administrative document and is mandatory for execution by all employees of the Operator, as well as other persons who have access to personal data on the basis of an agreement or assignment.

This Operator policy regarding the processing of personal data applies to all information that the Operator can receive about visitors to the website https://gtc-logistics.com/

 

  1. Basic Concepts

2.1. Personal data — any information relating directly or indirectly to a specific or determinable individual (personal data subject).

2.2. Personal data processing — any action (operation) or set of actions performed with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (including provision, distribution, access), depersonalization, blocking, deletion and destruction of personal data.

2.3. Operator — LLC “GTC”, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing, the composition of personal data subject to processing, and actions performed with them.

2.4. Personal data subject — an individual whose personal data are processed by the Operator.

2.5. Automated processing — processing of personal data using computer technology.

2.6. Confidentiality of personal data — a mandatory requirement for the Operator or other person who has gained access to personal data not to disclose to third parties or distribute personal data without the consent of the subject, unless otherwise provided by federal law.

2.7. Depersonalization — actions that make it impossible to determine the ownership of personal data by a specific subject without the use of additional information.

2.8. Cross-border transfer — transfer of personal data to the territory of a foreign state to a government agency, foreign individual or legal entity.

 

  1. Principles of personal data processing

3.1. Personal data shall be processed on a lawful and fair basis.

3.2. Processing shall be limited to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes for which it was collected shall not be permitted.

3.3. Combining databases containing personal data processed for purposes incompatible with each other shall not be permitted.

3.4. Only those personal data which correspond to the purposes of their processing and are necessary for achieving them shall be processed.

3.5. The content and volume of personal data processed shall correspond to the stated purposes of processing. Redundancy of personal data shall not be permitted.

3.6. When processing personal data, the accuracy, relevance and sufficiency of personal data shall be ensured. If inaccurate or outdated data is detected, the Operator shall take measures to clarify or delete it.

3.7. Personal data shall be stored no longer than required by the purposes of processing, unless otherwise provided by law or contract.

 

  1. Purposes of data processing

4.1. The Operator processes critical data for the following purposes:

— maintaining personnel, accounting and tax records of candidates and candidates for employment;

— processing questionnaires and resumes of applicants for the purpose of recruiting personnel;

— issuing powers of attorney, permits, passes and other supporting documents;

— fulfilling obligations under contracts concluded with counterparties, including contact information of their authorized representatives;

— compliance with the requirements of the Russian Federation legislation, including the submission of information to tax, control and other government bodies;

— ensuring internal security, access control, compliance with the regime of business and official secrets;

— establishing business contacts and promoting the Operator’s services among representatives of legal entities, including through business mailings (e-mail, instant messengers, calls and other means of communication).

 

  1. Legal grounds for processing

5.1. The Operator processes personal data on the following grounds:

— The Constitution of the Russian Federation;

— The Labor Code of the Russian Federation;

— The Tax Code of the Russian Federation;

— Federal Law No. 152-FZ “On Personal Data”;

— Federal Law No. 402-FZ “On Accounting”;

— other regulatory legal acts of the Russian Federation;

— consent of the personal data subject to processing (if such consent is required);

— agreements concluded with the personal data subject or with a third party in the interests of the subject.

 

  1. Composition of personal data

6.1. Depending on the purposes, the Operator may process:

— last name, first name, patronymic;

— passport and other identification information;

— residential address, registration at the place of residence;

— contact information: telephone numbers, e-mail;

— Taxpayer Identification Number (INN), Social Insurance Number (SNILS), information about employment history and education;

— details of the power of attorney, position held and other information necessary for interaction with counterparties and government agencies;

— information contained in the resume and cover letters;

— information about the place of work, position held, business email and telephone number obtained from open sources or as part of business correspondence;

— other personal data provided by the subject voluntarily.

 

  1. Terms and procedure for processing personal data

7.1. Personal data is processed both with and without the use of automation tools, in accordance with the established purposes and legal grounds.

7.2. Processing is permitted with the consent of the subject or in the presence of another legal basis, including the fulfillment of obligations under an employment or civil law contract.

7.3. Personal data are subject to storage in secure information systems or on paper media, access to which is available only to authorized persons.

7.4. Personal data is transferred to third parties only if necessary to fulfill the contract, as well as in cases established by law (for example, when submitting to government agencies).

7.5. In the event of a breach of security conditions, the Operator conducts an internal investigation, notifies the regulatory authorities and takes measures to eliminate the consequences of the incident.

 

  1. Rights of personal data subjects

8.1. The personal data subject has the right to:

— receive information about the fact of processing of his personal data, the purposes and legal grounds for such processing;

— demand clarification, blocking or destruction of his personal data in case of its inaccuracy, obsolescence or processing in violation of the law;

— revoke consent to the processing of personal data by sending a written notice to the Operator;

— appeal the actions (inaction) of the Operator to the authorized body or court;

— send a written request to the Operator, including using an enhanced electronic signature, to the address specified in Section 12;

— exercise other rights stipulated by the legislation of the Russian Federation.

8.2. The personal data subject is obliged to:

— provide reliable and up-to-date information about himself;

— promptly inform the Operator about changes in personal data.

 

  1. Ensuring the security of personal data

9.1. The Operator shall take the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution and other illegal actions.

9.2. Such measures include:

— restricting access to personal data on a need-to-know basis;

— using antivirus software, firewalls, cryptographic protection tools (if any);

— auditing IT infrastructure, logging user actions;

— backup and data integrity control;

— internal regulations and instructions on information security;

— concluding non-disclosure agreements with employees and contractors who have access to personal data;

— responding to incidents and conducting investigations.

 

  1. Cross-border transfer of personal data

10.1. The Operator does not transfer personal data across borders, except for cases expressly provided for by international treaties of the Russian Federation, current legislation, or with the separate consent of the personal data subject.

 

  1. Data processing when using the website

11.1. When visiting the Operator’s website, information about the user’s actions (IP address, browser type, referral source, cookies, time of visit, etc.) may be automatically collected.

11.2. Such information is used exclusively in aggregate form to analyze traffic, improve the functionality of the website and user experience and does not allow identifying a specific subject without the use of additional data.

 

  1. Final provisions

12.1. This Policy is subject to revision when changes are made to the legislation of the Russian Federation, to the organizational and technical processes of the Operator, as well as when the purposes and conditions for processing personal data change.

12.2. The General Director is appointed responsible for organizing the processing of personal data and monitoring compliance with this Policy.

12.3. The Operator also applies internal regulations, instructions, confidentiality agreements and other local acts governing the processing of personal data.

12.4. All subjects of personal data may contact GTC LLC with requests, complaints and suggestions related to the processing of personal data:

— by e-mail: vladimir.erymovskiy@gtc-logistics.com

— by postal address: 129090, Moscow, internal territory of the Krasnoselsky municipal district, pl. Bolshaya Sukharevskaya, 9, room 1/3

12.5. The current version of this Policy is freely available on the official website of the Operator or provided upon written request of the subject of personal data.