1.1 This document determines the policy of Pumori Corporation Ltd (hereinafter, the Company) in respect of processing of personal data (hereinafter, PD).
1.2 This Policy has been worked out in accordance with the current Russian Federation legislation on personal data.
1.3 The operation of this Policy extends to all processes of collecting, recording, systematizing, accumulating, storing,refining, extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying personal data, whether or not making use of automation means.
2 PRINCIPLES OF PERSONAL DATA PROCESSING
Personal data processing is based on the following principles:
1) Personal data processing is effected on a legal and just basis;
2) Personal data processing is limited to achieving concrete, predetermined, and lawful aims. Personal data processing incompatible with the aims of personal data collection is not permitted;
3) Integration of databases containing personal data processing of which is effected in aims incompatible between one another is not permitted;
4) Only those personal data are subject to processing which answer the aims of such processing;
5) The content and amount of personal data being processed correspond to the declared aims of processing. Personal data being processed are not redundant with respect to the declared aims of processing;
6) In personal data processing, accuracy and sufficiency of personal data is ensured, as well as their being up to date with respect to the declared aims of such processing.
7) Storage of personal data is effected in the form permitting to identify the personal data subject not longer than required by the aims of the personal data processing unless the period of storing such personal data is established by a federal law or a contract a party, beneficiary, or guarantor to which the personal data subject is. The personal data processed are subject to destruction or depersonalization upon the processing aims having been achieved or if achieving such aims has become unnecessary, unless otherwise provided for by federal law.
3 CONDITIONS OF PERSONAL DATA PROCESSING
3.1 Personal data processing is effected in observance of the principles and rules established by the Federal Law On Personal Data. Personal data processing is allowed in the following cases:
1) Personal data processing is effected with the personal data subject's consent to have his/her personal data processed;
2) Personal data processing is necessary for achievement of the aims provided for by an international treaty of the Russian Federation or a law, for exercise and fulfilment of functions, powers and duties imposed by the Russian Federation legislation on the operator;
3) Personal data processing is necessary for administration of justice, execution of a judicial act, or of an act of another body or an official if such acts are subject to execution in accordance with the Russian Federation legislation on execution of judgement;
4) Personal data processing is necessary for performance of a contract a party, or a beneficiary, or a guarantor to which the personal data subject is, and also for conclusion of a contract at the personal data subject's initiative or a contract under which the personal data subject is to be beneficiary or guarantor;
5) Personal data processing is necessary for protection of the life, health or other vital interests of the personal data subject if it is impossible to obtain the personal data subject's consent;
6) Personal data processing is necessary for exercise of rights and legitimate interests of the operator or third parties, or for achievement of socially-relevant aims on condition that the rights and freedoms of the personal data subjects are not violated;
7) Personal data processing is effected in statistical or other research aims on condition of mandatory depersonalization of such personal data, except for personal data processing in the aims of marketing of goods, work, services through direct contacts with a potential consumer with the aid of communication means as well as in the aims of political agitation;
8) Personal data is processed access to which of an unlimited range of persons has been granted by, or at the request of, the personal data subject (hereinafter, "personal data made generally available by the personal data subject");
9) Personal data is processed which is subject to publishing or obligatory disclosure in accordance with federal law.
3.2 The Company may include personal data of subjects in generally available personal data sources, the Company having obtained the subject's written consent to his/her personal data to be processed.
3.3 Biometric personal data (data characterizing physiological and biological peculiarities of a person enabling his/her identification and used by the operator to identify the personal data subject) are not processed in the Company.
3.4 No decisions are taken on the exclusive basis of automated personal data processing if such decisions would generate legal consequences regarding the personal data subject or otherwise affecting his/her rights and legitimate interests.
3.5 When a written consent of the subject to processing of his/her personal data, consent may be given by the subject or his/her representative in any form permitting to confirm the fact of its having been obtained.
3.6 The Company has the right to commission another person with personal data processing with the consent of the personal data subject, unless otherwise provided for in federal law, on the basis of a contract made with such person (hereinafter, "the operator's commission). In such contract, the Company obligates the person effecting personal data processing under the Company's commission to observe the principles and rules of personal data processing provided for in this Federal Law.
3.7 If the Company commissions personal data processing to another person, the responsibility to the personal data subject for actions of the said person is borne by the Company. The person effecting personal data processing under the Company's commission is responsible to the Company.
3.8 The Company obligates itself and other persons obtaining access to personal data not to disclose personal data to third persons and not to distribute such data without the personal data subject's consent unless otherwise provided for by federal law.
4 OBLIGATIONS OF THE COMPANY
In accordance with the requirements of Federal Law No. 152-FZ On Personal Data, the Company is obliged to:
5 PERSONAL DATA SECURITY MEASURES DURING PERSONAL DATA PROCESSING
5.1 In personal data processing, the Company takes necessary legal, organizational and technical measures to protect personal data against unlawful or accidental access, destruction, modification, blocking, copying, provision or distribution of personal data as well as against other unlawful actions with respect to personal data.
5.2 Security of personal data is ensured, inter alia, by:
Thank you for subscribing