Privacy policy

  1. home_icon4RM Systems
  2.  / Privacy policy

1. General Provisions

1.1 This Policy on personal data processing (hereinafter referred to as the Policy) defines the activity of 4RM Systems LLC, registered at the address: Republic of Belarus, Vitebsk, 50/7, P. Brovki str., postal code: 210039 (hereinafter referred to as the Company or the Operator), with regard to personal data processing.

1.2 This Policy is developed in compliance with the requirements of the Law of the Republic of Belarus No. 99-3 of 07.05.2021 "On Personal Data Protection" (hereinafter - the Law).

1.3 The notions contained in Article 1 of the Law are used in this Policy with the same meaning:

  • biometric personal data - information characterizing physiological and biological features of a person, which is used for his/her unique identification (fingerprints of hands, palms, iris, facial characteristics and its image and other);
  • blocking of personal data - termination of access to personal data without deleting them;
  • depersonalization of personal data - actions, as a result of which it becomes impossible to determine the belonging of personal data to a particular subject of personal data without using additional information;
  • processing of personal data - any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion of personal data;
  • publicly available personal data - personal data disseminated by the subject of personal data or with his/her consent or disseminated in accordance with the requirements of legislative acts;
  • operator - the Company, independently or jointly with other persons, organizing and (or) carrying out the processing of personal data;
  • personal data - any information related to an identified natural person or an identifiable natural person;
  • provision of personal data - actions aimed at familiarization with personal data of a certain person or circle of persons;
  • dissemination of personal data - actions aimed at familiarization with personal data of an indefinite number of persons;
  • special personal data - personal data concerning racial or national affiliation, political views, membership in trade unions, religious or other beliefs, health or sex life, administrative or criminal liability, as well as biometric and genetic personal data;
  • subject - a natural person in respect of whom personal data is processed;
  • trans-border transfer of personal data - transfer of personal data to the territory of a foreign state;
  • deletion of personal data - actions, as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data, and (or) as a result of which material carriers of personal data are destroyed;
  • authorized person - a state body, a legal entity of the Republic of Belarus, other organization, natural person who, in accordance with an act of legislation, a decision of the state body being the operator, or on the basis of an agreement with the Company, processes personal data on behalf of the Company or in its interests;
  • identifiable natural person - a natural person who can be directly or indirectly identified, in particular through his/her surname, proper name, patronymic, date of birth, identification number or through one or more attributes characteristic of his/her physical, psychological, mental, economic, cultural or social identity.

1.4 The following terms are used in this Policy:

Services - any services, products, programs, events, activities, services of the Company (including but not limited to Bitrix, iSpring, etc.).

Sites - https://4rm.org/ and other sites owned by the Company, subdomains of these sites, as well as other services with which the Company operates.

1.5 This Policy applies to all operations performed by the Operator with personal data with or without the use of automation tools.

1.6 This Policy comes into effect from the moment of its approval.


2. Categories of personal data subjects and scope of processed personal data.

2.1 The Operator processes personal data that may be received from the following subjects of personal data:

  • Company's members and affiliates of the Company;
  • the Company's employees, former employees, candidates for vacant positions;
  • the Company's counterparties and clients who are individuals; representatives and/or employees of the Company's counterparties and clients who are legal entities or individual entrepreneurs; visitors to the Company's Sites and Services;
  • persons who have provided personal data to the Company by subscribing to mailing lists, sending feedback, appeals, filling out questionnaires during promotional and other events organized by the Company;
  • persons who provided personal data to the Company in other ways.

2.2 The Operator processes the following personal data of the subject of personal data:

  • surname, first name, patronymic; 
  • sex;
  • date of birth;
  • e-mail address
  • telephone number
  • place of residence;
  • occupation (specialty, field of professional knowledge);
  • place of work;
  • history of requests and views on the Company's Sites and Services;
  • data contained in an identity document;
  • data contained in the document on military registration;
  • data contained in a document on education;
  • data contained in the labor book;
  • data contained in the autobiography and characteristics from previous places of employment;
  • data obtained for the formation of a personal file;
  • data contained in the insurance certificate and other documents confirming the circumstances related to the work, the presentation of which is stipulated by legislative acts;
  • other information (this list may be reduced or expanded depending on the specific case and processing purposes).

2.3 To analyze the operation of the Sites and Services, the Operator processes such data as:

  • IP address;
  • browser information
  • cookie data;
  • addresses of the requested pages;
  • access time.

2.4 The Operator ensures that the content and scope of processed personal data corresponds to the stated processing purposes and, if necessary, takes measures to eliminate their redundancy in relation to the stated processing purposes.

2.5 The Operator processes personal data, including biometric data only with the consent of the personal data subject or without consent in other cases provided for by the legislation of the Republic of Belarus.

2.6 The Operator shall not process special personal data concerning race, nationality, political views, membership in trade unions, religious and other beliefs, health, sex life, administrative or criminal liability, except for cases when the personal data subject has independently provided such data to the Operator or they became known to the Operator in accordance with the legislation of the Republic of Belarus.

2.7 The Operator, if necessary to achieve the purposes of processing, has the right to transfer personal data to third parties in compliance with the requirements of the legislation of the Republic of Belarus.


3. Purposes of personal data collection.

3.1 The Operator processes personal data for the following purposes:

  • realization of communications with personal data subjects; 
  • execution of various transactions with personal data subjects, their subsequent execution, and, if necessary, modification and termination (termination);
  • providing personal data subjects with the Company's Services;
  • providing personal data subjects with information on the Company's activities, on the development of new Sites and Services by the Company;
  • sending notices, commercial offers, advertising and informational messages to the subjects of personal data;
  • conducting by the Company of promotions, surveys, interviews, tests on the Company's Sites and Services;
  • assessing and analyzing the performance of the Company's Services, controlling and improving the quality of the Company's Services;
  • informing about the work of the Company's Sites;
  • registration and maintenance of accounts on the Company's Sites and Services;
  • processing of appeals and requests received from personal data subjects;
  • attracting candidates for vacant positions of the Company;
  • Conducting personnel work, carrying out work in the field of labor protection, ecology, organization of records of the Company's employees, in accordance with the legislation and/or local documents;
  • Conducting contractual work, including the conclusion with individuals of civil law contracts for work (services), lease, loan, hire, hire, loan, etc..;
  • calculating and charging wages, bonuses, allowances, bonuses and other payments made in accordance with legislation, contracts and/or local documents;
  • implementation of access and intra-object regime, implementation of video surveillance, both for security and technological purposes;
  • implementation of administrative procedures;
  • formation of statistical and other reporting, conducting research;
  • realization of economic activities;
  • exercising other powers and duties assigned to the Operator by the legislation of the Republic of Belarus, as well as in accordance with local documents, instructions and orders of the authorities.


4. Basic rights and obligations of the operator and the subject of personal data.

4.1 The Operator has the right to:

  • to receive from the subject of personal data reliable information and/or documents containing personal data;
  • request from the subject of personal data information on the relevance and reliability of the personal data provided;
  • refuse to satisfy the personal data subject's requests to stop processing of his/her personal data and/or to delete them if there are grounds for processing provided for by the legislation of the Republic of Belarus, including if they are necessary for the stated purposes of their processing.

4.2 The Operator shall:

  • explain to the Subject his/her rights related to the processing of personal data;
  • obtain the Subject's consent, except for cases stipulated by legislative acts;
  • process personal data in accordance with the procedure established by the legislation of the Republic of Belarus;
  • ensure protection of personal data in the process of their processing;
  • to take measures to ensure the reliability of personal data processed by it, to amend personal data that are incomplete, outdated or inaccurate;
  • to examine the applications of personal data subjects on personal data processing issues and to give reasoned answers to them;
  • provide the subject of personal data with information about his/her personal data, about their disclosure to third parties;
  • make changes to personal data that are incomplete, outdated or inaccurate, except in cases where another procedure for making changes to personal data is established by legislative acts or if the purposes of personal data processing do not imply subsequent changes to such data;
  • to change, block or delete unreliable or illegally obtained personal data of the Subject at the request of the authorized body for the protection of the rights of personal data subjects, unless another procedure for amending, blocking or deleting personal data is established by legislative acts;
  • to stop processing of personal data, as well as to delete or block them in the absence of grounds for their processing, as well as at the request of the personal data subject; to fulfill other obligations stipulated by the legislation of the Republic of Belarus.

4.3 The subject of personal data has the right:

  • to receive information regarding the processing of his/her personal data by the Operator;
  • to amend his/her personal data in case the personal data is incomplete, outdated or inaccurate;
  • to revoke his/her consent to the processing of personal data;
  • to receive information about the provision of personal data to third parties;
  • to stop processing of personal data, including their deletion, if there are no grounds for their processing;
  • to appeal the action/inaction and the Operator's decision related to the processing of his personal data to the authorized body for the protection of the rights of personal data subjects in accordance with the procedure established by the legislation;
  • to exercise other rights provided for by the legislation of the Republic of Belarus.

4.4 The subject of personal data is obliged to:

  • provide the Operator with exclusively reliable information about himself/herself;
  • if necessary, provide the Operator with documents containing personal data to the extent necessary for the purpose of their processing;
  • inform the Operator about changes in his/her personal data.

4.5 The person who provided the Operator with incomplete, outdated, unreliable information about himself/herself or information about another subject of personal data without the consent of the latter shall be liable in accordance with the legislation of the Republic of Belarus.


5. Consent of the subject of personal data. 
Procedure and conditions of personal data processing.

5.1 The basis for personal data processing is the consent of the personal data subject, except for cases established by the legislation of the Republic of Belarus, when personal data processing is carried out without obtaining such consent.

5.2 The consent of the subject of personal data is a free, unambiguous, informed expression of his/her will, by which he/she authorizes the processing of his/her personal data.

The Subject's consent may be obtained in writing, in the form of an electronic document or in another electronic form.

In other electronic form, the Subject's consent may be obtained by:

  • indication (selection) by the Subject of personal data of certain information (code) after receiving a CMC message, message to an e-mail address;
  • marking by the subject of personal data on the Internet resource;
  • other ways to establish the fact of obtaining the personal data subject's consent.

5.3 Prior to obtaining the consent of the personal data subject, the Company shall provide the personal data subject with information in writing or electronically, corresponding to the form of expression of such consent, containing:

  • name and location of the Company;
  • purposes of personal data processing;
  • list of personal data, for the processing of which the consent of the subject of personal data is given;
  • the period for which the Subject's consent is given;
  • information on authorized persons in case personal data processing will be performed by such persons;
  • list of actions with personal data, for which the Subject's consent is given, general description of the methods of personal data processing used by the Company;
  • other information necessary to ensure transparency of personal data processing.

Prior to obtaining the Subject's consent, the Company shall explain to the Subject in simple and clear language his/her rights related to the processing of personal data, the mechanism for exercising such rights, as well as the consequences of the Subject's consent or refusal to give such consent. This information shall be provided by the Subject's Company in written or electronic form, corresponding to the form of expression of his/her consent, separately from other information provided to him/her.

5.4 When giving his/her consent to the Company, the Subject shall indicate his/her surname, first name, patronymic (if any), date of birth, identification number and, in the absence of such number, the number of his/her identity document, except in the case provided for in part two of this paragraph.

If the purposes of personal data processing do not require processing of the information specified in part one of this clause, this information shall not be processed by the Company upon receipt of the Subject's consent.

5.5 The obligation to prove that the Subject's consent has been obtained shall be imposed on the Operator. Refusal to give consent to the processing of personal data shall entitle the Operator to deny the Subject of personal data access to the Company's Sites and Services.

5.6 Processing of personal data by the Operator includes the following actions with personal data: collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion, other actions in accordance with the legislation of the Republic of Belarus.

5.7 Methods of personal data processing by the Operator:

  • non-automated processing of personal data;
  • automated processing of personal data with or without transmission of the received information via information and telecommunication networks;
  • mixed processing of personal data.

5.8 Storage of personal data is carried out in a form that allows to identify the subject of personal data, for a period not longer than required by the purposes of personal data processing, except in cases when the period of storage of personal data is established by the legislation of the Republic of Belarus, the contract concluded (to be concluded) with the subject of personal data, in order to perform the actions established by this contract.

5.9. The condition for termination of personal data processing may be the achievement of the objectives of personal data processing, expiration of the term of personal data processing, withdrawal of the personal data subject's consent to the processing of his/her personal data, as well as detection of unlawful processing of personal data.

5.10 When processing personal data, the Operator shall take the necessary legal, organizational and technical measures to ensure protection of personal data from unauthorized or accidental access to them, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other unlawful actions in relation to personal data.

5.11 The Company shall process special personal data solely for the purposes specified in clause 3.1 of this Policy. The Company may also process biometric personal data for the purposes specified in p. 3.1 of this Policy.

5.12. Processing of special, including biometric personal data is allowed only if a set of measures is taken to prevent risks that may arise during the processing of such personal data for the rights and freedoms of personal data subjects.

5.13. The Company shall not carry out trans-border transfer of personal data if the territory of a foreign state does not provide an adequate level of protection of the rights of personal data subjects, except for cases established by law.


6. Mechanism for exercising the rights of the personal data subject.

6.1 The personal data subject has the right to withdraw his/her consent to the processing of personal data by submitting to the Operator an application in writing sent by registered mail or in the form of an electronic document. The application must contain:

  • surname, first name, patronymic of the personal data subject;
  • address of residence (place of stay)
  • date of birth;
  • identification number (if it was indicated when giving consent or personal data processing is carried out without the consent of the personal data subject);
  • statement of the essence of the request;
  • personal signature or electronic digital signature.

Within 15 days after receipt of the application, the operator stops processing of personal data (if there are no grounds for processing, according to the legislation), deletes them, in the absence of technical possibility of deletion - takes measures to prevent further processing of personal data, including their blocking, and notifies the subject of personal data within the same period.

6.2 The personal data subject has the right to obtain information from the Operator regarding the processing of his/her personal data by submitting an application to the Operator in accordance with the procedure stipulated in p. 6.1 of these Rules. Within 5 working days after receiving the application, the Operator shall provide the personal data subject with the relevant information or notify him/her on the reasons for refusal to provide such information.

6.3 The personal data subject has the right to request the Operator to amend his/her personal data if they are incomplete, outdated or inaccurate, by submitting an application to the Operator in the manner prescribed by p. 6.1 of these Rules, attaching documents (duly certified copies) confirming the need to make such changes. Within 15 days after receipt of the application, the Operator shall make changes to the personal data and notify the personal data subject thereof or notify the reasons for refusal to make changes.

6.4 The subject of personal data has the right to receive information from the Operator about the provision of his/her personal data to third parties once a calendar year free of charge, by submitting an application to the Operator in the manner prescribed by p. 6.1 of these Rules. Within 15 days after receipt of the application, the Operator shall provide the personal data subject with information on what personal data of this subject and to whom it was provided during the year preceding the date of submission of the application, or notify him/her of the reasons for refusal to provide such information.

6.5 The subject of personal data has the right to demand from the Operator to stop processing of his/her personal data, including its deletion, in the absence of grounds for processing, by submitting an application to the Operator in the manner prescribed by p. 6.1 of these Rules. Within 15 days after receipt of the application, the Operator shall cease processing of personal data (if there are no grounds for processing, according to the legislation), perform their deletion, in the absence of technical possibility of deletion - take measures to prevent further processing of personal data, including their blocking, and notify the personal data subject thereof within the same period.


7. Measures to ensure protection of personal data

7.1 The Company shall be obliged to take legal, organizational and technical measures to ensure protection of personal data from unauthorized or accidental access to them, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other unlawful actions in respect of personal data.

7.2 To protect personal data, the Company shall take the following measures:

  • appointment of structural subdivisions or persons responsible for internal control over personal data processing;
  • maintenance of processing registers;
  • development and communication of this Policy and other documents of the Company regarding the processing of personal data to all interested parties;
  • familiarization of the Company's employees and other persons directly involved in personal data processing with the provisions of personal data legislation, including personal data protection requirements, this Policy and other documents of the Company in relation to personal data processing, as well as training of the said employees and other persons in accordance with the procedure established by law;
  • establishing the procedure for access to personal data, including those processed in an information resource (system);
  • technical and cryptographic protection of personal data in accordance with the procedure established by the Operational and Analytical Center under the President of the Republic of Belarus, in accordance with the classification of information resources (systems) containing personal data.

7.3 The Company shall provide unrestricted access, including via the global computer network Internet, to the documents defining the Company's policy on personal data processing prior to the commencement of such processing.

7.4 Classification of information resources (systems) containing personal data in order to determine the requirements of technical and cryptographic protection of personal data shall be established by the authorized body for the protection of the rights of personal data subjects.


8. Final provisions

8.1. Issues related to the processing of personal data not set forth in this Policy shall be regulated by the legislation of the Republic of Belarus.

8.2 In case any provision of the Policy is recognized as contradictory to the legislation, the remaining provisions complying with the legislation shall remain in force and valid, and any invalid provision shall be deemed deleted/amended to the extent necessary to ensure its compliance with the legislation.

8.3 The Operator shall have the right at its discretion to amend and/or supplement the terms of this Policy without prior and/or subsequent notification of personal data subjects. The current version of the Policy is permanently available at: https://4rm.org/privacy-policy.

8.4 The subject of personal data may obtain any clarifications on issues of interest regarding the processing of his/her personal data by contacting the Website Administration via e-mail at info@4rm.org.

Scroll Arrow