PharmTechnology
22 Korzhenevskogo Str, 220024, Minsk, Belarus +375 (17) 309-44-00

Privacy policy

1. Purpose and Scope

1.1. This Internal Enterprise Standard “Policy of Pharmtechnology Limited Liability Company regarding the Processing of Personal Data” (hereinafter — the Policy) has been developed in fulfillment of the requirements of Paragraph 3, Clause 3, Article 17 of the Law of the Republic of Belarus dated May 7, 2021, No. 99-Z “On the Protection of Personal Data” (hereinafter — the Personal Data Law) in order to ensure the protection of human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy, personal and family secrets.

1.2. The requirements of this Policy are mandatory for application in all structural subdivisions of Pharmtechnology LLC.

1.3. The Policy applies to all personal data processed by Pharmtechnology LLC (hereinafter — the Operator).

1.4. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of the Policy.

2. Normative References

  • Decree of the President of the Republic of Belarus dated October 28, 2021, No. 422 “On measures to improve the protection of personal data”;

  • Law of the Republic of Belarus dated May 7, 2021, No. 99-Z “On the Protection of Personal Data”;

  • Law of the Republic of Belarus dated November 10, 2008, No. 455-Z “On Information, Informatization, and Information Protection”;

  • Law of the Republic of Belarus dated July 21, 2008, No. 418-Z “On the Population Register” (Articles 8, 10);

  • Labor Code of the Republic of Belarus (Clause 10, Part 1, Article 47).

3. Terms and Definitions

  1. Personal data – any information relating to an identified natural person or a natural person who can be identified;

  2. Special personal data – personal data concerning racial or national origin, political views, trade union membership, religious or other beliefs, health or sex life, administrative or criminal liability, as well as biometric and genetic personal data;

  3. Data subject – a natural person in respect of whom the processing of personal data is carried out;

  4. Personal data operator – a state body, a legal entity of the Republic of Belarus, another organization, or a natural person, including an individual entrepreneur, who independently or jointly with other specified persons organizes and (or) carries out the processing of personal data;

  5. Personal data processing – any action (operation) or set of actions (operations) performed with personal data using automation tools or without them. Processing includes:

    • collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (dissemination, provision, access); depersonalization; blocking; deletion; destruction;

  6. Automated processing of personal data – processing of personal data using computer technology;

  7. Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;

  8. Provision of personal data – actions aimed at familiarizing a specific person or circle of persons with personal data;

  9. Blocking of personal data – termination of access to personal data without its deletion;

  10. Deletion of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which physical media of personal data are destroyed;

  11. Depersonalization of personal data – actions as a result of which it becomes impossible to determine the ownership of personal data by a specific data subject without the use of additional information;

  12. Personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing.

4. Basic Rights and Obligations of the Operator

4.1. The Operator has the right to:

  1. Independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law;

  2. Entrust the processing of personal data to another person based on a contract, provided the person complies with the principles and rules of the Personal Data Law;

  3. Continue processing personal data without consent if the subject withdraws consent, provided there are legal grounds under the Law.

4.2. The Operator is obliged to:

  1. Organize processing in accordance with the Law;

  2. Respond to inquiries and requests from data subjects;

  3. Notify the authorized body for the protection of data subjects’ rights of security breaches immediately, but no later than three working days;

  4. Execute the requirements of the authorized body to eliminate violations.

4.3. Control over compliance is carried out by the person responsible for the organization of personal data processing at the Operator’s site.

5. Rights of the Data Subject

5.1. The Data Subject has the right to:

  1. Receive information regarding the processing of their data;

  2. Request clarification of data if it is incomplete, outdated, or inaccurate;

  3. Receive information on the provision of their data to third parties;

  4. Withdraw consent at any time without explanation;

  5. Request blocking or deletion if data is obtained illegally or is not necessary for the stated purpose;

  6. Appeal actions/omissions of the Operator to the authorized body.

6. Purposes of Personal Data Processing

6.1. Processing is limited to achieving specific, predetermined, and legitimate goals. 6.3. Purposes include:

  • Ensuring compliance with the legislation of the Republic of Belarus;

  • Human resources management and recruitment;

  • Assisting employees in employment, education, and promotion;

  • Individual (personified) accounting in the compulsory pension insurance system;

  • Accounting and civil law relations;

  • Ensuring access control (security regime).

7. Legal Grounds for Processing

7.1. Legal grounds include: The Constitution, Civil Code, Labor Code, Tax Code, and the Personal Data Law. 7.2. Additional grounds: The Operator’s Charter, contracts with subjects, and explicit consent.

8. Volume and Categories of Data

8.2. Categories of subjects: Candidates, employees (current/former), family members of employees, contractors, participants/affiliates, and others who provided data. 8.3. Data types: Name, gender, citizenship, DOB, contact details, education, employment history, passport data, registration address, family status, image (photo), INN, military duty, income info, bank account, etc.

9. Procedure and Conditions of Processing

9.3. The Operator carries out both automated and non-automated processing. 9.6. Disclosure to third parties without consent is prohibited unless provided by law. 9.8. Security measures: The Operator takes legal, organizational, and technical measures to protect data from unauthorized access, destruction, or modification.

10. Update, Correction, Deletion, and Requests

10.1. Information is provided upon a written or electronic application. The application must include: Name, address, DOB, ID/Passport number, the essence of the requirements, and a signature. 10.2. In case of inaccurate data, the Operator blocks the data for the verification period and clarifies it within 15 days upon confirmation of inaccuracy.