Personal Data Processing Policy
1. General Provisions
· Personal data processing – any action (operation) or a set of actions (operations) performed with the use of automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, refinement (update, change), retrieval , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
· Implementation in a lawful and fair manner;
· The compliance of the purposes of processing personal data with the powers;
· The compliance of the content and volume of processed personal data with the purposes of personal data processing;
· The reliability of personal data, its relevance and sufficiency for the purposes of processing, the inadmissibility of processing redundant in relation to the purposes of collecting personal data;
· Restrictions on the processing of personal data when achieving specific and legitimate goals, prohibiting the processing of personal data that are incompatible with the goals of collecting personal data;
· Prohibition of combining databases containing personal data that are processed for purposes that are incompatible with each other;
· Storing personal data in a form that allows determining the subject of personal data no longer than the purpose of processing personal data requires, if the period for storing personal data is not established by applicable law. The processed personal data shall be destroyed or depersonalized upon the achievement of processing objectives or in case of loss of the need to achieve these objectives, unless otherwise provided by applicable law.
· To fulfill the conditions of an employment contract and exercise rights and obligations in accordance with the law;
· To make decisions on appeals of citizens of the Russian Federation in accordance with the law.
· Citizens who are in a relationship governed by labor laws.
· Citizens who are applicants for vacancies.
· Citizens applying to officials in accordance with the Federal Law of
· Citizens who are a party to a civil contract;
· Citizens applying for educational services.
2. Features of the processing of personal data and their transfer to third parties
3. Measures used to protect personal data
· The appointment of an employee responsible for organizing the processing of personal data;
· Implementation of internal control over the compliance of personal data processing with the Federal Law from
· Familiarization of employees who directly process personal data with the provisions of the current legislation on personal data, requirements for the protection of personal data and other documents on the processing of personal data;
· Identification of threats to the security of personal data during their processing in personal data information systems;
· Use of information security tools that have passed the conformity assessment procedure in the prescribed manner;
· Assessing the effectiveness of measures taken to ensure the security of personal data;
· The implementation of the accounting machine of personal data;
· Setting rules for access to personal data processed in the personal data information system;
· Monitoring the measures taken to ensure the security of personal data and the level of security of personal data information systems;
· Development of local documents on the processing of personal data.