Cybersecurity & Personal Data Protection
In an era of advanced digital technologies, protecting the personal information of employees, partners and customers is of crucial importance. Our activities in this area are based on our Personal Data Processing Policy and the Personal Data Security Requirements, which set out the personal information that we collect on our customers and employees, as well as the purposes of this collection and the scope and conditions for any data transfer to third parties.
We have established physical, electronic, contractual and managerial security measures that are designed to protect the security and confidentiality of customer and employee personal information. At the end of 2020, we developed a training program for employees aimed at teaching responsible use of personal and corporate data.
The Company uses the following information security systems:
- Firewalls to filter and block unwanted traffic
- Remote user access using twofactor authentication
- VPNs for secure data transfer over public networks
- Traffic monitoring system
- Antivirus protection of workstations and servers
- PKI Certification Center
- Spam protection
- Network access identification and control Monitoring systems for IT infrastructure
- Installation and control of security updates
- Protection against DDoS attacks
- Web Application Firewall (WAF) protection system
Processing and Protection of Personal Data
The Company is guided by the following rules and procedures when hiring employees. All new employees sign consent forms regarding the processing, storage, and distribution of personal data. Employees must familiarize themselves with the regulation on personal data and commercial secrets and other Company bylaws, and sign a statement to say they have done so.
Employees’ personal data is stored and processed in 1C: Salary and Human Resources. Personal files of employees are kept in fireproof iron filing cabinets in a separate room that is under lock and key. Access is available to HR staff who are responsible for processing and storing personal data.
As part of its search for candidates, the Company uses superjob.ru, hh.ru, worki.ru, and avito.ru. For all listed contractors, work is structured as follows: by registering on the site, candidates agree to post data in a form that is accessible to employers and agree to having their personal data processed.
Detsky Mir also operates with customers’ personal data. Such data is collected when completing a questionnaire as part of the bonus program, as well as when registering on the detmir.ru website or in the Detmir mobile app. Data is stored by certified contractors providing the required level of protection. Due to the specific nature of its business, the Company also has access to the personal data of minors. The collection, storage and any use of the personal data of children occurs exclusively with the consent of their legal representatives.
By registering in the Detsky Mir store bonus program and by taking part in competitions, the legal representatives of minors give full consent to the processing of their own personal data and the personal data of minors contained in the Company’s questionnaire, and the transfer of data from Detsky Mir to third parties for processing purposes. Consent is valid until written revocation is received; this can be sent to: 3 Nizhnelikhoborskiy Proezd, Bld. 6, Moscow, 127238, Russia.
People can manage the personal data (information) they provide to the Company at their own discretion. The bonus program assumes that only the participant has the right to make changes to the personal data specified during registration.
Training Employees on Responsible Use of Personal and Corporate Data
The Compnay has a training program for employees aimed at teaching responsible use of personal and corporate data. The purpose of the program is to familiarize employees with the Personal Data Processing Policy and the Personal Data Security Requirements, as well as to ensure a responsible attitude toward personal information. A corresponding online course has been created, which employees are required to take annually to confirm that they have sufficient knowledge in this area.