PERSONAL DATA PROCESSING POLICY
ZAO "NTC MIK-INFORM"

1. General Provisions
1.1. This document defines the policy of JSC "STC MIK-INFORM" (hereinafter referred to as the Company) regarding the processing of personal data and sets out the system of basic principles applied in relation to the processing of personal data in the Company.

1.2. This Policy applies to all operations carried out in the Company with personal data using or without the use of automation tools.

1.3. This Policy is mandatory for familiarization and execution by all persons authorized to process personal data in the Company, and persons involved in organizing the processing and ensuring the security of personal data in the Company.

1.4. This Policy has been developed in accordance with Council of Europe Convention No. 108 on the protection of the individual in connection with automatic processing of personal data and Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.

1.5. This Policy is subject to updating in the event of changes in the legislation of the Russian Federation on personal data.

2. Introduction
2.1. In accordance with subparagraph 2 of Article 3 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”, the Company is an operator, i.e. a legal entity that independently organizes and (or) carries out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. The company does not process personal data on behalf of another operator.

2.2. An important condition for achieving the goals of the Company’s activities is to ensure the protection of the rights and freedoms of man and citizen - the subject of personal data when processing his personal data.

2.3. The Company has developed and put into effect documents establishing the procedure for processing and ensuring the security of personal data, which ensure compliance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and the regulatory legal acts adopted in accordance with it.

3. Principles and conditions for processing personal data in the Company
3.1 The company, being an operator, processes personal data of the following subjects:

applicants for vacant positions - in the composition and for the period necessary for the Company to make a decision on hiring or refusing to hire and forming a personnel reserve with the consent of the subject of personal data;
employees of the Company - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, to implement and fulfill the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company, for the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor;
employees of the Company - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, to implement and fulfill the functions, powers and responsibilities assigned by the legislation of the Russian Federation to the Company, for the execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor;
relatives of the Company's employees - in the composition and for the period necessary to achieve the goals provided for by the legislation of the Russian Federation, to implement and fulfill the functions, powers and responsibilities assigned to the Company by the legislation of the Russian Federation;
individuals under contracts of a civil legal nature, representatives of counterparties - in the composition and period necessary for the conclusion and execution of an agreement to which the subject of personal data is a party or beneficiary or guarantor.
visitors to any of the websites of JSC "STC MIK-INFORM".
3.2. The terms for processing personal data are determined taking into account:

established purposes for processing personal data;
validity periods of contracts with personal data subjects and consents of personal data subjects to the processing of their personal data;
deadlines determined by the Order of the Ministry of Culture of the Russian Federation dated August 25, 2010. No. 558 “On approval of the “List of standard management archival documents generated in the process of activities of state bodies, local governments and organizations, indicating storage periods”;
storage periods for documentation established by the Company’s internal regulations.
3.3. The company processes personal data on a legal and fair basis.

3.4. When processing personal data, their accuracy, sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data are ensured.

3.5. The company does not disclose or distribute personal data to third parties without the consent of the subject of personal data (unless otherwise provided by federal law of the Russian Federation).

3.6. The Company does not create publicly available sources of personal data.

3.7. The company processes special categories of personal data. At the same time, the Company fulfills all the requirements for processing special categories of personal data provided for by the Federal Law of the Russian Federation “On Personal Data” No. 152-FZ of July 27, 2006. The Company does not process personal data on criminal records.

3.8. The company does not process biometric personal data.

3.9. The company may carry out cross-border transfer of personal data.

3.10. The Company processes personal data in order to promote the Company’s goods, works and services on the market by making direct contacts with potential consumers using means of communication with the consent of the potential consumer. The company does not process personal data for the purposes of political propaganda.

3.11. The Company does not make decisions that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests, based solely on automated processing of personal data.

3.12. The company entrusts the processing of personal data to other parties. At the same time, the Company fulfills all the requirements for ordering the processing of personal data provided for by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”. A visitor to any of the websites of STC MIK-INFORM CJSC, accepting this Policy regarding the processing of personal data and agreeing to it, gives his consent to the transfer of his personal data to STC MIK-INFORM CJSC to third parties in fulfillment of the purposes of the agreements in connection with which personal data is transferred to a third party.

3.13. The company processes personal data using and without automation tools. At the same time, the Company fulfills all the requirements for automated and non-automated processing of personal data provided for by Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and regulatory legal acts adopted in accordance with it.

4. Rights of subjects of personal data processed in the Company
4.1. The subject of personal data has the right to receive information regarding the processing of his personal data. To obtain this information, the subject of personal data may send a written request to the address: 107078, Moscow, st. Basmanny tupik, 6A, building 1 in the manner established by Article 14 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.

4.2. The subject of personal data has the right to demand from the Company clarification of his personal data, its blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing. The subject of personal data has the right to withdraw his consent to the processing of personal data. To exercise these powers, the personal data subject may send a written request (by registered mail with acknowledgment of receipt) to the address: 107078, Moscow, st. Basmanny tupik, 6A, building 1 in the manner established by Article 21 of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data”.

5. Performance of operator duties by the Company
5.1. The company receives personal data from subjects of personal data, from third parties (persons who are not subjects of personal data) and from publicly available sources of personal data (including on the Internet information and telecommunications network). At the same time, the Company fulfills the obligations provided for by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” when collecting personal data.

5.2. The company stops processing personal data in the following cases:

upon achievement of the purposes of their processing, or in case of loss of the need to achieve these purposes;
at the request of the subject of personal data, if the personal data processed by the Company is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing;
in case of detection of unlawful processing of personal data, if it is impossible to ensure the legality of the processing of personal data;
in case the subject of personal data withdraws consent to the processing of his personal data (if personal data is processed by the Company based on the consent of the subject of personal data);
the reasons due to which personal data was processed have been eliminated, unless otherwise established by federal law;
in case of liquidation or reorganization of the Company.
5.3. The Company has taken the following measures to ensure the fulfillment of the obligations provided for by the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and the regulatory legal acts adopted in accordance with it:

A person responsible for organizing the processing of personal data has been appointed;
local acts have been issued on the issues of processing and ensuring the security of personal data, as well as local acts establishing procedures aimed at preventing and identifying violations of the legislation of the Russian Federation, eliminating the consequences of such violations:
Regulations on the processing of personal data;
Regulations on organizing and ensuring the protection of personal data
other local acts on the processing and security of personal data.
legal, organizational and technical measures have been applied to ensure the security of personal data;
internal control is carried out over the compliance of the processing of personal data with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and the regulatory legal acts adopted in accordance with it, this Policy, and local acts of the Company;
an assessment of the harm that could be caused to personal data subjects in the event of a violation of the requirements of federal legislation on personal data was carried out, a correlation was made between the said harm and the measures taken by the Company aimed at ensuring the fulfillment of the obligations provided for by the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On personal data” and normative legal acts adopted in accordance with it;
Company employees directly involved in the processing of personal data are familiar with the provisions of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and the regulatory legal acts adopted in accordance with it, this Policy and local acts of the Company on the processing of personal data .
5.4. The Company implements the following requirements for the protection of personal data:

a security regime has been organized for the premises in which information systems are located, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have access to these premises;
ensuring the safety of personal data carriers has been implemented;
the head of the Company has approved a document defining a list of persons whose access to personal data processed in the information system is necessary for them to perform their official (labor) duties;
to neutralize current threats to the security of personal data, information security tools are used that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of ensuring information security;
an official (employee) responsible for ensuring the security of personal data in personal data information systems has been appointed;

1. the requirements established by the Decree of the Government of the Russian Federation of September 15, 2008 No. 687 “On approval of the Regulations on the specifics of processing personal data carried out without the use of automation tools” have been implemented.