Purpose of the Policy
Ensuring the protection of human and citizen rights and liberties, including the protection of the rights to privacy, personal and family secrets, when processing his/ her personal data in accordance with the law and regulations.
Principles of the Personal Data Processing
- Compliance with the personal data owners’ rights while processing their personal data.
- Processing of personal data on a legitimate and equitable basis to achieve the purposes of data processing.
- Prevention of processing of the personal data which:
— does not meet the processing purposes,
— is redundant, or
— is contained in databases which processing purposes are incompatible.
- Ensuring accuracy, sufficiency, and relevance of personal data with respect to the purposes of data processing.
- Personal data maintenance (storage) in a form that allows to identify the personal data owner but no longer than it is required by the purposes of personal data processing.
- Destruction or anonymization of personal data once processing purposes are achieved or if there is no further need to achieve such purposes.
Conditions of Personal Data Processing
- Processing of personal data shall be carried out in compliance with the principles and codes stipulated by regulatory documents on personal data.
- Processing of personal data shall be carried out with the consent of the personal data owner or in cases stipulated by the federal law.
- Collection, recording, systematization, accumulation, storage, clarification, extraction of personal data of the Russian Federation citizens shall be performed by using databases located within the Russian Federation territory unless otherwise stipulated by the law.
- Cross-border transfer of the personal data shall be carried out only after the collection of personal data within the Russian Federation territory in accordance with the law.
- Persons who obtained access to personal data are obliged to maintain confidentiality and shall not disclose it without the consent of the personal data owner unless otherwise stipulated by the federal law.
Methods of achieving the purpose
- Securing personal data information systems against the immediate threats to personal data security, taking into account the evaluation of harmful consequences to personal data owners.
- Applying a comprehensive set of organizational and technical measures to ensure security of personal data (which are required to meet legal requirements to personal data protection) during its processing in personal data information systems (IS), as well as without the use of automation tools.
- Systematic monitoring over compliance of personal data processing with legislative requirements and local regulations.
- Arrangement of activities to inform and train personnel on the rules of personal data processing and protection.
- Inevitability of liability for the breach of this Policy.