Information about protection of personal data
We, QIWI PLC (hereinafter referred to as the Company), acting as the controller of personal data consider the protection of rights and freedoms of data subjects and the implementation of data protection principles as an important condition for our personal data processing activities while achieving our business purposes.
This Privacy Notice (hereinafter referred to as the Notice) defines our basic principles and terms for the personal data processing, as well as the measures we have taken to ensure the security of personal data.
The Notice is developed in accordance with the requirements of the
The Notice applies to the processing and security of the personal data processed by us, which can be obtained both from a natural or a legal person in the framework of a contractual relationship with us as well as from other data subjects.
If you have any questions regarding the Notice, please, contact the data protection officer or the person responsible for personal data processing by email at
As part of our business we can process personal data of the following categories of data subjects:
— Candidates for vacant positions: the personal data of individuals (hereinafter referred to as applicants) who are applying for a job opening at QIWI PLC;
— Representatives of prospective counterparties: the personal data of the prospective companies-counterparties staff members, acting in the name of their company;
— Representatives of counterparties: the personal data of the current companies-counterparties staff members, acting in the name of their company;
— Website users: the personal data of individuals who are using the website;
— Marketing newsletter subscribers: the personal data of individuals who receive marketing communications from the Company.
Other categories of data subjects are being informed through different means, ex. Employee Privacy Notice or Privacy Policy.
General information: candidate’s full name, date of birth, desirable department, sex
Information about education: level of education, enrolment and graduation date, name of the educational institution, location of the educational institution, Diploma number, department, major, mode of education, certificate of completion educational courses, information of language proficiency, information about professional skills,
Contact details: phone number (main and additional), email address,
Work experience information: work experience in state or municipal service, place of work, types of employment, start and termination, name of the organization, organization address and phone number, job position, job duties, reasons for termination of employment, information about entrepreneurial activities and interests in business, type of activity, project name, working period, work description
General information: full name, date of birth, previous full name, ID details (citizenship, passport number, by whom (including the personal code) and when the document was issued, place of birth, address of registered residence),
Contact details: phone number (main and additional), e-mail,
The Taxpayer Identification Number assignment certificate: full name, sex, date of birth, place of birth, Taxpayer Identification Number,
Insurance Number of Individual Ledger Account information: full name, sex, date of birth, place of birth, Number of Individual Ledger Account, Information about education: level of education, enrolment and graduation date, name of the educational institution, location of the educational institution, Diploma number, department, major, mode of education,
Work experience information: work experience in state or municipal service, place of work, types of employment, start and termination dates, name of the organization, organization address and phone number, position, job duties, reasons for termination of employment, information about entrepreneurial activities and interests in business, type of activity, project name, working period, work description,
Information about obligations: information about non-disclosure agreements, Information about the existence of non-disclosure agreements, information about financial liabilities, type of financial liabilities, information about the limiting or unfulfilled obligations from previous jobs,
Migration card data: migration card series and number, visa number, purpose of the visit, duration of stay,
Residence permit data: document number, date of the decision and issue of the document, citizenship
General information: Full name, e-mail, phone number, date of birth, place of birth, citizenship, ID details: passport number, by whom (including the personal code) and when the document was issued, validity period of the document, Taxpayer Identification Number, address of registered residence, current residence address, number of the power of attorney, position, name of the organization,
Visa details: visa number, visa’s date of issue, visa’s validity period,
Migration card details: card number, card’s date of issue, card’s validity period
When we transfer personal data to third parties, we make sure that they have sufficient guarantees to implement the appropriate technical and organizational measures. We transfer personal data to third parties with whom we have concluded the appropriate types of contracts with the required obligations regarding the protection of personal data at the level defined by us.
When we need to transfer personal data to a third country, we transfer the data to third country which ensures an adequate level of
We monitor compliance with the principles of personal data processing and application of the appropriate security measures by third parties. We control that cross-border transfer of personal data is limited by the purposes for which the data was collected.
In addition, in order to transfer personal data to third parties abroad we conduct TIA (Transfer Impact Assessment) to the activities, where necessary.
Information about companies involved in data sharing is provided below.
United States — country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR.
The legal basis for cross-border transfer: we use
Russian Federation— country does not guarantee sufficient levels of personal data protection according to Chapter 5 of GDPR.
The legal basis for cross-border transfer: we use
The legal basis for cross-border transfer: we use
Switzerland, Luzern
Ireland, Dublin
We guarantee free of charge the following rights under the Law 125 and GDPR regarding your personal data:
We cannot exercise this right if it affects the rights and freedoms of others
To exercise your rights mentioned in the table above, contact the following email:
Please note, that we can enforce these rights only if you are expressly identified as a personal data subject for which we may ask you for additional information.
We process and respond to the requests for the exercise the rights without undue delay and in any event within one month of receipt of the request. Considering the complexity and the number of requests, the term for the preparation of an answer to the request can be extended by two months. In this case we will notify you about the reasons for the delay within one month.
We use cookies to enhance performance characteristics of our websites, make it more user-friendly, collect information about visits and take measures to improve the websites.
More information on Cookies is provided in our
When processing personal data, we take the necessary organizational and technical measures, selected based on the risk analysis, to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.
The security of personal data is ensured by the following:
— we have assigned the responsibility for the organization of personal data processing to a specific employee;
— we have implemented data protection policies to ensure that our personal data processing activities comply with the Law 125 and GDPR (internal policies, internal allocation of responsibilities, trainings);
— we have implemented the necessary measures to protect personal data (access control, encryption, antivirus protection);
— we keep up to date the records of processing activities;
— we have organized a process of receiving and controlling the processing of data subjects’ requests;
— we carry out a DPIA for personal data processing activities that resz-listt in a high risk to data subjects due to the nature or scope of the operation (for more information, see Data Protection Impact Assessment);
— we ensure data protection by design and data protection by default (for more information, see Data protection by design and by default);
— we ensure security of third parties (controllers, processors, joint controllers);
— we control the transfers of personal data outside the EU;
— we document personal data breaches (if any) and their consequences, investigating them, notifying the relevant parties about leaks within 72 hours, and taking measures to eliminate the consequences of personal data breaches;
— we carry out planned and unscheduled audits of personal data processing activities.
Our contact information is specified below.
QIWI PLC
Postal address: 12 Kennedy Avenue, Kennedy Business Centre, 2nd Floor,
Tel.:
Contacts of the person responsible for the personal data processing