scorenemass.org carries out its activities in accordance with the legislation of the United States. The provision of our services involves the processing and storage of users’ personal data. In accordance with the legislation, we have carried out a set of technical and organizational measures to ensure the safety of processed and stored personal data.
One of our priority tasks is compliance with the current legislation in the field of information security, the main purpose of which is to ensure the protection of human and civil rights and freedoms when processing their personal data, including the protection of the rights to privacy.
Purpose of processing personal data
The purpose of processing, including the collection, recording, systematization, storage, clarification (update, change), extraction, use, transmission (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, is to provide services and the fulfillment of the company’s obligations, communication with the patient if necessary.
Principles of processing personal data
When processing personal data, we adhere to the following principles:
- compliance with the legality of receiving, processing, storing, as well as other actions with personal data;
- processing of personal data solely for the purpose of fulfilling its obligations under a service contract;
- collection of only those personal data that are minimally necessary to achieve the stated processing goals;
- implementation of measures to ensure the security of personal data during their processing and storage;
- observance of the rights of the subject of personal data to access his or her personal data;
- compliance of the storage time of personal data with the stated processing purposes.
Confidentiality of personal data
Employees of our company and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data unless otherwise provided by federal law.
Composition of personal data
The personal data of patients and employees processed by the company may include:
- full name;
- date of birth or age;
- passport data;
- residence address;
- phone number, email address;
- other information necessary for the service to be provided.
We process personal data in order to help consumers help get online loans.
Collection (receipt) of personal data
The organization receives the personal data of patients personally from the user if the user fills out the form and agrees to the processing of personal data.
Storage of personal data
Patient personal data is stored in electronic form. In electronic form, the personal data of patients is stored in the personal data information system of the Organization, as well as in archive copies of the databases of these systems. The procedure for archiving and storage time of archival copies of the databases of the personal data information system of the Organization are defined in the instructions for backup, which is mandatory for the administrators of the corresponding system.
When storing personal data of patients and employees, organizational and technical measures are observed to ensure their safety and exclude unauthorized access to them.
Transfer of personal data to third parties
The transfer of personal data to third parties is possible in exceptional cases only with the written consent of the user, except in cases when the Organization has such an obligation as a result of the requirements of federal legislation.
Measures to ensure the security of personal data during their processing
Ensuring the security of personal data in the Organization is achieved by the following measures:
- the appointment of an employee responsible for organizing the processing of personal data;
- conducting an internal audit of the organization’s information system containing personal data, conducting their classification;
- development of a private model of threats to the security of personal data;
- determination of the list of persons admitted to work with personal data;
- development and approval of local regulations of the organization governing the procedure for processing personal data. Development of work instructions for administrators of the information system;
- the implementation of technical measures that reduce the likelihood of the implementation of threats to the security of personal data;
- conducting periodic checks of the security status of the organization’s information system.
The subject of personal data has the right to receive information regarding the processing of his or her personal data, including information containing:
- confirmation of the fact of personal data processing;
- legal grounds and purposes of personal data processing;
- the purposes and applied methods of processing personal data;
- information about persons (with the exception of employees of the organization) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement or on the basis of federal law;
- processed personal data related to the respective subject of personal data, the source of their receipt;
- terms of processing personal data, including the terms of their storage;
- the procedure for the exercise by the subject of personal data of his or her rights.
The relevant information is provided to the subject of personal data upon contact or upon receipt of a request from the subject of personal data. The request must be made in accordance with the requirements of the legislation.