COMPANY PERSONAL DATA PROCESSING POLICY
Moscow, 2020
CONTENT
1. GENERAL PROVISIONS
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of personal data processing
2.2. Terms of personal data processing
2.3. Confidentiality of personal data
2.4. Publicly Accessible Sources of Personal Data
2.5. Special categories of personal data
2.6. Biometric personal data
2.7. Instruction to process personal data to another person
2.8. Personal Data processing of citizens of the Russian Federation
2.9. Cross-Border Transfer of Personal Data
3. THE RIGHTS OF THE PERSONAL DATA SUBJECT
3.1. The consent of the subject of personal data to the processing of his personal data
3.2. Consent of the subject of personal data to receive advertising mailing
3.3. The consent of the subject of personal data to the disclosure and distribution of his/her personal data to third parties
3.4. The rights of the personal data subject
4. PERSONAL DATA SECURITY
5. FINAL PROVISIONS
1. GENERAL PROVISIONS
his personal data processing policy (hereinafter referred to as the Policy) is drafted in accordance with Federal Law of the 27/07/2006. No. 152-FZ "On personal data" (hereinafter referred to as FZ-152).
This Policy defines the procedure of personal data processing and measures to ensure the security of this personal data in the LLC "NT-Finance" (hereinafter - the Operator) in order to protect the rights and freedoms of a person and a citizen concerning the processing of his personal data, including the right to privacy, to personal and family secrets.
The following basic concepts are used in the Policy:
automated personal data processing - personal data processing by means of computer technology;
personal data blocking - personal data processing interruption (except the cases when the processing is necessary to clarify the personal data);
information system of personal data - personal data set contained in the databases and ensuring its processing by information technologies and technical means;
depersonalization of personal data - actions, rendering personal data anonymous, identification of which is only possible with additional information on the personal data affiliation;
Personal Data processing - any action (operation) or set of actions (operations), performed with the use of automated means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
operator - state authority, municipal authority, legal entity or individual, independently or together with other entities, which organize and (or) carry out personal data processing, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
personal data - any information related directly or indirectly to a certain or determinable individual (personal data subject);
personal data allocation - actions aimed at personal data disclosure to a certain individual or a certain circle of individuals;
distribution of personal data - actions directed to personal data disclosure to an indefinite circle of individuals (personal data transfer) or to familiarization with personal data of an unlimited circle of individuals, including personal data disclosure in mass media, placement in information-telecommunication networks or providing access to personal data in any other way;
cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or a foreign legal entity;
personal data erasure - actions, as a result of which it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material personal data carriers are destroyed.
The Company shall publish or otherwise ensure unrestricted access to this personal data processing Policy in accordance with part 2, art. 18.1. of FZā152.
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of personal data processing
Personal Data processing with the Operator is carried out on the basis of the following principles:
legitimacy and fairness;
restricting the personal data processing by the adherence to the specific, predetermined and legitimate purposes;
preventing the personal data processing, incompatible with the purposes of personal data collection;
impermissibility of aggregation of the data bases that contain the personal data and have been developed for incompatible purposes;
processing only those personal data that meet the purposes of its processing;
compliance of the scope and nature of the personal data subject to processing,
impermissibility of the personal data processing that excessive in relation to the declared purposes of its processing;
ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
destruction or depersonalization of the personal data upon achievement of the purposes of its processing or in case of loss of the necessity to achieve these purposes, or if it is impossible for the Operator to avoid/eliminate violations of personal data, unless otherwise provided by the federal law.
2.2. Terms of personal data processing
The Operator shall process personal data if at least one of the following conditions is met:
processing of personal data is carried out with the consent of the data subject to the processing of his/her personal data;
personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or by a law, or for exercise and fulfillment of functions, powers and obligations imposed on operators by the Russian Federation law.
personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings.
personal data processing is required for performance of an agreement to which a personal data subject is a party or under which the data subject is a beneficiary or surety, or for conclusion of an agreement on the initiative of a personal data subject or an agreement under which a personal data subject shall be a beneficiary or surety;
processing of personal data is required for realization of the rights and legitimate interests of an operator or third parties or for the attainment of socially significant objectives, provided that this not cause the rights and freedoms of the personal data subject to be violated;
public access to the personal data being processed has been granted by or at the request of the personal data subject (hereinafter - public personal data);
the personal data being processed are subject to publication or compulsory disclosure in accordance with federal laws.
2.3. Confidentiality of personal data
Operators and other persons who have obtained an access to personal data shall be obliged to refrain from disclosing to third parties or disseminating those personal data without the consent of the personal data subject, except as otherwise provided by federal laws.
2.4. Publicly Accessible Sources of Personal Data
Publicly accessible sources of personal data (including directories and address books) may be created for the purposes of information support. Subject to the written consent of a personal data subject, the surname, first name and patronymic, year and place of birth, address, subscriber number, occupation details of that data subject and other personal data communicated by the personal data subject may be included in publicly accessible sources of personal data.
Details of a personal data subject shall at any time be excluded from publicly accessible sources of personal data at the request of the personal data subject or by decision of a court or other authorized state bodies.
2.5. Special categories of personal data
The processing of special categories of personal data by the Operator related to race, nationality, political views, religious or philosophical beliefs, health conditions, intimate life is allowed if:
the subject of the personal data has given his written consent to the processing of his personal data;
the personal data have been made public by the personal data subject;
the processing of personal data is carried out in accordance with the legislation concerning state social assistance, labour legislation or the legislation of the Russian Federation concerning state-provided pensions and retirement pensions
the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of other persons and it is impossible to obtain the consent of the personal data subject;
the processing of personal data is carried out for the purposes of preventative medicine, medical diagnosis or the provision of medical and social care services, provided that the processing of personal data is carried out by a person who is professionally involved in medical activities and has a duty in accordance with the legislation of the Russian Federation to maintain medical confidentiality;
the processing of personal data is necessary in order to enable the rights of the personal data subject or of third parties to be established or exercised, and in connection with the administration of justice;
the processing of personal data is carried out in accordance with legislation concerning compulsory types of insurance and insurance legislation;
The special categories of personal data processing, carried out in cases stipulated by the paragraph 4 of the Article 10 of the Federal Law 152, is required to be immediately stopped, if the reasons, as a result of which the processing was carried out, are eliminated, exempted under the federal law.
Personal Data processing regarding the criminal record can be carried out by the Operator only in cases and in an order which are defined according to the federal laws.
2.6. Biometric personal data
The information that characterizes the physiological and biological features of a person, on the basis of which it is possible to identify him/her - biometric personal data - can be processed by the Operator only if the written consent of the subject of personal data.
2.7. Instruction to process personal data to another person
The Operator has the right to entrust the Personal Data processing to another person with the consent of the except as otherwise provided by the federal law, on the basis of the contract concluded with this person. The person, who carries out the personal data processing on behalf of the Operator, is obliged to observe the principles and rules of personal data processing, stipulated by the Federal Law 152 and this Policy
2.8. Personal Data processing of citizens of the Russian Federation
In accordance with the Article 2 of the Federal Law of 21 July 2014 N 242-FZ "On Amending Some Legislative Acts of the Russian Federation in as Much as It Concerns Updating the Procedure for Personal Data Processing in Information-Telecommunication Networks":
During personal data collection, inter alia, through the Internet, the operator shall ensure that databases located within the Russian Federation are used to record, systematize, accumulate, store, clarify (update or modify) and retrieve personal data of citizens of the Russian Federation, except for cases if:
- personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or by a law, or for exercise and fulfillment of functions, powers and obligations imposed on operators by the Russian Federation law.
- personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings (hereinafter referred to as enforcement of a judicial act);
- personal data processing is required for rendering state or municipal services by federal executive authorities, bodies of state non-budgetary funds, executive bodies of state authorities of the subjects of the Russian Federation, bodies of local self-government and functions of organizations involved in the provision of thereof in accordance with the Federal law of 27 July 2010 N 210-FZ "About provision of state and municipal services", for ensuring the provision of this service or for registration of personal data subjects on the uniform portal of state and municipal services;
- personal data processing required for the purposes of professional activities of a journalist and (or) the legitimate activities of a mass medium or for the purposes of scientific, literary or other creative activity, provided that this not cause the rights and freedoms of the personal data subject to be violated;
2.9. Cross-Border Transfer of Personal Data
An operator shall be obliged to to make sure that the foreign state on which territory the personal data are to be transferred provides adequate protection of the personal data subjects' rights before commencing the cross-border transfer of personal data.
The cross-border transfer of personal data into the territories of foreign states which do not provide an adequate protection of the personal data subjects' rights may be carried out in the following cases:
if the personal data subject has given his/her consent to the cross-border transfer of his/her personal data;
execution of the agreement to which the personal data subject is a party.
3. THE RIGHTS OF THE PERSONAL DATA SUBJECT
3.1. The consent of the subject of personal data to the processing of his personal data
The personal data subject takes the decision to provide his personal data and gives his consent to its free processing, by his will and in his interest. The consent to the personal data processing can be given by the subject of personal data or his representative in any form that allows to confirm the fact of its receipt, exempted under the federal law.
3.2. Consent of the subject of personal data to receive advertising mailing
The personal data subject is also in accordance with p. 1, Art. 18 of the Federal Law of 13.03.2006 ā 38-FZ "On Advertising" and Art. 44.1 of the Federal Law of 07.07.2003 ā 126-FZ "On Communications" gives his consent to receive information and (or) promotional mailing by phone (via SMS messages) and (or) e-mail from the Operator.
3.3. The consent of the subject of personal data to the disclosure and distribution of his/her personal data to third parties
The personal data subject has voluntarily agreed that the Operator and other individuals who have obtained an access to his/her personal data have the right to disclose and distribute his/her personal data to third parties.
3.4. The rights of the personal data subject
The personal data subject has the right to obtain from the Operator the information related to the processing of his/her personal data, if such right is not restricted in accordance with the federal laws. The personal data subject has the right to require from the Operator the specification of his personal data, its blocking or destruction in case the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the declared purpose of processing, as well as to take measures, stipulated by the law, to protect his rights.
The personal data processing in order to promote goods, work, services on the market through direct contacts with the personal data subject (potential consumer) by means of communication, as well as for political agitation purposes is allowed only with the prior consent of the personal data subject.
The Operator is obliged to stop immediately the processing of personal data at the request of the subject of personal data in the above mentioned purposes.
It is forbidden to take decisions on the basis of exclusively automated personal data processing generating legal consequences concerning the subject of the personal data or otherwise affecting his rights and legitimate interests, except for the cases provided by the federal laws, or with the written consent of the subject of the personal data.
If the subject of the personal data considers that the Operator carries out processing of its personal data in violation of requirements of the Federal Law FZ-152 or otherwise violates its rights and freedoms, the subject of the personal data has the right to appeal actions or inaction of the Operator to the Authorized body on protection of the rights of subjects of the personal data or juridically.
The subject of the personal data is entitled to the protection of his/her rights and legal interests, including the compensation of losses and (or) compensation of non-pecuniary damage.
4. PERSONAL DATA SECURITY
Security of the personal data processed by the Operator is provided by realization of legal, organizational and technical measures necessary for maintenance of requirements of the federal legislation on personal data protection.
To prevent unauthorized access to personal data by the Operator, the following organizational and technical measures are applied:
appointment of the officials responsible for the organization of processing and protection of the personal data;
restricting the composition of individuals allowed to process personal data;
familiarization of the subjects with the requirements of the federal legislation and regulations of the Operator on personal data processing and security;
organization of accounting, storage and circulation of the data carriers, containing information with personal data;
determination of threats of personal data security while its processing, development of models of threats accordingly;
development on the basis of threat models of the system of personal data protection;
check of readiness and efficiency of use of information protection means;
differentiation of user access to information resources and hardware and software processing tools;
registration and accounting of users actions of information systems of personal data;
use of anti-virus means and recovery means for personal data system;
application if necessary of means of firewall, intrusion detection, analysis of security and means of cryptographic protection of the information;
organization of access control procedure to the Operator's territory, protection of premises with technical means of personal data processing.
5. FINAL PROVISIONS
Other rights and duties of the Operator in relation to the personal data processing are determined by the legislation of the Russian Federation regarding the personal data.
Employees of the Operator, guilty in violation of norms, regulating processing and security of personal data, are pecuniary, disciplinary, administratively liable and bear civil legal or criminal liability in the order, established by federal laws.
Moscow, 2020
CONTENT
1. GENERAL PROVISIONS
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of personal data processing
2.2. Terms of personal data processing
2.3. Confidentiality of personal data
2.4. Publicly Accessible Sources of Personal Data
2.5. Special categories of personal data
2.6. Biometric personal data
2.7. Instruction to process personal data to another person
2.8. Personal Data processing of citizens of the Russian Federation
2.9. Cross-Border Transfer of Personal Data
3. THE RIGHTS OF THE PERSONAL DATA SUBJECT
3.1. The consent of the subject of personal data to the processing of his personal data
3.2. Consent of the subject of personal data to receive advertising mailing
3.3. The consent of the subject of personal data to the disclosure and distribution of his/her personal data to third parties
3.4. The rights of the personal data subject
4. PERSONAL DATA SECURITY
5. FINAL PROVISIONS
1. GENERAL PROVISIONS
his personal data processing policy (hereinafter referred to as the Policy) is drafted in accordance with Federal Law of the 27/07/2006. No. 152-FZ "On personal data" (hereinafter referred to as FZ-152).
This Policy defines the procedure of personal data processing and measures to ensure the security of this personal data in the LLC "NT-Finance" (hereinafter - the Operator) in order to protect the rights and freedoms of a person and a citizen concerning the processing of his personal data, including the right to privacy, to personal and family secrets.
The following basic concepts are used in the Policy:
automated personal data processing - personal data processing by means of computer technology;
personal data blocking - personal data processing interruption (except the cases when the processing is necessary to clarify the personal data);
information system of personal data - personal data set contained in the databases and ensuring its processing by information technologies and technical means;
depersonalization of personal data - actions, rendering personal data anonymous, identification of which is only possible with additional information on the personal data affiliation;
Personal Data processing - any action (operation) or set of actions (operations), performed with the use of automated means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
operator - state authority, municipal authority, legal entity or individual, independently or together with other entities, which organize and (or) carry out personal data processing, as well as determine the purposes of personal data processing, the composition of personal data to be processed, actions (operations) performed with personal data;
personal data - any information related directly or indirectly to a certain or determinable individual (personal data subject);
personal data allocation - actions aimed at personal data disclosure to a certain individual or a certain circle of individuals;
distribution of personal data - actions directed to personal data disclosure to an indefinite circle of individuals (personal data transfer) or to familiarization with personal data of an unlimited circle of individuals, including personal data disclosure in mass media, placement in information-telecommunication networks or providing access to personal data in any other way;
cross-border transfer of personal data - transfer of personal data to the territory of a foreign state to the authority of a foreign state, to a foreign individual or a foreign legal entity;
personal data erasure - actions, as a result of which it is impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material personal data carriers are destroyed.
The Company shall publish or otherwise ensure unrestricted access to this personal data processing Policy in accordance with part 2, art. 18.1. of FZā152.
2. PRINCIPLES AND TERMS OF PERSONAL DATA PROCESSING
2.1. Principles of personal data processing
Personal Data processing with the Operator is carried out on the basis of the following principles:
legitimacy and fairness;
restricting the personal data processing by the adherence to the specific, predetermined and legitimate purposes;
preventing the personal data processing, incompatible with the purposes of personal data collection;
impermissibility of aggregation of the data bases that contain the personal data and have been developed for incompatible purposes;
processing only those personal data that meet the purposes of its processing;
compliance of the scope and nature of the personal data subject to processing,
impermissibility of the personal data processing that excessive in relation to the declared purposes of its processing;
ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
destruction or depersonalization of the personal data upon achievement of the purposes of its processing or in case of loss of the necessity to achieve these purposes, or if it is impossible for the Operator to avoid/eliminate violations of personal data, unless otherwise provided by the federal law.
2.2. Terms of personal data processing
The Operator shall process personal data if at least one of the following conditions is met:
processing of personal data is carried out with the consent of the data subject to the processing of his/her personal data;
personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or by a law, or for exercise and fulfillment of functions, powers and obligations imposed on operators by the Russian Federation law.
personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings.
personal data processing is required for performance of an agreement to which a personal data subject is a party or under which the data subject is a beneficiary or surety, or for conclusion of an agreement on the initiative of a personal data subject or an agreement under which a personal data subject shall be a beneficiary or surety;
processing of personal data is required for realization of the rights and legitimate interests of an operator or third parties or for the attainment of socially significant objectives, provided that this not cause the rights and freedoms of the personal data subject to be violated;
public access to the personal data being processed has been granted by or at the request of the personal data subject (hereinafter - public personal data);
the personal data being processed are subject to publication or compulsory disclosure in accordance with federal laws.
2.3. Confidentiality of personal data
Operators and other persons who have obtained an access to personal data shall be obliged to refrain from disclosing to third parties or disseminating those personal data without the consent of the personal data subject, except as otherwise provided by federal laws.
2.4. Publicly Accessible Sources of Personal Data
Publicly accessible sources of personal data (including directories and address books) may be created for the purposes of information support. Subject to the written consent of a personal data subject, the surname, first name and patronymic, year and place of birth, address, subscriber number, occupation details of that data subject and other personal data communicated by the personal data subject may be included in publicly accessible sources of personal data.
Details of a personal data subject shall at any time be excluded from publicly accessible sources of personal data at the request of the personal data subject or by decision of a court or other authorized state bodies.
2.5. Special categories of personal data
The processing of special categories of personal data by the Operator related to race, nationality, political views, religious or philosophical beliefs, health conditions, intimate life is allowed if:
the subject of the personal data has given his written consent to the processing of his personal data;
the personal data have been made public by the personal data subject;
the processing of personal data is carried out in accordance with the legislation concerning state social assistance, labour legislation or the legislation of the Russian Federation concerning state-provided pensions and retirement pensions
the processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of other persons and it is impossible to obtain the consent of the personal data subject;
the processing of personal data is carried out for the purposes of preventative medicine, medical diagnosis or the provision of medical and social care services, provided that the processing of personal data is carried out by a person who is professionally involved in medical activities and has a duty in accordance with the legislation of the Russian Federation to maintain medical confidentiality;
the processing of personal data is necessary in order to enable the rights of the personal data subject or of third parties to be established or exercised, and in connection with the administration of justice;
the processing of personal data is carried out in accordance with legislation concerning compulsory types of insurance and insurance legislation;
The special categories of personal data processing, carried out in cases stipulated by the paragraph 4 of the Article 10 of the Federal Law 152, is required to be immediately stopped, if the reasons, as a result of which the processing was carried out, are eliminated, exempted under the federal law.
Personal Data processing regarding the criminal record can be carried out by the Operator only in cases and in an order which are defined according to the federal laws.
2.6. Biometric personal data
The information that characterizes the physiological and biological features of a person, on the basis of which it is possible to identify him/her - biometric personal data - can be processed by the Operator only if the written consent of the subject of personal data.
2.7. Instruction to process personal data to another person
The Operator has the right to entrust the Personal Data processing to another person with the consent of the except as otherwise provided by the federal law, on the basis of the contract concluded with this person. The person, who carries out the personal data processing on behalf of the Operator, is obliged to observe the principles and rules of personal data processing, stipulated by the Federal Law 152 and this Policy
2.8. Personal Data processing of citizens of the Russian Federation
In accordance with the Article 2 of the Federal Law of 21 July 2014 N 242-FZ "On Amending Some Legislative Acts of the Russian Federation in as Much as It Concerns Updating the Procedure for Personal Data Processing in Information-Telecommunication Networks":
During personal data collection, inter alia, through the Internet, the operator shall ensure that databases located within the Russian Federation are used to record, systematize, accumulate, store, clarify (update or modify) and retrieve personal data of citizens of the Russian Federation, except for cases if:
- personal data processing is required for achieving the purposes stipulated by an international agreement of the Russian Federation or by a law, or for exercise and fulfillment of functions, powers and obligations imposed on operators by the Russian Federation law.
- personal data processing is required for administration of justice or enforcement of a judicial act or an act of another body or official which are enforceable in accordance with the legislation of the Russian Federation concerning enforcement proceedings (hereinafter referred to as enforcement of a judicial act);
- personal data processing is required for rendering state or municipal services by federal executive authorities, bodies of state non-budgetary funds, executive bodies of state authorities of the subjects of the Russian Federation, bodies of local self-government and functions of organizations involved in the provision of thereof in accordance with the Federal law of 27 July 2010 N 210-FZ "About provision of state and municipal services", for ensuring the provision of this service or for registration of personal data subjects on the uniform portal of state and municipal services;
- personal data processing required for the purposes of professional activities of a journalist and (or) the legitimate activities of a mass medium or for the purposes of scientific, literary or other creative activity, provided that this not cause the rights and freedoms of the personal data subject to be violated;
2.9. Cross-Border Transfer of Personal Data
An operator shall be obliged to to make sure that the foreign state on which territory the personal data are to be transferred provides adequate protection of the personal data subjects' rights before commencing the cross-border transfer of personal data.
The cross-border transfer of personal data into the territories of foreign states which do not provide an adequate protection of the personal data subjects' rights may be carried out in the following cases:
if the personal data subject has given his/her consent to the cross-border transfer of his/her personal data;
execution of the agreement to which the personal data subject is a party.
3. THE RIGHTS OF THE PERSONAL DATA SUBJECT
3.1. The consent of the subject of personal data to the processing of his personal data
The personal data subject takes the decision to provide his personal data and gives his consent to its free processing, by his will and in his interest. The consent to the personal data processing can be given by the subject of personal data or his representative in any form that allows to confirm the fact of its receipt, exempted under the federal law.
3.2. Consent of the subject of personal data to receive advertising mailing
The personal data subject is also in accordance with p. 1, Art. 18 of the Federal Law of 13.03.2006 ā 38-FZ "On Advertising" and Art. 44.1 of the Federal Law of 07.07.2003 ā 126-FZ "On Communications" gives his consent to receive information and (or) promotional mailing by phone (via SMS messages) and (or) e-mail from the Operator.
3.3. The consent of the subject of personal data to the disclosure and distribution of his/her personal data to third parties
The personal data subject has voluntarily agreed that the Operator and other individuals who have obtained an access to his/her personal data have the right to disclose and distribute his/her personal data to third parties.
3.4. The rights of the personal data subject
The personal data subject has the right to obtain from the Operator the information related to the processing of his/her personal data, if such right is not restricted in accordance with the federal laws. The personal data subject has the right to require from the Operator the specification of his personal data, its blocking or destruction in case the personal data are incomplete, outdated, inaccurate, illegally obtained or not necessary for the declared purpose of processing, as well as to take measures, stipulated by the law, to protect his rights.
The personal data processing in order to promote goods, work, services on the market through direct contacts with the personal data subject (potential consumer) by means of communication, as well as for political agitation purposes is allowed only with the prior consent of the personal data subject.
The Operator is obliged to stop immediately the processing of personal data at the request of the subject of personal data in the above mentioned purposes.
It is forbidden to take decisions on the basis of exclusively automated personal data processing generating legal consequences concerning the subject of the personal data or otherwise affecting his rights and legitimate interests, except for the cases provided by the federal laws, or with the written consent of the subject of the personal data.
If the subject of the personal data considers that the Operator carries out processing of its personal data in violation of requirements of the Federal Law FZ-152 or otherwise violates its rights and freedoms, the subject of the personal data has the right to appeal actions or inaction of the Operator to the Authorized body on protection of the rights of subjects of the personal data or juridically.
The subject of the personal data is entitled to the protection of his/her rights and legal interests, including the compensation of losses and (or) compensation of non-pecuniary damage.
4. PERSONAL DATA SECURITY
Security of the personal data processed by the Operator is provided by realization of legal, organizational and technical measures necessary for maintenance of requirements of the federal legislation on personal data protection.
To prevent unauthorized access to personal data by the Operator, the following organizational and technical measures are applied:
appointment of the officials responsible for the organization of processing and protection of the personal data;
restricting the composition of individuals allowed to process personal data;
familiarization of the subjects with the requirements of the federal legislation and regulations of the Operator on personal data processing and security;
organization of accounting, storage and circulation of the data carriers, containing information with personal data;
determination of threats of personal data security while its processing, development of models of threats accordingly;
development on the basis of threat models of the system of personal data protection;
check of readiness and efficiency of use of information protection means;
differentiation of user access to information resources and hardware and software processing tools;
registration and accounting of users actions of information systems of personal data;
use of anti-virus means and recovery means for personal data system;
application if necessary of means of firewall, intrusion detection, analysis of security and means of cryptographic protection of the information;
organization of access control procedure to the Operator's territory, protection of premises with technical means of personal data processing.
5. FINAL PROVISIONS
Other rights and duties of the Operator in relation to the personal data processing are determined by the legislation of the Russian Federation regarding the personal data.
Employees of the Operator, guilty in violation of norms, regulating processing and security of personal data, are pecuniary, disciplinary, administratively liable and bear civil legal or criminal liability in the order, established by federal laws.
Personal Account is under construction