General provisions
Terms and composition of personal data
2.1. Operator – a legal entity arranging and (or) exercising on its own or together with others processing of personal data and determining purposes of processing of personal data, composition of personal data to be processed, acts (operations) to be done with personal data;
2.2. Processing of personal data – any act (operation) or a series of acts (operations) to be done using automated means or not using such means with personal data including collection, recording, systematization, accumulation, storage, specification (updating, change), extraction, use, transmission (distribution, provision, access), impersonalization, blocking, deletion, destruction of personal data;
2.3. Subject of personal data – customers of Operator’s services and individual patients of the Operator including potential customers and patients, representatives of customers and patients, users of the Corporate Web-Site of the Operator.
2.4. Medical Secrecy – data on the fact of application of a patient for provision of medical aid, state of his/her health and diagnosis, other data received as a result of his/her medical examination and treatment.
2.5. Personal data (PD) – any information including, if applicable, information constituting medical secrecy, relating directly or indirectly to an identified or identifiable subject of personal data.
2.6. The Operator shall process personal data of the following categories of subjects of personal data:
Purposes and events of processing of personal data
3.1. Purposes of processing of personal data are the following:
3.2. The Operator may process personal data in the following cases:
3.3. Personal data are processed at «MEDSCAN» Co.Ltd. for the following purposes:
3.4. In some cases the Operator may process personal data of a subject of personal data without his/her consent if this is necessary to protect life, health or other vital interests of the subject of personal data.
3.5. Personal data of a special category may be processed by the Operator only upon the written consent of the subject.
3.6. The Operator shall not process any other personal data not compliant with purposes of such processing or legal rights and interests of the subject of personal data.
3.7. The Operator shall on its own and at its own expense arrange for organizational technical activities and take measures to ensure protection of personal data of subjects of personal data.
4. Basic principles of processing of personal data
4.1. Personal data may be processed only pursuant to the purposes determining receipt of such data.
4.2. It is not permissible to combine databases containing personal data to be processed for mismatching purposes.
4.3. The right of access for processing of personal data shall be granted to employees of the Operator in accordance with their functional duties.
4.4. Processing of personal data shall provide for accuracy of personal data, sufficiency thereof and when necessary actuality thereof in relation to the declared purposes of processing thereof.
4.5. Personal data shall be kept in a form enabling to determine the subject of personal data no longer than required for the purposes of processing of personal data, unless the period of storage of personal data is determined by federal law, contract whereto the subject of personal data is a party or beneficiary or surety.
4.6. Processed personal data shall be destroyed or impersonalized upon achievement of the purposes of processing or loss of the necessity to achieve such purposes, unless otherwise is determined by federal laws.
4.7. Terms of storage of personal data shall be determined in accordance with the term of validity of civil relationship between the subject of personal data and the Operator, period of limitation, terms of storage of documents in hard copies and documents in electronic databases, other requirements of Russian laws and the term of validity of the consent of the subject to processing of his/her personal data.
4.8. The Operator shall process personal data of subjects of personal data on the basis of the following principles:
The procedure for receipt of personal data of a subject of personal data
5.1. A subject of personal data shall provide personal data and the Operator shall further process thereof on the basis of the written consent unless otherwise is determined by laws.
5.2. The Operator warrants that the subject of personal data takes the decision to provide his/her personal data and gives his/her consent to processing thereof freely, according to his/her own will and pursuing his/her personal interests. The obligation to provide evidence of obtainment of the consent of a subject of personal data to processing of his/her personal data or evidence of existence of grounds determined in Federal Law dated 27.07.2006 No.152-FZ “On personal data” is imposed on the Operator.
5.3. Written consent:
5.3.1. The consent to processing of personal data should be specific, informed and conscious.
5.3.2. The form of the written consent to processing of personal data shall be determined by the Operator and approved by the manager of the Operator.
5.3.3. The form of the written consent shall necessarily include the following:
5.3.4. The consent in the form of an electronic document signed by a digital signature in accordance with federal laws will have the same force as the personal signature of the subject of personal data on the written consent on paper.
5.3.5. If the subject of personal data dies, the consent to processing of his/her personal data shall be given by heirs of the subject of personal data unless such consent is given by the subject of personal data when alive.
Processing of personal data
6.1. The procedure for processing of personal data of subjects is determined by job description of the Operator, orders and other local regulations.
6.2. The Operator shall process personal data of subjects of personal data using automated and unautomated means (mixed type).
6.3. Processing of personal data – general provisions:
6.3.1. The right to process personal data of a subject shall be granted to employees of the Operator admitted to work with personal data and third parties possessing access to personal data of the subject by virtue of contractual relationship with the Operator, subject to observance of confidentiality of personal data.
6.3.2. An employee of the Operator is entitled to use only such personal data use whereof is necessary to accomplish his/her job function and job duties.
6.3.3. The list of persons having access to any personal data shall be determined by the manager of the Operator by signing an appropriate order unless otherwise is determined in another local act duly approved by the Operator.
6.4. Storage of carriers of personal data:
Measures to ensure safety of personal data
7.1. Protection of personal data – complex of measures aimed at:
7.2. Personal data of subjects of personal data shall be protected by force of all employees of the Operator on the basis of a complex of approved documents and measures regulating rules for processing of personal data and may be protected with engagement of specialized organizations.
7.3.Personal data in information systems of personal data used by the Operator shall be protected in accordance with this Policy, Regulations on processing and protection of personal data in information systems of personal data, job descriptions and other local regulations adopted by the Operator.
7.4. Safety of personal data is to be achieved by the following without limitation:
Rights of a subject of personal data
8.1. The subject of personal data is entitled to be informed on processing of his/her personal data including the following information:
8.2. Data mentioned in clause 8.1. of this Policy shall be provided to subjects of personal data by the Operator in an accessible form and shall not contain personal data relating to other subjects of personal data unless there are legal grounds for disclosure of such personal data.
8.3. Data mentioned in clause 8.1. of this Policy shall be provided to the subject of personal data or his/her representative by the Operator upon application or submission of a Request by the subject of personal data or his/her representative within 30 (Thirty) calendar days after receipt of the relevant request by the Operator.
8.4. The request under clause 8.3. of this Policy shall contain the number of the main identification document of the subject of personal data, date of issue of the document and issuer, data confirming participation of the subject of personal data in relationship with the Operator (number of the contract, date of the contract, number of the outpatient card etc.) or data otherwise confirming the fact of processing of personal data by the Operator, the signature of the subject of personal data or his/her representative. The request may be submitted in form of an electronic document and signed with a digital signature in accordance with laws of the Russian Federation.
8.5. The subject of personal data may request from the Operator specification of his/her personal data, blocking or destruction thereof if such data are incomplete, inaccurate, illegally received or are not necessary for the declared purpose of processing and measures for protection of his/her rights as determined by law.
8.6. Free and free of charge access to his/her personal data including the right to receive copies of any record containing personal data other than in cases determined by laws of the Russian Federation.
8.7. In some cases determined by law the right of the subject of personal data for access to his/her personal data may be restricted.
8.8. If the subject of personal data believes that the Operator processes his/her personal data violating requirements of laws or otherwise infringes his/her rights and freedoms, the subject of personal data may complain against acts or omissions of the Operator at an authorized body for protection of rights of subjects of personal data or judicially.
8.9. The subject of personal data is entitled for protection of his/her rights and legal interests including indemnification of loss and (or) compensation of moral harm judicially.
Obligations of the Operator
The Operator is obliged:
9.1. To take necessary and sufficient legal, organizational and technical measures for protection of personal data against illegal or accidental access thereto, destruction, modification, blocking, copying, disclosure, distribution of personal data and any other illegal acts relating to personal data.
9.2. Undertake activities for organizational and technical protection of personal data in accordance with requirements of laws of the Russian Federation on matters of processing of personal data.
9.3. For the purposes of protection of personal data to assess damage which may be caused to subjects of personal data if safety of their personal data is broken and determination of actual threats against safety of personal data in the course of processing thereof in information systems of personal data.
9.4. If any actual threats are revealed, to take necessary and sufficient legal, organizational and technical measures for protection of personal data including:
Duties and lability of employees of the Operator
10.1. Employees of the Operator admitted to processing of personal data shall:
10.2. Employees of the Operator admitted to processing of personal data may not copy without authorization or in conflict with regulations personal data to paper carriers of information or any electronic information media which are not designated for storage of personal data.
10.3. Each new employee of the Operator directly processing personal data shall be familiarized with requirements of Russian laws on processing and ensuring safety of personal data, this Policy and other local regulations on matters of processing and ensuring safety of personal data and agrees to observe the same.
10.4.Persons guilty in violation of requirements of Russian laws in the area of personal data will bear disciplinary, material, civil, administrative or criminal liability.
Final provisions
11.1. The current version of the Policy in paper form is kept at the medical center «MEDSCAN» Co.Ltd. at the address: Moscow, Leningradskoe highway, 47А
11.2. The electronic version of the current version of the Policy is kept at the web-site of the Operator in Internet [medscannet.ru].
11.3. When amendments are introduced, the heading of the Policy shall include the date of approval of the current version of the Policy.
11.4. The Policy shall be updated and re-approved on the regular basis – annually.
11.5. The Policy may be updated and re-approved before the term stipulated in clause 11.4 of this Policy in case of amendment of regulations in the area of personal data or local acts governing organization of processing and ensuring safety of personal data.
Your name
Your phone
Ask a Question
I agree with use and processing of my personal data
E-mail
Service Any service Consultation by oncologist Second opinion Comprehensive cancer diagnostics Radiation therapy Radiosurgery Chemotherapy Immunotherapy Target therapy Hormone therapy Photodynamic therapy Surgery Regular medical check-up CT MRI Mammography X-ray filming Ultrasound scanning ECG Dermatoscopy Clinical lab diagnostics Pathomorphology Immunohistochemistry Molecular diagnostics Headache" Backache Cardio Scan" Fitness Scan Run Pro Fitness Scan Running Standard Scan VIP Scan Onco Scan
Centers Any center Diagnostic center on Ilinskoe Shosse Diagnostic center on Nizhegorodskaya Street Diagnostic center on Leningradskoe shosse Diagnostic center on Obrucheva Street
Your email