5. Conditions of Personal Data Processing 5.1. The Operator shall process personal data in accordance with the requirements of the legislation of the Russian Federation.5.2. Personal data processing shall be carried out with the consent of the personal data subject to the processing of his/her personal data, as well as in cases of occurrence of another legal basis for the personal data processing provided for by the current legislation of the Russian Federation.5.3. The Operator shall provide both automated and non-automated processing of personal data.5.4. The Operator’s employees are allowed to process personal data, whose duties include the personal data processing.5.5. The personal data shall be processed by:
5.6. It is not allowed to disclose to third parties and distribute personal data without the consent of the personal data subject, unless otherwise provided by the Federal law.5.7. In accordance with parts 3-5 of Article 6 of the Law on Personal Data, the Company has the right to accept personal data for processing from affiliated companies belonging to the Neutec Group, that is, to assume the duties of a PD "processor" on the basis of an assignment agreement. The contract of the order between the Operator and the "processor" can define not only the rules for processing PD, the obligations of the parties, but also establish responsibility for their violation, determine the extrajudicial procedure for collecting a fine and/or a penalty. The Company's responsibility is to ensure the confidentiality and security of PD during their processing.5.8. The transfer of personal data to the bodies of inquiry and investigation, the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive bodies and organizations shall be carried out in accordance with the requirements of the legislation of the Russian Federation.5.9. The Operator shall take all necessary legal, organizational and technical measures to protect personal data against unauthorized or accidental access thereto, destruction, alteration, blocking, distribution and other unauthorized actions, including:
- obtaining personal data in oral and written form directly with the consent of the personal data subject to the processing of his/her personal data;
- obtaining personal data from publicly available sources;
- entering personal data into the Operator’s logs, registers and information systems;
- using other personal data processing methods.
- identification of threats to the security of personal data during their processing;
- adoption of local regulations and other documents in the field of processing and protection of personal data; • appointment of officials responsible for ensuring the security of personal data in the divisions and information systems of the Operator;
- creation of necessary conditions for working with personal data;
- organization of registration of physical storage media for personal data;
- organization of work with information systems in which personal data are processed;
- storage of physical storage media for personal data in compliance with the conditions providing protection of personal data and eliminating an opportunity of unauthorized access to them;
- organization of training of the Operator’s employees engaged in personal data processing.
5.10. The Operator shall store personal data in a form that allows determining the personal data subject, no longer than the purpose of processing personal data requires, if the storage period for personal data is not established by federal law, by an agreement.
5.11. When collecting personal data, including through the information and telecommunications network Internet, the Operator provides recording, systematization, accumulation, storage, specification (updating, changing), extraction of personal data of citizens of the Russian Federation using databases located in the Russian Federation, with the exception of cases specified in the Law on Personal Data.
5.12. Personal Data Processing Purposes:
5.12.1. Only personal data that comply with the purposes of their processing are subject to processing.
5.12.2. Processing of personal data by the Operator shall be performed for the following purposes:
- to provide compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
- to implement its activities in accordance with the Charter of the Company;
- to provide keeping of HR records and employee’s personal files;
- to assist candidates in employment, workers in education and career development, provide personal safety of employees, control the quantity and quality of work performed and ensure safety of a property; • to attract and select candidates for work with the Operator;
- to organize individual (personified) accounting of employees in the system of mandatory pension insurance;
- to file in and transfer to the executive authorities and other authorized organizations the required reporting forms;
- to implement civil and legal relations;
- to maintain accounting records;
- to ensure access control.
5.13. Categories of personal data subjects. PD of the following personal data subjects shall be processed: – individuals who are in labor relations with the Company; – individuals who quit the Company; – individuals who are potential employees; – individuals who are in civil law relations with the Company.
5.14. PD processed by the Operator: – data obtained during the implementation of labor relations; – data obtained for the applicants’ selection for work; – data obtained in the implementation of civil law relations.
5.15. Storage of personal data.
5.15.1. PD of subjects can be obtained, undergo further processing and transferred for storage both in paper and in electronic form.
5.15.2. PD recorded on paper shall be stored in lockable cabinets or in locked rooms with limited access rights.
5.15.3. It is not allowed to store and place documents containing PD in open electronic catalogs (file sharing) in PDISs.
5.16. Destruction of personal data.
5.16.1. Destruction of documents (carriers) containing PD shall be carried out by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredding machine is allowed.
5.16.2. PD stored on computer media shall be destroyed by erasing or formatting the media.5.16.3. The fact of the destruction of PD shall be confirmed by the documentary act of destruction of carriers.