Skip to main content

Personal Data Processing Policy

  • Published:
    13 January 2025

Last updated: January 12, 2025

ARTICLE 1. GENERAL PROVISIONS

  1. This Privacy Policy (hereinafter referred to as the Policy) defines the basic principles, objectives, conditions, and methods for processing personal data in the limited liability company "GLK APPS" (hereinafter referred to as the Organization, Data Controller), the list of data subjects and the personal data being processed, the Organization's functions in processing personal data, the rights of data subjects, and the personal data protection measures implemented by the Organization.

  2. The Policy is developed in accordance with the Constitution of the Republic of Belarus, the Law of the Republic of Belarus dated 07.05.2021 No. 99-Z "On the Protection of Personal Data," and other legislative acts concerning personal data.

  3. The provisions of this Policy serve as the basis for the development of local legal acts regulating the processing of personal data within the Organization.

  4. This Policy comes into force upon its approval and applies to all personal data processed by the Organization.

ARTICLE 2. TERMS AND DEFINITIONS

The terms used in this Policy have the following meanings:

  • Automated Processing of Personal Data – processing of personal data using computer technology;

  • Biometric Personal Data – information characterizing the physiological and biological features of a person, which is used for their unique identification (fingerprints, palm prints, iris, facial features and images, etc.);

  • Blocking of Personal Data – the cessation of access to personal data without deleting it;

  • Genetic Personal Data – information relating to inherited or acquired genetic traits of a person, which contains unique data about their physiology or health and can be revealed, in particular, by studying their biological sample;

  • Information System of Personal Data – a set of personal data contained in databases, along with the information technologies and technical means ensuring their processing;

  • Information – data (messages, details) about persons, objects, facts, events, phenomena, and processes, irrespective of the form in which they are presented;

  • Anonymization of Personal Data – actions that make it impossible to determine the identity of a data subject without the use of additional information;

  • Processing of Personal Data – any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, anonymization, blocking, distribution, provision, and deletion of personal data;

  • Operator (Personal Data) – the limited liability company "GLK APPS," TIN 193605239, legal address: Republic of Belarus, 220051, Minsk, Sergey Yesenin Street, 73, office 1N;

  • Personal Data – any information relating to an identified or identifiable natural person;

  • Provision of Personal Data – actions aimed at familiarizing a specific person or group of persons with personal data;

  • Distribution of Personal Data – actions aimed at making personal data available to an undefined group of persons;

  • Special Categories of Personal Data – personal data related to racial or ethnic origin, political views, membership in trade unions, religious or other beliefs, health or sexual life, involvement in administrative or criminal liability, as well as biometric and genetic data;

  • Data Subject – a natural person whose personal data is being processed;

  • Deletion of Personal Data – actions that make it impossible to restore personal data in the information resources (systems) containing the personal data and/or actions that result in the destruction of physical carriers of personal data;

  • Identifiable Natural Person – a natural person who can be directly or indirectly identified, including through a name, date of birth, identification number, or through one or more characteristics that are specific to their physical, psychological, mental, economic, cultural, or social identity.

ARTICLE 3. PRINCIPLES AND OBJECTIVES OF PERSONAL DATA PROCESSING

  1. The Organization, as the Data Controller, processes personal data of its employees and other specified data subjects.

  2. Personal data processing within the Organization, considering the need to protect the rights and freedoms of individuals, including the right to privacy, personal and family secrets, is organized based on the following principles:

  • Legality;

  • Proportionality to the stated objectives, ensuring a fair balance of the interests of all parties involved. Processing of personal data incompatible with the initially stated objectives is prohibited;

  • Obtaining consent from the data subject, except in cases provided by legislative acts;

  • Transparency and providing the data subject with information related to the processing of their personal data;

  • Accuracy of the processed personal data and, if necessary, updating it;

  • Retention of personal data and identification of the data subject for no longer than necessary to fulfill the stated objectives of processing the personal data.
  1. Personal data is processed within the Organization for the following purposes:

  • To carry out and fulfill the requirements, functions, and obligations imposed on the Organization by the legislation of the Republic of Belarus, including providing personal data to government authorities, the Social Protection Fund of the Ministry of Labor and Social Protection of the Republic of Belarus, as well as other government bodies and organizations, including preparing documents for personalized employee records in the mandatory pension insurance system; maintaining personnel records and accounting; completing and submitting required forms of reporting to tax, customs, and executive authorities, as well as other authorized organizations, fulfilling the obligations of a tax agent, maintaining a list of affiliated entities, etc.;

  • To consider the possibility of hiring candidates for the Organization, maintaining a personnel reserve, and checking candidates, including their qualifications and work experience;

  • To regulate labor relations with the Organization's employees: training and promotion, ensuring personal safety, monitoring the quantity and quality of work performed, safeguarding property, organizing and accompanying business trips, etc.;

  • To provide benefits and compensations to the relatives of the Organization's employees;

  • To conduct negotiations; verify counterparties; prepare, conclude, modify, execute, or terminate contractual obligations with personal data subjects;

  • To identify conflicts of interest;

  • To provide goods (works, services) of the Organization to the personal data subjects;

  • To protect the life, health, or other vital interests of the personal data subjects;

  • To organize events and ensure the participation of the personal data subjects;

  • To advertise and promote the Organization's goods (works, services), including providing information about the Organization's goods (works, services);

  • To handle inquiries from individuals and legal entities, address complaints, demands, claims, and other information related to goods (works, services) and the Organization's activities;

  • To ensure security, the preservation of material assets, and prevention of offenses;

  • To enforce judicial acts and decisions of other authorities and officials that must be executed in accordance with the legislation of the Republic of Belarus on enforcement proceedings;

  • For other purposes not in conflict with the legislation of the Republic of Belarus.

ARTICLE 4. CATEGORIES OF DATA SUBJECTS WHOSE PERSONAL DATA IS PROCESSED

The Organization processes personal data of the following categories of data subjects:

  • Participants and affiliated entities of the Organization;

  • Employees, former employees of the Organization, its branches and representative offices, and subsidiaries;

  • Candidates for employment with the Organization;

  • Counterparties and clients of the Organization who are natural persons;

  • Representatives and/or employees of the Organization's counterparties that are legal entities (individual entrepreneurs);

  • Other data subjects (to fulfill the objectives of processing specified in Article 3 of this Policy).

ARTICLE 5. LIST OF PROCESSED PERSONAL DATA

The list of personal data processed within the Organization, including biometric, genetic, and special data, is determined in accordance with the legislation of the Republic of Belarus and the local legal acts of the Organization, taking into account the objectives of personal data processing specified in Article 3 of this Policy.

ARTICLE 6. FUNCTIONS OF THE DATA CONTROLLER IN PERSONAL DATA PROCESSING

The Organization (Data Controller) in the course of personal data processing:

  • Takes necessary and sufficient measures to ensure compliance with the requirements of the legislation of the Republic of Belarus and the local legal acts of the Organization regarding personal data;

  • Takes legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as other unlawful actions related to personal data;

  • Appoints a structural unit or individual responsible for internal control over personal data processing;

  • Issues local legal acts defining the policy and issues of personal data processing and protection within the Organization;

  • Ensures that the employees of the Organization, its branches, and representative offices directly involved in personal data processing are familiarized with the provisions of the legislation of the Republic of Belarus and the Organization's local legal acts on personal data, including requirements for the protection of personal data, and provides training for these employees;

  • Publishes or otherwise ensures unrestricted access to this Policy;

  • Notifies personal data subjects or their representatives in the prescribed manner about the presence of personal data related to the respective subjects, and provides access to this data upon request or submission of inquiries from these personal data subjects or their representatives, unless otherwise provided by the legislation of the Republic of Belarus;

  • Ceases processing and destroys personal data in cases provided for by the legislation of the Republic of Belarus in the field of personal data;

  • Takes other actions provided for by the legislation of the Republic of Belarus in the field of personal data.

ARTICLE 7. CONDITIONS FOR PERSONAL DATA PROCESSING

  1. Personal data is processed with the consent of the personal data subject for the processing of their personal data, unless otherwise provided by the legislation of the Republic of Belarus in the field of personal data protection.

  2. The Organization, without the consent of the personal data subject, does not disclose personal data to third parties or distribute it, unless otherwise provided by the legislation of the Republic of Belarus.

  3. The Organization has the right to entrust the processing of personal data on its behalf or in its interests to an authorized person based on an agreement concluded with that person. The agreement must include:

  • The purposes of personal data processing;

  • The list of actions to be performed with personal data by the authorized person;

  • Obligations to maintain the confidentiality of personal data;

  • Measures to ensure the protection of personal data in accordance with Article 17 of the Law of the Republic of Belarus No. 99-Z "On the Protection of Personal Data" dated 07.05.2021.

The authorized person is not required to obtain the consent of the personal data subject. If obtaining consent from the personal data subject is necessary for processing their personal data on behalf of the Organization, the Organization itself will obtain such consent.

  1. For internal informational purposes, the Organization may create internal reference materials (databases), either hosted in a corporate social network or not, in which, with the written consent of the personal data subject (unless otherwise stipulated by the legislation of the Republic of Belarus), the following personal data may be included: surname, first name, patronymic, gender, place of employment, position, year, month, date of birth, address, phone number, email address, and other personal data provided by the personal data subject.

  2. Access to personal data processed in the Organization is granted only to employees of the Organization whose job responsibilities include the processing of personal data.

ARTICLE 8. ACTIONS WITH PERSONAL DATA AND METHODS OF THEIR PROCESSING

  1. The Organization processes personal data (any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, anonymization, blocking, dissemination, provision, and deletion of personal data) in accordance with the procedure established by the legislation and local legal acts.

  2. Personal data in the Organization is processed using the following methods:

  • With the use of automation tools;

  • Without the use of automation tools, provided that the search for personal data and/or access to it based on certain criteria is ensured (card catalogs, lists, databases, logs, etc.).

ARTICLE 9. RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS

  1. Personal data subjects have the right to:

  • Withdraw their consent to the processing of personal data at any time without providing a reason;

  • Receive information regarding the processing of their personal data, including information about their provision to third parties;

  • Request the correction of personal data if they are incomplete, outdated, or inaccurate;

  • Request the cessation of the processing of personal data, including their deletion;

  • Appeal the actions (or lack thereof) and decisions of the operator related to the processing of personal data.

  1. The right of the subject to access their personal data may be restricted in accordance with the legislation of the Republic of Belarus.

  2. The personal data subject is obliged to:

  • Provide the Organization with accurate personal data;

  • Promptly inform the Organization about any changes or additions to their personal data;

  • Fulfill other obligations provided by the legislation of the Republic of Belarus and the local legal acts of the Organization in the area of personal data processing and protection.

ARTICLE 10. MEASURES TAKEN BY THE ORGANIZATION TO ENSURE COMPLIANCE WITH THE OPERATOR'S OBLIGATIONS IN PERSONAL DATA PROCESSING

  1. The measures necessary and sufficient to ensure the fulfillment of the operator's obligations under the legislation of the Republic of Belarus in the field of personal data include:

  • Providing personal data subjects with the necessary information before obtaining their consent for data processing;

  • Explaining the rights of personal data subjects related to the processing of their personal data;

  • Obtaining written consent from personal data subjects for the processing of their personal data, except in cases provided for by the legislation of the Republic of Belarus;

  • Appointing a structural unit or person responsible for internal control over personal data processing within the Organization;

  • Issuing documents defining the Organization's policy regarding personal data processing;

  • Familiarizing employees who directly process personal data with the provisions of the legislation on personal data;

  • Establishing access procedures to personal data, including data processed in the information resource (system);

  • Implementing technical and cryptographic protection of personal data within the Organization as per the procedure established by the Operational and Analytical Center under the President of the Republic of Belarus, in accordance with the classification of information resources (systems) containing personal data;

  • Ensuring unrestricted access, including through the global computer network (Internet), to the documents defining the Organization's policy on personal data processing before such processing begins;

  • Terminating personal data processing when there are no grounds for such processing;

  • Promptly notifying the authorized body for the protection of the rights of personal data subjects about violations of personal data protection systems;

  • Correcting, blocking, or deleting inaccurate or unlawfully obtained personal data;

  • Limiting personal data processing to achieving specific, pre-stated lawful purposes;

  • Storing personal data in a form that allows the identification of personal data subjects no longer than is necessary for the stated purposes of personal data processing.

  1. Measures to ensure the security of personal data during its processing in personal data information systems are established in accordance with the Organization's local legal acts that regulate security measures for personal data processing in the Organization's personal data information systems.

ARTICLE 11. FINAL PROVISIONS

  1. Other issues related to personal data processing and not covered in this Policy are regulated in accordance with the legislation of the Republic of Belarus.

  2. If any provision of this Policy is found to be in contradiction with the legislation, the remaining provisions will remain in force and valid, and any invalid provision will be considered removed or modified to the extent necessary to ensure its compliance with the legislation.

  3. The Organization has the right, at its discretion, to modify and/or supplement the terms of this Policy without prior notice to the personal data subjects.

  4. The current version of the Policy is always available on the website www.sequoia.health and in the "Sequoia" mobile application.

facebook linkedin twitterinstagram threads

Team
Contact us
Terms of Use
Privacy Policy

Operator's policy
Consent for processing
Data Subject Clarification

© 2025 Sequoia Health