Regulations
for personal data processing
 
1. GENERAL PROVISIONS
 
1.1. These Regulations for personal data processing (hereinafter - the Regulations, these Regulations) were generated by LLC “MRSU-1” (also hereinafter - the Operator) and are applied in accordance with cl. 2, part 1, Art. 18.1. of the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data”.
 
These Regulations shall determine the Operator’s policy with regard to personal data processing.
 
All issues related to personal data processing, not regulated by these Regulations, shall be resolved in accordance with the applicable personal data law of the Russian Federation.
 
The Regulations and amendments thereto shall be approved by the Operator’s manager and introduced by the Operator’s order.
 
1.2. In accordance with cl. 1 of Art. 3 of the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data”, the personal data of clients or individuals shall mean any information relating to a client or an individual, directly or indirectly identified or be identified on the basis of such information (hereinafter – the “personal data”).
 
1.3. LLC “MRSU-1” shall be an operator organizing and (or) carrying out personal data processing, as well as defining the purposes and content of personal data processing.
 
1.4. The purpose of personal data processing shall be:
 
 
1.5. The processing shall be organized by the Operator on the principles:
  
1.6. The processing of personal data is carried out in compliance with the principles and rules provided for by the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data” and these Regulations.
 
1.7. Personal data shall be processed with and without automation tools.
 
1.8. In accordance with the purposes and objectives to be sought, before personal data processing the Operator shall appoint a person to be in charge of organization of personal data processing.
 
1.9. A person in charge of organization of personal data processing shall receive instructions directly from the Operator’s executive body and shall report to the latter.
 
1.10. A person in charge of organization of personal data processing shall be entitled to execute and sign a notice provided for by Parts 1 and 3 of Art. 22 of the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data”.
 
1.11. The Operator’s employees, who directly carry out personal data processing, shall be familiarized, prior to starting work, with the provisions of personal data law of the Russian Federation, including requirements for personal data protection, documents defining the Operator’s policy, internal policies and procedures for personal data processing, and also these Regulations and amendments thereto.
 
1.12. By personal data processing, the Operator applies legal, organizational and technical measures to ensure personal data security in accordance with Art. 19 of the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data”.

1.13. By collecting personal data and using information and telecommunications networks, the Operator is required to publish in the relevant information and telecommunications network a document specifying its policy for personal data processing and information on the requirements implemented for personal data protection, and also to provide access to the said document using means of the relevant information and telecommunications network.

1.14. Terms of personal data processing by the Operator. Personal data processing is allowed in the following cases:
 
  

1.15. The storage of personal data shall be carried out in a form that allows to identify the subject of personal data no longer than the purposes of their processing require that, and they must be destroyed upon achievement of the processing purposes or in the event there is no further need to achieve them in the manner provided for in the Regulation on Personal Data Storage by the Operator.
 
1.16. Personal data processed in information systems should be protected from unauthorized access and copying. The safety of personal data by processing them in information systems is provided through personal data protection system that includes organizational measures and data security tools. The hardware and software shall meet the requirements established in accordance with the laws of the Russian Federation, to ensure data protection.
 
1.17. They may communicate with federal executive authorities on the processing and protection of personal data of the subjects, whose personal data are processed by the Operator, as the laws of the Russian Federation permit.
 
 
2. ENSURING BY THE OPERATOR OF THE RIGHTS OF A SUBJECT OF PERSONAL DATA
 
2.1. Subjects of personal data or their representatives have the rights provided for by Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data” and other laws and regulations for personal data processing.
 
2.2. The Operator ensures the rights of subjects of personal data in the manner established by Chapters 3 and 4 of the Federal Law dated 27/07/2006 No. 152-FZ “On Personal Data”.
 
2.3. The Operator is obliged to provide free of charge to a subject of personal data or his representative the opportunity to get acquainted with personal data relating to such subject of personal data at the location of the Operator during the Operator’s working hours.
 
2.4. The right of a subject of personal data to access his personal data may be restricted in accordance with federal laws.
 
2.5. In case of representation of the interests of the subject of personal data by a representative, authorities of such representative are confirmed by a power of attorney executed in accordance with the established order.
 
2.6. Should a written consent to use of personal data be granted by the subject of personal data, it is sufficient for such consent if it is in writing.
 
2.7. The Operator guarantees the safety and confidentiality of the personal data used.
 
2.8. Personal data processing for marketing of goods, works and services, by making direct contacts with a potential client by means of communication, is allowed only with the prior consent of the subject of personal data.
 
 
3. RECEIVING, PROCESSING, STORAGE OF PERSONAL DATA
 
 
3.1. The Operator shall establish the following procedure for receiving personal data:
 
3.1.1. When applying for Operator’s services, the client submits the data specified in the corresponding forms.
 
3.1.2. The Operator does not receive or process the client’s personal data about his race, political views, religious and philosophical convictions, state of health, intimate life, unless otherwise provided by law.
 
3.1.3. In the cases directly related to the issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, the Company shall be entitled to receive and process data on client’s private life only with his written consent.
 
3.1.4. If the client accepts an offer placed on the Operator’s site or concludes another contract with the Operator, the processing of the client’s personal data is carried out for the execution of the appropriate contract that came into effect after acceptance of the offer terms by the client or conclusion of another contract, respectively.
 
3.1.5. The Operator also has the right to process personal data of the clients who applied to the Operator of individuals only with their consent to use of personal data.
 
3.2. The client’s consent to personal data processing is not required in the following cases:
  
3.3. The Operator ensures the safe storage of personal data, including: storage, integration, registration and use of documents containing personal data is performed in the form of a separate archive of the Operator.
 
3.4. The storage of personal data shall be carried out in a form that allows to identify the subject of personal data no longer than the purposes of personal data processing require that, unless the period of personal data storage is stipulated by federal law or a contract, a party to which, acting as a beneficiary or guarantor, is the subject of personal data. The processed personal data are to be destroyed or depersonalized upon achievement of the processing purposes or in the event there is no further need to achieve such purposes, unless otherwise provided by federal law.
 
 
4. PERSONAL DATA TRANSFER
 
4.1. Personal data are transmitted subject to the following requirements:
  
 
5. ACCESS TO PERSONAL DATA
 
5.1. The right of access to personal data is given to:
 
5.2. For personal data protection the clients have the following rights:
  
5.3. It is allowed to copy and take excerpts of personal data only for business purposes with the manager’s permission.
 
 
6. RESPONSIBILITY FOR PERSONAL DATA PROCESSING LAW VIOLATION
 
6.1. Persons being guilty of violation of rules of personal data handling, shall incur disciplinary, administrative, civil or criminal responsibility in accordance with federal laws.

6.2. Managers of the Operator’s structural units shall incur personal responsibility for fulfillment of duties by their subordinate employees.