LLC "SPF "Bercut" personal data processing policy

Content:

1. General Provisions
2. Terms and definitions
3. Purposes and terms of personal data processing
4. Cookie Policy
5. Rights
6. Principles and conditions of personal data processing
7. Ensuring the security of personal data
8. Final provisions

1. General Provisions

1.1.The policy of the Limited Liability Company "SPF "Berkut" (hereinafter referred to as the Company) regarding the processing of personal data (hereinafter referred to as the Policy) defines the basic principles, purposes, conditions for processing personal data, lists of subjects of personal data processed in the Company, the company's functions in processing personal data, the rights of personal data subjects, as well as the requirements for the personal data protection implemented in the Company.

1.2.The policy is developed in compliance with the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", the Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 "On Approval of Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems", the Decree of the Government of the Russian Federation of 15.09.2008 No. 687 "On Approval of the Regulations on the Peculiarities of Personal Data Processing,  carried out without the use of automation tools".

1.3. The policy is designed to ensure compliance with the Russian Federation legislation regarding personal data processing, aimed at ensuring the protection of the rights and freedoms of a person and a citizen when processing their personal data, including the protection of the rights to privacy, personal and family secrets, in particular in order to protect against unauthorized access and illegal dissemination of personal data,  processed in the information systems of the Company.

1.4. The Policy applies to information that the Company receives about the subject of personal data while providing services, fulfilling contractual obligations, other activities per the Company's charter, as well as in the process of employment relations with the Company.

1.5. This Policy discloses the scope of personal data subjects, principles, procedure and conditions for processing personal data of the Company's employees and other individuals whose personal data are processed by the Company.

1.6. Personal data is confidential information and they are subject to all the requirements established by the internal documents of the Company for the protection of confidential information.

2. Terms and definitions

This Policy uses terms with the following definitions:

personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data);

processing of personal data - any action (operation) or set of actions (operations) performed with the use of automation tools or without the use of such tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;

automated processing of personal data - processing personal data using computer technology;

blocking personal data – temporary termination of personal data processing (except for cases where the processing is necessary to clarify personal data);

documented information (document) - information recorded on a material medium by documentation with details that allow to determine such information or in cases established by the legislation of the Russian Federation a material carrier;

protection of personal data of an employee - the activities of authorized persons to ensure, through local regulation of the procedure for processing personal data and organizational and technical measures, the confidentiality of information about a particular employee received by the Company in connection with employment relations;

information - information (messages, data) regardless of the form of their presentation;

information system - a set of information that is stored in databases and of information technologies and technical means that ensure its processing;

information technologies - processes, methods of search, collection, storage, processing, provision, distribution, destruction of information and methods of implementation of such processes and methods;

information resources - individual documents and separate arrays of documents, documents and arrays of documents in information systems (libraries, archives, funds, data banks, other information systems);

information system of personal data - an information system that is a set of personal data contained in the database, as well as information technologies and technical means that allow processing such personal data using automation tools or without the use of such means;

use of personal data - actions (operations) with personal data performed by the Company in order to make decisions or perform other actions that give rise to legal consequences against an employee (subject of personal data) or other persons, or otherwise affect the rights and freedoms of an employee or other persons;

confidentiality of information - mandatory for the person who has gained access to certain information requirement not to transfer such information to third parties without the consent of its owner;

confidentiality of personal data - a mandatory requirement for compliance by the Company or other person who has gained access to personal data to prevent the data distribution without consent of employee, the subject of personal data, or other legal grounds;

carriers of confidential information - material objects in which confidential information is represented in the form of symbols, images, signals, technical solutions and processes;

personal data operator - a state body, municipal body, legal entity or individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;

rendering personal data anonymous - actions as a result of which it is impossible to determine the ownership of personal data;

employee - an individual who has entered into employment relations with the Company;

dissemination of personal data - actions aimed at transferring personal data to a certain set of people (transfer of personal data) or familiarizing an unlimited number of persons with personal data, including publication of personal data in the media, placing information in telecommunication networks or providing access to personal data in any other way;

destruction of personal data - actions as a result of which it is impossible to restore the content of personal data in the information system of personal data or as a result of which material carriers of personal data are destroyed.

3. Purposes and terms of personal data processing

The Company, being the operator of personal data, processes personal data of subjects of the following categories:

• Employees of the Company;
• Applicants for a vacant position;
• Contractors;
• Technical support clients;
• Website visitors.

The purposes and terms of personal data processing are indicated in the table below.

4. Cookie Policy

Cookies, web beacons and similar technologies ("cookies") are files that contain a small amount of information and are downloaded to any device with Internet access (your personal computer, smartphone or tablet) each time you visit the website.

Cookies are used by the Company's website in order to improve the usability of the website and conduct analytics.

The visitor of the website (hereinafter referred to as the User) is notified of the use of cookies by the site. By continuing to use the site, the user gives his/her consent to use cookies, as well as Internet statistics services "Yandex.Metrica", "Google Analytics".

The use of cookies and Internet statistics services is a widely used practice.

The user can manage cookies and the possibility of their use by the website using the settings of the web browser (for instructions, please contact the developer of the web browser).

Disabling cookies may cause failure of some functions of the website.

5. Rights

5.1.The Company, being the operator of personal data, has the right to:

• defend their interests in court;
• provide personal data of subjects to third parties, if it is provided by the current legislation (tax, law enforcement agencies, etc.);
• refuse to provide personal data in cases provided by law;
• use the personal data of the subject without his/her consent, in cases as provided for in by the legislation

5.2.The subject whose personal data is processed in the Company has the right to:

• to require clarification of their personal data, its  blocking or destruction in the event that personal data is  incomplete, outdated, unreliable, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
• require a list of their personal data processed by the Company and the source of their receipt;
• receive information about the terms of processing your personal data, including the terms of its storage;
• require notification of all persons to whom incorrect or incomplete personal data have previously been communicated of all exceptions, corrections or additions made in them;
• appeal to the authorized body for protection of the rights of personal data subjects or in court against illegal actions or omissions in the processing of their personal data;
• to protect their rights and legitimate interests, including compensation for losses and (or) compensation for moral damage in court.

6. Principles and conditions of personal data processing

Processing of personal data in the Company is carried out on the basis of the principles:

• legality and fairness of the purposes and methods of processing personal data;
• compliance of the purposes of personal data processing with the purposes predetermined and stated when collecting personal data;
• compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of personal data processing;
• reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
• it is not allowed to combine databases containing personal data, processing of which is carried out for purposes incompatible with each other;
• storage of personal data in a form that allows to determine the subject of personal data, no longer than required by the purposes of its processing;
• destruction or depersonalization upon achieving the purposes of processing personal data or in case they no longer need to achieve them.

Processing of personal data is carried out on the basis of conditions determined by the legislation of the Russian Federation.

7. Ensuring security of personal data

To ensure security of personal data, the Company applies the following organizational and technical measures:

• appointment of an official responsible for processing personal data;
• limiting the number of employees who have access to personal data;
• instructions to the employees about the requirements of federal legislation and regulatory documents of the Company for the processing and protection of personal data;
• ensuring tracing and storage of material data carriers and their circulation, excluding theft, substitution, unauthorized copying and destruction of personal data;
• identification of threats to the security of personal data during their processing, the formation of threat models on their basis;
• implementation of a permissive system for users' access to information resources, software and hardware for processing and protecting information;
• registration and recording users’ actions of information systems of personal data;
• password protection of user access to the information system of personal data;
• implementation of anti-virus control, prevention of introduction of malware (virus programs) and program bookmarks into the corporate network;
• use of information security tools that meet the requirements of the legislation of the Russian Federation in the field of personal data protection;
• centralized management of the personal data protection system;
• backup of information;
• other organizational and technical measures for the protection of personal data provided for by the regulatory documents of the Russian Federation and internal documents of the Company.

8. Final provisions

8.1.This Policy is an internal document of the Company, publicly available and is subject to posting on the Company's website.

8.2.This Policy is subject to change and addition in case of new legislative acts and special regulatory documents on the processing and protection of personal data.

8.3.When making changes to  the current version, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted online, unless otherwise provided by the new edition of the Policy.

8.4.Control over compliance with this Policy is carried out by the person responsible for processing of personal data in the Company.

8.5.The liability of the Company's employees who have access to personal data should they fail to comply with the requirements of regulatory documents governing the processing and protection of personal data is determined under the legislation of the Russian Federation and internal documents of the Company.

25.01.2021